Security News

Russia has blocked access to the Facebook social network after Meta, Facebook's parent company, deactivated or restricted access to accounts belonging pr-Kremlin media outlets and news agencies, including RIA Novosti, Sputnik, and Russia Today. "On March 4, 2022, a decision was made to block access to the Facebook network in the Russian Federation," Roskomnadzor stated.

Twitter account of former intelligence specialist, Reality Winner was hacked over the weekend by threat actors looking to target journalists at prominent media organizations. Hackers took over Winner's verified Twitter account and changed the profile name to "Feedback Team" to impersonate Twitter staff before sending out suspicious DMs to verified users.

Twitter is currently experiencing a worldwide service disruption that makes it impossible for users to read tweets on the web and load threads using the mobile app. On the web app users are seeing "Something went wrong, but don't fret - it's not your fault." errors, while on mobile "Uh oh, an error was encountered. Try again." errors are displayed whenever trying to read a tweet thread. Twitter is aware of the problem and it's currently investigating the an increase in API 500/400 errors on multiple v2 endpoints.

Twitter's head of security and CISO both ejected from the social media biz this month. He's now out of the micro-blogging site, as is CISO Rinki Sethi, who was also recruited in 2020 to fix up Twitter's security.

Organizations looking to minimize exposure to exploitable software should scan Twitter for mentions of security bugs as well as use the Common Vulnerability Scoring System or CVSS, Kenna Security argues. The initial Log4j vulnerability received a base CVSS score of 10.0.

The Twitter account previously associated with the ANOM chat app is posting frivolous tweets this week. ANOM was a fake encrypted messaging platform created as part of a global sting operation led by the U.S. FBI, Australian Federal Police, and other law enforcement agencies to catch criminals.

Open-source analytics and interactive visualization solution Grafana received an emergency update today to fix a high-severity, zero-day vulnerability that enabled remote access to local files. Earlier today, Grafana 8.3.1, 8.2.7, 8.1.8, and 8.0.7 were released to fix a path traversal vulnerability that could allow an attacker to navigate outside the Grafana folder and remotely access restricted locations on the server, such as /etc/password/.

If those phrases are present, these same programs will direct Twitter bots under the scammer's control to automatically reply to the tweets as fake support agents with links to scams that steal cryptocurrency wallets. In tests conducted by BleepingComputer, tweets containing the words 'support,' 'help,' or 'assistance' along with the keywords like 'MetaMask,' 'Phantom,' 'Yoroi,' and 'Trust Wallet' will result in almost instantaneous replies from Twitter bots with fake support forms or accounts.

A new phishing campaign has been targeting verified Twitter accounts, as seen by BleepingComputer. Verified accounts on Twitter refer to those possessing a blue badge with a checkmark.

A new phishing campaign has been targeting verified Twitter accounts, as seen by BleepingComputer. The phishing campaign follows Twitter's recent removal of the checkmarks from a number of verified accounts, citing that these were ineligible for the legendary status, and were verified in error.