U.S. payment software firm AvidXchange announced earlier this week that, for the second time this year, its cloud-based payment software has fallen victim to a ransomware attack, and the gang called RansomHouse has started publishing sensitive data.
The published compilation of login details suggests that AvidXchange uses easily guessable passwords with iterations of the company’s name and the word “password” itself and suggests many of the logins may still be in use. Furthermore, the RansomHouse gang claims to target organizations with a negligent attitude towards privacy and security.
The sample of stolen data from a variety of company systems such as cloud accounts, security software, and even smart door locks and surveillance cameras includes:
- Non-disclosure agreements
- Employee payroll information
- Corporate bank account numbers
- Login details
- Usernames
- Passwords
- Answers to security questions
Unfortunately for AvidXchange, this comes just weeks after the company confirmed it was one of the victims of Forta’s GoAnywhere mass-hack earlier this year.
Roy Akerman, Co-Founder & CEO, Rezonate has this comment:
“Compromised accounts, protected by weak passwords, serve as an easy targets for attackers to breach in. A beginner Whitehat pen-tester or a Blackhat attacker learn how to use a password cracker in minutes to brute force their way in to an organization and since not monitored, easily gain access without being noticed.
“AvidXchange unfortunately have not taken sufficient steps since their recent breach to secure their most critical attack surface which is identity and access. Going back to the basics is critical in these cases to make sure best practices and processes are built with strong password policy, MFA, complete visibility across your identity fabric to know who can do what, who is doing what, and pinpoint any malicious exploitation or anomalous behavior.”
Morten Gammelgard EVP, EMEA, BullWall followed up with this:
“AvidXchange falling victim to a second ransomware attack highlights the importance of good password policies and a comprehensive security strategy. If, as reported, the attackers were able to easily guess passwords that were iterations of the company’s name and included the word “password”, that is unforgivable. The first rule of passwords is strong and complex passwords.
“In addition to strong password policies, companies must have a robust security stack, backups, and a ransomware containment system in place. The publication of sensitive data stolen from a variety of AvidXchange’s systems emphasizes the need for securing not just IT systems, but also physical infrastructure such as smart locks and cameras. Regular testing of backup plans is also crucial to ensure their effectiveness. Cyber threats are constantly evolving and all organizations must be vigilant and proactive in securing their systems.”
Mark Bermingham, VP, Cyware concludes with this:
“Making sense of threat intelligence is a critical add for ensuring diligent security. Lessons ignored can become lessons learned and then applied thru the security stack by automating the ingestion of relevant threat intel, enriching and correlating, and subsequently automating actioning based on insights gleaned from threat intel. Common tactics and techniques (TTPs) readily emerge from threat intel analysis that can prevent or significantly limit the effectiveness of subsequent attacks.”
Hopefully this is a wake up call AvidXchange. Because if they don’t improve their defences, they’ll be like T-Mobile who seem to be continually pwned by hackers.
The Twitter Clown Show Continues With News That Twitter Admits To A Security Incident, While Data Indicates Twitter Blue Subscribers Aren’t Staying Subscribed
Posted in Commentary with tags Twitter on May 6, 2023 by itnerdElon Musk has had a really bad 24 hours or so for a pair of reasons. First of all, Twitter had to admit via email that Twitter Circle Tweets had an issue that was reported by Tech Crunch back in April and seen by many was a bug:
“In April 2023, a security incident may have allowed users outside of your Twitter Circle to see tweets that should have otherwise been limited to the Circle to which you were posting,” the email said. Twitter claims that the bug has now been fixed, and that the team knows what caused it.
Now that’s nice and all. But it isn’t. Here’s the real world cost of this bug:
Twitter Circle has been buggy for months, which is concerning for a feature that people use to tweet things they don’t want to share with all of their followers. When we reported on the issue last month, numerous users had been tweeting that people outside of their Circle were liking their private tweets; one user even said that she posted nude photos on her Circle, which slipped through the cracks and surfaced for unintended eyes.
That doesn’t inspire confidence in the slightest. Nor does this:
In moments like these, I remember something that former Twitter Trust & Safety head Yoel Roth said shortly after leaving the company.
“If protected tweets stop working, run, because that’s a symptom that something is deeply wrong.”
I’m going to go with that and suggest that you run from Twitter. Speaking of running from Twitter, a reader pointed me to an article that shows that a significant number of people who subscribed to Twitter Blue in the early days of Elon Musk’s reign have cancelled their subscription:
Since Musk’s version of the subscription service launched last November, Twitter has only been able to convert around 640,000 Twitter users into paying Twitter Blue subscribers as of the end of April, as Mashable reported earlier this week.
While those numbers are lackluster, an even more telling detail about Twitter Blue is just how many of its earliest subscribers have canceled their subscriptions.
Out of about 150,000 early subscribers to Twitter Blue, just around 68,157 have stuck around and maintained a paid subscription as of April 30. Subscriptions are $8 per month – $11 on mobile.
The total early subscriber numbers are linked directly to internal leaks published(opens in a new tab) by the Washington Post last year showing that a total of 150,000 users originally signed up for Twitter Blue within just a few days of its launch in November. Twitter temporarily disabled new signups for about a month shortly after those users subscribed as a result of accounts signing up for Blue with the intent to impersonatemajor brands on the platform.
That means around 81,843 users, or 54.5 percent, of Twitter users who subscribed to Twitter Blue when it first launched in November are no longer subscribed to the service.
That’s really, really bad. The Mashable article says that having a 5.57% “churn” rate for subscription based businesses is considered “normal”. Which makes 54.5% insane. Clearly Elon has a big problem on his hands. And I believe that it’s due to the fact that the blue checkmark has gone from status symbol to a symbol that is seen as a negative. Thus I question how he can expect to make money from Twitter Blue as it increasingly seems that this is a product that nobody wants.
Sucks to be you Elon.
Leave a comment »