Feds Charge Five Men in ‘Scattered Spider’ Roundup

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio. Continue reading Feds Charge Five Men in ‘Scattered Spider’ Roundup

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. Continue reading Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022. Continue reading Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

How Do Some Companies Get Compromised Again and Again?

Hack me once, shame on thee. Hack me twice, shame on me. The popular email marketing company, MailChimp, suffered a data breach last year after cyberattackers exploited an internal company tool to gain access to customer accounts. The criminals were able to look at around 300 accounts and exfiltrate data on 102 customers. They also […]

The post How Do Some Companies Get Compromised Again and Again? appeared first on Security Intelligence.

Continue reading How Do Some Companies Get Compromised Again and Again?

FanDuel gamblers warned of phishing threat after data breach at Mailchimp

The important thing to realise about the most recently-reported data breach at email newsletter service Mailchimp is that it’s not just Mailchimp’s customer data that was put at risk.

Even if you’re not personally a customer of Mailchimp, even if yo… Continue reading FanDuel gamblers warned of phishing threat after data breach at Mailchimp

Mailchimp slips up again, suffers security breach after falling on social engineering banana skin

For the second time in less than a year, email newsletter service Mailchimp has found itself in the embarrassing position of admitting it has suffered a data breach, putting its customers’ subscribers at risk. Continue reading Mailchimp slips up again, suffers security breach after falling on social engineering banana skin

How 1-Time Passcodes Became a Corporate Liability

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. Continue reading How 1-Time Passcodes Became a Corporate Liability