Weekly Axis Of Easy #243
Last Week’s Quote was “The only true wisdom is in knowing you know nothing.” was by Socrates. Sammy wins!
This Week’s Quote: “Honest disagreement is often a good sign of progress.”… by???
THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.
The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.
- NSO Group seeks sovereign immunity from the US Supreme Court
- GitHub announces two security vulnerabilities in its local versions
- Musk offered $43 billion for Twitter and plans to turn it into a platform for ‘free speech’
- UK Government receives extradition decision on Assange
- Shanghai residents find creative ways to challenge Chinese censorship
-
Catalan politicians were spied on by Pegasus mobile spyware
-
AWS’s Log4Shell Hot Patches contain serious vulnerabilities
-
APT group Lazarus is targeting cryptocurrency and blockchain organizations with trojanized applications
-
Hackers attacked Unified Government data centers
-
Cyber attacks typically begin with exploits and supply chain compromises, according to researchers
Israel’s NSO Group has asked the Supreme Court to recognize it as a foreign government agent, giving it immunity under US laws restricting lawsuits against foreign governments. A high-profile lawsuit filed against WhatsApp by the Israeli spyware maker has forced the company to turn to the US Supreme Court.
In 2019, Meta Platforms Inc. (formerly known as Facebook) filed a lawsuit against Pegasus software creator NSO Group to prevent NSO from accessing Facebook platforms and servers. The social media giant accused NSO of spying on 1,400 of its users and threatening human rights activists, and it is now urging the Supreme Court to reject their bid for immunity.
“NSO’s spyware violates the rights of citizens, journalists, and human rights activists everywhere, and their attacks must be stopped,” WhatsApp said. A US court has already set aside NSO’s contrived claim to immunity. The messaging app believes that the Supreme Court should not hear “their last-ditch attempt at avoiding accountability.“
Another lawsuit was filed in 2021 by the tech giant Apple, which claimed the company’s employees were “amoral 21st-century mercenaries” that hacked Apple products to spy on competitors and repress dissent.
For their part, NSO claims it cannot control what users do with its products and that it has done nothing wrong. Its petition to the Supreme Court states that many national governments rely on contractors to perform core governmental activities.
Read: https://www.zerohedge.com/geopolitical/israeli-spyware-maker-nso-group-asks-scotus-sovereign-immunity
GitHub announces two security vulnerabilities in its local versions
Last week, GitHub Project released updated versions of its local clients to address a couple of code execution vulnerabilities. In the statement published on its website, GitHub announced that it was unaffected by these security vulnerabilities but recommended users upgrade their local installation of Git.
Tracked as CVE-2022-24765, the first flaw affects users working on multi-user machines where unverified users can create a .git directory in a shared location above a victim’s current working directory, which causes arbitrary command executions. According to the announcement, the most effective way to protect against this vulnerability is to upgrade to Git v2.35.2.
However, for those users who cannot upgrade immediately, the site gives a couple of recommendations to reduce the risk.
On the other hand, the second flaw, tracked as CVE-2022-24767, affects the .dll files loaded when the SYSTEM account executes the Git for Windows uninstaller. “Any authenticated user can place malicious .dll files uploaded when the Git uninstaller for Windows is run through the SYSTEM account,” the report states.
For those who can’t upgrade immediately, the Microsoft-owned firm suggests that they should “avoid running the uninstaller until after upgrading and run the uninstaller under an administrator account rather than as the SYSTEM user” to reduce the risk.
Read: https://github.blog/2022-04-12-git-security-vulnerability-announced/
Musk offered $43 billion for Twitter and plans to turn it into a platform for ‘free speech’
Elon Musk, CEO of Tesla, has made a $43 billion offer for Twitter, arguing that the social media platform must be taken private to grow and be a free speech platform. The billionaire made the bid for Twitter on Wednesday for $54.20 per share. The offer is a 38% premium to Twitter’s April 1 close.
Musk, the world’s richest person, rejected an invitation to join Twitter’s board, which analysts believe could signal his takeover intentions. He later hinted at a hostile bid for Twitter, saying it would be “utterly indefensible” not to put the offer to a vote. According to a Reuters source, Twitter would evaluate the proposal and may prepare a poison pill to stop Musk from raising his stake.
On his part, Elon said this was the “best and final offer,” he would consider rethinking the investment in the event the board rejects it. According to Musk, Morgan Stanley acts as a financial adviser for his offer to buy Twitter.
Since joining Twitter in 2009, Musk has accumulated over 80 million followers. However, he may want to take Twitter private unless he is willing to pledge a large portion of his Tesla shares to collateralize the debt. Musk’s bid for Twitter raises whether other bidders might emerge and whether Twitter will accept his bid or run an active process to sell the company.
Read: https://www.reuters.com/technology/elon-musk-offers-buy-twitter-5420-per-share-2022-04-14/
UPDATE: As we were going to press, news broke out about the deal of Elon’s offer finally being accepted by Twitter’s board. The source code was locked down to prevent any unauthorized edits. The next steps are under way. We’ll keep an eye on this story as it develops
UK Government receives extradition decision on Assange
British District Judge Paul Golspring has formally approved the extradition of Julian Assange to the US on spying charges. The order came after the United Kingdom’s Supreme Court last month denied Assange a chance to appeal a lower court’s decision that he could be deported.
Home Secretary Priti Patel will decide whether extradition will be granted in this case. The Wikileaks founder, however, still has legal avenues to appeal. Lawyers representing Assange have four weeks to file a response with Patel and may also appeal to the High Court.
The US wants Assange to stand trial for espionage and computer misuse. American prosecutors accuse Assange of helping Chelsea Manning steal US military files by providing her access to confidential diplomatic cables that WikiLeaks then published.
According to Assange, he was acting in the capacity of a journalist and, therefore, should be protected under the First Amendment. According to Assange supporters and lawyers, the case is heavily politically motivated. If Assange is convicted in the US, his lawyers say he could serve up to 175 years in prison. However, American authorities have said the sentence would be much less harsh.
As a result of his stay at the Ecuadorian Embassy in London, the Wikileaks founder spent seven years avoiding extradition to Sweden for rape and sexual assault charges. He was later arrested for skipping bail in 2019 and has been a prominent resident at Britain’s high-security Belmarsh Prison.
Read: https://www.securityweek.com/judge-sends-assange-extradition-decision-uk-government
Shanghai residents find creative ways to challenge Chinese censorship
Chinese residents are finding creative ways to circumvent the government’s censorship system, despite government warnings to harness “positive energy.“
The weeks-long lockdown has resulted in an increasing volume of forbidden posts that challenge the censorship system and workers. Users flooded platforms to protest against the government’s zero-Covid measures. On WeChat, groups shared stories of people who died either with Covid or because the lockdown delayed their access to healthcare. They have also shared videos of residents detained, bundled out of their apartments, or mistreated by pandemic workers.
Other platforms have been forced to ban hashtags, sayings, and even the first verse of China’s national anthem, which had been used as an expression of protest.
However, users continue to find new ways to challenge censorship. For instance, Weibo users began bombarding the platform with posts that feature sanctioned hashtags. These posts often included sarcastic remarks and satire, evading the bans by replacing “China” with “The US” in their criticisms of the Asian government.
Charlie Smith, the co-founder of a censorship monitoring site, said the recent pushback against censorship could be attributed to Shanghai’s wealthier residents, who could afford to be more open than Beijing citizens. Smith explains that, as China’s commercial capital, Shanghai is the home to a wealthier, large middle-class elite that has received education overseas and, therefore, is not as tied and trustful of the Chinese government.
Moreover, Dong Mengyu, a journalist focused on internet censorship, believes the volume of dissent is the same as during the early days of the Wuhan lockdown and will pose challenges for censors.
Read: https://www.theguardian.com/world/2022/apr/20/china-internet-censors-scramble-as-lockdown-frustration-sparks-creative-wave-of-dissent
Elsewhere online:
Catalan politicians were spied on by Pegasus mobile spyware
Read: https://portswigger.net/daily-swig/pegasus-mobile-spyware-used-zero-click-exploits-to-snoop-on-catalan-politicians
AWS’s Log4Shell Hot Patches contain serious vulnerabilities
Read: https://www.securityweek.com/serious-vulnerabilities-found-awss-log4shell-hot-patches
APT group Lazarus is targeting cryptocurrency and blockchain organizations with trojanized applications
Read: https://www.hackread.com/lazarus-apt-tradertraitor-malware-blockchain-cisa/
Hackers attacked Unified Government data centers
Read: https://www.kshb.com/news/crime/cybersecurity-attack-targeted-unified-government-data-centers-over-easter-weekend?&web_view=true
Cyber attacks typically begin with exploits and supply chain compromises, according to researchers
Read: https://www.darkreading.com/threat-intelligence/exploits-supply-chain-compromises-comprise-over-half-of-initial-infections-leading-to-cyberattacks
Previously on #AxisOfEasy
If you missed the previous issues, they can be read online here:
- April 25th, 2022: April 18th, 2022: Government Network Was Crawling With LockBit Ransomware For Months
- April 11th, 2022: New SpringShell Vulnerability Targets Nearly A Fifth Of Global Organizations
- April 4th, 2022: Apple And Meta Unknowingly Provided Hackers With Customer Data
- March 28th, 2022: The Canadian Government Paid More Than $600,000 To Influencers To Praise Their Work
- March 21st, 2022: Sen. Wyden Says DHS Collected Americans’ Financial Records In Bulk
the quote, I believe, is Gandhi, the Mahatma
Quote is by Gandhi
Honest disagreement is often a good sign of progress. – Gandhi