Monday, 21 November 2016

Twitter Celebs and Corporate Accounts Hacked Through Third Party

A third party Twitter site was hacked over the weekend and various celebrity and media accounts taken over to promote an “increase Twitter followers” service.
Twitter Counter, which claims to be the ‘#1 stat site powered by Twitter’ posted the following on Saturday:
“We can confirm that our service has been hacked; allowing posts on behalf of our users! We have launched an investigation into this matter.”
Earlier, countless celebrity accounts including those of Charlie Sheen and Lionel Messi, as well as the likes of Sky News, The New YorkerThe Next Web, and The Economist posted tweets on behalf of a site claiming to increase users’ Twitter followers.
Even the Twitter accounts of the US National Transportation Safety Board (NTSB), Playstation and Xbox were compromised.
Twitter Counter subsequently confirmed that it had addressed the problem and hackers can’t post on its users’ behalf any more.
It’s unclear exactly how the cyber attack on the firm occurred, but it has been quick to reassure customers with the following update:
“We ensure the privacy of our users' information. We do not store credit card information and we do not keep Twitter account passwords.”
Although the hackers appear to have focused their efforts on taking over high profile accounts with many followers, regular users would probably still do well to change their passwords and switch on two-factor authentication.
The incident is also a reminder of the potential security risk of linking one’s social accounts to third party services like Twitter Counter, as they can provide another way for hackers to attack.
In September, Twitter joined a new industry coalition designed to improve cybersecurity standards.
The Vendor Security Alliance (VSA) will help businesses assess how secure the companies they’re looking to partner with are to ensure there are no weak links in the chain.

FBI: US ATMs Could Be Hacked to Spew Cash

The FBI is warning that potential ATM attacks, similar to those in Taiwan and Thailand that caused ATMs to dispense millions, could happen in the US.
The FBI said in a recent bulletin that it was “monitoring emerging reports indicating that well-resourced and organized malicious cyber-actors have intentions to target the US financial sector.” Now, the Wall Street Journal has reported that the threat could be linked to malicious software used by the Russian gang known as Buhtrap, known for stealing money thorugh fraudulent wire transfers. Sources said that the group has been testing ATM hacking techniques on Russian banks, and will soon look to try them out on financial institutions in other countries.
The first such attack on an ATM system was reported in the Taiwanese capital Taipei in July, after 22 thieves made off with $2.6 million from ATMs around the country by causing them to spit out cash. Criminals from eastern Europe and Russia are said by police to have used malware to infiltrate cash machines run by First Commercial Bank. Three suspects were eventually arrested in Taipei and north-east Taiwan, with around half the money recovered.
A similar attack was reported at the Government Savings Bank in Thailand the following month. There, the Ripper malware was used in a sophisticated campaign to steal 12 million baht (£265,400) from ATMs in Thailand. Ripper targets three major global ATM manufacturers, and is unusual in that it interacts with the targeted machine via a specially crafted bank card featuring an EMV chip which acts as an authentication method.