Krebs on Security

OCTOBER 31, 2023

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. domains as among the most prevalent in phishing attacks over the past year. US phishing domains.

Phishing 327

Phishing Telecommunications Malware Scams 327

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. For now at least, they appear to be focusing primarily on companies in the financial, telecommunications and social media industries.

Phishing 363

Phishing VPN Social Engineering Media 363

Krebs on Security

NOVEMBER 5, 2024

.” Sources involved in the investigation said UNC5537 has focused on hacking into telecommunications companies around the world. ” The term “Beige Group” came up in reporting on two stories published here in 2020. Frequent targets of the Beige group included employees at numerous top U.S.

Cybercrime 274

Cybercrime Mobile Media Hacking 274

Malwarebytes

DECEMBER 5, 2024

Speaking to Reuters , a senior US official said the attack telecommunications infrastructure was broad and that the hacking was still ongoing. The state-sponsored actor behind the attack is an Advanced Persistent Threat (APT) group known as Salt Typhoon, believed to be tied to the People’s Republic of China (PRC).

Encryption 142

Encryption Identity Theft Media Telecommunications 142

Security Affairs

NOVEMBER 25, 2024

These attacks aim at spreading malware by including malicious links that infect devices, phish information by tricking users into sharing personal or financial data, and causing disruptions by overwhelming networks or targeting individuals with spam. The equipment sent nearly 1 million fraudulent messages in 3 days.

Mobile 123

Mobile Scams Technology Telecommunications 123

The Hacker News

FEBRUARY 14, 2025

The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas

Telecommunications 117

Telecommunications Accountability Phishing Education 117

The Last Watchdog

JANUARY 7, 2025

AI-generated phishing emails, adaptive botnets, and automated reconnaissance tools are now common components of cybercriminal tactics. Advanced detection CyTwist recently demonstrated its advanced detection capabilities during a red team simulation with a major telecommunications provider.

Threat Detection 130

Threat Detection Engineering Malware Artificial Intelligence 130

SecureList

NOVEMBER 1, 2021

million redirects to phishing pages. Statistics: phishing. In Q3, the Anti-Phishing system blocked 46,340,156 attempts to open phishing links. Geography of phishing attacks. Geography of phishing attacks, Q3 2021 ( download ). Top-level domain zones most commonly used for phishing, Q3 2021 ( download ).

Phishing 130

Phishing Scams Accountability Computers and Electronics 130

Krebs on Security

JANUARY 29, 2020

Earlier this week, vice.com reported that hackers are phishing workers at major U.S. telecommunications companies to gain access to internal company tools. telecom companies to take over customer cell phone numbers.

Social Engineering 304

Social Engineering Telecommunications Data privacy Engineering 304

Security Affairs

OCTOBER 13, 2021

Threat actors are using mathematical symbols on impersonated company logos to evade detection in phishing campaigns. Researchers from anti-phishing cybersecurity firm INKY have detailed a new technique to evade detection in phishing attacks, it leverages using mathematical symbols on impersonated company logos.

Phishing 112

Phishing Telecommunications Accountability Marketing 112

Malwarebytes

AUGUST 13, 2021

In an extensive report about a phishing campaign , the Microsoft 365 Defender Threat Intelligence Team describes a number of encoding techniques that were deployed by the phishers. We just didn’t realize that phishing campaigns was one of them! We just didn’t realize that phishing campaigns was one of them! The campaign.

Phishing 112

Phishing Passwords Computers and Electronics Telecommunications 112

Security Affairs

MAY 28, 2021

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. The phishing campaign detected by MSTIC leveraged the Google Firebase platform to provide an ISO file containing the malicious code.

Phishing 110

Phishing Threat Detection Telecommunications Malware 110

Security Affairs

FEBRUARY 22, 2022

The Ukrainian police arrested a gang specialized in the sale of stolen payment card data through phishing attacks. The police arrested five that created and administered more than 40 phishing sites used to harvest bank card data of unaware citizens. SecurityAffairs – hacking, phishing). ” concludes the announcement.

Phishing 102

Phishing Banking Mobile Telecommunications 102

Krebs on Security

FEBRUARY 28, 2023

In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device. One of the groups that reliably posted “Tmo up!

Mobile 340

Mobile Phishing Authentication Advertising 340

Security Boulevard

MARCH 24, 2025

but given the Salt Typhoon breach and the apparent lackluster security practices and culture at just about every American telecommunications company, this was too interesting to ignore. Cape is a mobile carrier startup claiming to provide a more secure and private service alternative to traditional telecommunications services.

Surveillance 75

Surveillance Telecommunications Data breaches Malware 75

Malwarebytes

MARCH 29, 2022

The spear phishing emails are warning people that use websites, social networks, instant messengers and VPN services that have been banned by the Russian Government and that criminal charges will be laid. Spear phishing as the main initial infection vector. Spear phishing as the main initial infection vector. Victimology.

Phishing 95

Phishing Education Telecommunications Technology 95

SecureList

MARCH 10, 2025

Infection flow The attacker sends spear-phishing emails with a DOCX file attached. The following industries were also affected: telecommunication, consulting, IT service companies, real estate agencies, and hotels. Furthermore, we observed attacks against entities associated with nuclear energy.

Energy and Utilities 109

Energy and Utilities Malware Government Phishing 109

Krebs on Security

MARCH 20, 2023

Image: Shutterstock Telecommunications giant AT&T disclosed this month that a breach at a marketing vendor exposed certain account information for nine million customers. “An individual’s CPNI can be shared with other telecommunications providers for network operating reasons,” wrote TechTarget’s Gavin Wright.

Mobile 316

Mobile Wireless Advertising Accountability 316

Security Affairs

NOVEMBER 3, 2023

Iran-linked cyberespionage group MuddyWater is targeting Israeli entities in a new spear-phishing campaign. Iran-linked APT group MuddyWater (aka SeedWorm , TEMP.Zagros , and Static Kitten ) is targeting Israeli entities in a new spear-phishing campaign, Deep Instinct’s Threat Research team reported.

Telecommunications 131

Telecommunications Phishing Government Hacking 131

Security Affairs

DECEMBER 1, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cybercrime 70

Cybercrime Firewall Social Engineering Ransomware 70

Security Affairs

JUNE 11, 2022

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn.

DNS 145

DNS Telecommunications Malware Phishing 145

Security Affairs

SEPTEMBER 23, 2024

The threat actor used spear-phishing emails and exploited the recently patched GeoServer vulnerability CVE-2024-36401. Earth Baxia primarily targeted government agencies, telecommunication businesses, and the energy industry in the Philippines, South Korea, Vietnam, Taiwan, and Thailand. ” reads the report.

DNS 139

DNS Government Phishing Telecommunications 139

Security Boulevard

FEBRUARY 1, 2021

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. Arrest in ‘SMS Bandits’ Phishing Service appeared first on Security Boulevard. The post U.K. The post U.K.

Phishing 52

Phishing Telecommunications Mobile Marketing 52

Security Affairs

MARCH 25, 2024

Proofpoint researchers observed the Iran-linked APT group MuddyWater (aka SeedWorm , TEMP.Zagros , TA450, and Static Kitten ) was behind a new phishing campaign in March 2024 that attempted to drop a legitimate Remote Monitoring and Management (RMM) solution called Atera on the target systems.

Phishing 137

Phishing Social Engineering Telecommunications Accountability 137

Security Affairs

MARCH 27, 2019

The campaign was discovered in early March 2019, threat actors behind the LUCKY ELEPHANT campaign use doppelganger webpages to mimic legitimate entities such as foreign governments, telecommunications, and military. Phishing and credential theft are commonly observed with Indian targeting in-region.”

Government 111

Government Telecommunications Phishing Advertising 111

Cisco Security

DECEMBER 13, 2022

In our last blog , we gave a rundown of what the Telecommunications (Security) Act (TSA) is, why it’s been introduced, who it affects, when it starts, and how firms can prepare. But what if the TSA had some ‘carrot’-based business benefits that are much less discussed?

Telecommunications 145

Telecommunications Authentication Risk Cyber Risk 145

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. ” reads the report published by Recorded Future.

Malware 103

Malware Telecommunications DNS Hacking 103

Security Affairs

DECEMBER 15, 2021

Researchers uncovered a new Seedworm campaign targeting telecommunication and IT service providers in the Middle East and Asia. A suspected ScreenConnect setup MSI appeared to have been delivered in a zipped file named “Special discount program.zip”, suggesting that it arrived in a spear-phishing email.”

Telecommunications 112

Telecommunications Passwords Phishing Hacking 112

Security Affairs

OCTOBER 18, 2020

Since August, FIN11 started targeting organizations in many industries, including defense, energy, finance, healthcare, legal, pharmaceutical, telecommunications, technology, and transportation. Researchers from FireEye’s Mandiant observed FIN11 hackers using spear-phishing messages distributing a malware downloader dubbed FRIENDSPEAK.

Ransomware 140

Ransomware Malware Telecommunications Advertising 140

Security Affairs

DECEMBER 6, 2021

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. “ANSSI has observed a number of phishing campaigns directed against French entities since February 2021.

Phishing 112

Phishing Telecommunications Government Accountability 112

The Last Watchdog

APRIL 13, 2022

The Russian government, military, and intelligence service may wish to achieve some operational effect, for example, disrupting the power grid or interfering with telecommunications infrastructure, which may be part of a larger war plan. Educate your employees on threats and risks such as phishing and malware.

Cybersecurity 214

Cybersecurity Cybercrime Education Government 214

Security Affairs

JUNE 9, 2024

New York Times source code compromised via exposed GitHub token SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform Pandabuy was extorted twice by the same threat actor UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces Chinese threat actor exploits old ThinkPHP flaws since October 2023 A new Linux (..)

Data breaches 125

Data breaches Banking Hacking Malware 125

Malwarebytes

APRIL 2, 2024

Telecommunications giant AT&T has finally confirmed that 73 million current and former customers have been caught up in a massive dark web data leak. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished. Watch out for fake vendors.

Data breaches 145

Data breaches Passwords Phishing Accountability 145

Security Affairs

NOVEMBER 22, 2019

The US branch of the telecommunications giant T -Mobile disclosed a security breach that according to the company impacted a small number of customers of its prepaid service. Bad news for T-Mobile prepaid customer, the US-based telecom giant T-Mobile today disclosed a new data breach incident.

Wireless 136

Wireless Data breaches Mobile Telecommunications 136

Security Affairs

FEBRUARY 15, 2025

Sorry, It’s Windows Malware Malware Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach Google Tag Manager Skimmer Steals Credit Card Info From Magento Site From South America to Southeast Asia: The Fragile Web of REF7707 Deep Learning-Driven Malware Classification with API Call Sequence Analysis and Concept Drift Handling Hacking (..)

Spyware 68

Spyware Firewall Artificial Intelligence Malware 68

eSecurity Planet

JULY 29, 2021

Social engineering can manifest itself across a wide range of cybersecurity attacks: Phishing Smishing Vishing Whaling Pharming Baiting Pretexting Scareware Deepfakes. Phishing is a broad category of social engineering attacks that specifically target most businesses’ primary mode of communication: email.

Social Engineering 130

Social Engineering Engineering Phishing DNS 130

Heimadal Security

DECEMBER 15, 2021

A fresh espionage hacking effort targeting Middle Eastern and Asian telecommunications and IT service companies was recently discovered. The operation has been running for six months, and it may have connections to the Iranian-backed actor MERCURY (aka MuddyWater, SeedWorm, or TEMP.Zagros).

Hacking 98

Hacking Telecommunications Phishing Cybersecurity 98