Tag Archive for: Silent

Twitter silent as hackers scam users with stolen high-profile verified accounts

/in


Looking at Jase Robertson and David Dayen, you wouldn’t think the two of them have much in common. Robertson is known for his time on the A&E reality TV show Duck Dynasty. He currently hosts a show on the conservative digital outlet TheBlaze. David Dayen is a longtime progressive journalist and executive editor for The American Prospect magazine.

However, over the past few weeks, tweets from both Robertson’s and Dayen’s Twitter accounts have been sharing the exact same messaging.

Jase Robertson hacked

A tweet from Jase Robertson’s hacked Twitter account.
Credit: Mashable Screenshot

“Hello twitter family !” begins the tweets posted to both accounts. “I have 10 MacBooks that I will personally sign myself , that you can purchase for $600 and free Shipping ! First come first serve basis , and all proceeds will be going to charity ! MY DMS ARE OPENED IF INTERESTED”

Included in each account’s tweets is the exact same photo of a MacBook Pro sitting on wood flooring. What’s going on here? Have Dayen and Robertson put their political differences aside and start an Apple reselling business?

No. They’ve been hacked, along with a slew of other legacy verified accounts on the social media platform. And, Twitter has been silent on the matter. 

Even though some of these accounts have been hacked for weeks now, Twitter has not suspended the accounts, allowing the hackers to scam users of thousands of dollars, if not more.

David Dayen's hacked Twitter account

A tweet from David Dayen’s hacked Twitter account.
Credit: Mashable Screenshot

Dayen tells Mashable that he was originally hacked last summer after clicking on a malicious link which provided bad actors with access to his account. He says his account was quickly suspended by Twitter then, well before Elon Musk acquired the company. When he regained access about a month later, Dayen quickly activated two-factor authentication on his account. Enacting this security measure should’ve made another hack extremely difficult to carry out.

However, here the @ddayen Twitter account is, just 6 months later, hacked and scamming the platform’s users.

Followers are falling for the scams

Mashable heard from at least one of Dayen’s followers who got scammed after seeing Dayen’s tweets. This person saw a tweet…

Source…

The resounding negative effects of silent patches

/in


The alert from the Zero Day Initiative (ZDI) announcing changes to its disclosure policy for ineffective patches has come at the perfect time. A recent yet alarming trend with silent patches has been brought to the surface, as the reduction in communications surrounding patches has been overlooked for quite some time. As a result, enterprises are losing their ability to accurately estimate the risk in their coordinated vulnerability disclosure (CVD) systems – further harming IT protectors.

The updates to ZDI’s policy are intended to incentivize vendors to correctly patch the first time around and effectively communicate patches to offer an accurate depiction of risk. While the need for shortened patch timelines for the public disclosure of vulnerabilities has become an urgent action, not everyone truly knows the hidden harm of silent patching and where to start.

To better grasp the concerns surrounding the matter, it’s important to understand three main areas: the history behind the silent patch, the repercussions of limiting researchers in the process, and how organizations must respond quickly and efficiently improve their patch rates and avoid long-term consequences.

What to know about the silent patch

To start, most major software vendors were once infamous for sweeping vulnerability reports under the rug, which made it challenging for researchers to report vulnerabilities. Bug reports from researchers were often housed in a quiet, unobserved space until, without notice, their proof-of-concept exploits no longer work. No credit, no explanation, no CVE ID – this was the standard silent patching model.

While this was the norm of a very standard plan – it’s very dangerous today, per the ZDI announcement. In most cases, when it comes to these software patches, many companies were not using exotic packers, nor were they employing anti-forensics. Despite any level of encryption of obfuscation of this patch data, it does eventually need to modify the code on the running software, exposing it to anyone with armed with a debugger and a disassembler. In these instances, there was a high risk for skilled exploit developers to sweep in and take advantage of patch…

Source…

Where is Edward Snowden? Whistleblower Silent Since Russia Invaded Ukraine

/in


Whistleblower Edward Snowden, who was granted asylum by Russia in 2013, has not tweeted since right after Vladimir Putin‘s February 24 invasion of Ukraine, despite previously being a prolific user of the social media platform.

Snowden would typically tweet to his 5.2 million followers several times a day. The last message he wrote was an ambiguous one on February 27, three days after the start of the war.

Snowden is a former computer intelligence consultant who leaked highly classified information from the National Security Agency (NSA) which revealed global surveillance programs. Hailed in equal measure as a hero and a traitor, his revelations sparked a global debate on the surveillance of citizens.

Computer security consultant Edward Snowden
Edward Snowden, who has been exile in Russia since 2013, has not tweeted since February 27. Pictured, Snowden on a connection from Russia during the Wired Next Fest 2019 at the Giardini Indro Montanelli on May 26, 2019 in Milan, Italy.
Rosdiana Ciaravolo/Getty Images

Wanted in the U.S. where he would face espionage charges, he was granted permanent Russian residency in 2020.

“I’m not suspended from the ceiling above a barrel of acid by a rope that burns a little faster every time I tweet, you concern-trolling ghouls,” he wrote in his last message which was retweeted 3,207 times and got more than 42,000 likes.

“I’ve just lost any confidence I had that sharing my thinking on this particular topic continues to be useful, because I called it wrong,” he added in the message in what was likely a reference to the war.

Users speculated as to its meaning in a thread. “I guess the rope snapped, because this Comrade Snowden’s last comment on a pretty big topic,” wrote one.

User Jimmy Sjolund wrote on March 12: “So, am I the only worried that @Snowden hasn’t written a tweet since the 27th of February?” Another said, “Missing from this tweet, after almost a full week of the…

Source…