External Threat Summary for November 2018
500 Million Guests Personal & Financial Data Stolen in 4-Year Breach
Marriott discloses a massive data breach exposing the personal and financial information on half billion customers who made reservations at any of its Starwood properties over the past four years.
Social Media Imposter | Bitcoin Fraud
Google, U.S. and Israeli politician Twitter accounts hijacked to promote ‘Elon Musk’ Bitcoin scam.
After compromising the Twitter accounts of Target along with several other high profile and verified accounts and impersonating Elon Musk all to promote Bitcoin giveaway scams, cybercriminals have now set their sights on Google.
Social Media Account Takeover
How Hackers Are Stealing High-Profile Instagram Accounts.
In the Wild West of “influencer” marketing, there are few protections and plenty of easy marks.
Law enforcement in EU shuts down over 30,000 counterfeit sites
As part of an international operation, Europol’s Intellectual Property Crime Coordinated Coalition (IPC3) has seized 33.654 domain names distributing counterfeit and pirated items online.
Amazon customers’ names and email addresses disclosed by website error.
Amazon has not disclosed key details, including where breach happened and for how long.
Health First Florida phishing attack may have compromised 42,000 patients.
Health First, a nonprofit community health system comprising four hospitals in Brevard County, Fla., is notifying 42,000 patients to a potential compromise of their personal information,Florida Today reports.
Physical Social Media Threat
Teen Arrested for Making Social Media Threats to Fallbrook HS.
Deputies announced the arrest of a Fallbrook High School student suspected of making a shooting threat toward the school on social media.
Rogue Mobile Application
Fake Banking App Found on Google Play Used in SMiShing Scheme.
Movil Secure is a fake banking app pretending to be a mobile token service. Its developers evidently put in the effort to trick users into thinking it is legitimate, with professional-looking branding and a sophisticated user interface.
Social Media Account Takeover
Attackers target Iranian users of Instagram and Telegram.
State-sponsored actors have a number of different techniques at their disposal to remotely gain access to social media and secure messaging applications.
News apps and apps for children found to contain largest amount of third-party trackers.
Third party tracking allows companies to identify users and track their behavior across multiple digital services.
Cyber Social Media Threat
Twitter deletes 10,000 bot accounts discouraging people from voting in US midterms.
Twitter deleted more than 10,000 automated accounts posting messages that discouraged people from voting in Tuesday’s U.S. election and wrongly appeared to be from Democrats, after the party flagged the misleading tweets to the social media company.
Data Leak | Extortion | Data Exploitation
Spammers harvest email addresses and passwords from a publicly available data breach, and then use this data to facilitate sextortion attacks.
Attackers are increasingly spreading sextortion-type attacks across the internet.