Security News

Twitter today announced the permanent removal of more than 3,400 accounts linked to governments of six countries running manipulation or spam campaigns. Twitter found another 112 accounts linked to a private company called "Changyu Culture," which is endorsed by the regional authorities in Xinjiang.

Twitter on Tuesday announced an expansion to its private information policy to include private media, effectively prohibiting the sharing of photos and videos without express permission from the individuals depicted in them with an aim to curb doxxing and harassment. "Beginning today, we will not allow the sharing of private media, such as images or videos of private individuals without their consent. Publishing people's private info is also prohibited under the policy, as is threatening or incentivizing others to do so," the company's Safety team said in a tweet.

Google Chrome 96 was released yesterday, and users are reporting problems with Twitter, Discord, and Instagram caused by the new version. After upgrading to Chrome 96, users report errors in their Twitter notifications, with the website warning that "Something went wrong. Try reloading," as shown below.

A new Android malware known as MasterFred uses fake login overlays to steal the credit card information of Netflix, Instagram, and Twitter users. This new Android banking trojan also targets bank customers with custom fake login overlays in multiple languages.

The US Department of Justice has indicted a suspected Twitter hacker known as 'PlugWalkJoe' for also stealing $784,000 worth of cryptocurrency using SIM swap attacks. SIM swap attacks are when threat actors take control of targets' phone numbers by porting them to their own device's SIM card.

Twitter rolled out security keys to its entire workforce and made two-factor authentication mandatory for accessing internal systems following last year's hack. The company migrated all of its employees from legacy 2FA using SMS or authenticator apps to security keys in less than three months, according to Twitter's Senior IT Product Manager Nick Fohs and Senior Security Engineer Nupur Gholap.

As Weidermann detailed in his January analysis, the threat actors set up a "Research" blog and used the Twitter profiles to disseminate links to it in order to pull in potential targets. The ongoing campaign targets security researchers using lures near and dear to their hearts: Bugs and research.

Twitter is experiencing a worldwide outage affecting their web platform that prompts users to logout and prevents them from accessing tweets. The outage began at around noon EST and only affects the web/desktop version of Twitter, not the mobile platform.

Twitter has introduced today Safety Mode, a new feature that aims to block online harassment attempts and reduce disruptive interactions on the platform. Once enabled on a Twitter account, Safety Mode is designed to automatically and temporarily block users for seven days when using harmful language in replies, quote tweets, and mentions in your conversations.

Koo, India's homegrown Twitter clone, recently patched a serious security vulnerability that could have been exploited to execute arbitrary JavaScript code against hundreds of thousands of its users, spreading the attack across the platform. The vulnerability involves a stored cross-site scripting flaw in Koo's web application that allows malicious scripts to be embedded directly into the affected web application.