Twitter’s Security Fell Short Before Hack Targeting Celebrities, Regulator Says | Technology News

NEW YORK (Reuters) – Twitter Inc suffered from cybersecurity shortfalls that enabled a “simple” hack attributed to a Florida teenager to take over the accounts of several of the world’s most famous people in July, according to a report released on Wednesday.

The report by New York’s Department of Financial Services also recommended that the largest social media companies be deemed systemically important, like some banks following the 2008 financial crisis, with a dedicated regulator monitoring their ability to combat cyberattacks and election interference.

“That Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer,” said Linda Lacewell, the financial services superintendent.

Twitter did not immediately respond to a request for comment. It has acknowledged that some employees were duped into sharing account credentials prior to the hack.

New York Governor Andrew Cuomo ordered a probe following the July 15 hack of celebrity Twitter accounts, in an alleged scam that stole more than $118,000 in Bitcoin.

Those whose accounts were hacked included U.S. presidential candidate Joe Biden; former President Barack Obama; billionaires Jeff Bezos, Bill Gates and Elon Musk; singer Kanye West, and his wife Kim Kardashian, the reality TV star.

Lacewell said hackers obtained log-in credentials after calling several employees, pretending to work in Twitter’s information technology department, and claiming to be responding to problems with the company’s Virtual Private Network, which had become common because employees were working from home.

“The extraordinary access the hackers obtained with this simple technique underscores Twitter’s cybersecurity vulnerability and the potential for devastating consequences,” the report said.

Twitter’s lack at the time of a chief information security officer also made the San Francisco-based company more vulnerable, the report said.

Florida prosecutors said Graham Ivan Clark was the mastermind behind the hack, and charged the 17-year-old Tampa resident as

Activating validation services for route origin, TWNIC continues to safeguard Internet routing security with RPKI

Activating validation services for route origin, TWNIC continues to safeguard Internet routing security with RPKI

People are growingly reliant on the Internet for work, school and daily activities. The impact to people’s life will be unthinkable should the Internet suddenly stop working. Border Gateway Protocol (BGP) is one of the key elements that allow the Internet to maintain smooth operation. BGP hijacking, whether as a result of intentional attack by hackers or unintentional configuration errors, causes disruption to Internet services and even threats to information security. There can be serious consequences, so every government agency, private corporation and individual are obligated to prevent this from happening.

The Taiwan Network Information Center (TWNIC) has been actively promoting Resource Public Key Infrastructure (RPKI) with an aim to enhance Internet routing security since the official signing of TWNIC RPKI Certificate Authority (CA) with the Asia Pacific Network Information Center (APNIC) on September 28, 2018. This is to address security concerns caused by IP address prefix errors. Using RPKI, legitimate holders of number resources are able to control the operation of Internet routing protocols to prevent route hijacking and other attacks.

After two years of efforts, 98% of Taiwan’s IP address holders have completed the setting of RPKI Route Origin Authorization (ROA) in routers, the highest rate among the top 100 on the list of countries by IP address allocations. This marks the successful completion of TWNIC’s phase-one work of the RPKI project. To mark the achievement and to kick off the second phase of the project, TWNIC held Taiwan RPKI Day on September 28, 2020. At the event, TWNIC launched the RPKI Validator service and 46 IP members connected to the Validator server to test the service. They activated the RPKI function of the routers and connected to the TWNIC Validator server, after

JFrog Launches Free Subscription to Multi-Cloud DevOps Platform with Built-in Open Source Security Scanning

Development teams can accelerate delivery with universal package management, DevSecOps tools and cloud-native CI/CD solutions across major cloud providers

The JFrog Platform Free Subscription

JFrog launches a free subscription to its Multi-Cloud DevOps platform with built-in open source security scanning.
JFrog launches a free subscription to its Multi-Cloud DevOps platform with built-in open source security scanning.
JFrog launches a free subscription to its Multi-Cloud DevOps platform with built-in open source security scanning.

SUNNYVALE, Calif., Oct. 13, 2020 (GLOBE NEWSWIRE) — JFrog, the liquid software company, today announced the general availability of a free subscription of its universal, hybrid and multi-cloud DevOps Platform, including industry-leading DevSecOps capabilities offered at no cost.

The JFrog Platform is used by some of the largest enterprises in the world to streamline and accelerate their delivery. Available on all major public cloud providers—AWS, Microsoft Azure, and Google Cloud Platform— and across 18 cloud regions, the free subscription of the JFrog Platform includes:

  • JFrog Artifactory, a universal software package (binary) management solution and enterprise container registry in one, supporting more than 26 technologies.

  • JFrog Xray, enabling DevSecOps with the industry-leading SaaS solution for OSS vulnerability scanning. Paid subscriptions also include OSS license compliance and additional, advanced security capabilities powered by VulnDB.

  • JFrog Pipelines, a next-generation CI/CD solution for both traditional and cloud-native applications.

  • Users receive free access to the critical building blocks for enterprise-grade end-to-end DevOps, with up to 2GB of storage, 10GB of monthly data transfer and 2,000 CI/CD pipeline minutes per month.

“The community deserves a solution that provides the combination of best-of-breed experience built into an end-to-end platform for all DevOps and DevSecOps needs. No need to worry about package types, security threats or user limit hassles – it’s just a simple, yet powerful and free DevOps solution,” said Shlomi Ben Haim, CEO at JFrog. “JFrog was built by developers for developers and it’s important to

Orca Security Research Reveals How Software Industry Unwittingly Distributes Virtual Appliances with Known Vulnerabilities

NEWS HIGHLIGHTS

Software vendors are often distributing their wares on virtual appliances with exploitable and fixable vulnerabilities, and running on outdated or unsupported operating systems:

  • The Orca Security research study found 401,571 total vulnerabilities in scanning 2,218 virtual appliance images from 540 software vendors.

  • The research has started to move the cloud security industry to a safer future. Since alerting vendors of these risks, 287 products have been updated and 53 removed from distribution, leading to 36,938 discovered vulnerabilities being addressed.

  • For example, Dell EMC issued a critical security advisory; Cisco published fixes to 15 found security risks; and IBM, Symantec, Kaspersky Labs, Oracle, Splunk, ZOHO and Cloudflare all removed outdated or vulnerable virtual appliances.

The “Orca Security 2020 State of Virtual Appliance Security” report found that as evolution to the cloud is accelerated by digital transformation across industries, keeping virtual appliances patched and secured has fallen behind. The report illuminated major gaps in virtual appliance security, finding many are being distributed with known, exploitable and fixable vulnerabilities and on outdated or unsupported operating systems.

To help move the cloud security industry towards a safer future and reduce risks for customers, Orca Security analyzed 2,218 virtual appliance images from 540 software vendors for known vulnerabilities and other risks to provide an objective assessment score and ranking.

Virtual appliances are an inexpensive and relatively easy way for software vendors to distribute their wares for customers to deploy in public and private cloud environments.

“Customers assume virtual appliances are free from security risks, but we found a troubling combination of rampant vulnerabilities and unmaintained operating systems,” said Avi Shua, Orca Security CEO and co-founder. “The Orca Security 2020 State of Virtual Appliance Security Report shows how organizations must be vigilant to test and close any vulnerability gaps, and that the software industry

How the architecture of new home security vision systems affects choice of memory technology

A camera or a computer: How the architecture of new home security vision systems affects choice of memory technology

A long-forecast surge in the number of products based on artificial intelligence (AI) and machine learning (ML) technologies is beginning to reach mainstream consumer markets.

It is true that research and development teams have found that, in some applications such as autonomous driving, the innate skill and judgement of a human is difficult, or perhaps even impossible, for a machine to learn. But while in some areas the hype around AI has run ahead of the reality, with less fanfare a number of real products based on ML capabilities are beginning to gain widespread interest from consumers. For instance, intelligent vision-based security and home monitoring systems have great potential: analyst firm Strategy Analytics forecasts growth in the home security camera market of more than 50% in the years between 2019 and 2023, from a market value of US$8 billion to US$13 billion.

The development of intelligent cameras is possible because one of the functions best suited to ML technology is image and scene recognition. Intelligence in home vision systems can be used to:
– Detect when an elderly or vulnerable person has fallen to the ground and is potentially injured
– Monitor that the breathing of a sleeping baby is normal
– Recognise the face of the resident of a home (in the case of a smart doorbell) or a pet (for instance in a smart cat flap), and automatically allow them to enter
– Detect suspicious or unrecognised activity outside the home and trigger an intruder alarm

These new intelligent vision systems for the home, based on advanced image signal processors (ISPs), are in effect function-specific computers. The latest products in this category have adopted computer-like architectures which depend for