Group-IB researchers expose a large-scale smishing and phishing operation impersonating 260+ brands across 72 countries, using fake Cloudflare error pages, geofencing, and encrypted WebSocket channels for real-time credit card theft.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- VMware ESXi CVE-2024-37085 Targeted in Ransomware Campaigns
July 30, 2024
On Monday, July 29, Microsoft published an extensive threat intelligence blog on observed exploitation of CVE-2024-37085, an Active Directory integration authentication bypass vulnerability affecting Broadcom VMware ESXi hypervisors. The vulnerability, according to Redmond, was identified in zero-day attacks and has evidently been used by at least half a dozen ransomware operations to obtain full administrative permissions ...
- Mandrake spyware sneaks onto Google Play again, flying under the radar for two years
July 29, 2024
In April 2024, Kaspersky researchers discovered a suspicious sample that appeared to be a new version of Mandrake. Ensuing analysis revealed as many as five Mandrake applications, which had been available on Google Play from 2022 to 2024 with more than 32,000 installs in total, while staying undetected by any other vendor. The new samples included ...
- UK: 48 cyber breaches of utility companies recorded last year, a 586% increase on 2022
July 29, 2024
The number of successful cyber attacks against UK utility companies has risen to 48 in 2023, a 586% increase on the seven cases in 2022, says global specialty (re)insurance group Chaucer. So far these cyber attacks have been largely restricted to the theft of data or ransomware attacks. There have been concerns that cyber attacks designed ...
- Intruders at HealthEquity rifled through storage, stole 4.3M people’s data
July 29, 2024
HealthEquity, a US fintech firm for the healthcare sector, admits that a “data security event” it discovered at the end of June hit the data of a substantial 4.3 million individuals. Stolen details include addresses, telephone numbers and payment data.… The incident began in March but was only detected in June. The company said in a ...
- Millions more victims exposed in debt collection agency data breach
July 29, 2024
It seems that the data breach at the debt collection agency Financial Business and Consumer Solutions (FBCS) was a lot bigger than initially thought. After first reporting some 1.9 million victims, the company now says that more than 4.2 million were actually affected. In late April, it was reported that FBCS suffered a cyberattack two months ...
- Georgia: Columbus hit by data breach, officials say not considered ransomware incident
July 29, 2024
Columbus experienced a data breach last Wednesday, the same day as an internet outage, city officials say. The only information believed to have been accessed are employees’ names, work emails and passwords, according to Mike Richardson, the city’s director of security and risk. He said no employee’s personal financial information was compromised. All employee passwords were ...