Lawrence Abrams reports: Cybercriminals are exploiting a trick to turn off Apple iMessage’s built-in phishing protection for a text and trick users into re-enabling disabled phishing links. With so much of our daily activities done from our mobile devices, whether paying bills, shopping, or communicating with friends and colleagues, threat actors increasingly conduct smishing (SMS phishing)…
Category: Phishing
KY: Personal data of Boone, Kenton County students breached, school officials say
Danielle Goodman reports: Personal data from current and former students in Boone and Kenton County school districts may have been accessed and copied in cyber attacks earlier this month, according to school district announcements. School district officials said the data breaches appear to have stemmed from phishing schemes, where cybercriminals trick users into providing sensitive…
New FlowerStorm Microsoft phishing service fills void left by Rockstar2FA
Bill Toulas reports: A new Microsoft 365 phishing-as-a-service platform called “FlowerStorm” is growing in popularity, filling the void left behind by the sudden shutdown of the Rockstar2FA cybercrime service. First documented by Trustwave in late November 2024, Rockstar2FA operated as a PhaaS platform facilitating large-scale adversary-in-the-middle (AiTM) attacks targeting Microsoft 365 credentials. The service offered advanced evasion mechanisms, a user-friendly…
Illinois Department of Human Services phishing attack affected more than 1.1M public assistance clients
Their substitute notice, as published on Effingham Radio: Springfield, IL-(Effingham Radio)- Pursuant to the requirements of the Illinois Personal Information Protection Act (PIPA), 815 ILCS 530/12, the Illinois Department of Human Services (IDHS) is notifying the media of an incident within IDHS State of Illinois email accounts: On April 25, 2024, IDHS experienced a privacy breach….
Credential phishing attacks up over 700 percent
Ian Barker reports: Phishing remains one of the most significant cyber threats impacting organizations worldwide and a new report shows credential theft attacks surged dramatically in the second half of 2024, rising by 703 percent. The report from SlashNext shows that overall, email-based threats rose by 202 percent over the same period, with individual users receiving…
Alleged ShinyHunters member returned to France after prison in the U.S., now facing French charges
On January 9, 2024, DataBreaches reported that French national Sébastien Raoult had been sentenced in a Seattle federal court, but might be out in 11 months. As a suspected member of ShinyHunters, Raoult (aka “Sezyo Kaizen”) had been extradited to the U.S. after being detained in Morocco on his way home to France from a…