Twitter said Thursday night that it has “significantly limited” access to its internal tools after it learned that the high-profile hack earlier this month affecting dozens of major accounts was the result of a phishing attack targeting the phones of a “small number of employees.” From a report: “This attack relied on a significant and concerted attempt to mislead certain employees…
Tag: phishing
Microsoft To Remove All SHA-1 Windows Downloads Next Week
Microsoft announced this week plans to remove all Windows-related file downloads from the Microsoft Download Center that are cryptographically signed with the Secure Hash Algorithm 1 (SHA-1). From a report: The files will be removed next Monday, on August 3, the company said on Tuesday. The OS maker cited the security of the SHA-1 algorithm for the move. “SHA-1 is a…
Election Officials Are Vulnerable To Exim Security Vulnerability, Report Shows
whh3 writes: The Wall Street Journal has an “exclusive” scoop about a report detailing that several counties host their own mail servers using a version of Exim that is vulnerable to exploitation (Warning: source paywalled; alternative source), exposing electing officials to potential interference during the upcoming cycle. “[Cybersecurity vendor Area 1 Security Inc.] found that officials in six small jurisdictions in…
Security Breach Exposes More Than One Million DNA Profiles On Major Genealogy Database
An anonymous reader quotes a report from BuzzFeed News: On July 19, genealogy enthusiasts who use the website GEDmatch to upload their DNA information and find relatives to fill in their family trees got an unpleasant surprise. Suddenly, more than a million DNA profiles that had been hidden from cops using the site to find partial matches to crime scene DNA…
Microsoft Seizes Six Domains Used in COVID-19 Phishing Operations
Microsoft has obtained a court order this month allowing the company to seize control of six domains that were used in phishing operations against Office 365 customers, including in campaigns that leveraged COVID-19 lures. From a report: According to court documents obtained by ZDNet, Microsoft has targeted a two-person phishing operation that has been targeting the company’s customers since December 2019….
Google Removes 25 Android Apps Caught Stealing Facebook Credentials
Google has removed this month 25 Android apps from the Google Play Store that were caught stealing Facebook credentials. From a report: Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times. The malicious apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same….
Bots Still Trying To Reach Cyberbunker 2.0 Addresses 9 Months After Raid
Long-time Slashdot reader UnderAttack writes: In September last year, German police raided what was known as “Cyberbunker 2.0”, a former cold war nuclear bunker turned into a “bulletproof” hosting facility. A student of the internet security-training company SANS Technology Institute analyzed traffic reaching out for the former Cyberbunker’s IP address space. Over two weeks, thousands of bots called “home” still looking…
Microsoft Releases First Public Preview of its Defender Antivirus on Android
Starting today, customers of Microsoft’s commercial antivirus product — Defender Advanced Threat Protection (ATP) — can install a first version of the product’s Android port. From a report: The product, named “Microsoft Defender ATP for Android,” was announced at the RSA security conference in February this year, and has reached a first public preview today. Companies that have contracted Microsoft Defender…
Google Resumes Its Senseless Attack On the URL Bar, Hides Full Addresses On Chrome 85
Google is pressing on with new plans to hide all parts of web addresses except the domain name. Android Police reports: A few new feature flags have appeared in Chrome’s Dev and Canary channels (V85), which modify the appearance and behavior of web addresses in the address bar. The main flag is called “Omnibox UI Hide Steady-State URL Path, Query, and…
Chrome and Firefox Block Torrent Site YTS Over ‘Phishing’
Chrome and Firefox are blocking direct access to the movie download pages of popular torrent site YTS. According to Google’s safe browsing report, YTS.mx is a “deceptive site” that may trick visitors into doing dangerous things. The warning is likely the result of malicious advertisements. TorrentFreak reports: While the site’s homepage can be visited just fine, navigating to a torrent detail…