#AxisOfEasy 217: Hackers Were Able To Get Microsoft’s Digital Signature On Their Rootkit


Weekly Axis Of Easy #217


Last Week’s Quote was “America has been discovered before, but it has always been hushed up.” was by Oscar Wilde and Jason Stephenson is our winner!

This Week’s Quote: “It is dangerous to be right when the government is wrong.”… by???

THE RULES: No searching up the answer, must be posted to the blog– the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal is on us.



In this issue:

  • Brave browser ditches Google in favor of its own privacy-centered search engine
  • Several US agencies issued joint cybersecurity advisory about cyber threats to water facilities
  • App Sideloading: Apple compares iPhone Security to Android Malware Stats
  • China removed Celtics media after Enes Kanter called out the government repression
  • Hackers were able to get Microsoft’s digital signature on their rootkit
  • Leaked documents and a new whistleblower increased the Facebook crisis
  • Facebook and Google have a secret deal to rig ad markets
  • Facebook caught datamining iPhones
  • It’s official: Ecohealth conducted Gain-of-Function NIH-funded research in Wuhan


Brave browser ditches Google in favor of its own privacy-centered search engine

The open-source Chromium-based browser Brave has replaced Google with its privacy-centric search engine as the default for new users in the U.S., Canada, and the United Kingdom.

“Today’s Brave desktop browser update (version 1.31), as well as the Brave Android app (version 1.31)* and the Brave iOS app (version 1.32) all automatically offer Brave Search as the default for new users in these five countries, with fully localized versions in non-English geographies,” announced the company.

With its launch on June 22nd, 2021, Brave Search strives to protect users’ privacy by automatically blocking ads and tracking scripts and removing privacy-invasive features built into Chromium. The browser engine highlights the following security features:

Among the security features, users highlight:

  1. Privacy: no tracking or profiling of users. 
  2. User-first: the user comes first, not the advertising and data industries. 
  3. Independence: Brave has its own search index for answering common queries privately without reliance on other providers. 
  4. Choice: soon, options for ad-free paid search and ad-supported search. 
  5. Transparency: no secret methods or algorithms to bias results, and soon, community-curated open ranking models to ensure diversity and prevent algorithmic biases and outright censorship.
  6. Seamlessness: best-in-class integration between the browser and search without compromising privacy, from personalization to instant results as the user types.
  7. Openness: Brave Search will soon be available to power other search engines. 


Brendan Eich, CEO, and co-founder of Brave celebrated that the engine “has grown significantly since its release, with nearly 80 million queries per month. Our users are pleased with the comprehensive privacy solution that Brave Search provides against Big Tech by being integrated into our browsers.”

If they prefer, Brave users can switch to a different search engine by managing their search engine settings. While currently, it does not display ads, Brave Search will soon be ad-supported and will offer an ad-free premium version in the future.

Read: https://www.bleepingcomputer.com/news/software/brave-ditches-google-for-its-own-privacy-centric-search-engine/


Several US agencies issued joint cybersecurity advisory about cyber threats to water facilities

Federal agencies warn of “ongoing malicious cyber activity” by known and unknown threat actors on U.S. Water and Wastewater Systems (WWS) Sector facilities.

The joint cybersecurity advisory issued by a coalition formed by the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the Environmental Protection Agency (EPA), says hackers attempted to “compromise system integrity via unauthorized access.”

As described in the advisory, these attacks threaten the government’s ability to provide clean water and manage wastewater.

While vulnerabilities within the water sector are comparable to vulnerabilities observed across many other sectors, the criticality of water and wastewater infrastructure and recent intrusions impacting the sector reflect the need for continued focus and investment,” explained Eric Goldstein, executive assistant director for cybersecurity at CISA.

Both known and unknown attackers targeted WWS operational technology (OT) networks, systems, and devices. Employees are targeted by spear-phishing campaigns that deliver malicious payloads, including ransomware, via malicious links and attachments.

Security personnel is advised to detect signs of compromise and suspicious activity. Among these are the permanent or temporary failure to grant access to SCADA system controls, abnormal results from data or Windows alerts, unusual chemical rates, as well as the access to SCADA systems by unauthorized or unassigned personnel.

Read: https://www.cpomagazine.com/cyber-security/fbi-nsa-cisa-and-epa-issued-joint-cybersecurity-advisory-on-cyber-threats-targeting-water-facilities/


App Sideloading: Apple compares iPhone Security to Android Malware Stats

After a court decision that could force Apple to loosen its iPhone security approach, the company has commissioned research that connects the more open architecture of Android to higher malware risk.

Among other claims, Apple claims that Android devices experience 15 to 47 times more malware infections, totaling six million attacks per month and about 230,000 new infections per day.

In Apple’s latest research-driven pamphlet, the company trumpets the “critical importance” of iPhone security, arguing that smartphones tend to be the devices with the most sensitive personal information. App sideloading would weaken its carefully structured security protections and expose users to attacks.

While it is in Apple’s financial interests to paint as dire a picture as possible, some of the company’s assertions are not unfounded. However, it may be overstating the case. Recent Pegasus spyware attacks showed that iOS devices are just as vulnerable to zero-day threats that can be used to take complete control of the device.

A recent study indicates that while Apple’s iPhone security approach may provide users with superior protection from lower-level malware attempts, it does not necessarily offer better privacy protection in terms of tracking by advertisers. Additionally, Apple users can still be phished via text message or email, just as Android users can.

Read: https://www.cpomagazine.com/cyber-security/apple-makes-case-against-app-sideloading-by-comparing-iphone-security-to-android-malware-stats/


China removed Celtics media after Enes Kanter called out the government repression

On Thursday, the NBA’s Chinese broadcast partner suddenly removed Boston Celtics highlights and live streams from its website and app shortly after Celtics center Enes Kanter called China’s leader Xi Jinping a “brutal dictator” in multiple social media posts.

The professional basketball player spoke out against “cultural genocide” in Tibet, an autonomous region to the west of China where the Chinese government has cracked down on freedoms and exerted control.

In 2019, Tencent, a Chinese internet technology company, agreed to a five-year, $1.5 billion expansion of its partnership with the NBA, a move reminiscent of China’s response to Daryl Morey’s 2019 tweet supporting pro-democracy protesters in Hong Kong. An international firestorm following Morey’s words resulted in a brief NBA blackout in China, and simmering tensions between the league and a country with millions of fans.

Read: https://sports.yahoo.com/enes-kanter-china-tibet-nba-celtics-135506956.html


Hackers were able to get Microsoft’s digital signature on their rootkit

According to cybersecurity researchers at Bitdefender, criminals have been using FiveSys, a rootkit that somehow made its way through the driver certification process to be digitally signed by Microsoft.

Using this signature, a rootkit  – malicious software that allows cybercriminals to access and control infected computers – can appear valid, bypass operating system restrictions, and gain the kind of privileges that researchers describe as being “virtually unlimited.”

Bogdan Botezatu, director of threat research and reporting at Bitdefender, explained that “the chances are that it was submitted for validation and somehow it got through the checks. While the digital signing requirements detect and stop most of the rootkits, they are not foolproof.”
Researchers believe FiveSys is bundled with cracked software downloads, but it’s unclear how it is distributed.

The FiveSys rootkit redirects internet traffic to a proxy server once installed, which is done by installing a custom root certificate so that the browser won’t display a warning about the proxy’s unknown identity. Additionally, this prevents other malware from writing to the drivers, likely to prevent other cybercriminals from exploiting the compromised system.
Analysis of attacks shows that the FiveSys rootkit is being used in cyberattacks targeting online gamers to steal login credentials and hijack in-game purchases.

Currently, the attacks target gamers in China, which researchers also believe that the attackers are operating from. According to an analysis of attacks, the FiveSys rootkit is being used to steal login credentials and hijack in-game purchases from online gamers. Today, the attacks are mainly targeting gamers in China, which is where researchers believe the attackers are based.  

While the rootkit is currently being used to steal login credentials from gaming accounts, there is a possibility it could be used against other targets in the future.

Read: https://www.zdnet.com/article/hackers-somehow-got-their-rootkit-a-microsoft-issued-digital-signature/
 

Leaked documents and a new whistleblower increased the Facebook crisis

Despite a windfall of leaked documents detailing how Facebook failed to heed internal concerns over election misinformation, Facebook was under increasing pressure on Friday as a whistleblower accused it of actively fostering hate speech and illegal activity.

According to the Washington Post, the whistleblower’s allegations were contained in a complaint filed with the Securities and Exchange Commission, the US agency responsible for protecting investors.
As detailed in the complaint, Facebook officials frequently refused to enforce safety rules for fear of angering Donald Trump and his allies or offsetting the company’s tremendous growth. A Facebook spokesperson, Tucker Bounds, allegedly dismissed concerns about the platform’s role in 2016 election manipulation.

The documents reveal that Facebook employees repeatedly flagged concerns before and after Donald Trump attempted to discredit Joe Biden. In a report in the New York Times, a data scientist told colleagues that 10% of all US views of opinion articles were of posts that falsely claimed the election was fraudulent. But as workers flagged these issues and urged the company to act, the company failed or struggled to address the problems, the Times reported.
According to NBC News, the internal documents also show Facebook researchers found its recommendation tools repeatedly directed users to extremist groups, despite internal warnings.

Facebook has been facing pressure from lawmakers on several fronts, including pending legislation from Congress, a lawsuit filed by the US attorneys general, and a lawsuit filed by the Federal Trade Commission’s new chairwoman, Lina Khan.

Read: https://www.theguardian.com/technology/2021/oct/22/facebook-whistleblower-hate-speech-illegal-report



Facebook and Google have a secret deal to rig ad markets

An interesting Twitter thread came up over the weekend from somebody who read the entire 173 page Google antitrust filing and found details of a secret deal with Facebook called “Jedi Blue”

“that they knew was so illegal that it has a whole section describing how they’ll cover for each other if anyone finds out – google appears to have a team called gTrade that is wholly dedicated to ad market manipulation.”

See the thread here: https://twitter.com/fasterthanlime/status/1452053938195341314


Facebook caught datamining iPhones

An article via Forbes informs us of yet another Facebook privacy violation. It confirmed something I suspected a long time ago, that Facebook’s mobile app datamines your device whether you have it open or not and even if you have location services disabled for it.

“A week ago, I warned iPhone users that Facebook still captures location data using the metadata from your photos and your IP address, even if you update your settings “never” to track your location. Facebook admits to this harvesting, refusing to be drawn on why that’s so wrong when users specifically disable location tracking.

Now security researchers have suddenly warned that Facebook goes even further, using the accelerometer on your iPhone to track a constant stream of your movements, which can easily be used to monitor your activities or behaviors at times of day, in particular places, or when interacting with its apps and services. Alarmingly, this data can even match you with people near you—whether you know them or not.”


The only solution is to delete the Facebook app from your phone, something I did years ago (and more recently did the same for Twitter because it’s a time sync).

Read: https://www.forbes.com/sites/zakdoffman/2021/10/23/apple-iphone-users-delete-facebook-app-after-new-tracking-warning/


It’s official: Ecohealth conducted Gain-of-Function NIH-funded research in Wuhan

Add to the list of perpostrous baseless debunked conspiracy theories that turns out to be true, NIH has finally admitted that Ecohealth, the outfit headed by Peter Daszak, the most vocal opponent of the “lab leak theory,” did indeed carry out Gain-on-Function research with chimeric coronaviruses in bats that were able to infect humanized mice. Then they scrubbed the definition of GoF from their website.

“In a letter to Kentucky Republican James Comer, the ranking member of the House Oversight Committee, Lawrence A. Tabak of the NIH” admitted that NIH funded the research.

Now the NIH and Ecohealth are busily trying to throw each other under the bus: NIH says Ecohealth “failed to report that they had created a chimeric bat coronavirus which could infect humans” and gave them five days to report on their work.

Days later Ecohealth issued a statement says they did report their findings to NIH as soon as they became available, in 2018.

If NIH was informed by Ecohealth, it means that Fauci lying when told congress that NIH never funded GoF research. and when Fauci shouted at Sen Rand Paul calling him a liar when the senator was grillig him about it, Fauci’s pants were on fire.

It gets weirder: over the weekend, new revelations began to surface about some of the other experiments Fauci’s NIH funded, most notably $378,000 sent to a lab lab in Tunisia on puppies, “to drug beagles and lock their heads in mesh cages filled with hungry sand flies so that the insects could eat them alive.”

Follow the science! Mofo.

Read: https://www.msn.com/en-us/news/politics/nih-admits-fauci-lied-about-funding-wuhan-gain-of-function-experiments/ar-AAPLZIe

And: https://www.zerohedge.com/covid-19/nih-admits-funding-gain-function-covid-experiments-gives-ecohealth-five-days-report

So  basically this is really looking like a bunch of sanctimonious  technocrats funded research that resulted in a lab leak that irrevocably  harmed our society, our instutions, our economy and our civil  liberties. Some of those same people were put in charge managing the  response, the messaging and supersceded our civil liberties. And then  they smugly told us to STFU and do what we were told.  Yeah, I’m pissed.  This should be a torches and pitchforks moment but it isn’t, because  we’ve been inculcated into being a society of meek, compliant wusses.

3 thoughts on “#AxisOfEasy 217: Hackers Were Able To Get Microsoft’s Digital Signature On Their Rootkit

Leave a Reply to Mike Beasley Cancel reply

Your email address will not be published. Required fields are marked *