Barcelona Football Club Twitter account hacked – again
Hackers have used a third-party social media management tool to gain unauthorised access to the official Twitter accounts of Olympics and FC Barcelona. OurMine group published posts on several accounts belonging to Barcelona and the International Olympic Committee.
It was only last month that OurMine Group defaced social media accounts of the National Football League (NFL) and 15 of its teams. And in 2017, the OurMine group firsted hacked Barcelona's Twitter account, falsely claiming the club would be signing Angel Di Maria.
Barcelona acknowledged the latest cybersecurity breach after taking back control of their accounts, tweeting: "FC Barcelona's Twitter accounts have been hacked, which is why messages from outside our club have appeared, and which have been reported and deleted.” OurMine has targeted many high-profiling accounts in the past, such as Facebook CEO Mark Zuckerberg, Twitter CEO Jack Dorsey and Google CEO Sundar Pichai.
Researchers found massive security flaws with blockchain voting app
MIT researchers found massive security flaws in a blockchain voting platform, Voatz, which can be easily hacked into, Tech Republic reports.
MIT researchers released a paper that stated hackers could change votes through the app, which has already been used for public voting in numerous areas since 2018. "Their security analysis of the application, called Voatz, pinpoints a number of weaknesses, including the opportunity for hackers to alter, stop, or expose how an individual user has voted," MIT said in a news release. Additionally, the researchers found that Voatz' used a third-party vendor for voter identification and verification which poses potential privacy issues for users.
In an open press call, Voatz defended its security practices and disputed the claims made by the MIT researchers. The company said the research paper was based on an "old version" of the app and that because of this, many of the claims were invalid. The MIT researchers have not responded to the assertions made by Voatz executives but were very clear that no app like Voatz should be used during elections at this point.
Hackers exploit a vulnerability in IOTA wallet to steal millions
The non-profit organisation behind the IOTA cryptocurrency has been shut down after hackers exploited a vulnerability in the official IOTA wallet app to steal user funds. IOTA members said the hackers utilised an exploit in "a third-party integration" mobile and desktop wallet app, called Trinity.
Based on current evidence, confirmed by the IOTA team, it is believed that hackers targeted at least 10 high-value IOTA accounts and used the Trinity exploit to steal funds. Although the IOTA security team has not confirmed the stolen fund value, open-source intelligence has the total at around £2 million worth of IOTA coins. IOTA Foundation members said law enforcement officials have been notified and are working towards tracking down the attackers.
Fraudsters are using coronavirus fears for phishing campaigns
Criminals are using the recent epidemic of the Wuhan coronavirus as bait, as they attempt to harvest e-mail credentials. The email appears to come from the Centers for Disease Control and Prevention and recommends some actions regarding the coronavirus. The email also comes from a convincing domain, cdc-gov.org (whereas the CDC’s real domain is cdc.gov). If a user is not paying careful attention, they won’t likely notice the difference.
The email claims that the CDC has “established a management system to coordinate a domestic and international public health response” and urges recipients to open a page that allegedly contains information about new cases of infection around their city. The link appears to point to the legitimate CDC website: cdc.gov.
Attentiveness and knowledge are your two best methods of defense. Look carefully to spot wrong addresses, misspelled domains, URLs with misleading labels, and other signs.
Edited and compiled by cyber security specialist James Aguilan.
Stay in the know
Subscribe to our monthly Learning Matters newsletter and stay up to date with QA's latest news, views, offers, must-go-to events and more.
And if you want to keep up with the latest cyber news, why not subscribe to our weekly Cyber Pulse newsletter.
James Aguilan currently works as a Cybersecurity Researcher. He has provided upskilling and development to Government Agencies, National Critical Infrastructures and Large Corporations through the simulation of cyber-attacks and forensic investigations workshops. In the past, James worked as a Data Consultant where he advised high profiling clients on how to handle their data in a Civil Litigation or Criminal Investigation. Notably, this includes the largest Merger between two US Powerhouse Conglomerate, a deal worth $87 billion. Additionally, he has also served as a Cybersecurity Consultant where he would Respond to Incidents and Perform Full Forensic Investigations. James holds a first-class honour in Computer Forensics and is actively working towards a Masters in Network Security and Penetration Testing.
More articles by James
Cyber Pulse: Edition 105
Cyber Pulse: Edition 104
Cyber Pulse: Edition 103
Cyber Pulse: Edition 102
4 things you need to know about cyber security in 2020
How does Ransomware-as-a-Service work?
Phishing Campaigns: Defending organisations against phishing
Is Mr Robot a good representation of real-life hacking and hacking culture?
Safeguarding your Digital Footprint
How do organisations demonstrate accountability for GDPR compliance?