U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A sophisticated threat actor hit cryptocurrency exchange Coinbase

The Coinbase cryptocurrency exchange was the victim of a sophisticated cyberattack, experts believe is was targeted by Twilio hackers. A sophisticated threat actor launched a smishing campaign against the employees of the cryptocurrency exchange Coinbase. According to the company, on February 5, 2023, some of its employees received text messages requesting them to urgently log […]

coinbase

The Coinbase cryptocurrency exchange was the victim of a sophisticated cyberattack, experts believe is was targeted by Twilio hackers.

A sophisticated threat actor launched a smishing campaign against the employees of the cryptocurrency exchange Coinbase.

According to the company, on February 5, 2023, some of its employees received text messages requesting them to urgently log in to their accounts using an embedded link.

Most of the employees ignored the message, but the company revealed that one employee clicked the link and enters provided his credentials. Once “logging in”, the employee is prompted to disregard the message.  

Since Coinbase supports two-factor authentication (2FA) to protect the account of its employees, the threat actor was not able to access the account of this employee. However, after 20 minutes, the hackers called up the employee pretending to be from the corporate IT department and requested him to log into his workstation.

The employee followed the instructions provided by the attackers and logged into his workstation. The good news is that Coinbase’s security team detected suspicious activity and immediately alerted the targeted employee locking out the hacker.

The company’s CSIRT team immediately suspended all access for the targeted employee and launched an investigation into the attack.

“Fortunately no funds were taken and no customer information was accessed or viewed, but some limited contact information for our employees was taken, specifically employee names, e-mail addresses, and some phone numbers.” reads the statement published by the cryptocurrency exchange.

Coinbase pointed out that threat actors did access customer data and were not able to steal any funds.

Evidence collected by Coinbase revealed that the attack was likely conducted by the threat actor 0ktapus, which was behind the attacks against at least 130 other organizations, including Twilio and Cloudflare.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Smishing)