Twilio

August 28, 2020

Sendgrid Under Siege from Hacked Accounts

This post was originally published on this siteEmail service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime. Image: Wikipedia Many companies use Sendgrid to communicate with their customers via email, or else pay marketing firms to do that on their […]
April 27, 2022

Fighting Fake EDRs With ‘Credit Ratings’ for Police

This post was originally published on this siteWhen KrebsOnSecurity recently explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media firms and technology providers, many security experts called it a fundamentally unfixable problem. But don’t tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests — in part by assigning trustworthiness or “credit ratings” to law enforcement authorities worldwide. A sample Kodex dashboard. […]
August 30, 2022

How 1-Time Passcodes Became a Corporate Liability

This post was originally published on this sitePhishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. In mid-June 2022, a flood of SMS phishing messages began targeting employees at commercial staffing firms that provide […]