NCSC: Twitter Users Should Find MFA Alternatives
UK's security agency warns against letting protection lapse
Covers how social media can expose personal data, spread scams, enable account takeover, and provide channels for influence or abuse.
Search across headline titles and summaries.
Background for this topic.
Social media comprises online services where people and organizations publish content, communicate, and form networks. The term covers public posts, private messages, groups, live streams, advertising systems, and the APIs and third-party applications that process platform data.
For security teams, these platforms expose identity, relationship, and behavioral information that can support targeted phishing, impersonation, or social engineering. Compromised accounts may be used to distribute malicious links or fraud, while excessive sharing and poorly controlled integrations can expose personal or corporate data. Relevant controls include strong authentication, phishing-resistant account recovery, least-privilege access for connected applications, monitoring for brand and executive impersonation, and clear retention and privacy policies. Public posts and platform telemetry can also provide threat intelligence, but collection and use may be constrained by privacy obligations and applicable data-protection rules.
UK's security agency warns against letting protection lapse
As companies increasingly adopt MFA (even as companies like Twitter disable it), cybercriminals are developing a variety of strategies to steal credentials and gain access to high-value accounts anyway.
When attempting to access Twitter's website, users see "Welcome to Twitter!" on the timeline. The alert, typically used for new signups, says, "Twitter is the best place to see what's happening in your world", with a Let's go button that lets you follow some people and topics. [...]
Last chance to film yourself doing a ByteDance, in the US and abroad The White House has ordered all federal government employees to delete TikTok from work devices, over fears the video-sharing app could be used to spy on Americans. …
Within 90 days, agencies must also cancel existing contracts that necessitate the app's use