Tag: SMS

USD 110M Loan Portfolio at Risk Due to Vendor’s Apache Superset Insecure Default Initialization of Resource Vulnerability [CVE-2023-27524]
This article highlights a major security mishap where an unauthenticated Apache Superset dashboard belonging to a vendor of a significant financial institution was left exposed online, resulting in the leakage of sensitive financial data, including over USD 110 million in loans. CloudSEK’s SVigil discovered the vulnerability, preventing a potential multi-crore disaster by enabling swift corrective actions.…
Read More
The CyberDiplomat’s Daily Report
This report outlines various global cybersecurity incidents, including sophisticated spyware targeting Tibetan and Taiwanese communities, scrutiny over Bangladesh’s Cyber Security Act, a DDoS attack on Indonesia’s Tempo.co, and breaches in Australia’s superannuation sector. Other highlights include malware threats in various regions and ongoing efforts to enhance cybersecurity across nations.…
Read More
Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages
Summary: Lovable, a generative AI platform for creating web applications, has been identified as highly vulnerable to jailbreak attacks, enabling users to create fake credential harvesting pages effortlessly. This vulnerability is part of a broader trend where AI tools are misused in cybercrime, through methods like VibeScamming and Immersive World which facilitate the creation of convincing phishing campaigns.…
Read More
VibeScamming — From Prompt to Phish: Benchmarking Popular AI Agents’ Resistance to the Dark Side
This article discusses the dangers posed by generative AI in facilitating phishing scams, highlighting the results of the VibeScamming Benchmark v1.0. Guardio Labs evaluated how well popular AI platforms handle scam-related prompts, revealing significant vulnerabilities across different models. The findings urge AI developers to prioritize safety measures in their technologies to protect individuals from fraud.…
Read More
Summary: A cybercriminal group known as the Smishing Triad is intensifying smishing activities targeting consumers in the US and UK with fraudulent texts related to toll payment services. This campaign involves the use of deceptive messages that impersonate legitimate toll agencies, demanding payments for fictitious unpaid tolls and soliciting sensitive personal information.…
Read More
Privacy on Telegram: Fact or Fiction?
Telegram has rapidly grown into a major messaging platform, praised for speed and privacy features while facing serious challenges like controversies over its role in cybercrime and legal issues. Recent vulnerabilities and criminal activities exploiting its features raise questions about its safety and future. Affected: Telegram, cybersecurity sector, law enforcement

Keypoints :

Telegram was founded in 2013 and is headquartered in Dubai.…
Read More
Scattered Spider member pleads guilty to identity theft, wire fraud charges
Summary: A member of the Scattered Spider cybercrime group, Noah Michael Urban, has pleaded guilty to multiple charges related to cryptocurrency theft and identity fraud, risking up to 60 years in prison. The group is notorious for using SIM swapping tactics to bypass security measures and has been linked to significant financial losses, affecting various corporations.…
Read More
Malloc Privacy Weekly
This week’s edition of Malloc Privacy Weekly highlights significant cybersecurity threats including the misuse of free VPN apps owned by Chinese companies, a new phishing-as-a-service platform called Lucid, and various malware threats targeting Android devices. The report emphasizes the need for users to be aware of privacy risks and consider enhanced protective measures when using technology.…
Read More
E-ZPass toll payment texts return in massive phishing wave
Summary: A surge in phishing campaigns impersonating E-ZPass and other toll authorities aims to steal personal and credit card information through deceptive iMessages and SMS texts. The messages create urgency by warning recipients of impending fines and payment deadlines. Users are advised to avoid responding to these messages and to check balances directly through official toll authority websites instead.…
Read More
OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers
Summary: A novice cybercriminal named Coquettte has been utilizing a Russian bulletproof hosting provider, Proton66, to distribute malware via a fraudulent antivirus website. Investigations reveal that Coquettte is linked to various illicit activities, including the deployment of harmful payloads and selling guides for illegal substances. The findings suggest a broader connection to a hacking group called Horrid, indicating a network of amateur cybercriminals using Proton66’s infrastructure.…
Read More
Malloc Privacy Weekly
This week’s analysis highlights various cybersecurity threats, including the targeting of Serbian journalists with Pegasus spyware and the emergence of the Crocodilus mobile banking Trojan, which exploits accessibility services to steal sensitive data. Furthermore, significant privacy breaches have occurred across multiple platforms, including dating apps and financial services, raising alarm over user data security.…
Read More
Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices
Summary: Counterfeit smartphones have been found preloaded with a modified version of the Triada Android malware, affecting over 2,600 users primarily in Russia. This malware can steal sensitive information, control devices remotely, and has been distributed through compromised production processes. The ongoing threat from Triada highlights vulnerabilities in the hardware supply chain and the potential financial gain for attackers.…
Read More
Serial Entrepreneurs Raise M to Counter AI Deepfakes, Social Engineering
Summary: Adaptive Security, a startup combating deepfake social engineering and AI threats, has secured million in early-stage funding led by Andreessen Horowitz and the OpenAI Startup Fund. Founded by Brian Long and Andrew Jones, the company aims to develop a platform for simulating AI-generated attacks, enhancing employee training and real-time threat triaging.…
Read More
Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing
Summary: A new phishing-as-a-service platform, Lucid, has emerged, targeting 169 entities across 88 countries through advanced smishing techniques. Utilizing Apple iMessage and RCS, Lucid bypasses traditional anti-phishing measures, enabling significant increases in phishing success rates. This sophisticated model threatens financial security as it focuses primarily on harvesting credit card information and personally identifiable information (PII).…
Read More
New Android Banking Trojan Targets More Than 750 Financial and Crypto Apps
Summary: Cyble researchers have uncovered a new Android banking trojan called “TsarBot” that employs overlay attacks and targets over 750 applications, including banking and e-commerce apps. The malware can steal credentials, record screens, and execute on-device fraud by using Accessibility services. It spreads via phishing sites masquerading as legitimate token trading platforms.…
Read More