Motherboard: How a Third-Party SMS Service Was Used to Take Over Signal Accounts

Motherboard: How a Third-Party SMS Service Was Used to Take Over Signal Accounts. “Last week, hackers broke into the systems of Twilio, a cloud communications company that provides infrastructure to other companies to automate sending text messages to their users. By breaking into Twilio systems, hackers could have sent text messages to victims, and read their text messages as well. This potentially gave the hackers a chance to take over any victim’s accounts that were tied to their phone number on services that use Twilio. Crucially, Twilio provides text verification services for the encrypted messaging app Signal.”

Rolling Stone: Trump’s Site Is Being Weaponized Against the FBI — and Their Families

Rolling Stone: Trump’s Site Is Being Weaponized Against the FBI — and Their Families. “A review of Truth Social postings by Rolling Stone shows Trump supporters have spent the past week doxxing both Judge Bruce Reinhart, the magistrate judge who approved the Mar-a-Lago warrant, and an FBI agent involved in preparing the request, as well as their families. The information includes their purported home addresses, phone numbers, places of worship, private offices, and similar information about the men’s families and junior employees.”

Ars Technica: Deadly swatting increasing on Twitch; alarmed streamers press for change

Ars Technica: Deadly swatting increasing on Twitch; alarmed streamers press for change. “These swatting attacks are conducted by anonymous persons making prank calls to police, falsely reporting emergency circumstances (like an armed potential mass shooter or a hostage situation that doesn’t exist) in order to get SWAT teams to descend, guns out, on a Twitch streamer’s location. The Washington Post reported this week that these swattings appear to be intensifying and can be traumatizing for targeted Twitch streamers. One trans Twitch streamer told the Post that police in London aimed an assault rifle at her face.”

Bleeping Computer: Malicious browser extensions targeted almost 7 million people

Bleeping Computer: Malicious browser extensions targeted almost 7 million people. “Almost 7 million users have attempted to install malicious browser extensions since 2020, with 70% of those extensions used as adware to target users with advertisements. The most common payloads carried by malicious web browser extensions during the first half of 2022 belonged to adware families, snooping on browsing activity and promoting affiliate links.”

Ars Technica: Update Chrome now to patch actively exploited zero-day

Ars Technica: Update Chrome now to patch actively exploited zero-day . “The exploit was reported by Ashley Shen and Christian Resell of the Google Threat Analysis Group, and that’s all the information we have for now. Details of the exploit are currently tucked behind a wall in the Chromium bugs group and are restricted to those actively working on related components and registered with Chromium. After a certain percentage of users have applied the relevant updates, those details may be revealed.”

PR Newswire: CyberRatings.org Announces New Web Browser Test Results for 2022 (PRESS RELEASE)

PR Newswire: CyberRatings.org Announces New Web Browser Test Results for 2022 (PRESS RELEASE). “CyberRatings.org, the non-profit entity dedicated to providing transparency on cybersecurity product efficacy, has published the results of its 2022 Web Browser Security Test. Google Chrome, Microsoft Edge, and Mozilla Firefox were tested for Phishing Protection and Malware Protection running on Windows 10 and 11.”

Bleeping Computer: Hackers attack UK water supplier with 1.6 million customers

Bleeping Computer: Hackers attack UK water supplier with 1.6 million customers. “South Staffordshire Water, a company supplying 330 million liters of drinking water to 1.6 consumers daily, has issued a statement confirming IT disruption from a cyberattack. As the announcement explains, the safety and water distribution systems are still operational, so the disruption of the IT systems doesn’t impact the supply of safe water to its customers or those of its subsidiaries, Cambridge Water and South Staffs Water.”

Government Technology: Higher Ed’s Growing Consortium of Cybersecurity Clinics

Government Technology: Higher Ed’s Growing Consortium of Cybersecurity Clinics. “As public- and private-sector industries grapple with an increase in cyber attacks and a shortage of IT talent, higher education institutions have increased their focus on cybersecurity training, as well as securing their own growing networks for remote learning. With these trends in mind, several universities are now partnering with one another through the newly formed Consortium of Cybersecurity Clinics to share best practices across these fronts and to help others secure their networks.”

Krebs on Security: It Might Be Our Data, But It’s Not Our Breach

Krebs on Security: It Might Be Our Data, But It’s Not Our Breach. “A cybersecurity firm says it has intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. The firm’s analysis of the data suggests it corresponds to current and former customers of AT&T. The telecommunications giant stopped short of saying the data wasn’t theirs, but it maintains the records do not appear to have come from its systems and may be tied to a previous data incident at another company.”

Android Police: Google wants to remind you that using 2FA doesn’t have to be a… drag

Android Police: Google wants to remind you that using 2FA doesn’t have to be a… drag . “Google has enlisted the help of drag personality Trixie Mattel to promote the use of two-factor authentication through the company’s Safer with Google initiative. The spot highlights one of the most straightforward 2FA methods — sending a notification to your phone to approve or reject a login request — to show that it doesn’t need to be an overly complicated ordeal.” I’m a Trixie fan but I think I’ll stick with my YubiKey.

Cybersecurity and Infrastructure Security Agency: CISA Releases Toolkit Of Free Cybersecurity Resources For Election Community

Cybersecurity and Infrastructure Security Agency (CISA): CISA Releases Toolkit Of Free Cybersecurity Resources For Election Community. “The Cybersecurity and Infrastructure Security Agency (CISA) released its ‘Protecting U.S. Elections: A CISA Cybersecurity Toolkit’ today, a one-stop catalog of free services and tools available for state and local election officials to improve the cybersecurity and resilience of their infrastructure.”