Events

Twitter goes OAuth-only (Yay for security!)

In a long overdue move, Twitter turned off basic authentication for third-party applications, while enforcing OAuth for all apps. This is a move that should be applauded by anyone concerned about the security of their Twitter account.

This latest move covers a potential vulnerability in the process of giving read/write access to third-party applications, which could lead to a Twitter account being compromised. Well, not anymore. You don’t need to give your username and password to third-party developers anymore if you want to use their application on your Twitter account.

Being always concerned about security, I salute Twitter’s move to enforce OAuth. This lets me use an application without having to share my Twitter username and password with an unknown entity. Also, hats off to all developers that updated their applications in time and made this change as seamless as possible for the majority of users.

However, keep in mind that OAuth doesn’t protect against local attacks – stealing passwords straight from the users’ machines. Make sure you use a clean computer when you log-in to Twitter. Also, for more tips on staying safe, I invite you to read my quick How to Avoid Getting Your Twitter Account Hacked guide on Threatpost.

Twitter goes OAuth-only (Yay for security!)

Your email address will not be published.

 

Reports

The SessionManager IIS backdoor

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

APT ToddyCat

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.

WinDealer dealing on the side

We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack.

APT trends report Q1 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

Subscribe to our weekly e-mails

The hottest research right in your inbox