YouTube Censors Interview between James O’Keefe and Presidential Hopeful Robert Kennedy Jr.
YouTube has censored an interview between Robert F. Kennedy Jr., the 2024 Democratic presidential aspirant, and James O’Keefe, the founder of the O’Keefe Media Group. Titled “Lawsuits, Anthony Fauci, Fear, FBI, Becoming Commander-in-Chief and more!” the expunged interview had drawn considerable interest from viewers worldwide before being banned on grounds of violating community guidelines.
The appeal, according to Christina Maas at ReclaimTheNet.org, was bolstered by Kennedy’s active presidential campaign. By removing this interview, YouTube has once again sparked a series of discussions on Silicon Valley’s role in online censorship. These tech “monarchs”, says Maas, control what content is allowed on dominant social media platforms, and thus stifle free speech.
James O’Keefe took to Twitter to highlight YouTube’s actions, implicitly challenging the rationale behind the removal.
Read: https://reclaimthenet.org/youtube-censors-james-okeefe-scrubs-his-crucial-interview-with-presidential-hopeful-robert-kennedy-jr
Chinese Hackers Compromise Federal Email Accounts with “Stealthy and Sophisticated” Cyber Attack
On July 12, news broke of a Chinese cyber espionage campaign that had targeted several US federal agencies’ email accounts. At the time, it was reported that although quite a few federal agencies had been compromised, the hackers were highly selective about the email accounts they targeted. Commerce Secretary Gina Raimondo was the only high-level official to have been specifically named as a victim at the time.
A recent Wall Street Journal report, however, has updated that account. The report cites sources “familiar with the matter” in claiming that the number of compromised email accounts is in the hundreds of thousands, and that at least two more high-level officials were among those breached by the cyber espionage campaign: assistant secretary of state for East Asia Daniel Daniel Kritenbrink, and Ambassador to China Nicholas Burns.
The cyber espionage campaign began with the Chinese hackers somehow getting their hands on a Microsoft signing key, which was then used to forge authentication tokens to slip into email accounts via Outlook.com and Outlook OWA. At least 25 organizations were thought to be impacted, including an unspecified number of federal agencies. The Commerce and State Departments were confirmed to be hit by the breach.
The new reporting raises fresh questions about the actual total damage done by the cyber espionage campaign, but US officials maintain that only unclassified email accounts were accessed by the Chinese hackers and that there was probably little in the way of useful intelligence in them.
Read: https://www.cpomagazine.com/cyber-security/cyber-espionage-incident-involving-microsoft-cloud-expands-chinese-hackers-may-have-compromised-hundreds-of-thousands-of-government-email-accounts/
Indian Threat Actor, Patchwork, Targets Chinese Universities Using EyeShell Backdoor
Threat actors associated with the hacking crew Patchwork have recently been spotted targeting universities and research organizations in China as part of a recent cyber campaign. The activity entailed the use of a backdoor called EyeShell.
Patchwork is a suspected threat group that operates on behalf of India. The group has been operating since December 2015, with a narrow focus on Pakistan and China. The adversarial collective has been found to share tactical overlaps with other cyber-espionage groups with an Indian connection, including SideWinder and the DoNot Team.
Earlier this May, Meta disclosed that it took down 50 accounts on Facebook and Instagram operated by Patchwork, which took advantage of rogue messaging apps uploaded to the Google Play Store to collect data from victims in Pakistan, India, Bangladesh, Sri Lanka, Tibet, and China.
“Patchwork relied on a range of elaborate fictitious personas to socially engineer people into clicking on malicious links and downloading malicious apps,” the social media giant said.”These apps contained relatively basic malicious functionality with the access to user data solely reliant on legitimate app permissions granted by the end user. Notably, Patchwork created a fake review website for chat apps where they listed the top five communication apps, putting their own, attacker-controlled app at the top of the list.”
Some of its activities have also been reported under the name ModifiedElephant, according to Secureworks, referring to a set of attacks against human rights activists, academics, and lawyers across India to conduct long-term surveillance and plant “incriminating digital evidence” in connection with the 2018 Bhima Koregaon violence in the state of Maharashtra.
Read: https://thehackernews.com/2023/07/patchwork-hackers-target-chinese.html
FBI Inquiry Reveals FBI’s Financing of Mysterious Spy Tool
After it was revealed in April that a contractor had acquired and implemented a surveillance tool developed by NSO, the controversial Israeli hacking firm, on behalf of the U.S. government, White House officials expressed their lack of knowledge regarding the contract. Consequently, they entrusted the FBI with the task of determining the individuals or entities utilizing the technology.
This tool, referred to as Landmark, allows government authorities in Mexico to follow people without their knowledge or agreement.
The FBI now claims that it utilized the program inadvertently and that Riva Networks misled the agency.
Riva Networks has landed lucrative contracts with government agencies like the Defense Department, FBI, and Drug Enforcement Administration. They were also awarded a recent contract with the Air Force Research Laboratory.
Read: https://www.nytimes.com/2023/07/31/us/politics/nso-spy-tool-landmark-fbi.html
Unmasking WormGPT: The Rise of AI-Driven Business Email Compromise Attacks
The advancement of artificial intelligence (AI) technologies, such as OpenAI’s ChatGPT, has created an additional method for business email compromise (BEC) assaults. Cybercriminals can use such technologies to streamline the development of highly convincing bogus emails.
Organizations should implement strong email verification protocols to defend against AI-driven BEC assaults. Implementing systems that automatically detect when emails from outside the organization spoof internal leaders or vendors is one of them.
To summarize, the advancement of AI, while beneficial, introduces progressive, new assault vectors. Strong prevention actions must be implemented.
Read: https://slashnext.com/blog/wormgpt-the-generative-ai-tool-cybercriminals-are-using-to-launch-business-email-compromise-attacks/
Elsewhere online:
OpenAI Under Fire as FTC Opens Investigation Into Potential Consumer Protection Law Violations
Read: https://www.cpomagazine.com/data-privacy/ftc-investigation-into-openai-opened-over-potential-consumer-protection-law-violations/
Hackers Exploit Zero-Day Flaw in Ivanti’s Software to Compromise Norwegian Government Agencies
Read: https://techcrunch.com/2023/07/25/ivanti-epmm-zero-day-norway-government-breach/
North Korean Lazarus Hackers Utilize Compromised Microsoft IIS Servers to Spread Malware
Read: https://www.bleepingcomputer.com/news/security/lazarus-hackers-hijack-microsoft-iis-servers-to-spread-malware/
Hacker Claims 2 Million Medical Records Stolen from Egypt’s Ministry of Health
Read: https://www.infosecurity-magazine.com/news/hacker-stolen-medical-records/
Apple Issues Urgent Patches for Zero-Day Flaws
Read: https://thehackernews.com/2023/07/apple-rolls-out-urgent-patches-for-zero.html?&web_view=true
Here’s a quirky look at which threat actor matches your astrological sign
Read: https://www.atlanticcouncil.org/blogs/new-atlanticist/which-hacker-group-is-most-like-your-astrological-sign/
Previously on #AxisOfEasy
This quote was attributed to Thomas Jefferson. At least that is what I recall from my USAF leadership training.