FBI warns of phishing targeting high-profile brands’ customers
Bleeping Computer, Sergiu Gatlan
“When cyber criminals gain access to a consumer’s online and email accounts, cyber criminals may be able to intercept emails with 2FA codes that are used to make significant changes to online accounts, update passwords, verify user access, or change security rules and setup before the account owner is notified and aware.” Read More
Holiday Scams Drive SMS Phishing Attacks
Dark Reading, Robert Lemos
“As the holidays approach, the volume of short message service (SMS) phishing has almost doubled from the same period in the prior year, continuing a trend of SMS-text phishing growing as a vector to attack mobile users and their devices.” Read More
GoDaddy security breach impacts more than 1 million WordPress users
Tech Republic, Lance Whitney
“The hosting company discovered unauthorizing access by a third party to its Managed WordPress hosting environment. [It] found that the third party used a compromised password to access the provisioning system in its legacy code base for Managed WordPress.” Read More
Hackers Exploit ProxyLogon and ProxyShell Bugs in Phishing Blitz
Infosecurity Magazine, Phil Muncaster
“Delivering the malicious spam using this technique to reach all the internal domain users will decrease the possibility of detecting or stopping the attack, as the mail getaways will not be able to filter or quarantine any of these internal emails.” Read More
Verizon’s Visible cell customers hacked, leading to unauthorized purchases
ARS Technica, Ax Sharma
“We have learned of an incident wherein information on some member accounts was changed without their authorization. … Our investigation indicates that threat actors were able to access username/passwords from outside sources and exploit that information to log in to Visible accounts.” Read More