The Week in Security: Twitter gets subpoena for source code leak, 3CX supply chain attack surfaces

This week: GitHub is issued a subpoena by Twitter over leaked source code. Also: 3CX software supply chain attack leaves millions at risk.

This Week’s Top Story

Twitter gets subpoena to find source code leak

Twitter asked the U.S. District Court for the Northern District of California to issue a subpoena to GitHub in an attempt to find information on a particular user that leaked portions of Twitter’s source code, ArsTechnica reported. A court clerk signed off on the subpoena this past Tuesday, giving GitHub until April 3 to share details about the user, known as “FreeSpeechEnthusiast.” This user posted Twitter’s source code back in January, not long after Elon Musk bought the company and laid off thousands of its employees. Twitter does suspect that this user is one of its ex-employees who was laid off that same month.

On March 24, Twitter not only asked for the subpoena, but also filed a Digital Millennium Copyright Act (DMCA) notice to GitHub, which prompted GitHub to take down the leaked source code from its platform. Twitter’s DMCA notice also requested information on FreeSpeechEnthusiast, but GitHub did not share those details with Twitter immediately. Thanks to the issued subpoena, Github only has until this Monday to share this user information with Twitter.

According to the now-issued subpoena (PDF), GitHub will need to provide all identifying information on FreeSpeechEnthusiast, including the names, addresses, telephone numbers, email addresses, social media profile data, and IP addresses associated with the user’s account. GitHub will also have to provide this same information for any user that posted, downloaded, uploaded or modified the data in any way.

Twitter’s reasoning behind the subpoena, according to company executives, is that there is concern “that the code includes security vulnerabilities that could give hackers or other motivated parties the means to extract user data or take down the site.” Twitter also did not know about the leaked source code until months after it was posted on GitHub.

News Roundup

Here are the stories we’re paying attention to this week…

3CX desktop app supply chain attack leaves millions at risk (The Hacker News)

3CX said it's working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that's using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream customers.

Newly exposed APT43 hacking group targeting U.S. orgs since 2018 (BleepingComputer)

A new North Korean hacking group has been revealed to be targeting government organizations, academics, and think tanks in the United States, Europe, Japan, and South Korea for the past five years. They have been seen engaging in espionage and financially-motivated cybercrime operations that help fund its activities.

PwC UK partners with ReversingLabs to bring software supply chain security to third-party risk management (CSO Online)

Advisory and professional services giant PwC UK is partnering with ReversingLabs to develop a third-party risk management (TPRM) platform to help businesses address software supply chain security risks.

AlienFox malware targets API keys and secrets from AWS, Google, and Microsoft Cloud services (The Hacker News)

A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers.

Biden admin seeks to tamp down the spyware market with new ban (CSO Online)

In a significant signal to spyware vendors, the Biden administration issued an executive order (EO) prohibiting federal government agencies from using commercial spyware "that poses significant counterintelligence or security risks to the United States Government."