Jonathan Care’s Post

#Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of #Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. Authy is a mobile app that generates multi-factor authentication codes at websites where you have MFA enabled. In late June, a threat actor named ShinyHunters leaked a CSV text file containing what they claim are 33 million phone numbers registered with the Authy service. Make sure to have the latest version of Authy installed on your device #cybersecurity #api #data #patched

Darcula, Chinese phishing platform, created 19,000 domains targeting 100+ countries. Priced at $250/month. Phishing as a service isn't new, but Darcula is unique. What sets Darcula apart is its technical sophistication. They employ tools like JavaScript, React, Docker, and Harbor typically used by application developers. Why is that important? Leads to dynamic updates to phishing websites, adding new features and anti-detection measures on-the-fly. They target everyone, postal services, telecom companies, financial organizations, government bodies, and utilities providers. Unlike typical attacks focused on the large enterprise, Darcula scams target consumers using tactics like package delivery scams via text messages. (I get at least 5/week). https://lnkd.in/e4p8K75v #Cybersecurity #PhishingAttacks #Darcula #SecurityMeasures

🚨Security Alert🚨 On January 17, 2024, the third-party support ticketing portal we use encountered unauthorized access. Potentially impacted data are limited to user emails and names/nicknames that contacted our customer support team. We want to assure you that this does not pose any threat to your digital assets now or in the future. Though we have not observed any spike in phishing activity as a result of this incident, in our commitment to full transparency, we have decided to alert you to phishing schemes targeting your recovery seed. What you should know: 1️⃣ Your Trezor wallet and assets remain secure 2️⃣ NEVER share your recovery seed with anyone. Remember, Trezor representatives will never prompt you to do so 3️⃣ Be cautious of phishing attempts or suspicious emails 4️⃣ Always confirm instructions directly on your Trezor device We understand the concerns that arise from situations like this and apologize for any inconvenience caused. Stay informed. Find out more on our blog: https://lnkd.in/demibmZi

Gautam Hazari explains the benefit of frictionless, secure auth that doesn't need 2FA. The best solution is the one that's been with us since 1991, silently providing secure, passwordless ID with true possession factor - the SIM.

Quishing on the rise: Watch out for QR Code Scams! 🚨 Quishing, or QR code phishing, tricks people into scanning a code on their phone. This code can lead to a fake website that might download harmful software or ask for personal info. Stay vigilant with these tips: 1. Don't scan QR codes from unknown sources.  2. Confirm trusted QR messages separately.  3. Spot phishing signs: urgency, emotions.  4. Check QR URLs for legitimacy (HTTPS, no misspellings).  5. Be cautious of requests for personal info or payments. For more details: https://lnkd.in/e9Re_Wm4 

Is the end nigh for SMS OTP? Evernote certainly thinks so. They say, ‘in the near future, we’ll stop supporting SMS two-factor authentication and are advising their millions of users to use Google Authenticator or an equivalent TOTP (Time-based One Time Passcode) app. We asked Mobile Identity guru and Sekura.id CTO, Gautam Hazari for his thoughts on this. “This is a good first step”, Gautam said, “but TOTP is still OTP: it is Time-based OTP, so, yes it is better than SMS OTP as it does not use SMS to deliver the OTP, so one of the attack vectors is eliminated (SMS), and it is time-based, being generated using a time-function HOTP (Hash-based Message Authentication Code or HMAC)” TOTP is still vulnerable for a phishing attack (the fraudster convinces the victim to share the TOTP within the active time window). The inconvenience factor is still there as the user has to open the TOTP app and then enter the code. Howard Steen, VP of Product at Sekura.id and someone who has experience producing one of the most popular TOTP apps, added that “One of the big challenges for these mobile Auth apps is they also rely on SMS OTP for registration”. Are Passkeys and biometrics the answer? Although more convenient, these only protect the account and that account is, you guessed it, still subject to the same attacks through 2FA methods. What should Evernote do as a better solution? “Easy”, says Gautam. “Use SAFr Auth: No vulnerability through SMS. Phishing attack mitigated. Man-in-the-middle attack mitigated. No need for the user to do any form of 2FA. Plus it uses the SIM for ultra-secure cryptography”. Reach out to the team (partners@sekura.id) and find out more about how SAFr Auth is providing the Internet’s missing Identity layer and making the world a SAFr place. Not to mention easier. #evernote #smsotp #totp #otp #phishing #fraudprevention

Hackers abused API to verify millions of Authy MFA phone numbers Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. Authy is a mobile app that generates multi-factor authentication codes at websites where you have MFA enabled.  In late June, a threat actor named ShinyHunters leaked a CSV text file containing what they claim are 33 million phone numbers registered with the Authy service. https://lnkd.in/dD3KR7Bc #cybersecurity #soc #mitreattack #hackers

🚨 New #Android Trojan Threat Detected! According to recent reports from threat detection company ThreatFabric, a powerful Android trojan called #Brokewell has been identified. This trojan not only steals sensitive user information but also grants attackers remote access to infected devices. Brokewell is particularly alarming as it possesses the capabilities of traditional mobile banking #malware, enabling attackers to intercept sensitive data. Moreover, it includes an accessibility logging feature, allowing it to record various device activities such as touches, swipes, text input, opened applications, and screen content. https://lnkd.in/dB_cA4GX #CyberSecurity #AndroidSecurity #ThreatAlert #AndroidTrojan #BankingMalware #SensitiveData 

New Darcula phishing service targets iPhone users via iMessage A new phishing-as-a-service (PhaaS) named ‘Darcula’ uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries. Darcula has been used against various services and organizations, from postal, financial, government, taxation departments, to telcos, airlines, utility, offering fraudsters over 200 templates to choose from. One thing that makes the service stand out is that it approaches the targets using the Rich Communication Services (RCS) protocol for Google Messages and iMessage instead of SMS for sending phishing messages.Darcula phishing service Darcula was first documented last summer by security researcher Oshri Kalfon but Netcraft analysts report that the platform has been becoming more popular on the cybercrime space, and was recently used in several high-profile cases. Abandoning SMS Darcula diverges from traditional SMS-based tactics and instead utilizes RCS (Android) and iMessage (iOS) to send victims messages with links to the phishing URL. The advantage from this is that the recipients are more likely to perceive the communication as legitimate, trusting the additional safeguards that aren’t available in SMS. Moreover, since RCS and iMessage support end-to-end encryption, it is impossible to intercept and block phishing messages based on their content. Netcraft comments that recent global legislation efforts aimed at curbing SMS-based cybercrime by blocking suspicious messages are likely pushing PhaaS platforms towards alternative protocols such as RCS and iMessage. However, these protocols come with their own sets of restrictions that cybercriminals have to overcome. Conclusion, users should protect SMS include URL so that it's sent from stranger Source: Bleepingcomputer

Remember, it's all about protecting people! Security researchers have dissected the Android banking trojan known as SpyNote. The trojan is typically spread via smishing, or SMS phishing, campaigns that trick the victims into installing the application by clicking the link in the text. What does that mean? It means that if you have an Android, receive one of these nefarious text messages and you click the link within, you're now a victim of this attack. The long and the short of it is that this trojan will record audio and phone calls, log keystrokes, and capture screenshots of the phone. What's more, it comes with "diehard" services that make it difficult to delete. How does this impact the victim? Recording audio and phone calls may be obvious. Everything you say will be recorded by the bad actors. What about logging keystrokes? This means that everything you type will be captured as well. How about screenshots? Everything that is pulled up on your screen can be captured by this virus. Think about the potential implications if pictures of you, a romantic partner, your children or your location are stolen. Cybersecurity is about protecting people! Be aware of scams, such as these nefarious text message schemes and the real-world risks that they pose. #cybersecurity #security #publicsafety https://lnkd.in/g22Rf67B