Collaborate Disseminate
The problem with using Social Security numbers to authenticate consumers goes much deeper than Experian, experts say.
The post Experian tool exposed partial Social Security numbers, putting customers at risk appeared first on CyberScoop.
Continue reading Experian tool exposed partial Social Security numbers, putting customers at risk
I already have an authenticator for Amazon AWS, and I’m being regularly asked to add an SMS 2FA as well.
If I add SMS MFA, will I become vulnerable to sim-swapping attacks on that MFA?
Same thing with many other services, I already have au… Continue reading Is asking users to enrol in SMS 2FA when they already have an authenticator good security practise?
A Florida teenager who served as a lackey for a cybercriminal group that specializes in cryptocurrency thefts was beaten and kidnapped last week by a rival cybercrime gang. The teen’s captives held guns to his head while forcing him to record a video message pleading with his crew to fork over a $200,000 ransom in exchange for his life. The youth is now reportedly cooperating with U.S. federal investigators, who are responding to an alarming number of reports of physical violence tied to certain online crime communities. Continue reading SIM Swapper Abducted, Beaten, Held for $200k Ransom
Three men in the United Kingdom were arrested this month after police responding to an attempted break-in at a residence stopped their car as they fled the scene. The authorities found weapons and a police uniform in the trunk, and say the trio intended to assault a local man and force him to hand over virtual currencies. Continue reading Botched Crypto Mugging Lands Three U.K. Men in Jail
A 21-year-old New Jersey man has been arrested and charged with stalking in connection with a federal investigation into groups of cybercriminals who are settling scores by hiring people to carry out physical attacks on their rivals. Prosecutors say the defendant recently participated in several of these schemes — including firing a handgun into a Pennsylvania home and torching a residence in another part of the state with a Molotov Cocktail. Continue reading Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire
KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of company projects. T-Mobile says no customer or government information was stolen in the intrusion.
LAPSUS$ is known for stealing data and then demanding a ransom not to publish or sell it. But the leaked chats indicate this mercenary activity was of little interest to the tyrannical teenage leader of LAPSUS$, whose obsession with stealing and leaking proprietary computer source code from the world’s largest tech companies ultimately led to the group’s undoing. Continue reading Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code
Microsoft and identity management platform Okta both disclosed this week breaches involving LAPSUS$, a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish the information unless a ransom demand is paid. Here’s a closer look at LAPSUS$, and some of the low-tech but high-impact methods the group uses to gain access to targeted organizations. Continue reading A Closer Look at the LAPSUS$ Data Extortion Group
The FCC is exploring updating data breach laws for telecom carriers, the agency announced Wednesday. “Current law already requires telecommunications carriers to protect the privacy and security of sensitive customer information,” said FCC Chairwoman Jessica Rosenworcel. “But these rules need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers.” One key change suggested in the proposal is eliminating the seven-business-day waiting period required of businesses before notifying customers of a breach. The proposed rule would also require carriers to report breaches to the FCC in addition to the FBI and U.S. Secret Service. Current FCC rules require that carriers over 5,000 or more customers notify the FCC of a data breach within seven days of discovery, while breaches affecting fewer than 5,000 customers must be reported no later than 30 days. The FCC proposal aims to “align the Commission’s rules […]
The post FCC wants to revamp data breach laws for telecom carriers appeared first on CyberScoop.
Continue reading FCC wants to revamp data breach laws for telecom carriers
By Waqas
T-Mobile is the only telecom giant to suffer at least three known data breaches in 2021.
This is a post from HackRead.com Read the original post: T-Mobile’s latest data breach exposed users to SIM swapping attacks
Continue reading T-Mobile’s latest data breach exposed users to SIM swapping attacks
A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent “SIM swaps,” scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identities. Continue reading NY Man Pleads Guilty in $20 Million SIM Swap Theft