---
title: "Twitter Scam Exploits, FBI Halts Ransomware, Massive Data Breach, Cybersecurity News  [December 18, 2023] | DuoCircle"
description: "Here we are again, sharing the latest in cybersecurity to help paint a picture of the persistent challenges and how you can stay safe."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-51-of-2023/"
---

Quick Answer

Week 51, 2023 cyber news: crypto scammers abuse a Twitter/X URL quirk where status IDs load posts regardless of the account name in the URL, letting them spoof high-profile accounts to push fake giveaways and wallet drainers; the FBI seized ALPHV/BlackCat infrastructure and obtained decryption keys, helping \~500 victims recover data and avoid $68M in ransoms; Xfinitys October Citrix Bleed (CVE-2023-4966) breach exposed data on 35.8 million customers; ex-Amazon engineer Shakeeb Ahmed pleads guilty to stealing $12.3M from Nirvana Finance and a Solana exchange via smart-contract manipulation.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-51-of-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Twitter%20Scam%20Exploits%2C%20FBI%20Halts%20Ransomware%2C%20Massive%20Data%20Breach%2C%20Cybersecurity%20News%20%20%5BDecember%2018%2C%202023%5D&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-51-of-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-51-of-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-51-of-2023%2F&title=Twitter%20Scam%20Exploits%2C%20FBI%20Halts%20Ransomware%2C%20Massive%20Data%20Breach%2C%20Cybersecurity%20News%20%20%5BDecember%2018%2C%202023%5D "Share on Reddit") [ ](mailto:?subject=Twitter%20Scam%20Exploits%2C%20FBI%20Halts%20Ransomware%2C%20Massive%20Data%20Breach%2C%20Cybersecurity%20News%20%20%5BDecember%2018%2C%202023%5D&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-51-of-2023%2F "Share via Email") 

![cybersecurity](https://media.mailhop.org/duocircle/images/2023/12/365-to-365-migration.jpg) 

Here we are again, sharing the latest in [cybersecurity](/) to help paint a picture of the **persistent challenges** and how you can stay safe. This week, we’ll share news about the exploitation of Twitter features, the FBI’s win over the Blackcat ransomware gang, Xfinity’s significant [data breach](https://www.bbc.com/news/uk-northern-ireland-67687710), and the conviction of an Amazon engineer turned crypto hacker. Ready to dive in? Let’s take a look.

## Twitter ‘Feature’ Exploited by Crypto Scammers Impersonating High-Profile Accounts

Crypto scammers are **abusing a feature on Twitter** and using it to promote scams, [phony giveaways](https://www.bleepingcomputer.com/news/security/tiktok-flooded-by-elon-musk-cryptocurrency-giveaway-scams/), and fraud Telegram channels.

_A post’s URL (Uniform Resource Locator) on X (formerly Twitter) consists of the account name along with a status ID._ It uses the status ID to check if the post is to be loaded from the database but does not check if the account name is valid. So, the URLs use only the IDs of the tweets, not the account names.

Researchers of the Malware Hunter Team have [shared](https://twitter.com/XrplServices/status/1736432471166660814) how threat actors are using it as a **redirecting mechanism**, creating URLs that look genuine but are actually not. Threat actors and scammers are using these to promote **fake crypto giveaways** to take victims to wallet drainers and [pump-and-dump Discord channels](https://cointelegraph.com/news/what-are-crypto-pump-and-dump-groups-are-they-legal). You can filter some of these tweets using the **Quality Filter** located under Settings > Notifications > Filters and turn it on.

[![Phishing awareness training](https://media.mailhop.org/duocircle/images/2023/12/smtp-email-4632.jpg)](https://media.mailhop.org/duocircle/images/2023/12/smtp-email-4632.jpg)

[Phishing awareness training](/phishing-awareness-training) often emphasizes the importance of a diligent approach to [online safety](/email-security/data-privacy-and-protection-11-ways-to-protect-user-data/)_. The best way to check if you’re going to a scam site is to check the account name with the profile the tweet is posted on. If they match, the tweet is legitimate._ If not, chances are that you’re headed towards a scam. Implementing this **technique of cross-verification** not only helps differentiate between legitimate content and deceptive tricks but also adds an extra layer of [phishing protection](/email/phishing-protection), promoting a secure online experience.

## FBI Thwarts Blackcat Ransomware Operation and Develops Decryption Tool

The US DOJ (Department of Justice) shared news that the FBI was able to breach the ALPHV (Blackcat) [ransomware gang](https://www.scmagazine.com/news/play-ransomware-gang-tied-to-300-attacks-in-17-months) and **obtain decryption keys**.

Many of the Tor negotiation and data leak sites of the threat actor group stopped working on 7 December. This was the result of the DOJ. They recently [shared](https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant) that the FBI [conducted](https://www.documentcloud.org/documents/24231386-blackcat-alphv-search-warrant) a law enforcement operation and gained access to the gang’s infrastructure. They monitored the operations for months and made away with decryption keys, and used these keys to help nearly 500 victims **recover their data for free**, saving about $68 million in ransom demands.

The FBI also seized their [data leak site](https://www.group-ib.com/resources/knowledge-hub/dedicated-leak-sites/) which now shows a banner that the site was seized in an internal law enforcement operation. On Tuesday, the threat actors gained access to their data leak site once. Since the FBI holds the private keys, the threat actors and the FBI **seized the URL back and forth** multiple times.

This ended when the gang announced the launch of their new [Tor URL](https://nordvpn.com/blog/what-is-tor/) and also **threatened** to remove all restrictions from the data, allowing their affiliates to target critical infrastructures and any organizations they choose to.

## Data Breach Affects 35 Million People, Revealed by Xfinity

Xfinity shared details that threat actors breached its [Citrix servers](https://www.techopedia.com/definition/436/citrix-server) in October and made away with **customer information** from the system.

[![data breaches](https://media.mailhop.org/duocircle/images/2023/12/DMARC-reporting-service.jpg)](https://media.mailhop.org/duocircle/images/2023/12/DMARC-reporting-service.jpg)

Citrix released security updates on 25 October 2023 to address a critical vulnerability called **Citrix Bleed (CVE-2023-4966)**. Mandiant revealed that the [zero-day vulnerability](/email-security/two-zero-day-vulnerabilities-discovered-in-microsoft-exchange-server-patches-pending/) has been exploited since August 2023\. But this is not all.

Xfinity investigated the breach and shared that information was exfiltrated from its systems and nearly [35,879,455](https://apps.web.maine.gov/online/aeviewer/ME/40/49e711c6-e27c-4340-867c-9a529ab3ca2c.shtml) people were affected. The information taken by the threat actors includes names, contact information, birth dates, and secret questions/answers. Also, the last four digits of the [customer’s social security numbers](https://www.tomsguide.com/news/mortgage-lender-data-breach-exposes-full-names-dates-of-births-and-ssns-of-14-million-borrowers-what-to-do-next).

Xfinity asked all affected people to **reset their passwords**. However, they reported that they’ve been receiving password reset requests for the past week. Xfinity did [patch](https://www.businesswire.com/news/home/20231218979935/en/Notice-To-Customers-of-Data-Security-Incident/) the [vulnerability](/email-security/cisco-email-appliance-vulnerability-causing-denial-of-service/) but the data is still out there.

## Former Amazon Engineer Admits Guilt in Hacking Crypto Exchanges

A former Amazon security engineer named Shakeeb Ahmed pleaded guilty to **hacking and stealing**.

The man stole nearly $12.3 million from two crypto exchanges back in 2022\. He stole it from Nirvana Finance and an unnamed exchange on the [Solana Blockchain](https://www.forbes.com/advisor/in/investing/cryptocurrency/what-is-solana/). Ahmed revealed that he used his **blockchain audit** and reverse engineering skills to meddle with the smart contracts. He targeted the one on Solana by manipulating a smart contract so it could introduce **false pricing data** and generate $9 million in inflated fees.

He later offered to return the funds, keeping $1.5 million on the condition that law enforcement would not be involved. Afterward, he exploited a Nirvana Finance [DeFi smart contract](https://coinmarketcap.com/academy/article/a-dive-into-smart-contracts-and-defi) loophole and took a flash loan of **ANA tokens**. He got them at a low price, selling them at a gain of $3.6 million.

_Ahmed pled guilty to a computer fraud charge and will [compensate](https://www.justice.gov/usao-sdny/pr/former-security-engineer-international-technology-company-pleads-guilty-hacking-two) his victims with $5,071,074.23\. He will also need to forfeit the **stolen $12.3 million**._

## Topics

NewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 3m  Alert: Fix SPF & DKIM Settings For Your Email Forwarding Set Up Through Microsoft o365 SMTP Server Or Your Emails May End Up In Spam  Jul 20, 2021 ](/blog/announcements/alert-fix-spf-dkim-settings-for-your-email-forwarding-set-up-through-microsoft-o365-smtp-server-or-your-emails-may-end-up-in-spam/)[  News 6m  Cyber Security News Update, Week 1 of 2022  Jan 7, 2022 ](/blog/announcements/cyber-security-news-update-week-1-of-2022/)[  News 7m  Cybersecurity News Update, Week 1 of 2023  Jan 1, 2023 ](/blog/announcements/cyber-security-news-update-week-1-of-2023/)[  News 5m  EasyPark Data Breach, Ohio Lottery Cyberattack, GTA 5 Leak, Cybersecurity News \[December 25, 2023\]  Jan 4, 2024 ](/blog/announcements/cyber-security-news-update-week-1-of-2024/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Twitter Scam Exploits, FBI Halts Ransomware, Massive Data Breach, Cybersecurity News  [December 18, 2023]","description":"Here we are again, sharing the latest in cybersecurity to help paint a picture of the persistent challenges and how you can stay safe.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-51-of-2023/","datePublished":"2023-12-26T17:36:04.000Z","dateModified":"2025-05-14T11:06:49.000Z","dateCreated":"2023-12-26T17:36:04.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-51-of-2023/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":832,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2023/12/365-to-365-migration.jpg","caption":"cybersecurity","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Twitter Scam Exploits, FBI Halts Ransomware, Massive Data Breach, Cybersecurity News  [December 18, 2023]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-51-of-2023/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Twitter Scam Exploits, FBI Halts Ransomware, Massive Data Breach, Cybersecurity News  [December 18, 2023]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-51-of-2023/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Twitter Scam Exploits, FBI Halts Ransomware, Massive Data Breach, Cybersecurity News  [December 18, 2023]","description":"Here we are again, sharing the latest in cybersecurity to help paint a picture of the persistent challenges and how you can stay safe.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-51-of-2023/","datePublished":"2023-12-26T17:36:04.000Z","dateModified":"2025-05-14T11:06:49.000Z","dateCreated":"2023-12-26T17:36:04.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-51-of-2023/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":832,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2023/12/365-to-365-migration.jpg","caption":"cybersecurity","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```
