Krebs on Security

JANUARY 29, 2020

A review of the exposed support forum by this author suggests that while none of the posts exposed customer information such as payment card data, a number of them did include customer account information, such customer names, device identifiers and in some cases location information.

Social Engineering 309

Social Engineering Telecommunications Data privacy Engineering 309

The Hacker News

FEBRUARY 14, 2025

The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas

Telecommunications 108

Telecommunications Accountability Phishing Education 108

Security Affairs

NOVEMBER 25, 2024

These attacks aim at spreading malware by including malicious links that infect devices, phish information by tricking users into sharing personal or financial data, and causing disruptions by overwhelming networks or targeting individuals with spam. The equipment sent nearly 1 million fraudulent messages in 3 days.

Mobile 124

Mobile Scams Technology Telecommunications 124

Krebs on Security

MARCH 20, 2023

Image: Shutterstock Telecommunications giant AT&T disclosed this month that a breach at a marketing vendor exposed certain account information for nine million customers. AT&T’s disclosure said the information exposed included customer first name, wireless account number, wireless phone number and email address.

Mobile 321

Mobile Wireless Advertising Telecommunications 321

SecureList

NOVEMBER 1, 2021

Accordingly, the Euro 2020 championship was used by scammers as bait to hijack accounts on the major gaming portal belonging to Japanese gaming giant Konami. If they entered their credentials, the attackers took over their account and the “bonus” evaporated into thin air. million redirects to phishing pages.

Phishing 130

Phishing Scams Accountability Computers and Electronics 130

Security Affairs

OCTOBER 13, 2021

Threat actors are using mathematical symbols on impersonated company logos to evade detection in phishing campaigns. Researchers from anti-phishing cybersecurity firm INKY have detailed a new technique to evade detection in phishing attacks, it leverages using mathematical symbols on impersonated company logos.

Phishing 113

Phishing Telecommunications Accountability Marketing 113

Security Boulevard

MARCH 24, 2025

While MFA is primarily a security feature, its primary privacy benefit is adding another layer of security to prevent unauthorized access to information contained in particular important or sensitive accounts. Specifically, it was fetching account icons and defaulted to opening password reset pages over HTTP.

Surveillance 75

Surveillance Telecommunications Data breaches Malware 75

Security Affairs

FEBRUARY 22, 2022

The Ukrainian police arrested a gang specialized in the sale of stolen payment card data through phishing attacks. The police arrested five that created and administered more than 40 phishing sites used to harvest bank card data of unaware citizens. Once obtained the data, crooks used it to empty their victims’ bank accounts.

Phishing 102

Phishing Banking Mobile Telecommunications 102

Krebs on Security

FEBRUARY 28, 2023

In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device. One of the groups that reliably posted “Tmo up!

Mobile 344

Mobile Phishing Authentication Advertising 344

Security Affairs

MAY 28, 2021

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. The phishing campaign detected by MSTIC leveraged the Google Firebase platform to provide an ISO file containing the malicious code.

Phishing 111

Phishing Threat Detection Telecommunications Malware 111

Security Affairs

DECEMBER 1, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cybercrime 71

Cybercrime Firewall Social Engineering Ransomware 71

Malwarebytes

DECEMBER 11, 2022

Researchers have uncovered a new campaign by hacking group MuddyWater, aka Static Kitten, in which a legitimate remote access tool is sent to targets from a compromised email account. Its most common method is to send targeted phishing emails with links to malware hosted on legitimate services like Dropbox and Onehub.

Accountability 97

Accountability Hacking Telecommunications Government 97

Security Affairs

MARCH 25, 2024

Proofpoint researchers observed the Iran-linked APT group MuddyWater (aka SeedWorm , TEMP.Zagros , TA450, and Static Kitten ) was behind a new phishing campaign in March 2024 that attempted to drop a legitimate Remote Monitoring and Management (RMM) solution called Atera on the target systems. sender account.

Phishing 138

Phishing Social Engineering Telecommunications Accountability 138

The Last Watchdog

APRIL 13, 2022

The Russian government, military, and intelligence service may wish to achieve some operational effect, for example, disrupting the power grid or interfering with telecommunications infrastructure, which may be part of a larger war plan. Educate your employees on threats and risks such as phishing and malware. Accounting for humans.

Cybersecurity 214

Cybersecurity Cybercrime Education Government 214

Krebs on Security

DECEMBER 29, 2022

Internal Revenue Service website for months: Anyone seeking to create an account to view their tax records online would soon be required to provide biometric data to a private company in Virginia — ID.me. A single bitcoin is trading at around $45,000. It emerges that email marketing giant Mailchimp got hacked.

Cryptocurrency 294

Cryptocurrency Cybercrime Computers and Electronics Scams 294

Security Affairs

NOVEMBER 22, 2019

The US branch of the telecommunications giant T -Mobile disclosed a security breach that according to the company impacted a small number of customers of its prepaid service. The cybersecurity team at T-Mobile discovered an unauthorized access to information associated with a limited number of its prepaid wireless account customers.

Wireless 137

Wireless Data breaches Mobile Telecommunications 137

Malwarebytes

APRIL 2, 2024

Telecommunications giant AT&T has finally confirmed that 73 million current and former customers have been caught up in a massive dark web data leak. million current AT&T account holders and approximately 65.4 million former account holders. 2FA that relies on a FIDO2 device can’t be phished. Take your time.

Data breaches 145

Data breaches Passwords Phishing Accountability 145

Security Affairs

DECEMBER 6, 2021

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. “ANSSI has observed a number of phishing campaigns directed against French entities since February 2021.

Phishing 113

Phishing Telecommunications Government Accountability 113

Digital Shadows

MARCH 17, 2025

In one example, the Chinese group APT5, operating from the most active nation state targeting VPN devices, maintained access to compromised VPN infrastructure in the telecommunications sector for months. This threat hunt identifies accounts at risk of this attack vector. Creating or modifying administrative accounts.

VPN 133

VPN Authentication Ransomware Risk 133

Security Affairs

JUNE 9, 2024

New York Times source code compromised via exposed GitHub token SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform Pandabuy was extorted twice by the same threat actor UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces Chinese threat actor exploits old ThinkPHP flaws since October 2023 A new Linux (..)

Data breaches 127

Data breaches Banking Hacking Malware 127

Security Affairs

MAY 21, 2020

The APT group targets telecommunication and travel industries in the Middle East to gather intelligence on Iran’s geopolitical interests. The Chafer APT group has distributed data stealer malware since at least mid-2014, it was focused on surveillance operations and the tracking of individuals. ” continues the report.

Government 127

Government Social Engineering Hacking Advertising 127

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing 98

Phishing Education Accountability Malware 98

Security Affairs

DECEMBER 6, 2018

Ukraine’s security service SBU announced to have blocked a cyber attack launched by Russian intelligence aimed at breaching information and telecommunications systems used by the country’s judiciary. Attackers launched a spear phishing attack using messages purporting to deliver accounting documents.

Telecommunications 107

Telecommunications Malware Advertising Government 107

Security Affairs

JANUARY 10, 2019

Security experts at FireEye uncovered a DNS hijacking campaign that is targeting government agencies, ISPs and other telecommunications providers, Internet infrastructure entities, and sensitive commercial organizations in the Middle East, North Africa, North America and Europe. ” reads the report published by FireEye.

DNS 109

DNS Telecommunications Government Encryption 109

Security Affairs

DECEMBER 7, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). The vulnerability is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass.

Government 134

Government Telecommunications Accountability Phishing 134

Security Affairs

JULY 6, 2021

According to Group-IB’s Threat Intelligence team, the suspect, dubbed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims.

Cybercrime 104

Cybercrime Phishing Banking Telecommunications 104

Malwarebytes

OCTOBER 27, 2023

In a security blog about Octo Tempest Microsoft states: “Octo Tempest monetized their intrusions in 2022 by selling SIM swaps to other criminals and performing account takeovers of high-net-worth individuals to steal their cryptocurrency.”

Social Engineering 114

Social Engineering Engineering Ransomware Backups 114

Security Affairs

NOVEMBER 29, 2019

The group’s distinctive features are the high quality of their phishing attacks and the use of legitimate services, which makes it very difficult to detect its malicious activity in companies’ infrastructures. The most common objective of such attacks is cyberespionage and disruption of major telecommunications companies’ work.

Banking 124

Banking Telecommunications Marketing Internet 124

Security Boulevard

SEPTEMBER 1, 2023

US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. government, which is frequently the target of phishing domains ending in.US. Being Used to Phish So Many of Us? Domain names ending in “.US” This is noteworthy because.US is overseen by the U.S. The post Why is.US

Phishing 59

Phishing Scams Government Telecommunications 59

eSecurity Planet

JULY 18, 2023

government agency email accounts, but some details remain a mystery. government accounts using a stolen inactive Microsoft account (MSA) consumer signing key. Chinese hacker group Storm-0558 breached an undisclosed number of email accounts belonging to 25 organizations, including U.S. This issue has been corrected.”

Accountability 98

Accountability Government Authentication Telecommunications 98

IT Security Guru

DECEMBER 1, 2022

Speaking of training and taking into account humans’ perceptions, cybersecurity awareness training is by far the best place to start. Phishing attacks can be minimized by knowing the key indicators of a phishing attempt and how to address them. The importance of cybersecurity awareness training. He is also a writer for Bora.

Cyber threats 128

Cyber threats Cybersecurity Education Risk 128

SecureWorld News

OCTOBER 6, 2022

Utilize phishing-resistant multi-factor authentication whenever possible. Require all accounts with password logins to have strong, unique passwords, and change passwords immediately if there are indications that a password may have been compromised.".

Passwords 98

Passwords Telecommunications Government Risk 98

Krebs on Security

FEBRUARY 18, 2019

mail.cyta.com.cy: Cyta telecommunications and Internet provider, Cyprus. 14 by KrebsOnSecurity, Netnod CEO Lars Michael Jogbäck confirmed that parts of Netnod’s DNS infrastructure were hijacked in late December 2018 and early January 2019 after the attackers gained access to accounts at Netnod’s domain name registrar.

DNS 279

DNS Internet Internet Government 279

SecureList

OCTOBER 7, 2022

The malware spreads through spear-phishing emails with a malicious Microsoft Office document as attachment. The traffic originated from a suspicious library loaded into the memory of a domain controller server and registered as a Windows password filter, which has access to plain-text passwords to administrative accounts.

Malware 145

Malware Computers and Electronics Telecommunications Encryption 145

SecureWorld News

JUNE 18, 2023

According to a recent report , bots accounted for a staggering 47.4% Gaming (58.7%) and telecommunications (47.7%) had the highest bad bot traffic on their websites and applications. These unsolicited messages often contain malware, phishing links, or other deceptive content, intending to deceive unsuspecting recipients.

Passwords 96

Passwords Antivirus Internet Internet 96

Security Affairs

AUGUST 27, 2022

“Certain services were switched off temporarily for security reasons but the security of accounts belonging to citizens and companies and their data have not been jeopardised,” said Public Administration Minister Maras Dukaj. Montenegro immediately reported the attack to other members of the NATO alliance.

Cyber Attacks 98

Cyber Attacks Government Telecommunications Malware 98

Security Affairs

AUGUST 7, 2019

The group has targeted a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. Indeed during the group_a, the main observed delivery techniques where about Phishing (rif.T1193) and Valid Accounts (rif.T1078).

Computers and Electronics 104

Computers and Electronics Penetration Testing DNS Phishing 104