Facebook loses control of its own Twitter account in hacker attack – and more news

Including: Why was #RootGoat2020 trending on Twitter? It is as silly as you think


Roundup It's time yet again to recap the latest security happenings.

FACEBOOK HACKED (on Twitter)

An otherwise slow Friday afternoon has been spiced up by a hacker crew that managed to temporarily take control of Facebook's official Twitter account. OurMine did not say how it got into the Social Network's Twitter account, but it did take the opportunity to blast Zuck and Co.'s security practices:

So what's with that "RootGoat2020" thing all the hackers are spaffing about?

Towards the end of last week, you may have noticed an odd trend amongst infosec people on Twitter, as the hashtag "#RootGoat2020" started making the rounds, being retweeted by several well-followed accounts.

El Reg got in touch with Pry0cc, one of the researchers who helped spread the campaign, and he explained how the light-hearted social engineering campaign came to be.

"There is a lot of politics that trends frequently and it all is quite too serious. We all banded together and decided to start something viral to vote for RootGoat for president for 2020," the 0x00sec founder explained.

"We also know how the trending algorithm works and wanted to see if we all tried really hard, could we actually get Twitter to trend a silly infosec goat meme? We’ve all been working terribly hard and some even mentioned making bots to aid in the efforts."

So there you have it.

Oregon Fail: Medical provider drops word of stolen laptop data breach

Bad news out of Oregon has health care provider Health Share of Oregon confirmed it lost 654,362 patient records when one of its 'ride to care' providers left a laptop in a vehicle that was broken into.

Exposed details included name, address, phone number, date of birth, Social Security number, and Medicaid ID number. So just about everything needed for identity theft.

The medical service will offer the exposed patients credit monitoring and everyone who gets a notification is also advised to keep a close eye on their accounts.

FBI warns of attacks targeting voter registration sites

The FBI recently sent some of security industry partners a notification after logging a DDoS attack attempt against a voter registration site.

The Feds said the attack was carried out for around a month against an unspecified state's registration portal.

Linux pwfeedback has overflow bug

Here's something you never thought you would see: a strange flaw in the pwfeedback component of some Linux distros could potentially be used to trigger a crash.

Apparently, there's a flaw in the way to component expresses password keypresses in asterisks.

"Due to a bug, when the pwfeedback option is enabled in the sudoers file, a user may be able to trigger a stack-based buffer overflow," the bug report for CVE-2019-18634 reads.

This bug can be triggered even by users not listed in the sudoers file. There is no impact unless pwfeedback has been enabled."

IRS launches identity theft portal

With tax season upon us, the IRS has posted a site to help Americans prevent and report identity theft related to bogus tax returns.

Basically, criminals get social security numbers and other personal info on unsuspecting citizens, then use it to file fake tax returns and pocket the refund money. The Identity Theft Central portal can be found here.

Cybercreeps using coronavirus panic to phish the public

The team over at Kaspersky has given the heads-up over phishing attacks promising articles and videos related to the outbreak as a lure to phishing sites.

"The letters appear to come from the Centers for Disease Control and Prevention, which is a real organization in the United States, and they do recommend some actions regarding the coronavirus," Kaspersky explained. "The e-mails also come from a convincing domain, cdc-gov.org, whereas the CDC’s real domain is cdc.gov. A user not paying careful attention isn’t likely to notice the difference."

This is relatively common to see whenever a major news event occurs. Remember to visit trusted news sites and avoid any links or attachments in unsolicited emails. ®


Tech Resources

How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

The State of Application Security 2020

Forrester analyzed the state of application security in 2020 and found over 75% of external attacks are attributed to web application and software exploits.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Top 20 Private Cloud Questions Answered

Download this asset for straight answers to your top private cloud questions.

Biting the hand that feeds IT © 1998–2021