Mandiant, SEC Lose Control of X Accounts Without 2FA
Crypto hacks on Mandiant and SEC X accounts are the predictable result of the social media platform's upcharge for basic cybersecurity protections, experts say.
Covers how social media can expose personal data, spread scams, enable account takeover, and provide channels for influence or abuse.
Search across headline titles and summaries.
Background for this topic.
Social media comprises online services where people and organizations publish content, communicate, and form networks. The term covers public posts, private messages, groups, live streams, advertising systems, and the APIs and third-party applications that process platform data.
For security teams, these platforms expose identity, relationship, and behavioral information that can support targeted phishing, impersonation, or social engineering. Compromised accounts may be used to distribute malicious links or fraud, while excessive sharing and poorly controlled integrations can expose personal or corporate data. Relevant controls include strong authentication, phishing-resistant account recovery, least-privilege access for connected applications, monitoring for brand and executive impersonation, and clear retention and privacy policies. Public posts and platform telemetry can also provide threat intelligence, but collection and use may be constrained by privacy obligations and applicable data-protection rules.
Crypto hacks on Mandiant and SEC X accounts are the predictable result of the social media platform's upcharge for basic cybersecurity protections, experts say.
Scammers are targeting multiple brands with "job offers" on Meta's social media platform, that go as far as to offer what look like legitimate job contracts to victims.
All Organizations That Use X Should Review Their Two-Factor Authentication SettingsGoogle Cloud's Mandiant says its account at X, formerly Twitter, was hijacked and used to link to cryptocurrency phishing pages after an attacker guessed the account password, apparently after Twitter last year deactivated the account's SMS-based two-factor authentication, leaving it unprotected.
The compromise of Mandiant's X (formerly Twitter) account last week was likely the result of a "brute-force password attack," attributing the hack to a drainer-as-a-service (DaaS) group
Cybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it described as "likely a brute force password attack." [...]
Value of Bitcoin Rocketed Following Fake Post Claiming Spot Bitcoin ETFs ApprovedThe U.S. Securities and Exchange Commission said it is probing the "compromise" of its X - formerly known as Twitter - social media accounts after a hacker broadcast a fake post claiming the agency had approved spot bitcoin exchange-traded funds, which sent the value of bitcoin rocketing.
Buy the hype, sell the, wait, what do we do now?! Breaking The SEC today said its Twitter/X account was hijacked to wrongly claim it had approved hotly anticipated Bitcoin ETFs, causing cryptocurrency to spike and then slip in price.…
Buy the hype, sell the, wait, what do we do now?! Breaking The SEC today said its Twitter account was hijacked to wrongly claim it had approved hotly anticipated Bitcoin ETFs, causing cryptocurrency to spike and then slip in price.…
The official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. [...]
Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that’s equipped to bypass security software and stealthily launch hidden applications
Blockchain security firm Certik had its own social media account hacked to push a crypto scam
Also: Twitter hijackings, BEC arrest, and critical vulnerabilities Infosec in brief We gather everyone's still easing themselves into the New Year. Deleting screens of unread emails, putting on a brave face in meetings, and slowly getting up to speed. While you're recovering from the Christmas break, Meta has been busy introducing fresh ways to monetize your web surfing habits while dressing it up as a user experience improvement.…