Rampant data sharing suggests website managers lack control, visibility
Website managers need better insight into their third-party app partners’ default settings and access rights, experts say.
About SC Media
Social Media
How not to overshare when crafting social media posts, out-of-office messages
Out-of-office email messages serve an important business communications function, and a strong social media profile is a great way to network with your peers and brand yourself. So the question becomes: Where do you draw the line? What constitutes TMI?
Perils of coding errors play out in Parler slip up
Applied to internet applications in general, the IDOR problems that led to the Parler exposure could extend to anything stored sequentially and not secured individually — receipts, posts, and in many instances entire accounts.
Cybercriminals use Facebook ads to shame companies, confuse messaging to customers
The tactic, used in a recent incident involving Italian liquor company Campari, attempts to counter a company’s own efforts at damage control.
Phishing scams use redirects to steal Office 365, Facebook credentials
Researchers have recently warned of two massive phishing operations, collectively targeting hundreds of thousands of users – one seeking credentials for business services such as Office 365 and the other abusing Facebook Messenger to go after roughly 450,000 of the social media giant’s account holders.
Access Control, Cryptocurrency, Cybercrime, Insider Threats, Network Security, Security News, Web Services Security, E-Commerce Security
Twitter hack is a reminder of the dangers of unfettered employee access
Twitter’s acknowledgement that a “coordinated social engineering campaign” involving multiple employees was behind a hack of prominent verified accounts raises significant questions as to whether business organizations are implementing effective security controls that limit potential insider threats’ access to back-end administrative tools. The hacking incident — which promoted a cryptocurrency scam and victimized the accounts…
Cyber snoops targeted aerospace, defense employees with fake job offers on LinkedIn
A cyber espionage operation used fake job offers, sent via LinkedIn messages, to target employees at aerospace and military companies in Europe and the Middle East late last year, researchers from ESET have reported. The highly targeted campaign — dubbed Operation In(ter)ception (an allusion to one malware sample’s file name) — took place from September…
P2P payment apps, users urged to curb COVID-19 advance fee fraud
Fraudsters posing as celebrities, philanthropists and do-gooders offering financial aid to everyday people struggling due to the COVID-19 epidemic are running scams on users of peer-to-peer payment applications such as Cash App and Venmo, but financial service providers and consumers can reduce the risk of becoming victims by implementing a few security measures. Satnam Narang,…
Hacker hijacks Milwaukee Bucks star’s Twitter account, posts offensive trash talk
A malicious hacker reportedly hijacked the Twitter account of NBA star forward Giannis Antetokounmpo and riddled it with disparaging and offensive fake tweets about current and former players. The fake tweets used expletives and a racial slur, and even targeted L.A. Lakers legend Kobe Bryant, who tragically died in a helicopter crash earlier this year.…
900,000 WordPress sites attacked via XSS vulnerabilities
Nearly 1 million WordPress sites are being hit by what is likely a single threat actor attempting to inject a redirect into the sites by exploiting a cross site scripting vulnerability. The attacks were discovered by the WordFence Threat Intelligence Team, which noted that since April 28 the number of XSS attacks has been 30…
Next post in Vulnerabilities
