Cyber Security Headlines: Musk’s ultimatum backfires, Iran breaches government using Log4Shell, Amazon RDS data leak

Musk’s ultimatum to employees leaves Twitter at risk

In an email to staff entitled “A Fork in the Road,” Musk said employees had until the end of day Thursday to decide whether to be part Twitter 2.0. Musk said those who stay should expect to work long, intense hours while offering three months’ severance pay to those who leave. However, many more workers declined to stay than expected, potentially putting Twitter’s operations at risk. Just hours before his deadline, Musk tried to retain key personnel by pitching his plans for the company and softening his tone on his remote work policy. The mass exodus has created a cloud of confusion over which people should still have access to company facilities, prompting Twitter to close its offices until Monday. This is ironic given Musk’s recent mandate for Twitter staff to return to the office. 

(NPR and Bloomberg and The Verge)

Iranian APT breaches government agency using Log4Shell

Iranian government-sponsored threat actors breached the Federal Civilian Executive Branch’s (FCEB) network by exploiting the Log4Shell vulnerability in an unpatched VMware Horizon server. The Iranian APT group then installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised creds, and then implanted reverse proxies on several hosts to maintain persistence. CISA determined that agency was compromised as early as February 2022. CISA warned companies who detect the APT group’s indicators of compromise (IOCs) investigate connected systems and privileged account logs.

(Security Magazine)

Hundreds of Amazon RDS snapshots discovered leaking user data

Researchers have discovered hundreds of Amazon relational database service (RDS) instances extensively leaking personally identifiable information (PII). The company found several RDS snapshots that had been shared publicly anywhere from a few hours to possibly even weeks. RDS snapshots back up the entire database (DB) instance and can be shared across different AWS accounts, internal and external to an organization. This would allow one to leak sensitive data to the world, either intentionally or by mistake, even when using a highly secure network configuration. 

(Infosecurity Magazine)

Suspected Zeus botnet leader arrested in Geneva

Swiss authorities have apprehended a Ukrainian national wanted by the FBI for 12 years for connections with a cyber gang called JabberZeus that stole millions of dollars from bank accounts using a trojan called Zeus. Vyacheslav Igorevich Penchukov was first named in a 2012 indictment by the US Department of Justice, alongside two others who had been arrested in the UK and pleaded guilty back in 2014. All participants in the gang were accused of committing computer fraud and identity theft, racketeering, and bank fraud.

(Infosecurity Magazine)

Thanks to today’s episode sponsor, AppOmni

Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk. 

With AppOmni, you get visibility to all third party apps, including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment.

House committees slam ID.me for unemployment fraud claims

House Select Subcommittee on the Coronavirus Crisis and the Committee on Oversight and Reform, alleges that biometric identification company, ID.me, made “baseless claims,” of rampant covid-19 unemployment fraud. The committees said the company’s CEO claimed the US lost $400 billion to fraudulent unemployment claims, “in an apparent attempt to increase demand for its identity verification services.” ID.me’s biometric services, billed as a convenient and secure way to reduce pandemic related unemployment fraud, may have actually made it more difficult for those in need of assistance to receive their aid.

(Gizmodo)

Netflix email impersonation attacks soar

Researchers have observed a 78% increase in email impersonation attacks involving Netflix since October. Attackers are using an arsenal of invisible and lookalike Unicode characters in an attempt to bypass natural language processing (NLP) scanning. After bypassing email safeguards, the Netflix branded emails coerce victims into clicking on a phishing payload by threatening to downgrade their Netflix accounts to having to watch ads along with their Netflix content. The researchers urge users to use a password manager with strong passwords across all accounts to limit the damage of falling victim to such attacks.

(egress)

TikTok begins testing of its platform research API

Earlier this year, TikTok announced plans to develop a research API to improve access to public and anonymized data about content and activity on its app. The company says it’s now ready to make a beta version of its API available for testing by members of its Content and Safety Advisory Councils. In addition to the platform research API, TikTok is also developing a content moderation API. TikTok’s update comes amid renewed calls from FCC commissioner Brendan Carr to ban the app.

(TechCrunch)

Security budget cuts and recession spark worries among IT admins

According the Q4 2022 IT Trends for Small and Medium-Sized Enterprises (SMEs) from JumpCloud, 44% of those surveyed agree their organization will cut spending on cybersecurity in the next year. The report also indicates that 75% of respondents said cuts to their organization’s security budget would increase organizational risk. Additionally, 58% said they were more concerned about their organization’s security posture than they were six months ago. Factors behind the cuts to cybersecurity funding include inflation, labor shortages, recession talks, market volatility and global conflicts.

(Infosecurity Magazine)

Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.