Ransomware halts German newspaper circulation
Over the weekend, the German newspaper ‘Heilbronn Stimme’ suffered a ransomware attack, knocking phone and email communication out for days and causing it to cancel its print edition on October 14th. It published electronically and ran a six-page emergency print edition the next day. It will continue running shorter print editions but said it “cannot currently foresee” when daily papers would return. During the attack, the paper took down the paywall on its site. The attack impacted the entire media group that owns the paper, also affecting circulation at three other publications. No word on a specific ransom demand or what group orchestrated the attack.
Meta disputes Indian content moderation report
Earlier this month, the Indian publication The Wire reported that Meta gave an operative of the governing BJP party the ability to remove content from its platform. The Wire claimed its reporting came from internal documents, later sharing a picture of alleged emails and screenshots showing the system in effect. Meta called the story “fake” and the documents “fabricated.” In a follow up blog post, Meta said that the system shown in The Wire’s report wasn’t an internal Instagram system. Rather it was a Meta Workplace account set up with Instagram’s brand insignia and name, set up as a free trial after the initial Wire report. Meta said it identified and locked the account.
(TechCrunch, Meta)
KakaoTalk called a “national communication network” in Korea
A fire at a South Korean data center over the weekend caused a disruption for more than 53 million users worldwide. The fire took down KakaoTalk, South Korea’s top messaging app. While key for messaging, the app also handles online payments, ride hailing, gaming, and log-in verifications. As of November 1st, 2021, reportedly more than 90% of the country’s 51.74 million people use the app. South Korean President Yoon Suk-yeol described the impact of Kakao’s outage as “no different from the national communication network.” Yoon’s deputy spokesperson said the presidential office will launch a national task force to discuss the messenger service’s outage. This will look at if KakaoTalk uses its market presence to manipulate markets. If so, Yoon called for “systemic measures from a nationwide level for the interest of the people.”
(CNBC)
Mexico investigating spyware purchase
The office of Mexico’s attorney general announced an investigation of the purchase of NSO Group’s Pegasus spyware by the previous administration. The prior attorney general’s office reportedly acquired the spyware for 457 million pesos, about $23 million USD. One probe will look at if this purchase followed legal requirements. A second probe will look into reported evidence that NSO illegally sold Pegasus spyware, although the office released no further specifics. After a watchdog discovered Pegasus installed on the phones of three journalists, Mexican President Andres Manuel Lopez Obrador denied his administration used the software.
(Reuters)
Thanks to today’s episode sponsor, SafeBase
Tornado Cash blocked by most Ethereum blocks
Last week, the U.S. Treasury Department’s Office of Foreign Assets Control issued compliance recommendations for transactions on the Ethereum blockchain to screen out transactions associated with the Tornado Cash cryptocurrency mixer. CoinDesk reported that within 24 hours of issuing the recommendation, 51% of Ethereum blocks came into compliance. While it remains possible for Tornado Cash transactions to go through, it becomes more difficult as more validators and relays come into compliance. Many of the relays following the OFAC guidance come from Flashbots, an Ethereum-based research and development team.
(CoinDesk)
Rust rescues Linux from code memory problems
When Linus Torvalds announced support for the Rust programming language in the Linux kernel, he cited ending Linux code memory problems as a major factor. As if to prove this, five recently disclosed Wi-Fi security holes all came from poorly written C code resulting in a memory problem. These included a buffer overflow flaw capable of crashing a system or leaking kernel information, triggered by “Beacon frames” on any access point. All flaws received patches, which were sent out to the latest stable kernel builds on October 13th.
(ZDNet)
Venus ransomware targets Remote Desktop
This ransomware family only recently appeared on the scene, with operations first noticed in mid-August 2022. According to the security analyst going by linuxct and reports from victims, Venus gains access to corporate networks through Windows Remote Desktop protocol. Once on a network, Venus will attempt to terminate processes associated with database servers and Office, delete event logs, and disable Data Execution Prevention. This will add a .venus extension to encrypted files, and upload a ransom note to the Temp folder. The group appears active, with new submissions uploaded to ID Ransomware daily. Victims noted Venus targeted RDP even running on non-standard TCP ports.
Kanye buying Parler
We covered the social network Parler extensively in the wake of the January 6th Capitol riots. The app claims to be a “free speech” platform. It received blame as a planning platform for the Capitol violence. Most recently, Parler announced the formation of Parlement Technologies, which would see it pivot to providing “uncancelable” cloud services. Now Parler announced it entered into an agreement with Kanye West to buy the platform. The deal is expected to close later this year. Parlement will continue to provide “ongoing technical support” and cloud services powered by its recent Dynascale acquisition after the deal closes.