now browsing by tag


Forensic review underway after Twitter hack, tips to protect your accounts | #corporatesecurity | #businesssecurity | #

Twitter says a forensic review is underway. “Dr. Fraud” shared these tips on how you can avoid your accounts from being hacked: ·        Use two factor authentication ·        Super strong password ·        Lock […] View full post on National Cyber Security

#nationalcybersecuritymonth | Twitter says Olympics, IOC accounts hacked | News

Source: National Cyber Security – Produced By Gregory Evans

(Reuters) – Twitter said on Saturday that an official Twitter account of the Olympics and the International Olympic Committee’s (IOC) media Twitter account had been hacked and temporarily locked.

The accounts were hacked through a third-party platform, a spokesperson for the social media platform said in an emailed statement, without giving further details.

“As soon as we were made aware of the issue, we locked the compromised accounts and are working closely with our partners to restore them,” the Twitter spokesperson said.

A spokesperson for the IOC separately said that the IOC was investigating the potential breach.

Twitter also said Spanish soccer club FC Barcelona’s account faced a similar incident on Saturday.

“FC Barcelona will conduct a cybersecurity audit and will review all protocols and links with third party tools, in order to avoid such incidents,” the soccer club said in a tweet after the hack.

Last month, the official Twitter accounts of several U.S. National Football League (NFL) teams, including the San Francisco 49ers and Kansas City Chiefs, were hacked a few days ahead of the Super Bowl.

Earlier this month, some of Facebook’s official Twitter accounts were briefly compromised.

(Reporting by Akshay Balan in Bengaluru, Editing by Rosalba O’Brien)

Source link

The post #nationalcybersecuritymonth | Twitter says Olympics, IOC accounts hacked | News appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Lime Scooter Accounts Are Being Sold on the Dark Web

Source: National Cyber Security – Produced By Gregory Evans

On the dark web, there are plenty of people looking for a free ride. Or at least a very cheap one. A vendor on a dark web marketplace is advertising what they say are accounts for the scooter service Lime.

“This account is used free to locate rental scooters (with a random life),” a listing on a dark web market reads, referring to finding scooters that may be available to use. The vendor says they have accounts for both the European Union and the U.S.

“The accounts sold here are functional and verified. They are unique for sale. Once sold, the accounts are automatically deleted from my database,” the advert continues. The listing offers one account for €13.

Lime, like a wealth of other companies entering this space, lets users quickly rent scooters across major cities. Motherboard recently reported how Los Angeles wants scooter companies like Lime, Bird, and Uber’s JUMP to provide real-time location data of the scooters for city planning purposes, although activists have privacy concerns around the sharing of this data.

Armed with one of these accounts, it seems a customer wouldn’t need to pay Lime for using its scooters. The vendor has some conditions over using the accounts.

A section of the dark web listing offering Lime accounts. Image: Motherboard

“Do not change anything on the account (email/password etc),” they write. “Do not share the account (s).”

A Lime spokesperson said in a statement, “While this is not caused by any Lime security vulnerability, this illegal and dangerous behavior is absolutely against Lime policy and will not be tolerated on the Lime platform. We strongly remind our users that sharing account access information with any third party is against our user agreement and can expose them to significant cybersecurity risk.”

Lime added that it will be migrating iPhone users to Apple ID login in the future, and that the company does not allow people to use any password that has already appeared in HaveIBeenPwned’s leaked password list. The HaveIBeenPwned database, maintained by security researcher Troy Hunt, contains email addresses, usernames, and plaintext and hashed passwords from data breaches.

Motherboard previously discovered Uber accounts for sale on the dark web in 2015. Hackers were able to access these by using previously compromised passwords from other services.

Subscribe to our cybersecurity podcast, CYBER.

This article originally appeared on VICE US.

Source link

The post #deepweb | <p> Lime Scooter Accounts Are Being Sold on the Dark Web <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Fears of Russian interference hit U.K. election as Reddit bans accounts after U.S. trade talks leak

Source: National Cyber Security – Produced By Gregory Evans

LONDON — Fears of Russian interference reared their head in the U.K. election this weekend after social media platform Reddit said it believed confidential British government documents were posted to the site as “part of a campaign that has been reported as originating from Russia.”

Reddit launched an investigation after opposition Labour Party leader Jeremy Corbyn brandished the leaked documents at a press conference last month.

The 451-page dossier appeared to reveal rounds of trade negotiations with the U.S. for a post-Brexit trade deal included mention of the country’s beloved National Health Service. Labour claimed they proved Prime Minister Boris Johnson would put the NHS “up for sale” to secure a deal with President Donald Trump.

The British government has not denied the authenticity of the documents. NBC News has not verified their authenticity.

Johnson, whose ruling Conservative Party leads in the polls entering the final week, has denied Corbyn’s claims about what they show.

A British government spokesperson told NBC News Sunday that “online platforms should take responsibility for content posted on them, and we welcome the action Reddit have taken.”

“The U.K. government was already looking into the matter, with support from the National Cyber Security Centre,” the spokesperson said.

Let our news meet your inbox. The news and stories that matters, delivered weekday mornings.

“We do not comment on leaks, and it would be inappropriate to comment.”

Reddit said late Friday that its investigation into the posts related to the leak revealed “a pattern of coordination” by suspect accounts that were similar to a Russian campaign called “Secondary Infektion” discovered on Facebook earlier this year.

The site also said it had banned 61 accounts suspected of violating policies against vote manipulation related to the original post, which was published in October.

Corbyn has not revealed how his party obtained the documents but defended the decision to use them.

Asked about Reddit’s conclusions at a campaign stop Saturday, Corbyn said the news was an “advanced stage of rather belated conspiracy theories.”

“When we released the documents, at no stage did the prime minister or anybody deny that those documents were real, deny the arguments that we put forward. And if there has been no discussion with the USA about access to our health markets, if all that is wrong, how come after a week they still haven’t said that?” he added.

He also criticized the government for failing to release a Parliamentary intelligence committee report on Russian interference in British politics before the election campaign began.

Thursday’s vote was called in an effort to break the deadlock that has left the future of the country’s relationship with the European Union uncertain.

But the future of Britain’s health care has emerged as a powerful rejoinder to the notion of a purely ‘Brexit election.’

Asked about the source of the leak this weekend, Johnson said: “I do think we need to get to the bottom of that.”

Culture minister Nicky Morgan claimed the leak raises concerns of Russian influence on British democracy and said the government is taking steps and “watching for what might be going on.”

“From what was being put on that (Reddit) website, those who seem to know about these things say that it seems to have all the hallmarks of some form of interference,” Morgan told the BBC. “And if that is the case, that obviously is extremely serious.”

But if Russia was behind the leak, its aim may not have been to help any particular side in the election, Lisa-Maria Neudert, a researcher at Oxford University’s Project on Computational Propaganda, told Reuters.

“We know from the Russian playbook that often it is not for or against anything,” she said.

“It’s about sowing confusion, and destroying the field of political trust.”

Michele Neubert contributed.

Source link

The post #nationalcybersecuritymonth | Fears of Russian interference hit U.K. election as Reddit bans accounts after U.S. trade talks leak appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Hacked Disney+ Accounts on Sale for $1

Source: National Cyber Security – Produced By Gregory Evans Disney’s new video-on-demand streaming service has been compromised within a week of its being launched, with hacked Disney+ accounts offered for sale online for just $1.  According to The Daily Dot, the hugely popular Disney+ service, which amassed over 10 million subscribers on its first day alone, was […] View full post on

#deepweb | Disney+ accounts being sold on dark web marketplaces

Source: National Cyber Security – Produced By Gregory Evans If you like to watch movies and TV series online then you should know what Disney+ is but for those who don’t, Disney+ is a video-on-demand streaming service owned by Walt Disney. The service was launched last week on November 12th, 2019. However, word on the […] View full post on

Under Armour #admits 150 #million #MyFitnessPal #accounts were #hacked

Under Armour said on Thursday that data from some 150 million MyFitnessPal diet and fitness app accounts was compromised in February, in one of the biggest hacks in history, sending shares of the athletic apparel maker down 3 percent in after-hours trade.

The stolen data includes account user names, email addresses and scrambled passwords for the popular MyFitnessPal mobile app and website, Under Armour said in a statement. Social Security numbers, driver license numbers and payment card data were not compromised, it said.

It is the largest data breach this year and one of the top five to date, based on the number of records compromised, according to SecurityScorecard.

Larger hacks include 3 billion Yahoo accounts compromised in a 2013 incident and credentials for more than 412 million users of adult websites run by California-based FriendFinder Networks Inc in 2016, according to breach notification website

Under Armour said it is working with data security firms and law enforcement, but did not provide details on how the hackers got into its network or pulled out the data without getting caught in the act.

While the breach did not include financial data, large troves of stolen email addresses can be valuable to cyber criminals.

Email addresses retrieved in a 2014 attack that compromised data on some 83 million JPMorgan Chase customers was later used in pump-and-dump schemes to boost stock prices, according to U.S. federal indictments in the case in 2015.

Under Armor said in an alert on its website that it will require MyFitnessPal users to change their passwords, and it urged users to do so immediately.

“We continue to monitor for suspicious activity and to coordinate with law enforcement authorities,” the company said, adding that it was bolstering systems that detect and prevent unauthorized access to user information.

Under Armour said it started notifying users of the breach on Thursday, four days after it first learned of the incident.

Under Armour bought MyFitnessPal in 2015 for $475 million. It is part of the company’s connected fitness division, whose revenue last year accounted for 1.8 percent of Under Armour’s $5 billion in total sales.


The post Under Armour #admits 150 #million #MyFitnessPal #accounts were #hacked appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Tinder #vulnerability allows #hackers to take over #accounts with just one #phone number

Source: National Cyber Security News

After it was reported last month that online dating app Tinder had a security flaw, which allows strangers to see users’ photos and matches, security firm, Appsecure has now uncovered a new flaw which is potentially more damaging.

Infiltrators who exploit the vulnerability will be able to get access to users’ account with the help of their login phone number. The issue has, however, been fixed after Tinder was alerted by Appsecure.

Appsecure says, the hackers could have taken advantage of two vulnerabilities to attack accounts, with one being Tinder’s own API and the other in Facebook’s Account Kit system which Tinder uses to manage the logins.

In a statement sent to The Verge, a Tinder spokesperson said, “Security is a top priority at Tinder. However, we do not discuss any specific security measures or strategies, so as not to tip off malicious hackers.”

The vulnerability exposed the access tokens of the users. If a hacker is able to obtain a user’s valid access token then he/she can easily take over a user account.

“We quickly addressed this issue and we’re grateful to the researcher who brought it to our attention,” The Verge quoted a Facebook representative as saying.

Read More….


View full post on National Cyber Security Ventures

90% of #world’s #Gmail accounts ‘#vulnerable to #hackers

Despite the growth of sophisticated cyber threats globally, Google has said that less than 10 per cent of active Gmail users have enabled two-factor authentication making the remaining 90 per cent more vulnerable to cyber attacks.
According to Google engineers, compromised passwords are the top way hackers gain access to accounts and all users — especially those in the enterprises — should implement two-factor authentication immediately.

“Further, only 12 per cent of Americans use a password manager to protect their accounts,” US-based news website Techrepublic quoted Google engineer Grzegorz Milka as saying in a presentation at the Usenix Enigma 2018 security conference in California late on Saturday.

Two-factor authentication is one of the most effective ways to protect online accounts given that compromised passwords are the top way attackers gain access to accounts.

In the enterprise, if a hacker can break into the email of even one employee, it gives them not only access to company data but also ammunition for future phishing attacks — making it even more important for firms to ensure all employees have enabled two-factor authentication and gone through cybersecurity training.
The feature, which Google calls 2-step verification, requires using a second step-often a single-use key or password-along with the account password to verify a user’s identity and allow them into their account.
With Google, the second step can come in the form of a text message, a phone popup, through a Google Authenticator app or from a number of printed single-use codes.
Google first rolled out its two-factor authentication feature back in 2011, yet users have failed to adopt the safety measure in large numbers. The feature adds a few seconds to the login time but is claimed to be the best option to stay away from cyber attacks.
Milka said that Google did not make two-factor authentication mandatory for all users due to usability.
“It’s about how many people would we drive out if we force them to use additional security,” he was quoted as saying.
Google has made a number of other efforts to improve security for its users.
In January 2017, the company announced new layers of enterprise-grade security controls for “G Suite” to give users more control and visibility over sensitive information.
In October last year, it rolled out the “Advanced Protection Programme” that offers better defenses against phishing, accidental data sharing and fraudulent account access for executives and professionals in fields where confidential information is shared online.
For the latest news, tech news, breaking news headlines and live updates checkout

View full post on National Cyber Security Ventures

Facebook fights #imposter accounts with #facial #recognition

Source: National Cyber Security – Produced By Gregory Evans

Facebook on Tuesday announced a new facial recognition tool that can spot you even when you haven’t been tagged – handy when some identity thief goes and puts up an account with your photo.

It also introduced a way for the visually impaired to know more about who’s in the photos they encounter on Facebook.

You might be a bit dizzy from Facebook’s ever-changing privacy controls. You might be wondering how to keep yourself from ever being tagged in the first place, which would be pretty nice, privacy-wise. Sorry, Charlie: long story short, we’re still stuck with having to go untag ourselves, since nobody’s forced to ask us before they do the deed.

Short story long, on the facial recognition front Facebook says it’s received feedback from people saying that they’d find it easier to manage face recognition through a simple setting, so it paired the new tools with a single on/off control. It says that if your tag suggestions setting is currently set to “none,” then your default face recognition setting will be set to “off” and will remain that way until you decide to change it.

At which point you may be saying, as was I, Who now? What? Where dat?

For which Facebook has this page with instructions about how to turn off tag suggestions for photos of you. Mind you, it doesn’t stop anybody from tagging you – all it does is stop Facebook from suggesting that people tag you in photos that look like you.

Anyhow, back to the notifications when Facebook spots photos of you even though you haven’t been tagged: from hereon in, if you’re part of the audience allowed to see the image, you can choose whether to tag yourself, roam free and untagged like the wild mustang you are, or reach out to the person who posted the photo if you have concerns about it.

You can, that is, unless you’re in Canada or the EU, where all this is moot: Facebook doesn’t currently offer facial recognition there (a situation brought about after backlash from users and regulators. In 2012, the company, under pressure, turned off facial recognition in Europe and deleted the user-identifying data it already held.)

If you’re in a photo but you’re not in the post’s selected audience, you are out of luck, since Facebook says it “always respect[s] the privacy setting people select when posting a photo on Facebook (whether that’s friends, public or a custom audience).” Thus, you can still be in a photo and not receive a notification if you’re not in the audience.

At any rate, the new use of facial recognition is mostly about letting you know if someone has uploaded your photo as their profile picture. Facebook wants to prevent people from impersonating others on the platform.

This isn’t the first approach it’s taken to the problem: In March 2016, it was testing a feature that alerted users if somebody was impersonating them. Impersonation was one reported source of harassment that was brought up in a series of roundtables the company held around the world to discuss women’s safety on social media.

With regards to helping the visually impaired, two years ago, Facebook launched an automatic alt-text tool that describes photos to people with vision loss. Combining it with facial recognition will enable people who use screen readers to know who appears in photos in their News Feed even if people aren’t tagged.

A little background on all this facial recognition stuff:

Since 2010, face recognition technology has “helped bring people closer together on Facebook.”

Well, that’s the way Facebook tells it.

Let’s rewrite the fairy tale from the perspective of we, the huddled, relentlessly tagged masses: Since 2010, Facebook’s been “helping us” by facially recognizing people in photos, suggesting their names for tagging, and not bothering to ask the people whom Facebook thought it had recognized whether or not they actually wanted to be tagged.

There have been notifications when we’re tagged, and then we’ve had to go untag ourselves. We have not, mind you, been notified before we’ve been tagged, in case we don’t want to be tagged in the first place, by the paparazzi we call friends and family.

Since 2010, Facebook’s facial recognition has gone through all sorts of gyrations. At one point, Facebook appeared to have gotten to the point where its systems don’t even have to see your face to recognize your face. In 2015, Facebook’s artificial intelligence team scored 83% facial recognition accuracy, even for photos where faces weren’t clearly visible, by relying on cues such as a person’s stance and body type.

All this, in spite of the fact that people overwhelmingly loathe it when their photos are posted without their approval.

To Facebook’s credit, though, it’s done at least one privacy-positive thing vis-a-vis facial recognition: in November 2015, the company said it was putting together a program to warn parents before they share photos of children publicly instead of just with friends.

It was refreshing to see Facebook planning to do something about the missteps that people make with photos that are feeding into its mushrooming database of facial recognition biometric data.

(Its Jabba the Hut of a face database hasn’t exactly given up on bread and pasta, however; in April 2016, Facebook announced that it was moving beyond still photos to auto-tagging faces [and cats, and fireworks, and food] in videos. Talk about shooting growth hormones into a database!).

The heads-up to parents was a good step. We can count the extra help for the visually impaired to that side of the facial recognition ledger, too. Also, being told when people are using your photos as their own profile pictures is a win.

We’d still like to see Facebook come out with a setting where you specify that you can’t be tagged at all. Or how about going backwards one more step in the process?

Given that Facebook can recognize your likeness without you being tagged, it would seem to be possible that the company could offer a setting through which users could choose to have photos of themselves pre-emptively barred from being posted at all.

Would you opt for that one?

The post Facebook fights #imposter accounts with #facial #recognition appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures