At a glance.
- Twitter investigates apparent data breach.
- Ransomware C2 staging discovered.
- A C2C offering that's restricted to potential privateers.
- The minor mystery of GPS-jamming, or its absence, in an active theater of operations.
Twitter investigates apparent data breach.
Twitter is looking into the possibility that data from a breach are now being posted on the dark web. Restore Privacy traces the incident to reports in HackerOne back in January of a breach that had the potential of exposing user information even when that information was hidden in privacy settings. Twitter closed the vulnerability and paid the researcher who reported it a bug bounty. But it appears possible that the vulnerability has been exploited to collect a very large tranche of user data. Restore Privacy says that at least some of the data released as a teaser are authentic, and that the criminal who holds them (nom-de-hack "devil") is offering the database for sale. Bidding starts at $30 thousand.
9 to 5 Mac sees the principal risk in the compromised data as more plausible, more effective phishing campaigns. Twitter told the Record that it's investigating, but their comments focused principally on the January vulnerability disclosure. “We received a report of this incident several months ago through our bug bounty program, immediately investigated thoroughly and fixed the vulnerability. As always, we’re committed to protecting the privacy and security of the people who use Twitter,” a Twitter spokesperson said, after noting that the company was looking into the most recent claims. “We’re grateful to the security community who engages in our bug bounty program to help us identify potential vulnerabilities such as this. We are reviewing the latest data to verify the authenticity of the claims and ensure the security of the accounts in question.”