Shades of Roosevelt and the SEC: With a hat tip to the adage of ‘The best way to catch a criminal is to use a criminal”, Twitter has turned to Peiter “Mudge” Zatko, a renowned computer security expert, and given him a broad mandate to bolster security at the social media platform. Read more here.
Just like the old days: A malware campaign ongoing since the beginning of the year has recently changed tactics, switching from exploit kits to social engineering to target adult content consumers. Named Malsmoke by security researchers, the campaign focuses on high-traffic adult portals. Some websites, like xHamster, rake hundreds of millions of monthly visitors. Another site is Bravo Porn Tube, with over 8 million visitors every month. Read more here.
Ah, end point security….. :An API bug in Bumble’s code base exposed personal information of users like political leanings, astrological signs, education, and even height and weight, and their distance away in miles. The research said that “after 225 days of silence from the company, we moved on to the plan of publishing the research.Only once we started talking about publishing, we received an email from HackerOne on 11/11/20 about how ‘Bumble are keen to avoid any details being disclosed to the press.’” The take away from this story is that when a security researcher contacts you about security flaws, you might want to respond. Read more here.