• Channels
    • #AxisOfEasy
    • Metaviews
    • Of Two Minds
    • Venture Crapital
  • Podcast
  • Our Mission
  • Contributors
  • Books
Subscribe

AxisOfEasy Subscribe

AxisOfEasy Weekly

Enter your email below to receive a concise, insightful weekly briefing and stay informed about cyberthreats and relevant tech happenings.

For the time being you do not have to be an easyDNS member to receive #AxisOfEasy, however when you subscribe we'll send you a $10 coupon in case you ever decide to try out one of our many web services.

#AxisOfEasy 286: Do The Secrecy Provisions Of The Cybersecurity Bill Go Too Far?

by Mark E. Jeftovic on February 22, 2023

Weekly Axis Of Easy #286


Last Week’s Quote was “The main thing is to keep the main thing the main thing,” by Stephen Covey. Our winner is Javais Gayle. Congrats! 

This Week’s Quote:  “People should think less about what they ought to do and more about what they ought to be.”  By ???

THE RULES:  No searching up the answer, must be posted at the bottom of this post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.


This is your easyDNS #AxisOfEasy Briefing for the week of February 20th, 2023 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.
 
In this issue:
  • Do the Secrecy Provisions of the Cybersecurity Bill Go Too Far?
  • TikTok “Focused View” Promises Emotion Tracking to Advertisers
  • Apple Releases iOS 16.3.1 Update to Fix Critical Security Flaws
  • Tesla App Crashes Across Europe with “503 Server Maintenance” Error on Valentine’s Day
  • Lazarus Group Evades Sanctions and Launderers $100 Million in Stolen Bitcoin Through New Crypto-Mixer Sinbad
  • NATO Cyberattack: Russian Group Targets Humanitarian Efforts for Turkish-Syrian Earthquake Victims
  • ShadowPad Hacking Technique Used To Target South American Diplomatic Entities


Elsewhere online:

  • Latest update for Firefox 110 and Firefox ESR patches vulnerabilities
  • ShadowPad Hacking Technique Used To Target South American Diplomatic Entities
  • Under Trump’s administration, Pentagon officials were aware of suspected balloons flying over U.S. airspace
  • The Russian government has developed a sophisticated cyber strategy in Ukraine, according to a Google report
  • Internet ‘erasure’ firm uses dubious methods to erase your past

 

Do the Secrecy Provisions of the Cybersecurity Bill Go Too Far?

These new bills keep popping up and if we take the time to actually read them, instead of letting the legacy media tell us what they want us to know about them, they appear quite scary.

The common theme seems to be more restrictions on us, citizens, and more power to big brother, the government, who say they know what’s good and safe for us and the world, better than we do.

Bill C26 had its first reading back in June of 2022 so it’s far from new. It’s been under even our radar.

Read: https://easydns.com/blog/2023/01/27/canadas-bill-c-26-yet-another-government-power-grab/

I was also interviewed on Counterpoint about it if you’re looking for the short version.

Interview: https://www.youtube.com/watch?v=bNL4CaJJq-Y

TikTok “Focused View” Promises Emotion Tracking to Advertisers

Interesting article about the potential ways TikTok plans to deliver on their promise of “Focus Tracking” to their advertisers.

Back in October of 2022, they introduced a new feature that would only present ads to users if they were “emotionally engaged.” How could they determine that with a smart device in hand?  Would they track the user’s vital stats?  Watch them through the device’s camera and use facial recognition software?  The details are scarce at this point, which makes this a story to watch as more information comes out.

This would be “invasion of privacy” territory even if there was no potential of ties to the communist regime of China, but with those supposed ties and all this available information on individual users to the wizards behind the curtains, the plot thickens.

Read: https://www.cpomagazine.com/data-privacy/tiktok-focused-view-promises-emotion-tracking-to-advertisers/

Apple Releases iOS 16.3.1 Update to Fix Critical Security Flaws

Apple has recently released the latest version of its operating system, iOS 16.3.1, to address two significant security vulnerabilities that could impact the safety of its users. One of these flaws, CVE-2023-23529, is located in WebKit, which is the underlying framework of Apple’s Safari browser, and could allow cybercriminals to execute code on an iPhone.

Apple has acknowledged that this flaw has been actively exploited. The other vulnerability, CVE-2023-23514, is in the kernel, which is at the heart of the iPhone’s operating system, and could allow an attacker to execute arbitrary code with kernel privileges via an app.

However, there have been no reported attacks exploiting this flaw.

To protect its users, Apple has urged them to update their devices to iOS 16.3.1, which has already been equipped with new security features to help prevent future threats.

Independent security researcher, Sean Wright, warns that even though the currently exploited vulnerability may only be targeting a specific group of people, it’s only a matter of time before more attackers use it more widely. Hence, updating your device to the latest version is the best way to stay safe.

While Apple has not given out more details about these vulnerabilities to ensure that users have enough time to update their devices, it is important that users with iOS 15 and compatible iPhones upgrade to the new version.

Apple had been updating iOS 15 with vital security fixes, but it has now stopped doing so for older iPhones that can’t upgrade to iOS 16.

Users with iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later can upgrade their devices to iOS 16.3.1 by going to Settings > General > Software Update.

Read:
https://www.forbes.com/sites/kateoflahertyuk/2023/02/14/ios-1631-update-now-warning-issued-to-iphone-users/


Tesla App Crashes Across Europe with “503 Server Maintenance” Error on Valentine’s Day

On Tuesday, February 14, Tesla drivers across Europe tweeted how Tesla’s smartphone app to control their cars had crashed, giving users a 503 error. The Tesla app allows users to remotely view their car’s status, lock or unlock their vehicle, manage climate control, and control how their car charges.

German Twitter user @BB4ll was one of the first to tweet about the app being down on Tuesday morning: “‘503 Server Maintenance’ error in the @Tesla app. Anybody else? #Germany“

The outage appeared to be much larger than @BB4ll realized, spanning several European countries, including Spain, France, and the UK.

According to @teslascope on Twitter, “Tesla has historically not utilized the HTTP Code 503 for proper maintenance and instead occurs during unexpected downtimes. We also see 500, 504, and 502 errors, which speak more to the current status.“

Some users complained that their Tesla’s remote functions had stopped working on the app, giving a “503 Server Maintenance” error. Luckily, users could still use their phone’s Bluetooth function or their keycard to open and gain access to their vehicle.

Despite users sharing the error on several platforms across the internet, Tesla has yet to formally acknowledge the issue.

Read:
https://www.zerohedge.com/technology/tesla-app-remotely-control-cars-crash-across-europe-503-error


Lazarus Group Evades Sanctions and Launderers $100 Million in Stolen Bitcoin Through New Crypto-Mixer Sinbad

According to blockchain analysts, North Korean hackers have found a new way to launder cryptocurrency proceeds from their heists, despite U.S.-imposed sanctions.

The Lazarus Group, a North Korean hacking syndicate, has been successful in laundering around $100 million in stolen Bitcoin since October 2022 using a single crypto-mixing service called Sinbad.

Last year, the US Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the cryptocurrency mixing services Blender and Tornado Cash, which the Lazarus Group used to launder nearly $500 million in illicitly obtained cryptocurrency. After the sanctions, Blender’s operator disappeared after taking nearly $22 million in Bitcoin from the mixer.

To get around the OFAC sanctions, the Lazarus Group started using a new crypto-mixer called Sinbad, a relatively small mixer. Despite its size, the group has laundered “tens of millions of dollars” through the service since October 2022, indicating confidence and trust in the mixer.

Although Blender and Sinbad are custodial mixers, meaning that the operator controls the cryptocurrency used, blockchain analysis firm Elliptic has found strong links between the two mixers.

The researchers found similarities in on-chain transaction behavior, specific characteristics of transactions, and the use of ten-digit mixer codes, guarantee letters, and a maximum seven-day transaction delay. They also found that a “service” address on the Sinbad site received Bitcoin from a wallet believed to belong to the operator of Blender.

The researchers also noticed a clear nexus to Russia, which provides language support and websites for both mixers. This suggests that the same individual or group operates both Sinbad and Blender.

In June 2022, the Lazarus Group was linked to the $100 million hack of Harmony Horizon crypt, which occurred after OFAC’s Tornado Cash sanctions but before the group switched to Sinbad. The Lazarus Group has been responsible for several high-profile hacks, including the 2014 Sony Pictures hack and the 2017 WannaCry ransomware attack.

Read:
https://www.bleepingcomputer.com/news/security/lazarus-hackers-use-new-mixer-to-hide-100-million-in-stolen-crypto/


NATO Cyberattack: Russian Group Targets Humanitarian Efforts for Turkish-Syrian Earthquake Victims

Over the weekend, NATO’s Special Operations Headquarters and Strategic Airlift Capability were hit by a cyber attack while delivering humanitarian aid to victims of the Turkish-Syrian earthquake. The Russian-based Killnet group has claimed responsibility for launching a DDoS attack against NATO, targeting the NR network reportedly used to transmit classified data.

Although the sites were temporarily knocked offline, the attack disrupted communications between NATO and at least one airplane transporting search and rescue equipment to Turkey’s Incirlik Air Base.

The earthquake in southeastern Turkey and Syria has already claimed 35,000 lives, and emergency workers from around the world have converged to help pull survivors from the rubble.

This latest attack highlights the vulnerability of critical infrastructure during times of crisis and the need to remain vigilant to cyber threats. Killnet has previously targeted other high-profile organizations.

This includes the International Criminal Court and the US Department of Defense, and this incident demonstrates that even humanitarian aid efforts are not immune to cyberattacks. NATO has confirmed the hack and assured that its cyber experts are actively addressing the incident, reaffirming its commitment to cybersecurity.

Read:
https://www.darkreading.com/attacks-breaches/russian-hackers-disrupt-nato-earthquake-relief-operations-


ShadowPad Hacking Technique Used To Target South American Diplomatic Entities

Last Monday, Microsoft’s Security Intelligence team identified a Chinese cyber espionage threat actor as being behind a series of recent attacks on South American diplomatic entities. The cluster of attacks is being tracked under the label DEV-0147 and is said to be using hacking tools such as ShadowPad to invade their targets and maintain persistent access to them.

According to SecureWorks, ShadowPad is a remote access trojan that has been widely used by Chinese adversarial collectives with links to the Ministry of State Security (MSS) and the People’s Liberation Army (PLA). It is also known as PoisonPlug.

Though the exact method DEV-0147 is using to gain initial access to its targets has not yet been disclosed, phishing and the opportunistic targeting of unpatched applications are the most likely routes. In recent years, ShadowPad seems to have become a well-established favorite with Chinese hacking groups, suggesting that the method is gaining some success.

ShadowPad was also previously used by unidentified threat actors to target an ASEAN member foreign ministry through successfully exploiting a vulnerable Microsoft Exchange Server. This activity, named REF2924 by the company Elastic Security Labs, “represents an attack group that appears focused on …sponsored national strategic interest,” said the company.

Read: https://thehackernews.com/2023/02/chinese-hackers-targeting-south.html


Elsewhere online:


Latest update for Firefox 110 and Firefox ESR patches vulnerabilities

Read: https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/mozilla-releases-security-updates-firefox-110-and-firefox-esr

ShadowPad Hacking Technique Used To Target South American Diplomatic Entities
Read: https://thehackernews.com/2023/02/chinese-hackers-targeting-south.html

Under Trump’s administration, Pentagon officials were aware of suspected balloons flying over U.S. airspace
Read: https://www.forbes.com/sites/saradorn/2023/02/17/pentagon-officials-were-reportedly-aware-of-mysterious-balloons-during-the-trump-administration-but-didnt-inform-the-white-house/

The Russian government has developed a sophisticated cyber strategy in Ukraine, according to a Google report
Read: https://www.infosecurity-magazine.com/news/google-report-russia-elaborate/

Internet ‘erasure’ firm uses dubious methods to erase your past
Read: https://www.theguardian.com/world/2023/feb/17/spanish-firm-erase-past-internet-eliminalia-web


Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:

  • February 13th, 2023: Indigo Is The Latest Victim Of A String Of Cyber Attacks On Canadian Companies
  • February 6th, 2023: Canada’s ‘Cybersecurity’ Bill Is A Dangerous Overreach
  • January 30th, 2023: GoTo’s Data Breach Is Even Worse Than Previously Thought
  • January 23rd, 2023: California’s Unprecedented Data Breach Highlights Need For Privacy In Public Safety
  • January 16th,2023: Hackers Unleash Chaos: Danish Central Bank And Leading Private Bank Websites Under Siege

 

 

 

 

 

One response to “#AxisOfEasy 286: Do The Secrecy Provisions Of The Cybersecurity Bill Go Too Far?”

  1. Jon says:
    February 22, 2023 at 9:03 pm

    C.S. Lewis

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Be informed. Be safe. Be amused, often stunned with #AxisOfEasy Weekly Enter your email below to receive a concise, insightful weekly briefing. When you subscribe we'll send you a $10 coupon in case you ever decide to try out one of our many web services.

AxisOfEasy Weekly

Enter your email below to receive a concise, insightful weekly briefing and stay informed about cyberthreats and relevant tech happenings.

For the time being you do not have to be an easyDNS member to receive #AxisOfEasy, however when you subscribe we'll send you a $10 coupon in case you ever decide to try out one of our many web services.

#AxisOfEasy
#AxisOfEasy
Bombthrower
Bombthrower
Metaviews
Metaviews
Of Two Minds
Of Two Minds
Uncategorized
Venture Crapital
Venture Crapital
#AxisOfEasy is brought to you by....

easyDNS

Power & Freedom™ since 1998




easyDNS

Latest Headlines

  • Bull or Bear? The Ultimate Source of Market Instability
  • #AxisOfEasy 290: Microsoft AI Ethics Department Disbanded Amidst Industry Warnings
  • Welcome to the Era of Warring Elites
  • And Just Like That, The Tight Money Era Is Over
  • We’ve Forgotten That Business-Cycle Recessions Are Essential
  • Is your bank “important” enough to save? Don’t count on it.
  • Funny Things Happen on the Way to "Restoring Financial Stability"
  • #AxisOfEasy 289: Drop What You’re Doing: Update Android Edition
  • A Mismatch of Short and Long-Term Interest
  • Banks, Banks, Banks: The Elephant Nobody Even Sees

Latest Comments

  • Glen A. Pearce on #AxisOfEasy 290: Microsoft AI Ethics Department Disbanded Amidst Industry Warnings: “SerpentZA over on Youtube actually did a good episode on the Pig Butchering scam back in Dec. 2021: https://www.youtube.com/watch?v=-ZMboyepBK4 He…”
  • Tom Arkin on #AxisOfEasy 290: Microsoft AI Ethics Department Disbanded Amidst Industry Warnings: “was this week’s quote by Thomas Jefferson?”
  • Scott Dunston on #AxisOfEasy 290: Microsoft AI Ethics Department Disbanded Amidst Industry Warnings: “Plato is my guess for the this week’s quote.”

Behold The Axis

  • Epsilon Theory
  • Guerrilla Capitalism
  • James Kunstler
  • Metaviews
  • OfTwoMinds
  • Peak Prosperity
  • TTMYGH
  • Venture Crapital
  • Zerohedge

Tags

  • Bill C-26
  • bitcoin
  • Crypto-Mixer Sinbad
  • CVE-2023-23529
  • cyberattack
  • Cybersecurity Bill
  • DEV-0147
  • ESR patches
  • iOS 16.3.1
  • Killnet
  • Lazarus Group
  • NATO
  • OFAC
  • Russia
  • ShadowPad
  • Tesla
  • TikTok

Latest Headlines

Bull or Bear? The Ultimate Source of Market Instability

0 Comments

#AxisOfEasy 290: Microsoft AI Ethics Department Disbanded Amidst Industry Warnings

3 Comments

Welcome to the Era of Warring Elites

0 Comments

And Just Like That, The Tight Money Era Is Over

0 Comments

We’ve Forgotten That Business-Cycle Recessions Are Essential

0 Comments

Is your bank “important” enough to save? Don’t count on it.

0 Comments
  • 1
  • 2
  • 3
  • …
  • 190
  • Next »

Latest comments

Bull or Bear? The Ultimate Source of Market Instability

0 Comments

#AxisOfEasy 290: Microsoft AI Ethics Department Disbanded Amidst Industry Warnings

3 Comments

Welcome to the Era of Warring Elites

0 Comments

And Just Like That, The Tight Money Era Is Over

0 Comments

We’ve Forgotten That Business-Cycle Recessions Are Essential

0 Comments

Is your bank “important” enough to save? Don’t count on it.

0 Comments
  • 1
  • 2
  • 3
  • …
  • 190
  • Next »

Latest tweets

  • Microsoft AI ethics department disbanded amidst warnings FBI Analyst violates rules in Congress member search, re… https://t.co/ekwRpRdYzs2 days ago
  • The weekly #AxisOfEasy (289) featuring @JoeyTweeets and @TheBTCPriceBot is now up - and in your fave podcast feeds.… https://t.co/PI3q2Upxl56 days ago
  • RT @keyvandavani: Blowing Up The Clown World with Mark Jeftovic @StuntPope https://t.co/lkbaIymPAm7 days ago
  • Drop what you’re doing: Update Android edition Lazarus Group employs BYOVD attack & fileless execution in South K… https://t.co/zYj0SSHteU9 days ago

Plug into the #AxisOfEasy on....

Enter your email below to receive a concise, insightful weekly briefing

AxisOfEasy Weekly

Enter your email below to receive a concise, insightful weekly briefing and stay informed about cyberthreats and relevant tech happenings.

For the time being you do not have to be an easyDNS member to receive #AxisOfEasy, however when you subscribe we'll send you a $10 coupon in case you ever decide to try out one of our many web services.

  • Channels
    • #AxisOfEasy
    • Metaviews
    • Of Two Minds
    • Venture Crapital
  • Podcast
  • Our Mission
  • Contributors
  • Books

(c) 2017 - 2020 AxisOfEasy Media

  • Channels
    • #AxisOfEasy
    • Metaviews
    • Of Two Minds
    • Venture Crapital
  • Podcast
  • Our Mission
  • Contributors
  • Books