Source: Reuters

Security News This Week: Don’t Panic, but Slack’s GitHub Got Hacked

After October 2022, when Elon Musk spent $44 billion on acquiring Twitter and slacked off more than half of the company’s staff, there have been concerns about data breaches. Now it seems a security incident that predates Musk’s takeover is causing headaches. In this week, it happened that hackers released a trove of 200 million email addresses and their links to Twitter handles, which were likely gathered between June 2021 and January 2022. The sale of the data may put anonymous Twitter accounts at risk and heap further regulatory monitoring on the company.

Meta owned WhatsApp has introduced a new anti-censorship tool that it hopes will assist people in Iran to avoid government-enforced bans on the messaging platform. The company has made it possible for people to use proxies to access WhatsApp and get away with government filtering. The tool is available all over the world. We’ve also explained what pig-butchering scams are and how to avoid falling into their traps.

Moreover, this week, cybersecurity firm Mandiant revealed that it has seen Russian cyberespionage group Turla using innovative new hacking tactics in Ukraine. The group, which is believed to be connected to the FSB intelligence agency, was spotted piggybacking on dormant USB infections of other hacker groups. Turla registered expired domains of years-old malware and managed to take over its command-and-control servers.

Tyumen, Russia – January 21, 2020: TikTok and Facebook application on screen Apple iPhone XR

In June 2020, police across Europe said that they had hacked into the encrypted EncroChat phone network and collected more than 100 million messages from its users, many of them potentially serious criminals. Now thousands of people have been jailed based on the intelligence gathered, but the bust is raising wider questions around law enforcement hacking and the future of encrypted phone networks.

As per Slack’s investigation, the unauthorized access did not result from a vulnerability inherent to the company’s systems. They will continue to monitor for further exposure and investigate the incident further.

This security violation serves as a reminder of the necessity of strong authentication measures, specifically  when it comes to APIs that may have access to sensitive data. It also underlines the requirement for companies to periodically review and update their security measures in order to prevent unwanted access.

In the recent times when data breaches and cyber attacks have become so common, it’s more important than ever for companies to prioritize security. This includes implementing multi-factor authentication (MFA), regularly rotating credentials, and staying vigilant for suspicious activity.