Group-IB researchers expose a large-scale smishing and phishing operation impersonating 260+ brands across 72 countries, using fake Cloudflare error pages, geofencing, and encrypted WebSocket channels for real-time credit card theft.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Phishers who breached Twilio and fooled Cloudflare could easily get you, too
August 10, 2022
At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not just employees but employees’ family members as well. In the case of Twilio, a San Francisco-based provider of two-factor authentication and communication services, the unknown hackers succeeded in phishing the ...
- Cisco Talos shares insights related to recent cyber attack on Cisco
August 10, 2022
On May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been working to remediate. During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s ...
- APIC fail: Intel ‘Sunny Cove’ chips with SGX spill secrets
August 9, 2022
A group of computer scientists has identified an architectural error in certain recent Intel CPUs that can be abused to expose SGX enclave data like private encryption keys. They call it ÆPIC Leak because it affects the memory-mapped registers of the local Advanced Programmable Interrupt Controller (APIC), which helps the CPU handle interrupt requests from various ...
- Oil and Gas Cybersecurity: Industry Overview Part 1
August 8, 2022
The oil and gas industry is no stranger to major cybersecurity attacks, attempting to disrupt operations and services. Most of the best understood attacks against the oil industry are initial attempts to break into the corporate networks of oil companies. Geopolitical tensions can cause major changes not only in physical space, but also in cyberspace. In ...
- New GwisinLocker ransomware encrypts Windows and Linux ESXi servers
August 6, 2022
A new ransomware family called ‘GwisinLocker’ targets South Korean healthcare, industrial, and pharmaceutical companies with Windows and Linux encryptors, including support for encrypting VMware ESXi servers and virtual machines. The new malware is the product of a lesser-known threat actor dubbed Gwisin, which means “ghost” in Korean. The actor is of unknown origin but appears to ...
- Twitter breach exposed anonymous account owners
August 5, 2022
A vulnerability in Twitter’s software that exposed an undetermined number of owners of anonymous accounts to potential identity compromise last year was apparently exploited by a malicious actor, the social media company said Friday. It did not confirm a report that data on 5.4 million users was offered for sale online as a result but said ...