In brief Twitter’s head of security and CISO both ejected from the social media biz this month.
Infosec guru Mudge, aka Peiter Zatko, joined Twitter in 2020 in the aftermath of 130 high-profile accounts, including those of Elon Musk, Bill Gates, Barack Obama, and Joe Biden, being hijacked by miscreants. You may remember Mudge as an original member of The Cult of the Dead Cow and L0pht.
He’s now out of the micro-blogging site, as is CISO Rinki Sethi, who was also recruited in 2020 to fix up Twitter’s security. According to an internal memo seen by the New York Times, both are the latest victims of new CEO Parag Agrawal’s move to remake the business under his management after Jack Dorsey’s resignation.
Presumably both got golden parachutes, and they won’t have problems finding new employment. Mudge’s exploits are legendary, and Sethi is one of the most highly regarded security folk in Silicon Valley, with stints at eBay, IBM, and Palo Alto Networks. She confirmed the move on Friday.
The move raised eyebrows in the security community, along with speculation as to why they left: it doesn’t quite appear voluntary. New CEOs like to put their own stamps on a company, and some have suggested the new direction might be down to personal differences on certain technologies – such as cryptocurrencies and blockchains, which Twitter is showing a sudden interest in.
i genuinely hope this happened because mudge told the CEO that the crypto stuff is dumb as hell and the CEO was like “yeah well you are fired, who’s the dumb one now?!” https://t.co/8lrlLgQspK
— can “it’s my real name” duruk (@can) January 21, 2022
Certainly the response so far hasn’t been good.
- US government agencies are using a 35-year-old surveillance law to quietly get meta-data – such as IP addresses and numbers contacted – from WhatsApp for targets of investigations – Forbes
- Malicious bootkit code dubbed MoonBounce has been discovered in some UEFI firmware, is designed to inject user-mode malware into the running environment, and is linked to Chinese-speaking APT41 – Kaspersky
- Hacktivists in Belarus claim they have infected the network of the country’s railroad system with ransomware and would provide the decryption key only if the nation stopped aiding Russian troops that are potentially gearing up for an invasion of Ukraine – Ars Technica
- WordPress plugin and theme authors AccessPress were apparently compromised and their software replaced with backdoored versions last year – Sucuri (and Jetpack, which discovered and disclosed details of the intrusion)
- Russian cybersecurity company Infotecs, placed on US government export ban list, has allegedly maintained an active US presence that has attracted the scrutiny of federal investigators – Forensic News
- Check to make sure you’ve got CVE-2021-4122 patched in your Linux system if you’re using cryptsetup with Linux full-disk encryption. As Red Hat put it, “an attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.” The upshot is that someone with physical access to your machine could potentially decrypt part of your encrypted disk in what sounds like non-trivial circumstances.
NSO faces Israeli government probe
There were more legal woes for spyware maker NSO Group, this time on its home turf.
Israel’s State Comptroller Matanyahu Englman has reportedly launched an investigation into the company following news reports claiming its Pegasus software was used by cops in the nation to snoop on Israeli citizens – specifically, those who were protesting against the then-premiership of Benjamin Netanyahu.
In addition it appears the police used the software to investigate two mayors for corruption without any judicial order or oversight. Israel-based Cellebrite was also accused of helping the cops in their surveillance.
In an effort to improve its somewhat tarnished reputation the NSO Group has been on something of a PR push. The results have been somewhat mixed, to say the least.
Nigerian police hunt down SilverTerrier BEC gang, 11 arrests made
A combined operation by Interpol and Nigeria’s police has seen the bust of what’s claimed to be a major business email compromise gang operating in the West African nation.
Details of the arrests, made last month under Operation Falcon II, have only just been made public, and involved Nigerian officers acting on information from Interpol, and using the international agency’s secure comms network to avoid tipping off the suspects. The plod allegedly found one suspect with “more than 800,000 potential victim domain credentials on his laptop,” according to Interpol, while another was said to be in contact with 16 companies and diverting funds from their accounts.
“By alerting Nigeria to this serious cybercrime threat, Interpol enabled me to give the order to hunt down these globally active criminals nationwide, flushing them out no matter where they tried to hide in my country,” said Assistant Inspector General of Police and Interpol Africa veep Garba Baba Umar.
“I encourage fellow African countries to also work with Interpol in ridding our continent of cybercrime to make the cyber world a safer place.”
The villain beside the bed?
Healthcare tech biz Cynerio claims 73 per cent of IV pumps have a known computer security vulnerability, a good proportion of medical systems are using a default or weak password, and a third of bedside IoT devices have “an identified critical risk.” ®