Security News

A mobile spearphishing attack targeting "a small number of employees" is what led to the unprecedented, major attack earlier in the month on high-profile Twitter accounts to push out a Bitcoin scam. On the day of the attack, Twitter revealed that the accounts fell victim to a compromise of the company's internal systems by a group of unidentified hackers that managed to access Twitter company tools and secure employee privileges.

Nearly half of British university staff say they have received no cybersecurity training, according to a recent survey. 46 per cent of staff received no training at all, while one Russell Group uni said that just 12 per cent of its staff had received "Any" training in infosec matters.

Threatpost editors talk about the biggest security news stories for the week ended Jul. 24.

Uncommonly well-informed people knew all about it by reading The Register's report of the Blackbaud ransom payment last week, but mere Muggles only heard of it when universities began informing students, staff and alumni that their personal data had been nicked. The University of York told its students and alumni on Wednesday that names, dates of birth, student numbers, addresses, phone and email addresses, fundraising details, details of occupation and employer details were among the data stolen, according to student news site York Mix.

Twitter has admitted that the naughty folk who hijacked verified accounts last week read a portion of hacked users' direct messages. Among the 36 Twitter users whose direct messages, email addresses and phone numbers were definitely accessed by account hijackers last week was one Dutch politician, the microblogging platform said overnight.

Not a few people's Twitter accounts, but all of Twitter. Someone compromised the entire Twitter network, probably by stealing the log-in credentials of one of Twitter's system administrators.

"The attackers successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts," Twitter wrote. Attackers accessed the Twitter account feature "Your Twitter Data" for eight accounts.

Several high-profile Twitter accounts were targeted recently in an attack that involved the hackers accessing internal Twitter systems and tools. Twitter has only shared limited technical information about the attack, but some victims say the attackers hijacked their accounts by changing the associated email address and initiating the password reset process.

A number of high-profile Twitter accounts, including those of US presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Elon Musk, Uber, and Apple, were breached simultaneously in what's a far-reaching hacking campaign carried out to promote a cryptocurrency scam. Following the tweets, the accounts for Apple, Uber, Mike Bloomberg, and Tesla and SpaceX CEO Elon Musk all posted tweets soliciting bitcoins using the exact same Bitcoin address as the one included on the CryptoForHealth website.

A number of high-profile Twitter accounts, including those of US presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Elon Musk, Uber, and Apple, were breached simultaneously in what's a far-reaching hacking campaign carried out to promote a cryptocurrency scam. Following the tweets, the accounts for Apple, Uber, Mike Bloomberg, and Tesla and SpaceX CEO Elon Musk all posted tweets soliciting bitcoins using the exact same Bitcoin address as the one included on the CryptoForHealth website.