This is your easyDNS #AxisOfEasy Briefing for the week of August 5th 2024 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey Tweets, and Len the Lengend click here.

In this issue: 

• Google Found Guilty of Anticompetitive Behavior
• US Government Sues TikTok Over Alleged Child Privacy Violations
• Proposed AI Censorship Bill Sparks Free Speech Debate
• Sitting Duck” DNS flaw is a Red Herring
• Global Malware Campaign Targets OTPs, Exploits Telegram for Distribution
• Uncertainty Looms Over Kids Online Safety Act Amid Deep Divisions

Elsewhere Online:

• Parody Site Defies CrowdStrike’s Takedown Attempt
• Attackers Can Reverse Windows Updates to Exploit Vulnerabilities
• Lawsuit Targets Firm Behind Theft of Billions of Personal Data
• North Korean Hackers Exploit VPN Vulnerability for Malware Attacks
• CRM-Masquerading Malware Targets Employees in Global Attack

Google Found Guilty of Anticompetitive Behavior

A landmark antitrust ruling has determined that Google exercised monopolistic power in the search engine market. A U.S. district court judge found that the company engaged in anticompetitive practices to maintain its dominant position. This decision marks a significant development in the ongoing scrutiny of tech giants and their market influence.

While the court concluded that Google monopolized the search market, it did not find evidence of similar behavior in the search advertising sector. Additionally, allegations of evidence tampering were dismissed. The company has indicated its intent to appeal the ruling.

The implications of this decision are far-reaching, potentially reshaping the competitive landscape of the search industry. It signals a heightened regulatory focus on tech monopolies and could serve as a precedent for future antitrust actions against other dominant tech platforms.

Read: https://arstechnica.com/tech-policy/2024/08/google-loses-dojs-big-monopoly-trial-over-search-business/


US Government Sues TikTok Over Alleged Child Privacy Violations

The U.S. Department of Justice has filed a lawsuit against TikTok and its parent company, ByteDance. The suit, filed in the U.S. District Court for the District of Columbia, accuses the companies of violating the Children’s Online Privacy Protection Act (COPPA). The allegations state that TikTok collected personal information from children under 13 without parental consent since 2019.

The lawsuit claims TikTok allowed children to create accounts outside of “Kids Mode,” exposing them to data collection and adult content. “For years, Defendants have knowingly allowed children under 13 to create and use TikTok accounts without their parents’ knowledge or consent,” the complaint reads. The Justice Department also alleges that TikTok failed to delete children’s data upon parental requests, violating COPPA’s requirements.

Acting Associate Attorney General Benjamin C. Mizer expressed concern, saying, “The Department seeks to ensure that TikTok honors its obligation to protect children’s privacy rights.” The lawsuit seeks civil penalties and injunctive relief to prevent further violations.

TikTok, in response, denied the allegations, stating they relate to past practices that have been addressed. The company emphasized its commitment to child safety and compliance. Recently, TikTok faced fines in Europe for similar privacy violations, including a $368 million penalty from the Irish Data Protection Commission.

Read: https://www.bleepingcomputer.com/news/security/us-sues-tiktok-for-violating-children-privacy-protection-laws/?&web\_view=true


Proposed AI Censorship Bill Sparks Free Speech Debate

Senators Chris Coons and Marsha Blackburn introduced the Nurture Originals, Foster Art, and Keep Entertainment Safe Act (NO FAKES Act) in the Senate. The bill aims to ban unauthorized digital replicas, with exceptions for parody, satire, and fair use. The entertainment industry supports the bill, with endorsements from Disney, the Motion Picture Association, and SAG-AFTRA.

SAG-AFTRA emphasized the importance of protecting intellectual property and performers’ likenesses. However, the Electronic Frontier Foundation (EFF) expressed concerns, fearing the bill could limit free speech. EFF criticized the bill’s definition of “digital replica” as too broad and potentially harmful.

The bill includes retroactive provisions, allowing rights holders, heirs, and celebrities to sue over unauthorized digital likenesses. EFF highlighted the difficulties in navigating the bill’s exemptions, stating, “If you have to pay a lawyer to figure out if they apply to you, and then try to persuade a rightsholder to agree,” the exemptions become meaningless.

A similar bill, NO AI FRAUD, exists in the House but lacks the Senate’s explicit property rights focus. Critics argue the bill prioritizes financial interests over free speech, potentially undermining artistic expression and innovation. The debate continues as the bill moves through Congress.

Read: https://reclaimthenet.org/ai-censorship-bill-raises-free-speech-concerns

“Sitting Duck” DNS flaw is a Red Herring

A lot of people have been emailing and tagging us online about a new “DNS vulnerability” called “Sitting Duck”, which, according to Krebs on Security
“makes more than 100 million domain names, including many registered by Fortune 100 firms vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars”

The Krebs article goes on to take aim at DNS providers specifically, making frequent references to “DNS flaw” and “exploitable providers”.

The only problem is, the whole issue a Red Herring – and not a DNS flaw. It is entirely an issue of poor domain management practices, combined with ignorance or lethargy on the part of the domain registrars.“

easyDNS co-founder and Domainsure CEO Mark Jeftovic, explains here:

Read: https://domainsure.com/news/sitting-duck-dns-flaw-is-a-red-herring/

Global Malware Campaign Targets OTPs, Exploits Telegram for Distribution

A large-scale cyberattack has been ongoing since at least February 2022, involving over 107,000 malicious Android apps. These apps, designed to steal SMS messages, are used to intercept one-time passwords (OTPs) for online account verification. Victims span 113 countries, with India and Russia being the most affected.

Zimperium, a mobile security firm, revealed that “over 99,000 of these applications are unknown and unavailable in generally available repositories.” The malware targets OTPs from more than 600 global brands, potentially impacting hundreds of millions of users.

The attack begins when victims unknowingly install malicious apps via deceptive ads or Telegram bots mimicking legitimate services like Microsoft Word. Once installed, these apps request SMS permissions and relay stolen messages to command-and-control servers.

The threat actors behind this campaign also offer a service called Fast SMS, selling access to virtual phone numbers. These numbers are likely used without the owner’s knowledge to create fake accounts for phishing and other fraudulent activities.

Telegram, a popular messaging app, is exploited for malware distribution and communication between hackers. Recent findings reveal its misuse for spreading various malware strains, including TgRAT, a remote access trojan. The widespread use of Telegram in corporate environments makes it a convenient tool for cybercriminals.

Read: https://thehackernews.com/2024/07/cybercriminals-deploy-100k-malware.html


Uncertainty Looms Over Kids Online Safety Act Amid Deep Divisions

The Kids Online Safety Act (KOSA) passed the Senate nearly unanimously last week but faces an uncertain future in the House. As Congress enters a six-week recess, the bill’s fate is unclear, with reports suggesting that House Republican leadership may not prioritize it. Senate Majority Leader Chuck Schumer expressed hope for its passage, stating, “Letting KOSA and the Children and Teens’ Online Protection Act collect dust in the House would be an awful mistake.”

KOSA has sparked significant debate. Proponents, including the Tech Oversight Project, argue it holds tech companies accountable for harmful impacts on children. “The accountability KOSA would provide for these families is long overdue,” said Sacha Haworth, executive director of the Tech Oversight Project.

However, opponents like Aliya Bhatia, policy analyst at the Center for Technology and Democracy, warn that KOSA could be misused to block access to critical information on topics like sexual health and LGBTQ+ issues. Evan Greer, director of Fight for the Future, criticized the bill, saying, “This was never really about protecting kids; it was about lawmakers wanting to say that they’re protecting kids.”

The debate highlights a broader issue of tech regulation and the struggle to balance safety and free expression.

Read: https://www.wired.com/story/kids-online-safety-act-kosa-stalled-in-house/

Elsewhere Online:

Parody Site Defies CrowdStrike’s Takedown Attempt
Read: https://arstechnica.com/tech-policy/2024/08/parody-site-clownstrike-refused-to-bow-to-crowdstrikes-bogus-dmca-takedown/