Zack Whittaker reports: A hacker allegedly behind a spate of Twitter account hacks on Wednesday gained access to a Twitter “admin” tool on the company’s network that allowed them to hijack high-profile Twitter accounts to spread a cryptocurrency scam, according to a person with direct knowledge of the incident. The account hijacks hit some of the most prominent…
Category: Of Note
No-Log VPNs Exposed Users’ Logs and Personal Details for All to See
Ugh. vpnMentor reports: A group of free VPN (virtual private network) apps left their server completely open and accessible, exposing private user data for anyone to see. ….. Each of these VPNs claims that their services are “no-log” VPNs, which means that they don’t record any user activity on their respective apps. However, we found multiple…
Google Cloud steps up privacy, security with Confidential VMs and Assured Workloads
Stephanie Condon reports: Google Cloud on Tuesday announced two new security offerings designed for customers with highly-regulated or sensitive data that requires extra protection in the cloud. The first, Confidential VMs, is the initial product in Google’s Confidential Computing portfolio, which promises to let customers keep data encrypted while in use. The second, Assured Workloads for Government,…
Citrix denies dark web claim of network compromise and ransomware attack
Simon Sharwood reports: Citrix has taken the unusual step of rebutting dark web discourse that alleges its networks have been compromised. A Wednesday post penned by CISO Fermin J. Serna says the company is aware of “threat intelligence report circulated concerning claims made on the dark web by a threat actor alleging compromise of the Citrix network,…
SEC’s OCIE Issues Ransomware Risk Alert
Kate Hanniford of Alston & Bird writes: On July 10, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert noting the increasing sophistication of ransomware attacks on SEC registrants and service providers to SEC registrants. The Risk Alert is notable for its encouragement of financial services market participants more broadly and not just…
Whose data are these — and are they real? NightLion v. Troia, Round 2
July 28 — Please see the correction notice and update at the bottom of this post. On Sunday, a person or persons calling themself “NightLion” revealed that they had hacked DataViper.io. Data Viper is a service its founder, Vinny Troia, describes as “A Threat Intelligence Platform Designed To Provide Organizations, Investigators, And Law Enforcement With…