Suspect in Major Twitter Hacker Arrested in Spain
Senators introduced cyber incident reporting bill, New flaws allow OS security restrictions bypass, Biden to meet with execs next month to talk cybersecurity, Chrome detects phishing 50X faster, more
Don’t miss out on our premium-only content. Plus, gain access to our archives. Become a premium supporter of Metacurity today!
Pursuant to a criminal complaint filed in federal court in the Northern District of California, authorities arrested British man Joseph O’Connor in the coastal resort town of Estepona, Spain, on an arrest warrant accusing him of involvement in a July 2020 hack of more than 130 Twitter accounts Prosecutors also accuse O’Connor of hacks that took over TikTok and Snapchat accounts, including “one of the most viewed and followed” TikTok stars.
The complaint charges O’Connor, who goes by the handle PlugWalkJoe, with crimes including cyberstalking, making extortive and threatening communications, and intentionally accessing a computer without authorization. (Matt O’Brien and Eric Tucker / Associated Press)
Related: Cyberscoop, ETTelecom.com, DataBreaches.net, Slashdot, The Record by Recorded Future, BBC News, The Guardian, Wall Street Journal, Miami Herald, CTVNews.ca, Marketwatch, The Chosun Ilbo, ZDNet Security, UPI.com, The Register - Security, MacDailyNews, iMore, SiliconANGLE, Engadget, Pocket-lint, NBC News Technology, The Verge, The Guardian, RT News, Forbes, Associated Press Technology, The Independent, TribLIVE, Tech Xplore, Washington Examiner, Cyber Kendra, USA Today, The Mac Observer, NBC News Technology, CNET News, CNBC
President Biden and his national security team plan to meet on August 25 with business executives about cybersecurity.
According to a National Security Council spokesperson, the meeting will focus on “how we can work together to collectively improve the nation’s cybersecurity.” (Eric Tucker / Associated Press)
Leaders of the Senate Intelligence Committee introduced the Cyber Incident Notification Act that would mandate cybersecurity incident reporting. The bill requires federal agencies, government contractors, and groups considered critical to national security, such as hospitals, utilities, financial services, and information technology groups, to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours.
The bill would grant liability protections to groups that report breaches and anonymize the personal information of the companies involved in the incidents to encourage reporting. (Maggie Miller / The Hill)
Two new vulnerabilities allow hackers who gain access to vulnerable systems to bypass OS security restrictions and access sensitive resources.
The first flaw, dubbed HiveNightmare, discovered by researcher Jonas Lykkegaard, with additional work by Benjamin Delpy, allows users with limited system privileges to read the contents of the security account manager on Windows 10 and 11 systems. This makes it possible to extract cryptographically protected password data, discover the password used to install Windows, and obtain the computer keys for the Windows data protection API, which can decrypt private encryption keys and create an account on the vulnerable machine. Microsoft said it is investigating the flaw.
The second security flaw, discovered by Qualys, is a Linux vulnerability that allows an untrusted user to gain unfettered system rights by creating, mounting, and deleting a deep directory structure with a total path length that exceeds 1GB and then opening and reading the
/proc/self/mountinfo file. Most versions of Linux are in the process of distributing a fix for this flaw. (Dan Goodin / Ars Technica)
Google Chrome now comes with up to 50 times faster phishing detection starting with the latest version 92, which Chrome promoted to the stable channel.
The Chrome 92.0.4515.107 release that's rolling out now also includes security updates addressing 35 high, medium, and low severity vulnerabilities. (Sergiu Gatlan / Bleeping Computer)
Researchers at Claroty’s Team82 discovered a series of vulnerabilities that have enabled them to demonstrate how malicious actors could abuse cloud-based management platforms when targeting industrial organizations.
The flaws affect CODESYS’s Automation Server platform, which enables organizations to manage industrial control systems (ICS) from the cloud, and some of WAGO’s programmable logic controllers (PLCs). (Eduard Kovacs / Security Week)
Researchers at ReversingLabs discovered that new npm malware had stolen credentials from the Google Chrome web browser using legitimate password recovery tools on Windows systems.
The malware also listens for incoming connections from the attacker's C2 server. It provides advanced capabilities, such as screen and camera access, directory listing, file lookup, file upload, and shell command execution. npm’s parent company Github said it removed the package under npm's acceptable use policy regarding malware. (Ax Sharma / Bleeping Computer)
Researchers at Check Point report that a new version of the old FormBook form-stealer and keylogger, now rebranded as XLoader and selling for $49 on hacker forums, has added Mac users to its hit list.
The malware is hard to detect, although malware tracker AnyRun offers instructions on how to detect XLoader. (Lisa Vaas / Threatpost)
Catholic Substack publication The Pillar used highly sensitive location data from a smartphone app to track and publicly harass Monsignor Jeffrey Burrill, the general secretary of the U.S. Conference of Catholic Bishops.
The publication used the location data to tie Burrill to Grindr and out him as a gay man. Burrill was forced to resign as a consequence. (Joseph Cox / Motherboard)
DNSFilter, a DNS content filtering, and threat protection solution provider, closed a $30 million Series A venture funding round.
The round was led by Insight Partners, with Techstars participating. (Kyle Wiggers / Venture Beat)
European bug bounty and vulnerability disclosure policy (VDP) platform YesWeHack raised €16 million (around $18.9 million) in Series B funding.
Banque des Territoires and Eiffel Investment Group led the round joined by YesWeHack’s Series A investors Normandie Participations and CNP Assurances. (Anto Guarin / EU Startups)
Cyber risk management company Safe Security raised $33 million in a venture funding round.
UK telco BT led the round. Existing investors, including former Cisco chairman and chief executive John Chambers, also participated in the round. (Carly Page / TechCrunch)
Microsoft announced that it acquired CloudKnox Security, a platform designed to protect resources and identities across multi-cloud and hybrid cloud environments.
The terms of the deal were not disclosed. (Kyle Wiggers / Venture Beat)