Twitter reveals it closes down 3.2m spam accounts a WEEK

Daily Mail - Science & tech

Twitter has revealed the scale of its spam problem for the first time as part of its briefings to U.S. congressional staff as it probes online campaigns to influence the 2016 U.S. election. 'On average, our automated systems catch more than 3.2 million suspicious accounts globally per week -- more than double the amount we detected this time last year,' the social network said. It also outlined for the first time the measures it uses to deal with the issue, from automatically blocking suspicious attempts to log in to banning'bad actors'. Twitter also outlined for the first time the measures it uses to deal with the issue, from automatically blocking suspicious attempts to log in to banning'bad actors'. Systems catch more than 3.2 million suspicious accounts globally per week Twitter said on Thursday it had suspended hundreds of Russian-linked accounts and would ramp up enforcement of its spam rules.


Why Twitter's 30 million bots are here to stay

Mashable

Bots are a thriving part of Twitter's user base, and it's likely they'll continue showing up alongside our own human tweets. Twitter bots can be thought of as autonomous programs or entities that generate social content. Some of this content is harmless, like sports updates, and some of it intentionally malicious and polarizing -- like the over 1,600 known bots that tweeted extremist right-wing views during the polarizing 2016 campaign, explored in a recent report from Bloomberg. The influence of bots is strong, and much of this strength comes from sheer numbers. Earlier this year, researchers from the University of Southern California and Indiana University suggested that between nine and 15 percent of of Twitter users are actually bots.


National Lottery: 10 million players told to change passwords as attackers hit online accounts

ZDNet

Millions of National Lottery players have been urged to change their passwords following what parent company Camelot describes as "suspicious activity" involving lottery accounts. Camelot, which runs the National Lottery, insists there's been no access to core systems or databases which would affect lottery draws or prizes, but has recommended that its 10.5 million registered users change their passwords following a number of unauthorised logins. A Camelot spokesperson told ZDNet that the account breaches are thought to be as a result of "credential stuffing", a type of cyber attack where previously-stolen account details are entered into other websites in the hope that the victim uses the same username and password. In this instance, it means the affected National Lottery users have previously had their details stolen elsewhere and shared among cyber criminals. In an email sent to registered users, Camelot said it uncovered suspicious activity on some accounts as part of "regular security monitoring".


Beware new Gmail scam

FOX News

Why are the Windows and Android platforms always targeted by malware and other malicious attacks from nefarious hackers? Because they're used by so many people that the odds of a successful attack are dramatically increased compared to less popular platforms like macOS. For that same reason, Google's Gmail service is often the target of phishing scams that have become increasingly effective in recent years. Now, a new scam has been uncovered that may very well be the most well-executed scam in recent history, making it all too easy for victims to have their Google login credentials stolen. Via Lifehacker, the cyber security experts at Wordfence first brought this new scam to light earlier this year.


Google bans logins from embedded browser frameworks to prevent MitM phishing

ZDNet

Google announced today a security update for the Google user login system that the company hopes will improve its overall security protections against MitM-based phishing attacks. According to Jonathan Skelker, Product Manager and Account Security for Google, the company plans to block any user login attempts initiated from an embedded browser framework technology. This includes any logins attempted from tools like the Chromium Embedded Framework (CEF), XULRunner, and others. Over the past year, cyber-criminals have been using these tools as part of man-in-the-middle (MitM) attacks. Crooks that manage to place themselves in a position to intercept the user's web traffic for the Google login page will often use an embedded browser framework to automate the login operation.