Tokenless

Cybersecurity

‘Hey mum, I dropped my phone down the toilet’: Investigating Hi Mum and Dad SMS Scams in the UK

‘Hey mum, I dropped my phone down the toilet’: Investigating Hi Mum and Dad SMS Scams in the UK

An empirical study of the 'hi mum and dad' SMS scam, a new interaction-based fraud technique. The research dissects the scam's lifecycle, from initial contact to financial exploitation, by analyzing scam messages, mobile network data, and mule accounts in collaboration with a UK mobile operator. Key findings reveal the psychological principles used, the abuse of mobile and financial infrastructure, and the underlying structure of scammer networks.

More is Less: Extra Features in Contactless Payments Break Security

More is Less: Extra Features in Contactless Payments Break Security

Tom Chothia and George Pavlides discuss how proprietary, uncoordinated features built on top of the core EMV specification by companies like Apple, Google, Square, Visa, and Mastercard lead to significant security vulnerabilities. They detail how these "black box" additions create subtle interactions and mismatches, enabling attacks that bypass authentication, allow high-value fraudulent offline transactions, and leave merchants vulnerable to significant financial loss.

Ethical Hacking in Action: Red Teaming, Pen Testing, & Cybersecurity

Ethical Hacking in Action: Red Teaming, Pen Testing, & Cybersecurity

Explore the core tasks of ethical hacking, from vulnerability scanning to red teaming. This guide covers engagement structure, hacker methodologies, key frameworks like MITRE ATT&CK, and the essential tools for cybersecurity professionals.

AI ransomware, hiring fraud and the end of Scattered Lapsus$ Hunters

AI ransomware, hiring fraud and the end of Scattered Lapsus$ Hunters

Experts from IBM X-Force discuss the alleged retirement of the Scattered Lapsus$ Hunters cybercrime gang, the ethics and implications of AI-powered ransomware, critical software supply chain vulnerabilities exposed by the recent npm hack, growing threats to Operational Technology (OT), and the emergence of AI-driven hiring fraud.

Vibe hacking, HexStrike AI and the latest scheme from Scattered Lapsus$ Hunters

Vibe hacking, HexStrike AI and the latest scheme from Scattered Lapsus$ Hunters

Experts discuss the weaponization of AI in cybercrime, from "vibe hacking" that lowers the barrier for attackers, to frameworks like HexStrike AI enabling AI agent armies. The conversation covers new extortion tactics and the evolution of malware like Remote Access Trojans (RATs).

Ask the Experts: Gen AI, Cybersecurity, & AI Agent Questions Answered

Ask the Experts: Gen AI, Cybersecurity, & AI Agent Questions Answered

Experts Martin Keen and Jeff Crume differentiate between Generative and Agentic AI, delve into the nature of AI hallucinations, and explore critical cybersecurity topics like the permanence of the dark web and the dangers of zero-click attacks.

← PreviousNext →