Cyber Security Headlines: Twitter encrypts messages, Microsoft’s Outlook patch, Seoul hospital breached

Twitter launches encrypted private messages

Direct messages sent on Twitter will be end-to-end encrypted, but ex-CEO Elon Musk warned that this is an early version, and people should “try it, but don’t trust it yet”. The feature can only be used by people who pay for Twitter Blue or are affiliated to a verified Twitter account. It is also not yet possible to send media in the messages – users can only send text and links. In a post on its support site, Twitter said, “while messages themselves are encrypted, metadata (recipient, creation time, etc.) are not, and neither is any linked content,” it said, continuing, “if a malicious insider, or Twitter itself as a result of a compulsory legal process – were to compromise an encrypted conversation, neither the sender or receiver would know.” Yes, I said ex-CEO. Late yesterday, Musk tweeted that he had found a new chief executive for Twitter, but did not immediately provide a name, saying simply, “She will be starting in ~6 weeks!”

(BBC News and Reuters)

Microsoft releases fix for patched Outlook issue exploited by Russian hackers

Microsoft on Tuesday released a new fix for a vulnerability that was initially patched in March but was later discovered by security researchers to be flawed. Ukrainian cybersecurity officials at CERT-UA reported a vulnerability to the Microsoft incident response team earlier this year after Russia-based hackers used a vulnerability in Microsoft’s Outlook email service. Although the issue was patched in March, Akamai researcher Ben Barnea discovered a way around the patch that would allow an attacker to use the vulnerability to coerce an Outlook client to connect to an attacker-controlled server. Barnea said the issue is a zero-click vulnerability, and all Windows versions are affected by it.

(The Record)

North Korea-linked APT group breaches the Seoul National University Hospital 

The security breach took place between May and June 2021 and was aimed at stealing sensitive medical information and personal details. Experts speculate the attackers were looking for information belonging to high-profile figures who got medical treatment at the hospital. According to South Korea’s National Police Agency, the nation-state actors gained access to the intranet of the hospital and stole the personal information of about 830,000 patients and workers, including 17,000 current and former hospital employees. The attack did not impact hospital operations. Based on TTPs observed by the National Police Agency, including IP addresses, the used of specific words in the North Korean vocabulary, and the anonymization techniques involved in the attacks, South Korean police have identified the attack as coming from a North Korean-linked group, with local media speculated it was the Kimsuky APT.

(Security Affairs)

More than 45,000 affected by December cyberattack on Metropolitan Opera

Yesterday we brought you stories of ransomware hitting the arts communities in Canada and in popular music and now it seems that the December cyberattack on the Metropolitan Opera in New York resulted in the leak of names, financial account information, tax identification numbers, Social Security numbers, payment card information and driver’s license numbers of 45,094 people. In December, the Met was unable to process new ticket orders, refunds or employee paychecks for two weeks. On March 1, the Snatch ransomware gang, known for attacks against the government of Modesto, California, a large school district in Wisconsin, and Swedish automaker Volvo, took credit for the attack.

(The Record)

Thanks to this week’s episode sponsor, Trend Micro

Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to

Microsoft signs nuclear fusion deal as part of sustainability push

Microsoft has signed a power purchase agreement with nuclear fusion energy startup Helion for at least 50 megawatts of electricity beginning in 2028, the companies announced Wednesday. Microsoft plans to use the electricity to power its data centers, chief sustainability officer Melanie Nakagawa told Axios in an interview. Fusion has long been viewed as the holy grail of clean energy, and recent advances have led to a mini-boom of funding fusion startups. 


WordPress Elementor plugin bug let attackers hijack accounts on 1M sites

One of WordPress’s most popular Elementor plugins, Essential Addons for Elementor, was found to be vulnerable to an unauthenticated privilege escalation that could allow remote attacks to gain administrator rights on the site. Essential Addons for Elementor is a library of 90 extensions for the ‘Elementor’ page builder, used by over one million WordPress sites. The flaw, which PatchStack discovered on May 8, 2023, is tracked as CVE-2023-32243 and is an unauthenticated privilege escalation vulnerability on the plugin’s password reset functionality, impacting versions 5.4.0 to 5.7.1. “[By exploiting the flaw] It is possible to reset the password of any user as long as we know their username, thus being able to reset the password of the administrator and login on their account,” they said

(Bleeping Computer)

Millions of mobile phones still come pre-infected with malware, say researchers

Trend Micro researchers at Black Hat Asia state that millions of Android phones worldwide get infected with malicious firmware before the devices have even been shipped from their manufacturers. This applies to low-priced Android mobile devices, that have their manufacturing outsourced to an original equipment manufacturer, a process the researchers say makes them easily infiltrated. Although this is not a new process, Trend Micro characterized this threat as a growing problem for regular users and enterprises, though they add, “big brands like Samsung and Google take care of their supply chain security relatively well.”

(The Register)

Outdated IT systems threaten UK food security and air quality, say British MPs

Food security and air quality in the UK are being put at risk by outdated IT systems at the Department for Environment, Food and Rural Affairs (Defra), a UK parliamentary committee has found. Officials are having to use paper forms rather than digital systems to track fast-moving animal disease and keep food, air and water safe. In some cases, the report says, systems are so old that they have no protection from cyberattacks, and in some cases, users must search out old secondhand laptops to run the applications. The department was found to be struggling to recruit digital, data, and technology staff, leaving it over-reliant on external contractors.

(The Guardian