Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/15/2020
05:55 PM
100%
0%

Cryptocurrency Scam Spreads Across High-Profile Twitter Accounts

Twitter accounts belonging to former president Barack Obama, Joe Biden, Jeff Bezos, Elon Musk, and Bill Gates are among those hijacked in a massive cryptocurrency scam.

This is a developing story.

Several high-profile Twitter accounts were hijacked in a wide-ranging cryptocurrency scam in which attackers are manipulating followers into transferring funds.

Affected accounts belong to businesses and individuals including Apple, Bitcoin, CashApp, Coindesk, Coinbase, Uber, Barack Obama, Jeff Bezos, Elon Musk, Bill Gates, Joe Biden, Michael Bloomberg, and Kanye West. Some account owners quickly took control of their profiles and deleted the tweets. 

Some tweets promised to double payments sent to a specific Bitcoin address for the following 30 minutes. Bill Gates' account, for example, promised to send $2,000 back to people who sent $1,000. A similar message appeared on Elon Musk's account, which posted a tweet saying, "I'll double any BTC payment sent to my BTC address for the next hour," followed by a URL. 

RiskIQ has published a list of domains allegedly connected to this scam, giving further insight into the extent of people and corporations targeted. It's unclear how widespread the incident is, but so far the scammers have collected at least $103,000.

It is so far unclear whether the activity can be attributed to individual account hacks or a larger Twitter compromise. Some security experts have noted the extent of accounts affected could indicate the attackers leveraged the Twitter platform instead of targeting individual accounts.

Read more details here.

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for detail on conference information and to register.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
7/19/2020 | 9:26:15 PM
MFA
This is why if I have said it once I've said it 1000 times. MFA is key here. Here is the information on how to enable MFA on your Twitter account if you haven't already done so:

 

https://help.twitter.com/en/managing-your-account/two-factor-authentication
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7700
PUBLISHED: 2020-08-14
All versions of phpjs are vulnerable to Prototype Pollution via parse_str.
CVE-2020-7701
PUBLISHED: 2020-08-14
madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue.
CVE-2020-9228
PUBLISHED: 2020-08-14
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.
CVE-2020-9229
PUBLISHED: 2020-08-14
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.
CVE-2019-19643
PUBLISHED: 2020-08-14
ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service.