Cyber Security Headlines: Bipartisan bill allows US TikTok ban, Twitter content moderation concerns, Emotet malware returns

Bipartisan bill allows for US ban of TikTok

On Tuesday, US senators introduced bipartisan legislation, called the RESTRICT Act, that would give the Commerce Department the ability to ban foreign technology deemed a national security risk. National Security Agency Director Paul Nakasone expressed concerns about TikTok collecting personal data of US citizens and potentially carrying out influence operations. TikTok spokeswoman Brooke Oberwetter said that the RESTRICT Act was unneeded because the White House can simply approve the deal that it has been negotiating with the company for over two years. She added,  “A U.S. ban on TikTok is a ban on the export of American culture and values to the billion-plus people who use our service worldwide.”

(The Record)

EU concerned with Twitter’s content moderation plans

The Digital Services Act (DSA) is landmark legislation from the European Union that will force Big Tech groups to aggressively police illegal content. Major platforms, including Twitter, will have to be fully compliant by September this year. While Elon Musk indicated that Twitter intends to fully comply with the DSA, sources say that the EU has expressed concerns related to Twitter’s plan to use more volunteers and artificial intelligence to help moderate the social media platform. The European Commission stated that they expect platforms to ensure they have the appropriate resources to moderate content.

(Financial Times)

Emotet malware returns after three-month hiatus

As of Tuesday morning, the Emotet malware operation again began spamming malicious emails worldwide after a three-month break. Emotet is distributed via emails containing malicious Microsoft Word and Excel document attachments. When users open the documents with macros enabled, the Emotet DLL will be downloaded and loaded into memory. The malware then quietly waits for instructions from a remote command and control server. The malware ultimately steals victim emails and contacts or downloads other malware, such as Cobalt Strike,  commonly used in ransomware attacks.

(Bleeping Computer)

Acer confirms repair technician server was hacked

Taiwanese computer maker Acer has confirmed a breach of one of its document servers containing technician documents. The statement comes after someone on a hacker forum claimed to be selling 160 GB of Acer data containing confidential presentations, manuals, binaries, mobile device info and digital product keys. The company said there is no indication that any consumer data was stored on the affected server.

(The Record and Security Affairs)

And now a word from our sponsor, Packetlabs

Looking for the right cybersecurity service provider can be a daunting task. How do you know if they’re trustworthy and reliable? Packetlabs has made it easier for you with our free Penetration Testing buyers guide. We’ve compiled a list of the top 20 questions you should ask potential providers to ensure you make an informed decision. Download the guide today at

Toyota search tool exposed customer data

Late last year, a researcher discovered a production API in Toyota’s C360 customer relationship management (CRM) tool exposing personal information of customers in Mexico. A threat hunter discovered that they could modify Angular JavaScript code in the application’s development environment to bypass authentication. He then located exposed API endpoints that did not require an authentication token and returned customer names, phone numbers, IDs, or email addresses if a well-formed request was sent. Upon receiving the disclosure, Toyota took its sites offline and secured the APIs by requiring an authentication token.

(SecurityWeek and Dark Reading)

Excel now blocks untrusted XLL add-ins

Microsoft says that Excel is now blocking untrusted XLL add-ins by default. Excel XLL files are dynamic-link libraries (DLLs) used to expand the functionality of Microsoft Excel but attackers commonly use XLL add-ins to push malicious payloads via in phishing campaigns. The new feature will be generally available in multi-tenants worldwide by late March after Microsoft rolls it out to all desktop users in the Current, Monthly Enterprise, and Semi-Annual Enterprise channels. 

(Bleeping Computer)

FBI, Pentagon researched facial recognition for cameras and drones

Documents revealed as part of a Freedom of Information Act lawsuit filed against the FBI detail its involvement in Project Janus which aimed to dramatically improve facial recognition systems. These systems were used in street cameras and drones and could identify targets more than a half-mile away. While the project officially ended in 2020, its work was then folded into other systems. The lack of transparency about how the government uses facial recognition has raised concerns about potential misuse. Three states have banned facial recognition but there are currently no federal laws regulating its use. A senator from Massachusetts said Tuesday they intend to push for a bill restricting how federal agencies can use facial recognition and biometric search techniques. The FBI said it is “committed to responsible use of facial recognition technology ensuring it appropriately respects individuals’ privacy and civil liberties.” 

(Washington Post)

Cybersecurity leaders are stressed about email security

According to the 2023 Email Security Risk Report from Egress, 91% of the cybersecurity leaders said that company data has been leaked externally by email. The top three causes of the leaks were reckless employee behavior, human error, and intentional data exfiltration. Forty-eight percent of leaks resulted in employees exiting the organization and 49% suffered financial losses due to customer churn. The report also revealed that 86% of surveyed organizations were impacted by phishing emails, with 85% reporting that such attacks resulted in a successful account takeover. Forty percent of phishing incidents resulted in employees exiting the organization. Finally, over 95% of cybersecurity leaders are frustrated with the limited effectiveness of both their secure email gateway and security awareness and training programs. The report ultimately highlights that advanced email security is a necessity for everyday business. 

(Dark Reading)

Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.