2021 information security memes and tweets

Remembering 2021’s most interesting infosec events — in memes and tweets.

A selection of memes about the main information security events of 2021

In the twenty-first century, detailed descriptions and proofs of concept just aren’t enough to draw everyone’s attention to a vulnerability. You need a catchy marketing name, a logo, and an unavoidable bundle of memes on Twitter. All kinds of researchers, IT journalists, industry workers, and sympathetic users amuse each other with funny images all the time.

And in general, it’s actually useful: After seeing a meme, plenty of people read about what happened, and sometimes they even take steps to fix the vulnerability — or at least do what they can to avoid making the same mistake and getting featured in a new meme. Also, by considering the number of memes following another incident, we can get some idea of the extent of a problem. If we were to rely solely on memes to learn the latest news on cybersecurity, we would remember 2021 as being something like this:

January: WhatsApp privacy policy update

The year began with millions of WhatsApp users suddenly learning of an update to the service’s privacy policy. The result was a mass exodus to Telegram and at the suggestion of a famous doge breeder, to Signal, both of which noted significant audience growth. We think this meme sums up the situation with WhatsApp’s new privacy policy best:

February: FootfallCam 3D Plus IoT cameras’ epic security breakdown

IoT device security is famously bad, but just when you think you’ve seen it all, some smart device manufacturers manage to surpass all expectations. This thread on Twitter explains it all (careful not to face-palm yourself too hard):

March: ProxyLogon vulnerability

In early March, Microsoft released patches for Exchange that addressed several serious vulnerabilities in the system. That’s a pretty common occurrence, but check out the catch: Attackers had been actively exploiting some of the vulnerabilities, reportedly since January or even earlier. By the time the patch was released, more than 30,000 organizations in the US had been hacked.

April: Signal trolls Cellebrite

For those who don’t know, Cellebrite produces equipment for law enforcement agencies, enabling employees to hack into smartphones easily and conveniently and retrieve information of interest from them. That’s why the company holds a special place in the hearts of privacy advocates. In late 2020, Cellebrite announced its products were beginning to support Signal. In response, the Signal team published a study of vulnerabilities in Cellebrite software and used an unparalleled teaser to accompany it:

May: Ransomware attack on Colonial Pipeline

A ransomware attack on the Colonial Pipeline, the largest US pipeline system moving petroleum products, disrupted gasoline and diesel supplies along the southeast coast of the country. The incident sparked a lot of discussion about how to protect such businesses, and the company’s announcement of a search for a new cybersecurity manager went viral on social media, with the comment “They probably have a decent budget now.”

June: Congressman accidentally publishes e-mail password and PIN

US Congressman Mo Brooks, a member of the US House Armed Services Committee, and specifically of a subcommittee dealing with cybersecurity, made an unusual contribution to popularizing secure password storage. Using his personal Twitter account, he posted a photo of his monitor along with a sticker that had his Gmail account password and a PIN code on it. Talk about playing the classics! The tweet hung around for several hours and went viral. Although Brooks finally deleted it, it was too late:

July: PrintNightmare vulnerability

Researchers seem to have mistakenly published on GitHub proof-of-concept attack using CVE-2021-34527 and CVE-2021-1675 vulnerabilities in the Windows Print Spooler. Fearing that attackers would quickly adopt the published method, Microsoft rolled out an urgent patch without even waiting for Update Tuesday. Moreover, even outdated Windows 7 and Windows Server 2012 were patched. The patches didn’t solve the problem completely, however; some printers stopped working after it was installed.

August: Black Hat and DEF CON

August was pretty quiet by 2021 standards. Of course, a few incidents proved worthy of immortality-by-meme, but perhaps the most memorable was the suffering of BlackHat and DEF CON regulars, who under COVID-19-related restrictions could not make it to Las Vegas this year.

September: OMIGOD vulnerability

Microsoft Azure users suddenly discovered that when they selected a range of services, the platform installed an Open Management Infrastructure agent on the virtual Linux machine while creating it. That would not be so scary if (a) the agent did not have long-known vulnerabilities, (b) the clients were notified about the agent installation, (c) OMI had a normal automatic-update system, and (d) exploitation of the vulnerabilities was not so easy.

October: Facebook removes itself from the Internet

A major Facebook outage made October truly memorable. According to emergency responders’ reports, an update rendered Facebook’s DNS servers unavailable over the Internet. As a result, users of the social network and of a number of the company’s other services, including Facebook Messenger, Instagram, and WhatsApp, were unable to log in for more than six hours. While they were using alternative networks and other messaging apps (overloading them) to complain, wild rumors were circulating around the Internet — such as that company administrators could not get to the servers because their access system was tied to Facebook.

November: Fake Green Passes

In fact, the validated forgeries of European digital vaccine certificates that made a lot of noise appeared at the end of October, but the main wave of general surprise came in November. What happened: the fake Green Passes became available for sale on the Internet — and as examples, sellers showed certificates for Adolf Hitler, Mickey Mouse, and SpongeBob SquarePants. Judging by the recent news, the problem of the spread of counterfeit Green Passes is still relevant.

December: Log4Shell vulnerability

Almost all of December passed under the sign of Log4Shell, a critical vulnerability in the Apache Log4j library. The widespread use of this library in Java applications made millions of programs and devices vulnerable. The Apache Foundation released several patches, and researchers found ways to circumvent the countermeasures several times. Within days of initial publication, botnets began scanning the Internet for vulnerable programs, and ransomware authors took advantage of the vulnerability. So many successful Log4Shell-themed memes appeared that someone even created a compilation website.


Let’s hope that next year will be a lot calmer. Happy New Year to you, dear readers!