Daily Digest (10/9)

Facebook, Twitter Disable 3,500 Disinformation Networks; 300 UK Schools Affected in Wisepay Hack; Phishing Attacks Spike Heading Into Amazon Prime Days; Researchers Find Apple Flaws in 3-Month Hacking Project. Click “Continue reading” below.

Facebook, Twitter Disable 3,500 Disinformation Networks

Facebook and Twitter said Thursday that they had taken down more than a dozen disinformation networks used by political groups to deceive users.

The companies said in separate statements that when they identified the groups, they suspended more than 3,500 accounts that used fake identities and other deceptive behaviors, Reuters reports.

“Deceptive campaigns like these raise particularly complex issues by blurring the line of a healthy public debate and manipulation,” Nathaniel Gleicher, Facebook’s head of cybersecurity policy, told Reuters.

After coming under fire for not monitoring Russian activities in the 2016 election, Facebook and Twitter have announced multiple take-downs in the weeks leading up to the 2020 election, according to the report.

“Our goal with these disclosures is to continue to build public understanding around the ways in which hackers abuse and undermine open democratic conversation,” Twitter said in a statement.

Source (all external links):

300 UK Schools Affected in Wisepay Hack

Parents who made payments to U.K. schools through the Wisepay service were warned Thursday that their card information might have been compromised.

The payment company said an attacker breached its website and harvested payment details for three days beginning Oct. 2, BBC News reports.

Wisepay estimated that 300 schools were affected, but the firm said that a small number of parents would have used the system before it went offline.

“It’s quite a small subset of users of the platform,” Richard Grazier, Wisepay’s managing director, told the BBC.

Wisepay said the breach occurred over the weekend, but officials did not learn of it until Monday.

Company officials also contacted police for a computer-forensics expert to assist in its investigation.

Source:

Phishing Attacks Spike Heading Into Amazon Prime Days

Researchers said Thursday that phishing and fraud attacks have spiked since the announcement of Amazon Prime Days next Tuesday and Wednesday.

Hackers are fraudulently using the Amazon brand to break into the company’s annual discount for subscribers, Threatpost reports.

Bolster Research analysts said in a blog post that they analyzed hundreds of millions of web pages to track fraudulent sites using the Amazon brand and logo.

Earlier attacks were noticed in August, according to the report.

“As shoppers gear up for two days of great deals, cybercriminals are preparing to prey on the unwary, taking advantage of those who let their guard down to snap up bargains,” the researchers said in its blog.

Source:

Researchers Find Apple Flaws in 3-Month Hacking Project

Security researchers spent three months hacking Apple products to locate security vulnerabilities, garnering more than $51,000 in “bounty” payments for their efforts.

“Apple has had an interesting history working with security researchers, but it appears that their vulnerability disclosure program is a massive step in the right direction to working with hackers in securing assets,” Sam Curry, a Nebraska security researcher whose team worked with Apple, told the Apple Insider blog.

After the three months, researchers found 55 vulnerabilities in Apple’s system, with 11 ranked as critical.

The findings included a full compromise of Apple’s Distinguished Educators Program; a cross-site scripting attack that could allow hackers to steal user iCloud data via email, and a vulnerability that might have allowed attackers to compromise Apple’s internal inventory and warehousing system.

The average turnaround time for critical repairs, according to Apple Insider, was about four hours from submission to remediation. Typically, flaws were fixed within two business days, while others were repaired in as little as six hours.  

Apple has been working with vulnerability disclosure — “bounty” — programs to secure its assets and strengthen infrastructure, according to the blog.

Source:

— By DPN Staff