#simswap

BiyteLüm📵 Your phone number is your weakest link.Hackers use SIM swap attacks to steal your number, reset your accounts, and bypass 2FA. It happens more than you think.💡 Protect yourself: ✔ Remove your number from important accounts (email, banking) ✔ Use app-based 2FA (Aegis, YubiKey, OTP)—NEVER SMS ✔ Ask your carrier for a port-out PIN📌 Your phone number shouldn’t be your identity.<a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://mastodon.social/tags/SIMSwap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SIMSwap</a> <a href="https://mastodon.social/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Privacy</a>

The New OilHacker pleads guilty to <a href="https://mastodon.thenewoil.org/tags/SIMswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SIMswap</a> attack on <a href="https://mastodon.thenewoil.org/tags/US" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#US</a> <a href="https://mastodon.thenewoil.org/tags/SEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SEC</a> <a href="https://mastodon.thenewoil.org/tags/X" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#X</a> account<a href="https://www.bleepingcomputer.com/news/security/hacker-pleads-guilty-to-sim-swap-attack-on-us-sec-x-account/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/hacker-pleads-guilty-to-sim-swap-attack-on-us-sec-x-account/</a><a href="https://mastodon.thenewoil.org/tags/Twitter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Twitter</a> <a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.thenewoil.org/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a>

BrianKrebsFeds Charge Five Men in 'Scattered Spider' RoundupFederal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio.Two of the accused I've written about extensively already. Today's story looks at how several of these guys were caught. For example:"The phishing kits used for these campaigns featured a hidden Telegram instant message bot that forwarded any submitted credentials in real-time. In August 2022, multiple security firms gained access to the server that was receiving data from that Telegram bot, which on several occasions leaked the Telegram ID and handle of its developer, who used the nickname "Joeleoli."<a href="https://krebsonsecurity.com/2024/11/feds-charge-five-men-in-scattered-spider-roundup/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://krebsonsecurity.com/2024/11/feds-charge-five-men-in-scattered-spider-roundup/</a><a href="https://infosec.exchange/tags/scatteredspider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scatteredspider</a> <a href="https://infosec.exchange/tags/fbi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fbi</a> <a href="https://infosec.exchange/tags/simswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#simswap</a>

Droppie [loma] 🐨♀🌈🐧🦘Recently my mobile phone company was subsumed into another. Today i setup my new online account portal. Upon entry i scoured it for any sign of a way to create a security Q&A to prevent hacker SIM-swapping theft, but nah, nothing. So i initiated a Livechat & said that's what i wanna do, & voila tis now done. So in theory, from here on, any <code>Not Me Peep</code> wot impersonates me [poor deluded saps, sigh, but anyway] & contacts them to sim-swap, should be unable to proceed sans first answering my nonsensical Q with its random-words complex A.In theory. Well, that is my theory, which is mine, & nobody else's. Ahem. Ahhemmm hemmm hemmmmmmmmmmmm.No, the A is neither Ann Elk, nor Brontosaurus.<a href="https://loma.ml/search?tag=MobilePhone" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MobilePhone</a> <a href="https://loma.ml/search?tag=Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://loma.ml/search?tag=SIMswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SIMswap</a> <a href="https://loma.ml/search?tag=SIMswapping" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SIMswapping</a>

ChiefGyk3DWell this is disturbing, albeit not surprising. <a href="https://www.theregister.com/2024/05/07/ransomware_evolves_from_mere_extortion/?td=keepreading" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.theregister.com/2024/05/07/ransomware_evolves_from_mere_extortion/?td=keepreading</a><a href="https://social.chiefgyk3d.com/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://social.chiefgyk3d.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://social.chiefgyk3d.com/tags/SimSwap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SimSwap</a>

Avoid the Hack! :donor:T-Mobile Employees Across The Country Receive Cash Offers To Illegally Swap SIMsI still stand by this: if <a href="https://infosec.exchange/tags/sms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sms</a> <a href="https://infosec.exchange/tags/mfa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mfa</a> wasn’t still massively used (especially by the financial sector), sim swaps would be less attractive to sim swappers.It’s also crazy so much trust is placed in telecoms guarding your phone number and MFA factor for your bank. 🫨<a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/simswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#simswap</a><a href="https://tmo.report/2024/04/t-mobile-employees-across-the-country-receive-cash-offers-to-illegally-swap-sims/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://tmo.report/2024/04/t-mobile-employees-across-the-country-receive-cash-offers-to-illegally-swap-sims/</a>

Benjamin Carr, Ph.D. 👨🏻‍💻🧬<a href="https://hachyderm.io/tags/SIMswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SIMswap</a> hijacking <a href="https://hachyderm.io/tags/phone" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phone</a> numbers in <a href="https://hachyderm.io/tags/eSIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#eSIM</a> attacks Russian <a href="https://hachyderm.io/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> firm <a href="https://hachyderm.io/tags/FACCT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FACCT</a> reports that <a href="https://hachyderm.io/tags/SIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SIM</a> swappers in the country and worldwide have been taking advantage of this shift to eSIMs to hijack phone numbers and bypass protections to access bank accounts. Now, attackers breach a user's mobile account with stolen, brute-forced, or leaked credentials and initiate porting the victim's number to another device on their own. <a href="https://www.bleepingcomputer.com/news/security/sim-swappers-hijacking-phone-numbers-in-esim-attacks/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/sim-swappers-hijacking-phone-numbers-in-esim-attacks/</a>

Avoid the Hack! :donor:US insurance firms sound alarm after 66,000 individuals impacted by SIM swap attackWhat will it take to phase out SMS-based MFA? Even widespread implementation of TOTP (especially at financial or finance-adjacent organizations) will make SIM-swapping far less attractive…<a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://infosec.exchange/tags/simswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#simswap</a> <a href="https://www.bitdefender.com/blog/hotforsecurity/us-insurance-firms-sound-alarm-after-66-000-individuals-impacted-by-sim-swap-attack/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bitdefender.com/blog/hotforsecurity/us-insurance-firms-sound-alarm-after-66-000-individuals-impacted-by-sim-swap-attack/</a>

Graham CluleyUS insurance firms sound alarm after 66,000 individuals impacted by SIM swap attack.Read more in my article on the Bitdefender blog: <a href="https://www.bitdefender.com/blog/hotforsecurity/us-insurance-firms-sound-alarm-after-66-000-individuals-impacted-by-sim-swap-attack/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bitdefender.com/blog/hotforsecurity/us-insurance-firms-sound-alarm-after-66-000-individuals-impacted-by-sim-swap-attack/</a><a href="https://mastodon.green/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.green/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreach</a> <a href="https://mastodon.green/tags/insurance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#insurance</a> <a href="https://mastodon.green/tags/simswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#simswap</a>

dispatchSEC Twitter hack blamed on SIM swap attack <a href="https://www.bitdefender.com/blog/hotforsecurity/sec-twitter-hack-blamed-on-sim-swap-attack/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bitdefender.com/blog/hotforsecurity/sec-twitter-hack-blamed-on-sim-swap-attack/</a> <a href="https://ioc.exchange/tags/Guestblog" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Guestblog</a> <a href="https://ioc.exchange/tags/Twitter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Twitter</a> <a href="https://ioc.exchange/tags/simswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#simswap</a>

Graham CluleyThe SEC 'fesses up. Its Twitter account was hacked due to a SIM swap attack.Read more in my article on the Bitdefender blog:<a href="https://www.bitdefender.com/blog/hotforsecurity/sec-twitter-hack-blamed-on-sim-swap-attack/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bitdefender.com/blog/hotforsecurity/sec-twitter-hack-blamed-on-sim-swap-attack/</a><a href="https://mastodon.green/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.green/tags/simswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#simswap</a> <a href="https://mastodon.green/tags/sec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sec</a> <a href="https://mastodon.green/tags/twitter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#twitter</a> <a href="https://mastodon.green/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptocurrency</a>

Benjamin Carr, Ph.D. 👨🏻‍💻🧬<a href="https://hachyderm.io/tags/SEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SEC</a> confirms X account was hacked in <a href="https://hachyderm.io/tags/SIMswapping" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SIMswapping</a> attack "Two days after the incident, in consultation with the SEC's telecom carrier, the SEC determined that the unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent 'SIM swap' attack." In a <a href="https://hachyderm.io/tags/SIMswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SIMswap</a> attack, threat actors trick a victim's wireless carrier into porting a customer's phone number to a device under the attacker's control. <a href="https://www.bleepingcomputer.com/news/security/sec-confirms-x-account-was-hacked-in-sim-swapping-attack/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/sec-confirms-x-account-was-hacked-in-sim-swapping-attack/</a> <a href="https://hachyderm.io/tags/Bitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Bitcoin</a> <a href="https://hachyderm.io/tags/BitcoinETF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BitcoinETF</a>

Graham CluleyTwitter says, It’s not our fault the SEC’s account got hacked, and Investigation reveals SEC account did not have 2FA enabled. Wuh??<a href="https://grahamcluley.com/twitter-says-its-not-our-fault-the-secs-account-got-hacked/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://grahamcluley.com/twitter-says-its-not-our-fault-the-secs-account-got-hacked/</a><a href="https://mastodon.green/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.green/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://mastodon.green/tags/simswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#simswap</a> <a href="https://mastodon.green/tags/twitter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#twitter</a> <a href="https://mastodon.green/tags/sec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sec</a> <a href="https://mastodon.green/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptocurrency</a>

Avoid the Hack! :donor:<a href="https://infosec.exchange/tags/FCC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FCC</a> reminds mobile phone carriers they must do more to prevent SIM swapsThat's true and all, but maybe institutions and other service providers should move away from using SMS as <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a>/#2fa... it would help to make SIM swapping less attractive in the first place.(Not saying the telecoms are off the hook, but SMS for MFA has been subpar security practice for quite a while.)<a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/simswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#simswap</a><a href="https://therecord.media/fcc-sim-swapping-reminder-telecoms-consumer-protection" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://therecord.media/fcc-sim-swapping-reminder-telecoms-consumer-protection</a>

Avoid the Hack! :donor:FCC adopts new rules to protect consumers from SIM-swapping attacksFCC mandates wireless service providers adopt "secure methods" for authenticating a users before transferring out phone numbers.Services (financial sector, I am looking at you) should also do their part... make SIM-swapping even less attractive by moving to TOTP <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a> / <a href="https://infosec.exchange/tags/2fa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#2fa</a> or supporting hardware keys / <a href="https://infosec.exchange/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkeys</a><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://infosec.exchange/tags/opsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opsec</a> <a href="https://infosec.exchange/tags/simswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#simswap</a><a href="https://www.bleepingcomputer.com/news/security/fcc-adopts-new-rules-to-protect-consumers-from-sim-swapping-attacks/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/fcc-adopts-new-rules-to-protect-consumers-from-sim-swapping-attacks/</a>

Avoid the Hack! :donor:How SIM Swappers Straight-Up Rob T-Mobile StoresFrom <a href="https://mastodon.social/@404mediaco" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@404mediaco</a>Apparently this practice isn't common anymore, but these lengths goes to show how simswapping is... an issue.My opinion is if financial institutions didn't almost solely rely on MFA/2FA via SMS, simswapping in general wouldn't continue to be such an issue. Like come on - we have passkeys now. Watch the financial institutions take a decade to adopt them. :ablobcatgoogly:<a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/simswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#simswap</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://infosec.exchange/tags/tmobile" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tmobile</a><a href="https://www.404media.co/how-hackers-straight-up-steal-t-mobile-tablets-to-sim-swap/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.404media.co/how-hackers-straight-up-steal-t-mobile-tablets-to-sim-swap/</a>

Cory Doctorow<a href="https://mamot.fr/tags/5yrsago" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#5yrsago</a> Fraudsters offers thousands to low-waged telco employees for help with <a href="https://mamot.fr/tags/SIMSwap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SIMSwap</a> scams <a href="https://www.vice.com/en/article/3ky5a5/criminals-recruit-telecom-employees-sim-swapping-port-out-scam" rel="nofollow noopener noreferrer" target="_blank">https://www.vice.com/en/article/3ky5a5/criminals-recruit-telecom-employees-sim-swapping-port-out-scam</a><a href="https://mamot.fr/tags/5yrsago" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#5yrsago</a> Border <a href="https://mamot.fr/tags/FamilySeparation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FamilySeparation</a> isn’t “zero tolerance” – CBP looked for parents to charge so they could kidnap kids <a href="https://theintercept.com/2018/08/03/zero-tolerance-family-separations-trump-immigration-family-separation/" rel="nofollow noopener noreferrer" target="_blank">https://theintercept.com/2018/08/03/zero-tolerance-family-separations-trump-immigration-family-separation/</a>7/

Recent searches

Search options

Administered by:

Server stats: