28 matches found
Liberapay: Liberapay member team twitter account broken Link Hijacking via Expired Twitter Account Link
The profile of a Liberapay team member contained a link to an expired Twitter account, creating a broken link hijacking vulnerability. The expired Twitter account link was displayed on the member's Liberapay profile and donation page, falsely confirming to donors that the account was legitimate a...
EUVD-2013-2264
Malware in sbrugna...
CVE-2018-20555
The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter accesstoken, accesstokensecret, consumerkey, and consumersecret values by reading the dcwptwitter.php source code. This leads to Twitter account takeover...
CVE-2013-2318
The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information, which allows attackers to hijack Twitter accounts via a crafted application...
CVE-2024-3631 HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF
The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack...
How to delete your Twitter account: the deactivation process
You may decide to delete your Twitter account, because social media isn’t for everyone. Perhaps you set up an account to see what the big deal is. Maybe you wanted to hang out with friends but you’re all moving to a new platform. It’s possible the service just isn’t very good and filled with trol...
Intel Owl - Analyze Files, Domains, IPs In Multiple Ways From A Single API At Scale
Do you want to get threatintelligence data about a file, an IP or a domain? Do you want to get this kind of data from multiple sources at the same time using a single API request? You are in the right place! This application is built to scale out and to speed up the retrieval of threat info. It c...
Who’s Behind the ‘Web Listings’ Mail Scam?
In December 2018, KrebsOnSecurity looked at how dozens of U.S. political campaigns, cities and towns had paid a shady company called Web Listings Inc. after receiving what looked like a bill for search engine optimization SEO services rendered on behalf of their domain names. The story concluded...
Twitter temporarily disables 'Tweeting via SMS' after CEO gets hacked
Twitter today finally decided to temporarily disable a feature, called 'Tweeting via SMS,' after it was abused by a hacking group to compromise Twitter CEO Jack Dorsey last week and sent a series of racist and offensive tweets to Dorsey's followers. Dorsey's Twitter account was compromised last...
CVE-2018-20555
The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter accesstoken, accesstokensecret, consumerkey, and consumersecret values by reading the dcwptwitter.php source code. This leads to Twitter account takeover...
A week in security (February 25 – March 3)
Last week, we delved into the realm of K-12 schools and security, explored the world of compromised websites and Golang bruteforcers, and examined the possible realms of pay for privacy. We also looked at identity management solutions, Google’s Universal Read Gadget, and did the deepest of dives...
Wide-Ranging German Doxxing Incident Hits Hundreds of Politicians
Hundreds of German politicians, including Chancellor Angela Merkel, have been doxxed in a puzzling incident, with their private information and political documents dumped online. At least one local reporter is claiming the information is explosive. According to a report from German public...
Leaked? - A Checking Tool For Hash Codes And Passwords Leaked
Leaked? is A Checking tool for Hash codes and Passwords leaked, use API from @webtobesocial. Leaked? can work in any OS if they have support Python 3 Features Check passwords leaked Check hash code leaked Exit About Author Install and Run in Linux sudo apt update && apt install python3 python3-pi...
Hacked Password Service Leakbase Goes Dark
Leakbase, a Web site that indexed and sold access to billions of usernames and passwords stolen in some of the world largest data breaches, has closed up shop. A source close to the matter says the service was taken down in a law enforcement sting that may be tied to the Dutch police raid of the...
A week in security (October 30 – November 5)
Last week on our blog, we told you what to expect at the upcoming Irisscon security conference in Dublin. We gave you a quick introduction into the why and how of analyzing malware based on their API calls. And we issued a warning about some lesser-known cybercrimes. Plus we explained why emergin...
BBC News iOS App Not Hacked, Breaking News Push Messages Sent in Error
If you are one of the users of the BBC News iPhone app, then you might have receive a strange message as a breaking news notification earlier this morning. The message was sent on two separate time durations. First the message reads: "NYPD Twitter campaign 'backfires' after hashtag hijacked," the...
[Avivore] The Twitter-searching Data Miner
Avivore is a Python-based tool that searches Twitter for keywords and then parses any tweets that are found. When parsing, it looks for the following sort of data: Phone numbers in NPA-NXX format ex: 604-555-1212 IPv4 addresses 127.0.0.1 Blackberry PINs ABCDEF12 It presently uses a SQLite backend...
US news agency GlobalPost's twitter and website hacked by Syrian Electronic Army
In a series of high profile hacks, 'Syrian Electronic Army SEA' just a few minutes before took control twitter account and website of 'GlobalPost', a US based news agency. 'Syrian Electronic Army is an organized hacking group loyal to the Syrian President Bashar al-Assad and known for their high...
Rock band 'Garbage' twitter account Hacked to spam monetized link
Official Twitter account of Rock band 'Garbage' has been compromised and hacker is posting Spam tweets and links using adf.ly, which is a url shortener service that pays on clicks. Hacked twitter account hack around 55,563 Followers. Hacker can post malicious links also, but in this case we can s...
Fake Syria News Posted from Hacked Reuters blog and Twitter account
On Friday, Reuters blog platform was hacked with false posts and on Saturday, the @ReutersTech account on Twitter was taken over and renamed @TechMe. False tweets were sent before it was taken down. The first attack came Friday after Syrian hackers loyal to President Bashar al-Assad allegedly...