Twitter Confirms Vulnerability Exposed Data of Anonymous Account Owners

Friday the Twitter Privacy Center posted an announcement on their blog:

“We want to let you know about a vulnerability that allowed someone to enter a phone number or email address into the log-in flow in the attempt to learn if that information was tied to an existing Twitter account, and if so, which specific account. We take our responsibility to protect your privacy very seriously and it is unfortunate that this happened….”

The cybersecurity funding bubble hasn’t burst — but it’s starting to deflate

Last year was record-breaking for the cybersecurity market. Data from Momentum Cyber, a financial advisory firm for the security industry, showed that cybersecurity startups raised a “record-shattering” $29.5 billion in venture capital in 2021, more than doubling the $12 billion raised in 2020, while a record number — including Dragos and Noname Security — were minted as unicorns.

Purism’s ‘Librem 5 USA’ Smartphone Achieves Major New Shipping Milestone

Purism posted an announcement Thursday about their privacy-focused “Librem 5 USA” smartphones. “New orders placed today will ship within our standard 10-business-day window.” The Librem 5 USA now joins the Librem Mini and Librem 14 as a post-Just In Time product, one where instead of relying on Just In Time supply chains to manufacture a product just as we need it, we have invested in maintaining much larger inventories so that we can better absorb future supply chain issues that may come our way.

For anyone who is new to the product, the Librem 5 USA is our premium phone that shares the same hardware design and features as our mass-produced Librem 5, but with electronics we make in the USA using a separate electronics supply chain that sources from US suppliers whenever possible. This results in a tighter, more secure supply chain for the Librem 5 USA.

Q3 outlook forecasts cloudy days ahead for fintech M&A

Welcome to The Interchange! If you received this in your inbox, thank you for signing up and your vote of confidence. If you’re reading this as a post on our site, sign up here so you can receive it directly in the future. Every week, I’ll take a look at the hottest fintech news of the previous week. This will include everything from funding rounds to trends to an analysis of a particular space to hot takes on a particular company or phenomenon. There’s a lot of fintech news out there and it’s my job to stay on top of it — and make sense of it — so you can stay in the know. — Mary Ann

‘Huge Flaw’ Threatens US Emergency Alert System, DHS Researcher Warns

An anonymous reader quotes a report from Ars Technica: The US Department of Homeland Security is warning of vulnerabilities in the nation’s emergency broadcast network that makes it possible for hackers to issue bogus warnings over radio and TV stations. “We recently became aware of certain vulnerabilities in EAS encoder/decoder devices that, if not updated to the most recent software versions, could allow an actor to issue EAS alerts over the host infrastructure (TV, radio, cable network),” the DHS’s Federal Emergency Management Agency (FEMA) warned. “This exploit was successfully demonstrated by Ken Pyle, a security researcher at CYBIR.com, and may be presented as a proof of concept at the upcoming DEFCON 2022 conference in Las Vegas, August 11-14.”

Pyle told reporters at CNN and Bleeping Computer that the vulnerabilities reside in the Monroe Electronics R189 One-Net DASDEC EAS, an emergency alert system encoder and decoder. TV and radio stations use the equipment to transmit emergency alerts. The researcher told Bleeping Computer that “multiple vulnerabilities and issues (confirmed by other researchers) haven’t been patched for several years and snowballed into a huge flaw.”

That message from ‘Twitter Support’ is almost certainly fake

Users on Twitter have been receiving messages purporting to be from “Twitter Support” urging them to act quickly to avoid suspension, often even from users with a blue check. But these are almost certainly scams — here’s what to look out for, and what it would look like if Twitter actually needed to contact you.

Amazon to Acquire iRobot F​or $1.7 Billion

Toyota Research Institute

Gill Pratt, Toyota’s Chief Scientist and the CEO of TRI, believes that robots have a significant role to play in assisting older people by solving physical problems as well as providing mental and emotional support. With a background in robotics research and five years as a program manager at the Defense Advanced Research Projects Agency, during which time he oversaw the DARPA Robotics Challenge in 2015, Pratt understands how difficult it can be to bring robots into the real world in a useful, responsible, and respectful way. In an interview earlier this year in Washington, D.C., with IEEE Spectrum’s Evan Ackerman, he said that the best approach to this problem is a human-centric one: “It’s not about the robot, it’s about people.”

Cybersecurity Insights with Contrast CISO David Lindner | 8/5

Insight #1

Are you paying if you get hit with ransomware? I provided my thoughts here. The reality shows that most companies hit with ransomware who pay the ransom, get hit a subsequent time. Are you paying?”

Insight #2

“If you are a SaaS provider, one of the best things you can do for your customer is to expose the audit log to them. Customers can and should then integrate it into their log aggregation or SIEM systems. As the SaaS provider, there is no way for you to understand inappropriate access or any account takeovers that may occur for that customer. Also, please do not charge extra for this, make it standard and use it as a strong selling point.”

Insight #3

For all the bug bounty researchers out there. Standing up thousands of typo-squatted code repositories, and effectively trying to steal “only environment variables” is well beyond any scope of a bug bounty program.”

David Lindner, Chief Information Security Officer

David is an experienced application security professional with over 20 years in cybersecurity. In addition to serving as the chief information security officer, David leads the Contrast Labs team that is focused on analyzing threat intelligence to help enterprise clients develop more proactive approaches to their application security programs. Throughout his career, David has worked within multiple disciplines in the security field—from application development, to network architecture design and support, to IT security and consulting, to security training, to application security. Over the past decade, David has specialized in all things related to mobile applications and securing them. He has worked with many clients across industry sectors, including financial, government, automobile, healthcare, and retail. David is an active participant in numerous bug bounty programs.