Warnings about misinformation are now regularly posted on Twitter, Facebook, and other social media platforms, but not all of these cautions are created equal. A research from Rensselaer Polytechnic Institute shows that artificial intelligence can help form accurate news assessments – but only when a news story is first emerging. Ineffective with with stories on frequently covered topics Researchers found that AI-driven interventions are generally ineffective when used to flag issues with stories on frequently … More →
Peiter Zatko’s appointment follows mass attack on social media platform in July
Twitter has appointed one of the world’s most respected hackers as its new head of security in the wake of a humiliating mass attack in July.
The company has placed Peiter Zatko in charge of protecting its platform from threats of all varieties, poaching him from the payments startup Stripe. Zatko is better known as Mudge, his handle for more than 20 years of operation on both sides of the information security arena.
The high-profile Twitter accounts compromised included Barack Obama, Elon Musk, Kanye West, Bill Gates, Jeff Bezos, Warren Buffett, Kim Kardashian, and Joe Biden. Around £80,000 of Bitcoin was sent to the scammer's Bitcoin account before Twitter swiftly took action by deleting the scam tweets and blocking every 'blue tick' verified Twitter user from tweeting, including me. While the Twitter hack and scam dominated media headlines around the world, the attack was not the 'highly sophisticated cyber-attack' as reported by many media outlets, but it was certainly bold and clever. The attackers phoned Twitter administrative staff and blagged (socially engineered) their Twitter privilege account credentials out of them, which in turn gave the attackers access to Twitter's backend administrative system and to any Twitter account they desired. It is understood this Twitter account access was sold by a hacker on the dark web to a scammer in the days before the attack, that scammer(s) orchestrated a near-simultaneous Bitcoin scam tweets to be posted from the high profile accounts. On 31st July, law enforcement authorities charged three men for the attack, with one of the suspects disclosed as a 19-year British man from Bognor Regis. There was a very serious critical Windows vulnerability disclosed as part the July 2020 Microsoft 'Patch Tuesday' security update release. Dubbed "SIGRed", it is a 17-year-old Remote Code Execution (RCE) vulnerability in Windows Domain Name System (DNS), a component commonly present in Microsoft Windows Server 2008, 2012, 2012R2, 2016 and 2019. Disclosed as CVE-2020-1350 it was given the highest possible CVSS score of 10.0, which basically means the vulnerability is “easy to attack” and “likely to be exploited”, although Microsoft said they hadn't seen any evidence of its exploitation at the time of their patch release. Given SIGRed is a wormable vulnerability, it makes it particularly dangerous, as wormable malware could exploit the vulnerability to rapidly spread itself over flat networks without any user interaction, as per the WannaCry attack on the NHS and other large organisations. Secondly, it could be used to exploit privilege level accounts (i.e. admin accounts found on Servers). The Microsoft CVE-2020-1350 vulnerability can be mitigated on effected systems by either applying the Microsoft Windows DNS Server Microsoft released patch (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350or by applying a Registry Workaround (https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability)
At least 10 universities in the UK had student data stolen after hackers attacked Blackbaud, an education-focused cloud service provider. UK universities impacted included York, Loughborough, Leeds, London, Reading, Exeter and Oxford. According to the BBC News website, Blackbaud said "In May of 2020, we discovered and stopped a ransomware attack. Prior to our locking the cyber-criminal out, the cyber-criminal removed a copy of a subset of data from our self-hosted environment."
As expected, the UK Government ordered UK mobile network operators to remove all Huawei 5G equipment by 2027, and banning their purchase of Huawei 5G network equipment after 31st December 2020. Digital Secretary Oliver Dowden said it follows sanctions imposed by the United States, which claims the Chinese firm poses a national security threat, which Huawei continues to resolutely deny. The ban is expected to delay the UK's 5G rollout by a year. "This has not been an easy decision, but it is the right one for the UK telecoms networks, for our national security and our economy, both now and indeed in the long run," he said.
In some media quarters, it was suggested the UK u-turn on Huawei could lead to cyberattack repercussions after Reuter's said its sources confirmed China was behind cyberattacks on Australia's critical national infrastructure and government institutions following their trade dispute with China. Russian Hacking Group (APT 29) was jointly accused of targeting the theft of coronavirus vaccine research by the UK NCSC, the Canadian Communication Security Establishment (CSE), United States Department for Homeland Security (DHS), Cyber-security Infrastructure Security Agency (CISA) and the US National Security Agency (NSA). The UK's National Cyber Security Centre (NCSC) said the hackers "almost certainly" operated as "part of Russian intelligence services". It did not specify which research organisations had been targeted, or whether any coronavirus vaccine research data was taken, but it did say vaccine research was not hindered by the hackers. Russia's ambassador to the UK has rejected allegations, "I don't believe in this story at all, there is no sense in it," Andrei Kelin told the BBC's Andrew Marr Show. While Foreign Secretary Dominic Raab said it is "very clear Russia did this", adding that it is important to call out this "pariah-type behaviour".
UK sport said hackers tried to steal a £1 million club transfer fee and froze turnstiles at a football game. Cybercriminals hacked a Premier League club managing director's email account during a player transfer negotiation, the million-pound theft was only thwarted by a last-minute intervention by a bank. Another English football club was targeted by a ransomware attack which stopped its turnstiles and CCTV systems from working, which nearly resulted in a football match being postponed. Common tactics used by hackers to attack football clubs include compromising emails, cyber-enabled fraud and ransomware to shutting down digital systems. For further information on this subject, see my extensive blog post on football club hacking, The Billion Pound Manchester City Hack.
Yet another big data exposure caused by a misconfigured AWS S3 bucket was found by security researchers, one million files of Fitness Brand 'V Shred' was discovered exposed to the world, including the personal data of 99,000 V Shred customers. Interestingly V Shred defended the researcher findings by claiming it was necessary for user files to be publicly available and denied that any PII data had been exposed.
The Highlighter™ Super Users series is a little
something I've put together to reach out to the Highlighter
community. As a user of this freeware tool from Mandiant, I want you
to know there are many users out there who can help you get through
your log analysis paralysis. This series is meant to highlight (see
what I did there?) how some users have solved a various range of
problems using Highlighter. These interviews will provide insight
into the benefits and pitfalls of using Highlighter, some features
you may not be aware of, and a few use cases you may not have
Super User Interview #1: Ken Johnson
Ken Johnson is
one of Highlighter's Twitter-friendly users. He is a malware analyst
and incident responder extraordinaire; fighting evil one keyword
search at a time. Known as @patories on Twitter, I reached out to him and
asked some questions about his experience using Highlighter.
Name Ken Johnson
Realm of work My primary work is focused on malware analysis and incident
response. Occasionally I also do some forensics work.
How did you hear about Highlighter? I first saw Highlighter when I was familiarizing myself
with free tools. I have used Memoryze™ previously.
Do you know of any other tools that do what Highlighter does? Highlighter is the only tool I know of, and it does what I
need so I haven't looked for others.
How do you normally use Highlighter? I use Highlighter to trim out known good traffic from proxy
logs. This helps get to the unknown stuff quicker. When logs can
be multiple gigabytes this is a time saver.
Can you describe one scenario in which Highlighter helped you
find evil and/or solve crime? On more than one occasion I have used Highlighter to narrow
down proxy log traffic to find connections that are malicious.
There was an instance about 2 months ago where users fell for a
Phish. We used Highlighter to find the C&C IP's that machines
kept calling home to, by filtering out what was normal and
analyzing what was left. Highlighter helped find almost 50 IP/URLS
that were malicious.
On a scale from 1 (worst) to 5 (best), how well does
Highlighter address your use case(s)? I would have to give Highlighter a 4.
What is missing from Highlighter for your use case(s)? I would like to have the ability to whitelist traffic so I
do not have to manually keep removing internal hosts that we see.
This may be in the program and I have not found it.
What is one Highlighter feature addition that would serve the
Information Security community best? I think the ability to whitelist hostnames would be a nice
Are you aware of, or have you used, any of the following features:
Activity Over Time feature that lets you view log data as a
function of Entries Per Day No, I was not aware of this one.
Ability to change basic font settings for your output I know it is there, but for my use this is never
Have you ever seen Highlighter used in such a way that your
eyeballs melted from all the Awesome? I have only seen myself use it, but I have seen my
co-workers eyeballs melt when I show them the awesomeness that
they can do. Some are still stuck in the grep world...
Keep an eye out for the second post in the Highlighter Super
Users Series featuring Russ McRee, author of ISSA Journal's
toolsmith series and mastermind behind www.holisticinfosec.org.
If you're interested in sharing your own experiences with this tool,
please let me know by commenting below.