Twitter breach may be worse than first reported, a US college victimized by ransomware and more.
Welcome to Cyber Security Today. It’s Monday, November 28th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
A massive Twitter data breach reported earlier this year of information on 5.4 million Twitter users was worse than initially reported. According to the news site 9to5Mac, initially one hacker was suspected of exploiting a vulnerability, which exposed Twitter IDs, names, login names, phone numbers and email addresses of subscribers. But last week 9to5Mac reported that security researchers say multiple hackers downloaded personal data using that same hole. One researcher now says he’s found a new list with data on millions of Twitter users. The Bleeping Computer news site has seen some of this data and said it appears to be different from the 5.4 million list of names reported stolen earlier this year. That may not be the worst part of this. Bleeping Computer said that list of 5.4 million records stolen earlier this year is being given away for free to crooks on a hacker forum. In addition, there’s a stolen list floating around criminal circles of 1.4 million Twitter profiles of suspended users.
Telecommunications and video surveillance equipment made five by Chinese manufacturers have formally been declared an unacceptable risk to American national security. The decision, announced Friday by the Federal Communications Commission, bans gear from Huawei, ZTE, Hytera, Hikvision and Dahua and their subsidiaries. These companies had already been on what the FCC calls its Covered List for risky manufacturers for the past 19 months.
The Vice Society ransomware group has started posting what it says are documents stolen from Cincinnati State Technical and Community College in Ohio. According to a news site, the documents are dated as recently as November 24th. Their authenticity hasn’t been verified. As of Sunday, when this podcast was recorded, most IT services had been restored, but voicemail and network printing were among those that still were offline.
Almost every website has data trackers. These cookies, tracking pixels or scripts gather information about visitors from their browsers, and what people click on. This data can be used for benign reasons, like showing men ads for men’s products, or it can be sold to governments. The number of trackers can vary by site. You might expect retailers have more trackers on their sites than, for example, non-profit companies. But a recent test by researchers at NordVPN suggests the number of trackers may also reflect the attitude organizations in some countries have towards privacy. On average, the survey found websites of organizations based in Hong Kong had 45 trackers. Sites in the U.S. had the third-highest average number of trackers, with 33. Websites based in Canada had the eighth-highest number of trackers, with 16. You can limit what data trackers collect through the privacy settings in your browser, regularly deleting cookies, clearing your cache, enabling the browser’s “do not track” feature, using a privacy-focused browser, using the browser’s incognito windows and using a VPN.
For the past few years Dell has surveyed about 1,000 IT professionals in organizations around the world for its annual Data Protection Index. This year’s report has some disturbing numbers. Here are two of them: Forty-eight per cent of respondents said their organization couldn’t recover data this year after a cyber incident. That was up from an average of 36 per cent for the previous two years. Forty per cent said they couldn’t recover data this year regardless of the reason for the incident. That compared to an average of 26 per cent for the previous three years. These aren’t reassuring numbers for data recovery.
Another survey caught my eye, this one by OpenText on privacy attitudes and practices of consumers in 12 countries, including the U.S. and Canada. Just under 63 per cent of respondents said they share work related files on a personal file-sharing system like OneDrive or Dropbox. Why? Forty-four per cent said there is no company policy that forbids it. The other 18 per cent said they do it even though they aren’t supposed to. Here’s another finding companies should think about: Almost three-quarters of respondents said they have new concerns about how organizations are using their personal data since the pandemic began.
Finally, if you haven’t done so already make sure you’re running the latest version of the Chrome browser. Google issued an update last week to fix a zero-day flaw. The version you should be running now starts with 107 and ends with .122.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.