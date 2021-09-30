Security Leftovers Missouri Governor Doubles Down On 'View Source' Hacking Claim; PAC Now Fundraising Over This Bizarrely Stupid Claim Hey Missouri: stop electing technically illiterate dipshits. First you had Claire McCaskill, one of the key sponsors of FOSTA (who is still defending it years later). You got rid of her, but replaced her with Josh Hawley, who seems to think his main job in the Senate (besides whipping up support for insurrectionists and planning his run for the Presidency) is to destroy the internet and reshape it according to his own personal vision.

Irving Wladawsky-Berger: The Complex Interplay Between Cybersecurity and Regulatory Compliance Cybersecurity threats have significantly increased since March of 2020 when much of the economy was forced online to help us cope with the Covid crisis, including a number of high profile attacks by international criminal groups and adversarial governments. This past June, FBI Director Christopher Wray compared the danger of ransomware attacks on US firms by Russian criminal groups to the 9/11 terrorist attacks. When Biden and Putin met in Geneva a few weeks later, cyberweapons control was at the top of the agenda, a spot previously occupied by the control of nuclear weapons. It’s been clear for a while that in a world increasingly governed by digital data and transactions, our existing cybersecurity methods have been far from adequate. To learn more about this very important area, earlier this year I joined CAMS, MIT’s interdisciplinary cybersecurity initiative, and started attending its research seminars. At a recent seminar, I heard a very interesting presentation on Compliance and Cybersecurity by CAMS research affiliate Angelica Marotta. Her seminar was based on Convergence and divergence of regulatory compliance and cybersecurity, a recent paper she co-authored with MIT professor Stuart Madnick.

Supply Chain Attack: NPM Library Used By Facebook And Others Was Compromised [Ed: Microsoft is serving malware] Here at Hackaday we love the good kinds of hacks, but now and then we need to bring up a less good kind. Today it was learned that the NPM package ua-parser-js was compromised, and any software using it as a library may have become victim of a supply chain attack. What is ua-parser-js and why does any of this matter? In the early days of computing, programmers would write every bit of code they used themselves. Larger teams would work together to develop larger code bases, but it was all done in-house. These days software developers don’t write every piece of code. Instead they use libraries of code supplied by others.

Malware Discovered in Popular NPM Package, ua-parser-js [Ed: Microsoft is serving malware again, but nobody even mentions Microsoft] Versions of a popular NPM package named ua-parser-js was found to contain malicious code. ua-parser-js is used in apps and websites to discover the type of device or browser a person is using from User-Agent data. A computer or device with the affected software installed or running could allow a remote attacker to obtain sensitive information or take control of the system.

Big Tech is pushing a 'national cloud.' Critics say Big Tech would profit from it. A steady drumbeat from some of the most influential executives in the technology industry has emerged in recent months to push the idea that the U.S. government should invest in a "national research cloud" — a hub for U.S. research into artificial intelligence where researchers from academia and smaller tech companies could share data sets and other resources. It's an idea that has been backed by a government commission led by ex-Google CEO Eric Schmidt and including executives from Amazon, Microsoft and Oracle, which recommended that the Biden administration create a hub for U.S. research into artificial intelligence. The White House has warmed up to the idea, ordering another report on it due next year with an eye toward competing with China on the development of artificial intelligence.

Windows ransomware gang moves earnings, others slam US after REvil takedown A number of Windows ransomware gangs have reacted to the reported takedown of the REvil gang, with one of them, Darkside, now known as BlackMatter, moving some of the bitcoin it holds, according to a statement from the cryptocurrency tracking firm Elliptic.

The True Cost of Upgrading Your Phone But financial advisers see this differently. By some estimates, an investment of $1,000 in a retirement account today would balloon to about $17,000 in 30 years. In other words, $700 to $1,000 — the price range of modern smartphones — is a big purchase. Fewer than half of American adults have enough savings set aside to cover three months of emergency expenses, according to the Pew Research Center. Yet one in five people surveyed by the financial website WalletHub thought a new phone was worth going into debt for.

Geriatric Microsoft Bug Exploited by APT Using Commodity RATs [iophk: Windows TCO] Disguised as an IT firm, the APT is hitting targets in Afghanistan & India, exploiting a 20-year-old+ Microsoft Office bug that’s as potent as it is ancient.

Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India [iophk: Windows TCO] A typical infection would consist of a malicious document, such as an RTF file exploiting CVE-2017-11882, a stack overflow vulnerability that enables arbitrary code execution on a vulnerable version of Microsoft Office. The recon phase deployed a custom file enumerator and infector module. This module aimed to discover all the different Office files on an infected endpoint. The infector module is meant to weaponize all .doc, .docx and .rtf files present in removable drives connected to the system to exploit CVE-2017-11882. The attack phase consists of deploying RAT payloads, such as DcRAT and QuasarRAT, to the victim's endpoint instead of the file recon and infector modules seen previously. All the malware observed in the attack phase of the campaign consisted of commodity RATs compiled and deployed with minimal changes.