Cybercriminals use Facebook ads to shame companies, confuse messaging to customers
The tactic, used in a recent incident involving Italian liquor company Campari, attempts to counter a company’s own efforts at damage control.
About SC Media
Social Media
Phishing scams use redirects to steal Office 365, Facebook credentials
Researchers have recently warned of two massive phishing operations, collectively targeting hundreds of thousands of users – one seeking credentials for business services such as Office 365 and the other abusing Facebook Messenger to go after roughly 450,000 of the social media giant’s account holders.
Access Control, Cryptocurrency, Cybercrime, Insider Threats, Network Security, Security News, Web Services Security, E-Commerce Security
Twitter hack is a reminder of the dangers of unfettered employee access
Twitter’s acknowledgement that a “coordinated social engineering campaign” involving multiple employees was behind a hack of prominent verified accounts raises significant questions as to whether business organizations are implementing effective security controls that limit potential insider threats’ access to back-end administrative tools. The hacking incident — which promoted a cryptocurrency scam and victimized the accounts…
Cyber snoops targeted aerospace, defense employees with fake job offers on LinkedIn
A cyber espionage operation used fake job offers, sent via LinkedIn messages, to target employees at aerospace and military companies in Europe and the Middle East late last year, researchers from ESET have reported. The highly targeted campaign — dubbed Operation In(ter)ception (an allusion to one malware sample’s file name) — took place from September…
P2P payment apps, users urged to curb COVID-19 advance fee fraud
Fraudsters posing as celebrities, philanthropists and do-gooders offering financial aid to everyday people struggling due to the COVID-19 epidemic are running scams on users of peer-to-peer payment applications such as Cash App and Venmo, but financial service providers and consumers can reduce the risk of becoming victims by implementing a few security measures. Satnam Narang,…
Hacker hijacks Milwaukee Bucks star’s Twitter account, posts offensive trash talk
A malicious hacker reportedly hijacked the Twitter account of NBA star forward Giannis Antetokounmpo and riddled it with disparaging and offensive fake tweets about current and former players. The fake tweets used expletives and a racial slur, and even targeted L.A. Lakers legend Kobe Bryant, who tragically died in a helicopter crash earlier this year.…
900,000 WordPress sites attacked via XSS vulnerabilities
Nearly 1 million WordPress sites are being hit by what is likely a single threat actor attempting to inject a redirect into the sites by exploiting a cross site scripting vulnerability. The attacks were discovered by the WordFence Threat Intelligence Team, which noted that since April 28 the number of XSS attacks has been 30…
Details on 267M Facebook users sold for cheap on dark web
A cybercriminal actor on the dark web has made available a dataset of Facebook accounts belonging to 267 million users, recently selling the collective lot to researchers for 500 Euros. User data includes one’s email address, first and last names, phone number, Facebook ID, last connection, status and age, according to a blog post report…
Twitter changing safety guidelines regarding COVID-19 posts
Twitter has released new content guidelines regarding tweets that may help spread Coronavirus that will hunt down those that misinform the public, in much the same way the company is trying to protect elections. The company will now remove content that hinders people in some manner from seeking out the proper care for the virus…
Twitter goes after Baby Peanut, API threat
Two organizations attempted to manipulate Twitter to their benefit over the last few months, one was potentially a nation-sponsored actor. The other was a peanut by comparison. The more serious case was revealed by Twitter on February 3 when it reported it had shut down an attempt by a possible nation-state actor to exploit an…
Next post in Privacy & Compliance News and Analysis
