Twitter CEO’s account hacked

Twitter CEO Jack Dorsey’s twitter account was hacked on Friday, Aug 30, using a technique known as “SIM Swapping” or “SIM Hacking” to get around 2-factor authentication (2FA), essentially convincing a phone carrier to assign the victim’s number to a new phone that they control.  The hacker then receives the authentication code and uses it to gain access to the account.  Fortunately, this account was quickly locked down, but if it was your account instead of the CEO’s, do you think it would have been caught as quickly?  I doubt it.

Security expert Brian Krebs suggests “If you care about your account, get a Google Voice # to replace your mobile # in Twitter settings. Uncheck SMS. Then use only either mobile app or even better a security key for 2-factor authentication. Do this for every other account you care about that you can.”

His twitter posts (https://twitter.com/briankrebs/status/1167581370048307206) give more detail, including the inconvenient fact that Google Voice numbers don’t work in many countries outside of the US.  He clarifies later in the thread that “Basically you want to avoid any service that you can reach over the phone. Oddly enough, the lack of customer service people staffing Google Voice is a plus in this regard. If that describes another service that provides the same, then that’s probably fine, too.”

It’s those helpful customer service people who help you do the SIM swap.

 

Malvertising Campaign targets WordPress

In this campaign, known vulnerabilities in WordPress plugins are exploited to inject malicious JavaScript into the frontends of victim sites, which causes the sites’ visitors to be redirected to potentially harmful content like malware droppers and fraud sites. Where possible, the payloads are obfuscated in an attempt to avoid detection.

The plugins currently under attack in this campaign are:

We’re relieved to report that none of our client’s sites are using any of these plugins.  Wordfence Security, which we install on most if not all of our client’s sites, blocks the exploit.  So you and your site’s visitors are all safe for now.