Aside from alerting users regarding the phishing scheme, Ethereum also disclosed performing selective email service migration and other measures to curb similar attacks in the future.
Attackers were able to obtain Authy customers' phone numbers and other data via an unauthenticated endpoint, which has since been secured, but there has been no indication of breaches of Twilio's systems and sensitive data.
Aside from leveraging malvertising aimed at Microsoft Teams and OneNote, AnyDesk, Google Chrome, and other widely used software, attackers also sought to spread FakeBat via social networking-based social engineering tactics and fraudulent web browser updates.
Numerous widely used iOS and macOS apps could be compromised in supply chain attacks with a trio of vulnerabilities in the CocoaPods dependency manager, all of which have already been remediated in October, The Hacker News reports.
Hackread reports that outdated Zyxel network-attached storage devices are being subjected to intrusions by a Mirai-like botnet exploiting the critical Python code injection flaw, tracked as CVE-2024-29973.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.