Security Affairs

DECEMBER 1, 2024

Soldier Major cybercrime operation nets 1,006 suspects UK hospital network postpones procedures after cyberattack Tether Has Become a Massive Money Laundering Tool for Mexican Drug Traffickers, Feds Say Florida Telecommunications and Information Technology Worker Sentenced for Conspiring to Act as Agent of Chinese Government Rockstar 2FA: A Driving (..)

Cybercrime 70

Cybercrime Firewall Social Engineering Ransomware 70

Krebs on Security

AUGUST 12, 2020

Most mobile providers offer customers the option of placing a PIN or secret passphrase on their accounts to lessen the likelihood of such attacks succeeding, but these protections also usually fail when the attackers are social engineering some $12-an-hour employee at a mobile phone store.

Accountability 357

Accountability Mobile Banking Passwords 357

Security Affairs

MARCH 25, 2024

The campaign targeted Israeli employees of large multinational organizations with a pay-related social engineering lure. The group’s victims are mainly in the telecommunications, government (IT services), and oil sectors. The phishing campaign started on March 7 and continued through the week of March 11, 2024.

Phishing 137

Phishing Social Engineering Telecommunications Accountability 137

eSecurity Planet

JULY 20, 2023

Mitnick and KnowBe4 As an early expert in social engineering and hacking, Mitnick provided valuable first-hand knowledge when he joined KnowBe4. He helped design KnowBe4’s training based on his social engineering tactics, and he became a partial owner of KnowBe4 in November 2011.

Cybersecurity 98

Cybersecurity Social Engineering Education Engineering 98

Security Affairs

MAY 21, 2020

The APT group targets telecommunication and travel industries in the Middle East to gather intelligence on Iran’s geopolitical interests. The Chafer APT group has distributed data stealer malware since at least mid-2014, it was focused on surveillance operations and the tracking of individuals. ” continues the report.

Government 125

Government Social Engineering Hacking Advertising 125

Malwarebytes

JUNE 16, 2022

It involved 76 countries taking social engineers and telecommunications fraudsters to task, with multiple wins for those involved. Multiple national call centres suspected of telecommunications fraud were also raided. A large-scale Interpol operation has resulted in arrested and ill-gotten gains seizures galore.

Scams 87

Scams Telecommunications Media Banking 87

Krebs on Security

FEBRUARY 28, 2023

There are plenty of people on Telegram claiming to have SIM-swap access at major telecommunications firms, but a great many such offers are simply four-figure scams, and any pretenders on this front are soon identified and banned ( if not worse ). One of the groups that reliably posted “Tmo up!

Mobile 340

Mobile Phishing Authentication Advertising 340

Malwarebytes

NOVEMBER 6, 2023

Since then the group has expanded its range of activities to include targeting organizations providing cable telecommunications, email, and tech services, and partnering with the ALPHV ransomware group. It can even hurt companies with enterprise grade security. The security of your private accounts matters to the company you work for.

Ransomware 127

Ransomware Backups Accountability Social Engineering 127

Security Affairs

AUGUST 27, 2019

reported that Hexane is targeting organizations in the oil and gas industry and telecommunication providers. “Password spraying, DNS tunneling, social engineering, and abuse of security testing frameworks are common tactics, particularly from threat groups operating in the Middle East.” ”concludes the report.

DNS 107

DNS Passwords Penetration Testing Social Engineering 107

SecureWorld News

AUGUST 28, 2023

Their techniques included SIM swapping, prompt bombing attacks, and social engineering, which allowed them to infiltrate well-defended organizations. Lapsus$ techniques and motivations Lapsus$ gained notoriety for its sophisticated techniques and motivations that seemed to oscillate between fame, financial gain, and sheer amusement.

Cybercrime 98

Cybercrime Social Engineering Telecommunications Hacking 98

Security Affairs

APRIL 23, 2022

Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March. In most cases, this involved social engineering employees at the targeted firm into adding one of their computers or mobiles to the list of devices allowed to authenticate with the company’s virtual private network (VPN).”

Mobile 102

Mobile VPN Social Engineering Telecommunications 102

SecureWorld News

MARCH 24, 2022

Answer: The decision to pursue a career in cybersecurity came easy to me, as I was tenured as a technology and telecommunications professional for 15 years. As a military veteran of the United States Navy, I had a foundational background working in telecommunications. I enjoyed troubleshooting systems and solving problems.

Cybersecurity 98

Cybersecurity Telecommunications Mobile IoT 98

Security Affairs

AUGUST 20, 2018

Telecommunications relay services (TRSs) developed by Soleo Communications are IP relay services used by major Internet service providers (ISPs) in Canada. An attacker could extract these passwords from within the source files, and further escalate their privileges on the server, or even use said information in a social engineering attack.

Telecommunications 75

Telecommunications Identity Theft Passwords Social Engineering 75

Krebs on Security

DECEMBER 29, 2022

The unknown intruders gained access to internal Mailchimp tools and customer data by social engineering employees at the company, and then started sending targeted phishing attacks to owners of Trezor hardware cryptocurrency wallets. It emerges that email marketing giant Mailchimp got hacked. Uber blames LAPSUS$ for the intrusion.

Cryptocurrency 288

Cryptocurrency Cybercrime Computers and Electronics Scams 288

Security Affairs

MARCH 23, 2022

Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T. Over the last months, the Lapsus$ gang compromised other prominent companies such as NVIDIA , Samsung , Ubisoft , Mercado Libre, and Vodafone.

Accountability 103

Accountability VPN Social Engineering Hacking 103

IT Security Guru

DECEMBER 1, 2022

Doing so, businesses will be put ahead of the threats, and future risks – no matter if they are called ransomware, deepfake, or social engineering attacks – will hit on a robust human firewall of cybersecurity awareness. He is also a writer for Bora.

Cyber threats 129

Cyber threats Cybersecurity Education Risk 129

Malwarebytes

APRIL 1, 2022

When LAPSUS first grabbed the attention of the cybersecurity community, they had already compromised companies like Impresa, the largest media conglomerate in Brazil; Claro, one of Brazil’s telecommunications operators; and Brazil’s Ministry of Health. Notably, their use of Spanish and Portuguese was akin to native speakers.

Hacking 111

Hacking Social Engineering Telecommunications Ransomware 111

Malwarebytes

MARCH 30, 2022

Interestingly, Welch said, the texts appear to be targeting users of Verizon Wireless, one of the biggest telecommunication companies in the US. But this could have easily led to nefarious payloads, like malware, and some have already classed this as a smishing (or “SMS phishing”) attempt.

Wireless 106

Wireless Telecommunications Mobile Media 106

Digital Shadows

OCTOBER 23, 2024

The attacker gained initial access to two employee accounts by carrying out social engineering attacks on the organization’s help desk twice. Scattered Spider previously targeted telecommunications firms, likely to support its SIM-swapping activities that facilitate account takeovers.

Social Engineering 52

Social Engineering Engineering Accountability Backups 52

Security Boulevard

APRIL 5, 2024

Fast enough for government work: The Federal Communications Commission is finally minded to do something about decades-old vulnerabilities. The post FCC: Phone Network Bugs Must Be Fixed — But are SS7/Diameter Beyond Repair? appeared first on Security Boulevard.

Government 130

Government Digital transformation Telecommunications Social Engineering 130

Security Boulevard

APRIL 30, 2024

Nice Cup of IoTea? The UK’s Product Security and Tele­comm­uni­cations Infra­struc­ture Act aims to improve the security of net-connected consumer gear. The post Brits Ban Default Passwords — and More IoT Stupidity appeared first on Security Boulevard.

IoT 135

IoT Passwords Social Engineering Telecommunications 135

SecureList

JUNE 2, 2022

It primarily goes after targets located in China, such as foreign diplomatic organizations established in the country, members of the academic community, or companies from the defense, logistics and telecommunications sectors.

Malware 137

Malware Encryption Social Engineering Telecommunications 137

Security Boulevard

JANUARY 24, 2023

The recent API breach at Australian telecommunications provider Optus (who has set aside $140 million to cover costs from the incident) falls under this category. Security teams have no knowledge about these undocumented APIs, including the data they handle and their security posture.

Mobile 59

Mobile Social Engineering Engineering Government 59

Security Boulevard

JUNE 26, 2023

Unfortunately, the increasing reliance on digital systems and capabilities has also attracted an ever-growing number of malicious actors seeking to defraud businesses through phishing , social engineering , or ransomware attacks. The end result of these types of cyber attacks are often highly public and damaging data breaches.

Data breaches 52

Data breaches Healthcare Telecommunications Financial Services 52

Malwarebytes

MAY 18, 2023

Usually, this involves some crafty social engineering, like spear phishing or setting up a watering hole to deliver custom malware. This could be anything from figuring out whether there's sensitive data or information worth stealing to making a hit list of employees or ex-employees. Step 2 : Infiltration.

Social Engineering 77

Social Engineering Phishing Malware Software 77

Thales Cloud Protection & Licensing

JULY 21, 2022

The threat of attacks against Critical National Infrastructure (CNI) – energy, utilities, telecommunications, and transportation – is now front of mind for many. This includes using easily guessed passwords and falling victim to phishing and socially engineered techniques such as business email compromise.

Cyber threats 71

Cyber threats Energy and Utilities Ransomware IoT 71

eSecurity Planet

MARCH 7, 2023

Limited tests allow for a deeper dive into a particular environment, are used for updates and new applications, are more focused, and are cheaper and faster to run. The widely used OSSTMM sets recognized standards for tests, is peer-reviewed, and is based on a scientific approach.

Penetration Testing 98

Penetration Testing Wireless Passwords Social Engineering 98

Security Affairs

JANUARY 15, 2020

For example by using: user credential leaks, social engineering toolkits, targeted phishing, and so on and so forth or is more on there to be discovered ? The group’s victims are mainly in the telecommunications, government (IT services), and oil sectors.” MuddyWater.

Computers and Electronics 98

Computers and Electronics Penetration Testing Malware Government 98

SC Magazine

MAY 1, 2021

His expertise is in social engineering, technology, security algorithms and business. She served as chief scientist for the Cyber Warfare Operations Group, and, prior to Johns Hopkins, deputy director of the National Security Agency’s Laboratory for Telecommunication Sciences.

Computers and Electronics 126

Computers and Electronics Technology Information Security Education 126

Spinone

DECEMBER 26, 2018

Social engineering attacks , including phishing, spam, and viruses introduced via clickable links within e-mail affected 80% of the banking institutions in 2016.

Security Awareness 40

Security Awareness Risk Cyber threats Cyber Risk 40

Pen Test

OCTOBER 10, 2023

Provide cybersecurity awareness training to all personnel, enabling them to identify social engineering attacks and risky behavior. Deploy anti-malware, anti-ransomware, and EDR tools to detect and block known attacks, while still assuming infections will occur. Stress reporting suspicious activity.

Ransomware 52

Ransomware Backups Insurance Cyber Insurance 52

Digital Shadows

NOVEMBER 1, 2022

Influence operations (IO) have also been utilized as a weapon during the conflict, by targeting Russian telecommunications providers, utilities, and private companies. In October 2022, the IT Army of Ukraine were reported as having targeted Russian company FTNET stealing 240GB of data and posting it online.

Cyber threats 52

Cyber threats Ransomware Media Data breaches 52

Security Affairs

NOVEMBER 25, 2020

Group-IB’s report Hi-Tech Crime Trends 2020/2021 examines various aspects of cybercrime industry operations and predicts changes to the threat landscape for various sectors, namely the financial industry, telecommunications, retail, manufacturing, and the energy sector. Threat actors have also set a new record in DDoS attack power: 2.3

Banking 142

Banking Ransomware Phishing Marketing 142

SecureList

APRIL 27, 2021

The victims we observed were all high-profile Tunisian organizations, such as telecommunications or aviation companies. Our telemetry revealed that the threat group’s latest endeavors are focused on going after entities within one country – Tunisia. Final thoughts.

Malware 145

Malware Government Spyware Social Engineering 145

SecureList

NOVEMBER 14, 2023

It determined that the injection point was situated within the connection between two Egyptian telecommunication providers. They advertise on dark web platforms and employ various techniques, including malware, phishing, and other social engineering methods.

Hacking 141

Hacking Energy and Utilities Media Malware 141

Security Affairs

OCTOBER 27, 2024

CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812 Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment Internet Archive was breached twice in a month Unknown threat actors exploit Roundcube Webmail flaw (..)

Data breaches 120

Data breaches Healthcare Cybercrime Social Engineering 120

SecureList

OCTOBER 23, 2024

List of in-the-wild 0-days caught and reported by Kaspersky over the past 10 years Social activity What never ceases to impress us is how much effort Lazarus APT puts into their social engineering campaigns. What makes Lazarus’s attacks particularly dangerous is their frequent use of zero-day exploits.

Engineering 145

Engineering Social Engineering Accountability Cryptocurrency 145