Twilio smished – SMS is the new achilles heel

Twilio was recently compromised after a couple of employees handed over their credentials to an attacker.  The unsuspecting employees were targeted by a Smishing attack in which they received a text message on their phone saying their passwords had expired and they needed to re-authenticate. A useful link was provided which took the employees to … Continue reading Twilio smished – SMS is the new achilles heel

Get rich in Europe for €250 (or lose it all and your personal data)

Group-IB have published a very well researched report on fake investment scams in Europe  The scam follows a well-established set of steps:1. The bogus come-on is published on social media.2. The victim is taken to a phony investment website.3. The victim enters personal information in a form on the scam site.4. A call center contacts … Continue reading Get rich in Europe for €250 (or lose it all and your personal data)

Verified Twitter accounts phished via hate speech!

Some interesting research from Malwarebytes Labs. The first was around verified Twitter accounts receiving direct messages apparently from Twitter which claimed their accounts had been flagged for hate speech. They would then be redirected to a fake Twitter help centre to input their login credentials.  The second was a Discord phishing campaign where people would recieve … Continue reading Verified Twitter accounts phished via hate speech!

Rolling Pwn lets you drive a Honda without the keys!

The Rolling Pwn vulnerability can be used against some keyless Honda's to unlock, start and drive off.  It allows you to eavesdrop on a remote key fob from about 100 feet away (which for my American friends is the distance from pitchers mount to the outfield grass).  On Twitter, @RobDrivesCars replicated the bug in a nice video … Continue reading Rolling Pwn lets you drive a Honda without the keys!