GoDaddy Employees Tricked into Compromising Cryptocurrency Sites

‘Vishing’ attack on GoDaddy employees gave fraudsters access to cryptocurrency service domains NiceHash, Liquid. Continue reading GoDaddy Employees Tricked into Compromising Cryptocurrency Sites

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world’s largest domain name registrar, KrebsOnSecurity has learned. Continue reading GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Two Charged in SIM Swapping, Vishing Scams

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Continue reading Two Charged in SIM Swapping, Vishing Scams

New York regulator faults Twitter for lax security measures prior to big account breach

The scammers who hijacked celebrity Twitter accounts to promote cryptocurrency in July did so by posing as a customer support team in a breach that caught Twitter’s security team flat-footed, a New York regulator said in a report Wednesday. The investigation from New York’s Department of Financial Services faulted Twitter for not heightening security measures for telework during the coronavirus pandemic, and called for regulation of social media companies to force better cybersecurity practices. “Social-media platforms have quickly become the leading source of news and information, yet no regulator has adequate oversight of their cybersecurity,” Linda Lacewell, Superintendent of FinancialServices, said in a statement. “The fact that Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer.” According to the report, attackers posed as Twitter’s IT department and phoned Twitter employees to discuss an apparent problem with their virtual provide networking (VPN) connection, a  security technology that […]

The post New York regulator faults Twitter for lax security measures prior to big account breach appeared first on CyberScoop.

Continue reading New York regulator faults Twitter for lax security measures prior to big account breach

FBI, CISA Echo Warnings on ‘Vishing’ Threat

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “vishing” attacks targeting companies. The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that people can hire to steal VPN credentials and other sensitive data from employees working remotely during the Coronavirus pandemic. Continue reading FBI, CISA Echo Warnings on ‘Vishing’ Threat

FBI, CISA Echo Warnings on ‘Vishing’ Threat

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “vishing” attacks targeting companies. The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that people can hire to steal VPN credentials and other sensitive data from employees working remotely during the Coronavirus pandemic. Continue reading FBI, CISA Echo Warnings on ‘Vishing’ Threat