Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Twilio. Show all posts
Twilio
Binance Cloudfare Data Breach Food Delivery Apps Twilio

DoorDash Data Breach Linked with Twilio Hackers

A data breach that exposed customer and staff information and was tied to the recent cyberattack on Twilio has been disclosed by the food delivery service DoorDash. 

According to DoorDash, hackers misused a vendor's access to its networks. By abusing DoorDash's internal tools, the hacker was able to access the data of a small fraction of people. 

Customers' names, email addresses, delivery addresses, and phone numbers are among the compromised data. In certain instances, basic order information and partial payment card information were also made public.

The attacker gained access to the name, phone number, or email address of Dashers—those who make deliveries. It's worth noting that an earlier data breach at DoorDash in 2019 resulted in the exposure of information on roughly 5 million consumers.

As per the spokesperson of DoorDash Justin Crowley, the unnamed third-party vendor provides services that require limited access to specific internal tools, but the vendor hack is connected to the phishing attempt that affected SMS and messaging giant Twilio on August 4.

Researchers connected these attacks to a larger phishing campaign carried out by the same hacker group known as "0ktapus," which since March has stolen nearly 10,000 employee login credentials from at least 130 businesses, including Twilio, internet companies, and outsourced customer service providers.

Twilio revealed this month that they were compromised after many employees fell for an SMS phishing scam that gave threat actors access to their internal systems. Hackers might access the data of 163 Twilio users with this access, and they could utilize that data in additional supply-chain assaults.

According to an updated Twilio security advisory, "so far, our research has identified 163 Twilio customers - out of a total customer base of over 270,000 - whose data was accessed without authorization for a limited period of time, and we have notified all of them."

Coinbase, KuCoin, Binance, Microsoft, Telus, Verizon Wireless, T-Mobile, AT&T, Sprint, Rogers, Mailgun, Slack, Box, SendGrid, Yahoo, Sykes, BestBuy, and Infosys are among the other organizations that have been attacked. None of these businesses, however, have stated if the attacks were effective.
Read more »
VPN
Bitcoin Cloudfare Data Breach Supply Chain Attack Twilio VPN

Over 130 Organizations Targeted in Okta Phishing Campaign

In a single phishing attempt, the hackers behind a number of recent attacks, such as those targeting Twilio, Cloudfare, MailChimp, and Klaviyo, infiltrated over 130 firms.

Through this phishing attack, 9,931 login credentials were stolen using a phishing kit with the codename "0ktapus," which the hackers then used to log into business networks and systems using VPNs and other remote access tools.

Because the primary intent of the assaults was to "get Okta identity credentials and two-factor authentication (2FA) codes from users of the targeted organizations," the conduct has been denounced by Group-IB.

The Singapore-based corporation said that the opponent sought out employees of businesses that use Okta, a provider of identity services, and praised the attacks for being well-planned and carried out. With the help of the identity-as-a-service (IDaaS) platform Okta, employees may access all of their company's software with just one login. 

The phrases "OKTA," "HELP," "VPN," and "SSO" were used in 169 different phishing domains that supported the 0ktapus campaign.  

In addition, customers who used these services, such as Signal, and DigitalOcean, became the target of supply-chain attacks as a result of these breaches.

The threat actors targeted businesses in a variety of areas, including bitcoin, technology, banking, and recruiting, based on the phishing domains built as part of this effort.

These login credentials were then utilized by the hackers to log into internal customer support systems, corporate networks, and VPNs in order to steal consumer data. As earlier witnessed with DigitalOcean and Signal, subsequent supply-chain hacks were carried out using this customer data.

The hacked information was disseminated over a Telegram channel via the phishing kit employed in this effort. One of the channel administrators who went by the handle "X" was connected by the experts to a Twitter and GitHub account, which suggests the person may be based in North Carolina, US.

Threat actors frequently targeted data belonging to organizations in the bitcoin industry, according to revelations from previous victims.

According to Group-IB, the hackers were able to steal 5,441 records with MFA codes, 3,129 data with emails, and 9,931 records with user credentials from 136 businesses, with the mass of the targeted businesses being based in the United States.



Read more »
User Privacy
Cyber Attacks Supply Chain Attack Third Party Attacks Twilio User Privacy

Third-party Attacks: Hacker's Exploit Software Networks

Third-party incursions are yet another reminder of how fast and widely supply-chain assaults may spread, as seen most recently at Twilio and Mailchimp.

All of these cases have one thing in common – they were service supply chain assaults, which are intrusions in which the attackers used access granted to third-party services as a backdoor into the target companies' critical core systems.

Hackers pay attention and return for more when an attack on one institution opens the door for prospective strikes on many more. Attacks involving phishing and social engineering are frequently used to acquire unauthorized access.

This amplification effect has led to an increase in attacks by third-party vendors. Hackers now have a way to reach more targets more reliably and successfully due to the level of access or data that is potentially exposed throughout the supply chain.

Companies are rapidly incorporating third-party apps into the fabric of their enterprise IT as digitalization and the rise in cloud-based, remote, or hybrid work progress to boost productivity and streamline business procedures. These linked apps increase productivity across the board, which is why they have gained so much attention recently. 

Twilio suffered a phishing assault that affected 125 customers, resulting in the exposure of 1,900 Signal users' phone numbers and verification credentials. DigitalOcean was one of 214 accounts impacted by the vulnerability of Mailchimp's internal tooling caused by social engineering assaults.

The firm wants to implement new technologies to increase automation and productivity, but security and IT teams are becoming more underfunded and overworked. Traditional third-party review procedures and security governance models are under pressure due to the quick expansion of new integrations between third-party cloud apps and core systems, which is overwhelming IT and security teams and ultimately leading to the creation of a new, expansive, largely unmonitored attack surface.

Similar supply chain attacks will inevitably continue to take place if these integrations spread without adequate comprehension and mitigation of the specific vulnerabilities they bring. In fact, 93% of businesses in 2021 had a cybersecurity compromise of some type as a result of unreliable third parties or weak supply chains. 




Read more »
User Privacy
API Data Breach Multi-factor authentication Twilio User Privacy

Hackers Breached Accounts of Twilio Users

According to data provided by Twilio, hackers were able to obtain information from "a limited number" of customer accounts through a breach including data theft of employee credentials.

On August 4th, a hacker sent SMS messages to Twilio employees asking them to change their passwords or informing them of a change in their schedule. Each message contained a URL that contained phrases like "Twilio," "SSO" (single sign-on), and "Okta," the brand of user authentication service that is employed by numerous businesses. Employees who clicked on the link were taken to a fake Twilio sign-in page, where hackers were able to capture the data they entered.

When the breach was discovered, Twilio worked with US phone providers to shut down the SMS system and also requested that web hosting companies remove the fake sign-in sites. Twilio reports that hackers were still able to switch to different hosting companies and cell carriers in order to continue their assault.

Facebook and Uber are two of the more than 150,000 businesses that use Twilio.

Laurelle Remzi, an official for Twilio, declined to reveal how many customers were impacted or what data the hackers got. According to Twilio's privacy statement, the data it gathers includes addresses, payment information, IP addresses, and, in certain situations, identification documentation. 

The hackers are skilled enough to switch between telco carriers and hosting providers using social engineering lures, according to Twilio, a dominant player in the enterprise communication API market with 26 offices across 17 countries. Twilio classified the situation as ongoing.

The company didn't specify whether the social engineering attacks were successful or whether any MFA (multi-factor authentication) hurdles were encountered by the attacker.

According to Twilio, its security team has terminated access to the hacked employee accounts in order to reduce the effect of the attack and has contacted a third-party forensics company to assist in the investigation.


Read more »
Twilio
GitHub Open Source Software Technology Twilio

Deadshot: A Tool That Marks Sensitive Content for Developers

Software code repositories might be hiding credentials, sensitive data, and other secrets of an organization without the knowledge of developers. If this information gets in the hands of cybercriminals, it could be an invaluable source for launching cyberattacks, say the cybersecurity experts at Twilio, who have released an open-source tool that alerts the developers if they accidentally attach any personal or sensitive data in their code before uploading it to a repository. 

Known as Deadshot, the tool overlooks real-time GitHub pull requests. It marks the possible addition of any sensitive information in any codes, and it varies to sensitive functionality. As per a senior product security engineer at Twilio, Laxman Eppalagudem, who worked on the project says it's not possible for an individual to manually monitor an entire codebase of an organization, hence, their team developed an automatic monitoring tool to search and mark sensitive data. 

Deploy and Forget 

The software will work as a "deploy and forget" tool, as Deadshot would work the entire codebase, it would alert project handlers if any sensitive data flows out of the organization. The safety teams can differentiate what the tool monitors and the alerts can be sent out using Jira Ticket or Slack. Leaky commits: The unintentional reveals of credentials and secrets to code repositories have always been a major problem, says senior product manager Yashvier Kosaraju. The software is aimed to remove the need to manually reviewing the entire codebase, pulling requests for sensitive data commits, which, we're all aware, don't scale. 

The software is designed in a manner so that it can only be installed on GitHub accounts by company admins. As per Twilio, it reduces the Rick of hackers exploiting Deadshot for malicious purposes. According to The Daily Swig, "GitHub already has security scanning capabilities, Blore noted. Developers could also use the open-source tool Gittyleaks to scan for API keys, passwords, and other sensitive data. Twilio is actively looking for feedback and feature requests from Deadshot users and the open-source community, Kosaraju said." Experts believe it is a good initiative to avoid ransomware attacks.

Read more »
Twilio
Codecov Supply-Chain cyber attack Twilio

Twilio Impacted by The Recent Codecov Supply-Chain Attack

 





Cloud Communications Company ‘Twilio’ has posted a blog on Tuesday and unfolded that its small number of users' emails have been penetrated by the Codecov supply chain attack by unidentified threat actors. 

As per some of last month's reports, the most simplified code coverage tool Codecov was a victim of a supply-chain attack that lasted for two months. Twilio said that the security of its users and products is the first priority but as of now, they are seeing this cyberattack as a piece of disturbing news for the organization and as well as for their customers. Additionally, they wanted to inform us briefly about the Codecov vulnerability that they have experienced and about the impact that it leftover on them, and lastly how they had managed it. 

"On April 22, 2021, we received a notification from GitHub.com that suspicious activity had been detected related to the Codecov event and a Twilio user token that had been exposed…”

"…GitHub.com had identified a set of GitHub repositories that had been cloned by the attacker in the time before we were notified by Codecov," as per the company.

In a recent post, Twilio disclosed that the firm uses Codecov code coverage tools, including the compromised Bash Uploader script, in a number of its projects. As soon as the company got to know about the incident and found out that some of its customers have been targeted, they reviewed their security measures while warning the impacted customers and rotating all "potentially exposed credentials and secrets." 

Additionally, the company concluded its blog post by saying that there are no signals of any other customer data been accessed or at risk. 

"This process ensures our technology supply chain always meets our standards for security. When we become aware of an incident or vulnerability within that supply chain, we move quickly to remediate the issue or remove the software from our environment," the post reads. 

Twilio has become the second known organization that has witnessed a security attack related to the supply chain attack involving Codecov. Cloud Cyber Security person HashiCorp had disclosed a breach publically on April 22. Interestingly, like Twilio, a key action that the company took was rotating attacked information.
Read more »
Subscribe to: Posts (Atom)