bolha.us

0 posts0 participants0 posts today

BiyteLümSIM swap attacks are one of the easiest ways hackers steal your accounts—all they need is your number.✅ How to protect yourself: ✔ Port your number to a VoIP provider (MySudo, JMP.chat) ✔ Use app-based 2FA (NO SMS 2FA!) ✔ Ask your carrier for a port-out PIN📌 Keep your number private. Keep your accounts safe.<a href="https://mastodon.social/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Privacy</a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://mastodon.social/tags/SIMSwap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SIMSwap</a> <a href="https://mastodon.social/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#2FA</a>

BiyteLüm📵 Your phone number is your weakest link.Hackers use SIM swap attacks to steal your number, reset your accounts, and bypass 2FA. It happens more than you think.💡 Protect yourself: ✔ Remove your number from important accounts (email, banking) ✔ Use app-based 2FA (Aegis, YubiKey, OTP)—NEVER SMS ✔ Ask your carrier for a port-out PIN📌 Your phone number shouldn’t be your identity.<a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://mastodon.social/tags/SIMSwap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SIMSwap</a> <a href="https://mastodon.social/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Privacy</a>

Kevin Karhan :verified:<a href="https://cyberplace.social/@GossiTheDog" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@GossiTheDog</a> the sheer fact that <a href="https://infosec.space/tags/MSPs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MSPs</a> & <a href="https://infosec.space/tags/CSPs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CSPs</a> can access clients' setups without proper <a href="https://infosec.space/tags/authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authorization</a> [including <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KYC</a> / <a href="https://infosec.space/tags/KYB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KYB</a>, <a href="https://infosec.space/tags/AuthCode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AuthCode</a>|s and proper authorization via contract] is already sickening.<ul><li><a href="https://cyberplace.social/@GossiTheDog/114104955818018205" rel="nofollow noopener noreferrer" target="_blank">This</a> literally begs to be abused via <a href="https://infosec.space/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SocialEngineering</a> / <a href="https://infosec.space/tags/SocialHacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SocialHacking</a> of <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> personnel or just blatant "<a href="https://infosec.space/tags/PrivilegueEscalation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PrivilegueEscalation</a>" through falsefully claiming to be a <a href="https://infosec.space/tags/MSP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MSP</a> / <a href="https://infosec.space/tags/CSP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CSP</a> contracted by the targeted company.</li></ul>Such fundamental <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ITsec</a> fuckups are reasons alone not to use <a href="https://infosec.space/tags/Azure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Azure</a> or any <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> products & services at all...<ul><li>I mean, it doesn't require <a href="https://infosec.space/tags/Mitnick" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mitnick</a>-level skills to pull this off, since it doesn't necessitate <a href="https://infosec.space/tags/Lapsus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Lapsus</a>-Style <a href="https://infosec.space/tags/SIMswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SIMswap</a> or other means to gain access...</li></ul>

Ducky Fella<a href="https://cupoftea.social/tags/PSA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PSA</a> for everyone who owns a mobile phone:Please please please enable <a href="https://cupoftea.social/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#2FA</a> on your mobile provider’s account. Please also set up a SIM PIN code if you’re still using a physical <a href="https://cupoftea.social/tags/SIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SIM</a> card. Why? Banks and other financial institutions that you use on a daily basis are still relying on (insecure!) telephone infrastructure to authenticate you. All it takes is for someone to trick your provider into issuing a new SIM to a different address and your savings could be gone! Fraudsters are relying on you not having these basic <a href="https://cupoftea.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> features switched on. Don’t make their job easy!<a href="https://cupoftea.social/tags/UK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UK</a> <a href="https://cupoftea.social/tags/UnitedKingdom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UnitedKingdom</a> <a href="https://cupoftea.social/tags/SimSwap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SimSwap</a>

ITSEC NewsSmashing Security podcast #404: Podcast not found - The story of how hackers managed to compromise the US Government's official SEC Twitter a... <a href="https://grahamcluley.com/smashing-security-podcast-404/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://grahamcluley.com/smashing-security-podcast-404/</a> <a href="https://schleuss.online/tags/artificialintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#artificialintelligence</a> <a href="https://schleuss.online/tags/smashingsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#smashingsecurity</a> <a href="https://schleuss.online/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://schleuss.online/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreach</a> <a href="https://schleuss.online/tags/law%E2%84%B4" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lawℴ</a> <a href="https://schleuss.online/tags/dataloss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dataloss</a> <a href="https://schleuss.online/tags/podcast" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#podcast</a> <a href="https://schleuss.online/tags/twitter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#twitter</a> <a href="https://schleuss.online/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://schleuss.online/tags/simswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#simswap</a> <a href="https://schleuss.online/tags/ai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ai</a>

The New OilHacker pleads guilty to <a href="https://mastodon.thenewoil.org/tags/SIMswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SIMswap</a> attack on <a href="https://mastodon.thenewoil.org/tags/US" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#US</a> <a href="https://mastodon.thenewoil.org/tags/SEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SEC</a> <a href="https://mastodon.thenewoil.org/tags/X" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#X</a> account<a href="https://www.bleepingcomputer.com/news/security/hacker-pleads-guilty-to-sim-swap-attack-on-us-sec-x-account/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/hacker-pleads-guilty-to-sim-swap-attack-on-us-sec-x-account/</a><a href="https://mastodon.thenewoil.org/tags/Twitter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Twitter</a> <a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.thenewoil.org/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a>

BrianKrebsFeds Charge Five Men in 'Scattered Spider' RoundupFederal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio.Two of the accused I've written about extensively already. Today's story looks at how several of these guys were caught. For example:"The phishing kits used for these campaigns featured a hidden Telegram instant message bot that forwarded any submitted credentials in real-time. In August 2022, multiple security firms gained access to the server that was receiving data from that Telegram bot, which on several occasions leaked the Telegram ID and handle of its developer, who used the nickname "Joeleoli."<a href="https://krebsonsecurity.com/2024/11/feds-charge-five-men-in-scattered-spider-roundup/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://krebsonsecurity.com/2024/11/feds-charge-five-men-in-scattered-spider-roundup/</a><a href="https://infosec.exchange/tags/scatteredspider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scatteredspider</a> <a href="https://infosec.exchange/tags/fbi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fbi</a> <a href="https://infosec.exchange/tags/simswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#simswap</a>

Recent searches

Search options

Administered by:

Server stats:

#simswap