Phishers who hit Twilio and Cloudflare stole 10k credentials from 136 others
Already regarded among the most advanced, the attacks were also done at a massive scale. Enlarge / This is definitely not a Razer mouse—but you get the idea. (credit: calvio via Getty Images) Two weeks ago, Twilio and Cloudf.....»»
Hacked ISP infects users receiving unsecure software updates
DNS poisoning attack worked even when targets used DNS from Google and Cloudflare. Enlarge (credit: Marco Verch Professional Photographer and Speaker) Hackers delivered malware to Windows and Mac users by compromising th.....»»
Sunscreens can hurt the marine environment—how to choose one that"s healthy for you and the sea
Choosing which sunscreen to use can be mind-boggling. Should you choose one with the highest sun protection factor (SPF) or another with "reef-safe" or "coral-friendly" credentials? Is it best to opt for a spray or a lotion? What's the difference bet.....»»
Cloudflare once again comes under pressure for enabling abusive sites
Cloudflare masks the origin of roughly 10% of abusive domains, watchdog says. Enlarge (credit: Getty Images) A familiar debate is once again surrounding Cloudflare, the content delivery network that provides a free servi.....»»
Adaptive Shield unveils ITDR platform for SaaS
Adaptive Shield has unveiled its Identity Threat Detection & Response (ITDR) platform for SaaS environments. The recent Snowflake breach served as a wake-up call for the SaaS industry. On May 27, a threat group announced the sale of 560 million stole.....»»
Microsoft 365 users targeted by phishers abusing Microsoft Forms
There has been an uptick in phishing campaigns leveraging Microsoft Forms this month, aiming to trick targets into sharing their Microsoft 365 login credentials. A malicious Microsoft form (Source: Perception Point) Malicious forms leading to phishin.....»»
Employee charged with stealing more than $50,000 from New York CDJR dealership
A Victory Chrysler-Dodge-Jeep-Ram employee in Rome, NY., allegedly stole more than $50,000 from the dealership and was charged with second-degree grand larceny and first-degree falsifying business records......»»
Infisical: Open-source secret management platform
Infisical is an open-source secret management platform developers use to centralize application configurations and secrets, such as API keys and database credentials, while also managing their internal PKI. In addition to managing secrets with Infisi.....»»
Risk related to non-human identities: Believe the hype, reject the FUD
The hype surrounding unmanaged and exposed non-human identities (NHIs), or machine-to-machine credentials – such as service accounts, system accounts, certificates and API keys – has recently skyrocketed. A steady stream of NHI-related br.....»»
Week in review: RADIUS protocol critical vuln, Microsoft 0-day exploited for a year, AT&T breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers stole call, text records of “nearly all” of AT&T’s cellular customers Hackers leveraging stolen Snowflake account credentials have sto.....»»
Proton Pass gains Secure Links password sharing and ‘Extra Password’ option
Proton is out with its latest update, greater security and control for sharing your Proton Pass credentials with others. The company has also launched the ability to require a second password to access your passwords. more….....»»
Hackers stole call, text records of “nearly all” of AT&T’s cellular customers
Hackers leveraging stolen Snowflake account credentials have stolen records of calls and texts made by “nearly all” of AT&T’s cellular customers from May to October 2022, the company has confirmed. “The data does not contain the c.....»»
Using Authy? Beware of impending phishing attempts
Do you use Authy for your multi-factor authentication needs? If you do, you should keep an eye out for phishing attempts, as well as implement defenses against SIM swapping attacks. What happened? On July 1, Twilio – the company that develops t.....»»
Travel scams exposed: How to recognize and avoid them
In this Help Net Security video, Aaron Walton, Threat Intel Analyst at Expel, discusses travel scams. For the past 18 months, the Expel SOC team has observed a campaign targeting administrative credentials for Booking.com. The attackers create phishi.....»»
PSA: Watch out for smishing texts with fake iCloud links
Apple users are being warned to be alert to smishing texts – the name given to phishing attacks carried out by sending SMS messages – trying to capture login credentials for Apple IDs. The links direct to a fake iCloud page, and for 9to5Mac re.....»»
OpenAI never disclosed that hackers cracked its internal messaging system
A hacker infiltrated OpenAI's internal messaging system last year and stole details about the company's AI designs......»»
NordStellar launches Dark Web Monitoring tool to help businesses stay safe
Monitoring the dark web can help keep your business safe, and your credentials secure......»»
Organizations use outdated approaches to secure APIs
Security teams are struggling to keep pace with the risks posed by organizations’ dependency on modern applications—the technology that underpins all of today’s most used sites, according to Cloudflare. The report underscores that the volume of.....»»
Snowflake denies breach, blames data theft on poorly secured customer accounts
Snowflake is disputing claims made by a threat actor who stole data belonging to Santander and Ticketmaster, and maintains that the theft of customer data was the result of stolen customer login credentials. “We are aware of recent reports rela.....»»
Snowflake compromised? Attackers exploit stolen credentials
Have attackers compromised Snowflake or just their customers’ accounts and databases? Conflicting claims muddy the situation. What is Snowflake? Snowflake is cloud-based data storage and analytics company based in the US, and claims nearly 9,50.....»»
How fraudsters stole $37 million from Coinbase Pro users
A convincing phishing page and some over-the-phone social engineering allowed a group of crooks to steal over $37 million from unlucky Coinbase Pro users. One of them – Chirag Tomar, a 30-year-old citizen of the Republic of India – has be.....»»