The hackers who hijacked 130 high-profile Twitter accounts as part of a cryptocurrency scam earlier this month used a telephone-based spear-phishing attack to obtain employee credentials, the social media company says.
The speed at which IoT is enabling innovation is far outpacing the ability of the security custodians to implement appropriate controls before these devices hit the market. That creates a classic target-rich environment for the bad guys - one that will require vigorous defense and oversight.
Federal prosecutors have filed a superseding indictment with additional charges against two former Twitter employees and a Saudi national who were originally charged in November. They're alleged to have gathered data on behalf of the Saudi Arabian government.
The latest edition of the ISMG Security Report analyzes the hacking of high-profile Twitter accounts. Also featured: Addressing security when offices reopen; the role of personal protective equipment, or PPE, in money laundering during the pandemic.
A Dutch lawmaker's Twitter account is among 36 that had some personal data compromised earlier this month when hackers targeted 130 verified accounts and launched a cryptocurrency scam. The politician told Reuters his direct messages were accessed.
An Iranian-backed hacking group appears to have accidentally left over 40 GB of training videos and other material exposed online, according to researchers at IBM, who found the unprotected server. The material includes videos describing attacks aimed at U.S. Navy and State Department personnel.
While the Wednesday hijacking of several high-profile and verified Twitter accounts appears to have been confined to a cryptocurrency scam, security experts are warning that the platform's security failures could lead to bigger attacks down the road.
Several prominent business executives and politicians, including Joe Biden, Elon Musk and Bill Gates, had their Twitter accounts hijacked in what appears to be a cryptocurrency scam, according to news reports. Some security experts believe that two-factor authentication protections failed.
Wells Fargo, the fourth largest bank in the U.S., has directed employees to remove the TikTok social media app from their company-issued devices, citing security concerns. The news comes after Amazon sent mixed signals to its employees about use of the social media app.
The latest edition of the ISMG Security Report discusses Europol's launch of the European Financial and Economic Crime Center, and also details the London Met's perspective on recent cybercrime trends, and to need to maintain a paper audit trail for mobile voting.
Nearly 10 months after Facebook and the FTC agreed to a record-setting $5 billion settlement over misuse of user data, a federal judge has finally signed off on the deal, while questioning the adequacy of laws governing major technology firms.
TikTok, a video-sharing service, has been delivering video and other media without TLS/SSL encryption, which means it may be possible for someone to tamper with content, researchers say. That could be especially damaging in the current pandemic environment, where misinformation and confusion abounds.
A recent disinformation campaign that apparently originated in Russia used forged U.S. diplomatic documents and social media to spread false stories in Eastern Europe and Asia, according to a new research report, which warns that these tactics could be used against the U.S. in the run-up to the fall election.