Cyber Security Headlines: Ransomware infects Discord, Twitter welcomes Trump, Black Friday scams

New ransomware encrypts files, then steals your Discord account

The new ‘AXLocker’ ransomware family is not only encrypting victims’ files and demanding a ransom payment but also stealing the Discord accounts of infected users. When a user logs into Discord with their credentials, the platform sends back a user authentication token saved on the computer, which can then be used to log in as the user or to issue API requests that retrieve information about the associated account. 

(Bleeping Computer)

Donald Trump returns to Twitter after Elon Musk’s poll

Twitter has lifted the “permanent suspension” of former U.S. President Donald Trump’s account. The move follows a Twitter poll run by Elon Musk on the weekend that asked users whether to reinstate Trump’s account. Fifty-two percent of the 15 million respondents answered affirmatively in the yes/no poll, at the rate of about 1 million votes every hour. As an editorial note, although Twitter may appear more of a social media issue than cybersecurity, it is important to recall the reasons why Mr. Trump was banned in the first place – specifically he was banned for violation of Twitter’s terms of service which was threatening the public. In addition, several observers have raised eyebrows over the legitimacy of the poll, given the propensity for bots to influence Twitter activities – an issue that had been front-and-center during Mr. Musk’s decisions whether to acquire the platform. Furthermore, many activities in and around Twitter directly affect the overall security of the platform and also affects how our privacy and security will be handled.

(Bleeping Computer and CISO Series)

More than half of Black Friday spam emails are scams

56% of Black Friday spam emails received between October 26 and November 6 2022 were scams, according to research from Bitdefender. The study found that scammers placed a heavy emphasis on using fake discount offers on designer bags and sunglasses to lure consumers to fake shops to steal their money and data. Another significant avenue was ‘giveaway scams,’ such as an invitation to claim a Home Depot gift card worth $500 which eventually asks the recipient to pay a small shipping fee, entering their name, address and payment information.

(InfoSecurity Magazine)

Threat actors exploiting Twitter changes after Musk takeover, research shows

Researchers at ProofPoint are seeing a noticeable increase in phishing campaigns targeting the credentials of Twitter users following Elon Musk’s takeover of the company. Much of the action focuses on the now controversial feature allowing people to pay a monthly $8 fee to receive a “verification” check. Threat research company Proofpoint said cybercriminals are now using verification phishing campaigns to largely target media and entertainment figures, journalists, and other users who are already verified on Twitter, including ‘Twitter blue badge Billing Statement Available.’

(The Record)

Thanks to this week’s episode sponsor, Compyl

We all know that CISOs are overworked and stressed. CISOs made Compyl to reduce the noise, accelerate security maturity and let you and your team quickly make decisions that directly affect what’s important to your business. Learn about Compyl at

Microsoft, Meta and others face rising drought risk to their data centers

Drought conditions are worsening in the U.S., and that is having an outsized impact on the real estate that houses the internet. Data centers generate massive amounts of heat through their servers because of the enormous amount of power they use. Water is the cheapest and most common method used to cool the centers. In just one day, the average data center could use 300,000 gallons of water to cool itself — the same water consumption as 100,000 homes, according to researchers at Virginia Tech. Meta, formerly known as Facebook, ran a pilot program on its Los Lunas data center to reduce relative humidity from 20% to 13%, lowering water consumption. It has since implemented this in all of its center, but its overall water consumption is still rising steadily, with one fifth of that water last year coming from areas deemed to have “water stress.” Both Meta and Microsoft have set a goal to be “water positive” by 2030.


Nvidia faces lawsuit for melting RTX 4090 cables

A lawsuit seeking class-action status has accused Nvidia of misleading consumers over the safety of the company’s GeForce RTX 4090 graphics cards due to growing reports of melting cables. The lawsuit, filed on November 11 in California, looks to charge Nvidia with unjustly enriching itself, committing fraud, breaching the implied warranty, and violating two New York statutes in the sale of the faulty RTX 4090 cards. In an update Friday, the company says its investigation has led it to believe the RTX 4090 power cable is melting because users are not fully plugging it in. Nvidia suggests users plug the connector into the graphics card before slotting it into the motherboard and provided an image of what a properly seated connector should look like.

(The Register)

Palo Alto to acquire Israeli software supply chain startup

Cybersecurity powerhouse Palo Alto Networks on Thursday announced plans to spend $195 million in cash to acquire Israeli startup Cider Security, a deal that adds software supply chain security capabilities to its Prisma Cloud platform. Palo Alto Networks said the transaction will boost its ambitions to have Prisma Cloud provide the industry’s most comprehensive supply chain security solution as part of its code-to-cloud security platform. For Cider Security, an early-stage startup with roots in Tel Aviv, the deal comes less than a year after its public launch with $38 million in venture capital financing. The company’s technology promised tools for security teams to orchestrate and implement end-to-end CI/CD security. 

(Security Week)

Last week in ransomware 

One of the biggest stories last week is the arrest of Ukrainian Vyacheslav Igorevich Penchukov, aka ‘Tank,’ for his alleged role as a leader in the JabberZeus cybercrime gang that operated the Zeus and Maze ransomware operations. Microsoft and SecurityScorecard released reports on the Royal Ransomware operation, which is believed to be comprised of ex-Conti members. ASEC released a report on Dagon Locker, a rebrand of the Quantum ransomware operation. BlackBerry warns of the expanding operations of the ARCrypter ransomware. Thales was hit by Lockbit 3.0 again. Ukraine says that a new Somnia ransomware is being used in attacks, CISA/FBI warned that Iranian hackers breached a federal agency, The FBI warned that Hive ransomware had made over $100 million in ransom payments, and K-12 schools lack resources, funding to combat ransomware threat.

(Bleeping Computer and CISO Series)

Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.