Musk’s ultimatum to employees leaves Twitter at risk
In an email to staff entitled “A Fork in the Road,” Musk said employees had until the end of day Thursday to decide whether to be part Twitter 2.0. Musk said those who stay should expect to work long, intense hours while offering three months’ severance pay to those who leave. However, many more workers declined to stay than expected, potentially putting Twitter’s operations at risk. Just hours before his deadline, Musk tried to retain key personnel by pitching his plans for the company and softening his tone on his remote work policy. The mass exodus has created a cloud of confusion over which people should still have access to company facilities, prompting Twitter to close its offices until Monday. This is ironic given Musk’s recent mandate for Twitter staff to return to the office.
(NPR and Bloomberg and The Verge)
Iranian APT breaches government agency using Log4Shell
Iranian government-sponsored threat actors breached the Federal Civilian Executive Branch’s (FCEB) network by exploiting the Log4Shell vulnerability in an unpatched VMware Horizon server. The Iranian APT group then installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised creds, and then implanted reverse proxies on several hosts to maintain persistence. CISA determined that agency was compromised as early as February 2022. CISA warned companies who detect the APT group’s indicators of compromise (IOCs) investigate connected systems and privileged account logs.
Hundreds of Amazon RDS snapshots discovered leaking user data
Researchers have discovered hundreds of Amazon relational database service (RDS) instances extensively leaking personally identifiable information (PII). The company found several RDS snapshots that had been shared publicly anywhere from a few hours to possibly even weeks. RDS snapshots back up the entire database (DB) instance and can be shared across different AWS accounts, internal and external to an organization. This would allow one to leak sensitive data to the world, either intentionally or by mistake, even when using a highly secure network configuration.
Suspected Zeus botnet leader arrested in Geneva
Swiss authorities have apprehended a Ukrainian national wanted by the FBI for 12 years for connections with a cyber gang called JabberZeus that stole millions of dollars from bank accounts using a trojan called Zeus. Vyacheslav Igorevich Penchukov was first named in a 2012 indictment by the US Department of Justice, alongside two others who had been arrested in the UK and pleaded guilty back in 2014. All participants in the gang were accused of committing computer fraud and identity theft, racketeering, and bank fraud.
Thanks to today’s episode sponsor, AppOmni

With AppOmni, you get visibility to all third party apps, including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment.
House committees slam ID.me for unemployment fraud claims
House Select Subcommittee on the Coronavirus Crisis and the Committee on Oversight and Reform, alleges that biometric identification company, ID.me, made “baseless claims,” of rampant covid-19 unemployment fraud. The committees said the company’s CEO claimed the US lost $400 billion to fraudulent unemployment claims, “in an apparent attempt to increase demand for its identity verification services.” ID.me’s biometric services, billed as a convenient and secure way to reduce pandemic related unemployment fraud, may have actually made it more difficult for those in need of assistance to receive their aid.
(Gizmodo)
Netflix email impersonation attacks soar
Researchers have observed a 78% increase in email impersonation attacks involving Netflix since October. Attackers are using an arsenal of invisible and lookalike Unicode characters in an attempt to bypass natural language processing (NLP) scanning. After bypassing email safeguards, the Netflix branded emails coerce victims into clicking on a phishing payload by threatening to downgrade their Netflix accounts to having to watch ads along with their Netflix content. The researchers urge users to use a password manager with strong passwords across all accounts to limit the damage of falling victim to such attacks.
(egress)
TikTok begins testing of its platform research API
Earlier this year, TikTok announced plans to develop a research API to improve access to public and anonymized data about content and activity on its app. The company says it’s now ready to make a beta version of its API available for testing by members of its Content and Safety Advisory Councils. In addition to the platform research API, TikTok is also developing a content moderation API. TikTok’s update comes amid renewed calls from FCC commissioner Brendan Carr to ban the app.
Security budget cuts and recession spark worries among IT admins
According the Q4 2022 IT Trends for Small and Medium-Sized Enterprises (SMEs) from JumpCloud, 44% of those surveyed agree their organization will cut spending on cybersecurity in the next year. The report also indicates that 75% of respondents said cuts to their organization’s security budget would increase organizational risk. Additionally, 58% said they were more concerned about their organization’s security posture than they were six months ago. Factors behind the cuts to cybersecurity funding include inflation, labor shortages, recession talks, market volatility and global conflicts.