Seen on Resecurity’s blog: a reminder that our current defenses fall rapidly as nimble criminals find a work-around and that some developments enable second-tier or less sophisticated attackers to punch above their weight: Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate…
Category: Phishing
FBI, Secret Service join Kentucky investigation into $4 million cybercrime theft
Jonathan Greig reports: The government of Lexington, Kentucky is working with the FBI and Secret Service to investigate $4 million in federal rent assistance and housing funds allegedly stolen by cybercriminals. In a statement to The Record, Mayor Linda Gorton said the city is already taking internal steps to examine how cybercriminals managed to circumvent…
PA: Chester Upland schools victim of BEC scheme to the tune of $3 million
Alex Rose reports: Delaware County District Attorney Jack Stollsteimer announced Friday that an international thief or thieves stole approximately $3 million from the Chester Upland School District last year using a Florida woman as a “money mule,” but said it might have been much worse if not for the intervention of officials with the Department…
A huge phishing campaign has targeted over 130 companies, affecting Twilio and Signal
Jess Weatherbed reports: Over 130 organizations, including Twilio, DoorDash, and Cloudflare, have been potentially compromised by hackers as part of a months-long phishing campaign nicknamed “0ktapus” by security researchers. Login credentials belonging to nearly 10,000 individuals were stolen by attackers who imitated the popular single sign-on service Okta, according to a report from cybersecurity outfit Group-IB. Read more…
UAE: Cybercriminal arrested for trying to embezzle Dh2.8 million in phishing scam
Afkar Ali Ahmed reports: The Sharjah Police have arrested a 32-year-old man who tried to embezzle Dh2.8 million after hacking an advertisement company’s bank account. The Asian suspect committed the cyber fraud through phishing, the police said. Lt.-Col. Muhammad bin Haider, acting head of the Buhaira Comprehensive Police Station, said the suspect was arrested within…
How many breaches has Overlake Medical Center & Clinics experienced in the past few years?
In February 2020, Overlake Medical Center and Clinics in Washington State reported a phishing incident in December 2019. More than 109,200 patients were reportedly affected. HHS investigated the incident and wrote a closing note in the file: Overlake Medical Center and Clinics, the covered entity (CE), reported that multiple employees were the victims of an…