On Tuesday, regulators received a letter from Elon Musk’s legal team offering to proceed with the $44 billion Twitter buyout. The agreement would preempt a trial scheduled for October, related to Musk’s allegations of rampant bot accounts and security misgivings on the platform. The deal hinges on the receipt of debt financing, as well as the Delaware Chancery Court ceasing all other legal proceedings related to the deal. Twitter responded Tuesday, signaling their intent to close the original deal, however Twitter’s board indicates it will take its time to review the offer over fears of it being a legal ploy.
(AXIOS)
Republicans are criticizing the Biden administration for dragging its feet reviewing risks associated with TikTok potentially sharing US user data with the Chinese government. Republicans are vowing to conduct hearings on the matter should they win House or Senate majorities in the November midterm elections. James Lewis, head of the technologies program at the Center for Strategic and International Studies, called the risk TikTok poses debatable but agrees the White House response “has not been on a fast track.” TikTok has denied sharing any user data with the Chinese government and said it won’t do so, even if requested. Sources say the administration is close to finalizing a deal with TikTok that would include implementing a series of safeguards including storing all US user data on Oracle servers located in the US. Republicans say they will contest any agreement that doesn’t impose stringent safeguards.
(WSJ)
On Tuesday, a court in Tampa, FL sentenced former Netwalker ransomware-as-a-service affiliate, Sebastien Vachon-Desjardins, to 20 years in prison and ordered him to forfeit $21.5 million.The 34-year-old Canadian man was extradited from Quebec and plead guilty to a series of computer and wire fraud related crimes. After serving his prison sentence, Vachon-Desjardins will have to serve three years of supervised release and will not be permitted to use any device capable of connecting to the Internet. Back in February, Vachon-Desjardins was sentenced to 6 years and eight months for similar charges in a court in Ontario.
(Bleeping Computer)
In July, the FBI warned of a scam, dubbed ‘dApps’ (decentralized applications), that stole victims’ crypto investments by impersonating crypto mining services. A threat actor named ‘Water Labbu’ has been spotted injecting malicious JavaScript into the dApps scam sites. When an investor connects their wallet to the site, Labbu’s script detects whether the wallet contains a large amount of crypto holdings, and if so, attempts to steal it. Labbu has compromised at least 45 scam websites, making off with over $316,000.
(Bleeping Computer)
According to Secureworks, exploitation of internet-facing vulnerabilities accounted for 52% of ransomware incidents over the past 12 months. That makes bug exploits the number one initial access vector for ransomware, overtaking use of credentials, which is often associated with malicious emails and compromise of remote desktop protocol (RDP). Secureworks’ report states, “The process of patching a vulnerability in an enterprise environment is far more complex and slower than the process for threat actors or OST developers of weaponizing publicly available exploit code.”
(Infosecurity Magazine)
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) which will take effect on April 03, 2023. The new directive requires federal civilian executive branch (FCEB) agencies to perform automated asset discovery within the entire IPv4 space every seven days. Further, the directive calls for agencies to initiate vulnerability enumeration across all discovered assets every 14 days, and automatically load vuln data into the agency’s Continuous Diagnostics and Mitigation (CDM) dashboard within 72 hours of discovery. CISA’s latest directive comes on the heels of last month’s guidance aimed at helping developers improve software supply chain security.
(Infosecurity Magazine)
According to a recent report from RipRap Security, 59% of nonprofits have no cybersecurity training for their staff and 42% do not monitor their IT environment for security events. On Tuesday, DeVry University announced the launch of its Nonprofit Cyber Grant program which will provide cybersecurity training to a cohort of three professionals from Atlanta-area nonprofit organizations. DeVry will waive tuition and fees for its Cybersecurity Certificate program which includes 14 courses covering Infrastructure and Network Security, Ethical Hacking, Business Continuity, Data Privacy and Security and Risk Management.
(Cybersecurity Insiders)
The SEC has fined reality TV star, Kim Kardashian, $1.26 million for failing to disclose earnings related to promotion of cryptocurrency products. Kardashian endorsed EMAX Tokens from EthereumMax and allegedly hid related earnings. Gary Gensler, the Chairperson of the SEC, confirmed the penalty and urged investors to do their own investment risk research instead of simply following the advice of influencers.
(Cybersecurity Insiders)
Acting as a media network for cyber information and exchange, CISO Series is just a member of this fantastic community that unfortunately has some conflicts. We’re just putting ourselves at the center of the conversation, acting as couples counseling for security vendors and practitioners.
CISO Series: Delivering the most fun you’ll have in cybersecurity.
Contact us: info@cisoseries.com
© 2021 CISO Series