Friday Five 8/26
Read about why Twitter is coming under fire, how a cybersecurity organization may have gone on the offensive, possible big changes coming for software vendors, and much more in this week’s Friday Five!
1. TWITTER SECURITY UNDER SCRUTINY AFTER FORMER EXECUTIVE TURNS WHISTLEBLOWER BY PIETER ARNTZ
Peiter “Mudge” Zatko, former security lead for Twitter who was fired this past January for “poor performance,” has recently come out with several accusations against the social media giant, claiming that the company has spread misinformation about their security practices, that Twitter’s infrastructure is vulnerable to attacks, that the platform is vulnerable to foreign influence, and more. Per Zatko, "it was impossible to protect the production environment. All engineers had access. There was no logging of who went into the environment or what they did... Nobody knew where data lived or whether it was critical, and all engineers had some form of critical access to the production environment." Read the full story from Malwarebytes Labs to get the full breakdown of Zatko’s accusations, and read the full whistleblower disclosure for full details.
2. LOCKBIT RANSOMWARE GROUP DOWNED BY DDOS AFTER CLAIMING ENTRUST BREACH BY CARLY PAGE
In what may be a first, after the LockBit ransomware group claimed responsibility for an attack against Entrust this past July, the group also claims that their victim mounted a DDoS counterattack. A LockBit member going by the pseudonym ‘LockBitSupp’ reported to a security researcher that LockBit’s dark web leak site was receiving “400 requests a second from over 1,000 servers.” Read the full story from TechCrunch to find out why LockBit suspects Entrust is behind the DDoS attack, and why Entrust’s counterattack could spell trouble for the company if proven guilty.
3. THE PENTAGON MAY REQUIRE VENDORS CERTIFY THEIR SOFTWARE IS FREE OF KNOWN FLAWS. EXPERTS ARE SPLIT BY SUZANNE SMALLEY
The U.S. House of Representatives recently passed the defense spending bill for the 2023 fiscal year, H.R.7900 - National Defense Authorization Act for Fiscal Year 2023, which will reportedly not allow software companies to sell software with any known common vulnerabilities and exposures (CVEs) to the Department of Defense. While at first glance this mandate may appear reasonable, this component of the bill has quickly sparked debate. Dan Lorenc, CEO of Chainguard and former Google software engineer, says, "to anyone who has spent time looking at CVE scan results, this idea is just misguided at best and an impending s***show at worst.” For a more detailed look into both sides of the argument, read Suzanne Smalley’s full report at CyberScoop.
4. MISCONFIGURED META PIXEL EXPOSED HEALTHCARE DATA OF 1.3M PATIENTS BY BILL TOULAS
After U.S. healthcare provider Novant Health ran promotional campaigns for COVID-19 vaccines in 2020 using Meta Pixel (formerly Facebook Pixel), the organization recently found that over 1.3 million patients had their sensitive health information mistakenly collected by the ad tracking script. The breach was reportedly caused by a misconfiguration of Meta Pixel on Novant Health’s website, and the exposed information could have included any of the following:
- Email address
- Phone number
- IP address
- Emergency contact information
- Appointment type and date
- Selected physician
- Portal menu selections
- Any content typed into the "free text" boxes
Read the full story at BleepingComupter to find out whether or not your information could have been included in the breach and to read more about the impending class action lawsuit against Meta and others involved.
5. MICROSOFT: IRANIAN ATTACKERS ARE USING LOG4SHELL TO TARGET ORGANIZATIONS IN ISRAEL BY LIAM TUNG
The Microsoft Threat Intelligence Center (MSTIC) has assessed with “high confidence” that a threat actor known as Mercury, which has been exploiting Log4Shell vulnerabilities in Israeli organizations, is affiliated with Iran's Ministry of Intelligence and Security (MOIS). In a recent blog from Microsoft, they warned that Mercury is "leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations all located in Israel," after which they establish "persistence, dumps credentials, and moves laterally within the targeted organization using both custom and well-known hacking tools, as well as built-in operating system tools for its hands-on-keyboard attack."