Twilio employees were tricked into a phishing scam… and some customers were affected

Digital communication platform Twilio was hacked after a phishing campaign tricked its employees into revealing their login credentials (via TechCrunch). The company disclosed the data breach in a post on its blog, noting that only “a limited number” of customer accounts were affected by the attack. Twilio allows web services to send SMS messages and place voice calls over telephone networks and is used by companies including Uber, Twitter, and Airbnb.

The hack occurred on August 4th and involved a bad actor sending SMS messages to Twilio employees that asked them to reset their password or alerted them to a change in their schedule. Each message included a link with keywords, like “Twilio,” “SSO” (single sign-on), and “Okta,” the name of the user authentication service used by many companies. The link directed employees to a page that mimicked a real Twilio sign-in page, allowing hackers to collect the information employees inputted there.

After it became aware of the breach, Twilio worked with US phone carriers to shut down the SMS scheme and also had web hosting platforms take down the phony sign-in pages. Despite this, Twilio says that hackers managed to swap to new hosting providers and mobile carriers to continue their campaign.

“Based on these factors, we have reason to believe the threat actors are well-organized, sophisticated and methodical in their action,” Twilio adds. “Socially engineered attacks are — by their very nature — complex, advanced, and built to challenge even the most advanced defenses.”

Twilio’s working with law enforcement to find out who’s responsible for the campaign and says it also heard from companies that “were subject to similar attacks.” Twilio has since shut down access to the compromised employee accounts and will also alert any customers affected by the breach.

Social engineering is becoming an increasingly common tactic for hackers. Earlier this year, a report from Bloomberg revealed that both Apple and Meta shared data with hackers pretending to be law enforcement officials. Last year, a hacker tricked a Robinhood customer service representative into disclosing the information of over 7 million customers.

Repost: Original Source and Author Link

Tech News

Tesla’s Autopilot Can Be Easily Tricked, Engineers Find

Engineers at Consumer Reports (CR) said this week they were able to “easily” trick Tesla’s Autopilot system into thinking someone was in the driver’s seat, meaning the car could be driven without anyone behind the wheel.

CR engineers performed the demonstration on a private road using a Tesla Model Y vehicle. The non-profit consumer organization said it decided to conduct the test after hearing about Saturday’s fatal crash in Spring, Texas, involving a Tesla Model S that apparently had no one behind the wheel.

Tesla’s Autopilot system, and also its recently released premium Full Self-Driving (FSD) mode, are driver-assist systems and do not offer fully autonomous driving. Tesla cautions drivers to always stay vigilant when their vehicle is in either of these modes.

CR engineers took the Model Y on several trips across the organization’s half-mile test track. They found that despite having no one behind the wheel, the vehicle failed to send out a warning or indicate in any way that the driver’s seat was empty. The team said it took a number of simple steps to trick Autopilot, which included placing a small weighted chain on the steering wheel to simulate the weight of a driver’s hand.

“In our evaluation, the system not only failed to make sure the driver was paying attention, but it also couldn’t tell if there was a driver there at all,” said Jake Fisher, CR’s senior director of auto testing, who conducted the experiment.

Fisher added that he believed Tesla is “falling behind other automakers like GM and Ford that, on models with advanced driver assist systems, use technology to make sure the driver is looking at the road.”

Those systems use cameras to ensure someone is in the driver’s seat and monitoring the road ahead, while Tesla’s system uses a series of sensors designed to ensure, for example, that the driver has at least one hand on the wheel. If it fails to sense any hands on the wheel, Tesla’s system emits a series of audible warnings, which, if ignored, will result in the vehicle coming to a gradual halt. But a number of videos appearing on social media in recent years have, like CR’s test, shown that it’s possible to trick the system, enabling a Tesla to be driven without anyone behind the wheel.

On its website, Tesla tells its drivers to stay alert at all times, saying: “Current Autopilot features require active driver supervision and do not make the vehicle autonomous,” and also: “While using Autopilot, it is your responsibility to stay alert, keep your hands on the steering wheel at all times, and maintain control of your car.”

Model S crash

Two men aged 59 and 69 died in last weekend’s Model S crash in Texas when the vehicle hit a tree and burst into flames. One of the occupants was found in the front passenger seat and the other in a rear seat. Investigators are still looking into the cause of the crash to determine if the Model S was in Autopilot mode when it left the road. There’s also the possibility that one of the occupants was thrown, or moved, from the driver’s seat around the point of impact.

Responding to the crash, Tesla CEO Elon Musk tweeted that the vehicle data logs “recovered so far” showed that Autopilot was not enabled at the time of the accident, and that the car’s owner had not purchased FSD. Investigators are reportedly planning to serve search warrants on Tesla to obtain data from the crash.

California-based Tesla has been criticized in the past for the way it labels its driver-assist systems, which some have suggested could mislead drivers into thinking their Tesla is fully autonomous.

Editors’ Choice

Repost: Original Source and Author Link


Another Monster Hunter Nintendo Switch – this one’s tricked out in black, gray, and gold

Today we’re taking a peek at the newest Nintendo Switch with Monster Hunter special edition fittings. This is not the first time this console was released as a special edition for the Monster Hunter game series. The first version was released with special decorations for the game Monster Hunter XX, the first Monster Hunter game on Nintendo Switch. This new version was made for Monster Hunter Rise!

The new Monster Hunter Rise Nintendo Switch is decorated with markings in several colors – black, light gray, and gold! This version of the machine not only covers the front of the dock, but the controllers, and the backs of the controllers, and the back of the display, too.

Some special edition consoles emblazon said console with a single emblem, a tiny icon, or a simple re-coloring of elements. This one is wild. This one’s more like a tricked-out low-jacked classic vehicle with pinstripes and flames (so you know it’s going fast!) Now, if only they were allowed to go the extra mile, like Microsoft did with the Gears of War 4 Xbox One S! THAT was a custom console worthy of its name!

The only unfortunate part of this Nintendo Switch Monster Hunter package is the limited edition nature of its release. If you live in Japan or the UK, you might see this version of the Nintendo Switch in stores soon. The device will be cost approximately 38,400 yen in Japan, right around $370 USD (roughly), and you’ll get Monster Hunter Rise preinstalled on the console – with a code for extra downloadable content.

The old version had some light gray ink decorations for the first Monster Hunster XX. That Monster Hunter XX Nintendo Switch was released all the way back in June of the year 2017. Imagine being Nintendo, so well equipped to sell their devices that they’re able to release newly decorated versions year after year, while Microsoft and Sony aren’t able to keep store shelves stocked for more than a few minutes at a time.

Repost: Original Source and Author Link