Security Alerts & News
by Tymoteusz A. Góral

History
#1160 How to steal money from Instagram, Google and Microsoft
Some account options deployed by Instagram, Google and Microsoft can be misused to steal money from the companies by making them place phone calls to premium rate numbers, security researcher Arne Swinnen has demonstrated.

Swinnen has taken advantage of Instagram‘s option to link a mobile phone number to an account in order to earn money. After several unsuccessful SMS requests from Instagram to verify the link by using a token, the service will place a call that lasts some 17 seconds to the number.

Instagram didn’t notice the real nature of the provided number, nor did it notice when the same number was provided/tied with 100 Instagram accounts. The service did limit how often the call could be replayed (once every 30 seconds), but they could be easily scheduled to happen with such a pause in between.
Read more
#1166 Cisco patches serious flaws in router and conferencing server software
#1165 Cerber: A case in point of ransomware leveraging cloud platforms
#1164 Pokémon GO hype: First lockscreen tries to catch the trend
#1163 Malicious macros arrive in phishing emails, steal banking information
#1162 This webcam malware could blackmail you into leaking company secrets
#1161 Most companies still can't spot incoming cyberattacks
#1160 How to steal money from Instagram, Google and Microsoft
#1159 Two million passwords breached in Ubuntu hack
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12