Top infosec trends in the social media spotlight this week

This week, the world celebrated Valentine’s Day – and while couples around the world expressed their undying love to each other, those working in infosec took the time to say how much they really cared... with a hashtag.

For the second year running, #SecurityValentines saw the Twittersphere erupt with a stream of hearts, flowers, and maybe one too many limericks. But we’ll let you decide that for yourself:

It wasn’t all cheerfulness, though, as Coffee Meets Bagel (CMB), a San Francisco-based dating app, announced that six million user accounts had been compromised in a data breach.

According to the company, an “unauthorized party” had gained access to personal information, including names and emails of users’ who had registered with the site before May 2018.

An investigation into the incident, which appears to be part of a wider hacking campaign, is ongoing, and CMB has advised affected users to take extra caution when receiving suspicious links or requests for data.

For more down and out Valentine’s Day coverage, check out The Daily Swig’s article, featuring romance fraud and shopping dangers, here.

In less Hallmark-misappropriated news, the National Institute of Standards and Technology (NIST) launched its own celebration this week, as the US agency marked the fifth anniversary of its cybersecurity framework.

The framework, having an initial focus on how to secure critical infrastructure, has been downloaded over half a million times since it was first released on February 12, 2014, according to NIST.

“NIST is committed to ensuring that even more organizations, especially smaller companies, know about and are able to use the Cybersecurity Framework to help strengthen the security of their systems, operations and data,” said director Walter Copan.

The voluntary framework was made mandatory for US federal agencies to follow in 2017. Since then it’s been used by multiple countries as a foundation for their own security and privacy best practice guidelines.

NIST has spent the last year developing projects to assist in securing our various ecosystems now and in the future. The agency recently opened submissions for a post-quantum cryptography competition.

And over in social media, Reddit told its vast userbase – now estimated at 330 million monthly users – how it felt by delivering its 2018 Transparency Report in time for Valentine’s Day.

The report revealed that the social media platform had received 752 government requests for user account information, such as “preserving” data to assist with open-ended cases.

Reddit noted that it had seen a 116% increase in these types of requests since the 79 it received in 2017.

In terms of the removal of content, Reddit laid out various reasoning for when material on its site is taken down, from copyright infringement to that which fell outside of the law.

Nearly 30% of appeal cases were granted against an individual or subreddit, compared to the 71% that was denied.

But some questions remained.

And if you were late on getting your sweetheart a Valentine’s Day gift, there’s still time to get them this offensive USB cable:

The handy new hardware created by security researcher Mike Grover (@_MG_) tricks a PC into thinking it’s a keyboard or mouse when plugged in. A WiFi chip that’s built into the cable then allows an attacker to execute commands on the PC remotely with a smartphone.

The O-MG cable is still in its prototype stage and is looking for further help in its development. Grover said the hope is to be able to integrate the ESPloitV2 tool.