Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Twitter former head of security told the Senate of severe security failings by the company

Twitter whistleblower, and former head of security, Peiter Zatko, told the US Congress that the platform ignored his security concerns. Peiter ‘Mudge’ Zatko, former head of security, testified in front of Congress on Tuesday, sustaining that the platform ignored his security concerns and was vulnerable to cyber attacks. Zatko filed a whistleblower complaint in July with […]

Twitter Elon Musk

A Twitter page is displayed on a laptop computer in Los Angeles October 13, 2009. Hollywood is increasingly relying on Twitter and Facebook to gauge popular buzz on movies even before they come out, in a move reflecting the power of average filmgoers over once-mighty film critics and detailed surveys. Picture taken October 13. REUTERS/Mario […]

Twitter whistleblower, and former head of security, Peiter Zatko, told the US Congress that the platform ignored his security concerns.

Peiter ‘Mudge’ Zatko, former head of security, testified in front of Congress on Tuesday, sustaining that the platform ignored his security concerns and was vulnerable to cyber attacks.

Zatko filed a whistleblower complaint in July with Congress, the justice department, the Federal Trade Commission and the Securities and Exchange Commission, arguing that Twitter mislead regulators and the public about its cybersecurity best practices.

The expert added that ‘any employee could take over the accounts of any senator in this room.’ While serving as head of security for the company, from late 2020 until January 2022, he repeatedly alerted the management of the presence of severe vulnerabilities that could expose the platform to compromise.

“I’m here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors,” Zatko told the hearing.

Twitter flaw

“They don’t know what data they have, where it lives, or where it came from. And so, unsurprisingly, they can’t protect it,”

““It’s not an exaggeration that any employee could take over the accounts of any senator in this room,” he said.” he added,

The experts explained that the leadership of the company lacked the skills to understand his numerous alerts and put profits as their top priority.

“To put it bluntly, Twitter leadership ignored its engineers because key parts of leadership lacked competency to understand the scope of the problem,” he said.

“But more importantly, their executive incentives led them to prioritize profits over security.”

Zatko also provided a comment on the alleged motivation behind the dispute between Elon Musk and Twitter. The cybersecurity expert explained that Twitter tools and personnel were not sufficient to prevent the use of bots on their platform.

Twitter dismissed Zatko’s complaint as being without merit, the company defined the testimonial of the expert as “a false narrative … riddled with inconsistencies and inaccuracies” and lacking important context.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Twitter)

[adrotate banner=”5″]

[adrotate banner=”13″]