Twilio has confirmed that an unsecured API endpoint allowed threat actors to access phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-04 08:07:202024-07-04 08:07:20Hackers abused API to verify millions of Authy MFA phone numbers
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-04 07:10:102024-07-04 07:10:10Twilio Confirms Data Breach After Hackers Leak 33M Authy User Phone Numbers
Brazil’s data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has temporarily banned Meta from processing users’ personal data to train the company’s artificial intelligence (AI) algorithms.
The ANPD said it found “evidence of processing of personal data based on inadequate legal hypothesis, lack of transparency, limitation of the rights of data subjects, and risks to
A coordinated law enforcement operation codenamed MORPHEUS has felled close to 600 servers that were used by cybercriminal groups and were part of an attack infrastructure associated with the Cobalt Strike.
The crackdown targeted older, unlicensed versions of the Cobalt Strike red teaming framework between June 24 and 28, according to Europol.
Of the 690 IP addresses that were flagged to
Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users’ cell phone numbers.
The company said it took steps to secure the endpoint to no longer accept unauthenticated requests.
The development comes days after an online persona named ShinyHunters
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-03 21:08:362024-07-03 21:08:36Any IoT Device Can Be Hacked, Even Grills
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-03 20:07:182024-07-03 20:07:18Bay Area Credit Union Struggles to Recover After Ransomware Attack
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-03 19:08:182024-07-03 19:08:18Europol Announces Crackdown on Cobalt Strike Servers Used by Cybercriminals
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-03 19:08:182024-07-03 19:08:18Networking Without the Hangover
Australian cops arrest man found with a portable Wi-Fi access device in his carry-on luggage, allegedly used for standing up scam Wi-Fi networks on flights.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-07-03 18:06:342024-07-03 18:06:34Hacker Busted for ‘Evil Twin’ Wi-Fi That Steals Airline Passenger Data
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Hackers abused API to verify millions of Authy MFA phone numbers
/in General NewsTwilio has confirmed that an unsecured API endpoint allowed threat actors to access phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks.
Cyware News – Latest Cyber News – Read More
Twilio Confirms Data Breach After Hackers Leak 33M Authy User Phone Numbers
/in General NewsTwilio has confirmed a data breach after hackers leaked 33 million phone numbers associated with the Authy app.
The post Twilio Confirms Data Breach After Hackers Leak 33M Authy User Phone Numbers appeared first on SecurityWeek.
SecurityWeek – Read More
Brazil Halts Meta’s AI Data Processing Amid Privacy Concerns
/in General NewsBrazil’s data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has temporarily banned Meta from processing users’ personal data to train the company’s artificial intelligence (AI) algorithms.
The ANPD said it found “evidence of processing of personal data based on inadequate legal hypothesis, lack of transparency, limitation of the rights of data subjects, and risks to
The Hacker News – Read More
Global Police Operation Shuts Down 600 Cybercrime Servers Linked to Cobalt Strike
/in General NewsA coordinated law enforcement operation codenamed MORPHEUS has felled close to 600 servers that were used by cybercriminal groups and were part of an attack infrastructure associated with the Cobalt Strike.
The crackdown targeted older, unlicensed versions of the Cobalt Strike red teaming framework between June 24 and 28, according to Europol.
Of the 690 IP addresses that were flagged to
The Hacker News – Read More
Twilio’s Authy App Breach Exposes Millions of Phone Numbers
/in General NewsCloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users’ cell phone numbers.
The company said it took steps to secure the endpoint to no longer accept unauthenticated requests.
The development comes days after an online persona named ShinyHunters
The Hacker News – Read More
Any IoT Device Can Be Hacked, Even Grills
/in General NewsResearchers uncover a way to hack the summer cookout — but firmware updates will stop that grilled meat (or tofu) from turning into an inedible mess.
darkreading – Read More
Bay Area Credit Union Struggles to Recover After Ransomware Attack
/in General NewsTens of thousands of Patelco customers remain without access to their accounts, with no estimates for when systems will be restored.
darkreading – Read More
Europol Announces Crackdown on Cobalt Strike Servers Used by Cybercriminals
/in General NewsEuropean law enforcement agency announces the takedown of nearly 600 Cobalt Strike servers linked to criminal activity.
The post Europol Announces Crackdown on Cobalt Strike Servers Used by Cybercriminals appeared first on SecurityWeek.
SecurityWeek – Read More
Networking Without the Hangover
/in General NewsHow Sober in Cyber is redefining professional connections in the security industry.
darkreading – Read More
Hacker Busted for ‘Evil Twin’ Wi-Fi That Steals Airline Passenger Data
/in General NewsAustralian cops arrest man found with a portable Wi-Fi access device in his carry-on luggage, allegedly used for standing up scam Wi-Fi networks on flights.
darkreading – Read More