Edwin Kwan: VirusTotal has suffered a data leak. The popular online service was launched in 2004 and is used to analyze suspicious files and URLs to detect malicious content or malware. The data leak involved a database with 5,600 registered customer names and email addresses.

Olimpiu Pop: Twitter was the information source for many technologist; security experts included. The Cyentia Institute wanted to know the size of what they called ” InfoSec Twitter.” Under this umbrella, they followed all information related to CVEs posted on the platform.

Hillary Coover: License plate readers are becoming more common on Connecticut roads, raising privacy concerns. However, the readers, which scan and record license plates, are not really an infringement of privacy since vehicle registration data are publicly available.

Katy Craig: In a cybersecurity cat-and-mouse-game, attackers are taking advantage of a critical Remote Code Execution (RCE) vulnerability in Citrix’s NetScaler ADC and NetScaler Gateway Technologies. The scary part? No authentication is needed for the exploit.

From Sourced Network Productions in Washington DC, It’s 5:05. I’m Hillary Coover. Today is Thursday, July 26th, 2023. Here’s the full story behind today’s cybersecurity and open source headlines.

 

Edwin Kwan: Unintentional Data Leak by VirusTotal Exposes 5,600 Account Details

This is Edwin Kwan from Sydney, Australia.

VirusTotal has suffered a data leak. The popular online service was launched in 2004 and is used to analyze suspicious files and URLs to detect malicious content or malware. The data leak involved a database with 5,600 registered customer names and email addresses.

The leaked data include accounts linked to official US bodies, such as Cyber Command, the Department of Justice, the Federal Bureau of Investigation, and the National Security Agency. There are also accounts belonging to government agencies in other countries like Germany, Netherlands, Taiwan, and the UK.

The data leaks occurred after an employee inadvertently uploaded the information to the malware scanning platform. VirusTotal said they removed the list from the platform within an hour of its posting and are reviewing their internal processes and technical controls.

Resources
– VirusTotal Data Leak Exposes Some Registered Customers’ Details
– VirusTotal Data Leak Affects 5K+ Users

 

Olimpiu Pop: Death of Twitter Info Sec

Twitter was the information source for many technologist; security experts included. The Cyentia Institute wanted to know the size of what they called ” InfoSec Twitter.” Under this umbrella, they followed all information related to CVEs posted on the platform.

It began collecting data on July 12th, 2021, recording over 1,000 unique tweets per day. This initiative supported their EPSS scoring effort. For almost two years, they managed to observe patterns: during the week, the chatter was above 1,000 tweets, and during the weekend it was less than half of that. After Musk’s acquisition of Twitter on October 27th, 2022, the subsequent dismissal of half of their employees, several notable voices left the platform, although no immediate shift in InfoSec, Twitter was observable.

By the end of June, 2023, the data showed a massive drop in daily CVE-related tweets, with a weekday average falling from 1,272 to just 333, a reduction of almost 74%. With the removal of automated CVE announcements, the decrease is even more stark, falling from 500 to 66 daily tweets, a decrease of 87%.

The collection of data ended on July 12th, 2023 due to cost consideration, marking the end of an era.

The other day, some people were predicting the death of Twitter in the next 18 months. I don’t know if that will be the case, but my feeling is that fewer voices are heard on Twitter, or “X,” or Elon’s pet project.

You can find the full post in the resource section of 505updates.com.

Olimpiu Pop reporting from Transylvania, Romania.

Resources
– More US States are ramping up data privacy laws in 2023/

 

Hillary Coover: CT License Plate Scans

Hi, this is Hillary Coover reporting from Washington, DC.

License plate readers are becoming more common on Connecticut roads, raising privacy concerns. However, the readers, which scan and record license plates, are not really an infringement of privacy since vehicle registration data are publicly available.

The readers are beneficial for law enforcement response times, especially for time-sensitive alerts like Silver and Amber alerts. By quickly scanning and identifying license plates, law enforcement agencies have successfully made numerous arrests and located stolen vehicles or missing persons.

Additionally, it’s important to note that license plate readers do not capture facial images, which further supports the argument that these devices are not invasive to individuals’ privacy. Their sole purpose is to focus on license plate information for law enforcement purposes.

Despite the concerns about data misuse and surveillance, it’s essential to remember that these readers are not capturing any more information than what’s already stored in the state Department of Motor Vehicles database. Placing these readers at town borders does not amount to border enforcement, as their primary aim is to assist local law enforcement agencies in collaborating and sharing information effectively.

Furthermore, the fact that certain police departments have shared data with ICE does not imply that license plate readers are being used to determine immigration status. The technology is solely focused on criminal investigations and locating vehicles associated with criminal activities.

Overall, the fears surrounding license plate readers impact to privacy seem unfounded, and the technology’s potential benefits for law enforcement and public safety should not be overlooked. License plate readers can serve as an effective tool to enhance law enforcement response times and protect communities.

Resources
– How ChatGPT took its toll on human workers | Mint

Katy Craig: CITRIX Pwned

In a cybersecurity cat-and-mouse-game, attackers are taking advantage of a critical remote code execution (RCE) vulnerability in Citrix’s NetScaler ADC and NetScaler Gateway Technologies. The scary part? No authentication is needed for the exploit.

This is Katy Craig in San Diego, California.

Citrix has issued a patch for this zero-day bug and urges all affected organizations to apply it pronto. The US Cybersecurity and Infrastructure Security Agency, CISA, didn’t waste time either, adding the flaw to its Known Exploited Vulnerabilities, KEV catalog, sounding the alarm for federal agencies to patch up by August 9th. They know how these vulnerabilities are a favorite playground for cyber criminals, posing major risks to enterprise security.

The bug allows unauthenticated attackers to run malicious code on the server, earning it a near perfect severity score of 9.8. To get in on the fun, the attacker needs to target a vulnerable appliance configured as a gateway device like a VPN virtual server or an ICA Proxy. If successful, they can gain a foothold and privileged access to the target network.

But Citrix isn’t the only kid on the block. CISA and the NSA have warned of attackers targeting vulnerabilities in gateway devices from other vendors too.

This is Katy Craig. Stay safe out there.

Resources
– Attackers Exploit Citrix Zero-Day Bug to Pwn NetScaler ADC, Gateway
– NVD – CVE-2023-3519
– Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467

 

Hillary Coover

That’s our update for today, July 25th, 2023. I’m Hillary Coover. We’ll be back tomorrow at 5:05.