The Hacker News

Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware

The popularity of Brazil's PIX instant payment system has made it a lucrative target for threat actors looking to generate illicit profits using a new malware called GoPIX. Kaspersky, which has been tracking the active campaign since December 2022, said the attacks are pulled off using malicious ads that are served when potential victims search for "WhatsApp web" on search engines. "The

The Hacker News

1Password Detects Suspicious Activity Following Okta Support Breach

Popular password management solution 1Password said it detected suspicious activity on its Okta instance on September 29 following the support system breach, but reiterated that no user data was accessed. "We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing," Pedro Canahuati, 1Password CTO, 

WIRED

The Hamas Threat of Hostage Execution Videos Looms Large Over Social Media

Hamas has threatened to broadcast videos of hostage executions. With the war between Israel and Hamas poised to enter a new phase, are social platforms ready?

News ≈ Packet Storm

Hackers Target U.S. Facebook Biz Accounts With Potent Malware

WIRED

Who’s Responsible for the Gaza Hospital Explosion? Here’s Why It’s Hard to Know What’s Real

A flood of false information, partisan narratives, and weaponized “fact-checking" has obscured efforts to find out who’s responsible for an explosion at a hospital in Gaza.

WIRED

Elon Musk’s Main Tool for Fighting Disinformation on X Is Making the Problem Worse, Insiders Claim

X is promoting Community Notes to solve its disinformation problems, but some former employees and people who currently contribute notes say it’s not fit for that purpose.

News ≈ Packet Storm

Californians Can Scrub Personal Info Sold To Advertisers With First-In-US Law

WIRED

A Graphic Hamas Video Donald Trump Jr. Shared on X Is Actually Real, Research Confirms

A video posted by Donald Trump Jr. showing Hamas militants attacking Israelis was falsely flagged in a Community Note as being years old, thus making X's disinformation problem worse, not better.

WIRED

Elon Musk Is Personally Undermining X’s Efforts to Curb Israel-Hamas War Disinformation

X’s Trust and Safety team says it’s working to remove false information related to the Israel-Hamas war. Meanwhile, Elon Musk is sharing conspiracies and chatting with QAnon promoters.

WIRED

The Israel-Hamas War Is Drowning X in Disinformation

People who have turned to X for breaking news about the Israel-Hamas conflict are being hit with old videos, fake photos, and video game footage at a level researchers have never seen.

The Hacker News

Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients

Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The San Francisco-based firm blamed a Google Account cloud synchronization feature recently introduced in April 2023 for making the breach worse, calling it a "dark pattern." "The fact that Google Authenticator syncs to

News ≈ Packet Storm

TikTok Fined 345m Euros By Watchdog Over How It Processed Children's Data

News ≈ Packet Storm

Big Tech Has Failed To Police Russian Disinformation

News ≈ Packet Storm

TikTok Opens Dublin Data Centre To Ease China Spying Fears

The Hacker News

Okta Warns of Social Engineering Attacks Targeting Super Administrator Privileges

Identity services provider Okta on Friday warned of social engineering attacks orchestrated by threat actors to obtain elevated administrator permissions. “In recent weeks, multiple U.S.-based Okta customers have reported a consistent pattern of social engineering attacks against IT service desk personnel, in which the caller’s strategy was to convince service desk personnel to reset all

News ≈ Packet Storm

EU Safety Laws Start To Bite For TikTok, Instagram, And Others

WIRED

How X Is Suing Its Way Out of Accountability

The social media giant filed a lawsuit against a nonprofit that researches hate speech online. It’s the latest effort to cut off the data needed to expose online platforms’ failings.

The Hacker News

Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats

Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard (previously Nobelium). It's also called APT29, BlueBravo, Cozy Bear, Iron Hemlock, and The Dukes.

News ≈ Packet Storm

Mastodon Fixes Critical TootRoot Vuln Allowing Node Jacking

WIRED

How Threads' Privacy Policy Compares to Twitter's (and Its Rivals')

Want to try out Meta’s new social media app? Here’s more context on what personal data is collected by Threads and similar social media apps.

WIRED

Don't Join Threads—Make Instagram's 'Twitter Killer' Join You

Meta’s Twitter alternative promises that it will work with decentralized platforms, giving you greater control of your data. You can hold the company to that—if you don't sign up.

The Hacker News

Cybercrime Group 'Muddled Libra' Targets BPO Sector with Advanced Social Engineering

A threat actor known as Muddled Libra is targeting the business process outsourcing (BPO) industry with persistent attacks that leverage advanced social engineering ploys to gain initial access. "The attack style defining Muddled Libra appeared on the cybersecurity radar in late 2022 with the release of the 0ktapus phishing kit, which offered a prebuilt hosting framework and bundled templates,"

The Hacker News

Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks

The North Korean nation-state threat actor known as Kimsuky has been linked to a social engineering campaign targeting experts in North Korean affairs with the goal of stealing Google credentials and delivering reconnaissance malware. "Further, Kimsuky's objective extends to the theft of subscription credentials from NK News," cybersecurity firm SentinelOne said in a report shared with The

News ≈ Packet Storm

ByteDance Accused Of Helping China Spy On Hong Kong Activists

WIRED

Inside 4chan’s Top-Secret Moderation Machine

Internal company documents reveal how the imageboard’s chaotic moderation allowed racism and violence to take over.

News ≈ Packet Storm

War Crimes Evidence Erased By Social Media Firms

WeLiveSecurity

5 free OSINT tools for social media

A roundup of some of the handiest tools for the collection and analysis of publicly available data from Twitter, Facebook and other social media platforms

The post 5 free OSINT tools for social media appeared first on WeLiveSecurity

News ≈ Packet Storm

Meta Fined $1.3 Billion, Ordered To Stop Sending EU Data To US

WIRED

Meta’s $1.3 Billion Fine Is a Strike Against Surveillance Capitalism

The record-breaking GDPR penalty for data transfers to the US could upend Meta's business and spur regulators to finalize a new data-sharing agreement.

WIRED

Buffalo Mass Shooting Victims' Families Sue Meta, Reddit, Amazon

The families of victims of a mass shooting in Buffalo are challenging the platforms they believe led the attacker to carry out a racist massacre.

WIRED

Twitter’s Encrypted DMs Are Deeply Inferior to Signal and WhatsApp

The social network’s new privacy feature is technically flawed, opt-in, and limited in its functionality. All this for just $8 a month.

News ≈ Packet Storm

TikTok Spied On Me. Why?

News ≈ Packet Storm

Facebook Cracks Down On Malware Actors Targeting Biz Accounts

News ≈ Packet Storm

Meta Says ChatGPT-Related Malware Is On The Rise

WeLiveSecurity

Using Discord? Don’t play down its privacy and security risks

It’s all fun and games until someone gets hacked – here’s what to know about, and how to avoid, threats lurking on the social media juggernaut

The post Using Discord? Don’t play down its privacy and security risks appeared first on WeLiveSecurity

WIRED

A US Bill Would Ban Kids Under 13 From Joining Social Media

The legislation would insert the government into online platforms’ age-verification efforts—a move that makes some US lawmakers queasy.

News ≈ Packet Storm

Crime Agencies Condemn Meta's Encryption Plans

WIRED

Montana’s Looming TikTok Ban Is a Dangerous Tipping Point

The state is poised to be the first in the US to block downloads of the popular app, which could ignite a precarious chain reaction for digital rights.

News ≈ Packet Storm

LinkedIn Deploys New Secure Identity Verification For All Members

WIRED

LinkedIn Verification Now Lets You Verify Your Job and Account

To beat back fake accounts, the professional social network is rolling out new tools to prove you work where you say you do and are who you say you are.

WeLiveSecurity

Cleaning up your social media and passwords: What to trash and what to treasure

Give your social media presence a good spring scrubbing, audit your passwords and other easy ways to bring order to your digital chaos

The post Cleaning up your social media and passwords: What to trash and what to treasure appeared first on WeLiveSecurity

News ≈ Packet Storm

TikTok Fined £12.7m For UK Data Protection Law Breaches

WIRED

How Good Smile, a Major Toy Company, Kept 4chan Online

Documents obtained by WIRED confirm that Good Smile, which licenses toy production for Disney, was an investor in the controversial image board.

WeLiveSecurity

Staying safe on OnlyFans: The naked truth

How content creators and subscribers can embrace the social media platform without (overly) exposing themselves to the potentially toxic brew of NSFW content and privacy threats

The post Staying safe on OnlyFans: The naked truth appeared first on WeLiveSecurity

News ≈ Packet Storm

Five Takeaways From TikTok CEO's Congress Grilling

WeLiveSecurity

What TikTok knows about you – and what you should know about TikTok

As TikTok CEO attempts to placate U.S. lawmakers, it’s time for us all to think about the wealth of personal information that TikTok and other social media giants collect about us

The post What TikTok knows about you – and what you should know about TikTok appeared first on WeLiveSecurity

WIRED

The TikTok Hearing Revealed That Congress Is the Problem

The interrogation of CEO Shou Zi Chew highlighted US lawmakers’ own failure to pass privacy legislation.

WIRED

TikTok Paid for Influencers to Attend the Pro-TikTok Rally in DC

The embattled social media company brought out the checkbook to ensure at least 30 of its biggest assets—creators—were in DC to help fend off critics.

WIRED

The TikTok CEO’s Face-Off With Congress Is Doomed

On Thursday, Shou Zi Chew will meet a rare united front in the US Congress against the Chinese-owned social media app that has lawmakers in a tizzy.

WeLiveSecurity

Twitter ends free SMS 2FA: Here’s how you can protect your account now

Twitter’s ditching of free text-message authentication doesn’t mean that you should forgo using 2FA. Instead, switch to another – and, indeed, better – 2FA option.

The post Twitter ends free SMS 2FA: Here’s how you can protect your account now appeared first on WeLiveSecurity

WIRED

Senator Warner on the Restrict Act and a US TikTok Ban

WIRED spoke with the coauthor of the Restrict Act, a bipartisan bill to crack down on tech from six “hostile” countries.

News ≈ Packet Storm

Info Stealer Targets Facebook Business Accounts

News ≈ Packet Storm

TikTok Answers Three Big Cybersecurity Fears About The App

WIRED

The Push to Ban TikTok in the US Isn’t About Privacy

Lawmakers are increasingly hellbent on punishing the popular social network while efforts to pass a broader privacy law have dwindled.

The Hacker News

New S1deload Malware Hijacking Users' Social Media Accounts and Mining Cryptocurrency

An active malware campaign has set its sights on Facebook and YouTube users by leveraging a new information stealer to hijack the accounts and abuse the systems' resources to mine cryptocurrency. Bitdefender is calling the malware S1deload Stealer for its use of DLL side-loading techniques to get past security defenses and execute its malicious components. "Once infected, S1deload Stealer steals

Naked Security

Coinbase breached by social engineers, employee data stolen

Another day, another "sophisticated" attack. This time, the company has handily included some useful advice along with its mea culpa...

News ≈ Packet Storm

Will The Supreme Court End Social Media As We Know It This Week?

The Hacker News

Coinbase Employee Falls for SMS Scam in Cyber Attack, Limited Data Exposed

Popular cryptocurrency exchange platform Coinbase disclosed that it experienced a cybersecurity attack that targeted its employees. The company said its "cyber controls prevented the attacker from gaining direct system access and prevented any loss of funds or compromise of customer information." The incident, which took place on February 5, 2023, resulted in the exposure of a "limited amount of

News ≈ Packet Storm

Revealed: The Hacking And Disinformation Team Meddling In Elections

The Hacker News

Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts

Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network (MPN) accounts that were used for creating malicious OAuth applications as part of a phishing campaign designed to breach organizations' cloud environments and steal email. "The applications created by these fraudulent actors were then used in a consent phishing campaign, which tricked users into granting