CNBC: Twitter says security flaw may have exposed Android users’ direct messages. “Twitter on Wednesday disclosed a new security vulnerability that may have exposed the direct messages of users who access the service using Android devices. Specifically, the vulnerability could have exposed the private data of Twitter users running devices with Android OS versions 8 and 9, the company said.”
security
The Verge: Alleged Twitter teen hacker’s hearing got zoombombed big time
The Verge: Alleged Twitter teen hacker’s hearing got zoombombed big time. “Judge Christopher Nash spent more time rapidly force-ejecting trolls than he did delivering his decision — which, by the way, was to keep Clark’s bail at $725,000, over six times the $117,000 in bitcoin he’s said to have gotten from the Twitter scam. While the judge did have to approve each attendee that joined, there was no way for him to tell from their usernames that they weren’t journalists or well-meaning members of the public, and he explained that Florida is supposed to allow them to attend.”
US Department of Justice: Pasadena Man Indicted by Grand Jury in Cyberstalking Case Alleging Online and Mailed Threats to Injure, Rape and Kill 10 Victims
US Department of Justice: Pasadena Man Indicted by Grand Jury in Cyberstalking Case Alleging Online and Mailed Threats to Injure, Rape and Kill 10 Victims. “A federal grand jury this afternoon returned a 26-count indictment that charges a Pasadena man with making a series of detailed threats to harm, rape and kill 10 victims he met in various social and business settings. Samuel Trelawney Hughes, 31, who is a citizen of the United Kingdom, was charged with seven counts of stalking, nine counts of making online threats, three counts of mailing threatening communications, and seven counts of witness tampering.”
CyberSocial: A right-wing social network reported a potential breach. Then it went dark. What happened at AllSocial?
CyberScoop: A right-wing social network reported a potential breach. Then it went dark. What happened at AllSocial?. “AllSocial was an emerging social media network that garnered more than a million users, in part by alluding to the unfounded claim that existing sites like Facebook and Twitter censor conservative political thought. AllSocial users could connect with new friends with the understanding the site would never limit how far a user’s posts would spread based on their politics, an apparent reference to allegations that Republicans repeatedly have made against Facebook and Twitter…. The site and its two mobile apps have been down for more than a month, though, after the revelation that an outsider had claimed to access AllSocial’s proprietary source code.”
Twitter hack: Three charged for alleged roles, including 17-year-old ‘mastermind’ (USA Today)
USA Today: Twitter hack: Three charged for alleged roles, including 17-year-old ‘mastermind’. “Three people, including a 17-year-old Tampa teen, face charges linked to the largest breach ever on Twitter, affecting the accounts of verified figures including Bill Gates and former President Barack Obama. In a statement released Friday, the Hillsborough State Attorney’s Office in Florida said the teen was the ‘mastermind’ behind the hack, which involved posting messages on high-profile Twitter accounts soliciting bitcoin.”
US Department of Justice: Malware Author Pleads Guilty for Role in Transnational Cybercrime Organization Responsible for more than $568 Million in Losses
US Department of Justice: Malware Author Pleads Guilty for Role in Transnational Cybercrime Organization Responsible for more than $568 Million in Losses. “Valerian Chiochiu, aka ‘Onassis,’ ‘Flagler,’ ‘Socrate,’ and ‘Eclessiastes,’ 30, pleaded guilty before U.S. District Court Judge James C. Mahan in the District of Nevada. Chiochiu is a national of the Republic of Moldova, but resided in the United States during the period of the conspiracy. His plea came just over a month after the co-founder and administrator of Infraud, Sergey Medvedev of Russia, separately pleaded guilty on June 26. Sentencing for Chiochiu has been scheduled for Dec. 11.”
Reuters: Local U.S. election officials fight disinformation ‘virus’, whether from overseas or Trump
Reuters: Local U.S. election officials fight disinformation ‘virus’, whether from overseas or Trump. “On a recent Zoom call, Ohio Secretary of State Frank LaRose, the state’s top election official, ran through slides showing altered Facebook photographs, misleading tweets from the last presidential election and photographs of Russian hackers.”
OneZero: The Era of DNA Database Hacks Is Here
OneZero: The Era of DNA Database Hacks Is Here. “On the morning of July 19, hackers accessed the online DNA database GEDmatch and temporarily allowed police to search the profiles of more than 1 million users that were previously not accessible to law enforcement. GEDmatch is a genealogy tool that allows users to upload their DNA profiles generated from genetic testing services like 23andMe, Ancestry, and MyHeritage and search for relatives. It took three hours until GEDmatch became aware of the breach and pulled the site offline completely. Users have to give permission for their profiles to be included in police searches, but the breach overrode privacy settings and made user profiles on the site visible to all other users, including law enforcement officials who use the site.”
Bleeping Computer: Newsletter plugin bugs let hackers inject backdoors on 300K sites
Bleeping Computer: Newsletter plugin bugs let hackers inject backdoors on 300K sites. “The vulnerability was found in the Newsletter WordPress plugin that provides the tools needed to create responsive newsletter and email mail marketing campaigns on WordPress blogs using a visual composer. Newsletter has already been downloaded over 12 million times since it was added to the official WordPress plugin repository and is now installed on more than 300,000 sites.”
CNET: Democrats are warned that hackers are after their Facebook accounts, report says
CNET: Democrats are warned that hackers are after their Facebook accounts, report says. “An alert from the committee’s security team, reported by CNN, said emails designed to look as if they’re from Facebook tell users that their pages have been deactivated because of a term violation. The email then directs those users to a fake Facebook website, where they’re told to provide personal information to appeal the deactivation.”
Google Blog: A partnership with ADT for smarter home security
Google Blog: A partnership with ADT for smarter home security. “Today, we’re announcing a long-term, strategic partnership between Google and ADT, a leading U.S. security and home automation provider. Together, we aim to create the next generation of the helpful home—based on new security solutions that will better protect and connect people to their homes and families.”
BetaNews: Ancestry. com claims no harm from security vulnerability in Family Tree Maker
BetaNews: Ancestry.com claims no harm from security vulnerability in Family Tree Maker. “If you’re at all familiar with genealogy then you’ll likely know both Ancestry and Family Tree Maker — they an integral part of the pastime. Unfortunately, independent review site WizCase recently discovered an open and unencrypted ElasticSearch server that belonged to Software MacKiev, the owners of Family Tree Maker. The leak exposed thousands of records including email addresses, user locations, and other sensitive personal information. FTM was owned by Ancestry.com until 2016 when Software MacKiev took it over, and the software is still used to upload databases to the Ancestry online trees.”
Bleeping Computer: Startups disclose data breaches after massive 386M records leak
Bleeping Computer: Startups disclose data breaches after massive 386M records leak. “This week, BleepingComputer was the first to report that ShinyHunters, a threat actor known for data breaches, began to leak the stolen databases of eighteen web sites for free on a hacker forum. Most of the companies targeted by these attacks appear to be startups, with the full list of the 18 data breaches and their updated disclosure status are listed below.”
The Verge: US files expanded charges against former Twitter employees accused of espionage
The Verge: US files expanded charges against former Twitter employees accused of espionage. This is NOT the recent big hack; it’s from before. “The US has filed new and expanded charges against two former Twitter employees and a third individual for allegedly spying on behalf of the government of Saudi Arabia. The three men have now been charged with acting as agents of a foreign government, conspiracy to commit wire fraud, and wire fraud. One individual, former Twitter employee Ahmad Abouammo, was also charged with three counts of money laundering and falsification of records to obstruct the investigation.”
BetaNews: Huge BootHole flaw in GRUB2 bootloader leaves millions of Windows and Linux systems at risk from hackers
BetaNews: Huge BootHole flaw in GRUB2 bootloader leaves millions of Windows and Linux systems at risk from hackers. “A serious vulnerability dubbed BootHole has been discovered in the GRUB2 bootloader. Millions of systems run the risk of being exposed to hackers — primarily those running Linux, but Windows is also affected.”
