Twilio

SMiShing in Social Engineering News
Social-Engineer | | Cybersecurity, General, Information Security, Protect Yourself, security awareness training, smishing, social engineering, social engineering attack, Twilio
SMiShing uses SMS (Short Message Service) as the attack vector. The attacker’s objective is to trick the target into installing […] ...

0ktapus/‘Scatter Swine’ Hacking Gang Stole 10,000 Corp Logins via Twilio
Richi Jennings | | 0ktapus, 2fa, Authy, FIDO, FIDO2, Look at them evil bogeymen rampaging through our poor downtrodden networks, Okta, Phishing, SB Blogwatch, Scatter Swine, smishing, Twilio, WebAuthn
More on the Twilio débâcle from earlier this month: Researchers reveal the hackers swiped at least 9,931 user credentials from more than 130 organizations ...
Security Boulevard

How 1-Time Passcodes Became a Corporate Liability
BrianKrebs | | 0ktapus, Christopher Knauer, CloudFlare, Data breaches, DigitalOcean, DoorDash, Group-IB, Klaviyo, MailChimp, Matthew Prince, Security Keys, Security Tools, signal, Sitel Group, T-Mobile, Teleperformance, Twilio, Twitter, Web Fraud 2.0
Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world's largest technology companies and customer support firms. A recent ...

Responding to the Twilio SMS Incident with Obsidian
Earlier this month, Twilio shared publicly that they had been targeted with an ongoing social-engineering phishing scam via SMS. This is the latest in a string of recent sophisticated breaches gaining access ...

Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser
Tom Eston | | Attack, Cybersecurity, Data breach, Data Privacy, Digital Privacy, Episodes, facebook, Information Security, Infosec, Instagram, Mobile, Multi-Factor Authentication, Podcast, Privacy, Ransomware, security, signal, SMS, technology, tracking, Twilio, web browser, Weekly Edition
A Cisco employee was compromised by a ransomware gang using a technique called multi-factor authentication fatigue, an attack on the Signal messenger app’s SMS service Twilio potentially disclosed the phone numbers of ...

Twilio Fails Simple Test — Leaks Private Data via Phishing
Richi Jennings | | 2fa, Authy, Phishing, SB Blogwatch, smishing, Twilio, We’re using weasel words to set your mind at rest when we really have no idea
Twilio (NYSE:TWLO) customer data has leaked—after a simple phishing attack on employees ...
Security Boulevard

Fighting Fake EDRs With ‘Credit Ratings’ for Police
BrianKrebs | | A Little Sunshine, Apple, ATT, Coinbase, Discord, emergency data request, FBI, GitHub, google, Kodex, linkedin, Matt Donahue, Meta, Microsoft, Snapchat, T-Mobile, The Coming Storm, TikTok, Twilio, Twitter, verizon, Web Fraud 2.0
When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts ...

Sendgrid Under Siege from Hacked Accounts
BrianKrebs | | A Little Sunshine, CAUCE, Invaluement.com, Kromatix, Neil Schwartzman, Rob McEwen, Sendgrid, Steve Pugh, The Coming Storm, Twilio
Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid's ...