For the second time in less than a year, email newsletter service Mailchimp has found itself in the embarrassing position of admitting it has suffered a data breach, putting its customers' subscribers at risk.
Category: Social Engineering
It’s big:
The breach appeared to have compromised many of Uber’s internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times.
“They pretty much have full access to Uber,” said Sam Curry, a security engineer at Yuga Labs who corresponded with the person who claimed to be responsible for the breach. “This is a total compromise, from what it looks like.”
It looks like a pretty basic phishing attack; someone gave the hacker their login credentials. And because Uber has lousy internal security, lots of people have access to everything. So once a hacker gains a foothold, they have access to everything.
This is the same thing that Mudge accuses Twitter of: too many employees have broad access within the company’s network.
More details. Slashdot thread.
EDITED TO ADD (9/20): More details.
Friends don't let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples...
In what appears as an operation first of its kind, Interpol has arrested over 2000 criminals who launched social engineering attacks worldwide. The operation to nab thousands of cyber criminals at a time was named ‘ First Light 2022’ and was performed with the coordination of police forces from about 76 countries.
Social engineering attacks are crimes that involve business email compromise, job scams, X-rated scams using beautiful faces of women, mainly models, telephone scams, money laundering, and identity theft.
Usually, in such scams, cybercriminals manipulate victims in the disguise of company employees or individuals. But in reality, they pose as others and perform acts in such a way that the victim reveals sensitive info, such as bank account details or e-wallet information disclosure.
Coming to the First Light 2022, the operation of nab criminals took place at 1770 locations on a worldwide note, and over 3000 suspects were identified. But only 2K of them were taken into custody with valid evidence and over 4,300 bank accounts related to them were frozen and $50 million world USD was intercepted or seized.
As the IT working community followed a strict Work From Home(WFH) culture, there has been a rise in the number of internet scams. This is where a notable rise in internet scams was observed when people were being trapped with lucrative job offers that instead turned into forced labor, flesh trade, and captivity in casinos or transport containers.
Cyber crooks witnessed a rise in opportunities from WFH culture as they launched innovative cyber scams that led to a rise in social engineering attacks in novel forms.
Interpol’s First Light 2022 project took shape in September 2021 and analyzed various scams and track them accordingly. In February this year, they shared their analysis and nabbing plan with the law enforcement authorities of about 82 countries and launched the program to nab cyber criminals.
As the operation was well coordinated, Interpol nabbed 60% of the criminals taking part in social engineering attacks.
More details about the scam will be updated shortly!
The post Interpol arrests 2000 criminals launching social engineering attacks appeared first on Cybersecurity Insiders.
Law enforcement agencies around the world appear to have scored a major victory in the fight against fraudsters, in an operation which has seized tens of millions of dollars and seen more than 2000 people arrested.
Read more in my article on the Tripwire State of Security blog.
Cloud computing has emerged as the go-to organizational workload choice because of its innate scalability and flexibility. However, cloud computing still comes with some security risks. Examining cloud security is an important part of adopting this new technology. Presently, cloud-native security is experiencing changes and innovations that help address security threat vectors. These areas are […]… Read More
The post 6 Critical Areas of Cloud-Native Security That Are Influential in 2022 appeared first on The State of Security.
We all know about the attacker who leverages their technical expertise to infiltrate protected computer systems and compromise sensitive data. This type of malicious actor ends up in the news all the time. But they’re not the only ones making headlines. So too are “social engineers,” individuals who use phone calls and other media to […]… Read More
The post 5 Social Engineering Attacks to Watch Out For appeared first on The State of Security.