A new and otherwise ordinary malware tool is garnering some attention from security researchers for its ability to retrieve malicious commands via code hidden in a couple of Twitter memes.
The malware (TROJAN.MSIL.BERBOMTHUM.AA) targets Windows systems and, like more than 90% of all malicious code, is distributed via phishing attacks. Once installed on a system, the malware can perform several common functions like capturing local screen shots, enumerating applications on the system, checking for vulnerabilities in them, capturing clipboard content, and sending files back to the attacker. What’s noteworthy about the new Trojan is its use of the Twitter memes to retrieve malicious instructions, according to Trend Micro, the first to report on the threat.
Social networking site Twitter announced another data leak that occurred on its platform, which the company said it is investigating as a suspected state-sponsored attack. In a support page, Twitter said that it detected the attack on November 15 when it “observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia.”
These requests targeted the company’s support form, which users had been using to report issues to Twitter’s staff. Twitter said that attackers identified a bug in these forms that allowed them to discover an account’s phone number country code and if the account had been locked.
Read more about the suspected state-sponsored attack on Twitter on ZDNet.
However, the reason the text linked to the site was due to a typo in a hyperlink in Giuliani’s original tweet. Shortly after, an anonymous (and quick-thinking) user bought the domain erroneously referred to in the tweet.
The epidemic of Twitter-based Bitcoin scams took another twist this week as attackers tweeted scams directly from two verified high-profile accounts. Cryptocurrency giveaway scams work by offering money to victims. There’s a catch, of course: They must first send a small amount of money to ‘verify their address’. The money in return never shows up and the attackers cash out.
Authenticity is a key factor in these scams. Accounts with verified status shown by a blue tick carry more of that. This week, criminals managed to compromise the official accounts of Google’s G Suite and Target and use these for Bitcoin giveaway scams.
Twitter has called upon the software application developer community to help in the global fight against hacking and spammers. The company has released its AnomalyDetection software tool to open source on the GitHub code repository.
Twitter hopes that this open release will a) allow the community to learn from the software and b) help evolve the tool further.
Read more about the Twitter anomaly tool on Forbes.
ndian police on Saturday arrested a 24-year-old executive believed to be the handler of an influential Twitter account supporting the Islamic State group, officials said. Mehdi Masroor Biswas, employed with an Indian food conglomerate in the southern city of Bangalore, is alleged to be the handler of the Twitter account @ShamiWitness.
The account had 17,700 followers, including many foreign fighters, until it was shut down following a report by Britain’s Channel 4 News on Thursday.
Read more about the arrest of the jihadi tweeter by the Indian police on Security Week.
Twitter is releasing a new software development kit today at its developer’s conference. It’s called Fabric. It does lots of very pretty things, and the people who write mobile apps are going to eat it up. Which, OK, that’s nice. But the bigger story is what Fabric represents. Because it isn’t just a tool for developers any more than Greek horses were meant to beautify Troy. Fabric is the foundation for Twitter to transform a business based purely on a single product—tweets!—into a diversified service aimed at every person and company that makes mobile apps. That, in turn, would affect every person who uses mobile apps. In other words, everyone.
If Twitter succeeds with this plan, it won’t matter whether or not you use Twitter the product. You will end up using Twitter the company every time you use your phone—even if you’re not aware of it. Up to now, the only way a company could insert itself on such a grand scale was to make a handset or an operating system. But there isn’t going to be a Twitter phone or a Twitter OS. That leaves it with no way to get in on mobile in a big way—unless it lives in applications themselves. Which is exactly the plan.
Popular microblogging platform Twitter is taking bold steps to try and put an end to the password as we know it, according to Sky News.
Digits – part of a selection of developer tools called Fabrics – allows users to sign into apps without having to remember passwords. The process is simple: the user enters their mobile number into a log-in page on the app, and then receives a text message with a one-time code. Once entered, the user proceeds to the app as usual.
Although much of the thought process behind the option is for developing countries where email accounts are less common, Michael Ducker, a senior product manager at Twitter, also claimed the move was behind the frustration of having to remember so many different passwords across the web in general.
Read about Twitter new logic of using Digits as sign in protocol on We Live Security