Sat.Feb 18, 2023

article thumbnail

New WhiskerSpy malware delivered via trojanized codec installer

Bleeping Computer

Security researchers have discovered a new backdoor called WhiskerSpy used in a campaign from a relatively new advanced threat actor tracked as Earth Kitsune, known for targeting individuals showing an interest in North Korea. [.

Malware 110
article thumbnail

Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only

The Hacker News

Twitter has announced that it's limiting the use of SMS-based two-factor authentication (2FA) to its Blue subscribers. "While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors," the company said. "We will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Twitter will allow using the SMS-based two-factor authentication (2FA) only to its Blue subscribers

Security Affairs

Twitter has announced that the platform will allow using the SMS-based two-factor authentication (2FA) only to its Blue subscribers. To date, Twitter has offered three methods of 2FA : text message, authentication app, and security key. However, the company has announced that it will limit the use of SMS-based two-factor authentication (2FA) only to its Blue subscribers.

article thumbnail

GoDaddy Discloses Multi-Year Security Breach Causing Malware Installations and Source Code Theft

The Hacker News

Web hosting services provider GoDaddy on Friday disclosed a multi-year security breach that enabled unknown threat actors to install malware and siphon source code related to some of its services. The company attributed the campaign to a "sophisticated and organized group targeting hosting services.

Malware 100
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

GoDaddy discloses a new data breach

Security Affairs

GoDaddy discloses a security breach, threat actors have stolen source code and installed malware on its servers in a long-runing attack. Web hosting company GoDaddy announced that attackers have stolen source code and installed malware on its servers. The threat actors have breached its cPanel shared hosting environment, the company states that it is not able to determine the timing of the initial compromise, however, it is still investigating the breach to determine the root cause of the incide

article thumbnail

Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiOS, and FortiProxy

The Hacker News

Fortinet has released security updates to address 40 vulnerabilities in its software lineup, including FortiWeb, FortiOS, FortiNAS, and FortiProxy, among others. Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity. Top of the list is a severe bug residing in the FortiNAC network access control solution (CVE-2022-39952, CVSS score: 9.

More Trending

article thumbnail

Watching a Crypto Investment Scam WhatsApp Group

Security Boulevard

If your online accounts are like mine, almost every day I'm "force joined" to a new Telegram group where a crypto investment scammer tries to tell everyone how great their scam investment site is. This week, I started getting added to WhatsApp Crypto Investment Scams. I thought I'd share the experience with you, in case you were curious. When you are Force-joined to a WhatsApp group, the first thing that is displayed is information about who added you to the group.

Scams 59
article thumbnail

Hackers Ran Amok Inside GoDaddy for Nearly 3 Years

WIRED Threat Level

Plus: The FBI got (at least a little bit) hacked, an election-disruption firm gets exposed, Russia mulls allowing “patriotic hacking,” and more.

Hacking 83
article thumbnail

USENIX Security ’22 – ‘SYMSAN: Time And Space Efficient Concolic Execution Via Dynamic Data-flow Analysis’

Security Boulevard

Complete Title: 'USENIX Security '22 -Ju Chen, Wookhyun Han, Mingjun Yin, Haochen Zeng, Chengyu Song, Byoungyoung Lee, Heng Yin, Insik Shin - ‘SYMSAN: Time And Space Efficient Concolic Execution Via Dynamic Data-flow Analysis’ Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel.