At a glance.
- Twitter investigates apparent data breach.
- Ransomware C2 staging discovered.
- A C2C offering that's restricted to potential privateers.
- CosmicStrand UEFI firmware rootkit is out in a new and improved version.
- Treating thieves like white hats?
- IBM on the cost of a data breach: automation pays, and so does incident response planning.
- Help wanted (C2C edition).
- Private-sector offensive actors.
- Pyongyang's [un]H0lyGh0st.
- Malicious macros may no longer be the royal road to compromise.
Twitter investigates apparent data breach.
Twitter is looking into the possibility that data from a breach are now being posted on the dark web. Restore Privacy traces the incident to reports in HackerOne back in January of a breach that had the potential of exposing user information even when that information was hidden in privacy settings. Twitter closed the vulnerability and paid the researcher who reported it a bug bounty. But it appears possible that the vulnerability has been exploited to collect a very large tranche of user data. Restore Privacy says that at least some of the data released as a teaser are authentic, and that the criminal who holds them (nom-de-hack "devil") is offering the database for sale. Bidding starts at $30 thousand.
9 to 5 Mac sees the principal risk in the compromised data as more plausible, more effective phishing campaigns. Twitter told the Record that it's investigating, but their comments focused principally on the January vulnerability disclosure. “We received a report of this incident several months ago through our bug bounty program, immediately investigated thoroughly and fixed the vulnerability. As always, we’re committed to protecting the privacy and security of the people who use Twitter,” a Twitter spokesperson said, after noting that the company was looking into the most recent claims. “We’re grateful to the security community who engages in our bug bounty program to help us identify potential vulnerabilities such as this. We are reviewing the latest data to verify the authenticity of the claims and ensure the security of the accounts in question.”