In a recent analysis, Akamai security researcher Larry W. Cashdollar revealed that KmsdBot, a botnet malware, has received an upgrade and is now specifically focusing on Internet of Things (IoT) devices. This updated version of KmsdBot has expanded its capabilities and widened its attack surface. 

According to Cashdollar, the latest binary of the malware incorporates Telnet scanning and extends support for additional CPU architectures. This enhancement allows KmsdBot to effectively target a broader range of IoT devices.

From a technical perspective, the introduction of telnet scanning capabilities signifies an enlargement of the botnet’s potential targets, allowing it to encompass a wider range of devices. Furthermore, as the malware undergoes further development and extends its compatibility with various CPU architectures, it continues to pose an ongoing security risk to internet-connected devices.

Read: https://reclaimthenet.org/how-activists-hijacked-facebooks-fact-checking-program


Potential Transformation of UN Cybercrime Treaty into a “Surveillance Pact” Raises Concerns

As UN delegates gather in New York City to refine an updated proposal, activists are sounding the alarm that an international treaty aimed at combating cybercrime is at risk of morphing into a far-reaching “surveillance pact” with grave implications for data privacy and human rights.

At a press conference, advocates for human rights and digital privacy issued a strong warning. They emphasized that unless substantial revisions are made to the draft’s language, the proposed treaty will effectively grant governments the authority to target and oppress activists, journalists, and marginalized communities. In essence, the very individuals who commonly fall victim to authoritarian regimes’ endeavors to criminalize freedom of expression and violate privacy rights would continue to suffer.

According to Deborah Brown, a senior researcher and advocate on technology and human rights at Human Rights Watch, the ambiguous language found in Article 17 of the treaty raises significant concerns. She highlights that this vagueness could potentially enable governments to criminalize specific speech simply based on its online posting.

Read: https://www.theregister.com/2023/08/24/un_cybercrime_treaty/


Activists Hijack Facebook’s Fact-Checking Program

According to a report by Sky News, Facebook’s fact-checking operations, which are advertised as independent, have been receiving large payments from Meta itself. The report alleges that activists have hijacked the fact-checking of coverage tied to a contentious Australian referendum campaign known as “the Voice.” The investigation focuses on the 2023 Australian Indigenous Voice referendum, a proposal to establish an Aboriginal and Torres Strait Islander Voice to voice matters concerning Aboriginal and Torres Strait Islander peoples to the Parliament and the Executive Government.

The findings suggest policy violations, questionable expired fact-checking credentials, and suspected conflicts of interest. An Australian university, the Royal Melbourne Institute of Technology (RMIT), which is among the enlisted fact-checkers, allegedly entered into a commercial contract with an Irish Meta subsidiary, a deal which could be worth above $740,000 annually depending on the conducted fact-checks. Further, Sky News’ report underlines that the RMIT appears to have censored dissenting journalism around the Voice referendum.

Despite RMIT’s IFCN certification expiring in December, its contract with Meta was not annulled as prescribed under the signed pact. This status is shared by 55 fact-checking operations worldwide, which remain as signatories under the IFCN despite invalid credentials. The report found that RMIT’s fact-checks primarily target content leaning towards a “no” vote on the Voice referendum, and its “Fact Lab” is led by former journalist Russel Skelton, whose partisan affiliations and pro-Voice stance signify an apparent disregard for the required impartiality of a fact-checker under IFCN’s Code of Principles.

Australian author Graham Young discusses the rise of totalitarian tendencies in democracies around the world. Governments are using the concepts of “misinformation” and “disinformation” to delegitimize opposition to their policies. Young questions the definitions of these terms and how truth is determined. He highlights the coordinated push by governments to introduce legislation to control “untruths” on the internet, such as the UK’s Online Safety Bill, Canada’s laws, and the US’s Disinformation Governance Board.

Young also discusses Australia’s proposed Communications Legislation Amendment (Combating Misinformation and Disinformation) Bill 2023, which has received pushback from legal organizations like the Victorian Bar Council. He argues that the research on which the bill is based is flawed and that the best antidote to misinformation is a free exchange of ideas.

In Young’s view, allowing a Nanny State actor to determine what is true will lead to civil unrest and poverty rather than truth. He believes that it is important for citizens to have the right to dispute government information and for there to be a free exchange of ideas for truth to prevail.

According to Meta’s latest threat report, a Russian disinformation campaign named Doppelganger has been found spreading fake articles posing as legitimate stories from major media outlets, such as The Washington Post and Fox News, to undermine Western support for Ukraine amid the Russian-Ukraine War. The operation has spoofed the domains for these notable news sites and spammed out the linked stories on social media platforms. The operation also uses the bylines of real journalists working for these media organizations.

Meta asserts that two companies behind this disinformation operation — Structura National Technology and Social Design Agency — formerly targeted other countries, including Germany and France. Both companies were previously sanctioned by the European Union after being caught by Meta. Meta calls for registrars and registries to take steps in addressing domain registration abuse, as many brands cannot pursue the effort of initiating a domain name dispute administrative procedure due to the high expense in addition to the legal fees that will ensue.

Read: https://www.darkreading.com/threat-intelligence/new-york-times-spoofed-russian-disinformation-campaign


Elsewhere Online:

 
Discover the Top 50 Organizations in the Censorship-Industrial Complex: A Comprehensive Report
Read: https://www.racket.news/p/report-on-the-censorship-industrial-74b

 
Critical Vulnerability in MS Power Platform: Unauthorized API Access through Reply URL Flaw
Read: https://www.hackread.com/reply-url-flaw-ms-power-platform-api-access/

 
LockBit 3.0’s source code leak in 2022 allowed threat actors to create new variants
Read: https://securityaffairs.com/149941/hacking/lockbit-3-leaked-code-usage.html

 
Operation Duck Hunt has uncovered and wiped out a notorious Windows malware family
Read: https://thehackernews.com/2023/08/fbi-dismantles-qakbot-malware-frees.html

 
Researchers found that Hackers use a variety of methods to access Airbnb accounts, including stealers and stolen cookies
Read: https://www.hackread.com/cybercrooks-hack-airbnb-accounts-stealers-cookies/