Security News

Imagine running a dating app and being told accounts could be easily hijacked. How did that feel, Grindr?
2020-10-03 09:08

LGBTQ dating site Grindr has squashed a security bug in its website that could have been trivially exploited to hijack anyone's profile using just the victim's email address. French bug-finder Wassime Bouimadaghene spotted that when you go to the app's website and attempt to reset an account's password using its email address, the site responds with a page that tells you to check your inbox for a link to reset your login details - and, crucially, that response contained a hidden token.

Accounts of Reddit Moderators Hijacked in Pro-Trump Hack
2020-08-10 10:48

Multiple Reddit moderator accounts have been compromised and abused to post pro-Trump messages on a variety of subreddits. The hackers appear to have targeted moderator accounts that did not have two-factor authentication enabled, and leveraged their rights to modify subreddits or even remove moderator accounts that had fewer rights.

Week in review: Counterfeit Cisco switches, hijacked Twitter accounts, vulnerable SAP applications
2020-07-19 09:00

Critical flaw gives attackers control of vulnerable SAP business applicationsSAP has issued patches to fix a critical vulnerability that can lead to total compromise of vulnerable SAP installations by a remote, unauthenticated attacker. Investigation highlights the dangers of using counterfeit Cisco switchesAn investigation, which concluded that counterfeit network switches were designed to bypass processes that authenticate system components, illustrates the security challenges posed by counterfeit hardware.

High-profile Twitter accounts hijacked to push Bitcoin scam. How did it happen?
2020-07-16 09:40

The Twittersphere went into overdrive on Wednesday as a bunch of prominent, verified Twitter accounts were hijacked and started promoting a COVID-19 cryptocurrency giveaway scam. The attackers simultaneously compromised Twitter accounts of Bill Gates, Elon Musk, Barack Obama, Jeff Bezos, Joe Biden, Mike Bloomberg, Apple, Uber, as well as those of cryptocurrency exchanges Binance, Coinbase, KuCoin and Gemini, the CoinDesk news site and other top crypto accounts.

Twitter accounts of Elon Musk, Bill Gates and others hijacked to promote crypto scam
2020-07-15 22:55

A number of high profile Twitter accounts, including Bill Gates, Elon Musk and Apple, were breached on Wednesday. Twitter said in an official statement: "We are aware of a security incident impacting accounts Twitter accounts. We are investigating and taking steps to fix it. We will update everyone shortly".

Twitter mass hacking: Bill Gates, Elon Musk, Jeff Bezos, Mike Bloomberg, Biden, Obama, more hijacked to peddle Bitcoin scam
2020-07-15 22:21

The Twitter accounts of Microsoft co-founder Bill Gates, Tesla CEO Elon Musk, and other celebrities were briefly taken over on Wednesday, along with the accounts of various cryptocurrency businesses and affiliated executives, to promote a Bitcoin scam. Twitter also silenced verified blue-tick accounts temporarily to prevent more abuse while it got to the bottom of the kerfuffle.

Company web names hijacked via outdated cloud DNS records
2020-07-07 14:09

Most cloud services keep their DNS cache times, known in the jargon as TTLs or time-to-live entries, pretty small these days in order to help their services adapt more quickly to changes in network load. Hacking your DNS entries is not quite as good a result for the crooks as taking over your actual web server - they won't have your web certificate to authenticate HTTPS traffic, and they'd need to clone a huge amount of your site to make a realistic facsimile - but it's still extremely dangerous, and potentially very damaging for your brand. In the cases tracked by Edwards, it seems that a bunch of crooks have been keeping their eyes on unused Azure server names that still have trusted DNS records referring to them, and reviving those defunct server names to produce believable URLs for scams and malware campaigns.

Travelex Pays $2.3M in Bitcoin to Hackers Who Hijacked Network in January
2020-04-10 12:18

Travelex has paid out $2.3 million in Bitcoin to hackers to regain access to its global network after a malware attack at the new year knocked the global currency exchange offline and crippled its business during the month of January. Travelex said in this case it was experts who advised the company pay those responsible for the New Year's Eve attack, which forced the company to shut down its online services and its mobile app.

Russian Telco Hijacked Internet Traffic of Major Networks - Accident or Malicious Action?
2020-04-07 14:58

A huge BGP hijack by Russian state telecommunications provider Rostelecom diverted the traffic from more than 200 networks - including Google, Amazon, Facebook and Cloudflare - to Russian servers on April 1. Internet traffic routes are managed by the Border Gateway Protocol, which controls the way in which internet traffic moves from one autonomous system network to the next on its way to its destination.

Hijacked Twitter accounts used to advertise face masks
2020-03-26 11:47

As of Tuesday, hijacked Twitter accounts were spewing out hundreds of tweets hawking a dodgy looking face mask/toilet paper/digital forehead thermometer online store, according to Motherboard's Vice. On Tuesday, the journalist confirmed on Twitter that his account had been hijacked and used to send out direct messages, purportedly about face masks.