Social media giant Twitter has been in the headlines recently, notably for censoring a number of Donald Trump’s tweets to stop the spread of misinformation. But prior to the election result, one researcher claimed he was able to guess the president’s password, which was allegedly “maga2020!”. Victor Gevers also claimed he’d managed to gain access in 2016, and that it only took five attempts to gain access. Twitter has since denied the reports.
The release of the latest Nintendo Super Mario game was marred by hacking reports, giving new players a cause for concern. Some players were able to get an early copy of the game, and used this opportunity to find vulnerabilities in the system. Hackers even took the hardware apart and posted their findings on Twitter, with issues noted on settings such as languages.
Twitter has employed a known hacker to review its security policies. Peiter Zatko, known by his hacker name ‘Mudge’ was hired to tackle issues such as engineering problems and misinformation. He will undergo a 45 to 60-day review to recommend changes. Zatko has previously worked at electronic payments provider Stripe, and also for the Pentagon. The ‘white hat hacker’ will aim to prevent hacks such as those which affected Barack Obama – who was in targeted by ‘bitcoin hackers’.
A worrying trend which has seen companies as large as Tesla in the firing line is raising alarm bells for corporates. Hacking groups are now joining forces to take on larger corporates, using profit sharing arrangements, and creating playbooks or scripts to facilitate negotiation. Some attackers are even adopting a customer-friendly tone for negotiation. Approximately $1.4 billion was paid to ransomware attackers last year.
The US Treasury is warning businesses who pay ransomware attackers that they could be violating anti-money laundering and sanctions regulations. Their arguments have been supported by organisations like the Financial Crimes Enforcement Network and the Office of Foreign Assets. Instead, companies should take a risk-based compliance approach. The government said: “This also applies to companies that engage with victims of ransomware attacks, such as those involved in providing cyber insurance, digital forensics and incident response, and financial services that may involve processing ransom payments.”
Six tech experts have lent their thoughts on the latest in cybersecurity for Cybersecurity Awareness Month. Among their tips were having a key strategy in place, having a full understanding of all your vulnerable devices, keeping an eye out for phishing attacks, checking the security of the cloud, increasing employee training, and being careful with information sharing when working remotely.
