InfoSec headlines: Musk Twitter deal back on, TikTok security deal politics, Netwalker affiliate 20-year prison sentence
Musk offers to proceed with Twitter deal
On Tuesday, regulators received a letter from Elon Musk’s legal team offering to proceed with the $44 billion Twitter buyout. The agreement would preempt a trial scheduled for October, related to Musk’s allegations of rampant bot accounts and security misgivings on the platform. The deal hinges on the receipt of debt financing, as well as the Delaware Chancery Court ceasing all other legal proceedings related to the deal. Twitter responded Tuesday, signaling their intent to close the original deal, however Twitter’s board indicates it will take its time to review the offer over fears of it being a legal ploy.
TikTok security deal becomes a political pawn
Republicans are criticizing the Biden administration for dragging its feet reviewing risks associated with TikTok potentially sharing US user data with the Chinese government. Republicans are vowing to conduct hearings on the matter should they win House or Senate majorities in the November midterm elections. James Lewis, head of the technologies program at the Center for Strategic and International Studies, called the risk TikTok poses debatable but agrees the White House response “has not been on a fast track.” TikTok has denied sharing any user data with the Chinese government and said it won’t do so, even if requested. Sources say the administration is close to finalizing a deal with TikTok that would include implementing a series of safeguards including storing all US user data on Oracle servers located in the US. Republicans say they will contest any agreement that doesn’t impose stringent safeguards.
Netwalker ransomware affiliate sentenced to 20 years in prison
On Tuesday, a court in Tampa, FL sentenced former Netwalker ransomware-as-a-service affiliate, Sebastien Vachon-Desjardins, to 20 years in prison and ordered him to forfeit $21.5 million.The 34-year-old Canadian man was extradited from Quebec and plead guilty to a series of computer and wire fraud related crimes. After serving his prison sentence, Vachon-Desjardins will have to serve three years of supervised release and will not be permitted to use any device capable of connecting to the Internet. Back in February, Vachon-Desjardins was sentenced to 6 years and eight months for similar charges in a court in Ontario.
Hackers breach scam sites to hijack crypto transactions
Bug exploitation now tops ransomware vectors
According to Secureworks, exploitation of internet-facing vulnerabilities accounted for 52% of ransomware incidents over the past 12 months. That makes bug exploits the number one initial access vector for ransomware, overtaking use of credentials, which is often associated with malicious emails and compromise of remote desktop protocol (RDP). Secureworks’ report states, “The process of patching a vulnerability in an enterprise environment is far more complex and slower than the process for threat actors or OST developers of weaponizing publicly available exploit code.”
CISA directive improves asset visibility and vuln detection
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) which will take effect on April 03, 2023. The new directive requires federal civilian executive branch (FCEB) agencies to perform automated asset discovery within the entire IPv4 space every seven days. Further, the directive calls for agencies to initiate vulnerability enumeration across all discovered assets every 14 days, and automatically load vuln data into the agency’s Continuous Diagnostics and Mitigation (CDM) dashboard within 72 hours of discovery. CISA’s latest directive comes on the heels of last month’s guidance aimed at helping developers improve software supply chain security.
DeVry launches nonprofit cyber grant
According to a recent report from RipRap Security, 59% of nonprofits have no cybersecurity training for their staff and 42% do not monitor their IT environment for security events. On Tuesday, DeVry University announced the launch of its Nonprofit Cyber Grant program which will provide cybersecurity training to a cohort of three professionals from Atlanta-area nonprofit organizations. DeVry will waive tuition and fees for its Cybersecurity Certificate program which includes 14 courses covering Infrastructure and Network Security, Ethical Hacking, Business Continuity, Data Privacy and Security and Risk Management.
Kim Kardashian should keep up with cyber fraud regulations
The SEC has fined reality TV star, Kim Kardashian, $1.26 million for failing to disclose earnings related to promotion of cryptocurrency products. Kardashian endorsed EMAX Tokens from EthereumMax and allegedly hid related earnings. Gary Gensler, the Chairperson of the SEC, confirmed the penalty and urged investors to do their own investment risk research instead of simply following the advice of influencers.
Suggest an edit to this article
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
- Voice ID: How Secure is it Really? - 2 March 2023
- Enterprise users infected by RIG Exploit Kit thanks to Internet Explorer - 27 February 2023
- Google Open-Source Vulnerability Scanning Tool - 18 February 2023