Weekly Axis Of Easy #22
In this issue:
BlackOasis: (Yet another) Adobe Flash 0-Day Vulnerability
Kaspersky Labs revealed its findings last week of another Adobe Flash 0-day vulnerability. Attributed to the threat actor dubbed “BlackOasis”, the attack appears “highly targeted” and is delivered via an infected Microsoft Office document (what else?) and installs the latest version of FinSpy malware. Adobe has released a patch.
Brits blame Iran for cyber-attack on Parliament
Via the BBC we learn that Whitehall is blaming Iran for “a sustained cyber-attack” against the British Parliament on June 23 of this year. A “sustained attack” being a brute force password attempt on 9,000 accounts. Which to me actually sounds a little lame and barely worth reporting on. We probably have that many password attempts against accounts here every day. What’s notable about it is the fact that it’s worldwide news, and despite being acknowledged as an “unsophisticated attack”, it’s being ascribed to Iran as a state actor, as opposed to being called for what it likely is: some script kiddie bouncing off a proxy on an Iranian IP.
Facebook launches hotline for hacked Canadian politicians
The next federal election in Canada is still 2 years away but Facebook is preparing now, having launched a “Canadian election integrity initiative”. Facebook will setup an emergency escalation path for politicians and parties whose Facebook accounts are hacked. They will also issue a “cyber-hygiene guide” and have launched a partnership with a non-profit group to “educate voters on the dangers of fake news”. (Don’t get me started).
World’s First “AI” ETF launches
Last week a group called EquBot LLC launched the world’s first ETF powered by Artificial Intelligence (AI). The fund is powered exclusively by analyzing “Big Data” and applying AI algo’s provided by IBM’s “Watson” initiative to assemble a portfolio of 30 to 70 US equities it hopes to outperform the market. It hopes that by “mimic(ing) an army of equity research analysts working around the clock, 365 days a year” who themselves rarely beat the market, it will beat the market. All we need now is to add a boatload of leverage (say, 3X or 4X) and what could possibly go wrong?
ICANN is failing its registrants
Great write-up from Tucows around how the plethora of ICANN policies that force domain holders through various hoops just to maintain their domains can add unwieldily complexity to the point that it screws said registrants right out of their domains. I’ll add that some of these policies (like the absolutely idiotic Whois Accuracy Program) don’t even fulfill their stated aims even when they’re “working” properly).
easyDNS member interface update
The easyDNS control panel is improving as of November 1st. It functions the same way while matching the front end design and improving user experience for mobile devices on the go. You can start using it now, by logging into your member account and choosing to use the updated design before its official launch. Details here.
Previously on #AxisOfEasy
If you missed the previous issues, they can be read online here:
- October 16, 2017: Major WiFi Vulnerability Discovered: KRACK Attack
- October 9, 2017: Read “Extremist Propaganda” Online And Get 15 Years In Prison
- October 2, 2017: Russia Threatens To Ban Facebook
- September 25, 2017: Over 2 Million Users Installed An Infected Computer Utility
- September 18, 2017: Turn Off Your Phone’s Bluetooth Before You Even Read This
- September 11, 2017: Equifax Breach Exposes Millions Millions Of Customers Data