Security News Update for the Week Ending September 23, 2022

Twitter Whistleblower Says There Was at Least One Chinese Spy Working at Twitter

Mudge says that there were spies working for China and India working at the company. Twitter says of course. Probably because that was part of a deal-with-the-devil that Twitter made to be able to stay in the country. What Mudge says was missing was any way to track what the spies were doing or any controls on what the spies could see or do. THAT is a problem. Credit: Vice

Uber Says Not to Worry About this new Breach – it was a Contractor’s Account that was Compromised

Uber is definitely doing better about disclosing attacks, but in this case, the attack was in the NY Times, so they had to do something. They said the hacker compromised a contractor’s account and used an MFA fatigue attack to get in (BAD contractor, bad! Not sure if that was designed to make us feel better). Then the attacker was able to move laterally to gain more access. They claim the attacker did not have access to production systems, but they are not known for telling the truth. Stay tuned. Credit: Bleeping Computer

GPS Jammers Being Used to Hijack Trucks and Down Drones

While some governments hope to fix the jamming problem by making it illegal (Mexico, for example, 12-15 years for possession), I am guessing that anyone who is willing to hijack a truck, which I think is also illegal, doesn’t care about the anti-jamming laws. Jammers can be bought online for as little as $50. Jammers are also being used to knock drones out of the sky because they use the GPS signal to locate themselves in space. But, there is new tech on the horizon that is compatible with existing GPS systems, that might help. While they are not saying what they are doing, it likely similar to what we did for military GPS systems 30-40 years ago. Time to catch up. Credit: ZDNet

Yet Another Cyber Attack Turned Physical

A Florida teenager discovered the hard way that cyberattacks can turn physical. He was kidnapped by a rival gang who recorded a video telling the leader of a SIM swap gang to pay a $200,000 ransom or the rival gang would kill him. The video show the teen bloodied with two guns pointed at him. The teen is now reported to be cooperating with the FBI. Credit: Brian Krebs

Kim Kardashian Being Sued as an Influencer

If I had just titled this as Kim Kardashian being sued, I probably would get a big yawn, but this is a little different and it points to a hot button of mine. Many famous celebrities get paid to subtly hawk different products/services. Sometimes they even own a share of the product or service. But sometimes that influence just a scam for them to make money. Some of you may remember the Fyre Festival that was supposed to happen in the Bahamas with tickets costing up to $250,000 and being hawked by Bella Hadid, Kendall Jenner and others. All of these folks were paid to “influence” people into buying tickets to this complete dumpster fire. Now Kimmie is being sued for promoting a lottery that offered free first class travel to LA, 3 nights in Beverly Hills and $100,000 to shop like a Kardashian. Except, the suit claims, it was a scam. So consider this. If a millionaire or billionaire is promoting something, are they doing this because they are a nice human being? Or are they doing it to get even richer – at your expense. This is the crux of this lawsuit. Credit: Cyber News

North Korean Hackers Target US Energy Companies

North Korea’s Lazarus group is targeting the networks of energy providers in the U.S., Canada and Japan. According to Cisco Talos, they targeted networks between February and July 2022 and once inside, the used malware and trojans to search for information to steal. The damage they could potentially do to the power grid if they were (are?) lurking inside the networks of these providers is significant. Credit: Bleeping Computer

If you need help with designing solutions to mitigate the types of attack that Uber suffered above, please contact us.

by