Month: August 2022

Home  ›  2022  ›  August
  • 11
  • Aug
Twilio Suffers Data Breach After Social engineering attack on employees
KYogesh Data Breach Comments Off on Twilio Suffers Data Breach After Social engineering attack on employees
Reading Time: < 1 minutes

Customer engagement platform Twilio on Monday, August 4, 2022 announced of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

The attack used SMS phishing messages looks like come from Twilio’s IT department, suggesting that the employees’ password had expired or that their schedule had changed, and advised the target to log in using a spoofed web address that the attacker controls.

Twilio said that the attackers sent these messages to look legitimate, including words such as “Okta” and “SSO,” referring to single sign-on, which many companies use to secure access to their internal apps.

Also they worked with U.S. carriers to stop the malicious messages, as well as registrars and hosting providers to shut down the malicious URLs used in the campaign.

The objective of social engineering attack is to influence, manipulate or trick users into releasing sensitive information or access within an organization.

Found this article interesting? Follow HackersIdentity on Facebook, Twitter and LinkedIn to read more exclusive content we post.

  • 03
  • Aug
Govt withdraws PDP- Data Protection Bill 2019 and will replace with more comprehensive framework
KYogesh Cyber Security Comments Off on Govt withdraws PDP- Data Protection Bill 2019 and will replace with more comprehensive framework
Reading Time: < 1 minutes
PDP bill 2019
PDP bill 2019

The Indian Govt on Wednesday 3rd Aug 2022 withdrew the long-awaited Personal Data Protection (PDP) Bill, 2019. Centre told the members of the Joint Parliamentary Committee that it will bring a set of new legislation for a comprehensive legal framework for the digital economy.

The withdrawn Bill had proposed restrictions on the use of personal data without the explicit consent of citizens. It had also sought to provide the government with powers to give exemptions to its probe agencies from the provisions of the Act. The bill was criticized by privacy experts as it was seen as being more in favor of the government rather than protecting privacy, which the Supreme Court held as a fundamental right in 2017.

Looking forward, this is also a great opportunity to look into certain key issues relating to lack of independence of data protection authority, restrictive cross border data flow and state exemption. The new framework should foster growth and innovation, help the start-up ecosystem and enable ease of doing business while ensuring that the data rights of citizens are at the heart of the legislation.

Found this article interesting? Follow HackersIdentity on Facebook, Twitter and LinkedIn to read more exclusive content we post.
Popular Contents
Up Coming Webinar
Archives

Our Visitor

0 0 3 5 1 8
Users Today : 0