Top infosec trends in the social media spotlight this week

Another week has gone by, leaving infosec with yet another ‘critical security issue’ to throw in the dumpster fire that is our web ecosystem – at least that’s what we thought.

Reports of a major flaw in the popular open source media player VLC grabbed our attention on Monday, only to be debunked swiftly by project developers as non-existent.

“There is no security issue in VLC,” Jean-Baptiste Kempf, VideoLAN president, told The Daily Swig on Wednesday.

“There is a security issue in a third-party library, and a fix was pushed [out] 18 months ago.”

Kempf added: “The guy never contacted us. This is why you don’t report security issues on a public bug tracker.”

The security advisory – issued by the German computer emergency response team, CERT-Bund – was soon downgraded, The Daily Swig reported, with the episode once again reigniting debates surrounding vulnerability disclosure and open source software.

And for a security issue that may have been downplayed a bit too much, London’s Metropolitan Police found themselves in a bit of a stink this week after learning that their Twitter account had been hijacked by unknown persons.

We couldn’t believe it, either.

“The Metropolitan Police is running a cyber-crime investigation into the unauthorised publication of content on its news platform MyNewsDesk on Friday 19 July,” a press statement from Britain’s largest police force read on Saturday.

“The site is a micro site that is used to publish and distribute news from the Metropolitan Police.

“It can be used to generate emails and to send Tweets as well as publishing stories. The unauthorised content was sent out on Twitter and via email as well as appearing on the news site.”

Police urged the public to ignore the unusual activity taking place on its social media account, which has approximately 1.2 million followers, until the stream of unauthorized messages were brought under control.

The Met reiterated that there was no attack on its IT network and that the problem stemmed from Mynewsdesk.

One of the bigger happenings this week was the landmark announcement that everybody’s favourite credit reporting agency, Equifax, had agreed to pay at least $575 million – and potentially up to $700 million – as part of a data breach settlement in the US.

That’s right – the Federal Trade Commission (FTC) may have secured its biggest data breach settlement to date, with Equifax now required to set up a fund to compensate the millions of US consumers affected by the incident.

Motherboard has detailed how-to claim your settlement, which has consumers claiming anywhere from $125 to up to $20,000, depending on the fallout of when their personal financial information was compromised.

Equifax’s 2017 data breach was caused by the failure to patch a security flaw in the Apache Struts web application framework.

And finally, it wouldn’t be an edition of Social Security without some news from Facebook.

This ends the FTC investigation into the social media giant, which, along with the financial penalty, will also be forced to create a board that will oversee the company’s privacy practices.

Mark Zuckerberg will have no control over the board, the BBC reports.