Tech News
Back to home
Technology

Google discovered a new scam—and also fell victim to it

Source

Ars Technica

Published

TL;DR

AI Generated

Google recently uncovered a scam targeting Salesforce customers where attackers posed as IT personnel to gain immediate access to accounts. Surprisingly, Google itself fell victim to a similar attack two months later. The hackers, driven by financial motives, exploit a simple method of calling targets and requesting access rather than exploiting software vulnerabilities. Notable companies affected by this campaign include Adidas, Qantas, Allianz Life, Cisco, and LVMH subsidiaries. The attackers manipulate a Salesforce feature allowing account linking to external apps, tricking employees into providing an eight-digit security code to access sensitive data.

Read Full Article

Similar Articles

Two UK teens charged in connection to Scattered Spider ransomware attacks

Two UK teens charged in connection to Scattered Spider ransomware attacks

UK teenager Thalha Jubair has been charged by federal prosecutors for his involvement in the Scattered Spider ransomware attacks on 47 US companies, resulting in over $115 million in ransom payments. The group demanded hefty ransoms from victims after breaching their networks and threatened to publish or sell confidential data. Another UK teen, Owen Flowers, was also charged in connection with a cyberattack on Transport for London. The recovery effort for the agency's public transit system lasted months due to the breach.

Ars Technica
Japan to subsidize undersea cable vessels over 'very serious' national security concerns — will front up to half the cost for $300 million vessels bought by NEC

Japan to subsidize undersea cable vessels over 'very serious' national security concerns — will front up to half the cost for $300 million vessels bought by NEC

Japan plans to subsidize NEC's purchase of cable-laying ships to bolster national security. The government is willing to cover up to half of the $300 million cost per vessel. NEC, a major player in undersea cables, currently leases ships but faces security risks due to reliance on charters. The move comes amid rising concerns over undersea cable attacks globally. NEC sees owning ships as a strategic advantage despite the financial commitment.

Tom's Hardware
Hacker ransomware groups announce retirement to enjoy their "golden parachutes" — no further attacks planned, future attributed activities will relate to undisclosed past breaches

Hacker ransomware groups announce retirement to enjoy their "golden parachutes" — no further attacks planned, future attributed activities will relate to undisclosed past breaches

Multiple ransomware groups, including the one behind the Jaguar Land Rover attack, have announced their retirement on BreachForums, citing fulfilled objectives and accumulated wealth. These groups, known for exploiting social engineering and authentication weaknesses, have decided to cease hacking activities, with future attributed actions related to undisclosed past breaches. While some members plan to continue improving systems, others will enjoy their amassed wealth. The post mentions IntelBroker, potentially referring to arrested hacker Kai Logan West, and suggests that incarcerated members may have been used as scapegoats. The veracity of these claims remains to be seen, but a reduction in ransomware activity in the future could validate their statements.

Tom's Hardware
U.S. places $11 million bounty on Ukrainian ransomware mastermind — Tymoshchuk allegedly stole $18 billion from large companies over 3 years

U.S. places $11 million bounty on Ukrainian ransomware mastermind — Tymoshchuk allegedly stole $18 billion from large companies over 3 years

The United States has placed an $11 million bounty on Volodymyr Tymoshchuk, a Ukrainian man accused of orchestrating ransomware attacks that stole a total of $18 billion over three years. Tymoshchuk allegedly masterminded the MegaCortex, LockerGoga, and Nefilim attacks, targeting American companies, health institutions, and foreign industrial firms. The attacks involved encrypting files and demanding ransom payments. If extradited and found guilty, Tymoshchuk could face life in prison for charges related to computer damage and threatening to disclose private information. The indictment also implicates Tymoshchuk's involvement with other cybercriminals, including his co-defendant Artem Stryzhak.

Tom's Hardware

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.