• Channels
    • #AxisOfEasy
    • Metaviews
    • Of Two Minds
    • Venture Crapital
  • Podcast
  • Our Mission
  • Contributors
  • Books
Subscribe

AxisOfEasy Subscribe

AxisOfEasy Weekly

Enter your email below to receive a concise, insightful weekly briefing and stay informed about cyberthreats and relevant tech happenings.

For the time being you do not have to be an easyDNS member to receive #AxisOfEasy, however when you subscribe we'll send you a $10 coupon in case you ever decide to try out one of our many web services.

#AxisOfEasy 289: Drop What You’re Doing: Update Android Edition

by Mark E. Jeftovic on March 14, 2023

Weekly Axis Of Easy #289


Last Week’s Quote was “Get your facts first, then you can distort them as you please,”  was by Mark Twain.  3rd week with no winner !

This Week’s Quote: “The bureaucracy is expanding to meet the needs of an expanding bureaucracy.”  By ???

THE RULES:  No searching up the answer, must be posted at the bottom of this post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.


This is your easyDNS #AxisOfEasy Briefing for the week of March 13th, 2023 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.
 
Our  podcast version is back!  Look for it  a few days after the release of the newsletter.
Watch: https://axisofeasy.com/series/aoe-weekly-digest/

In this issue:
  • Drop what you’re doing: Update Android edition
  • Lazarus Group employs BYOVD attack and fileless execution in South Korean financial entity hack
  • FBI and international police seize NetWire RAT server and arrest admin
  • Hundreds of lawmakers and staff have been affected by a Capitol Hill data breach
  • Federal agencies partnered to develop facial recognition for street cameras and drones
  • easyNostr: Setup your NIP-05 ID under your own domain (or use one of ours)
  • Mark Jeftovic – Future of Privacy & The Internet, The Bitcoin Capitalist & EasyDNS 
 
Elsewhere online:
  • Rise in ChatGPT-driven scams poses risk to online security
  • Russia cracks down on foreign messaging apps
  • Ransomware attack on university blamed on Iranian state-sponsored hackers
  • An AI-powered keylogging attack known as ‘BlackMamba’ is evading modern EDR security measures
  • Finnish cybersecurity company poll finds two-thirds of brits worried about their personal security online


Drop what you’re doing: Update Android edition

If you’re running Android 11, 12 or 13, and unless your security patch level is already 2023-03-05 or later, right now would be an awesome time to upgrade it.

Two new remote code execution exploits have been squashed in the latest release. With what’s going on in the world right now, this is a pretty simple solution to keeping you as secure as possible.

Read: https://www.malwarebytes.com/blog/news/2023/03/update-android-now-two-critical-vulnerabilities-patched

Lazarus Group employs BYOVD attack and fileless execution in South Korean financial entity hack

The North Korea-linked Lazarus Group has once again made headlines for its cyberattacks, this time by exploiting a zero-day vulnerability to hack a financial business entity in South Korea twice within a span of a year.

The first attack in May 2022 used a vulnerable version of a certificate software widely used by public institutions and universities. However, the second attack in October 2022 involved the exploitation of a zero-day in the same program. Cybersecurity firm AhnLab Security Emergency Response Center (ASEC) has refrained from disclosing the software due to the vulnerability not being fully verified yet and a patch not being released.

The Lazarus Group gained initial access by an unknown method, and then proceeded to perform lateral movement using the zero-day bug. They then disabled the AhnLab V3 anti-malware engine via a BYOVD attack and took additional steps to conceal their malicious activity, including changing file names and modifying timestamps. This ultimately allowed them to install multiple backdoor payloads and connect to a remote command-and-control (C2) server to retrieve additional binaries and execute them in a fileless manner.

The constant evolution of the Lazarus Group’s tactics, including anti-forensic techniques, highlights the need for increased cybersecurity measures to combat their persistent threat.

Read: https://thehackernews.com/2023/03/lazarus-group-exploits-zero-day.html

 

FBI and international police seize NetWire RAT server and arrest admin

Law enforcement agencies worldwide, including the FBI, recently conducted an international operation that led to the seizure of the NetWire remote access trojan (RAT) and the arrest of a Croatian national suspected to be the administrator of the NetWire website. The service was promoted as a legitimate remote administration tool, but it has been used in various malicious activities, such as phishing attacks, business email compromise (BEC) campaigns, and network breaches. The seizure warrant was approved on March 3rd, and the operation was executed on Tuesday.

The service was sold via the website www.worldwiredlabs.com, where users could sign up for subscriptions for as little as $10 a month, which included support. However, since at least 2014, NetWire has been a tool of choice in various malicious activities. Threat actors could use the Netwire RAT to remotely take screenshots, download and upload files, execute commands, or download further programs to execute on infected Windows computers.

This operation involved police from the FBI, the United States Attorney’s Office for the Central District of California, the Croatia Ministry of the Interior Criminal Police Directorate, Zurich Cantonal Police, Europol, and the Australian Federal Police.

Read: https://www.bleepingcomputer.com/news/security/police-seize-netwire-rat-malware-infrastructure-arrest-admin/


Hundreds of lawmakers and staff have been affected by a Capitol Hill data breach

On Tuesday, a data breach at DC Health Link exposed vital personal information of over several hundred Congressional staffers and lawmakers. In a letter uncovered by NBC News, Chief Administrative Officer Catherine L Szpindor revealed that the Capitol Police and FBI had notified her about this intrusion into the Affordable Care Act online marketplace where health care plans are held for Congresspeople and certain staff members from Capitol Hill.

The data breach affected Senate offices and included full names, dates of enrollment, relationships, and email addresses but no other personally identifiable Information. According to DC Health Benefit Exchange Authority, which operates DC Health Link, the breach has been investigated, and customers have been provided with identity monitoring and credit monitoring services.

On the other hand, House Speaker Kevin McCarthy and Minority Leader Hakeem Jeffries have raised significant concerns about a potential data breach of DC Health Link, which could affect thousands of congressional members and employees since 2014. In response to the situation, they requested further information on exactly who was affected by this incident and what steps are being taken to protect victims from any fallout.

Read: https://www.zerohedge.com/technology/significant-data-breach-hits-lawmakers-capitol-hill


Federal agencies partnered to develop facial recognition for street cameras and drones

A Freedom of Information Act lawsuit filed by the American Civil Liberties Union led to the discovery of thousands of internal documents revealing the FBI and Defense Department’s involvement in advanced surveillance using facial recognition software. The documents show the government’s ambition to develop a powerful tool to identify people based on street camera footage and drone footage. Using funding from the Intelligence Advanced Research Projects Agency, the Janus program developed and tested software that could process “truly unconstrained face imagery” collected by surveillance cameras in public places, such as subway stations and street corners, in collaboration with FBI scientists and leading computer vision experts.

The documents describe a data-gathering test that took place at a Defense Department training center that resembled a hospital, subway station, outdoor market, and school. During the experiment, thousands of surveillance videos and images were captured, some of which were captured by a drone. In turn, the improved facial recognition system was integrated into a search tool called Horus and made available to the Pentagon’s Combating Terrorism Technical Support Office. Six federal agencies have used Horus since it was introduced, and their feedback is being used to refine the tool.

Documents show that federal officials were involved in the technology’s development more closely than previously thought, even though three states and more than a dozen cities banned or restricted its use. According to a deputy director at the ACLU, using facial recognition technology in mass surveillance would be a “nightmare scenario.” These documents provide a detailed analysis of the technological decisions researchers have made in recent years to take advantage of both artificial intelligence and computer imaging breakthroughs, as well as the accumulating data about Americans.

After these documents were revealed, a bipartisan group of lawmakers introduced a bill banning the use of biometric technologies by federal organizations, including facial recognition and face-scanning surveillance devices. Federal dollars would also be prohibited from being used for biometric surveillance systems under the bill.

Read: https://www.washingtonpost.com/technology/2023/03/07/facial-recognition-fbi-dod-research-aclu/


easyNostr: Setup your NIP-05 ID under your own domain (or use one of ours)

The latest decentralized microblogging protocol with great potential and fast growth is Nostr. The distinguishing feature is that it’s a protocol (like SMTP,) rather than a platform (like Twitter.)

The news part of this is, as of right now, you are ready to set up your own NIP-05 ID under your own domain or one of ours with the help of our new easyNostr service. 
 
Read: https://easydns.com/blog/2023/03/12/easynostr-setup-your-nip-05-id-under-your-own-domain-or-use-one-of-ours/


Mark Jeftovic – Future of Privacy & The Internet, The Bitcoin Capitalist & EasyDNS 

Mark discusses his latest thoughts with Rock Star Real Estate Inc.
A discussion on what he’s seeing with the Internet’s evolution, the future of money and what’s happening to the middle class.  He gets technical with some discussion of ordinals and inscriptions on Bitcoin.

Watch: https://www.youtube.com/watch?v=pJYwSSmYY8g&t=2316s&ab_channel=RockStarRealEstateInc


Elsewhere online:


Rise in ChatGPT-driven scams poses risk to online security
Read: https://blog.cyble.com/2023/02/22/the-growing-threat-of-chatgpt-based-phishing-attacks/

 

Russia cracks down on foreign messaging apps
Read: https://www.bleepingcomputer.com/news/security/russia-bans-private-messaging-apps-owned-by-foreign-entities/


Ransomware attack on university blamed on Iranian state-sponsored hackers
Read: https://therecord.media/israel-technion-ransomware-attack-iran-darkbit-muddywater

 

An AI-powered keylogging attack known as ‘BlackMamba’ is evading modern EDR security measures
Read: https://www.darkreading.com/endpoint/ai-blackmamba-keylogging-edr-security

 

Finnish cybersecurity company poll finds two-thirds of brits worried about their personal security online
Read: https://www.infosecurity-magazine.com/news/fifth-brits-have-victim-online/


Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:

  • March 6th, 2023: The Danger Of Weaponizing Disinformation: The Controversial Actions Of The Global Disinformation Index
  • February 27th, 2023: Google Blocks Percentage Of Canadian Users From Accessing The News Online In Light Of Canadian Bill C-18
  • February 20th, 2023: Do The Secrecy Provisions Of The Cybersecurity Bill Go Too Far?
  • February 13th, 2023: Indigo Is The Latest Victim Of A String Of Cyber Attacks On Canadian Companies
  • February 6th, 2023: Canada’s ‘Cybersecurity’ Bill Is A Dangerous Overreach

 

 

 

 

 

8 responses to “#AxisOfEasy 289: Drop What You’re Doing: Update Android Edition”

  1. Piers says:
    March 14, 2023 at 6:25 pm

    Well, I only know one famous bureaucracy theorist and that is Max Weber, and have used his iron cage quote a few times. This quote sounds like him.

    Reply
  2. Henry Ryan says:
    March 14, 2023 at 7:31 pm

    My guess is Oscar Wilde

    Reply
  3. Mike says:
    March 14, 2023 at 7:32 pm

    My guess this week is Bucky Fuller. Re. the previous quote, I’m always guessing Mark Twain, how’d I miss that one? Lol!

    Reply
  4. phillip freeman says:
    March 14, 2023 at 8:26 pm

    is this week’s quote from the gulag archipelago?

    whether right or wrong, i’m always happy to plug that book.

    Reply
  5. Jon says:
    March 14, 2023 at 9:15 pm

    I know this isn’t the right answer, but it sounds like a line from Terry Gilliam’s “Brazil.”

    Reply
  6. Mark Nair says:
    March 14, 2023 at 9:15 pm

    The quote sounds like Kafka, but it’s not dark enough. I’m going with Oscar Wilde.

    Reply
  7. Sandy says:
    March 15, 2023 at 2:09 am

    Oscar Wilde. I really like this one.

    Reply
  8. David Hutchinson says:
    March 15, 2023 at 11:48 am

    my guess is Ronald Reagan.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Be informed. Be safe. Be amused, often stunned with #AxisOfEasy Weekly Enter your email below to receive a concise, insightful weekly briefing. When you subscribe we'll send you a $10 coupon in case you ever decide to try out one of our many web services.

AxisOfEasy Weekly

Enter your email below to receive a concise, insightful weekly briefing and stay informed about cyberthreats and relevant tech happenings.

For the time being you do not have to be an easyDNS member to receive #AxisOfEasy, however when you subscribe we'll send you a $10 coupon in case you ever decide to try out one of our many web services.

#AxisOfEasy
#AxisOfEasy
Bombthrower
Bombthrower
Metaviews
Metaviews
Of Two Minds
Of Two Minds
Uncategorized
Venture Crapital
Venture Crapital
#AxisOfEasy is brought to you by....

easyDNS

Power & Freedom™ since 1998




easyDNS

Latest Headlines

  • Bull or Bear? The Ultimate Source of Market Instability
  • #AxisOfEasy 290: Microsoft AI Ethics Department Disbanded Amidst Industry Warnings
  • Welcome to the Era of Warring Elites
  • And Just Like That, The Tight Money Era Is Over
  • We’ve Forgotten That Business-Cycle Recessions Are Essential
  • Is your bank “important” enough to save? Don’t count on it.
  • Funny Things Happen on the Way to "Restoring Financial Stability"
  • #AxisOfEasy 289: Drop What You’re Doing: Update Android Edition
  • A Mismatch of Short and Long-Term Interest
  • Banks, Banks, Banks: The Elephant Nobody Even Sees

Latest Comments

  • Glen A. Pearce on #AxisOfEasy 290: Microsoft AI Ethics Department Disbanded Amidst Industry Warnings: “SerpentZA over on Youtube actually did a good episode on the Pig Butchering scam back in Dec. 2021: https://www.youtube.com/watch?v=-ZMboyepBK4 He…”
  • Tom Arkin on #AxisOfEasy 290: Microsoft AI Ethics Department Disbanded Amidst Industry Warnings: “was this week’s quote by Thomas Jefferson?”
  • Scott Dunston on #AxisOfEasy 290: Microsoft AI Ethics Department Disbanded Amidst Industry Warnings: “Plato is my guess for the this week’s quote.”

Behold The Axis

  • Epsilon Theory
  • Guerrilla Capitalism
  • James Kunstler
  • Metaviews
  • OfTwoMinds
  • Peak Prosperity
  • TTMYGH
  • Venture Crapital
  • Zerohedge

Tags

  • ACLU
  • AhnLab
  • Android
  • ASEC
  • Australian Federal Police.
  • BEC
  • BlackMamba
  • Brodeur
  • BYOVD
  • Catherine L Szpindor
  • Central District of California
  • ChatGPT
  • DC Health Link
  • easyNostr
  • EDR
  • Europol
  • Horus
  • Jacob Engels
  • Janus program
  • Kevin McCarthy
  • Lazarus Group
  • Minority Leader Hakeem Jeffries
  • NBC News
  • NetWire
  • Newt Gingrich
  • NIP-05 ID
  • Nostr
  • Pentagon
  • RAT
  • Rock Star Real Estate Inc
  • SB 1316
  • SMTP
  • the Croatia Ministry of the Interior Criminal Police Directorate
  • Zurich Cantonal Police

Latest Headlines

Bull or Bear? The Ultimate Source of Market Instability

0 Comments

#AxisOfEasy 290: Microsoft AI Ethics Department Disbanded Amidst Industry Warnings

3 Comments

Welcome to the Era of Warring Elites

0 Comments

And Just Like That, The Tight Money Era Is Over

0 Comments

We’ve Forgotten That Business-Cycle Recessions Are Essential

0 Comments

Is your bank “important” enough to save? Don’t count on it.

0 Comments
  • 1
  • 2
  • 3
  • …
  • 190
  • Next »

Latest comments

Bull or Bear? The Ultimate Source of Market Instability

0 Comments

#AxisOfEasy 290: Microsoft AI Ethics Department Disbanded Amidst Industry Warnings

3 Comments

Welcome to the Era of Warring Elites

0 Comments

And Just Like That, The Tight Money Era Is Over

0 Comments

We’ve Forgotten That Business-Cycle Recessions Are Essential

0 Comments

Is your bank “important” enough to save? Don’t count on it.

0 Comments
  • 1
  • 2
  • 3
  • …
  • 190
  • Next »

Latest tweets

  • Microsoft AI ethics department disbanded amidst warnings FBI Analyst violates rules in Congress member search, re… https://t.co/ekwRpRdYzs2 days ago
  • The weekly #AxisOfEasy (289) featuring @JoeyTweeets and @TheBTCPriceBot is now up - and in your fave podcast feeds.… https://t.co/PI3q2Upxl56 days ago
  • RT @keyvandavani: Blowing Up The Clown World with Mark Jeftovic @StuntPope https://t.co/lkbaIymPAm7 days ago
  • Drop what you’re doing: Update Android edition Lazarus Group employs BYOVD attack & fileless execution in South K… https://t.co/zYj0SSHteU9 days ago

Plug into the #AxisOfEasy on....

Enter your email below to receive a concise, insightful weekly briefing

AxisOfEasy Weekly

Enter your email below to receive a concise, insightful weekly briefing and stay informed about cyberthreats and relevant tech happenings.

For the time being you do not have to be an easyDNS member to receive #AxisOfEasy, however when you subscribe we'll send you a $10 coupon in case you ever decide to try out one of our many web services.

  • Channels
    • #AxisOfEasy
    • Metaviews
    • Of Two Minds
    • Venture Crapital
  • Podcast
  • Our Mission
  • Contributors
  • Books

(c) 2017 - 2020 AxisOfEasy Media

  • Channels
    • #AxisOfEasy
    • Metaviews
    • Of Two Minds
    • Venture Crapital
  • Podcast
  • Our Mission
  • Contributors
  • Books