Twitter data of “+400 million unique users” up for sale – what to do?
Hot on the heels of the LastPass data breach saga, which first came to light in August 2022, comes news of a Twitter breach, apparently based on a Twitter bug that first made headlines back in the same month. According to a screenshot posted by news site Bleeping Computer, a cybercriminal has advertised: I’m selling…
When CISOs Are Ready to Hunt
Like a member of any profession, a chief information security officer (CISO) grows into their role. They exhibit a maturity curve that can be roughly split into five attitudes: Protection: When a CISO first steps into their role, they look to perfect the basics and build a fortress for themselves in the form of firewalls,…
US DOJ Reportedly Investigates FTX Hack
The U.S. Department of Justice is reportedly investigating the theft of nearly $400 million from FTX. The crypto exchange disclosed in November the day after it filed for bankruptcy that “unauthorized access” had led to the theft. The criminal investigation is separate from the fraud case Justice is pursuing against company co-founder Sam Bankman-Fried, Bloomberg…
LastPass revealed that encrypted password vaults were stolen
In August password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical information. In response to the incident, the company deployed containment and mitigation measures and implemented additional enhanced…
$275M Fine for Meta After Facebook Data Scrape
Following the discovery of a data set of Facebook user personal data available on the Internet, the European Union’s Data Protection Commission (DPC) has found Meta Platforms Ireland Ltd. (MPIL) in violation of General Data Protection Regulation rules, fining the platform $275 million (€265 million), and requiring the company to make cybersecurity changes. The breached…
California County Says Personal Information Compromised in Data Breach
The incident, Tehama County says, was identified on April 9, but the investigation into the matter stretched to August 19, when it was determined that personally identifiable information (PII) was compromised. The investigation revealed that an unauthorized third-party had access to the county’s systems between November 18, 2021, and April 9, 2022, and that files…
Major Security Breach From Business Users’ Low-Code Apps Could Come in 2023, Analysts Warn
In a recent report, Forrester analysts warned of a looming major security breach at a large enterprise in 2023 rooted in business users using low-code/no-code (LCNC). The first part of this prediction is, unfortunately, a shared industry assumption: It would be surprising if we had an entire year without major headline security breaches. But the…
War ‘Wake-up Call’ Spurs EU to Boost Cyber, Army Mobility
“I think it’s a wake-up call for all of us. We must reinforce our ability to defend ourselves and also to defend our values,” European Commission Executive Vice-President Margrethe Vestager told reporters. The proposals aim to identify gaps in European infrastructure — such as roads, bridges, rail lines, ports or airports incapable of handling heavy…
NSA Publishes Guidance on Mitigating Software Memory Safety Issues
Caused by how programs manage or allocate memory, logic errors, incorrect order of operations, or the use of uninitialized variables, software memory safety issues are often exploited for remote code execution (RCE). Representing the most common cause of vulnerabilities in many cases (Microsoft and Google blame memory safety issues for 70% of their bugs), memory…
Balancing Security Automation and the Human Element
I’ve written about both topics from many angles and now, as the industry becomes more focused on automation as a cornerstone of effective security, the secret to making meaningful progress in both areas is to leverage the symbiotic relationship between them. In other words, using automation to make your people more efficient, and using your…
