A report by Red Canary highlighted that cloud account compromises using the MITRE ATT&CK technique T1078.004 surged to the fourth most prevalent technique used by threat actors, impacting three times as many organizations compared to 2022.
Researchers found a zero-click Facebook account takeover Pierluigi Paganini February 29, 2024 A critical vulnerability in Facebook could have allowed threat actors to hijack any Facebook account, researcher warns. Meta addressed a critical Facebook vulnerability that could have allowed attackers to take control of any account. The Nepalese researcher Samip Aryal described the flaw as […]
The breach was facilitated by a password spray attack on a non-production test tenant account lacking two-factor authentication, highlighting the importance of robust account security measures.
Jan 11, 2024NewsroomOnline Security / Cryptocurrency The compromise of Mandiant’s X (formerly Twitter) account last week was likely the result of a “brute-force password attack,” attributing the hack to a drainer-as-a-service (DaaS) group. “Normally, [two-factor authentication] would have mitigated this, but due to some team transitions and a change in X’s 2FA policy, we were […]
The Twitter account of cybersecurity firm Mandiant, which is owned by Google, was hacked and used to promote a cryptocurrency scam. The attacker impersonated the Phantom crypto wallet and shared a fake website offering free tokens.
The exposed API tokens had write permissions, allowing attackers to modify files in account repositories and potentially manipulate existing models, posing a significant threat to organizations and their applications.
Golshan’s schemes involved SIM swapping, social media account takeovers, Zelle payment fraud, and impersonating Apple Support personnel. A 25-year-old man from downtown Los Angeles has been sentenced to 8 years in federal prison for orchestrating a series of online scams that defrauded hundreds of victims of over $740,000. Amir Hossein Golshan (PDF) was convicted of […]
The official Twitter account for Bloomberg Crypto was hacked and used to redirect users to a phishing website. The hackers created a fake Bloomberg Discord server and prompted visitors to verify their accounts through a deceptive link.
An X (Twitter) account, operated by hackers using the handle @MonkeyInject, alleges that the breach was facilitated by a former employee of Plume. The smart Wi-Fi service provider, Plume, has apparently fallen victim to a data breach. The perpetrators, claiming responsibility for the incident, made their announcement on the notorious Breach Forums. This is the […]