2021 Information security in memes and tweets

Read Time:4 Minute, 25 Second

In the 21st century, detailed descriptions and proof of concept are not enough to draw everyone’s attention to a vulnerability. You need a catchy marketing name, a logo and an unavoidable bundle of memes on Twitter. All kinds of researchers, IT journalists, industry workers and sympathetic users amuse each other with funny images.

And in general, it works: after seeing a meme, a lot of people go and read what happened, and sometimes as a result, they take steps to fix the vulnerability. Or at least they do everything they can to avoid making the same mistake and becoming a source of a new meme. Also, by the number of memes following another incident, we can get some idea of the extent of a problem. If we were to rely solely on memes to learn the latest news on cybersecurity, we would remember 2021 as being like this…

January: updated WhatsApp privacy policy

The year began with millions of WhatsApp users suddenly realizing an update to the service’s privacy policy. The result was a mass exodus to Telegram, and at the suggestion of a famous doge breeder, to Signal — both messengers noted significant growth in the audience. And the situation with WhatsApp’s new privacy policy is best summed up by this meme:

June: congressman accidentally published his e-mail password and pin code

US Congressman Mo Brooks, who is a member of the US House Armed Services Committee, and in particular, works on a subcommittee dealing with cybersecurity, made an unusual contribution to the popularization of the secure password storage idea. On his personal Twitter, he posted a photo of his monitor along with a sticker that had his Gmail account password and pin number on it. Living Classics! The tweet hung for several hours and went viral in memes. Brooks finally deleted it, but of course it was too late — readers had time to take a screenshot and publish it with a snide comment:

July: the PrintNightmare vulnerability

Researchers seem to have mistakenly published on GitHub proof-of-concept attack via CVE-2021-34527 and CVE-2021-1675 vulnerabilities in the Windows Print Spooler. Fearing that attackers would quickly adopt the published method, Microsoft rolled out an urgent patch without even waiting for Update Tuesday. Moreover, even outdated Windows 7 and Windows Server 2012 were patched. However, it didn’t solve the problem completely, and some printers stopped working after it was installed.

August: Black Hat and DEF CON

In August, everything was pretty quiet by 2021 standards. Of course, there were a few incidents worthy of meme immortalization, but the most memorable was the suffering of BlackHat and DEFCON conference regulars, who due to COVID-19-related restrictions, could not make it to Las Vegas this year.

September: OMIGOD vulnerability

Microsoft Azure users suddenly discovered that when they select a range of services, the platform installs an Open Management Infrastructure agent on the virtual Linux machine when creating it. And this would not be so scary if a) the agent did not have long known vulnerabilities, b) the clients were somehow notified about the agent installation, c) OMI had a normal automatic update system, and d) exploitation of vulnerabilities was not so easy.

October: Facebook removed itself from the Internet

October was remembered for a major Facebook outage. According to reports from emergency responders, as a result of some kind of update, Facebook’s DNS servers became unavailable from the Internet. As a result, users of the social network itself and a number of other services of the company, including Facebook Messenger, Instagram and WhatsApp, were unable to log in for more than six hours and complained about their dissatisfaction in alternative networks and messengers (overloading them in turn). At the same time, wild rumors were circulating around the Internet, for example, that company administrators could not get to the servers because their access system was tied to Facebook itself.

November: fake Green Passes

In fact, the validated forgeries of European digital vaccine certificates that made a lot of noise appeared at the end of October, but the main wave of general surprise came in November. What happened: they started selling fake Green Passes on the Internet, which were verified — and as examples, they showed certificates written out in the name of Adolf Hitler, Mickey Mouse and SpongeBob SquarePants. Judging by the news, the problem of the spread of counterfeit Green Passes is still relevant.

December: Log4Shell vulnerability

Almost all of December passed under the banner of Log4Shell, a critical vulnerability in the Apache Log4j library. Due to the widespread use of this library in Java applications, millions of programs and devices were vulnerable. Several times, the Apache Foundation released patches and several times, researchers found ways to circumvent countermeasures. Within days of initial publication, botnets began scanning the Internet for vulnerable programs, and ransomware authors took the vulnerability to task. There were so many successful Log4Shell-themed memes that someone even created a compilation website.

Source: 2021 information security in memes | Kaspersky official blog

Don’t hesitate to contact us:

Geetika Technosoft Pvt Ltd
E-mail : crm@gtechnosoft.in
T: 1800 212 6124
#GeetikaTechnosoft
#ManagedITService
#ITExpertsConsultation
#GloablITServiceProvider
#Quality
#Trustworthiness
#KasperSky
#Microsoft
#Facebook
#Vulnerabilities