Security News

Want to build your own army? Engineers at CloudSEK have published a report on how to do just that in terms of bots and Twitter, thanks to API keys leaking from applications. Researchers at the company say they've uncovered 3,207 apps leaking Twitter API keys, which can be used to gain access to or even entirely take over Twitter accounts.

Google has added API security tools and Workspace admin alerts about potentially risky configuration changes such as super admin passwords resets. Google's answer to these problems includes two API security features available in preview: one that identifies API misconfigurations and another that detects bots.

Out-of-control scalper bots have created havoc in Israel by registering public service appointments for various government services and then offering to sell them to disgruntled citizens. The bot's operators attempted to sell appointments for a range of government agencies for over $100, including passport renewal, the Israeli Ministry of Interior, the Ministry of Transport, National Insurance, Israel Post, and the Israeli state Electricity Company.

During the first half of 2022, BioCatch data reveals that money mule accounts represent up to 0.3 percent of accounts held by financial institutions, and an estimated $3 billion in fraudulent financial transfers. Applying BioCatch findings to the estimated 657 million bank accounts in the United States, this translates to approximately two million mule accounts and nearly $3 billion in fraudulent transfers in a year.

Netacea released its report into how businesses are dealing with bot attacks. It reveals one key area where businesses are failing to tackle bot attacks - bots are going undiscovered for an average of 16 weeks, up two weeks from last year's findings.

Netacea released its report into how businesses are dealing with bot attacks. Bot owners are shifting their tactics, with 60% of businesses detecting attacks on APIs and 39% detecting attacks on mobile apps.

Single factor authentication has been the standard for many years on Internet-facing services, but it clearly lacks security. While 2FA drastically increases the security of Internet services, it can still be bypassed by some methods.

The Black Basta ransomware gang has partnered with the QBot malware operation to gain initial access to corporate environments. QBot is Windows malware that steals bank credentials, Windows domain credentials, and delivers further malware payloads on infected devices.

Bad bots are often the first indicator of online fraud and represent a risk to digital businesses, as well as their customers. In 2021, evasive bad bots - a grouping of moderate and advanced bad bots that elude standard security defenses - made up 65.6% of all bad bot traffic.

That's according to Arkose Labs, which claimed in its latest State of Fraud and Account Security report that one in four online accounts created in Q1 2022 were fake and used for fraud, scams, and the like. In total, 93 percent of all attacks against Arkose Labs' customers were bot-driven, it's claimed; data scraping increased by 250 percent while four percent of all logins in Q1 were credential-stuffing attempts.