For the first time in nearly a year, Twitter suffered a prolonged outage Thursday, leaving its 140 million active monthly users without micro-blogging capabilities.
Sites such as Facebook and Twitter contain seemingly infinite amounts of personal data, so it's no wonder criminals have turned their focus there. But social media providers and end-users can protect themselves.
A web-based business embraced social media as a business enabler...after putting in place the right tool, reports Greg Masters.
Just 32 percent of U.S. IT and IT security practitioners said their company has a policy that addresses the acceptable use of social media by employees in the workplace.
The Twitter account belonging to the USA Today was hacked over the weekend by a group called The Script Kiddies. In tweets posted from the compromised account, the hacktivist group bragged about past hacking feats, and urged users to "like" them on Facebook and vote on who they should infiltrate next. It is unclear how the hackers were able commandeer control of the account. The same group also claimed responsibility earlier this month for hacking the NBC News Twitter account and sending a series of erroneous tweets. In that case, a trojan permitted the takeover.
A group of hacktivists was able to compromise the NBC News Twitter account on Friday by tricking the network's social media head into clicking on a malicious attachment. According to an MSNBC report, a group known as The Script Kiddies commandeered control of the account to send a series of tweets falsely reporting an attack on Ground Zero in New York, two days before the 10th anniversary of 9/11. The mischief makers may have obtained the account's login information by duping Ryan Osborn, NBC News' director of social media, into clicking on an attachment, which installed a copy of the password-stealing "Christmas tree" trojan onto his machine. The erroneous tweets were removed soon after they were posted, and the FBI is looking into the matter. Twitter has since suspended the account of the The Script Kiddies, who also have hacked into the Facebook account of Pfizer.
Blanket censorship of social media in the UK might be unlikely, but targeted blocking based on legal interception isn't out of the question.
The U.S. Secret Service is investigating the compromise of the the Twitter account belonging to Fox News Politics, which was used to post a number of fake tweets reporting that President Obama had been assassinated, an agency spokesman told SCMagazineUS.com. A hacking group known as The Script Kiddies, an offshoot of Anonymous, has claimed responsibility for the attack, according to reports. The fraudulent tweets, delivered to some 38,000 followers of @foxnewspolitics during the early morning hours EST on Monday, have since been removed from the feed. It is unclear how the hackers got access to the account.
The website belonging to a man in Pakistan who unknowingly live tweeted the raid on Osama bin Laden's compound was found to be infected with malware.
A massive spam campaign that has rapidly spread on Twitter has been linked to a recent security breach of online media company Gawker Media.
A nonprofit security think tank's "report card" has failed Facebook and Twitter for neglecting to implement safeguards that are available on other popular online services.
A computer researcher has released a plug-in for the Firefox web browser that lets anyone scan open Wi-Fi networks and hijack, for example, Twitter and Facebook accounts.
Cybercriminals this week took advantage of a cross-site scripting vulnerability on Twitter that since has been fixed, according to security researchers
Attackers took to Twitter on Monday to spread malware via links pointing to what they claimed was an update to the popular microblogging client TweetDeck.
Researchers at anti-virus firm F-Secure on Thursday discovered a new malware campaign on Twitter. A large number of fake accounts were tweeting messages containing a bit.ly shortened link that when clicked, attempted to use a Java exploit to install a combination keylogger and banking trojan. The tweets contained the text "haha this is the funniest video ive ever seen" along with popular hashtags and celebrity names. After discovering the campaign, F-secure researchers reported the shortened link to bit.ly staff, who promptly shut it down. The malicious site is still running, but users are no longer being redirected to it via Twitter. — AM
Twitter this week reset the passwords on an unknown number of accounts after discovering malicious file-sharing sites were set up to steal user login information.
More than 40 million pieces of malware have been identified by PandaLabs and 55,000 new samples are being identified each day, many on social networking sites, the report states.
A popular web application framework provider has shipped a fix for a dangerous XSS flaw.
Researchers have discovered that Twitter messages were used to issue new instructions to bots.
Twitter has begun alerting users when they attempt to post a link to a malicious site.
Never mind optimizing search result rankings, malicious attackers now are trying to optimize their tweets.
Sign up to our newsletters
SC Magazine Articles
- State breakdowns: Anthem breach by the numbers
- Malware on Lime Crime website, payment cards compromised
- Florida law enforcement docs show widespread stingray use, secrecy
- Botnet of Joomla servers furthers DDoS-for-hire scheme
- Bug in popular WordPress plugin opens up websites to SQL injection attacks
- State breakdowns: Anthem breach by the numbers
- Carbanak APT campaign made off with $1B from banks globally
- BMW issues security patch for bug allowing attackers physical access into vehicles
- NIST requests final comments on ICS security guide
- Disconnect yawns between CISOs, exec leadership, study says
- Natural Grocers investigating unauthorized access to POS systems
- Proposed Consumer Privacy Bill of Rights Act doesn't go far enough, critics say
- Data at risk for about 50,000 current and former Uber drivers
- North Carolina credit union notification says laptop containing data missing
- Skills in demand: Application security engineers