Cyber Security Headlines: Ex-Uber exec heads to trial, Twitter fires back at Mudge, FBI K-12 warning

Uber’s ex-cyber exec heads to trial

Joe Sullivan, former security chief at Facebook and Uber, was fired by Uber back in 2017 for mishandling a security incident a year prior. Despite the scandal, Sullivan was hired on as chief of security at internet infrastructure firm Cloudflare. In 2020, Sullivan was charged with two felonies, marking the first time a company exec has faced potential criminal liability for an alleged data breach. Sullivan stepped down from his job at Cloudflare in July, in preparation for his trial, which begins this week in US District Court in San Francisco. 

(San Francisco Examiner)

Twitter fires back at Mudge for “parroting” Elon Musk

Twitter’s lawyer, Bradley Wilson, said in a court hearing Tuesday that Peiter Zatko (widely known as “Mudge”) never raised any concerns about spam and bot accounts on the platform while working at Twitter. Wilson claims that Mudge only “started parroting” Elon Musk’s bot account allegations upon filing his whistleblower complaint against Twitter, which Wilson called “very, very strange.” Twitter’s legal team added that addressing bots issues wasn’t part of Mudge’s job responsibilities. Mudge claims Twitter brushed off his bot account concerns and misled investors about the problem. Twitter say they’ve turned over Zatko’s internal emails going back to 2021, and have indicated that the company has nothing to hide.

(Bloomberg)

FBI warns of ransomware attacks on school districts

On Tuesday, the FBI, CISA, and MS-ISAC warned that a ransomware group called Vice Society is targeting K-12 school districts in the US. The joint advisory says schools should brace for spikes in attacks as the 2022/2023 school year begins. Vice Society is known for their double-extortion techniques, first stealing data before deploying one of several ransomware strains on victim networks. The FBI is urging districts to protect themselves by patching systems, training users on phishing, implementing multi-factor authentication, and reporting any malicious activity to the FBI. Incidentally, the Los Angeles Unified School District (LAUSD) announced Tuesday that a ransomware attack took down some of its Information Technology (IT) systems over the weekend. However the attack has yet to be attributed to a specific ransomware gang.

(Bleeping Computer [1][2])

Samsung suffers another data breach

Hours before the Labor Day weekend began, Samsung announced its US systems were breached (again) in late July. Samsung was also breached back in March by the Lapsus$ gang, who swiped source code and other confidential documents. This time around, Samsung has issued a poorly explained data breach notice stating that “in some cases” hackers took customer data including names, contact and demographic information, date of birth, and product registration information. The notice doesn’t specify what demographic info is collected or why, but its US privacy policy reveals a long list of info which includes device usage and precise geographic location which are used for targeted advertising. It also remains unclear why it took Samsung more than a month to disclose the breach. 

(TechCrunch)

Thanks to today’s episode sponsor, Snyk

Developers want to code fast and security wants to ship securely — and they want to do it all from the cloud. That’s why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use.
Code, dependencies, containers, cloud environments… all of it.

And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects and cloud environments, so they can prioritize and focus their efforts in the right places.

Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity

Keybank’s customer data stolen from third-party provider

Threat actors stole Social Security numbers, addresses and account numbers of home mortgage holders at KeyBank. The breach was allegedly caused by KeyBank’s third-party vendor Overby-Seawell, who provides insurance services. The bank publicly apologized to customers on social media over the weekend offering them two years of free Equifax identity protection. While KeyBank is working with Overby-Seawell to identify the root cause, both companies have already been named in a class-action lawsuit as a result of the breach.

(Infosecurity Magazine)

Finland to award companies cybersecurity grants

Finland has suffered a number of recent cyberattacks, including a Denial-of-Service (DoS) attack that disabled the Finnish Parliament’s website on August 9, 2022. To help defend against future incidents in its critical sectors, the Finnish government will begin distributing cybersecurity vouchers for cybersecurity improvements to Finnish businesses. Businesses can earn vouchers totaling anywhere from 15,000 to 100,000  euros depending on factors like size and for-profit status. Security experts are encouraged by Finland’s track record of success using government programs to drive positive business change.

(Security Magazine)

Half of firms report supply chain ransomware compromise

According to Trend Micro, 52% of organizations globally know a partner that has been compromised by ransomware. Alarmingly, the report revealed that 90% of global IT leaders believe their partners and customers are making their own organization a more attractive ransomware target. Despite their concerns, less than half (47%) of respondents said they share knowledge about ransomware attacks with their suppliers, and only a quarter (25%) share potentially useful threat intelligence with partners. Perhaps these low figures can be explained by companies not having any useful intelligence to share in the first place as Trend Micro found average ransomware payload detection rates to be just 63%.

(Infosecurity Magazine)

Minecraft is a minefield for malware

Security researchers have discovered that Minecraft is the most heavily abused game title by cybercriminals to deliver malware. Based on stats collected by Kaspersky between July 2021 and July 2022, Minecraft-related files accounted for roughly 25% of malicious files propagation, followed by FIFA (11%), Roblox (9.5%), Far Cry (9.4%), and Call of Duty (9%). While mobile gaming accounts for much smaller distribution volumes compared to PC,  Minecraft dominates the mobile category as well, with a 40% share. There is some good news as researchers observed a drop in both the overall volumes of malware distribution (-30%) and the number of affected users (-36%) compared to 2020.

(Bleeping Computer)

Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.