Security News
Twitter on Thursday revealed that several employees were targeted with phone spear-phishing in a social engineering attack leading to the recent security incident. A total of 130 accounts were targeted in the incident, with hackers abusing internal Twitter systems and tools to reset the passwords for 45 of them.
"The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack," Twitter explained. "Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools."
An investigation by consumer watchdog Which? has found that nearly a third of all phones sold on second-hand sites are no longer supported by the vendor, leaving punters at risk of being hacked. The publication found that 31 per cent of all phones sold via CeX no longer receive security patches.
Britain's government on Tuesday backtracked on plans to give Chinese telecommunications company Huawei a limited role in the U.K.'s new high-speed mobile phone network in a decision with broad implications for relations between London and Beijing. The U.S. threatened to sever an intelligence-sharing arrangement with the UK because of concerns Huawei equipment could allow the Chinese government to infiltrate U.K. networks.
Following a January report on malware found pre-installed on smartphones sold in the United States to budget-conscious users, Malwarebytes has discovered another mobile device riddled with malware from the get-go. Now, Malwarebytes's Nathan Collier says that another phone model provided through the Lifeline Assistance program was found to include pre-installed malware: the ANS UL40 running Android 7.1.1.
In May, police in France, assisted by the Netherlands' cops, infiltrated EncroChat's core network - and in mid-June the operator pulled the plug, having realised the game was up. The takedown of the network has been a poorly disguised secret, with Northern Irish suspects reportedly being arrested last week after data from EncroChat's servers was shared around European police forces.
Police said Thursday they had shut down an encrypted phone network used as a key tool by organised crime groups across Europe to plot assassination attempts and major drug deals. French and Dutch police said they hacked the EncroChat network so they could read millions of messages "Over the shoulders" of criminal suspects as they communicated, leading to more than 100 arrests.
Zoom today said it will make end-to-end encryption available to all of its users, regardless of whether they pay for it or not. We note that Google Meet and other rival services do not offer E2EE. "Today, Zoom released an updated E2EE design on GitHub," Zoom CEO Eric Yuan said.
An infosec researcher reckons Whatsapp was a bit too quick off the mark to blame its users when hundreds of thousands of phone numbers, names and profile pictures were found to be easily accessible via Google. Athul Jayaram, a self-described "Full time bug bounty hunter", published a blog post earlier this week highlighting that a large number of Whatsapp users' mobile numbers could easily be found by searching Google for the domain "Wa.me".
In a paper recently published through the Journal of Cybersecurity, Cornell University assistant professor Karen Levy and security veteran Bruce Schneier argue that intimate relationships open the door to a set of privacy and security risks that haven't been anticipated or adequately addressed by the public, the technical community, and policymakers. "We describe privacy threats that arise in our intimate relationships: families, romances, friendships," said Levy.