Security researcher Henry Hoggard recently discovered a cross site request forgery (CSRF) vulnerability in Twitter’s “add a mobile device” feature, giving him the ability to read direct messages and Tweet from any account.
Browsing Category: Social Engineering
Barracuda Networks’ latest research on the Twitter underground reveals a thriving market for phony accounts that are used for spam or to spread malware.
A Palestinian security researcher demonstrated an exploit for a Facebook bug on the timeline of founder and CEO Mark Zuckerberg.
Companies such as Apple and General Motors gave up crucial company information to social engineers during the annual Capture the Flag contest at Def Con.
A security researcher discovered a simple vulnerability in Verizon Wireless’s Web-based customer portal that enabled anyone who knows a subscriber’s phone number to download that user’s SMS message history, including the numbers of the people he communicated with.
Late last year the world’s largest social network announced that it would begin removing a popular privacy feature that let users regulate whether other users could search for and locate their profiles with the Facebook search function.
Cybercriminals’ use of Bitcoins and Web-based currency exchanges has made a tried-and-true law enforcement strategy of following the money to arrest criminals close to impossible.
A new phishing campaign is disseminating malicious links with emails purporting to come from CNN saying that the United States has initiated military strikes against the embattled regime of Syrian President Bashar al Assad.
Italian security researchers report that as many as 800,000 Chrome users had browser sessions hijacked after falling victim to phony Facebook messages that eventually led users to malware posing as a video plug-in.
Late Tuesday morning, one of the engineers in CloudFlare’s San Francisco office saw a message on Twitter saying that the New York Times Web site was down. Minutes later, more messages appeared, as security researchers and others began looking into the situation and realized that someone may have compromised the site’s DNS records. Understanding the ramifications of that sort of attack, if that’s in fact what it was, Matthew Prince, CloudFlare’s CEO sent an email to Rajiv Pant, the CTO of the Times, saying that the company’s engineers would be available if Pant needed some help figuring out the situation. He did.