Tag: Twitter

Memes on Twitter Used to Communicate With Malware

A new and otherwise ordinary malware tool is garnering some attention from security researchers for its ability to retrieve malicious commands via code hidden in a couple of Twitter memes.

The malware (TROJAN.MSIL.BERBOMTHUM.AA) targets Windows systems and, like more than 90% of all malicious code, is distributed via phishing attacks. Once installed on a system, the malware can perform several common functions like capturing local screen shots, enumerating applications on the system, checking for vulnerabilities in them, capturing clipboard content, and sending files back to the attacker. What’s noteworthy about the new Trojan is its use of the Twitter memes to retrieve malicious instructions, according to Trend Micro, the first to report on the threat.

Read more about the new malware on DarkReading.

Twitter discloses suspected state-sponsored attack

Social networking site Twitter announced another data leak that occurred on its platform, which the company said it is investigating as a suspected state-sponsored attack. In a support page, Twitter said that it detected the attack on November 15 when it “observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia.”

These requests targeted the company’s support form, which users had been using to report issues to Twitter’s staff. Twitter said that attackers identified a bug in these forms that allowed them to discover an account’s phone number country code and if the account had been locked.

Read more about the suspected state-sponsored attack on Twitter on ZDNet.

Trump’s Cybersecurity Advisor Rudy Giuliani Thinks His Twitter Was Hacked Because Someone Took Advantage of His Typo

Rudy Giuliani, who was named President Trump’s cybersecurity advisor last year, has demonstrated that he does not understand how Twitter works…or hyperlinks…or domain registration. Giuliani tweeted that Twitter had allowed someone to “invade” a tweet he sent, because that tweet linked to a website with the words “Donald J. Trump is a traitor to our country.”

However, the reason the text linked to the site was due to a typo in a hyperlink in Giuliani’s original tweet. Shortly after, an anonymous (and quick-thinking) user bought the domain erroneously referred to in the tweet.

Read more about this bizarre story on Motherboard.

Official Google Twitter account hacked in Bitcoin scam

The epidemic of Twitter-based Bitcoin scams took another twist this week as attackers tweeted scams directly from two verified high-profile accounts. Cryptocurrency giveaway scams work by offering money to victims. There’s a catch, of course: They must first send a small amount of money to ‘verify their address’. The money in return never shows up and the attackers cash out.

Authenticity is a key factor in these scams. Accounts with verified status shown by a blue tick carry more of that. This week, criminals managed to compromise the official accounts of Google’s G Suite and Target and use these for Bitcoin giveaway scams.

Read more about the rise of giveaway scams on NakedSecurity.

U.S. Central Command accounts hacked by ISIS supporters

A hacking group that claims to be affiliated with ISIS broke into the Twitter and YouTube accounts of the United States Central Command (CENTCOM) on Monday.

The group, which calls itself Cyber Caliphate, took control of the CENTCOM social accounts, replacing its avatars with the group’s logo before the accounts were both were temporarily taken down.

Read more about the hijacking of Twitter and YouTube accounts of United States Central Command (CENTCOM)  by ISIS sympathizers on Mashable.

Twitter releases open source Anomaly Detection tool

Twitter has called upon the software application developer community to help in the global fight against hacking and spammers. The company has released its AnomalyDetection software tool to open source on the GitHub code repository.

Twitter hopes that this open release will a) allow the community to learn from the software and b) help evolve the tool further.

Read more about the Twitter anomaly tool on Forbes.

Indian Police Arrest ‘Jihadi Tweeter’

ndian police on Saturday arrested a 24-year-old executive believed to be the handler of an influential Twitter account supporting the Islamic State group, officials said. Mehdi Masroor Biswas, employed with an Indian food conglomerate in the southern city of Bangalore, is alleged to be the handler of the Twitter account @ShamiWitness.

The account had 17,700 followers, including many foreign fighters, until it was shut down following a report by Britain’s Channel 4 News on Thursday.

Read more about the arrest of the jihadi tweeter by the Indian police on Security Week.

Twitter to start snooping at which apps you have installed – here’s how to opt out

Twitter is set to start peeking on users’ iPhones, iPads and Androids in order to see which apps they have downloaded.

The company will start collecting the list of apps installed on those smartphones and tablets so that it can, in its own words, “deliver tailored content that you might be interested in.”

Read more about the Twitter’s intentions to start snooping on 3rd party Apps and how you could opt out of it on Naked Security Sophos.

Twitter’s Audacious Plan to Infiltrate All Your Apps

Twitter is releasing a new software development kit today at its developer’s conference. It’s called Fabric. It does lots of very pretty things, and the people who write mobile apps are going to eat it up. Which, OK, that’s nice. But the bigger story is what Fabric represents. Because it isn’t just a tool for developers any more than Greek horses were meant to beautify Troy. Fabric is the foundation for Twitter to transform a business based purely on a single product—tweets!—into a diversified service aimed at every person and company that makes mobile apps. That, in turn, would affect every person who uses mobile apps. In other words, everyone.

If Twitter succeeds with this plan, it won’t matter whether or not you use Twitter the product. You will end up using Twitter the company every time you use your phone—even if you’re not aware of it. Up to now, the only way a company could insert itself on such a grand scale was to make a handset or an operating system. But there isn’t going to be a Twitter phone or a Twitter OS. That leaves it with no way to get in on mobile in a big way—unless it lives in applications themselves. Which is exactly the plan.

Read about the Twitter new SDK – Fabric on Wired

Twitter Launches Digits – A Password Free Login Service For App Developers

Popular microblogging platform Twitter is taking bold steps to try and put an end to the password as we know it, according to Sky News.

Digits – part of a selection of developer tools called Fabrics – allows users to sign into apps without having to remember passwords. The process is simple: the user enters their mobile number into a log-in page on the app, and then receives a text message with a one-time code. Once entered, the user proceeds to the app as usual.

Although much of the thought process behind the option is for developing countries where email accounts are less common, Michael Ducker, a senior product manager at Twitter, also claimed the move was behind the frustration of having to remember so many different passwords across the web in general.

Read about Twitter new logic of using Digits as sign in protocol on We Live Security