Drop what you’re doing: Update Android edition

If you’re running Android 11, 12 or 13, and unless your security patch level is already 2023-03-05 or later, right now would be an awesome time to upgrade it.

Two new remote code execution exploits have been squashed in the latest release. With what’s going on in the world right now, this is a pretty simple solution to keeping you as secure as possible.

Read: https://www.malwarebytes.com/blog/news/2023/03/update-android-now-two-critical-vulnerabilities-patched

Lazarus Group employs BYOVD attack and fileless execution in South Korean financial entity hack

The North Korea-linked Lazarus Group has once again made headlines for its cyberattacks, this time by exploiting a zero-day vulnerability to hack a financial business entity in South Korea twice within a span of a year.

The first attack in May 2022 used a vulnerable version of a certificate software widely used by public institutions and universities. However, the second attack in October 2022 involved the exploitation of a zero-day in the same program. Cybersecurity firm AhnLab Security Emergency Response Center (ASEC) has refrained from disclosing the software due to the vulnerability not being fully verified yet and a patch not being released.

The Lazarus Group gained initial access by an unknown method, and then proceeded to perform lateral movement using the zero-day bug. They then disabled the AhnLab V3 anti-malware engine via a BYOVD attack and took additional steps to conceal their malicious activity, including changing file names and modifying timestamps. This ultimately allowed them to install multiple backdoor payloads and connect to a remote command-and-control (C2) server to retrieve additional binaries and execute them in a fileless manner.

The constant evolution of the Lazarus Group’s tactics, including anti-forensic techniques, highlights the need for increased cybersecurity measures to combat their persistent threat.

Read: https://thehackernews.com/2023/03/lazarus-group-exploits-zero-day.html

FBI and international police seize NetWire RAT server and arrest admin

Law enforcement agencies worldwide, including the FBI, recently conducted an international operation that led to the seizure of the NetWire remote access trojan (RAT) and the arrest of a Croatian national suspected to be the administrator of the NetWire website. The service was promoted as a legitimate remote administration tool, but it has been used in various malicious activities, such as phishing attacks, business email compromise (BEC) campaigns, and network breaches. The seizure warrant was approved on March 3rd, and the operation was executed on Tuesday.

The service was sold via the website www.worldwiredlabs.com, where users could sign up for subscriptions for as little as $10 a month, which included support. However, since at least 2014, NetWire has been a tool of choice in various malicious activities. Threat actors could use the Netwire RAT to remotely take screenshots, download and upload files, execute commands, or download further programs to execute on infected Windows computers.

This operation involved police from the FBI, the United States Attorney’s Office for the Central District of California, the Croatia Ministry of the Interior Criminal Police Directorate, Zurich Cantonal Police, Europol, and the Australian Federal Police.

Read: https://www.bleepingcomputer.com/news/security/police-seize-netwire-rat-malware-infrastructure-arrest-admin/

Hundreds of lawmakers and staff have been affected by a Capitol Hill data breach

On Tuesday, a data breach at DC Health Link exposed vital personal information of over several hundred Congressional staffers and lawmakers. In a letter uncovered by NBC News, Chief Administrative Officer Catherine L Szpindor revealed that the Capitol Police and FBI had notified her about this intrusion into the Affordable Care Act online marketplace where health care plans are held for Congresspeople and certain staff members from Capitol Hill.

The data breach affected Senate offices and included full names, dates of enrollment, relationships, and email addresses but no other personally identifiable Information. According to DC Health Benefit Exchange Authority, which operates DC Health Link, the breach has been investigated, and customers have been provided with identity monitoring and credit monitoring services.

On the other hand, House Speaker Kevin McCarthy and Minority Leader Hakeem Jeffries have raised significant concerns about a potential data breach of DC Health Link, which could affect thousands of congressional members and employees since 2014. In response to the situation, they requested further information on exactly who was affected by this incident and what steps are being taken to protect victims from any fallout.

Read: https://www.zerohedge.com/technology/significant-data-breach-hits-lawmakers-capitol-hill

Federal agencies partnered to develop facial recognition for street cameras and drones

A Freedom of Information Act lawsuit filed by the American Civil Liberties Union led to the discovery of thousands of internal documents revealing the FBI and Defense Department’s involvement in advanced surveillance using facial recognition software. The documents show the government’s ambition to develop a powerful tool to identify people based on street camera footage and drone footage. Using funding from the Intelligence Advanced Research Projects Agency, the Janus program developed and tested software that could process “truly unconstrained face imagery” collected by surveillance cameras in public places, such as subway stations and street corners, in collaboration with FBI scientists and leading computer vision experts.

The documents describe a data-gathering test that took place at a Defense Department training center that resembled a hospital, subway station, outdoor market, and school. During the experiment, thousands of surveillance videos and images were captured, some of which were captured by a drone. In turn, the improved facial recognition system was integrated into a search tool called Horus and made available to the Pentagon’s Combating Terrorism Technical Support Office. Six federal agencies have used Horus since it was introduced, and their feedback is being used to refine the tool.

Documents show that federal officials were involved in the technology’s development more closely than previously thought, even though three states and more than a dozen cities banned or restricted its use. According to a deputy director at the ACLU, using facial recognition technology in mass surveillance would be a “nightmare scenario.” These documents provide a detailed analysis of the technological decisions researchers have made in recent years to take advantage of both artificial intelligence and computer imaging breakthroughs, as well as the accumulating data about Americans.

After these documents were revealed, a bipartisan group of lawmakers introduced a bill banning the use of biometric technologies by federal organizations, including facial recognition and face-scanning surveillance devices. Federal dollars would also be prohibited from being used for biometric surveillance systems under the bill.

Read: https://www.washingtonpost.com/technology/2023/03/07/facial-recognition-fbi-dod-research-aclu/


easyNostr: Setup your NIP-05 ID under your own domain (or use one of ours)

Mark Jeftovic – Future of Privacy & The Internet, The Bitcoin Capitalist & EasyDNS 

Mark discusses his latest thoughts with Rock Star Real Estate Inc.
A discussion on what he’s seeing with the Internet’s evolution, the future of money and what’s happening to the middle class.  He gets technical with some discussion of ordinals and inscriptions on Bitcoin.

Watch: https://www.youtube.com/watch?v=pJYwSSmYY8g&t=2316s&ab_channel=RockStarRealEstateInc


Elsewhere online:

Rise in ChatGPT-driven scams poses risk to online security
Read: https://blog.cyble.com/2023/02/22/the-growing-threat-of-chatgpt-based-phishing-attacks/

Russia cracks down on foreign messaging apps
Read: https://www.bleepingcomputer.com/news/security/russia-bans-private-messaging-apps-owned-by-foreign-entities/

Ransomware attack on university blamed on Iranian state-sponsored hackers
Read: https://therecord.media/israel-technion-ransomware-attack-iran-darkbit-muddywater

An AI-powered keylogging attack known as ‘BlackMamba’ is evading modern EDR security measures
Read: https://www.darkreading.com/endpoint/ai-blackmamba-keylogging-edr-security

Finnish cybersecurity company poll finds two-thirds of brits worried about their personal security online
Read: https://www.infosecurity-magazine.com/news/fifth-brits-have-victim-online/