Drop what you’re doing: Update Android edition
If you’re running Android 11, 12 or 13, and unless your security patch level is already 2023-03-05 or later, right now would be an awesome time to upgrade it.
Two new remote code execution exploits have been squashed in the latest release. With what’s going on in the world right now, this is a pretty simple solution to keeping you as secure as possible.
Read: https://www.malwarebytes.com/blog/news/2023/03/update-android-now-two-critical-vulnerabilities-patched
Lazarus Group employs BYOVD attack and fileless execution in South Korean financial entity hack
The North Korea-linked Lazarus Group has once again made headlines for its cyberattacks, this time by exploiting a zero-day vulnerability to hack a financial business entity in South Korea twice within a span of a year.
The first attack in May 2022 used a vulnerable version of a certificate software widely used by public institutions and universities. However, the second attack in October 2022 involved the exploitation of a zero-day in the same program. Cybersecurity firm AhnLab Security Emergency Response Center (ASEC) has refrained from disclosing the software due to the vulnerability not being fully verified yet and a patch not being released.
The Lazarus Group gained initial access by an unknown method, and then proceeded to perform lateral movement using the zero-day bug. They then disabled the AhnLab V3 anti-malware engine via a BYOVD attack and took additional steps to conceal their malicious activity, including changing file names and modifying timestamps. This ultimately allowed them to install multiple backdoor payloads and connect to a remote command-and-control (C2) server to retrieve additional binaries and execute them in a fileless manner.
The constant evolution of the Lazarus Group’s tactics, including anti-forensic techniques, highlights the need for increased cybersecurity measures to combat their persistent threat.
Read: https://thehackernews.com/2023/03/lazarus-group-exploits-zero-day.html
FBI and international police seize NetWire RAT server and arrest admin
Law enforcement agencies worldwide, including the FBI, recently conducted an international operation that led to the seizure of the NetWire remote access trojan (RAT) and the arrest of a Croatian national suspected to be the administrator of the NetWire website. The service was promoted as a legitimate remote administration tool, but it has been used in various malicious activities, such as phishing attacks, business email compromise (BEC) campaigns, and network breaches. The seizure warrant was approved on March 3rd, and the operation was executed on Tuesday.
The service was sold via the website www.worldwiredlabs.com, where users could sign up for subscriptions for as little as $10 a month, which included support. However, since at least 2014, NetWire has been a tool of choice in various malicious activities. Threat actors could use the Netwire RAT to remotely take screenshots, download and upload files, execute commands, or download further programs to execute on infected Windows computers.
This operation involved police from the FBI, the United States Attorney’s Office for the Central District of California, the Croatia Ministry of the Interior Criminal Police Directorate, Zurich Cantonal Police, Europol, and the Australian Federal Police.
Read: https://www.bleepingcomputer.com/news/security/police-seize-netwire-rat-malware-infrastructure-arrest-admin/
Hundreds of lawmakers and staff have been affected by a Capitol Hill data breach
On Tuesday, a data breach at DC Health Link exposed vital personal information of over several hundred Congressional staffers and lawmakers. In a letter uncovered by NBC News, Chief Administrative Officer Catherine L Szpindor revealed that the Capitol Police and FBI had notified her about this intrusion into the Affordable Care Act online marketplace where health care plans are held for Congresspeople and certain staff members from Capitol Hill.
The data breach affected Senate offices and included full names, dates of enrollment, relationships, and email addresses but no other personally identifiable Information. According to DC Health Benefit Exchange Authority, which operates DC Health Link, the breach has been investigated, and customers have been provided with identity monitoring and credit monitoring services.
On the other hand, House Speaker Kevin McCarthy and Minority Leader Hakeem Jeffries have raised significant concerns about a potential data breach of DC Health Link, which could affect thousands of congressional members and employees since 2014. In response to the situation, they requested further information on exactly who was affected by this incident and what steps are being taken to protect victims from any fallout.
Read: https://www.zerohedge.com/technology/significant-data-breach-hits-lawmakers-capitol-hill
Federal agencies partnered to develop facial recognition for street cameras and drones
A Freedom of Information Act lawsuit filed by the American Civil Liberties Union led to the discovery of thousands of internal documents revealing the FBI and Defense Department’s involvement in advanced surveillance using facial recognition software. The documents show the government’s ambition to develop a powerful tool to identify people based on street camera footage and drone footage. Using funding from the Intelligence Advanced Research Projects Agency, the Janus program developed and tested software that could process “truly unconstrained face imagery” collected by surveillance cameras in public places, such as subway stations and street corners, in collaboration with FBI scientists and leading computer vision experts.
The documents describe a data-gathering test that took place at a Defense Department training center that resembled a hospital, subway station, outdoor market, and school. During the experiment, thousands of surveillance videos and images were captured, some of which were captured by a drone. In turn, the improved facial recognition system was integrated into a search tool called Horus and made available to the Pentagon’s Combating Terrorism Technical Support Office. Six federal agencies have used Horus since it was introduced, and their feedback is being used to refine the tool.
Documents show that federal officials were involved in the technology’s development more closely than previously thought, even though three states and more than a dozen cities banned or restricted its use. According to a deputy director at the ACLU, using facial recognition technology in mass surveillance would be a “nightmare scenario.” These documents provide a detailed analysis of the technological decisions researchers have made in recent years to take advantage of both artificial intelligence and computer imaging breakthroughs, as well as the accumulating data about Americans.
After these documents were revealed, a bipartisan group of lawmakers introduced a bill banning the use of biometric technologies by federal organizations, including facial recognition and face-scanning surveillance devices. Federal dollars would also be prohibited from being used for biometric surveillance systems under the bill.
Read: https://www.washingtonpost.com/technology/2023/03/07/facial-recognition-fbi-dod-research-aclu/
easyNostr: Setup your NIP-05 ID under your own domain (or use one of ours)
The latest decentralized microblogging protocol with great potential and fast growth is Nostr. The distinguishing feature is that it’s a protocol (like SMTP,) rather than a platform (like Twitter.)
The news part of this is, as of right now, you are ready to set up your own NIP-05 ID under your own domain or one of ours with the help of our new
easyNostr service.
Mark Jeftovic – Future of Privacy & The Internet, The Bitcoin Capitalist & EasyDNS
Mark discusses his latest thoughts with Rock Star Real Estate Inc.
A discussion on what he’s seeing with the Internet’s evolution, the future of money and what’s happening to the middle class. He gets technical with some discussion of ordinals and inscriptions on Bitcoin.
Watch: https://www.youtube.com/watch?v=pJYwSSmYY8g&t=2316s&ab_channel=RockStarRealEstateInc
Elsewhere online:
Rise in ChatGPT-driven scams poses risk to online security
Read: https://blog.cyble.com/2023/02/22/the-growing-threat-of-chatgpt-based-phishing-attacks/
Russia cracks down on foreign messaging apps
Read: https://www.bleepingcomputer.com/news/security/russia-bans-private-messaging-apps-owned-by-foreign-entities/
Ransomware attack on university blamed on Iranian state-sponsored hackers
Read: https://therecord.media/israel-technion-ransomware-attack-iran-darkbit-muddywater
An AI-powered keylogging attack known as ‘BlackMamba’ is evading modern EDR security measures
Read: https://www.darkreading.com/endpoint/ai-blackmamba-keylogging-edr-security
Finnish cybersecurity company poll finds two-thirds of brits worried about their personal security online
Read: https://www.infosecurity-magazine.com/news/fifth-brits-have-victim-online/
Well, I only know one famous bureaucracy theorist and that is Max Weber, and have used his iron cage quote a few times. This quote sounds like him.
My guess is Oscar Wilde
My guess this week is Bucky Fuller. Re. the previous quote, I’m always guessing Mark Twain, how’d I miss that one? Lol!
is this week’s quote from the gulag archipelago?
whether right or wrong, i’m always happy to plug that book.
I know this isn’t the right answer, but it sounds like a line from Terry Gilliam’s “Brazil.”
The quote sounds like Kafka, but it’s not dark enough. I’m going with Oscar Wilde.
Oscar Wilde. I really like this one.
my guess is Ronald Reagan.