Many Twitter users have been presented with a message telling them that SMS-based two-factor authentication (2FA) will be removed next month.
According to Twitter, only subscribers to its premium Twitter Blue service will be able to use text message-based 2FA to protect their accounts.
Is that such a good idea?
Category: Twitter
Want to sell some cocaine, ecstasy (MDMA), crystal meth, or magic mushrooms?
Twitter could be the place for you. And the site isn't going to do anything to shut down your account.
Carole's in her sick bed, which leaves Graham in charge of the good ship "Smashing Security" as it navigates the choppy seas of credential stuffing and avoids the swirling waters of apps being sloppy with sensitive information.
Find out more in this latest edition of the "Smashing Security" podcast, hosted by Graham Cluley with special guest BJ Mendelson.
First, is the news that the Indian government has launched its own Mobile Operating systems that have capabilities to take on international rivals like iOS and Android. Within the next few weeks, the government of the sub-continent is preparing to release an indigenous mobile operating system that has the potential to offer a health competition to American technology giants and will be safe to use in the current cyber threat landscape.
Called as IndOS, the OS will be available on devices being sold on the Indian subcontinent and will have all pre-loaded government apps that are there to service the citizen. Though, it might appear as a bloatware to device manufactures in the initial stages. But is said to serve the populace with all necessary applications like Arogya Setu, MTNL and a centralized police controlled applications linked to a database in Delhi.
For the mobile consumers of the Shri Narender Modi led government, Android occupies 97 percent of mobile share while Apple iOS holds little less. IndOS is said to grab the customer share of Android at least in India and is said to protect them from financial frauds, data thefts and other such dangers.
2.) Second is the news that belongs to Royal Mail as the parcel delivery service from Britain has asked its customers to refrain themselves from sending parcels abroad until further notice.
In a statement issued by the delivery giant yesterday, the 5 centuries old non-profit government organization is busy investigating a cyber incident that brought its operations to knees from early this month.
Russia linked hackers group dubbed LockBit Ransomware is suspected to be behind the cyber attack and a probe is still on.
3.) Third, is the news related to an anti-virus firm that is also into the business of cybersecurity. Norton LifeLock has issued an official update that hackers targeted its servers, leading to a data breach of over 6000 premium customers.
The company that is now owned by Symantec has sent notices to affected customers, as per the update available on the Attorney General’s website of Vermont. The attack reportedly took place when the hacker gained access to the password manager accounts and used their usernames and password logins to siphon data.
4.) Twitter is hitting the news headlines of Google from the past two days, as a New York state resident Stephan Gerber has sued the social media giant for showing laxity in protecting the data of its users leading to a data leak of about 200 million user accounts or even more, segregated between June 2021 to January 2022.
Gerber claims in his court order that the Elon Musk led company should start paying monetary benefits to all the impacted users and must require hiring a 3rd party data forensic firm for attack summary and information loss auditing and protecting the user information, from here-on.
The post Cyber Attack news headlines trending on Google appeared first on Cybersecurity Insiders.
Adding more embarrassment to last year’s Twitter Data Breach, a new finding on the web has discovered a new database dump exposed on an online hacking forum. It appears to be a big data leak as information related to about 235 million users was found by a cyber intelligence firm named Hudson Rock, based in Israel.
Exposed details include user names, email address, screen names, number of followers and date of account creation along with the linked phone number.
Researchers from Hudson Rock claim they analyzed around 63GB of files from stolen 230,000,000 records and all the information seems genuine; though further analysis is awaited.
A price of $200,000 is being demanded for the stolen information and as it contains sensitive information such as contact details, those interested might make merry as they can use the purchased data to launch identity thefts and phishing campaigns.
Hudson Rock did not name the hacking form that contains the twitter data dump. But as per a Facebook page of a renowned hacker, the forum is called ‘Breached” and contains more such data related to many multinational tech and manufacturing companies, along with 2 healthcare firms.
NOTE- Twitter suffered a similar info breach in 2018 because of a password bug leaking info about around 330m user accounts. In July 2022, a breach occurred leaking details of about 400 million twitter users and was detected in August last year. Now, the company needs to respond to the latest data dump appearing on a hacking forum.
Wonder why all such things are intensifying after Elon Musk’s take over as chief of the world’s second social networking company?
Perhaps, Peter Mudge Zatko, the former security lead of Twitter, might give an exact answer to this question!
The post Twitter data dump of 235 million users available on web appeared first on Cybersecurity Insiders.
If the crooks have connected up your phone number and your Twitter handle... what could go wrong?
A hacker who is super-active on the hacking forum Ryushi is urging interested prospects to buy sensitive details that were stolen from over 400 million Twitter account users. The hacker claims to have obtained access to the data through a vulnerability on the database and is ready to sell it for a hefty price of $400,000,000.
What appears strange in the incident is the hacker is also inviting Elon Musk or any of the Twitter staff to buy back the data to avoid penalties imposed by GDPR lawsuits ranging from 5.4m to 8.7m. The selling criminal also attested that Escrow payments will cover the sale in control of the forum admin…. that’s strange, isn’t it?
Ireland’s Data Protection Commissioner has opened up an investigation into the probe and linked the current data possession claim related to a massive data breach that took place last month.
Another hacker who is following the latest data leak related to the social networking website claims that the stolen info that includes phone numbers, email ids and user names and location seems to have a link with the breach that took place in the year 2020 and the Irish data watchdog has already imposed a fine of €450,000 on the company for failing to following GDPR.
As of now, Twitter is struggling to contain the enormous amounts of complaints pouring in from different parts of the world. Among them, the most are related to account suspension and lock-in, as many of the journalists, politicians managing their accounts with the help of freelancers, are being blocked from access till further notice. The other issue is with the 2-factor authentication requests which most of the mobile service providers are rejecting for reasons.
The post Hacker wants Elon Musk or Twitter to buy back stolen data appeared first on Cybersecurity Insiders.
Twitter, the world’s second largest social media platform has being caught in a data privacy issue as for the first time, the company that is now being led by Elon Musk is found collecting data from over 70,000 websites that include those belonging to government, retailers, manufacturers, car companies and healthcare related business firms.
Going deep into the details, Twitter provides an analytics tool to interested parties that helps in keeping a track of visitors on a website. It is called Pixel tool and includes HTTPS requests to static.ads-twitter dot com
Details are in that the tool gathered information is being stored on the servers of the Musk company and the practice hasn’t stopped even after the shuffle of the senior management under the lead of the Tesla Chief.
Concerning, the gathered data includes IP addresses, payment details and user activity on a website.
Apple doesn’t indulge in such marketing campaigns that are being offered for $160,000 per campaign. Tesla and SpaceX have paid a premium to get enlisted in this data gathering campaign.
Websites that are found using twitter’s Pixel tool are: Federal Bureau of Investigation (FBI), the US Department of Health & Human Services, Doctors without Borders website, FAFSA website, City University of New York, Purdue University, University of California, Johns Hopkins University, University of Washington, and more.
If car makers use the tool, then Tesla owner Musk can gather info related to users visiting the company websites and start a counter marketing campaign to turn the website leads into sales.
The post Twitter found gathering data from over 70000 websites appeared first on Cybersecurity Insiders.
Why deleting your Twitter account may be a very bad idea, how the police unravelled the iSpoof fraud gang, and a trip into outer space (or at least interplanetary file systems).
All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by original show co-host Vanja Švajcer.
As of September 2022, Twitter had challenged 11.72 million accounts, suspended 11,230 accounts, and removed over 97,674 pieces of misleading content related to COVID-19 worldwide. Today? It’s not doing anything. As an update on the company’s COVID-19 misinformation report webpage notes: Effective November 23, 2022, Twitter is no longer enforcing the COVID-19 misleading information policy. … Continue reading "Twitter isn’t going to stop people posting COVID-19 misinformation anymore"