Twitter/Mudge, Uber Hack, Kiwifarms - This Week in Security - September 12th to 17th
Twitter/Mudge
Peiter Zatko, best known as famed hacker Mudge, who had previously been the head of security at Twitter testified this week about the wide ranging issues with Twitter's security after his whisleblower complaint. Mudge was hired by previous Twitter CEO Jack Dorsey after a series of security issues at the social media giant, was fired by current Twitter CEO Parag Agrawal at the beginning of 2022. Mudge outlined a number of issues including the lack of adequate access controls, audit trails for administrative access, controls to keep foreign intelligence from infiltrating the organization and a basic lack of personnel to keep up with manipulation and exploitation of the platform. In response there has been efforts to uncover dirt on Mudge, which has not had much results.
- https://s3.documentcloud.org/documents/22186683/twitter-whistleblower-disclosure.pdf
- https://www.youtube.com/watch?v=UFPrcG-4NhY
- https://www.newyorker.com/news/news-desk/the-search-for-dirt-on-the-twitter-whistle-blower
- https://slate.com/news-and-politics/2022/09/twitter-whistleblower-mudge-hearing-dirt-nope.html
Uber Hack
Uber suffered a breach after an attacker was able to social engineer a password out of an employee and their way past multi-factor authentication and gain access to Uber's internal network. After the attacker was able to gain access they found a file share with PowerShell scripts that contained credentials for Uber's cloud infrastructure. In the end the hacker was able ot gain control of Uber's AWS, HackerOne, ECS, GSuite and other accounts through credentials for an admin account in the Thycotic access management system being in those PowerShell scripts. This breach highlights the need to separate credentials from code and systematically look through file shares and other network resources for sensitive data being left out.
- https://www.nytimes.com/2022/09/15/technology/uber-hacking-breach.html
- https://www.theverge.com/2022/9/16/23356213/uber-hack-teen-slack-google-cloud-credentials-powershell
- https://twitter.com/hacker_/status/1570582202697809920
- https://twitter.com/MalwareTechBlog/status/1570600059909345280
Kiwifarms
If you have not heard of Kiwifarms consider yourself blessed. It is a site where sinister actors collect data, rumours and speculations on minor internet celeberties to average participants in subcultures for the purposes of doxxing and harassment. After picking a fight with a transgender activist going by the name Keffals, the site was the target of an aggressive campaign to get CloudFlare to drop it as a client, as CloudFlare had been taken to task for this before, they continued to argue their neutrality before blocking KiwiFarms traffic and firing them as a client on the 3rd of September as threats from Kiwifarms escalated. The site tried to operate for a period of time under different DDoS protection services and through a TOR .onion location, but experienced a data breach some time in the week prior to the 18th, the breach was possible because of the lack of WAF protections, and as a result of the breach there is a possibility that psudo-anonymous site users may be unmasked.
- https://blog.cloudflare.com/kiwifarms-blocked/
- https://www.wired.com/story/keffals-kiwifarms-cloudflare-blocked-clara-sorrenti/
- https://arstechnica.com/information-technology/2022/09/kiwi-farms-has-been-breached-assume-passwords-and-emails-have-been-leaked/
- https://twitter.com/gossithedog/status/1571417934911643648