Top infosec trends in the social media spotlight this week

It’s been two years since WannaCry rocked IT services, bringing down vital computer networks and infecting an estimated 200,000 machines across 150 countries.

You’d think the malware attack would encourage better security practices – not according to Microsoft researcher Nate Warfield.

Facepalm.


The WannaCry anniversary was somewhat eclipsed, though, by the headline news this week of a WhatsApp vulnerability being exploited in the wild.

A security flaw allowed attackers to install spyware on a users’ phone simply by calling the device – the user didn’t even have to pick up for the download to execute.

The signs all pointed to NSO Group, an Israeli cybersecurity firm alleged to have created multiple exploits for government spying.

WhatsApp quickly patched the bug, pushing out an update under the guise of “improved stickers”.

The Twitter infosec community slammed Bloomberg for its not-so-hot take on the incident, after it claimed end-to-end encryption is “largely pointless”.

The author of the article defended himself online, claiming that the criticism was “obscuring” the point of the column.


Elsewhere, San Francisco became the first US city to ban the use of facial recognition this week, as privacy advocates called for the technology to be outlawed in other cities.

Some critics of the software claim that facial recognition and AI tech is biased. Others are uncomfortable with the idea of a surveillance state.

The law was proposed by paralegal Brian Hofer, who was praised online for his tireless commitment to improving privacy standards across California.


In other US news, Rhode Island became the first state to create a helpline for cyber-attack victims this week.

The phone service – accessed by dialling 2-1-1 – will provide help to victims of cybercrime and online fraud.

The Cybercrime Support Network, lead partner in the project, said: “Before the end of 2019, Rhode Island will be the first state in the country to have one number for cybercrime and online fraud victims to call and find the appropriate resource for help the first time.

“By 2021, it is the hope of the partners that 2-1-1 will be the national number used by all American cybercrime victims to get the help they need.”

Read about how human rights charity Access Now’s cybercrime hotline is helping to defend citizens worldwide in this piece from The Daily Swig.


Ending on a success story this week, hacker Rojan Rijal shared the news that he has set up his first company using bug bounty reward money.

Rijal, who goes by the name Uranium 238, gave a shout out to HackerOne, Bugcrowd, and Google for helping him in setting up his own business.

You might remember Rijal’s name from this awesome Google XSS exploit, covered previously in the Swig.

A huge congrats from the team!