Carly Page reports: Communications giant Twilio has confirmed hackers accessed customer data after successfully tricking employees into handing over their corporate login credentials. The San Francisco-based company, which allows users to build voice and SMS capabilities — such as two-factor authentication (2FA) — into applications, said in a blog post published Monday that it became aware that someone gained…
Category: Phishing
Salinas Valley Memorial Healthcare System settles class action lawsuit for $340K
Salinas Valley Memorial Healthcare System has agreed to pay $340,000 to resolve claims lax cybersecurity resulted in a 2020 data breach. Five employee and contractor email addresses were reportedly compromised in April, May and June of 2020 through a phishing scheme. As Salinas claimed in their notification of July 1, 2020: On April 30, 2020,…
Snapchat, Amex sites abused in Microsoft 365 phishing attacks
Sergiu Gatlan reports: Attackers abused open redirects on the websites of Snapchat and American Express in a series of phishing attacks to steal Microsoft 365 credentials. Open redirects are web app weaknesses that allow threat actors to use the domains of trusted organizations and websites as temporary landing pages to simplify phishing attacks. Read more at…
Microsoft accounts targeted with new MFA-bypassing phishing kit
Bill Toulas reports: A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication. Researchers believe the campaign’s goal is to breach corporate accounts to conduct BEC (business email compromise) attacks, diverting payments to bank accounts under their control using falsified documents. The phishing campaign’s…
DeBridge Team Foils Possible Lazarus Group Cyberattack
Tom Carreras reports: North Korean hacking syndicate Lazarus Group is thought to be behind a failed cyberattack on deBridge Finance yesterday. […] According to Smirnov, several members of the deBridge team received emails yesterday with PDFs attached to them entitled “New Salary Adjustments.” Downloading the file and submitting password information would have unleashed a data-collecting…
Methodist Hospitals data breach $425K class action settlement
Top Class Actions reports a settlement in a lawsuit stemming from a 2019 phishing incident that reportedly impacted or potentially impacted 68,039 patients: The Methodist Hospitals Inc. has agreed to pay up to $425,00 to settle a class action lawsuit that alleges it failed to adequately protect patients’ personal information from being exposed in a…