Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Over 3,200 Apps Leak Twitter API Keys, Some Allowing Account Hijacks

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Over 3,200 Apps Leak Twitter API Keys, Some Allowing Account Hijacks


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: it.slashdot.org

An anonymous reader quotes a report from BleepingComputer: Cybersecurity researchers have uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public, potentially enabling a threat actor to take over users' Twitter accounts that are associated with the app. The discovery belongs to cybersecurity firm CloudSEKE, which scrutinized large app sets for potential data leaks and found 3,207 leaking a valid Consumer Key and Consumer Secret for the Twitter API. When integrating mobile apps with Twitter, developers will be given special authentication keys, or tokens, that allow their mobile apps to interact with the Twitter API. When a user associates their Twitter account with this mobile app, the keys also will enable the app to act on behalf of the user, such as logging them in via Twitter, creating tweets, sending DMs, etc. As having access to these authentication keys could allow anyone to perform actions as associated Twitter users, it is never recommended to store keys directly in a mobile app where threat actors can find them. CloudSEK explains that the leak of API keys is commonly the result of mistakes by app developers who embed their authentication keys in the Twitter API but forget to remove them when the mobile is released. [...] One of the most prominent scenarios of abuse of this access, according to CloudSEK, would be for a threat actor to use these exposed tokens to create a Twitter army of verified (trustworthy) accounts with large numbers of followers to promote fake news, malware campaigns, cryptocurrency scams, etc. "CloudSEK shared a list of impacted applications [...] with apps between 50,000 and 5,000,000 downloads," reports BleepingComputer. They are not disclosing the list because they are still vulnerable to exploitation and Twitter account takeover.

Read more of this story at Slashdot.

...



๐Ÿ“Œ Over 3,200 apps leak Twitter API keys, some allowing account hijacks


๐Ÿ“ˆ 91.96 Punkte

๐Ÿ“Œ Over 3,200 Apps Leak Twitter API Keys, Some Allowing Account Hijacks


๐Ÿ“ˆ 91.96 Punkte

๐Ÿ“Œ Over 3,200 Apps Leak Twitter API Keys, Some Allowing Account Hijacks


๐Ÿ“ˆ 91.96 Punkte

๐Ÿ“Œ Thousand apps leak Twitter API keys, some allowing account hijacks


๐Ÿ“ˆ 78.62 Punkte

๐Ÿ“Œ Over 3,200 Mobile Apps are Exposing Twitter API Keys that Enable Account Take Overs


๐Ÿ“ˆ 46.15 Punkte

๐Ÿ“Œ Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys


๐Ÿ“ˆ 33.7 Punkte

๐Ÿ“Œ 3,200 Mobile Apps Leaking Twitter API Keys โ€“ Expert Comments


๐Ÿ“ˆ 33.7 Punkte

๐Ÿ“Œ Apps with over 3 million installs leak 'Admin' search API keys


๐Ÿ“ˆ 32.32 Punkte

๐Ÿ“Œ Apps with Over 3 Million Downloads Leak Algolia API Keys


๐Ÿ“ˆ 32.32 Punkte

๐Ÿ“Œ Amazon fixes security flaws allowing smart home hijacks


๐Ÿ“ˆ 31.57 Punkte

๐Ÿ“Œ AMBER AI: I found some api keys in js files ,huge leak of token addresses and huge amount of js files are not forbidden


๐Ÿ“ˆ 30.27 Punkte

๐Ÿ“Œ OurMine hijacks Netflixโ€™s US Twitter account


๐Ÿ“ˆ 29.23 Punkte

๐Ÿ“Œ OurMine hijacks Netflixโ€™s US Twitter account


๐Ÿ“ˆ 29.23 Punkte

๐Ÿ“Œ Hacker hijacks NFT artist DeeKayโ€™s Twitter account, steals $150,000 worth of NFTs from fans


๐Ÿ“ˆ 29.23 Punkte

๐Ÿ“Œ Twitter warns of possible API keys leak


๐Ÿ“ˆ 28.31 Punkte

๐Ÿ“Œ Twitter warns developers of possible API keys leak


๐Ÿ“ˆ 28.31 Punkte

๐Ÿ“Œ Twitter Warns of Possible API Keys Leak


๐Ÿ“ˆ 28.31 Punkte

๐Ÿ“Œ Twitter API Keys exposed by over 3000+ mobile applications


๐Ÿ“ˆ 27.28 Punkte

๐Ÿ“Œ Some YubiKey FIPS Keys Allow Attackers to Reconstruct Private Keys


๐Ÿ“ˆ 27.18 Punkte

๐Ÿ“Œ Ransomware Hijacks Hotel Smart Keys to Lock Guests In and Out of the Rooms


๐Ÿ“ˆ 26.38 Punkte

๐Ÿ“Œ Thousands of Apps Leaking Twitter API Keys


๐Ÿ“ˆ 25.91 Punkte

๐Ÿ“Œ Bot army risk as 3,000+ apps found spilling Twitter API keys


๐Ÿ“ˆ 25.91 Punkte

๐Ÿ“Œ Thousands of Mobile Apps Leaking Twitter API Keys


๐Ÿ“ˆ 25.91 Punkte

๐Ÿ“Œ TIBCO FTP Community Edition up to 6.5.0 on Windows Server/C API/Golang API/Java API/.Net API access control


๐Ÿ“ˆ 25.11 Punkte

๐Ÿ“Œ Why Do Some Keyboards Have Multiple Symbols On Some Keys?


๐Ÿ“ˆ 25.09 Punkte

๐Ÿ“Œ Why Do Some Keyboards Have Multiple Symbols On Some Keys?


๐Ÿ“ˆ 25.09 Punkte

๐Ÿ“Œ Facebook steps up security by allowing physical keys for log-in


๐Ÿ“ˆ 24.72 Punkte

๐Ÿ“Œ Researchers Expose Passive Methods Allowing RSA Keys Extraction From SSH Connections


๐Ÿ“ˆ 24.72 Punkte

๐Ÿ“Œ OpenVPN โ€“ Google Cloud Allowing Remote users to Connect to Your Corporate Network & Apps over VPN


๐Ÿ“ˆ 24.67 Punkte

๐Ÿ“Œ OpenVPN โ€“ Google Cloud Allowing Remote users to Connect to Your Corporate Network & Apps over VPN


๐Ÿ“ˆ 24.67 Punkte

๐Ÿ“Œ New HeadCrab Malware Hijacks 1,200 Redis Servers


๐Ÿ“ˆ 24.41 Punkte

๐Ÿ“Œ Twitter API: How to Post and Get Analytics With the Twitter API


๐Ÿ“ˆ 23.96 Punkte

๐Ÿ“Œ Zugang zur Twitter-API: Twitter verlรคngert API-Deadline und erlaubt Gratis-Tweets


๐Ÿ“ˆ 23.96 Punkte

๐Ÿ“Œ Massive wave of account hijacks hits YouTube creators


๐Ÿ“ˆ 23.52 Punkte

๐Ÿ“Œ Hacker hijacks Orange Spain RIPE account to cause BGP havoc


๐Ÿ“ˆ 23.52 Punkte











matomo