 | CISA says crooks used Ivanti bugs to snoop around high-risk chemical facilities
2024-06-25 [theregister.co.uk]
Crafty crims broke in but encryption stopped any nastiness
US cybersecurity agency CISA is urging high-risk chemical facilities to secure their online accounts after someone broke into its Chemical Security Assessment Tool (CSAT) portal. Details >
|
| Amtrak confirms crooks are breaking into user accounts, derailing email addresses
2024-06-19 [theregister.co.uk]
Rail company goes full steam ahead with notification letters to Rewards customers about spilled card details and more
US rail company Amtrak is writing to users of its Guest Rewards program to inform them that their data is potentially at risk following a derailment of their account security. Details >
|
| Amtrak confirms crooks are breaking into user accounts, derailing email addresses
2024-06-19 [theregister.co.uk]
Rail company goes full steam ahead with notification letters to Rewards customers about spilled card details and more
US rail company Amtrak is writing to users of its Guest Rewards program to inform them that their data is potentially at risk following a derailment of their account security. Details >
|
| SIM swap crooks solicit T-Mobile US, Verizon staff via text to do their dirty work
2024-04-16 [theregister.co.uk]
No breach responsible for employee contact info getting out, says T-Mo
T-Mobile US employees say they are being sent text messages that offer them cash to perform illegal SIM swaps for supposed criminals. Details >
|
| Google bakes new cookie strategy that will leave crooks with a bad taste
2024-04-03 [theregister.co.uk]
Device Bound Session Credentials said to render cookie theft useless
Google reckons that cookie theft is a problem for users, and is seeking to address it with a mechanism to tie authentication data to a specific device, rendering any stolen cookies useless. Details >
|
| U-Haul tells 67K customers that cyber-crooks drove away with their personal info
2024-02-23 [theregister.co.uk]
Thieves broke into IT system using stolen login
U-Haul is alerting tens of thousands of folks that miscreants used stolen credentials to break into one of its systems and access customer records that contained some personal data. Details >
|
| Crooks hook hundreds of exec accounts after phishing in Azure C-suite pond
2024-02-13 [theregister.co.uk]
Plenty of successful attacks observed with dangerous follow-on activity
The number of senior business executives stymied by an ongoing phishing campaign continues to rise with cybercriminals registering hundreds of cloud account takeovers (ATOs) since spinning it up in November. Details >
|
| Meet VexTrio, a network of 70K hijacked websites crooks use to sling malware, fraud
2024-02-10 [theregister.co.uk]
Some useful indicators of compromise right here
More than 70,000 presumably legit websites have been hijacked and drafted into a network that crooks use to distribute malware, serve phishing pages, and share other dodgy stuff, according to researchers. Details >
|
| Money-grubbing crooks abuse OAuth
2023-12-14 [theregister.co.uk]
Business email compromise, illicit cryptomining, phishing ... if it makes a dollar, this lot do it
Multiple miscreants are misusing OAuth to automate financially motivated cyber crimes Details >
|
| Caesars says cyber-crooks stole customer data as MGM casino outage drags on
2023-09-14 [theregister.co.uk]
Zero-days are so 2022. Why not just social engineer the help desk?
Casino giant Caesars Entertainment has confirmed miscreants stole a database containing customer info, including driver license and social security numbers for a "significant number" of its loyalty program members, in a social engineering attack earlier this month. Details >
|
