Do the Secrecy Provisions of the Cybersecurity Bill Go Too Far?

These new bills keep popping up and if we take the time to actually read them, instead of letting the legacy media tell us what they want us to know about them, they appear quite scary.

The common theme seems to be more restrictions on us, citizens, and more power to big brother, the government, who say they know what’s good and safe for us and the world, better than we do.

Bill C26 had its first reading back in June of 2022 so it’s far from new. It’s been under even our radar.

Read: https://easydns.com/blog/2023/01/27/canadas-bill-c-26-yet-another-government-power-grab/

I was also interviewed on Counterpoint about it if you’re looking for the short version.

Interview: https://www.youtube.com/watch?v=bNL4CaJJq-Y

TikTok “Focused View” Promises Emotion Tracking to Advertisers

Interesting article about the potential ways TikTok plans to deliver on their promise of “Focus Tracking” to their advertisers.

Back in October of 2022, they introduced a new feature that would only present ads to users if they were “emotionally engaged.” How could they determine that with a smart device in hand?  Would they track the user’s vital stats?  Watch them through the device’s camera and use facial recognition software?  The details are scarce at this point, which makes this a story to watch as more information comes out.

This would be “invasion of privacy” territory even if there was no potential of ties to the communist regime of China, but with those supposed ties and all this available information on individual users to the wizards behind the curtains, the plot thickens.

Read: https://www.cpomagazine.com/data-privacy/tiktok-focused-view-promises-emotion-tracking-to-advertisers/

Apple Releases iOS 16.3.1 Update to Fix Critical Security Flaws

Apple has recently released the latest version of its operating system, iOS 16.3.1, to address two significant security vulnerabilities that could impact the safety of its users. One of these flaws, CVE-2023-23529, is located in WebKit, which is the underlying framework of Apple’s Safari browser, and could allow cybercriminals to execute code on an iPhone.

Apple has acknowledged that this flaw has been actively exploited. The other vulnerability, CVE-2023-23514, is in the kernel, which is at the heart of the iPhone’s operating system, and could allow an attacker to execute arbitrary code with kernel privileges via an app.

However, there have been no reported attacks exploiting this flaw.

To protect its users, Apple has urged them to update their devices to iOS 16.3.1, which has already been equipped with new security features to help prevent future threats.

Independent security researcher, Sean Wright, warns that even though the currently exploited vulnerability may only be targeting a specific group of people, it’s only a matter of time before more attackers use it more widely. Hence, updating your device to the latest version is the best way to stay safe.

While Apple has not given out more details about these vulnerabilities to ensure that users have enough time to update their devices, it is important that users with iOS 15 and compatible iPhones upgrade to the new version.

Apple had been updating iOS 15 with vital security fixes, but it has now stopped doing so for older iPhones that can’t upgrade to iOS 16.

Users with iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later can upgrade their devices to iOS 16.3.1 by going to Settings > General > Software Update.

Read:
https://www.forbes.com/sites/kateoflahertyuk/2023/02/14/ios-1631-update-now-warning-issued-to-iphone-users/

Tesla App Crashes Across Europe with “503 Server Maintenance” Error on Valentine’s Day

On Tuesday, February 14, Tesla drivers across Europe tweeted how Tesla’s smartphone app to control their cars had crashed, giving users a 503 error. The Tesla app allows users to remotely view their car’s status, lock or unlock their vehicle, manage climate control, and control how their car charges.

German Twitter user @BB4ll was one of the first to tweet about the app being down on Tuesday morning: “‘503 Server Maintenance’ error in the @Tesla app. Anybody else? #Germany“

The outage appeared to be much larger than @BB4ll realized, spanning several European countries, including Spain, France, and the UK.

According to @teslascope on Twitter, “Tesla has historically not utilized the HTTP Code 503 for proper maintenance and instead occurs during unexpected downtimes. We also see 500, 504, and 502 errors, which speak more to the current status.“

Some users complained that their Tesla’s remote functions had stopped working on the app, giving a “503 Server Maintenance” error. Luckily, users could still use their phone’s Bluetooth function or their keycard to open and gain access to their vehicle.

Despite users sharing the error on several platforms across the internet, Tesla has yet to formally acknowledge the issue.

Read:
https://www.zerohedge.com/technology/tesla-app-remotely-control-cars-crash-across-europe-503-error

Lazarus Group Evades Sanctions and Launderers $100 Million in Stolen Bitcoin Through New Crypto-Mixer Sinbad

According to blockchain analysts, North Korean hackers have found a new way to launder cryptocurrency proceeds from their heists, despite U.S.-imposed sanctions.

The Lazarus Group, a North Korean hacking syndicate, has been successful in laundering around $100 million in stolen Bitcoin since October 2022 using a single crypto-mixing service called Sinbad.

Last year, the US Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the cryptocurrency mixing services Blender and Tornado Cash, which the Lazarus Group used to launder nearly $500 million in illicitly obtained cryptocurrency. After the sanctions, Blender’s operator disappeared after taking nearly $22 million in Bitcoin from the mixer.

To get around the OFAC sanctions, the Lazarus Group started using a new crypto-mixer called Sinbad, a relatively small mixer. Despite its size, the group has laundered “tens of millions of dollars” through the service since October 2022, indicating confidence and trust in the mixer.

Although Blender and Sinbad are custodial mixers, meaning that the operator controls the cryptocurrency used, blockchain analysis firm Elliptic has found strong links between the two mixers.

The researchers found similarities in on-chain transaction behavior, specific characteristics of transactions, and the use of ten-digit mixer codes, guarantee letters, and a maximum seven-day transaction delay. They also found that a “service” address on the Sinbad site received Bitcoin from a wallet believed to belong to the operator of Blender.

The researchers also noticed a clear nexus to Russia, which provides language support and websites for both mixers. This suggests that the same individual or group operates both Sinbad and Blender.

In June 2022, the Lazarus Group was linked to the $100 million hack of Harmony Horizon crypt, which occurred after OFAC’s Tornado Cash sanctions but before the group switched to Sinbad. The Lazarus Group has been responsible for several high-profile hacks, including the 2014 Sony Pictures hack and the 2017 WannaCry ransomware attack.

Read:
https://www.bleepingcomputer.com/news/security/lazarus-hackers-use-new-mixer-to-hide-100-million-in-stolen-crypto/

NATO Cyberattack: Russian Group Targets Humanitarian Efforts for Turkish-Syrian Earthquake Victims

Over the weekend, NATO’s Special Operations Headquarters and Strategic Airlift Capability were hit by a cyber attack while delivering humanitarian aid to victims of the Turkish-Syrian earthquake. The Russian-based Killnet group has claimed responsibility for launching a DDoS attack against NATO, targeting the NR network reportedly used to transmit classified data.

Although the sites were temporarily knocked offline, the attack disrupted communications between NATO and at least one airplane transporting search and rescue equipment to Turkey’s Incirlik Air Base.

The earthquake in southeastern Turkey and Syria has already claimed 35,000 lives, and emergency workers from around the world have converged to help pull survivors from the rubble.

This latest attack highlights the vulnerability of critical infrastructure during times of crisis and the need to remain vigilant to cyber threats. Killnet has previously targeted other high-profile organizations.

This includes the International Criminal Court and the US Department of Defense, and this incident demonstrates that even humanitarian aid efforts are not immune to cyberattacks. NATO has confirmed the hack and assured that its cyber experts are actively addressing the incident, reaffirming its commitment to cybersecurity.

Read:
https://www.darkreading.com/attacks-breaches/russian-hackers-disrupt-nato-earthquake-relief-operations-

ShadowPad Hacking Technique Used To Target South American Diplomatic Entities

Last Monday, Microsoft’s Security Intelligence team identified a Chinese cyber espionage threat actor as being behind a series of recent attacks on South American diplomatic entities. The cluster of attacks is being tracked under the label DEV-0147 and is said to be using hacking tools such as ShadowPad to invade their targets and maintain persistent access to them.

According to SecureWorks, ShadowPad is a remote access trojan that has been widely used by Chinese adversarial collectives with links to the Ministry of State Security (MSS) and the People’s Liberation Army (PLA). It is also known as PoisonPlug.

Though the exact method DEV-0147 is using to gain initial access to its targets has not yet been disclosed, phishing and the opportunistic targeting of unpatched applications are the most likely routes. In recent years, ShadowPad seems to have become a well-established favorite with Chinese hacking groups, suggesting that the method is gaining some success.

ShadowPad was also previously used by unidentified threat actors to target an ASEAN member foreign ministry through successfully exploiting a vulnerable Microsoft Exchange Server. This activity, named REF2924 by the company Elastic Security Labs, “represents an attack group that appears focused on …sponsored national strategic interest,” said the company.

Read: https://thehackernews.com/2023/02/chinese-hackers-targeting-south.html

Elsewhere online:

Latest update for Firefox 110 and Firefox ESR patches vulnerabilities
Read: https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/mozilla-releases-security-updates-firefox-110-and-firefox-esr

ShadowPad Hacking Technique Used To Target South American Diplomatic Entities
Read: https://thehackernews.com/2023/02/chinese-hackers-targeting-south.html

Under Trump’s administration, Pentagon officials were aware of suspected balloons flying over U.S. airspace
Read: https://www.forbes.com/sites/saradorn/2023/02/17/pentagon-officials-were-reportedly-aware-of-mysterious-balloons-during-the-trump-administration-but-didnt-inform-the-white-house/

The Russian government has developed a sophisticated cyber strategy in Ukraine, according to a Google report
Read: https://www.infosecurity-magazine.com/news/google-report-russia-elaborate/

Internet ‘erasure’ firm uses dubious methods to erase your past
Read: https://www.theguardian.com/world/2023/feb/17/spanish-firm-erase-past-internet-eliminalia-web

Previously on #AxisOfEasy