Search This Blog

Showing posts with label Twitter. Show all posts

Data Breach Targets Fast Company News

Fast Company's Apple News website currently displays a statement from the business confirming that it was hacked on Sunday afternoon, followed by another intrusion on Tuesday night that let threat actors to send bigoted notifications to smartphones via Apple News.

In a press release issued last night, the company claimed that "the statements are repulsive and are not by the contents and culture of Fast Company.  We have suspended FastCompany.com while we look into the matter and will not reopen it until it is resolved."

As soon as individuals on Twitter noticed the offensive Apple News notifications, the company disabled the Fast Company channel on the news network.

Data breach tactics

The website's webpage started to load up with articles headlined "Hacked by Vinny  Troia. [redacted] tongue my [redacted]. Thrax was here. " on Sunday afternoon, which was the first indication that Fast Company had been compromised.

In their ongoing dispute with security analyst Vinny Troia, members of the breached hacking group and the now-defunct RaidForums regularly deface websites and carry out attacks that they attribute to the researcher. Fast Company took the website offline for a while to address the defacement, but on Tuesday at around 8 PM EST, another attack occurred.

Hackers claim that after discovering that Fast Company was using WordPress for their website, they were able to compromise the company. The HTTP basic authentication which was supposed to have protected this WordPress installation was disregarded. The threat actor goes on to claim that they were able to enter the WordPress content management system by utilizing a relatively simple default password used on dozens of users.

Fast Company, according to the post, had a 'ridiculously easy' default password that was used on numerous accounts, including an admin account. The compromised account would have then been utilized by the threat actors to gain access to, among other things, authentication tokens and Apple News API credentials.

They assert that by using these tokens, they were able to set up administrator accounts on the CMS platforms, which were then used to send notifications to Apple News.

Threat actors gained access to an undefined number of customer names, birthdates, contact numbers, email, physical addresses, and personal documents, including license and passport numbers, through this same forum, which was at the center of the previous Optus breach. The hacker in question claims to have made 10,200 records available thus far. It's uncertain whether or when Apple News would reactivate the Fast Company channel.



Twitter Pranksters Halt GPT-3 Bot with Newly Discovered “Prompt Injection” Hack

 

On Thursday, a few Twitter users revealed how to hijack an automated tweet bot dedicated to remote jobs and powered by OpenAI's GPT-3 language model. They redirected the bot to repeat embarrassing and ridiculous phrases using a newly discovered technique known as a "prompt injection attack." 

Remoteli.io, a site that aggregates remote job opportunities, runs the bot. It describes itself as "an OpenAI-driven bot that helps you discover remote jobs that allow you to work from anywhere." Usually, it would respond to tweets directed at it with generic statements about the benefits of remote work. The bot was shut down late yesterday after the exploit went viral and hundreds of people tried it for themselves.

This latest breach occurred only four days after data researcher Riley Goodside unearthed the ability to prompt GPT-3 with "malicious inputs" that instruct the model to disregard its previous directions and do something else instead. The following day, AI researcher Simon Willison published an overview of the exploit on his blog, inventing the term "prompt injection" to define it.

The exploit is present any time anyone writes a piece of software that works by providing a hard-coded set of prompt instructions and then appends input provided by a user," Willison told Ars. "That's because the user can type Ignore previous instructions and (do this instead)."

An injection attack is not a novel concept. SQL injection, for example, has been recognised by security researchers to execute a harmful SQL statement when asking for user input if not protected against it. On the other hand, Willison expressed concern about preventing prompt injection attacks, writing, "I know how to beat XSS, SQL injection, and so many other exploits. I have no idea how to reliably beat prompt injection!"

The struggle in protection against prompt injection stems from the fact that mitigations for other types of injection attacks come from correcting syntax errors, as noted on Twitter by a researcher known as Glyph.

GPT-3 is a large language model developed by OpenAI and released in 2020 that can compose text in a variety of styles at a human-like level. It is a commercial product available through an API that can be integrated into third-party products such as bots, subject to OpenAI's approval. That means there could be many GPT-3-infused products on the market that are vulnerable to prompt injection.

"At this point I would be very surprised if there were any [GPT-3] bots that were NOT vulnerable to this in some way," Willison said.

However, unlike a SQL injection, a prompt injection is more likely to make the bot (or the company behind it) look foolish than to endanger data security. 

"The severity of the exploit varies. If the only person who will see the output of the tool is the person using it, then it likely doesn't matter. They might embarrass your company by sharing a screenshot, but it's not likely to cause harm beyond that." Willison explained.  

Nonetheless, prompt injection is an unsettling threat that is yet emerging and requires us to be vigilant, especially those developing GPT-3 bots because it may be exploited in unexpected ways in the future.

Whistleblower Charged Twitter for Cybersecurity Misconduct

As per a whistleblower complaint submitted to U.S. officials, Twitter's former head of security claimed that the firm deceived regulators about its inadequate cybersecurity defenses and its recklessness in seeking to filter out fake accounts that promote misinformation. 

Peiter Zatko, who managed security at Twitter before his dismissal at the beginning of the year, filed the allegations with the Department of Justice, the Federal Trade Commission, and the Securities and Exchange Commission last month. A revised version of the complaint published online by the Washington Post was authenticated by the legal group Whistleblower Aid, which is collaborating with Zatko.

While alarming for anyone using Twitter, the revelation could be especially problematic for individuals who use it to engage with constituents, disseminate information in times of crisis, and political dissidents and activists targeted by hackers or their own governments.

Prateek Waghre, policy director at the Internet Freedom Foundation, a digital rights NGO in India, said, "We tend to look at these businesses as enormous, well-resourced institutions who know how to operate — but you realize that a lot of their actions are ad hoc and reactionary, driven by crises." In essence, chewing gum or cello tape are frequently used to hold them together.

One of Zatko's most severe allegations is that Twitter broke the terms of a 2011 FTC settlement by misrepresenting the extent of its security and privacy protections for its users.

The claims in the case about India, stating that Twitter intentionally permitted the Indian government to hire its agents, giving them direct unsupervised access to the company's servers and user data, are very concerning. It also mentioned a recent incident in which a former Twitter employee was found guilty of providing private user information to Saudi Arabian royal family members in exchange for bribery.

Allegations by whistelblower

Setback and disgrace may be the results of privacy and security breaches, as was the case earlier this year when the Indiana State Police account was hacked. 

A Saudi humanitarian relief worker was given a 20-year prison sentence in October 2021 as a result of what the kingdom claims were the operation of an anonymous, satirical Twitter account. The men accused of spying for the kingdom while employed at Twitter may be related to this case.

Bethany Al-Haidari has been worried about Twitter's user privacy safeguards for years as an advocate for dissidents and others held in Saudi Arabia. 

"According to what we learn about how social media is utilized globally," said Al-Haidari, "a representative of the American human rights organization The Freedom Initiative. It is quite disturbing to me, because hackers or governments may leverage the alleged cybersecurity flaws at Twitter to obtain users' identities, private conversations, or other sensitive information."

The Chinese-Australian artist and activist Badiucao expressed concern about the whistleblower's claims, adding that many users give their phone numbers and email addresses to Twitter. Badiucao frequently publishes artwork that opposes the Chinese Communist Party. He warned that once your personal information is exposed, it might be exploited to track you down. Badiucao claimed that he frequently gets propaganda and death threats from what appears to be a botnet or spam. 

Twitter claims that the whistleblower alleges a lack of context and offers a false narrative about the business and its privacy and data security protocols. Twitter stated in response that "security and privacy have always been, and will continue to be company-wide priorities."

Despite the disturbing nature of the whistleblower's allegations, security experts say there is no justification for individual users to deactivate their accounts. 

Professor of communications at Syracuse University Jennifer Grygiel, who closely monitors Twitter, was alarmed by yet another security breach. On their last day of work in 2017, a Twitter customer service representative briefly canceled then-President Donald Trump's account. Grygiel claimed that although the account was swiftly restored, the incident demonstrated Twitter's vulnerability of being used by governments, heads of state, and military branches.

However, the administration must balance that risk against how crucial Twitter has become for informing the public about emergencies. Real-time information on fires, the resulting road closures, injuries, and retweets from other agencies alerting the public to threats like flash floods are all available on the department's Twitter feed.

Twitter 5.4 Million Users Data is Up For Sale For $30,000

 

A Vulnerability in Twitter’s databases that allowed hackers group access to the personal data of 5.4 million Twitter users, has been patched. The report analysis said that the stolen data is up for sale at a $30,000 price. 

On Friday Twitter reported that a team of researchers has found that a now-patched zero-day bug was used to link phone numbers and emails to user accounts on the social media platform. 

“This bug resulted from an update to our code in June 2021. When we learned about this, we immediately investigated and fixed it. At that time, we had no evidence to suggest someone had taken advantage of the vulnerability,” Twitter reported.

In January 2020, various cyber security news platforms published a story on Twitter’s vulnerability that allowed hackers and other malicious actors to access sensitive data including phone numbers and email addresses of millions of users, leaving it susceptible to being accessed by anyone. 

What's even more threatening is that the data details could be accessed even if a user had enabled privacy settings to hide these details publicly. 

"As a result of the vulnerability, if someone submitted an email address or phone number to Twitter's systems, Twitter's systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any," the company said in an advisory. 

When vulnerabilities in the system are not discovered by the software or hardware manufacturer remain, they remain a potentially hazardous threat. In most incidents, zero-day vulnerabilities are noticed by security experts like white-hat hackers, and security analysts inside tech companies. The essential thing to be noted about a zero-day is that there is no patch or update yet created for it, so long as it remains zero-day. 

Twitter said that the company has started notifying users affected by the attack and urging its users to turn on two-factor authentication to protect data against unauthorized logins. 

How Leaked Twitter API Keys Can be Used to Build a Bot Army

CloudSEK’s Attack Surface Monitoring Platform recently found a list of 3,207 mobile apps that are exposing Twitter API keys in the clear, some of the keys are being utilized to gain illegal commands on Twitter handles associated with them. 

CloudSEK reported that the takeover is made possible because of the leak of legitimate Consumer Key and Consumer Secret information Singapore-based cybersecurity firm.  

Additionally, cloudsek Attack Surface Monitoring Platform discovered that 3207 apps were leaking valid Consumer Key and Consumer Secret. 230 apps, some of which are unicorns, were leaking all 4 Auth Creds and can be used to fully take over their Twitter Accounts to perform critical/sensitive actions such as: 

• Read Direct Messages 
• Retweet 
• Like 
• Delete 
• Remove followers 
• Follow any account 
• Get account settings 
• Change display picture 

"Out of 3,207, 230 apps are leaking all four authentication credentials and can be used to fully take over their Twitter Accounts and can perform any critical/sensitive actions," the researchers said. 

To get access to the Twitter API, hackers have to generate secret keys and access tokens, which act as the usernames and passwords for the apps as well as the users on whose behalf the API requests will be made. Further, the researchers said, this can range from reading direct messages to carrying out arbitrary actions including retweeting, liking, and deleting tweets, removing followers, following any account, accessing account settings, and even changing the account profile picture. 

With access to this information, malicious actors can create a Twitter bot army that could compromise to spread misinformation on the social media platform. 

“The Twitter bot army that we will try to create can fight any war for you. But perhaps the most dangerous one is the misinformation war, on the internet, powered by bots. Time Berners-Lee, the founding father of the internet said that it is too easy for misinformation to propagate because most people get their news from a small set of social media sites and search engines that make money from people clicking on links. These sites’ algorithms often prioritize content based on what people are likely to engage with, which means fake news can “spread like wildfire”, CloudSEK reported.

Social Media Used to Target Victims of Investment Scams

Security researchers have discovered a huge investment scam effort that uses online and telephone channels to target victims across Europe. Since fake investment scams have been around for a while, people are familiar with them.

Over 10,000 malicious websites tailored for consumers in the UK, Belgium, the Netherlands, Germany, Poland, Portugal, Norway, Sweden, and the Czech Republic are included in the "gigantic network infrastructure" spotted by Group-IB.

The scammers work hard to promote the campaigns on numerous social media sites, or even compromise Facebook and YouTube to get in front of as many users as they can.

The firm's aim is to mislead consumers into believing they have the chance to invest in high-yield chances and persuade them to deposit a minimum of 250 EUR ($255) to join up for the phony services.

Scam operation

  • Posts promoting phony investment schemes on hacked social media accounts, such as Facebook and YouTube, are the first to entice victims.
  • Images of regional or international celebrities are frequently used to give the illusion that the scam is real.
  • The scammers then demand contact information. In a sophisticated social engineering scam, a 'customer agent' from a call center contacts the victim and offers the investment terms and conditions.
  • Eventually, the victim is persuaded to make a deposit of at least 250 EUR, and the information they provided on the false website is either saved and utilized in other attacks or sold on the dark web.
  • After the victim deposits the money, they are given access to a fictitious investment dashboard that claims to allow them to monitor daily earnings.
  • When the victim tries to use the site to withdraw funds but is first asked for final payment, the fraud is discovered.

Over 5000 of the 11,197 domains used in the campaign were still operational as of this writing.

It is advisable to check that an investment platform is from a reputable broker when it interests you. It may also be possible to spot the fraud by searching for user evaluations and looking for patterns in a large number of comments. 


Hacker Offers 5.4 million Twitter Account Details for $30,000

 

A threat actor acquired data from 5.4 million Twitter accounts by exploiting a now-patched vulnerability in the popular social networking site. Hacker is currently selling the stolen information on the prominent hacker site Breached Forums. 

In January, a Hacker report claimed the discovery of a vulnerability that may be used by an attacker to identify a Twitter account using the linked phone number/email, even if the user has elected to avoid this in the privacy settings. 

“The vulnerability allows any party without any authentication to obtain a Twitter ID(which is almost equal to getting the username of an account) of any user by submitting a phone number/email even though the user has prohibited this action in the privacy settings. The bug exists due to the process of authorization used in the Android Client of Twitter, specifically in the process of checking the duplication of a Twitter account,” reads the description in the report submitted by Zhirinovskiy via bug bounty platform HackerOne. 

“This is a serious threat, as people can not only find users who have restricted the ability to be found by email/phone number but an attacker with a basic knowledge of scripting/coding can enumerate a big chunk of the Twitter user base unavailable to enumeration prior (create a database with phone/email to username connections). Such bases can be sold to malicious parties for advertising purposes, or for the purposes of targeting celebrities in different malicious activities” Twitter acknowledged the vulnerability and rewarded Zhirinovskiy with a $5,040 prize. 

The website Restore Privacy uncovered the advertising for the massive data trove on Breached Forums. A hacker has published a database of 5.4 million Twitter users. 

Database of 5.4 million Twitter users

According to the seller, the database comprises data (email addresses and phone numbers) from people ranging from celebrities to businesses. The vendor additionally included a data sample in the form of a csv file. 

“A few hours after the post was made, the owner of Breach Forums verified the authenticity of the leak and also pointed out that it was extracted via the vulnerability from the HackerOne report above.” reads the post published by RestorePrivacy. 

“We downloaded the sample database for verification and analysis. It includes people from around the world, with public profile information as well as the Twitter user’s email or phone number used with the account.” 

The seller told RestorePrivacy that he is asking for at least $30,000 for the entire database.

Hacker Alert! British Army's YouTube and Twitter Accounts Hijacked

 


About the Crypto Scam

Threat actors hacked the Twitter and YouTube accounts of the British army. A malicious third party compromised the accounts last Sunday, when the users opened the British army accounts, they were redirected to cryptocurrency scams. 

The Minister of Defence (MoD) press office reported the incident around 7 PM on Twitter. The tweet said that the office is aware of the breach of the army's YouTube and Twitter accounts and an inquiry has been set up to look into the issue. 

It is a matter of utmost importance for the army when it comes to information security, says the MoD office, the army is currently trying to resolve the problem. It said to offer no further comments until the investigation is completed and the issue has been solved. 

However, after four hours, an update said that problem had been fixed, here is the official tweet.

What are the reports saying?

Although only YouTube and Twitter were written in the posts, other reports suggest that the Facebook account was also hijacked. The reports disclosed that the threat actors posted various promotional links to various crypto and NFT scams, these include phishing links to a fraud mint of The Possessed NFT collection. 

On YouTube, the threat actors modified the entire account to make it look like investment agency Ark Invest, they posted live stream videos that featured celebrities like Elon Musk and Jack Dorsey. 

What makes this attack unique?

This is a very classic crypto scam, the hackers used videos to promote QR codes for viewers to send their crypto money to, and the viewers were told that they'll get double the investment if they do so. The MoD has now taken down all the content that was rebranded by the hackers. 

"Just last week, high street bank Santander warned of a predicted 87% year-on-year increase in celebrity-endorsed cryptocurrency scams in the UK in 2022. It reported a 61% increase in the cases it dealt with between Q4 2021 and Q1 2022, with the average cost of these scams increasing 65% year-on-year in the first quarter to reach £11,872" says InfoSecurity.

MM.Finance, a DeFi platform, Had More Than $2 Million Stolen

 

In a Domain Name System (DNS) attack, hackers decided to retrieve $2 million worth of digital assets, as per MM.Finance. It is a DeFi ecosystem with the largest decentralized exchange on the Cronos blockchain. 

Hackers target the reliability or integrity of a network's DNS service in these attacks. The attacker could "inject a malicious contract address into the frontend code," as per the team behind MM.Finance, which bills itself as the world's largest decentralized finance ecosystem on the Cronos blockchain. "Attacker changed the network contract address in our hosted files via a DNS vulnerability." In a Medium post-mortem, the business claimed, "We understand that some of you have suffered considerable sums and are filled with anxieties and despair." 

After completing swaps or adding and deleting liquidity on the MM.Finance site starting on May 4, users lost money. "The malicious router kicked in and the LPs were withdrawn to the attacker's address when victims navigated to mm. finance to remove liquidity," the company revealed. MM.Finance has offered the attacker 48 hours to refund 90% of the stolen funds, warning that if the deadline is not met, it will notify the FBI. 

The attacker made off with more than $2 million in cryptocurrencies before laundering it all through Tornado Cash, a service that allows users to hide the source of their payments. The company is forming a compensation fund for anyone affected, and the platform's creators have stated that they will forego its part of trading revenue to pay the losses. The reward pool will be open for 45 days, with a procedure in place to reimburse individuals that participate. 

The company said it linked the seized assets to the OKX exchange in follow-up postings on Twitter, threatening to contact the FBI if the funds were not restored. OKX's CEO stated that the company is looking into the matter. According to DeFi Llama data, liquidity is still strong, with $804 million in total worth locked up (TVL).

Facebook, Instagram and Twitter Users from Russia have Noticed Malfunctions in their Work

 

According to Downdetector, a service for tracking problems in the work of Internet platforms, users from Russia began to complain en masse about the failures of Facebook, Instagram and Twitter. Problems in social networks began on February 25. Over 80% of users sent complaints about the functioning of the application, another 10% noticed that they could not log in to their profile, and 7% reported problems with the operation of social network sites. 

Recall that on February 25, Roskomnadzor (the Federal Service for Supervision of Communications, Information Technology, and Mass Media) partially restricted access to Facebook. On the same day, the Prosecutor General's Office recognized the social network involved in the violation of human rights and freedoms and citizens of Russia. 

On February 26, representatives of Russian media were banned from showing ads and monetization in the social network Facebook. The company took such a step because of the situation around Ukraine. At the same time, Twitter suspended advertising for Russians and Ukrainians, as well as temporarily stopped recommending tweets to avoid the spread of insulting materials. 

In addition, Roskomnadzor restored measures in the form of slowing the speed of Twitter Internet service on devices in Russia in connection with the dissemination of untrustworthy public information about the military operation in Ukraine. 

The agency recalled that since March 10, 2021, Roskomnadzor slowed down Twitter on mobile phones and fixed devices on the territory of the Russian Federation for refusal to delete information that is prohibited in the Russian Federation. On May 17, 2021, after the deletion of more than 91% of the prohibited information by Twitter's moderation services, the restrictions were lifted. 

Roskomnadzor noted that in this situation, the condition for lifting access restrictions "is the complete removal of Twitter of prohibited materials identified by Roskomnadzor, as well as the termination of participation in the information confrontation, distribution of fakes and calls for extremism". 

In the Russian segment of the Internet, you can now often find messages: "If anything, here is my Telegram account...». Since February 25, when Roskomnadzor announced the partial blocking of the Facebook network, almost every Russian user has considered it his duty to notify friends where to look for him now. 

Bloggers and media resources are increasingly posting on their pages posts with recommendations for installing a VPN and other measures to bypass blocking.

Malware Seller Faces Charges for Peddling WhatsApp Espionage Tools

 

The US Justice Department (DoJ) reported a Mexican businessman named Carlos Guerrero admitted guilt in federal court for peddling spyware/hacking tools to clients in the United States and Mexico.

Authorities accused Guerrero of facilitating the sale of monitoring and surveillance technologies to both Mexican government users and private customers for commercial and personal purposes. Guerrero "knowingly arranged" for a Mexican mayor to obtain access to a political rival's email and social media accounts, according to the investigators. Guerrero also utilized the technology to listen in on the phone calls of a rival from the United States who had been in Southern California and Mexico at the time. 

Guerrero is also suspected of assisting a Mexican mayor in gaining unlawful access to his rival's iCloud, Hotmail, as well as Twitter pages, according to the Department of Justice's news release. A sales representative's phone and email data were hacked in another case, so he had to pay $25,000 to regain the information. The accused also utilized the gadgets to listen more into his rival's phone calls in Mexico and South California. Guerrero's company, Elite by Carga, imported surveillance technology and espionage tools from unknown Israeli, Italian, and other companies. 

Guerrero operated as a broker for an undisclosed Italian business, referred to only as Company A in the accusation, which offered bugging devices and tracking tools between 2014 and 2015. The organization is thought to be Hacking Team, a bankrupt Milan-based maker of offensive infiltration tools which was also breached in 2015 and had leaked emails leaked online, including a cache of Guerrero-related messages. 

Pegasus, strong mobile spyware created by Israeli corporation NSO Group which can acquire near-complete permissions on a target's smartphone, is among the most prominent and reported keylogging software used in Mexico. Over the last two decades, Mexico has spent $61 million on contracts, primarily targeting journalists, activists, and human rights defenders. According to a leaked list of phone numbers suspected to be NSO surveillance targets, Mexico has the most targets — around 700 phones — of any country on the list, which NSO has consistently denied.

Guerrero's information director Daniel Moreno, who is often mentioned in the hacking team's emails, is scheduled to file a similar pleading in the coming weeks.

NASA Director Parimal Kopardekar Twitter Handle hacked

 

The Powerful Greek Army group has compromised the Twitter handle of NASA Director Parimal Kopardekar. A spokesperson from the organization said that they reached out to the group who hacked the handle to inquire as to why they targeted the director of NASA, the attackers denied any political motivation to be there behind the attack, saying that the security incident was merely for 'fun'. As per the attackers, Kopardekar was chosen on the basis of his 'professional association' with NASA. 

The director asked the group that how did they hack the handle and the group explained that they detected an exploit that allows them to take over Twitter accounts. They further told that they are hacking for fun to demonstrate that “that nobody is safe online.” 

After getting in touch with the hacker group, Paganini reported that the group had no intention of doing anything malicious with the NASA director’s handle and it could be concluded that it was merely an experiment to test security flaws.

In April 2020, the Powerful Greek Army group breached the Twitter handle of the vice-speakers of the Greek Parliament and KINAL MP, Odysseas Konstantinopoulosening. 

“Government we have warned you. Do not lie to your own people again” states one of the messages published by the compromised account, while in another message he posted, he said: “To clarify something. We do NOT have an issue with this one, with the one with whom we have a big issue is the government and its moves. Friendship”. 

The list of victims who have been attacked includes the Nigerian Ministry of Foreign Affairs and Ministry of Finance, Bank of Nigeria, Ministry of Defence Of Azerbaijan, and The National Bank of North Macedonia.

Parimal Kopardekar holds a senior position at NASA as the Air Transportation Systems and is a principal investigator for the Unmanned Aircraft Systems Traffic Management project at the NASA Ames Research Centre. 

Scammers are Using Twitter Bots for PayPal and Venmo Scams

 

Internet scammers are using Twitter bots to trick users into making PayPal and Venmo payments to accounts under their possession. Venmo and PayPal are the popular online payment services for users to pay for things such as charity donations or for goods such as the resale of event tickets. This latest campaign, however, is a stark warning against making or revealing any sort of transaction on a public platform.

How fraudsters operate? 

The fraud campaign begins when a well-meaning friend asks the person in need for a specific money transferring account — PayPal or Venmo. Then the Twitter bot springs into action, presumably identifying these tweets via a search for keywords such as ‘PayPal’ or ‘Venmo’.

Twitter bot impersonates the original poster by scraping the profile picture and adopting a similar username within minutes in order to substitute their own payment account for that of the person who really deserves the money. 

Twitter user ‘Skye’ (@stimmyskye) posted a screenshot online detailing how she was targeted by a Twitter bot. Skye noted that the bot blocks the account that it is mimicking, and scraps the whole profile. 

“Because you’re blocked, you’ll see that there’s one reply to that question but the reply tweet won’t show up. If you see a ghost reply to a comment like that, it’s almost always a scam bot. They delete as fast as they clone your account. You won’t even know it happened,” Skye wrote.

“They will delete the reply tweet, but the account itself will usually not be deleted, just change the username. So, the accounts are usually not brand new, they even have followers. You need to check closely,” she warned. 

“Given that the mechanism is automated, I’m willing to bet that the attack is fairly successful. A Twitter user would need to pay close attention to what is going on in order to notice what’s happened. Don’t publicly link to your PayPal (or similar) account – deal with payments via direct message instead. By doing this, the scam bot won't be triggered, and wouldn't be able to show up in the same chain of direct messages even if it was,” Andy Patel, researcher with F-Secure’s Artificial Intelligence Center of Excellence, advised users.

Child Tweets Gibberish from US Nuclear Agency Account

 

An unintelligible tweet sent out from the official account of U.S. Strategic Command in charge of the nation’s nuclear arsenal last weekend had left many in shock. Some jokingly said the cryptic tweet, “;l;;gmlxzssaw,” was a US nuclear launch code and some even thought it was a message to political conspiracists.

Now the US strategic command has revealed that it was a young member of the account’s social media manager who accidentally tweeted from the official account, which was then deleted within minutes. Many people saw this tweet as an attack on the country’s nuclear arsenal including Mikael Thalen, a journalist with the Daily Dot. He decided to file a Freedom of Information Act (FOIA) request to get answers. 

“Filed a FOIA request with U.S. Strategic Command to see if I could learn anything about their gibberish tweet yesterday. Turns out their Twitter manager left his computer unattended, resulting in his ‘very young child’ commandeering the keyboard,” Thalen wrote on his Twitter account. 

“The command’s Twitter manager…momentarily left the command’s Twitter account open and unattended. His very young child took advantage of the situation and started playing with the keys and unfortunately, and unknowingly, posted the tweet. Absolutely nothing nefarious occurred, i.e., no hacking of our Twitter account. The post was discovered and notice to delete it occurred telephonically,” U.S. Strategic Command responded. 

According to a report published by Kaspersky security researchers, remote workers can be more vulnerable to outside attacks, which was proved in this instance. “Lockdown has been a stressful time for everyone…without additional support from young employers, young people and caregivers could continue to deviate further from pre-set and learned IT security rules, exposing their companies to further increased security risk,” Margaret Cunnigham, principal researcher at Facepoint stated.

Cybercrimial are Using Twitter as a Doorway to Target Indonesian Banks

 

Group-IB, a global threat hunting firm, has discovered traces of an ongoing phishing campaign targeting Indonesia’s largest banks that cybercriminals manage on Twitter with the ultimate goal of stealing bank customers’ money. To lure the victims into their trap, attackers pose as bank representatives or customer support team members on Twitter. 

Threat actor started this phishing campaign in January and since then it has grown by leaps and bounds. Currently, 1,600 fake Twitter accounts are impersonating banks as compared to 600 in January. Security researchers have discovered evidence of at least seven prominent Indonesian banks that have been targeted under this campaign.

Over two million Indonesian bank customers are affected due to this phishing campaign, specifically, those who are active on the legitimate bank handles on Twitter. This fraudulent scheme was on the radar of Group-IB’s team since December 2020. Back then, only limited cases of this type of fraud were detected, but over the past three months, it expanded tremendously – from 600 fake Twitter accounts to 1,600.

The methodology used by cybercriminals 

Cybercriminals identify their targets after a bank customer asks a question or leaves feedback on the bank’s official page. They are then promptly contacted by scammers, who use fake Twitter accounts with a profile photo, header, and description that impersonates those of the real ones.

The next step is to engage the victims in a conversation via Telegram or WhatsApp. Then, the scammers send a link to the victims asking them to log in there for solving their problem through a complaint. The links lead to a phishing website identical to the official website of the bank, where victims leave their online banking credentials, which include username, email, and password.

“The case with the Indonesian banks shows that scammers have managed to solve one of the major challenges of any attack – the issue of trapping victims into their scheme. Instead of trying to trick their potential victims into some third-party website, cybercriminals came to the honey hole themselves. The campaign is consistent with a continuous trend toward the multistage scams, which helps fraudsters lull their victims,” Ilia Rozhnov, Group-IB head of Digital Risk Protection in APAC, stated.

Twitter Ads used by Scammers to Promote Fake Cryptocurrency

 

One must pay attention to all Twitter advertisements that propagate all kinds of the falsified cryptocurrency scam. Tweeters can "promote" an existing tweet in order to promote their own services and information, by showing it to other followers or users on Twitter. The scammers' report on Twitter checked accounts supporting bogus cryptocurrency scams. The scams are allegedly made under the name of these well-known individuals or companies such as Elon Musk's Tesla, Gemini Exchange, Chamath Palihapitiya, and Social Capital. The threat actors have indeed been unbelievably successful with a round of attacks raising over $580,000 in a single week. 

If anyone receives messages from Tesla, Elon Musk, Gemini exchange, Palihapitiya Chamath, Social Capital, or other famous cryptocurrency donations – individuals or companies, they must go as far as they can from such types of posts, because the handles are compromised, and they are scammed. 

Since these scams continue to produce revenue by plundering thousands of dollars via the promotion of Bitcoin, the threat actors are also beginning to threaten other recent prominent cryptocurrencies, including Dogecoin. Dogecoin is the cryptocurrency of Billy Markus and Jackson Palmer, software engineers, who wanted to build an immediate, enjoyable, and conventional banking fees-free payment system. Dogecoin has as its emblem and its name as the face of Shiba Inu dog from the "Doge" memes. 

Twitter users are able to "promote" an ongoing tweet by paying for it being displayed to many other users in their Twitter feeds to advertise its services and content. Security researchers such as Zseano, Jake, and MalwareHunterTeam have found a new technique that crypto-currency fraudsters use, i.e. via tweets on Twitter. 

The technique comprises of the splitting up of URLs so as not to differentiate them by the Twitter algorithms of advertising for fraud. This then brings users to fakes landing pages which have been the social capital; exchanges between Tesla and Gemini, etc. and leads the user to additional real websites with the topics of Tesla or Elon Musk and an address with a Bitcoin, Dogecoin, or Ethereum. Besides, users can send coins to the address and they will actually increase the sum in return. 

Based on some of those scams, a total of $39,628.06 so far has been raised through the use of Bitcoin and Ethereum addresses. Unfortunately, several more cryptocurrency addresses are currently used by scammers, so the created sum is significantly greater. It doesn't mean that it is secure, only because the crypto app is in the app store. Recently, a Trezor-named application has been uploaded to the Apple store. Later, it was discovered to be a scam and the software has been used for phishing passwords and private keys.

Russian authorities slow access to Twitter over banned content

The Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor)  accused Twitter of numerous violations and failure to remove prohibited information. On March 10, the work of the social network in Russia began to slow down.

Russian parliamentarians supported Roskomnadzor's decision to slow down Twitter.

Earlier, the press service of the department said that they would reduce the speed of the social network on all mobile devices. This decision is due to the reluctance of the Twitter administration to block illegal content, including calls to suicide, child pornography and information about drugs. Roskomnadzor did not rule out a complete blocking of the service if nothing changes.

The Kremlin considered Roskomnadzor's claims to the social network justified and called on the company to comply with the requirements of Russian legislation.

According to the deputy of the State Duma Anton Gorelkin, the state has no other tools left to influence the violator, except for tough measures.

"It is impossible to ignore the fact that Twitter acts in Russia as an instrument of political manipulation of public opinion, blocks the Russian media. At the same time, it continues to earn money in our country," he wrote in his Telegram channel.

The parliamentarian explained that slowing down the service is a way to affect the company's commercial profit, which it prioritizes. Gorelkin expressed hope that the new measures will be more effective than "modest Russian fines."

Head of the State Duma Committee on Information Policy Alexander Khinshtein called the actions of the department adequate. According to him, "it is impossible to look further and put up" with Twitter's policy.

Senator Alexander Bashkin believes that the decision of Roskomnadzor will serve as a "sobering shower" for other social networks that do not comply with the requirements of Russian legislation. In his opinion, Twitter has long been "a weapon that is used not only against Russia but also against freedom of speech, information and democratic foundations."

The first deputy chairman of the Committee of the Federation Council on International Affairs Vladimir Dzhabarov warned that other platforms in the event of serious violations may face retaliatory measures - up to the closure.

Earlier, E Hacking News reported that, according to  the Russian Foreign Ministry, Maria Zakharova, Western Internet giants (such as Facebook, Twitter, and Google) "operate in our environment, but at the same time they often do not obey any Russian laws."

Recall,  Twitch, Twitter, Facebook, YouTube and Instagram previously blocked Trump's accounts for various periods of time due to his statements about the riots in Washington on January 6.


Bitcoin Scammers Tricked People by Using Elon Musk’s Name

 

Security researcher MalwareHunter team exposed a cryptocurrency scam through which scammers were targeting the users on Twitter, this scam was running in the name of TESLA CEO Elon Musk. Scammers were tricking people by hacking verified Twitter accounts and swapping the name to ‘Elon Musk’ and responding to the tweets of real Elon Musk.

The scammers were successful in tricking the users on Twitter by requesting them to send cryptocurrencies in exchange for collecting a huge amount later. The threat actors have managed to earn $587,000 in bitcoin through a scam promoting fake Elon Musk cryptocurrency giveaway.

MalwareHunter team stated that scammers hacked the inoperative accounts, “big % but not all. At least 2-3 was active within a few weeks to few days, of those one looked possible the last activities were not from the original owner but of course couldn’t verify”. This is not the first time that scammers have tricked Twitter users in the name of Elon Musk giveaway, in 2018 scammers successfully managed to earn $180,000 by running an Elon Musk giveaway promotion. 

Cybersecurity organization Adaptiv assembled the data in June 2020 which showed that Bitcoin scammers have managed to earn nearly $2million over a period of two months and no surprise, scammers have used the name of Elon Musk. Elon Musk gave concerning remarks on these scams in February 2020 by stating “the crypto scam level on Twitter is reaching new levels, this is not cool”.

Threat actors targeted the verified Twitter accounts and took advantage of Twitter’s new protocol as Twitter shut down the feature to verify an account in July due to the company was targeted by the scammers in a major cryptocurrency scam.

Ransomware Attack Takes Down Massive Food-Supply Chain Providing Distribution of Temperature-Sensitive COVID-19 Vaccines

 

A company whose cold-storage capacities are extremely integral to the U.S. food-supply chain and the Coronavirus vaccine distribution affirmed an operation affecting cyberattack, as per a filing with the Securities and Exchange Commission (SEC). 

Americold is by far the largest cold-storage provider in the U.S. what's more, it operates 183 temperature-controlled warehouses globally, incorporating Argentina, Australia, Canada, and New Zealand; and just got hold of a similar company in Europe. 

For 'an idea of scale’, it holds the agreement for linking the ConAgra food-producing giant to supermarkets and customers. 

The attack appears all the earmarks of being a ransomware episode that began on Nov. 16 and even influenced the organization's phone systems, email, inventory management, and request satisfaction, as indicated by reports on Twitter. 

The filing with the SEC was brief and read that: “As a precautionary measure, the company took immediate steps to help contain the incident and implemented business continuity plans, where appropriate, to continue ongoing operations… Security, in all its forms, remains a top priority at Americold, and the company will continue to seek to take all appropriate measures to further safeguard the integrity of its information technology infrastructure, data and customer information.” 

The attack is probably going to be 'highly targeted' and 'very thought of', as per researchers. 

Chloé Messdaghi, Vice President of strategy at Point3 Security, said by means of email, “Human-operated ransomware attacks begin with trojans or other exploits against unsophisticated vectors. Once a way in is found, malware is planted and privileges are elevated. These attacks often exfiltrate data before encrypting files and the attacks are drawn out, with months of potential compromise adding to the potential harms that can result.” 

She added, “That’s why these types of attacks4 pose a greater threat than automated attacks such as WannaCry or NotPetya – they’re intentional and secretive.” 

Fundamentally, Americold has likewise been in conversion with providing storage and transport to the distribution of temperature-sensitive Coronavirus vaccines, as indicated by reports. 

Andrea Carcano, a fellow benefactor of Nozomi Networks, said through email, “The attack against Americold highlights a concerning trend of attackers targeting larger and more critical organizations, these threats should be a wake-up call for security professionals responsible for keeping not only IT, but operational technology (OT) and internet of things (IoT) networks safe. In the manufacturing business, time is money, so the disruption of IT services as well as manufacturing downtime and shipment delays, translates to lost revenue.”

Google Drive Notifications Used to Send Malicious Links to Hundreds of Thousands of Users

 

Cybercriminals have now resorted to utilizing a legitimate Google Drive collaboration feature to trick users into clicking on pernicious links. 

As per recent reports the attacks have been originated from Google Drive's collaboration feature, which enables users to make push notifications or emails that invite people to share a Google doc. Attackers are mishandling this feature to send mobile users Google Drive notifications, inviting them to collaborate on documents, which at that point contained 'malicious links'. 

Since they are sent through Google Drive, the notifications originate from Google's no-reply email address, causing them to appear more legitimate. Different cycles of the attacks are sent using email (rather than by notifications) and incorporate the malignant link directly in the email. The Google Drive notifications accompany various lures. 

Many imply to be "personal notifications" from Google Drive, with one lure named "Personal Notification No 8482" telling the victim they haven't signed into their account for some time. These undermine that the account will be deleted in 24 hours except if they sign in using a (malicious) link. Another, named "Personal Notification No 0684," tells users they have an "important notice" of a financial transaction that they can see for their own in their account, using a link. 

The attack has focused on countless Google users, as per WIRED. The report said that the notifications are being sent in Russian or broken English. 

These links take victims to malevolent scam websites. WIRED detailed that one such site flooded users with notifications to click on links for "prize draws," while different sites mentioned that victims click on such links to "check their bank account." 

Targeted users took to Twitter to the caution of the scams, with one Twitter user saying that 'the only red flag' of the scam was that he wasn't anticipating a shared doc.

 


With the generality of working from home due to the Covid pandemic, attackers are progressively utilizing collaboration and remote-work tools, including Google offerings. 

Nonetheless, a Google spokesperson told WIRED that the company is dealing with new security measures and is currently making strong efforts for detecting Google Drive spam.