Twitter's former head of security, Peiter Zatko, told Congress that company executives ignored security risks for their own profit. Zatko was hired in 2020 to oversee cyber security at the company but was fired not long after due to a management decision. More: - Zatko has publicly criticized Twitter for ignoring security protocols and reportedly putting users at risk.
- The programmer has filed a 90-page-long whistleblower complaint, even after reaching a $7M settlement with Twitter back in June 2022.
- Zatko testified in front of Congress today, claiming that Twitter has tolerated wrongful behavior by its employees, has ignored security recommendations, and has had foreign agencies steal data.
- The U.S. Senators who heard the testimony stated that they are going to address this issue by creating legislation that matches the importance of this topic.
Zoom Out: - Elon Musk has used Zatko's claims to bolster his case in his legal battle with Twitter, as the Tesla CEO has publically stated that he wants to backtrack on his acquisition offer for the social media app.
- A former Twitter employee has been previously found guilty on charges of espionage.
| |
A man in New York has been sentenced to 12 years in prison for selling stolen children's identities, all of whom were on social welfare. The man was using the information as part of a tax fraud ring. More: - Ariel Jimenez is believed to have caused millions in damages.
- Law authorities claimed that he is responsible for selling names, Social Security numbers, and dates of birth to clients.
- By having this information, these individuals would falsely claim that those children were dependent on them to receive tax refunds.
- The man started the fraud ring in 2007 and is believed to have made millions of dollars.
- The judge in charge of this case has ordered him to pay $14M in damages, turn over numerous properties, and pay over $44M in restitution.
| |
 A message from SECURITY COMPASS This is your show developers! Come and interact with our panel through questions or advice on how we can all improve developer-centric threat modeling. What to expect: Earlier this year, Security Compass ran a survey that probed the mind of developers. During this webinar, we'll be discussing our findings with security experts who live in the developer and threat modeling space. What you will learn: - The connection between developer user stories or requirements, coding, and threat modeling.
- How to keep up with the ongoing discovery of software weaknesses.
- Practical advice for developers is to stay current on threat modeling practices.
When: September 14, 2022, at 11am EST Whether you are a developer, lead, architect, or thread modeler, this webinar will leave you with something to think about. Register Here
| |
Iranian hackers are targeting numerous governments and organizations in Asia. This hacking campaign has been active since early 2021. More: - The hacking campaign is targeting the finance, aerospace, defense, IT, and telecom sectors.
- These hackers are using DLL side-loading as a threat vector. This method takes advantage of security flaws in Windows systems by tricking them into opening malicious files instead of safe files.
- Targets are hit by malware that is able to bypass security protocols and launch Remote Access Trojans in addition to the DLL attacks.
- Besides the DLL Windows flaw, the threat actor is taking advantage of another Windows flaw known as the ProxyLogon Server vulnerability. This bug allows hackers to gain remote access privileges by pretending to be the admin of the targeted device.
Zoom Out: - Iranian hackers are believed to have recently breached Albania, causing the country's national digital document infrastructure E-Albania to shut down. Furthermore, state-backed hackers breached the country's digital border checking system known as TIMS.
- As a result, Albania has cut its diplomatic ties with the country, while the U.S. has introduced sanctions.
- The Iranian government has denied being involved with the hacking campaign.
| |
Cybersecurity company Celerium has acquired Dark Cubed. The latter provides defense services for small and medium-sized businesses as well as U.S. government contractors. More: - Dark Cubed offers security threat detection through its SaaS platform.
- The software can be used by its clients within minutes without having to download or use any staff to operate it.
- Dark Cubed focuses on providing security services for contractors who work with the U.S. Department of Defense.
- Celerium acquired the company for an undisclosed amount.
- Dark Cubed will launch a training program for small and medium-sized businesses that will prepare employees in these companies to utilize the best security hygiene practices.
| |
 A message from SECURITY COMPASS Current approaches to software threat modeling simply don’t work. They are manual, inconsistent, take too long, don’t scale, and don’t give developers what they need. When software security and compliance are considered more as an afterthought, rather than a vital step in the development process, organizations end up trying to remediate security and compliance issues after software has been written, rather than preventing issues in the first place. Here you can find a series of posts breaking down how you can anticipate threats earlier in the software development life cycle to create more secure and compliant software. Empower DevSecOps teams to make software secure and compliant by: - Design through automating threat modeling
- Generating application security requirements
- Providing secure development
- Compliance best practices.
The SD Elements platform is the best solution for organizations who need to scalably model software threats, identify countermeasures, and deliver secure, compliant code quickly. Download the whitepapers
| |
Windows has released new security updates for its Windows 10 operating system. The updates patched over 60 security flaws. More: - The updates also include flaws that are affected by security risks but are not tracked as security patches. These flaws are officially tracked as the KB5017308 and KB501731.
- These updates affect versions 21H2, 21H1, 20H2, and 1809 but are unavailable for Windows 2004 or 10 1909.
- Some of the issues that this update fixes are:
- The ability for IT admins to remotely manage language-related features on a Windows 10 device and increased protection from ransomware Game installation fails,
- BitDefender launch errors, and
- Icon color errors.
- Out of the 63 patched flaws, Microsoft listed five of them as critical.
Zoom Out: - Microsoft flaws have been abused numerous times by threat actors this year. Weeks ago, a Microsoft OneDrive flaw was used by a Russian-based threat actor to breach targets.
- The company launched its cybersecurity services division this year, offering cybersecurity consulting for businesses and governments around the world. Microsoft has also helped Ukraine migrate its digital infrastructure to the Azure cloud system.
| |
Quick Hits: - Join ClickUp For Startups to scale success with hands-on support and free resources. Qualifying startups get $3,000 in credit.*
- Iranian hackers have been tracked targeting individuals that are involved in nuclear energy research. The hacking campaign was launched in June 2022.
- Kosovo has been hit by a cyberattack yet again. Days after threat actors hit government websites with DDoS attacks, the country's national telecom company was hit by a cyberattack from unknown threat actors, causing it to shut down its services for thousands of users. The breach reportedly showed footage of Ukraine being hit by the Russian army and cities being destroyed afterward.
- Hackers have leaked the private data of 150,000 customers of Portugal's TAP airline company. The cyberattack was carried out by the Ragnar Locker ransomware group, which has threatened to leak even more data in the upcoming days.
- Members of the hdr0 hacker group are claiming that they've been able to breach Russian TV channels.
*This is sponsored content.
| |
Upcoming events at Inside: - September 14 - What Do Developers Think of Threat Modeling? (feat. security experts from Security Compass, Dell, and Tricentis) (Register Here) *
- September 14 - AMA with Brian Dean (Founder of Backlinko) (Register Here)
- September 21 - Hired's Navigating Market Uncertainty: The State of Tech Hiring Webinar (Register Here) *
- September 21 - AMA with Kristen Ruby (Founder of Ruby Media Group) (Register Here)
- September 28 - AMA with Leigh-Ann Buchanan (Founder of aīre ventures) (Register Here)
- October 05 - AMA with Ram Bartov (Chief Accounting Officer at TripActions)* (Register Here)
- October 11 - AMA with Mike Malone (Smallstep) (Register Here)
- October 12 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here)
- October 19 - AMA with Zecca Lehn (Responsibly VC) (Register Here)
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
*This is a sponsored listing.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Register to learn What Do Developers Think of Threat Modeling? | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |
