Tag Archive for: Privacy
Ransomware Group Uses Communication System of University | Robinson+Cole Data Privacy + Security Insider
Threat actors never cease to find innovative ways to extort their victims. If only threat actors would use their creativity for good causes.
This week, Bluefield University communicated with its students to be careful of texts sent through the University’s communication system after a ransomware group used the communication system to message the campus about a ransomware attack in progress.
According to reports, the ransomware group used the University’s communication system to “send threatening messages out to all of Bluefield University’s students and employees.” The message stated “We’re the Avoslocker ransomware. We hacked the university network to exfiltrate 1.2 TB of files. We have admissions data from thousands of students. Your personal information is at risk to be leaked on the dark web blog. Do not allow the university to lie about the severity of the attack.”
The students received a one-day reprieve from exams because of the ransomware attack.
The FBI identifies AvosLocker as a ransomware-as-a-service group that targets critical infrastructure, including financial services, critical manufacturing and government facilities.
[View source.]
Twitter’s new encrypted message feature criticized by security and privacy experts
Washington
CNN
—
Privacy and security experts widely panned a new feature that Twitter unveiled Wednesday that encrypts some direct messages between users, raising questions about the future of user safety on the platform.
Twitter’s early efforts at securing direct messages with encryption appear to be riddled with caveats, flaws and risks that may endanger users, the experts said after the company rolled out its initial release.
With the first iteration of the feature, only users who are paying subscribers to Twitter Blue or whose organizations have paid to be verified with the company may use encrypted messages.
In addition, encrypted messages may only be sent between two individuals, not groups. Encrypting images, video and other media is not supported. Both participants must either have exchanged direct messages in the past, or the recipient of an encrypted message must already follow the sender.
Perhaps most crucially, Twitter acknowledged that even with the encryption feature enabled, the company itself, and other third parties, can still potentially access user messages.
“I’m trying to be positive about Twitter deploying encrypted DMs even though there are so many things about this system that make it feel like a v0.1 release, or are just obnoxious,” said Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, in a tweet.
Twitter’s former chief information security officer, Lea Kissner, publicly pleaded with Twitter’s current engineering team to improve the feature quickly.
“Twitter folks, seriously. I left some design docs somewhere. Please use them,” Kissner said on Bluesky, a rival platform.
Twitter has described encrypted messaging as key to the company’s future of becoming “the most trusted platform on the internet.” But the rollout provides another example of how, under CEO Elon Musk, Twitter has forged ahead with significant changes to the platform over the warnings of independent researchers about potential unintended consequences…