Trump fires CISA director Chris Krebs

Krebs served as the director of the Cybersecurity and Infrastructure Security Agency (CISA) since its founding in November 2018. Mr. Trump fired him in a tweet late on Tuesday, citing a statement published by CISA last week, which found there was “no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.” Trump, who has repeatedly made claims of voter fraud without providing evidence, alleged that CISA’s statement was “highly inaccurate.”

(TechCrunch)

Facebook and Twitter grilled over US election actions

Mark Zuckerberg and Jack Dorsey were summoned to answer questions about how their platforms had limited distribution of a controversial Hunter Biden article as well as posts by President Trump during the election. Republicans suggested that social media companies were taking editorial decisions about what to take down, label or leave unaltered, which made them publishers rather than just distributors of information, and as a consequence they should not be covered by Section 230 of the Communications Decency Act that says that online platforms aren’t held liable for their content.

(BBC News)

Darktrace pays out nearly $2 million in overtime pay class action suit

The cybersecurity company, based in Cambridge, UK, and San Francisco, has agreed to pay $1.95 million in response to a suit filed on behalf of its California-based inside sales representatives. The action alleged that since 2015 Darktrace misclassified them and other representatives as exempt from overtime, and failed to pay proper overtime wages, provide meal breaks, reimburse business expenses, and provide proper wage statements. Darktrace denies these allegations and the Court has not ruled for or against. The settlement was drawn up to avoid further disputes and litigation. Each affected employee will receive approximately $3,600.

(Official Court Notice)

Twitter names famed hacker ‘Mudge’ as head of security

Under increased threat of regulation and plagued by serious security breaches the company has appointed Peiter Zatko, widely known by his hacker handle Mudge, to the new position of  head of security, giving him a broad mandate to recommend changes in structure and practices. Zatko answers to Jack Dorsey and is expected to take over management of key security functions after a 45- to 60-day review. Earlier Zatko oversaw security at Stripe, worked on special projects at Google and oversaw cybersecurity research grants at DARPA.

(Reuters)

Thanks to our sponsor, Dtex

Traditional Employee Monitoring solutions are creepy. Capturing screenshots, recording keystrokes, monitoring web browsing and following social media activities is unnecessary and damages culture. DTEX InTERCEPT is the first and only solution that delivers the real-time workforce monitoring capabilities today’s organizations need and employees will embrace. Learn more at dtexsystems.com.

AWS user lists are accessible, says Unit 42

According to Unit 42, the research arm of Palo Alto Networks, more than 20 APIs associated with 16 Amazon Web Services products can be abused to give up basic information about users and their roles, potentially leading to targeted attacks against individuals. The weakness lies within a feature that validates “resource-based policies” for commonly used AWS services. These must include an identifier of authorized users. If the field is left blank, an attacker can keep forcing names into the identifier field, a process that is essentially undetectable.

(Cyberscoop)

FIN7 recruiter Andrii Kolpakov pleads guilty to global hacking scheme

FIN7 is a global hacking crew accused of stealing more than $1 billion by posing as a cybersecurity vendor, Kolpakov, a Ukrainian national has admitted his role in the scheme, which included obtaining payment card information from dozens of companies, including Chipotle, Red Robin and Sonic Drive-In. FIN7’s activity resulted in over $100 million in losses to financial institutions, merchant processors, insurance companies, retail companies and individual cardholders.” According to the Justice Department, it masqueraded as Combi Security, a penetration testing company. Kolpakov faces up to 25 years under the terms of the plea deal.

(Cyberscoop)

More than 245,000 Windows systems remain vulnerable to BlueKeep RDP bug

A year and a half after Microsoft disclosed the BlueKeep vulnerability impacting the Windows RDP service, more than 245,000 Windows systems still remain unpatched and vulnerable to attacks. This represents around 25% of the 950,000 systems that were initially discovered to be vulnerable to BlueKeep attacks during a first scan in May 2019. This vulnerability, along with SMBGhost, allow attackers to take over Windows systems remotely and are considered some of the most severe bugs disclosed in Windows over the past few years, remaining unpatched despite warnings from US government cyber-security agencies.

(ZDNet)

Bitcoin gets back to 2017 pre-crash valuation levels 

The market capitalization of bitcoin has broken its previous all-time high record, according to data published by Coin Metrics. As of yesterday, November 17, its market cap exceeded the $328.89 billion reported on December 16, 2017, which was the highest valuation Bitcoin had ever attained and after which its price went into freefall through 2018. The total supply of bitcoin in existence as of November 17 was 18,546,050, with its price reaching $17,789 per bitcoin.

(TheBlockCrypto)