Cyber Pulse: Edition 101

Barcelona Football Club Twitter account hacked – again

Hackers have used a third-party social media management tool to gain unauthorised access to the official Twitter accounts of Olympics and FC Barcelona. OurMine group published posts on several accounts belonging to Barcelona and the International Olympic Committee.

It was only last month that OurMine Group defaced social media accounts of the National Football League (NFL) and 15 of its teams. And in 2017, the OurMine group firsted hacked Barcelona's Twitter account, falsely claiming the club would be signing Angel Di Maria.

Barcelona acknowledged the latest cybersecurity breach after taking back control of their accounts, tweeting: "FC Barcelona's Twitter accounts have been hacked, which is why messages from outside our club have appeared, and which have been reported and deleted.” OurMine has targeted many high-profiling accounts in the past, such as Facebook CEO Mark Zuckerberg, Twitter CEO Jack Dorsey and Google CEO Sundar Pichai.

Sources: www.newindianexpress.com, www.goal.com

Researchers found massive security flaws with blockchain voting app

MIT researchers found massive security flaws in a blockchain voting platform, Voatz, which can be easily hacked into, Tech Republic reports.

MIT researchers released a paper that stated hackers could change votes through the app, which has already been used for public voting in numerous areas since 2018. "Their security analysis of the application, called Voatz, pinpoints a number of weaknesses, including the opportunity for hackers to alter, stop, or expose how an individual user has voted," MIT said in a news release. Additionally, the researchers found that Voatz' used a third-party vendor for voter identification and verification which poses potential privacy issues for users.

In an open press call, Voatz defended its security practices and disputed the claims made by the MIT researchers. The company said the research paper was based on an "old version" of the app and that because of this, many of the claims were invalid. The MIT researchers have not responded to the assertions made by Voatz executives but were very clear that no app like Voatz should be used during elections at this point. 

Sources: www.techrepublic.com

Hackers exploit a vulnerability in IOTA wallet to steal millions

The non-profit organisation behind the IOTA cryptocurrency has been shut down after hackers exploited a vulnerability in the official IOTA wallet app to steal user funds. IOTA members said the hackers utilised an exploit in "a third-party integration" mobile and desktop wallet app, called Trinity.

Based on current evidence, confirmed by the IOTA team, it is believed that hackers targeted at least 10 high-value IOTA accounts and used the Trinity exploit to steal funds. Although the IOTA security team has not confirmed the stolen fund value, open-source intelligence has the total at around £2 million worth of IOTA coins. IOTA Foundation members said law enforcement officials have been notified and are working towards tracking down the attackers.

Source: www.zdnet.com

Fraudsters are using coronavirus fears for phishing campaigns

Criminals are using the recent epidemic of the Wuhan coronavirus as bait, as they attempt to harvest e-mail credentials. The email appears to come from the Centers for Disease Control and Prevention and recommends some actions regarding the coronavirus. The email also comes from a convincing domain, cdc-gov.org (whereas the CDC’s real domain is cdc.gov). If a user is not paying careful attention, they won’t likely notice the difference.

The email claims that the CDC has “established a management system to coordinate a domestic and international public health response” and urges recipients to open a page that allegedly contains information about new cases of infection around their city. The link appears to point to the legitimate CDC website: cdc.gov.

Attentiveness and knowledge are your two best methods of defense. Look carefully to spot wrong addresses, misspelled domains, URLs with misleading labels, and other signs. 

Source: www.digitaljournal.com

Edited and compiled by cyber security specialist James Aguilan.