1. WHAT WE LEARNED WHEN TWITTER WHISTLEBLOWER MUDGE TESTIFIED TO CONGRESS BY ZACK WHITTAKER

Peiter Zatko, former head of security at Twitter recently turned whistleblower, testified in front of the Senate Judiciary Committee this past Tuesday. In Zack Whittaker’s summary of the hearing on TechCrunch, he outlines some of the key takeaways from Zatko’s statements, including how the FBI warned the company of a Chinese spy on their payroll, his claim that thousands attempted to hack the site on a weekly basis, and that the company employs insufficient access controls to users’ information. According to Zatko, "[the] fundamental lack of logging inside Twitter is a remnant of being so far behind on their infrastructure, the engineering, and the engineers not being given the ability to put things in place to modernize.”

Read more

2. MARITIME CYBERSECURITY IS FRONT AND CENTER IN COAST GUARD REAUTHORIZATION BILL BY CHRIS RIOTTA

The Coast Guard Authorization Act of 2022, which was introduced by a bipartisan group of lawmakers this past week, seeks to address numerous gaps in federal laws surrounding maritime cybersecurity including directing the Comptroller General to study cyber threats impacting the U.S. Marine Transportation System, mandating the Coast Guard to coordinate with the Cybersecurity and Infrastructure Security Agency (CISA) and the Maritime Administration (MARAD) on cybersecurity efforts, and providing maritime operators with tools needed to respond to cyber incidents. Read the full story from FCW to learn more about the newly introduced bill.

Read more

3. CONGRESSIONAL INQUIRY REVEALS SECRET CUSTOMS AND BORDER PROTECTION DATABASE OF U.S. PHONE RECORDS BY TONYA RILEY

According to a letter from Senator Ron Wyden’s office to Customs and Border Protection, the agency is conducting warrantless searches of the phones and other electronic devices of up to 10,000 Americans each year and uploading information from those devices to a massive government database, which is said to retain that data for up to 15 years. According to Lawrence Payne, a spokesperson for the agency, “CBP is currently reviewing whether additional information specific to border searches of electronic devices, may be made publicly available without negative impacts to law enforcement operations and national security.” Read the full story from CyberScoop for more information on what kinds of data are collected and how CBP is legally getting away with their operation.

Read more

4. IRANIANS HACKED US COMPANIES, SENT RANSOM DEMANDS TO PRINTERS, INDICTMENT SAYS BY JON BRODKIN

According to a recently unsealed indictment, three Iranian nationals—all of whom remain at large—were charged with hacking and sending ransoms through US-based networks. Victims included a US-based domestic violence shelter, which was forced to pay roughly $13,000 to regain access to their systems. Per the indictment, "a member of the conspiracy gained unauthorized access to the Domestic Violence Shelter's computer system and launched an encryption attack by activating BitLocker, thereby denying the Domestic Violence Shelter access to some of its systems and data." Read the full story from Ars Technica for more details on how the criminals carried out the attacks and who else was affected.

Read more

5. NEW MALWARE BUNDLE SELF-SPREADS THROUGH YOUTUBE GAMING VIDEOS BY BILL TOULAS

Those that turn to YouTube for FIFA, Final Fantasy, Forza Horizon, Lego Star Wars, and Spider-Man gameplay videos may want to keep a lookout for a new self-spreading malware bundle being spread through such videos. The malware bundle reportedly uploads malicious video tutorials to compromised accounts advertising fake cheats and cracks for popular video games, which actually serve to spread the malicious package further. Read more from Bill Toulas at BleepingComputer to find out more about how the malware bundle works and why it may be challenging for YouTube to identify.

Read more