JACK OF ALL TIRADES: Twitter boss loses account to cunning foul-mouthed pranksters

Plus a Cisco bug, dentists bitten by malware, and France takes down a worm


Roundup This week ended with a bang, thanks to some Twitter hackers.

An (as yet) unknown group took over the account of Twitter co-founder and CEO Jack Dorsey for several hours on Friday, filling the billionaire's feed with incoherent and occasionally profane rants.

Jack Dorsey's hacked feed

Twitter says it is investigating what happened, but it appears the account was taken over via third-party service Cloudhopper, an app that allows users to send out Tweets via SMS messages. In that case, the hackers could have performed a SIM swap attack - convincing Dorsey's phone carrier to assign his number to a different device - and then moved in.

According to security blogger Brian Krebs, the hackers may also be involved in a string of celebrity account takeovers conducted via SIM swapping tricks.

https://publish.twitter.com/?query=https%3A%2F%2Ftwitter.com%2Fbriankrebs%2Fstatus%2F1167540888228249600&widget=Tweet

Cisco patches "10/10" security bug

A high-severity vulnerability has been reported and patched for Cisco's IOS XE platform.

CVE-2019-12643 is an authentication bypass flaw in IOS XE's REST API that, if exploited, would allow the attacker to send arbitrary commands to the device. The bug got a maximum CVSS score of 10.

There are a few mitigating factors for this flaw, however. Most notably, the REST API is not enabled by default - admins have the option to use it for management tasks but the flaw won't be exposed out of the box. In fact, in IOS XE versions 16.7.1 and later, the vulnerable package is not even included, but rather it must be downloaded separately.

Additionally, Cisco notes, only four models, the Integrated Services Virtual Router, Cloud Services Router 1000V Series, ASR 1000 Series Aggregation Services Routers, and 4000 Series Integrated Services Routers support the vulnerable API.

Those who do use the REST API package will want to make sure they are running version 16.09.03 or later.

Ransomware bites down on US dentists

A serious ransomware outbreak at a service provider has left a number of dentists in the US unable to access patient records. DDS Safe confirmed media reports that its service had been hit by a ransomware infection that locked down user data. The decryption of the data is now underway, but DDS Safe is telling its customers not to type up any patient letters just yet.

"At this time, we caution against making any notifications because, as set forth above, we simply do not know the scope of the attack. We do not want to inform patients that their information has been compromised if it has not been," the records service said.

"Likewise, we do not want to make any assurances that no data was compromised as we may learn it has been."

Hardly reassuring.

Arxan hit with plagiarism claim in Magecart report

An otherwise normal report of a Magecart infection took a turn this week when security firm Arxan was accused of ripping off content from another company's report.

The passages in question were used in Arxan's disclosure of 80 new retail sites that were found to be infected. Rival security company RiskIQ noted that Arxan's info looked a lot like one of its Magecart reports, almost identical in fact.

Arxan would later acknowledge the issue and apologize, saying it "forgot" to cite RiskIQ.

France and Avast team up to tackle malware outbreak

Avast says it recently joined forces with the French police to take down a European malware outbreak.

According to the security firm, a cryptomining worm known as Retadup had managed to infect some 850,000 machines, largely in South America.

When Avast mapped out the malware's network, they found that the command and control systems were operating out of France. That was when French police were called in to help break up the operation. Eventually, the two groups were able to seize the command and control servers and replace it with a cleaning tool that removes the malware from the infected machines.

"The cybercriminals behind Retadup had the ability to execute additional arbitrary malware on hundreds of thousands of computers worldwide,” Avast malware analyst Jan Vojtěšek said.

"Our main objectives were to prevent them from executing destructive malware on a large scale, and to stop the cybercriminals from further abusing infected computers."

SafeBreach checks Check Point, uncovers security hole

Once again we have a report of vulnerabilities in a security product.

This week, SafeBreach says it uncovered and reported a privilege escalation flaw in Check Point Endpoint Security that would allow for attacks by way of unsigned DLLs.

Fortunately, the bug has been patched, and anyone running Endpoint Security can obtain the fix by updating to version E81.30 or later. ®

Similar topics


Other stories you might like

  • Cisco deprecates Microsoft management integrations for UCS servers

    Working on Azure integration – but not there yet

    Cisco has deprecated support for some third-party management integrations for its UCS servers, and emerged unable to play nice with Microsoft's most recent offerings.

    Late last week the server contender slipped out an end-of-life notice [PDF] for integrations with Microsoft System Center's Configuration Manager, Operations Manager, and Virtual Machine Manager. Support for plugins to VMware vCenter Orchestrator and vRealize Orchestrator have also been taken out behind an empty rack with a shotgun.

    The Register inquired about the deprecations, and has good news and bad news.

    Continue reading
  • Protonmail celebrates Swiss court victory exempting it from telco data retention laws

    Doesn't stop local courts' surveillance orders, though

    Encrypted email provider Protonmail has hailed a recent Swiss legal ruling as a "victory for privacy," after winning a lawsuit that sees it exempted from data retention laws in the mountainous realm.

    Referring to a previous ruling that exempted instant messaging services from data capture and storage laws, the Protonmail team said this week: "Together, these two rulings are a victory for privacy in Switzerland as many Swiss companies are now exempted from handing over certain user information in response to Swiss legal orders."

    Switzerland's Federal Administrative Court ruled on October 22 that email providers in Switzerland are not considered telecommunications providers under Swiss law, thereby removing them from the scope of data retention requirements imposed on telcos.

    Continue reading
  • Japan picks AWS and Google for first gov cloud push

    Local players passed over for Digital Agency’s first project

    Japan's Digital Agency has picked Amazon Web Services and Google Cloud for its first big reform push.

    The Agency started operations in September 2021, years after efforts like the UK's Government Digital Service (GDS) or Australia's Digital Transformation Agency (DTA). The body was a signature reform initiated by Prime Minister Yoshihide Suga, who spent his year-long stint in the top job trying to curb Japan's reliance on paper documents, manual processes, and faxes. Japan's many government agencies also operated their websites independently of each other, most with their own design and interface.

    The new Agency therefore has a remit to "cut across all ministries" and "provide services that are driven not toward ministries, agency, laws, or systems, but toward users and to improve user-experience".

    Continue reading

Biting the hand that feeds IT © 1998–2021