CyberSecurityBoard
Sponsor Register Login

Mandiant, SEC Lose Control of X Accounts Without 2FA

Upon review, Google's cybersecurity operation at Mandiant has determined it temporarily lost control of its X account to cryptocurrency drainer malware operators on Jan. 3 because it didn't have two-factor authentication set up.
Effective March 20, 2023, only paid, premium subscribers to X have access to 2FA. It's an embarrassing admission that experts say is a sign of the strain cybersecurity teams are under to keep a crushing onslaught of cyberattacks at bay with a shrinking pool of resources and talent to meet the challenge.
If it can happen to Mandiant, it can happen anywhere, they warn.
The statement also noted the SEC did not have 2FA enabled on the account.
Similar to how cybersecurity companies often have more vulnerabilities in their code than other forms of software, due to time pressures and cutting-edge code development, security firms like Mandiant may be so focused on more serious or complex exploits that the basics - like setting up 2FA on an X account - simply is missed.


This Cyber News was published on www.darkreading.com. Publication date: Thu, 11 Jan 2024 23:00:33 +0000


Cyber News related to Mandiant, SEC Lose Control of X Accounts Without 2FA

Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors - Earlier this year, Mandiant's Managed Defense threat hunting team identified an UNC2975 malicious advertising campaign promoting malicious websites themed around unclaimed funds. In each investigation under this campaign, Mandiant identified browser ...
1 year ago Mandiant.com
Mandiant says X account brute forced without 2FA protection The Register - Well, Mandiant's carefully worded response basically said it wasn't implemented. It didn't specifically point to the policy change X announced in February 2023, which was to disable SMS-based 2FA for users who didn't pay for Twitter Blue, but some ...
1 year ago Go.theregister.com
MFA vs 2FA: Which Is Best for Your Business? - If a user falls for a phishing scam and their credentials are compromised, multi-factor authentication or two-factor authentication provide an additional safeguard against a breach. MFA uses authentication factors such as a pin, an SMS code, an ...
10 months ago Techrepublic.com
GitHub warns users to enable 2FA before upcoming deadline - GitHub is warning users that they will soon have limited functionality on the site if they do not enable two-factor authentication on their accounts. In emails sent to GitHub users on Christmas Eve, the company warned that all users contributing code ...
1 year ago Bleepingcomputer.com
Mandiant, SEC Lose Control of X Accounts Without 2FA - Upon review, Google's cybersecurity operation at Mandiant has determined it temporarily lost control of its X account to cryptocurrency drainer malware operators on Jan. 3 because it didn't have two-factor authentication set up. Effective March 20, ...
1 year ago Darkreading.com
Mandiant's X Account Was Hacked in Brute-Force Password Attack - Cyber threat intelligence giant Mandiant has shared the result of its investigation on its recent X account hijacking following a wave of crypto-related X account hacks. On January 3, 2024, the X account of Mandiant, a subsidiary of Google Cloud, was ...
1 year ago Infosecurity-magazine.com
2FA-less GitLab users vulnerable to account takeovers The Register - GitLab admins should apply the latest batch of security patches pronto given the new critical account-bypass vulnerability just disclosed. Tracked as CVE-2023-7028, the maximum-severity bug exploits a change introduced in version 16.1.0 back in May ...
1 year ago Go.theregister.com
Twilio will ditch its Authy desktop 2FA app in August, goes mobile only - The Authy desktop apps for Windows, macOS, and Linux will be discontinued in August 2024, with the company recommending users switch to a mobile version of the two-factor authentication app. Authy is an authenticator app that allows users to set up ...
1 year ago Bleepingcomputer.com
SEC confirms X account was hacked in SIM swapping attack - The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. Earlier this month, the SEC's X account was hacked to issue a fake ...
1 year ago Bleepingcomputer.com
Securities and Exchange Commission Cyber Disclosure Rules: How to Prepare for December Deadlines - Starting Dec. 18, publicly traded companies will need to report material cyber threats to the SEC. Deloitte offers business leaders tips on how to prepare for these new SEC rules. The U.S. Securities and Exchange Commission’s new rules around ...
1 year ago Techrepublic.com
CISOs on alert following SEC charges against SolarWinds - While the outcome of the Security and Exchange Commission's complaint against SolarWinds remains to be seen, infosec experts say the charges are likely to have a major impact on the role of the CISO going forward. In late October, the SEC charged ...
1 year ago Techtarget.com
Sandworm Hackers Caused Another Blackout in Ukraine-During a Missile Strike - The notorious unit of Russia's GRU military intelligence agency known as Sandworm remains the only team of hackers to have ever triggered blackouts with their cyberattacks, turning off the lights for hundreds of thousands of Ukrainian civilians not ...
1 year ago Wired.com
New phishing attack steals your Instagram backup codes to bypass 2FA - A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. Two-factor authentication is a ...
1 year ago Bleepingcomputer.com
Payoneer accounts in Argentina hacked in 2FA bypass attacks - Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping. Payoneer is a financial services platform providing online money ...
1 year ago Bleepingcomputer.com
Mandiant's X Account Hacked to Promote Crypto Scam - The X account of Google's cybersecurity firm Mandiant was restored to its rightful owner Jan. 4 after the account was hacked and used to promote a cryptocurrency scam. The incident occurred amid growing concerns for the security of high-profile ...
1 year ago Darkreading.com
US SEC's X account hacked to announce fake Bitcoin ETF approval - The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. The announcement came this afternoon in a now-deleted tweet from the SEC's hacked X ...
1 year ago Bleepingcomputer.com
How to Stop Your X Account From Getting Hacked Like the SEC's - This week, the United States Securities and Exchange Commission suffered an embarrassing-and market-moving-breach in which a hacker gained access to its X social media account and published fake information about a highly anticipated SEC announcement ...
1 year ago Wired.com
Mandiant's X account hacked by crypto Drainer-as-a-Service gang - The threat actor who took over Mandiant's X social media account used it to share links, redirecting the company's over 123,000 followers to a phishing page to steal cryptocurrency. As Mandiant found during a follow-up investigation into the ...
1 year ago Bleepingcomputer.com
GitHub Wants All Users to Enable 2FA Before the End of 2023 - GitHub, the omnipresent nexus for developers and their code, has embarked on a decisive initiative aimed at fortifying the security of the software supply chain. In a groundbreaking announcement, the platform has set forth a mandate for two-factor ...
1 year ago Cybersecuritynews.com
Hacked Mandiant X Account Abused for Cryptocurrency Theft - Mandiant's account on the social media platform X, formerly Twitter, was hacked on Wednesday and abused to lure users to a website designed to steal cryptocurrency from victims. The account of Mandiant, which is part of Google Cloud, was renamed to ...
1 year ago Securityweek.com
Hacked Mandiant X Account Abused for Cryptocurrency Theft - Mandiant's account on the social media platform X, formerly Twitter, was hacked on Wednesday and abused to lure users to a website designed to steal cryptocurrency from victims. The account of Mandiant, which is part of Google Cloud, was renamed to ...
1 year ago Packetstormsecurity.com
CISA Warns of Compromised Microsoft Accounts - CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group. The directive is known as ...
9 months ago Securityboulevard.com
Ivanti zero-day victim count grows as Mandiant weighs in The Register - Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant's threat intel team. The software biz disclosed the vulnerabilities in Ivanti Connect Secure - the VPN server appliance previously ...
1 year ago Go.theregister.com
Ivanti zero-day victim count grows as Mandiant weighs in The Register - Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant's threat intel team. The software biz disclosed the vulnerabilities in Ivanti Connect Secure - the VPN server appliance previously ...
1 year ago Theregister.com
Senators Demand Probe into SEC Hack After Bitcoin Price Spike - US lawmakers have demanded an investigation into the hack of the Securities and Exchange Commission's X account last week. Senators Ron Wyden, who sits on the Senate Intelligence Committee, and Cynthia Lummis, accused the federal agency of failing to ...
1 year ago Infosecurity-magazine.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)