ENAP (Empresa Nacional Del Petroleo), is a Chilean state-owned company engaged in the exploitation, production, refining, and marketing of oil and its derivatives. It reports administratively to the Ministry of Energy. As Nicolas Parra Tapia and Felipe Diaz Montero recently reported, well-known Nigerian cybercriminals had targeted ENAP in a wire transfer scheme. It was only…
Category: Phishing
More class action settlements and suits, Friday morning edition
PCS Revenue Control Systems data breach $1.135M class action settlement PCS Revenue Control Systems agreed to pay $1.135 million to resolve claims it failed to protect consumers from a data breach. The settlement benefits consumers whose personal information was compromised in a PCS Revenue Control Systems data breach between May 19, 2017, and Dec. 19,…
Twilio hacked by phishing campaign targeting internet companies
Carly Page reports: Communications giant Twilio has confirmed hackers accessed customer data after successfully tricking employees into handing over their corporate login credentials. The San Francisco-based company, which allows users to build voice and SMS capabilities — such as two-factor authentication (2FA) — into applications, said in a blog post published Monday that it became aware that someone gained…
Salinas Valley Memorial Healthcare System settles class action lawsuit for $340K
Salinas Valley Memorial Healthcare System has agreed to pay $340,000 to resolve claims lax cybersecurity resulted in a 2020 data breach. Five employee and contractor email addresses were reportedly compromised in April, May and June of 2020 through a phishing scheme. As Salinas claimed in their notification of July 1, 2020: On April 30, 2020,…
Snapchat, Amex sites abused in Microsoft 365 phishing attacks
Sergiu Gatlan reports: Attackers abused open redirects on the websites of Snapchat and American Express in a series of phishing attacks to steal Microsoft 365 credentials. Open redirects are web app weaknesses that allow threat actors to use the domains of trusted organizations and websites as temporary landing pages to simplify phishing attacks. Read more at…
Microsoft accounts targeted with new MFA-bypassing phishing kit
Bill Toulas reports: A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication. Researchers believe the campaign’s goal is to breach corporate accounts to conduct BEC (business email compromise) attacks, diverting payments to bank accounts under their control using falsified documents. The phishing campaign’s…