Friday Five 9/16 | Digital Guardian

The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

Friday Five 9/16

by Robbie Araiza on Friday September 16, 2022

Contact Us
Free Demo

Twitter’s security scandal going from bad to worse and malware spreading through YouTube made headlines this week. Read about these stories and more in this week’s Friday Five!

1. What we learned when Twitter whistleblower Mudge testified to Congress by Zack Whittaker

Peiter Zatko, former head of security at Twitter recently turned whistleblower, testified in front of the Senate Judiciary Committee this past Tuesday. In Zack Whittaker’s summary of the hearing on TechCrunch, he outlines some of the key takeaways from Zatko’s statements, including how the FBI warned the company of a Chinese spy on their payroll, his claim that thousands attempted to hack the site on a weekly basis, and that the company employs insufficient access controls to users’ information. According to Zatko, "[the] fundamental lack of logging inside Twitter is a remnant of being so far behind on their infrastructure, the engineering, and the engineers not being given the ability to put things in place to modernize.”

Read more

2. Maritime cybersecurity is front and center in Coast Guard reauthorization bill by Chris Riotta

The Coast Guard Authorization Act of 2022, which was introduced by a bipartisan group of lawmakers this past week, seeks to address numerous gaps in federal laws surrounding maritime cybersecurity including directing the Comptroller General to study cyber threats impacting the U.S. Marine Transportation System, mandating the Coast Guard to coordinate with the Cybersecurity and Infrastructure Security Agency (CISA) and the Maritime Administration (MARAD) on cybersecurity efforts, and providing maritime operators with tools needed to respond to cyber incidents. Read the full story from FCW to learn more about the newly introduced bill.

Read more

3. Congressional inquiry reveals secret Customs and Border Protection database of U.S. phone records by Tonya Riley

According to a letter from Senator Ron Wyden’s office to Customs and Border Protection, the agency is conducting warrantless searches of the phones and other electronic devices of up to 10,000 Americans each year and uploading information from those devices to a massive government database, which is said to retain that data for up to 15 years. According to Lawrence Payne, a spokesperson for the agency, “CBP is currently reviewing whether additional information specific to border searches of electronic devices, may be made publicly available without negative impacts to law enforcement operations and national security.” Read the full story from CyberScoop for more information on what kinds of data are collected and how CBP is legally getting away with their operation.

Read more

4. Iranians hacked US companies, sent ransom demands to printers, indictment says by Jon Brodkin

According to a recently unsealed indictment, three Iranian nationals—all of whom remain at large—were charged with hacking and sending ransoms through US-based networks. Victims included a US-based domestic violence shelter, which was forced to pay roughly $13,000 to regain access to their systems. Per the indictment, "a member of the conspiracy gained unauthorized access to the Domestic Violence Shelter's computer system and launched an encryption attack by activating BitLocker, thereby denying the Domestic Violence Shelter access to some of its systems and data." Read the full story from Ars Technica for more details on how the criminals carried out the attacks and who else was affected.

Read more

5. New malware bundle self-spreads through YouTube gaming videos by Bill Toulas

Those that turn to YouTube for FIFA, Final Fantasy, Forza Horizon, Lego Star Wars, and Spider-Man gameplay videos may want to keep a lookout for a new self-spreading malware bundle being spread through such videos. The malware bundle reportedly uploads malicious video tutorials to compromised accounts advertising fake cheats and cracks for popular video games, which actually serve to spread the malicious package further. Read more from Bill Toulas at BleepingComputer to find out more about how the malware bundle works and why it may be challenging for YouTube to identify.

Read more

Tags: Vulnerabilities, Ransomware, Data Privacy

Recommended Resources

  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Robbie Araiza

Robbie is a Content Creator for the Data Protection team at HelpSystems. Prior to joining the organization, he studied psychology and social work at Texas State University in San Marcos, TX.