When Low-Tech Hacks Cause High-Impact Breaches

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group.  But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website. Continue reading When Low-Tech Hacks Cause High-Impact Breaches

An IBM Hacker Breaks Down High-Profile Attacks

On September 19, 2022, an 18-year-old cyberattacker known as “teapotuberhacker” (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then posted those videos on the fan website GTAForums.com. Gamers got an unsanctioned sneak peek of […]

The post An IBM Hacker Breaks Down High-Profile Attacks appeared first on Security Intelligence.

Continue reading An IBM Hacker Breaks Down High-Profile Attacks

The Original APT: Advanced Persistent Teenagers

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. But few organizations have a playbook for responding to the kinds of virtual “smash and grab” attacks we’ve seen recently from LAPSUS$, a juvenile data extortion group whose short-lived, low-tech and remarkably effective tactics are putting some of the world’s biggest corporations on edge. Continue reading The Original APT: Advanced Persistent Teenagers

SMS About Bank Fraud as a Pretext for Voice Phishing

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional phishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text. Continue reading SMS About Bank Fraud as a Pretext for Voice Phishing

Vishing Attacks Are on The Rise

Companies are becoming more aware of potential cybersecurity threats and taking measures to protect their critical assets and increase security. However, one aspect of cyberattacks that often goes unforeseen (until…
The post Vishing Attacks Are on Th… Continue reading Vishing Attacks Are on The Rise

Amazon-Themed Phishing Campaigns Swim Past Security Checks

A pair of recent campaigns aim to lift credentials and other personal information under the guise of Amazon package-delivery notices. Continue reading Amazon-Themed Phishing Campaigns Swim Past Security Checks

A Deepfake Deep Dive into the Murky World of Digital Imitation

Deepfake technology is becoming easier to create – and that’s opening the door for a new wave of malicious threats, from revenge porn to social-media misinformation. Continue reading A Deepfake Deep Dive into the Murky World of Digital Imitation