Security News > 2020

Twitter on Monday announced that it has suspended a large number of fake accounts that had exploited an API vulnerability to match usernames to phone numbers. The fake accounts were exploiting a feature meant to help users with newly created accounts find people they might already know on the online platform.

With the ransomware threat is surging unstoppably in the last few years, it was just a matter of time until ICS-specific ransomware became a reality. "While all indications at present show a relatively primitive attack mechanism on control system networks, the specificity of processes listed in a static 'kill list' shows a level of intentionality previously absent from ransomware targeting the industrial space," Dragos researchers pointed out.

A further education college in east Scotland has been struck by what its principal described as a cyber "Bomb" in an apparent ransomware attack so bad that students have been told to stay away and reset passwords en masse. Dundee and Angus College told students not to turn up after the ransomware seemingly downed the entire institution's IT systems.

Hewlett Packard Enterprise on Monday announced that it has acquired Scytale, an identity management startup that specializes in cloud-native security and zero trust networking. Launched in 2017, Scytale is the company behind Secure Production Identity Framework for Everyone, a set of open-source standards designed for securely identifying software systems by providing a special X.509 certificate, which represents a secure identity, to every workload in a production environment.

The forensic engineers who help police gather evidence understand this even if it's not always been clear which methods are the most effective as extracting data accurately enough for it to meet standards of evidence. To examine the issue, the US National Institute of Standards and Technology says it recently conducted tests using 10 popular Android smartphones careful loaded with a mix of data accumulated during simulated use.

Security teams gain snippets of insight from defensive failures through public breach disclosures or the investigative reporting that follows large-scale and brand-name hacks. Upon "Going dark" after a breach detection, the security products vendors used within the compromised environment are similarly shut out - at precisely the time they can potentially add the most value to both the victim and the wider defensive ecosystem.

When combined together, the reported issues could have even enabled hackers to remotely steal files from the Windows or Mac computer of a victim using the WhatsApp desktop app by merely sending a specially crafted message. In a blog post published today, Weizman revealed that WhatsApp Web was vulnerable to a potentially dangerous open-redirect flaw that led to persistent cross-site scripting attacks, which could have been triggered by sending a specially crafted message to the targeted WhatsApp users.

The Norwegian Consumer Council has published an extensive report about how the adtech industry violates consumer privacy. At the same time, it is filing three legal complaints against six companies in this space.

As first reported by Business Insider, last week, Kelly had to use his personal Twitter account to vent about having been shut out of the parody account, which he uses to poke fun at the school's social media presence, news and messages to students. Twitter determined the account violated their policy on account impersonation and turned access over to us.

A Twitter API that's intended to help new account holders find people they may already know on Twitter has been abused by known and unknown actors to tie usernames to phone numbers and potentially de-anonymize certain users. "On December 24, 2019 we became aware that someone was using a large network of fake accounts to exploit our API and match usernames to phone numbers. We immediately suspended these accounts and are disclosing the details of our investigation to you today because we believe it's important that you are aware of what happened, and how we fixed it," Twitter shared on Monday.