Ben Martin reports: A cyberattack on Revolut has compromised the personal details of more than 50,000 people. The breach at the app-based payments company occurred last Sunday night after a Revolut employee was caught out by a phishing scam. The attack has affected 50,144 people and involved an unauthorised third-party accessing some of their details,…
Category: Phishing
Cyber Criminals Targeting Healthcare Payment Processors, Costing Victims Millions in Losses
IC3.gov PIN 20220914-001 14 September 2022 TLP: WHITE Summary The FBI has received multiple reports of cyber criminals increasingly targeting healthcare payment processors to redirect victim payments. In each of these reports, unknown cyber criminals used employees’ publicly-available Personally Identifiable Information (PII) and social engineering techniques to impersonate victims and obtain access to files, healthcare…
EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web
Seen on Resecurity’s blog: a reminder that our current defenses fall rapidly as nimble criminals find a work-around and that some developments enable second-tier or less sophisticated attackers to punch above their weight: Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate…
FBI, Secret Service join Kentucky investigation into $4 million cybercrime theft
Jonathan Greig reports: The government of Lexington, Kentucky is working with the FBI and Secret Service to investigate $4 million in federal rent assistance and housing funds allegedly stolen by cybercriminals. In a statement to The Record, Mayor Linda Gorton said the city is already taking internal steps to examine how cybercriminals managed to circumvent…
PA: Chester Upland schools victim of BEC scheme to the tune of $3 million
Alex Rose reports: Delaware County District Attorney Jack Stollsteimer announced Friday that an international thief or thieves stole approximately $3 million from the Chester Upland School District last year using a Florida woman as a “money mule,” but said it might have been much worse if not for the intervention of officials with the Department…
A huge phishing campaign has targeted over 130 companies, affecting Twilio and Signal
Jess Weatherbed reports: Over 130 organizations, including Twilio, DoorDash, and Cloudflare, have been potentially compromised by hackers as part of a months-long phishing campaign nicknamed “0ktapus” by security researchers. Login credentials belonging to nearly 10,000 individuals were stolen by attackers who imitated the popular single sign-on service Okta, according to a report from cybersecurity outfit Group-IB. Read more…