Tag Archive for: Leave

Twitter Reportedly Fires Head of Security, CISO to Leave

/in


Application Security
,
Fraud Management & Cybercrime
,
Next-Generation Technologies & Secure Development

Decision Based on Assessment of How the Firm was Being Led Says Memo Quoted By NYT

Prajeet Nair (@prajeetspeaks) •
January 22, 2022    

Twitter Reportedly Fires Head of Security, CISO to Leave
Departures possibly related to Twitter’s recent embrace of web3 technologies? (Source: ISMG Files)

Twitter has said it is firing Peiter Zatko, the network security expert that it hired late 2020 as head of security.

See Also: Zero Trust Webinar: Research Insights Exploring the Actionable, Holistic & Integrative Approach to Security

The changes in the security team followed “an assessment of how the organization was being led,” according to a company memo shared with The New York Times.

Zatko, known by the handle “Mudge,” gained fame as a member of the “Cult of the Dead Cow” ethical hacking collective in the 1990s and later moved to top cybersecurity research positions at the Defense Advanced Research and Projects Agency, aka DAPRA, and Google.

Twitter’s chief executive Parag Agarwal, who took over from Jack Dorsey in November, also announced that industry veteran Rinki Sethi, the chief information security officer, will be departing in the coming weeks. However, the company did not specify if the departure is voluntary.

Sethi in a tweet confirmed her departure and said, “It is with a heavy heart that I announce my impending departure from Twitter. Thanks to all of you that have reached out to check in with me, I appreciate all the kind words, thoughts and love being sent my way.”

Neither Sethi nor Zatko responded to…

Source…

Scrambling to counter a ransomware attack could leave you with egg on your face • The Register

/in


Sponsored When you read about security teams “scrambling” to respond to a ransomware attack, what do you think is the real problem?

Ransomware and other cyberattacks are, sadly, a given. But if you’re always “scrambling” or racing to counter the threat, perhaps you need to radically rethink your approach.

Having a plan to not just detect an attack, but to its impact, and to bring back only those files and data that are affected, means you’ll be far better placed to get your organisation back in business quickly. The alternative, after all, is to weigh up the costs of recovery time against just giving the attackers what they want.

So if you think the former approach makes sense, you should join the second episode of our Ransomware Remediation Masterclass Series, on October 21 at 11am, where the subject is “How to Detect and Analyse Ransomware Threats”.

Your host will be Tim Phillips, a master of defence in his own way. Tim will be joined by Rubrik’s Chris Beckett, who will be taking you step by step through the anatomy of a ransomware attack – and crucially what happens in the aftermath.

So, as well prepping you on how to spot the signs of an attack and how to assess the blast radius, Chris will also drill you on the actions you need to take at each stage to recover quickly.

And he’ll explain how the best defence intelligently leverages machine learning to fortify response tools.

Joining us is easy. Just register here, and we’ll make sure you’re reminded on the day.

We can’t guarantee you’ll be entirely safe from ransomware attacks in the future. But we can promise you’ll be far better informed about how to deal with them when they happen.

This article is sponsored by Rubrik.

Source…

Peloton security vulnerability could leave users open to hackers, researchers say

/in


“When your operating system on your computer boots up, it should be checking that that’s the operating system that it expects,” he said in an interview. “In this case, the Android operating system here used by Peloton on their Bike+ is really just failing that expected check.”

Without that check, Povolny said, the McAfee researchers could load their own customized operating system, giving them full control over every aspect of the $2,495 Bike+ from any remote setting.

“That’s where we talked about harvesting credentials, we talked about accessing the camera on the microphone and really anything that you can do on this operating system for the bike, that’s what they could do now, remotely,” he said.

This vulnerability was also present on Peloton Tread exercise equipment, McAfee confirmed.

The hacked Peloton equipment showed no signs of tampering, either or users or to engineers, Povolny said.

Importantly, McAfee found no evidence that the security flaw, which has been patched, had been exploited by hackers, he added.

The most likely scenario for such a hack, Povolny said, would be in a location like a gym or hotel, where there is open access to the bikes. Another possibility, he noted, would be somebody tampering with devices en masse in the supply chain, to then be sent out like “Trojan horses” into people’s homes or other settings.

“Supply chain stuff has really proliferated over the last couple of years, and that’s one of the reasons we felt it was really important to work with Peloton to get this one patched,” he said.

McAfee, which has also done research on the security of Tesla electric vehicles and medical devices, reported the security concern to Peloton through their Coordinated Vulnerability Disclosure program on March 2. McAfee operates under responsible disclosure, meaning they alert a vendor to a security issue and then offer them 90 days to respond before disclosing it publicly.

After working with McAfee for three months, Peloton pushed out a mandatory update to all of its machines to remedy the issue in June, effectively locking users out of the machine until they completed the update.

Source…

How ghost accounts could leave your organization vulnerable to ransomware

/in


Active accounts for people who have left your organization are ripe for exploitation, according to Sophos.

computer-ghost.jpg

Michael Borgers, Getty Images/iStockphoto

Cybercriminals can choose a variety of ways to infiltrate and compromise an organization as a prelude to ransomware. One tried and true method is to exploit an admin account. And if it’s an account that’s no longer being used by an employee but is still available, so much the better. A report released Tuesday by security provider Sophos explains how one of its customers was hit by ransomware due to a ghost account.

SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic)

The attack

An unidentified Sophos customer contacted the company after a ransomware attack affected more than 100 of its systems. Using the Nefilim (aka Nemty) ransomware, the attackers had compromised a high-level admin account a month before the actual attack, according to the Sophos Rapid Response team.

After gaining access to the account, the attackers spent the month poking around the network where they ended up stealing the credentials for a domain admin account. Upon finding the files they could hold as hostage, they were able to exfiltrate hundreds of gigabytes of data and then carry out the attack.

“Ransomware is the final payload in a longer attack,” Peter Mackenzie, manager for Sophos Rapid Response, said in the report. “It is the attacker telling you they already have control of your network and have finished the bulk of the attack. It is the attacker declaring victory.”

Sophos said that the Rapid Response team knew that criminals who use the Nefilim ransomware typically gain network access through vulnerable versions of Citrix or Microsoft’s Remote Desktop Protocol. In this case, the attackers exploited Citrix software to compromise the admin account and then used the Mimikatz password extraction tool to steal the credentials for the domain admin account.

But the real point of the story lies in the…

Source…