Twitter’s top security staff, starring Mudge and Sethi, are out • The Register
In short Twitter’s head of security and CISO were both kicked out of the social media industry this month.
Infosec guru Mudge, aka Peiter Zatko, joined Twitter in 2020 after 130 high-profile accounts, including those of Elon Musk, Bill Gates, Barack Obama and Joe Biden, were hijacked by miscreants. You may remember Mudge as an original member of The Cult of the Dead Cow and L0pht.
He is now off the microblogging site, as is CISO Rinki Sethi, who was also recruited in 2020 to fix Twitter’s security. According to an internal memo seen by The New York Times, both are the latest victims of new CEO Parag Agrawal’s decision to remake the company under his leadership following the resignation of Jack Dorsey.
Presumably, the two got golden parachutes, and they’ll have no problem finding new jobs. Mudge’s exploits are legendary and Sethi is one of Silicon Valley’s most highly regarded security specialists, with stints at eBay, IBM and Palo Alto Networks. She confirmed the move on Friday.
The move has raised eyebrows in the security community, as well as speculation about their reasons for leaving: It doesn’t seem entirely voluntary. New CEOs like to put their own stamp on a company, and some have suggested the new direction might be due to personal differences over certain technologies — such as cryptocurrencies and blockchains, which Twitter is showing a sudden interest in.
I sincerely hope that happened because Mudge told the CEO the crypto stuff was dumb as hell and the CEO was like “yeah, well you’re fired, who’s the dumb one now?” https://t.co/8lrlLgQspK
— can “that’s my real name” duruk (@can) January 21, 2022
Admittedly, the response so far has not been good.
- US government agencies are using a 35-year-old surveillance law to quietly obtain metadata – such as IP addresses and contacted numbers – from WhatsApp for investigation targets – Forbes
- Malicious bootkit code called MoonBounce has been discovered in some UEFI firmware, is designed to inject user-mode malware into the runtime environment, and is related to APT41 in Chinese. – Kaspersky
- Hacktivists in Belarus claim to have infected the country’s railway system network with ransomware and would only provide the decryption key if the nation stopped helping Russian troops who are potentially preparing for an invasion of Ukraine. – Ars Technica
- WordPress AccessPress Plugin and Theme Authors Apparently Compromised and Their Software Replaced by Spoofed Versions Last Year – Sucuri (and Jetpack, who discovered and leaked the details of the intrusion)
- Russian cybersecurity firm Infotecs, placed on the US government’s export ban list, reportedly maintains an active US presence that has caught the attention of federal investigators – Forensic News
- Verify that you have fixed CVE-2021-4122 in your Linux system if you are using cryptsetup with Linux full disk encryption. As Red Hat put it, “An attacker with physical access to the medium, such as a flash drive, could use this flaw to force a user to permanently disable the encryption layer of that medium.” The result is that someone with physical access to your machine could potentially decrypt part of your encrypted disk under what appear to be non-trivial circumstances.
NSO faces Israeli government investigation
There have been more legal troubles for spyware maker NSO Group, this time on its own turf.
Israel’s State Comptroller Matanyahu Englman has reportedly launched an investigation into the company following news reports claiming its Pegasus software was being used by the country’s cops to spy on Israeli citizens, particularly those protesting Benjamin Netanyahu’s premiership.
Additionally, it appears that the police used the software to investigate two mayors for corruption without any court order or review. Cellebrite, based in Israel, was also accused of assisting cops in their surveillance.
In an effort to improve its somewhat tarnished reputation, the NSO Group has done something of a public relations push. The results were a little mixed, to say the least.
Nigeria Police Hunt Down SilverTerrier BEC Gang, 11 Arrests Made
A combined operation by Interpol and the Nigerian police saw the bust of what is claimed to be a major email compromise gang operating in the West African country.
Details of the arrests, made last month as part of Operation Falcon II, have just been made public and involved Nigerian officers acting on information from Interpol and using the secure communications network of the international agency to avoid warning the suspects. The job found one suspect with ‘more than 800,000 potential victim domain credentials on his laptop’, according to Interpol, while another allegedly had contact with 16 companies and misappropriated funds from their accounts. .
“By alerting Nigeria to this serious cybercrime threat, Interpol enabled me to issue the order to hunt down these globally active criminals throughout the country, flushing them out wherever they try to hide in my country,” said the Deputy Inspector General of Police and Interpol Africa. Veep Garba Baba Umar.
“I encourage other African countries to also work with Interpol to rid our continent of cybercrime in order to make the cyber world safer.”
The bad guy next to the bed?
Healthcare technology company Cynerio says 73% of IV pumps have a known IT security vulnerability, a good proportion of medical systems use a default or weak password, and a third of bedside IoT devices have “a identified critical risk”. ®