Tag Archive for: spam
Whistleblower: Twitter misled investors, FTC and underplayed spam issues
Twitter executives deceived federal regulators and the company’s own board of directors about “extreme, egregious deficiencies” in its defenses against hackers, as well as its meager efforts to fight spam, according to an explosive whistleblower complaint from its former security chief.
The complaint from former head of security Peiter Zatko, a widely admired hacker known as “Mudge,” depicts Twitter as a chaotic and rudderless company beset by infighting, unable to properly protect its 238 million daily users including government agencies, heads of state and other influential public figures.
Among the most serious accusations in the complaint, a copy of which was obtained by The Washington Post, is that Twitter violated the terms of an 11-year-old settlement with the Federal Trade Commission by falsely claiming that it had a solid security plan. Zatko’s complaint alleges he had warned colleagues that half the company’s servers were running out-of-date and vulnerable software and that executives withheld dire facts about the number of breaches and lack of protection for user data, instead presenting directors with rosy charts measuring unimportant changes.
The complaint — filed last month with the Securities and Exchange Commission and the Department of Justice, as well as the FTC — says thousands of employees still had wide-ranging and poorly tracked internal access to core company software, a situation that for years had led to embarrassing hacks, including the commandeering of accounts held by such high-profile users as Elon Musk and former presidents Barack Obama and Donald Trump.
In addition, the whistleblower document alleges the company prioritized user growth over reducing spam, though unwanted content made the user experience worse. Executives stood to win individual bonuses of as much as $10 million tied to increases in daily users, the complaint asserts, and nothing explicitly for cutting spam.
[Twitter to pay $150 million fine over deceptively collected data]
Chief executive…
How Do Spam and Spoofed Emails Impact Businesses?
Phishing, which involves tricking people into divulging sensitive information online, has been on the rise.
Attackers recently started sending spoofed emails designed to look like they’re coming from LinkedIn. They’re dressed with LinkedIn branding, which fools victims into clicking on links to fake websites where they’re prompted to enter their login credentials. The sites then send them to the real LinkedIn site, disguising the attack altogether.
SMTP Relay Service Attacks: An Overview
Do you know where your emails are coming from? Hackers are making it harder and harder to trust the emails arriving in inboxes every day, particularly because they have found ways to make malicious messages look like they’re coming from innocent—even trusted—sources.
These are called SMTP relay service attacks, and this is how they work:
SMTP, which stands for Simple Mail Transfer Protocol, is a system for transferring email from one server to another through the internet. SMTP servers are often protected with usernames and passwords, but when unprotected, they’re referred to as open SMTP relay servers, and these give attackers a distinct advantage. An open relay doesn’t identify the actual source of an email message, which makes it relatively easy for spammers to send a message that looks like it came from a legitimate source.
Even Gmail Isn’t Immune
According to a recent report, there has been “a massive uptick of these SMTP relay service exploit attacks in the wild, as threat actors use this service to spoof other Gmail tenants.” This means if you or your company uses Gmail, you may be susceptible to these kinds of attacks. Someone could send an email pretending it’s from you, which could be used to trick someone else into providing sensitive information.
Of course, Google won’t just let this slide. It said it will “display indicators showing the discrepancy between the two senders, to aid the user and downstream security systems.”
With or without Google’s help, it’s a good idea to protect yourself from spam and spoofed emails by understanding how they work, their impact, and how to prevent them.
How Do Spam and Spoofing Work?
Spam works by…
Local municipality fights ‘cyber security incident’ after flood of spam emails
Article content
Elgin County has hired outside consultant to help it recover from a “technical disruption” that’s downed its website and email system weeks after warning a “cyber security incident” had targeted the local government, The Free Press has learned.
Advertisement 2
Article content
The London-area local government’s website was down Friday as its information technology department and a third-party expert worked through the system-wide issue, the county’s top administrator said.
“We’re still determining the root cause,” chief administrator Julie Gonyou wrote in an online message exchange on Friday. “The website and external incoming/outgoing email are down while we assess the root cause of the technical disruption and work to resolve a number of technical issues.”
The website and email outage comes two weeks after Gonyou, in an internal memo to county staff reviewed by The Free Press, warned that officials were dealing with a “cyber security incident” and had brought in a consultant to help fix it.
Advertisement 3
Article content
In the memo emailed on March 31, Gonyou wrote county officials were concerned by a large amount of spam emails sent to Elgin County staff. Many of the emails contained malicious attachments or links and were sent from emails doctored to look like they were legitimate senders, Gonyou’s email noted.
The memo stated county officials were watching closely for any potential data breaches and warned it was possible the volume of spam emails could become unmanageable, forcing a temporary shutdown of the email system.
Elgin has cyber security insurance and is working with an adjuster for its insurance company, which has offered “resources and supports,” the internal email noted.
The cyber disruption is being felt across multiple Elgin County departments.
Advertisement 4
Article content
Officials with the…