• Channels
    • #AxisOfEasy
    • Metaviews
    • Of Two Minds
    • Venture Crapital
  • Podcast
  • Our Mission
  • Contributors
  • Books
Subscribe

AxisOfEasy Subscribe

AxisOfEasy Weekly

Enter your email below to receive a concise, insightful weekly briefing and stay informed about cyberthreats and relevant tech happenings.

For the time being you do not have to be an easyDNS member to receive #AxisOfEasy, however when you subscribe we'll send you a $10 coupon in case you ever decide to try out one of our many web services.

#AxisOfEasy 280: New Quantum Cybersecurity Preparedness Act Aims To Protect Agencies Against Looming “Q-Day”

by Mark E. Jeftovic on January 10, 2023

Weekly Axis Of Easy #280


Last Week’s Quote was  “The urge to save humanity is almost always a false front for the urge to rule ” by H. L. Mencken. Our winner for axis of easy 279 is James Ralston.  Congrats!

This Week’s Quote:  “If you believe in yourself and have dedication and pride – and never quit, you’ll be a winner. The price of victory is high but so are the rewards.”  By ???

THE RULES:  No searching up the answer, must be posted at the bottom of this post, in the comments section

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.


This is your easyDNS #AxisOfEasy Briefing for the week of January 9th, 2023 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

Please note:  last week’s issue reported that “Microsoft uses the ad service to distribute BOATLOADER” which was worded poorly.

As pointed out by Josh S. “Microsoft Securty Threat Intelligence team discovered the malware and attributed it to ‘a threat actor identified as DEV-0569′”

Apologies to the Microsoft Threat Intel team and thanks to Josh S for pointing it out.

 
In this issue:
  • New Quantum Cybersecurity Preparedness Act Aims to Protect Agencies Against Looming “Q-Day”
  • Fortinet and Zoho urge their customers to patch vulnerabilities recently discovered in their enterprise software
  • Are Meta and Twitter Ushering in a New Age of Insider Threats?
  • Colombian Bank Hijacked to Drop the Remote Access Trojan, BitRAT
  • Ukrainian Cyber Police Arrest 40 in End of Year Call Centre Raid


Elsewhere online:

  • Raspberry Robin Obfuscates ‘Deeper, More Personal’ Data Collection In New Infection Campaign
  • Section 702 Expiration Imminent: Debate Surrounding Surveillance Powers Heats Up
  • In a recent FBI report, cybercriminals are using search engine ads to spread malware and phishing scams
  • How could the EU’s decision impact US data privacy policies?
  • Iranian authorities detained a journalist who published interviews with families of death row inmates
  • Truth About Mandatory ‘Safety Device’ Biden Signed Into Law 


New Quantum Cybersecurity Preparedness Act Aims to Protect Agencies Against Looming “Q-Day”

On December 21, 2022, President Biden signed the Quantum Computing Cybersecurity Preparedness Act into law. The law aims to protect federal government data against the impending threat of quantum-enabled data breaches ahead of “Q-day”—the time when quantum computers will be able to break through current cryptographic algorithms. Cybersecurity experts believe that Q-day is a mere 5 to 10 years away, thus prompting the launch of this bipartisan Act.

Co-sponsored by senators Rob Portman (R-OH) and Maggie Hassan (D-NH), the law sets various requirements for federal government agencies to prepare their migration towards quantum-secure cryptography. These include the requirement to maintain an up-to-date inventory of current IT systems that are vulnerable to decryption by quantum computers and to design the migration process toward post-quantum cryptography. Federal agencies must complete both requirements within 6 months of the law’s enactment.

The Office of Management and Budget (OMB) will also publish federal guidelines for the IT migration process within a year of the National Institute of Standards and Technology (NIST)’s issuance of its post-quantum cryptography standards. OMB’s guidelines will apply to all federal agencies except for national security systems.

Co-sponsor of the Act, Senator Hassan said: “To strengthen our national security, it is essential that we address potential vulnerabilities in our cybersecurity systems, including new threats presented by quantum computing.”

Read: https://www.infosecurity-magazine.com/news/biden-quantum-cybersecurity-law/


Fortinet and Zoho urge their customers to patch vulnerabilities recently discovered in their enterprise software

A major security flaw has been discovered in FortiADC application delivery controllers that could potentially allow an attacker to carry out malicious code execution across different versions. Known as CVE-2022-39947, the vulnerability impacts the following versions:

• FortiADC version 7.0.0 through 7.0.2
• FortiADC version 6.2.0 through 6.2.3
• FortiADC version 6.1.0 through 6.1.6
• FortiADC version 6.0.0 through 6.0.4
• FortiADC version 5.4.0 through 5.4.5

It is highly advised that users upgrade their systems quickly to the latest 6.2.4 and 7.0.2 releases of FortiADC.

However, Fortinet isn’t the only one stepping up to tackle vulnerabilities in their software – Zoho recently released a patch designed to deter an unexpected SQL injection flaw found in Access Manager Plus, PAM360 and Password Manager Pro. While details of the bug have not been revealed yet, it’s understood that any users could potentially exploit it for access to their victim’s backend database.

Read: https://thehackernews.com/2023/01/fortinet-and-zoho-urge-customers-to.html


Are Meta and Twitter Ushering in a New Age of Insider Threats?

Though most cybersecurity threats are perceived to be from external actors, a pair of stories this month from Meta and Twitter serve as an ominous reminder that sometimes the worst threats come from within. According to reports, employees at both companies have been using internal workarounds or private channels to sell access to private platforms or account verification. According to a tweet from Elon Musk, the new Twitter CEO, Twitter employees may have sold verification statuses to users for up to $15,000 off the record. Meanwhile, at Meta, more than two dozen employees have abused an internal account recovery tool to restore accounts for people who otherwise had no means to do so.

Though some of this may have been a clear case of employees helping out friends and family, such malpractices have formed an incredible black market for threat actors who have been blocked entry to these social media platforms. Employees who enable unauthorized access to these actors for financial compensation highlight the extent to which trust in digital media has collapsed and highlight the need for constant vigilance on the part of companies to get things back on track.

Indeed, companies today are caught between a rock and a hard place: there must be a baseline level of trust in one’s employees to run operations at all, yet in a mature threat model, every employee is also a simultaneous threat. To monitor the situation, companies can invest in a data loss prevention program that sends alerts when data is exfiltrated via email or USB. They can also keep track of privileged programs or locations to check if they are accessed too frequently or at unusual times.

It should, however, serve as a wake-up call to organizations that constant vigilance is their only means to track threats, be they internal or external.

Read: https://www.darkreading.com/vulnerabilities-threats/are-meta-and-twitter-ushering-in-a-new-age-of-insider-threats-


Colombian Bank Hijacked to Drop the Remote Access Trojan, BitRAT

A Colombian cooperative bank has been hijacked by a new malware campaign that is using sensitive stolen information as phishing bait to drop the remote access trojan, BitRAT. The vulnerability in the bank’s infrastructure was discovered by cybersecurity firm Qualys, which found 418,777 records in a database dump believed to be obtained by exploiting SQL injection faults. The leaked sensitive data include Cédula numbers (Colombian national ID), email addresses, phone numbers, customer names, payment records, salary details, and addresses.

Victims were sent messages that tricked them into opening an infected Excel document that contained the exfiltrated bank data. Also embedded in this Excel document is a macro that retrieves and executes BitRAT on the compromised machine. For only $20, BitRAT is a powerful malware suite that steals data, extracts credentials, mines cryptocurrency, and downloads additional software.

Qualys researcher Akshat Pradhan says: “Commercial off the shelf RATs have been evolving their methodology to spread and infect their victims. They have also increased the usage of legitimate infrastructures to host their payloads and defenders need to account for it.“

Read: https://thehackernews.com/2023/01/hackers-using-stolen-bank-information.html


Ukrainian Cyber Police Arrest 40 in End of Year Call Centre Raid

On Dec 29, 2022, the Ukrainian Cyber Police successfully raided a fraudulent call center that had been involved in a large-scale banking fraud. Police arrested the scam’s three main masterminds, plus 37 of their staff.

The scammers were sending calls out to unsuspecting victims by hiding their true caller ID. To victims, the calls seemed to be coming from their bank, the tax office, or even their local police station. From these “spoofed” phone numbers, the scammers would then try to convince victims that their bank accounts had been compromised and that they needed to “secure” their accounts to recover lost or at-risk funds. By combining a mix of threatening, scary, and urgent language, the scammers would often succeed at pulling their victims into their trap.

Once it becomes clear that the victim is worried about the security of their funds, the scammer would then try to glean various pieces of personal and security information from the victim. They would do this by asking them to “confirm” the information that the “bank official” can supposedly already see on their screen. Once completed, the scammers would then ask victims to log into a fake security site, guiding them through any 2FA (two-factor authentication) security processes. After access had finally been granted, the fraudsters could then transfer victims’ money to their own accounts.

According to the Ukrainian police, “For the conspiracy, the participants used bank accounts located in offshore zones and cryptocurrency wallets. In this way, the criminals defrauded [about 18,000 people].” To protect themselves from such frauds in the future, police advise users to never believe anyone who randomly contacts them to “help” with a fraud investigation. You should always rely on something other than the Caller ID that shows up on your phone, as these are becoming easier and easier to fake.

Read: https://nakedsecurity.sophos.com/2023/01/03/inside-a-scammers-lair-ukraine-busts-40-in-fake-bank-call-centre-raid/

 

Elsewhere Online:


Raspberry Robin Obfuscates ‘Deeper, More Personal’ Data Collection In New Infection Campaign

Read: https://thehackernews.com/2023/01/raspberry-robin-worm-evolves-to-attack.html


Section 702 Expiration Imminent: Debate Surrounding Surveillance Powers Heats Up

Read: https://www.politico.com/newsletters/weekly-cybersecurity/2023/01/03/congress-gears-up-for-fight-over-key-surveillance-program-00076042


In a recent FBI report, cybercriminals are using search engine ads to spread malware and phishing scams

Read: https://www.cpomagazine.com/cyber-security/fbi-hackers-are-using-search-engine-ads-for-phishing-and-malware-distribution/


How could the EU’s decision impact US data privacy policies?

Read: https://www.healthcareitnews.com/news/could-eus-decision-against-meta-affect-data-privacy-policies-us


Iranian authorities detained a journalist who published interviews with families of death row inmates

Read: https://www.arabnews.com/node/2227691/middle-east


Truth About Mandatory ‘Safety Device’ Biden Signed Into Law
 
Read: https://www.westernjournal.com/truth-mandatory-safety-device-biden-signed-law-power-government-wants/



Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:

  • January 2nd, 2023: Malicious MasquerAds Lurks Under Top Google Search Results
  • December 16th, 2022: Twitter’s Latest Updates: Banned Profiles And Cross-Posting
  • December 19th, 2022: Fourth Installment Of Twitter Files Reveals Secret US Government Twitter Portal For Censoring COVID-19 Material
  • December 12th, 2022: FTX CEO Sam Bankman-Fried and the Modern Political Machine (and His Arrest)
  • December 5th, 2022: ESC Movement: End Surveillance Capitalism

 

 

 

 

 

One response to “#AxisOfEasy 280: New Quantum Cybersecurity Preparedness Act Aims To Protect Agencies Against Looming “Q-Day””

  1. Mike says:
    January 11, 2023 at 9:40 am

    For the quote I’m going to guess Napoleon Hill.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Be informed. Be safe. Be amused, often stunned with #AxisOfEasy Weekly Enter your email below to receive a concise, insightful weekly briefing. When you subscribe we'll send you a $10 coupon in case you ever decide to try out one of our many web services.

AxisOfEasy Weekly

Enter your email below to receive a concise, insightful weekly briefing and stay informed about cyberthreats and relevant tech happenings.

For the time being you do not have to be an easyDNS member to receive #AxisOfEasy, however when you subscribe we'll send you a $10 coupon in case you ever decide to try out one of our many web services.

#AxisOfEasy
#AxisOfEasy
Bombthrower
Bombthrower
Metaviews
Metaviews
Of Two Minds
Of Two Minds
Uncategorized
Venture Crapital
Venture Crapital
#AxisOfEasy is brought to you by....

easyDNS

Power & Freedom™ since 1998


Ledger Nano X - The secure hardware wallet easyDNS

Latest Headlines

  • #AxisOfEasy 283: GoTo’s Data Breach Is Even Worse Than Previously Thought
  • What Goes Up Also Comes Down: The Heavy Hand of Bubble Symmetry
  • Here’s How "Prosperity" Ends: Global Bubbles Are Popping
  • Heretical Thoughts on Orthodoxies
  • The Race to the Bottom Accelerates
  • #AxisOfEasy 282: California’s Unprecedented Data Breach Highlights Need For Privacy In Public Safety
  • You Want Truly "Sound Money"? A Thought Experiment
  • The 1970s: From Rotting Carcasses Floating in the River to Kayak Races
  • Contrarian Thoughts on the Petro-Yuan and Gold-Backed Currencies
  • #AxisOfEasy 281: Hackers Unleash Chaos: Danish Central Bank And Leading Private Bank Websites Under Siege

Latest Comments

  • Jon on #AxisOfEasy 282: California’s Unprecedented Data Breach Highlights Need For Privacy In Public Safety: “I’ll have a go with Emerson.”
  • Mike on #AxisOfEasy 282: California’s Unprecedented Data Breach Highlights Need For Privacy In Public Safety: “For the quote I’m going to say Walden.”
  • Bethany on #AxisOfEasy 282: California’s Unprecedented Data Breach Highlights Need For Privacy In Public Safety: “Quote: Use the talents you possess, for the woods would be a very silent place if no birds sang except…”

Behold The Axis

  • Epsilon Theory
  • Guerrilla Capitalism
  • James Kunstler
  • Metaviews
  • OfTwoMinds
  • Peak Prosperity
  • TTMYGH
  • Venture Crapital
  • Zerohedge

Tags

  • BiRAT
  • Columbia
  • death row
  • EU
  • FBI
  • Fortinet
  • Iran
  • Maggie Hassan
  • meta
  • NIST
  • OMB
  • Q-Day
  • Raspberry Robin
  • Rob Portman
  • section 702
  • Surveillance
  • twitter
  • Ukraine
  • US
  • Zoho

Latest Headlines

#AxisOfEasy 283: GoTo’s Data Breach Is Even Worse Than Previously Thought

0 Comments

What Goes Up Also Comes Down: The Heavy Hand of Bubble Symmetry

0 Comments

Here’s How "Prosperity" Ends: Global Bubbles Are Popping

0 Comments

Heretical Thoughts on Orthodoxies

0 Comments

The Race to the Bottom Accelerates

0 Comments

#AxisOfEasy 282: California’s Unprecedented Data Breach Highlights Need For Privacy In Public Safety

3 Comments
  • 1
  • 2
  • 3
  • …
  • 183
  • Next »

Latest comments

#AxisOfEasy 283: GoTo’s Data Breach Is Even Worse Than Previously Thought

0 Comments

What Goes Up Also Comes Down: The Heavy Hand of Bubble Symmetry

0 Comments

Here’s How "Prosperity" Ends: Global Bubbles Are Popping

0 Comments

Heretical Thoughts on Orthodoxies

0 Comments

The Race to the Bottom Accelerates

0 Comments

#AxisOfEasy 282: California’s Unprecedented Data Breach Highlights Need For Privacy In Public Safety

3 Comments
  • 1
  • 2
  • 3
  • …
  • 183
  • Next »

Latest tweets

  • GoTo’s data breach is even worse than previously thought Social Networking Giant Meta Sues Surveillance Firm Voya… https://t.co/08xA2AnxUp3 hours ago
  • RT @StuntPope: Belated addition: If you see this thread and are impacted - reply here after you cancel your billing. Ideally I'd like to…4 days ago
  • RT @StuntPope: At the end of the day it's on me for not noticing, but at least some other people can save themselves $49/month going forwar…4 days ago
  • RT @StuntPope: If you look at @Trustpilot it seems that @CareDotCom's business model is to get you to upgrade to a premium account (you can…4 days ago

Plug into the #AxisOfEasy on....

Enter your email below to receive a concise, insightful weekly briefing

AxisOfEasy Weekly

Enter your email below to receive a concise, insightful weekly briefing and stay informed about cyberthreats and relevant tech happenings.

For the time being you do not have to be an easyDNS member to receive #AxisOfEasy, however when you subscribe we'll send you a $10 coupon in case you ever decide to try out one of our many web services.

  • Channels
    • #AxisOfEasy
    • Metaviews
    • Of Two Minds
    • Venture Crapital
  • Podcast
  • Our Mission
  • Contributors
  • Books

(c) 2017 - 2020 AxisOfEasy Media

  • Channels
    • #AxisOfEasy
    • Metaviews
    • Of Two Minds
    • Venture Crapital
  • Podcast
  • Our Mission
  • Contributors
  • Books