Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
12 résultats taggé SMS  ✕
Police warn of SMS scams following prison sentence for criminal who conducted smishing campaign https://www.ukfinance.org.uk/news-and-insight/press-release/police-warn-sms-scams-following-prison-sentence-criminal-who
05/07/2025 11:30:24
QRCode
archive.org

A criminal has been sentenced at Inner London Crown Court to over a year in prison for operating a SMS Blaster to conduct a mass smishing campaign against victims with the intent to harvest their personal details to be used in fraud.

The sentencing follows an investigation and arrest by the Dedicated Card and Payment Crime Unit (DCPCU), a specialist banking industry sponsored police unit.

The conviction was achieved thanks to the officers from the DCPCU working with mobile network operators including BT, Virgin Media O2, VodafoneThree and Sky as well as the National Cyber Security Centre and Ofcom.

Between 22 and 27 March 2025 Ruichen Xiong, a student from China had installed an SMS Blaster in his vehicle to commit smishing fraud, targeting tens of thousands of potential victims.

Xiong drove around the Greater London area in a Black Honda CR-V. This vehicle was used to hold and transport an SMS Blaster around in the boot.

An SMS Blaster allows offenders to send fraudulent text messages to phones within the vicinity of the equipment and acts as an illegitimate phone mast to send messages. The blaster will draw mobile devices away from legitimate networks by appearing to have a stronger signal. By doing so, the criminal is then able to send a text message to the victim's phone.

The equipment was programmed to send out SMS messages to victims within a nearby radius of the blaster, designed to look like trustworthy messages from genuine organisations, such as government bodies, where the victim was encouraged to click a link. The link would subsequently take them to a malicious site that was designed to harvest their personal details.

ukfinance EN 2025 UK SMS-Blaster DCPCU SMS
Twilio denies breach following leak of alleged Steam 2FA codes https://www.bleepingcomputer.com/news/security/twilio-denies-breach-following-leak-of-alleged-steam-2fa-codes/
18/05/2025 12:16:51
QRCode
archive.org
thumbnail

Twilio has denied in a statement for BleepingComputer that it was breached after a threat actor claimed to be holding over 89 million Steam user records with one-time access codes.

The threat actor, using the alias Machine1337 (also known as EnergyWeaponsUser), advertised a trove of data allegedly pulled from Steam, offering to sell it for $5,000.

When examining the leaked files, which contained 3,000 records, BleepingComputer found historic SMS text messages with one-time passcodes for Steam, including the recipient's phone number.

Owned by Valve Corporation, Steam is the world's largest digital distribution platform for PC games, with over 120 million monthly active users.

Valve did not respond to our requests for a comment on the threat actor's claims.

Independent games journalist MellolwOnline1, who is also the creator of the SteamSentinels community group that monitors abuse and fraud in the Steam ecosystem, suggests that the incident is a supply-chain compromise involving Twilio.

MellowOnline1 pointed to technical evidence in the leaked data that indicates real-time SMS log entries from Twilio's backend systems, hypothesizing a compromised admin account or abuse of API keys.

bleepingcomputer EN 2025 Sale SMS Steam Supply-Chain Supply-Chain-Attack Third-Party-Data-Breach Twilio denied
SMS Pumping: How Criminals Turn Your Messaging Service into Their Cash Machine https://www.group-ib.com/blog/sms-pumping/
09/04/2025 09:32:49
QRCode
archive.org
  • A fraudster develops or uses an automated bot or low-skilled workforce to trigger actions such as fake account creation, OTP requests, or password resets. These bots or human bots mimic real user activity, often bypassing security measures through direct API calls.
  • These actions trigger SMS messages, which are sent to phone numbers controlled by the fraudster, creating inflated traffic.
  • The fraudster collaborates with a “rogue party,” often a corrupt telecom provider or intermediary with access to SMS routing infrastructure.
  • The rogue party intercepts the inflated SMS traffic, typically avoiding message delivery to reduce costs. Instead, they route the traffic to numbers they control.
  • The rogue party earns revenue by collecting funds from the inflated SMS traffic, benefiting from volume-based pricing or other arrangements.
group-ib EN 2025 SMS Pumping Messaging SMS-pumping
One Time Pwnage: SEAL Releases Advisory On SLOVENLY COMET https://www.securityalliance.org/news/2025-03-slovenly-comet
07/04/2025 06:41:17
QRCode
archive.org
thumbnail

A new threat actor is exploiting privileged access in the SMS supply chain to intercept OTP codes and other messages.

securityalliance EN 2025 SMS supply-chain Argentina OTP SLOVENLY-COMET
Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials https://www.sentinelone.com/labs/xeon-sender-sms-spam-shipping-multi-tool-targeting-saas-credentials/
24/08/2024 12:26:15
QRCode
archive.org
thumbnail

Cloud attack tool has been repurposed by multiple threat actors to push SMS spam and smishing campaigns through major SaaS providers.

sentinelone EN python script Cloud-attack-tool SMS spam SaaS Xeon-Sender
Exploiting the Cloud: How SMS Scammers are using Amazon, Google and IBM Cloud Services to Steal Customer Data https://www.enea.com/insights/exploiting-the-cloud-how-sms-scammers-are-using-amazon-google-and-ibm-cloud-services-to-steal-customer-data/
25/05/2024 22:06:37
QRCode
archive.org
thumbnail

Discover how SMS scammers are exploiting cloud storage to host scam websites with the intention of stealing sensitive information

enea EN 2024 SMS scammers IBM Cloud Services Amazon Google
Cybercriminalité : sept suspects identifiés pour du « phishing / hameçonnage » https://www.vd.ch/toutes-les-actualites/actualite/news/i-cybercriminalite-sept-suspects-identifies-pour-du-phishing-hameconnage
15/07/2023 13:38:32
QRCode
archive.org
thumbnail

Entre avril 2022 et juin 2023, une quarantaine de plaintes relatives à des cas de « phishing / hameçonnage », pour un montant de plus de 170'000…

vd CH FR 2023 Cybercriminalité SMS Smishing phishing suspects identifiés
Ghost in the network https://www.lighthousereports.com/investigation/ghost-in-the-network/
12/05/2023 08:27:57
QRCode
archive.org
thumbnail

Our investigation shows how Fink has built a surveillance apparatus that he has put at the disposal of governments and companies around the world – including Israel’s Rayzone Group, a top-tier cyber intelligence company. Fink’s set-up is capable of exploiting loopholes in mobile phone connection protocols to track the location of phone users and even redirect their SMS messages to crack internet accounts.

lighthousereports EN 2023 switzerland Fink surveillance SMS Telecoms
Ransomware cyberattack continues at Bluefield University https://www.databreaches.net/ransomware-cyberattack-continues-at-bluefield-university/
03/05/2023 13:04:42
QRCode
archive.org

There are new developments on the cybersecurity attack that has crippled internet services at Bluefield University. We’ve learned through “RamAlert” texts sent to students, faculty and staff that the cyber attackers are now directly communicating with everyone on the alert system. They have identified themselves as “AvosLocker” and are demanding payment in return for not leaking students’ private information. The FBI considers AvosLocker to be ransomware. In March 2022, they released an advisory on it. They said avoslocker has “Targeted victims across multiple critical infrastructure sectors in the U.S. Including…The financial services, critical manufacturing, and government facilities sectors.”

databreaches EN SMS AvosLocker ransomware US Education Bluefield University
Escroquerie aux SMS de l'Assurance maladie : les suspects volaient les numéros de téléphone depuis leur voiture https://www.francetvinfo.fr/faits-divers/escroquerie-aux-sms-de-l-assurance-maladie-les-suspects-volaient-les-numeros-de-telephone-depuis-leur-voiture_5665943.html
18/02/2023 18:09:46
QRCode
archive.org
thumbnail

Cinq hommes sont mis en examen, qui ont eu recours à un appareil utilisé habituellement par les services de renseignement pour voler les numéros des automobilistes voisins, a appris franceinfo samedi. 

francetvinfo FR 2023 SMS Smishing MSI-Catcher
DigitalOcean says customer email addresses were exposed after latest Mailchimp breach – TechCrunch https://techcrunch.com/2022/08/16/digitalocean-emails-mailchimp-breach/
17/08/2022 12:45:34
QRCode
archive.org
thumbnail

Cloud giant DigitalOcean says that some customers’ email addresses were exposed because of a recent “security incident” at email marketing company Mailchimp. In a scant blog post dated August 12, just two days after the company’s co-founder and long-time CEO Ben Chestnut stepped down, Mailchimp said a recent but undated attack saw threat actors targeting […]

techcrunch EN 2022 digitalocean mailchimp password phishing sms twilio
Multi-factor Authentication to Generate $27 Billion Globally for Mobile Operators in 2022, Juniper Research Study Finds https://www.businesswire.com/news/home/20220509005459/en/Juniper-Research-Multi-factor-Authentication-to-Generate-27-Billion-Globally-for-Mobile-Operators-in-2022-Juniper-Research-Study-Finds
17/05/2022 09:49:11
QRCode
archive.org
thumbnail

A new study by Juniper Research has found operators will generate $27 billion from the termination of SMS messages related to multi-factor authentication in 2022; an increase from $25 billion in 2021. The research predicts this 5% growth will be driven by increased pressure on digital service providers to offer secure authentication that reduces risk of data breaches and protects user identity. Multi-factor authentication combines multiple credentials to verify a user or transaction. This includes sending an SMS that contains a one‑time password or code to a user’s unique phone number.

businesswire Juniper EN 2022 Multi-factor MFA SMS Research Study Authentication Mobile
4521 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio