Technology

Archived version

• Cyble Research and Intelligence Labs (CRIL) identified a campaign targeting individuals connected to the upcoming US-Taiwan Defense Industry Conference, as indicated by the lure document uncovered during the investigation.
• The campaign involves a ZIP archive containing an LNK file that mimics a legitimate PDF registration form for deception.
• When the LNK file is opened, it executes commands to drop a lure PDF and an executable in the startup folder, establishing persistence.
• Upon system reboot, the executable downloads additional content and executes it directly in memory, effectively evading detection by the security products.
• The first-stage loader triggers a second-stage loader, which downloads, decodes, and compiles C# code in memory, avoiding the creation of traceable files on disk.
• Once the compiled code is executed, the malware exfiltrates sensitive data back to the attacker’s server via web requests designed to blend in with normal traffic, making detection more difficult.

cross-posted from: https://feddit.org/post/2777930

Archived link

In its early stages in 2009, [Chinese social media platform] Sina Weibo built its success on larger-than-life personalities known as the “Big Vs” (大V), who were meant to be magnets attracting conversation — and much-desired traffic — to the platform. The strategy worked, and by 2010 media would proclaim that China had entered the “Weibo Era” (微博时代). But within several years, the idea of a privately-owned tech platform building mass audiences outside of CCP control would become untenable for the leadership. A 2014 crackdown on “Big Vs” was the beginning, some might say, of the inexorable unraveling.

Now, 15 years on from the “beta” launch of Weibo, it may be time to ask: has life gone out of the platform?

[...]

China’s leaders, who today still make it their business to “guide public opinion” through the control of media and communication, had long bristled at the notion of “public intellectuals” outside the official system. The emergence of op-ed pages in commercial metro newspapers (都市类报纸) in the early 2000s had given rise to broader range of voices. In December 2004, the Central Propaganda Department-run Guangming Daily (光明日报) ran a series of scathing attacks on the notion of “public intellectuals,” which it dismissed as a dangerous product of Western social thought.

[...]

A decade on from Xi Jinping’s concerted push to rein in the “Big Vs” created by Weibo’s original celebrity push, the platform seems a shadow of itself. Competition from more personalized apps like Douyin and Xiaohongshu, and unrelenting pressure facing more controversial accounts, have driven a mass migration of Weibo users. Today, writes 36Kr, Weibo’s special community feel has vanished. The open discussions that once buzzed around public intellectuals are gone.

[...]

Politics has of course made its own contributions to the disappearance of public intellectuals from the platform. Former Global Times editor-in-chief and “Big V” Hu Xijin (胡锡进) has not posted anything on Weibo since late July, when his influential account was suspended for an unauthorized interpretation of the Third Plenum decision. On August 7, the account of Lao Dongyan (劳东燕), a criminal law professor at Tsinghua University with a respectable following of her own, was also banned for defending her criticisms of upcoming internet IDs for Chinese netizens.

Forums like Zhihu (知乎) or WeChat Moments still provide a town square of sorts for groups to form, but these are smaller, devoid of the larger-than-life “public intellectuals” of Weibo that once served as known voices for netizens to rally round [...] Many [public intellectuals] are laying low, which makes China’s internet a far quieter place.

I love how creative this is. The CSS usage in this is wild!

(Please make sure you read it until the end)

Alternative Invidious link without using YouTube directly: https://yt.artemislena.eu/watch?v=ihtAijebU-M

Insane method to read your PCs memory, based on certain electromagnetic emissions your system makes when you write or read data to the RAM.

Video Description:

The RAMBO Attack on RAM is truly amazing. Some of the best research I've seen.

covertchannels.com arxiv.org/pdf/2409.02292 wired.com/story/air-gap-researcher-mordechai-guri

youtube.com/watch?v=CjpEZ2LAazM&t=0s youtube.com/watch?v=-D1gf3omRnw&t=0s

cross-posted from: https://programming.dev/post/19278175

Archived version

French security services firm Quarkslab has made an eye-popping discovery: a significant backdoor in millions of contactless cards made by Shanghai Fudan Microelectronics Group, a leading chip manufacturer in China.

The backdoor, documented in a research paper by Quarkslab researcher Philippe Teuwen, allows the instantaneous cloning of RFID smart cards used to open office doors and hotel rooms around the world.

Although the backdoor requires just a few minutes of physical proximity to an affected card to conduct an attack, an attacker in a position to carry out a supply chain attack could execute such attacks instantaneously at scale, Teuwen explained in the paper (PDF).

Teuwen said he discovered the backdoor while conducting security experiments on the MIFARE Classic card family that is widely deployed in public transportation and the hospitality industry.

The MIFARE Classic card family, originally launched in 1994 by Philips (now NXP Semiconductors), are widely used and have been subjected to numerous attacks over the years.

Security vulnerabilities that allow “card-only” attacks (attacks that require access to a card but not the corresponding card reader) are of particular concern as they may enable attackers to clone cards, or to read and write their content, just by having physical proximity for a few minutes. Over the years, new versions of the MIFARE Classic family fixed the different types of attacks documented by security researchers.~~

• In July, the Pakistan government said it was implementing an internet firewall to protect the country from cyberattacks.

• Tech industry experts believe the moves to install the firewall and filter content have led to internet disruption.

• Entrepreneurs said the firewall will make it harder for them to raise funds and end up benefiting Chinese apps.

Many Pakistani tech entrepreneurs and industry experts are worried about the industry’s future as they believe the firewall would cut them off from the world. They say the government is trying to imitate its close ally China — which has the world’s largest and most sophisticated internet firewall — without having a similar domestic infrastructure to support its move. The internet firewall could cost Pakistan’s economy $300 million, according to the tech industry body Pakistan Software Houses Association.

A good article in which the author researched how Twitter's algorithm pushed people interested in history into alt-right content.

Quote: "Adhering to my guidelines to follow accounts suggested by the algorithm, I clicked the “follow” button. This was the first time I was recommended content adjacent to alt-right and "manosphere" ideology. Prior to that, it was all history related. After “liking” approximately 100 Tweets, however, I saw that the accounts suggested to me were becoming increasingly political, and I was specifically being recommended accounts run by internet political commentators – as opposed to professional politicians or journalists. I cannot definitively call this observation evidence of being led down an alt-right pipeline, but it was interesting to note that those were the types of accounts suggested to me by the Twitter algorithm."

I've never been on twitter, but I'm not that surprised so many of us here were driving engagement.

cross-posted from: https://feddit.org/post/2724505

Archived link

Russia's naval activity near undersea cables is reportedly drawing the scrutiny of US officials, further sparking concerns that the Kremlin may be plotting to "sabotage" underwater infrastructure via a secretive, dedicated military unit called the General Staff Main Directorate for Deep Sea Research (GUGI).

[...]

Knocking out internet and telecommunications traffic traveling across these fiber-optic cables would have a devastating effect on government, military, and private-sector communications.

More than 95 percent of international data flows through those submarine cables, which puts them at increasing risk of both cyber and physical attacks .

[...]

Last year, public broadcasters of Sweden, Denmark, Norway, and Finland uncovered a Russian fleet of suspected spy ships operating in Nordic waters, reportedly for purposes of sabotaging both submarine cables and wind farms.

**In addition to communications, the cables also carry electricity between European countries. **

[...]

"Any activities that damaged seabed infrastructure including undersea cables especially during periods of heightened tensions risks misunderstandings and misperceptions that could lead to unintended escalation," [said an] US official. "The US would be especially concerned about damage to our or our allies' critical undersea infrastructure."

cross-posted from: https://feddit.org/post/2722079

Apple has been told to pay €13bn (£11bn; $14bn) in unpaid taxes to Ireland by the European Court of Justice (ECJ).

The European Commission accused Ireland of giving Apple illegal tax advantages eight years ago but the Irish government has consistently argued against the need for the tax to be paid.

The ECJ said its decision on the matter was final and that "Ireland granted Apple unlawful aid which Ireland is required to recover".

The Irish government said it would respect the ruling, while Apple said it was disappointed with the decision and accused the European Commission of "trying to retroactively change the rules".

A separate ECJ ruling on Tuesday also brought an end to a long-running case with Google, with the company ordered to pay a fine of €2.4bn (£2bn) fine for market dominance abuse.

[...]

cross-posted from: https://feditown.com/post/650064

Archived version

• Earth Preta has upgraded its attacks, which now include the propagation of PUBLOAD via a variant of the worm HIUPAN
• Additional tools, such as FDMTP and PTSOCKET, were used to extend Earth Preta’s control and data exfiltration capabilities
• Another campaign involved spear-phishing emails with multi-stage downloaders like DOWNBAIT and PULLBAIT, leading to further malware deployments
• Earth Preta’s attacks are highly targeted and time-sensitive, often involving rapid deployment and data exfiltration, with a focus on specific countries and sectors within the APAC region

Earth Preta has been known to launch campaigns against valued targets in the Asia-Pacific (APAC). Recent observations on their attacks against various government entities in the region show that the threat group has updated their malware and strategies.

The spread of disinformation is one of the biggest risks to societies. Recent examples have been conspiracy narratives about COVID-19 vaccinations and false claims about Russia’s invasion of Ukraine.

The trend is linked partly to competition among world powers, which is being played out in Africa too.

Across the continent, multiple foreign powers, including China, France, Russia, the US and others, are competing to shape public opinion. In most cases, states use legitimate approaches to get their messages across. But there are many recent examples of foreign powers spreading misleading or false narratives about current affairs.

For example, in 2020, Meta revealed that the French military was behind an online campaign to sway public opinion in the Central African Republic against Russia. And in 2022, the US was accused of leading a disinformation campaign targeting Arab-speaking communities.

[Edit typo.]

The University of Pennsylvania in tbe U.S. announced $10 million in funding dedicated to its new Center for Media, Technology, and Democracy. The Center will be housed in the School of Engineering and Applied Science (Penn Engineering) and will operate in partnership with five other schools at Penn.

The Center will benefit from a five-year, $5 million investment from the John S. and James L. Knight Foundation as well as an additional $5 million in combined resources from Penn Engineering, Penn Arts & Sciences, the Annenberg School for Communication, the Wharton School, Penn Carey Law, and the School of Social Policy & Practice.

[...]

The Center will propel research involving media, technology, and democracy within Penn. Once established, however, the hope is for the Center to become a global hub for researchers, private sector leaders, and for policymakers—by sharing research findings and creating near real-time dashboards that provide a clear view of the current media landscape, informed by empirical research. Over the long term, the Center also aims to serve as a central repository for data sharing with the broader research community.

Early on a Saturday morning in April, Akara Etteh was checking his phone as he came out of Holborn tube station, in central London.

A moment later, it was in the hand of a thief on the back of an electric bike - Akara gave chase, but they got away.

He is just one victim of an estimated 78,000 "snatch thefts" in England and Wales in the year to March, a big increase on the previous 12 months. The prosecution rate for this offence is very low - the police say they are targeting the criminals responsible but cannot "arrest their way out of the problem". They also say manufacturers and tech firms have a bigger role to play.

[...]

Then, in May, just over a month after the theft, Akara checked Find My iPhone again - his prized possession was now on the other side of the world - in Shenzhen, China.

[..]

It is not uncommon for stolen phones to end up in Shenzhen - where if devices can't be unlocked and used again, they are disassembled for parts.

[...]

In the moments after Akara’s phone was stolen, he saw police officers on the street and he told them what had happened. Officers, he said, were aware of thieves doing a “loop of the area” to steal phones, and he was encouraged to report the offence online, which he did. A few days later, he was told by the Metropolitan Police via email the case was closed as “it is unlikely that we will be able to identify those responsible”.