Google owned Mandiant security firm gets its X account hacked

stapp · Jan 4, 2024

Google-owned security firm Mandiant spent several hours trying to regain control of its account on X (formerly known as Twitter) on Wednesday after an unknown scammer hijacked it and used it to spread a link that attempted to steal cryptocurrency from people who clicked on it.
Click to expand...

At the time the article was posted the Mandiant profile displayed the message “This account doesn’t exist.”

https://arstechnica.com/security/20...ity-firm-mandiant-pushes-cryptocurrency-scam/

Rasheed187 · Jan 7, 2024

Wow, very troubling since they claim to use 2FA. So perhaps an infostealer was involved who hijacked cookies, but even more alarming is that it may also have been caused by some website XSS attack. I wonder if NoScript or uBlock can protect against such an attack?

Last month, someone claimed to have discovered the social media site was vulnerable to a “reflected XSS,” a type of vulnerability that can sometimes be used to compromise the security of accounts when a legitimate user currently logged in clicks on a malicious link in a different browser tab. The user said they reported the vulnerability through legitimate channels but that the submission didn’t qualify under the X bug bounty program.
Click to expand...

Log in or Sign up

Google owned Mandiant security firm gets its X account hacked

stapp Global Moderator

Rasheed187 Registered Member

Log in or Sign up

Google owned Mandiant security firm gets its X account hacked

stapp Global Moderator

Rasheed187 Registered Member

Useful Searches