Cyber Security Headlines: Musk Twitter deal back on, TikTok security deal politics, Netwalker affiliate 20-year prison sentence

Musk offers to proceed with Twitter deal

On Tuesday, regulators received a letter from Elon Musk’s legal team offering to proceed with the $44 billion Twitter buyout. The agreement would preempt a trial scheduled for October, related to Musk’s allegations of rampant bot accounts and security misgivings on the platform. The deal hinges on the receipt of debt financing, as well as the Delaware Chancery Court ceasing all other legal proceedings related to the deal. Twitter responded Tuesday, signaling their intent to close the original deal, however Twitter’s board indicates it will take its time to review the offer over fears of it being a legal ploy.

(AXIOS)

TikTok security deal becomes a political pawn

Republicans are criticizing the Biden administration for dragging its feet reviewing risks associated with TikTok potentially sharing US user data with the Chinese government. Republicans are vowing to conduct hearings on the matter should they win House or Senate majorities in the November midterm elections. James Lewis, head of the technologies program at the Center for Strategic and International Studies, called the risk TikTok poses debatable but agrees the White House response “has not been on a fast track.” TikTok has denied sharing any user data with the Chinese government and said it won’t do so, even if requested. Sources say the administration is close to finalizing a deal with TikTok that would include implementing a series of safeguards including storing all US user data on Oracle servers located in the US. Republicans say they will contest any agreement that doesn’t impose stringent safeguards.

(WSJ)

Netwalker ransomware affiliate sentenced to 20 years in prison

On Tuesday, a court in Tampa, FL sentenced former Netwalker ransomware-as-a-service affiliate, Sebastien Vachon-Desjardins, to 20 years in prison and ordered him to forfeit $21.5 million.The 34-year-old Canadian man was extradited from Quebec and plead guilty to a series of computer and wire fraud related crimes. After serving his prison sentence, Vachon-Desjardins will have to serve three years of supervised release and will not be permitted to use any device capable of connecting to the Internet. Back in February, Vachon-Desjardins was sentenced to 6 years and eight months for similar charges in a court in Ontario. 

(Bleeping Computer)

Hackers breach scam sites to hijack crypto transactions

In July, the FBI warned of a scam, dubbed ‘dApps’ (decentralized applications), that stole victims’ crypto investments by impersonating crypto mining services. A threat actor named ‘Water Labbu’ has been spotted injecting malicious JavaScript into the dApps scam sites. When an investor connects their wallet to the site, Labbu’s script detects whether the wallet contains a large amount of crypto holdings, and if so, attempts to steal it. Labbu has compromised at least 45 scam websites, making off with over $316,000.

(Bleeping Computer)

Thanks to today’s episode sponsor, Hunters

Hunters is a SaaS platform, purpose built for your Security Operation team. Cimpress, theparent company of VistaPrint, implemented Hunters SOC Platform to replace its SIEM. Thanks to Hunters, Cimpress no longer needs to babysit alerts and detection logic – they’ve improved their SOC’s efficiency, and optimized costs. Visit Hunters.ai to learn more.

Bug exploitation now tops ransomware vectors

According to Secureworks, exploitation of internet-facing vulnerabilities accounted for 52% of ransomware incidents over the past 12 months. That makes bug exploits the number one initial access vector for ransomware, overtaking use of credentials, which is often associated with malicious emails and compromise of remote desktop protocol (RDP). Secureworks’ report states, “The process of patching a vulnerability in an enterprise environment is far more complex and slower than the process for threat actors or OST developers of weaponizing publicly available exploit code.”

(Infosecurity Magazine)

CISA directive improves asset visibility and vuln detection

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) which will take effect on April 03, 2023. The new directive requires federal civilian executive branch (FCEB) agencies to perform automated asset discovery within the entire IPv4 space every seven days. Further, the directive calls for agencies to initiate vulnerability enumeration across all discovered assets every 14 days, and automatically load vuln data into the agency’s Continuous Diagnostics and Mitigation (CDM) dashboard within 72 hours of discovery. CISA’s latest directive comes on the heels of last month’s guidance aimed at helping developers improve software supply chain security.

(Infosecurity Magazine)

DeVry launches nonprofit cyber grant 

According to a recent report from RipRap Security, 59% of nonprofits have no cybersecurity training for their staff and 42% do not monitor their IT environment for security events. On Tuesday, DeVry University announced the launch of its Nonprofit Cyber Grant program which will provide cybersecurity training to a cohort of three professionals from Atlanta-area nonprofit organizations. DeVry will waive tuition and fees for its Cybersecurity Certificate program which includes 14 courses covering Infrastructure and Network Security, Ethical Hacking, Business Continuity, Data Privacy and Security and Risk Management. 

(Cybersecurity Insiders)

Kim Kardashian should keep up with cyber fraud regulations

The SEC has fined reality TV star, Kim Kardashian, $1.26 million for failing to disclose earnings related to promotion of cryptocurrency products. Kardashian endorsed EMAX Tokens from EthereumMax and allegedly hid related earnings. Gary Gensler, the Chairperson of the SEC, confirmed the penalty and urged investors to do their own investment risk research instead of simply following the advice of influencers.

(Cybersecurity Insiders)

Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.