Wednesday, December 25, 2024

InfoSec headlines: Musk Twitter deal back on, TikTok security deal politics, Netwalker affiliate 20-year prison sentence

Musk offers to proceed with Twitter deal

On Tuesday, regulators received a letter from Elon Musk’s legal team offering to proceed with the $44 billion Twitter buyout. The agreement would preempt a trial scheduled for October, related to Musk’s allegations of rampant bot accounts and security misgivings on the platform. The deal hinges on the receipt of debt financing, as well as the Delaware Chancery Court ceasing all other legal proceedings related to the deal. Twitter responded Tuesday, signaling their intent to close the original deal, however Twitter’s board indicates it will take its time to review the offer over fears of it being a legal ploy.

(AXIOS)

TikTok security deal becomes a political pawn

Republicans are criticizing the Biden administration for dragging its feet reviewing risks associated with TikTok potentially sharing US user data with the Chinese government. Republicans are vowing to conduct hearings on the matter should they win House or Senate majorities in the November midterm elections. James Lewis, head of the technologies program at the Center for Strategic and International Studies, called the risk TikTok poses debatable but agrees the White House response “has not been on a fast track.” TikTok has denied sharing any user data with the Chinese government and said it won’t do so, even if requested. Sources say the administration is close to finalizing a deal with TikTok that would include implementing a series of safeguards including storing all US user data on Oracle servers located in the US. Republicans say they will contest any agreement that doesn’t impose stringent safeguards.

Recommended:  British Council exposed more than 100,000 files with student records

(WSJ)

Netwalker ransomware affiliate sentenced to 20 years in prison

On Tuesday, a court in Tampa, FL sentenced former Netwalker ransomware-as-a-service affiliate, Sebastien Vachon-Desjardins, to 20 years in prison and ordered him to forfeit $21.5 million.The 34-year-old Canadian man was extradited from Quebec and plead guilty to a series of computer and wire fraud related crimes. After serving his prison sentence, Vachon-Desjardins will have to serve three years of supervised release and will not be permitted to use any device capable of connecting to the Internet. Back in February, Vachon-Desjardins was sentenced to 6 years and eight months for similar charges in a court in Ontario. 

(Bleeping Computer)

Hackers breach scam sites to hijack crypto transactions

In July, the FBI warned of a scam, dubbed ‘dApps’ (decentralized applications), that stole victims’ crypto investments by impersonating crypto mining services. A threat actor named ‘Water Labbu’ has been spotted injecting malicious JavaScript into the dApps scam sites. When an investor connects their wallet to the site, Labbu’s script detects whether the wallet contains a large amount of crypto holdings, and if so, attempts to steal it. Labbu has compromised at least 45 scam websites, making off with over $316,000.

(Bleeping Computer)

Bug exploitation now tops ransomware vectors

According to Secureworks, exploitation of internet-facing vulnerabilities accounted for 52% of ransomware incidents over the past 12 months. That makes bug exploits the number one initial access vector for ransomware, overtaking use of credentials, which is often associated with malicious emails and compromise of remote desktop protocol (RDP). Secureworks’ report states, “The process of patching a vulnerability in an enterprise environment is far more complex and slower than the process for threat actors or OST developers of weaponizing publicly available exploit code.”

Recommended:  Most Organizations Still Vulnerable To Year-Old Log4j Vulnerability

(Infosecurity Magazine)

CISA directive improves asset visibility and vuln detection

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) which will take effect on April 03, 2023. The new directive requires federal civilian executive branch (FCEB) agencies to perform automated asset discovery within the entire IPv4 space every seven days. Further, the directive calls for agencies to initiate vulnerability enumeration across all discovered assets every 14 days, and automatically load vuln data into the agency’s Continuous Diagnostics and Mitigation (CDM) dashboard within 72 hours of discovery. CISA’s latest directive comes on the heels of last month’s guidance aimed at helping developers improve software supply chain security.

(Infosecurity Magazine)

DeVry launches nonprofit cyber grant 

According to a recent report from RipRap Security, 59% of nonprofits have no cybersecurity training for their staff and 42% do not monitor their IT environment for security events. On Tuesday, DeVry University announced the launch of its Nonprofit Cyber Grant program which will provide cybersecurity training to a cohort of three professionals from Atlanta-area nonprofit organizations. DeVry will waive tuition and fees for its Cybersecurity Certificate program which includes 14 courses covering Infrastructure and Network Security, Ethical Hacking, Business Continuity, Data Privacy and Security and Risk Management. 

(Cybersecurity Insiders)

Kim Kardashian should keep up with cyber fraud regulations

The SEC has fined reality TV star, Kim Kardashian, $1.26 million for failing to disclose earnings related to promotion of cryptocurrency products. Kardashian endorsed EMAX Tokens from EthereumMax and allegedly hid related earnings. Gary Gensler, the Chairperson of the SEC, confirmed the penalty and urged investors to do their own investment risk research instead of simply following the advice of influencers.

Recommended:  Ukrainian Government Websites Forced Offline in "Massive" Cyber-Attack

(Cybersecurity Insiders)

source

Suggest an edit to this article

Cybersecurity Knowledge Base

Latest Cybersecurity News

Cybersecurity Academy

Homepage

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

RiSec.Mitch
Just your average information security researcher from Delaware US.

more infosec reads

Subscribe for weekly updates

explore

more

security