Japan’s major port hit with ransomware
The Port of Nagoya is Japan’s busiest port, accounting for about 10% of the country’s total trade volume. The port’s administrative authority issued a notice that a ransomware attack on July 4th impacted its Nagoya Port Unified Terminal System, or NUTS. This impacted operations, canceling the loading and unloading operations from ship containers onto trailers. Authorities say it plans to restore NUTS and resume operations by the morning of July 6th. No word on what group orchestrated the attack.
European court orders changes to Meta’s data practices
Back in 2019, the German government antitrust authority directed the company then known as Facebook to change how it tracks customers on its web and mobile apps. That decision argued Meta forces users to unwittingly share data across its apps and third-party websites by using likes and shared posts. Now a ruling by the European Union’s Court of Justice upheld that ruling, calling Meta’s practices a violation of GDPR. The court instructed national regulators to use GDPR enforcement as a mechanism to get Meta to change its practices.
Injunction restricts White House contact with social media companies
Judge Terry A. Doughty issued an injunction, barring some officials in the White House, CISA, the FBI, and Homeland Security from contacting social media companies about moderating content protected under the First Amendment.
The injunction comes from a lawsuit brought by attorneys general in Louisiana and Missouri, against President Biden, the Centers for Disease Control, the National Institute of Allergy and Infectious Disease, and Department of Homeland Security, alleging that since 2017, government officials began planning for “a ‘systemic and systematic campaign’ to control speech on social media.” The judge issued the injunction saying the plaintiffs are likely to succeed on the merits of their case. The injunction includes exemptions for national security threats, public safety, cyber attacks, and other malicious activity.
A White House spokesperson speaking to the New York Times said the Justice Department began reviewing the ruling to evaluate any next steps.
UK law could allow for real-time internet logs
A UK government inquiry into fraud in the country found that it “cost society at least £4.7 billion each year” but that less than 8% of reported fraud crimes end up investigated. It deemed the level of policing focus not up to the scale and complexity of modern fraud. To combat this, the government began considering a new law that would empower its GCHQ intelligence agency to monitor logs of domestic internet traffic in real-time to identify and disrupt fraud. Currently the UK government can request internet connection records from telcos, which can be used to identify a person suspected of a crime. It’s unclear how GCHQ would overcome the technical hurdles for such real-time monitoring if this law came into effect.
And now a word from our sponsor, SlashNext
Twitter ends “temporary emergency measure”
Last week, Twitter stopped allowing users to view any tweets while not logged into the service. At the time chairman Elon Musk characterized the move as a “temporary emergency measure” to keep third-parties from scraping data. Users reported that Twitter began reversing this decision, allowing viewers not logged into the service to view single tweets. Seeing a profile, a public feed, or replies still requires logging in. Daily rate limits on viewing tweets remain in place.
(Engadget )
Can Microsoft fix ransomware?
Dark Reading’s Adam Shostack makes the argument that rate limiting could be the key to solving ransomware. He puts this potential solution squarely in Microsoft’s court. Shostack argues that because Windows uses the “CreateFile” API to both create and access files, a Microsoft-instituted rate limit would severely limit the potential damage of ransomware encryption. He argues the OS should use multiple rate limits for different use case. Backup software and complies would use higher ones for instance. He fully acknowledges that this opens a can of worms in terms of breaking compatibility into apps. But he argues the high costs of prevalent ransomware attacks makes it worth addressing now.
New tools allows sending external malware to Microsoft Teams
Last month, security researchers at the firm Jumpsec showed that malicious actors can change the ID in a POST message, allowing Teams to treat an external user as an internal one. A member of the US Navy’s red team published a tool called TeamsPhisher to leverage that flaw. The tool provides a fully automated attack method, allowing someone to “upload the attachment to the sender’s Sharepoint, and then iterate through the list of targets.” The tool also offers advanced features, like sending secure links only an intended recipient can open, and an integrated send delay to get around rate limiting. No word when Microsoft will patch this issue with Teams.
Browse with Bing breaks paywalls
Generative AI tools like ChatGPT can do a lot of thing, but remain limited by their training sets. ChatGPT’s cuts off in September 2021. To get around this limitation, OpenAI launched Browse with Bing for ChatGPT Plus subscribers last week. This lets the chatbot search on Bing for more up to date responses. However OpenAI announced it suspended the feature rather quickly. It turns out users asked the bot to pull down full text of paywalled articles, something the chatbot was more than happy to use Browse with Bing to do. OpenAI said it will bring back the feature once it irons out that behavior.