Security News

Security Boulevard recently listed the “Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021.” I came in at #7. I thought that was pretty good, especially since I never tweet. My...

A second Chromium zero-day remote code execution exploit has been released on Twitter this week that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers. A zero-day vulnerability is when detailed information about a vulnerability or an exploit is released before the affected software developers can fix it.

A researcher has dropped working exploit code for a zero-day remote code execution vulnerability on Twitter, which he said affects the current versions of Google Chrome and potentially other browsers, like Microsoft Edge, that use the Chromium framework. Pwn2Own contest rules require that the Chrome security team receive details of the code so they could patch the vulnerability as soon as possible, which they did; the latest version of the Chrome V8 JavaScript engine patches the flaw, Agarwal said in a comment posted in response to his own tweet.

A security researcher has dropped a zero-day remote code execution vulnerability on Twitter that works on the current version of Google Chrome and Microsoft Edge. While Agarwal states that the vulnerability is fixed in the latest version of the V8 JavaScript engine, it is not clear when Google will roll out the Google Chrome.

Graham Ivan Clark, part of the crew that hijacked around 130 high-profile Twitter accounts and used them to collect cryptocurrency, has been sentenced to three years in prison for his part in the scam. On July 15 last year around 130 Twitter accounts from celebs like Bill Gates, Elon Musk, Jeff Bezos, Apple, Uber, and former president Barack Obama began displaying messages asking for Bitcoin to be sent to a wallet, whereupon the amount would be doubled and returned.

A security researcher has discovered a novel steganography technique for hiding data inside a Portable Network Graphics image file posted on Twitter, a tactic that could be exploited by threat actors to hide malicious activity. Specifically, Buchanan demonstrated how he could hide both MP3 audio files and ZIP archives within the PNG images hosted on Twitter.

Thanks to a new plea deal with the Florida State Attorney's Office, the 18-year-old behind last summer's breach of Twitter's high-profile accounts will not be charged as an adult, and instead will serve his sentence in juvenile detention. Graham Ivan Clark was arrested seven months ago, and has accepted responsibility the July "Bit-Con" Twitter breach.

It happened in July 2020, when many prominent blue-badged Twitter accounts suddenly starting sending out scammy cryptocoin messages. "Feeling greatful , doubling all payments made to my Bitcoin address," said one message, urging people to pay out $1000 now, with a $2000 payback to follow later.

In his demonstration, the researcher showed both MP3 audio files and ZIP archives contained within the PNG images hosted on Twitter. Although the art of hiding non-image data in images isn't novel, the fact that the images can be hosted on a popular website like Twitter and are not sanitized opens up a possibility for their abuse by malicious actors.

A Florida teenager accused of masterminding a Twitter hack of celebrity accounts in a crypto currency scheme has been sentenced to three years in juvenile prison in a plea agreement, officials said. State prosecutors announced the deal Tuesday in the case of Graham Ivan Clark, 18, described as the mastermind of the July 2020 "Bit-Con" worldwide hack of Twitter accounts of Elon Musk, Bill Gates, Barack Obama, Joe Biden and others.