• chevron_right

      Comment les récentes fuites de données pourraient être réutilisées pour les J0 2024

      news.movim.eu / Numerama · Thursday, 28 March - 14:41

    Les récentes cyberattaques contre la FFF, France Travail ou les mutuelles offrent une base de données « fraiches » que les cybercriminels pourraient exploiter en vue des Jeux Olympiques à Paris cet été.

    • chevron_right

      “MFA Fatigue” attack targets iPhone owners with endless password reset prompts

      news.movim.eu / ArsTechnica · Wednesday, 27 March - 18:10

    iPhone showing three password reset prompts

    Enlarge / They look like normal notifications, but opening an iPhone with one or more of these stacked up, you won't be able to do much of anything until you tap "Allow" or "Don't Allow." And they're right next to each other. (credit: Kevin Purdy)

    Human weaknesses are a rich target for phishing attacks. Making humans click "Don't Allow" over and over again in a phone prompt that can't be skipped is an angle some iCloud attackers are taking—and likely having some success.

    Brian Krebs' at Krebs on Security detailed the attacks in a recent post , noting that "MFA Fatigue Attacks" are a known attack strategy . By repeatedly hitting a potential victim's device with multifactor authentication requests, the attack fills a device's screen with prompts that typically have yes/no options, often very close together. Apple's devices are just the latest rich target for this technique.

    Both the Kremlin-backed Fancy Bear advanced persistent threat group and a rag-tag bunch of teenagers known as Lapsus$ have been known to use the technique, also known as MFA prompt bombing , successfully.

    Read 11 remaining paragraphs | Comments

    • chevron_right

      How China gets free intel on tech companies’ vulnerabilities

      news.movim.eu / ArsTechnica · Thursday, 7 September, 2023 - 13:14

    image related to hacking and China

    Enlarge (credit: Wired staff; Getty Images)

    For state-sponsored hacking operations, unpatched vulnerabilities are valuable ammunition. Intelligence agencies and militaries seize on hackable bugs when they're revealed—exploiting them to carry out their campaigns of espionage or cyberwar—or spend millions to dig up new ones or to buy them in secret from the hacker gray market.

    But for the past two years, China has added another approach to obtaining information about those vulnerabilities: a law that simply demands that any network technology business operating in the country hand it over. When tech companies learn of a hackable flaw in their products, they’re now required to tell a Chinese government agency—which, in some cases, then shares that information with China's state-sponsored hackers, according to a new investigation. And some evidence suggests foreign firms with China-based operations are complying with the law, indirectly giving Chinese authorities hints about potential new ways to hack their own customers.

    Read 22 remaining paragraphs | Comments

    • chevron_right

      Still using authenticators for MFA? Software for sale can hack you anyway

      news.movim.eu / ArsTechnica · Tuesday, 14 March, 2023 - 20:09

    Software for sale is fueling a torrent of phishing attacks that bypass MFA

    Enlarge (credit: Getty Images)

    Microsoft on Tuesday profiled software for sale in online forums that makes it easy for criminals to deploy phishing campaigns that successfully compromise accounts, even when they’re protected by the most common form of multi-factor authentication.

    The phishing kit is the engine that’s powering more than 1 million malicious emails each day, researchers with the Microsoft Threat Intelligence team said . The software, which sells for $300 for a standard version and $1,000 for VIP users, offers a variety of advanced features for streamlining the deployment of phishing campaigns and increasing their chances of bypassing anti-phishing defenses.

    One of the most salient features is the built-in ability to bypass some forms of multi-factor authentication. Also known as MFA, two-factor authentication, or 2FA, this protection requires account holders to prove their identity not only with a password but also by using something only they own (such as a security key or authenticator app) or something only they are (such as a fingerprint or facial scan). MFA has become a major defense against account takeovers because the theft of a password alone isn’t sufficient for an attacker to gain control.

    Read 8 remaining paragraphs | Comments

    • chevron_right

      I’m a security reporter and got fooled by a blatant phish

      news.movim.eu / ArsTechnica · Thursday, 11 August, 2022 - 22:57 · 1 minute

    This is definitely not a Razer mouse—but you get the idea.

    Enlarge / This is definitely not a Razer mouse—but you get the idea. (credit: calvio via Getty Images )

    There has been a recent flurry of phishing attacks so surgically precise and well-executed that they've managed to fool some of the most aware people working in the cybersecurity industry. On Monday, Tuesday, and Wednesday, two-factor authentication provider Twilio, content delivery network Cloudflare, and network equipment maker Cisco said phishers in possession of phone numbers belonging to employees and employee family members had tricked their employees into revealing their credentials. The phishers gained access to internal systems of Twilio and Cisco. Cloudflare's hardware-based 2FA keys prevented the phishers from accessing its systems.

    The phishers were persistent, methodical and had clearly done their homework. In one minute, at least 76 Cloudflare employees received text messages that used various ruses to trick them into logging into what they believed was their work account. The phishing website used a domain (cloudflare-okta.com) that had been registered 40 minutes before the message flurry, thwarting a system Cloudflare uses to be alerted when the domains using its name are created (presumably because it takes time for new entries to populate). The phishers also had the means to defeat forms of 2FA that rely on one-time passwords generated by authenticator apps or sent through text messages.

    Creating a sense of urgency

    Like Cloudflare, both Twilio and Cisco received text messages or phone calls that were also sent under the premise that there were urgent circumstances—a sudden change in a schedule, a password expiring, or a call under the guise of a trusted organization—necessitating that the target takes action quickly.

    Read 14 remaining paragraphs | Comments

    • chevron_right

      Phishers who breached Twilio and fooled Cloudflare could easily get you, too

      news.movim.eu / ArsTechnica · Tuesday, 9 August, 2022 - 23:33

    Phishers who breached Twilio and fooled Cloudflare could easily get you, too

    Enlarge (credit: Getty Images)

    At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not just employees but employees' family members as well.

    In the case of Twilio, a San Francisco-based provider of two-factor authentication and communication services, the unknown hackers succeeded in phishing the credentials of an undisclosed number of employees and, from there, gained unauthorized access to the company's internal systems, the company said . The threat actor then used that access to data in an undisclosed number of customer accounts.

    Two days after Twilio's disclosure, content delivery network Cloudflare, also headquartered in San Francisco, revealed it had also been targeted in a similar manner. Cloudflare said that three of its employees fell for the phishing scam, but that the company's use of hardware-based MFA keys prevented the would-be intruders from accessing its internal network.

    Read 10 remaining paragraphs | Comments

    • chevron_right

      SMS Phishing Attacks are on the Rise

      Bruce Schneier · news.movim.eu / Schneier · Monday, 2 May, 2022 - 21:50

    SMS phishing attacks — annoyingly called “smishing” — are becoming more common .

    I know that I have been receiving a lot of phishing SMS messages over the past few months. I am not getting the “Fedex package delivered” messages the article talks about. Mine are usually of the form: “Thank you for paying your bill, here’s a free gift for you.”

    • chevron_right

      Phishing : sur la messagerie Signal, un faux Amazon fait « gagner » des iPhone 12

      Nelly Lesage · news.movim.eu / Numerama · Wednesday, 17 February, 2021 - 15:49

    Les phishings débarquent sur l'app Signal. Au menu ce 17 février : un faux jeu concours avec un iPhone 12 Pro à la clé. [Lire la suite]

    Abonnez-vous à notre chaîne YouTube pour ne manquer aucune vidéo !

    L'article Phishing : sur la messagerie Signal, un faux Amazon fait « gagner » des iPhone 12 est apparu en premier sur Numerama .

    • chevron_right

      Police Have Disrupted the Emotet Botnet

      Bruce Schneier · news.movim.eu / Schneier · Thursday, 28 January, 2021 - 16:09 · 1 minute

    A coordinated effort has captured the command-and-control servers of the Emotet botnet:

    Emotet establishes a backdoor onto Windows computer systems via automated phishing emails that distribute Word documents compromised with malware . Subjects of emails and documents in Emotet campaigns are regularly altered to provide the best chance of luring victims into opening emails and installing malware ­ regular themes include invoices, shipping notices and information about COVID-19 .

    Those behind the Emotet lease their army of infected machines out to other cyber criminals as a gateway for additional malware attacks, including remote access tools (RATs) and ransomware .


    A week of action by law enforcement agencies around the world gained control of Emotet’s infrastructure of hundreds of servers around the world and disrupted it from the inside.

    Machines infected by Emotet are now directed to infrastructure controlled by law enforcement, meaning cyber criminals can no longer exploit machines compromised and the malware can no longer spread to new targets, something which will cause significant disruption to cyber-criminal operations.


    The Emotet takedown is the result of over two years of coordinated work by law enforcement operations around the world, including the Dutch National Police, Germany’s Federal Crime Police, France’s National Police, the Lithuanian Criminal Police Bureau, the Royal Canadian Mounted Police, the US Federal Bureau of Investigation, the UK’s National Crime Agency, and the National Police of Ukraine.