Category: News

From whizcase.com

Social media and entertainment accounts sold illegally are now carving out their niche in Dark Web marketplaces.

In a recent report, trends and prices of illegally sold hacked social media and entertainment accounts were collected and studied. Here are some key highlights:

• You can buy ALL hacked social media accounts (LinkedIn, Facebook, Twitter, Instagram, Discord, Snapchat, Pinterest, TikTok, Reddit) for $127.
• Access to all entertainment service accounts annually costs  $100 (Apple Music, Netflix, Disney+, Spotify, Hulu, Twitch, HBO Max, Amazon Prime, SoundCloud).
• Hacked communication and live chat tools cost $93.
• LinkedIn and Gmail are the most expensive accounts. Both cost $45. 
• Lots of hacked accounts are sold under $10 – TikTok $8, Skype $8, Telegram $6, Signal $6, Amazon Prime $9. 
• Most of these are obtained from social engineering or phishing campaigns after hackers have compromised users’ email addresses used at registration.

Read more…

From theconversation.com

It’s a crime story fit for the digital era. It was recently reported that a number of restaurants in New York had been targeted by internet scammers threatening to leave unfavourable “one-star” reviews unless they received gift certificates. The same threats were made to eateries in Chicago and San Francisco and it appears that a vegan restaurant received as many as eight one-star reviews in the space of a week before being approached for money.

Read more…

From securityaffairs.co

At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform.

Read more…

From bleepingcomputer.com

A newly discovered and uncommonly stealthy Advanced Persistent Threat (APT) group is breaching corporate networks to steal Exchange (on-premise and online) emails from employees involved in corporate transactions such as mergers and acquisitions.

Mandiant researchers, who discovered the threat actor and now track it as UNC3524, say the group has demonstrated its “advanced” capabilities as it maintained access to its victims’ environments for more than 18 months (in some cases).

Read more..

From tripwire.com

In the past, I’ve written about digital privacy and how much data we leak through our day to day interactions. I think this is an important topic to consider and really focus on and it is an element of cybersecurity at both the enterprise and personal level that isn’t discussed enough. One of the reasons is that demonstrating this can definitely have elements of “being creepy.” With software vulnerabilities, we can obtain the software ourselves and demonstrate the vulnerability. That’s more difficult to do with privacy related information as anyone who could consent is someone that you likely know a lot about already.

Read more…

From bleepingcomputer.com

Fake Windows 10 updates are being used to distribute the Magniber ransomware in a massive campaign that started earlier this month.

Read more…

From securityafairs.co

Password manager app LastPass confirmed that threat actors have launched a credential stuffing attack against its users.

While LastPass says that it is not aware that some of its accounts were compromised in the recent credential stuffing attacks that started on Monday, numerous LastPass users claim that their master passwords have been compromised after receiving emails warning them that someone tried to use them to access their accounts.

Read more…