Facebook Provided Text Messages That Led to Abortion-Related Charges
Twitter employee convicted for spying, Russia is choking off internet in Ukraine, Github shut out Tornado Cash, Hackers stole $570K from Curve.Finance, Finnish Parliament site knocked offline, more
Check out my latest column in CSO Online on a compassion-based cybersecurity harm reduction model that one expert will unveil today at BlackHat.
Showing in shocking detail how abortion could and will be prosecuted in the United States with data provided by tech companies, Facebook provided text messages that led to a series of felony and misdemeanor charges against a 17-year-old girl and her mother after an apparent medication abortion at home in Nebraska.
The messages show that the mother and daughter allegedly bought medication to induce abortion online and disposed of the fetus's body. Court documents allege that the abortion occurred before the Supreme Court overturned Roe v Wade in June.
Celeste Burgess, 17, and her mother, Jessica Burgess, bought medication called Pregnot, designed to end a pregnancy. Pregnot is a kit of mifepristone and misoprostol, which is often used to end a pregnancy in the first trimester safely. In this case, Burgess was 28 weeks pregnant, which is later in pregnancy than mifepristone and misoprostol are recommended for use.
The state also alleges that the alleged abortion itself was illegal because it was performed after the 20-week abortion ban the state had at the time and was not performed by a physician, which was required by the state at the time. Facebook said that “nothing in the valid warrants we received from local law enforcement in early June, before the Supreme Court decision, mentioned abortion.” (Jason Koebler and Anna Merlan / Motherboard)
A former Twitter employee, Ahmad Abouammo, was convicted on Tuesday by a jury in federal court of six charges related to accusations that he spied on the company’s users on behalf of Saudi Arabia.
While at Twitter, Abouammo managed media partnerships in the Middle East and North Africa. He developed relationships with prominent individuals in the region, receiving hundreds of thousands of dollars and a luxury watch from a top adviser to Saudi Arabia’s crown prince, Mohammed bin Salman. In return, prosecutors said, he shared the personal user information of dissidents with Saudi officials. (Kalley Huang and Kate Conger / The New York Times)
Microsoft released Patch Tuesday security updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software, including, once again, a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT) called Follina.
Redmond also addressed multiple flaws in Exchange Server, including one disclosed publicly before today, and is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections. Adobe has also released security updates for its products, including Acrobat and Reader, Adobe Commerce, and Magento Open Source. (Brian Krebs / Krebs on Security)
Related: Cyber Kendra, Rapid7, Security Affairs, Bleeping Computer, Talos Blog, Help Net Security, Qualys Blog, Security Affairs, The Register - Security, US-CERT, US-CERT, Bleeping Computer, Infosecurity Magazine, ZDNet Security, gHacks, SANS Internet Storm Center
As part of its authoritarian playbook, Russia has been occupying the cyberspace portions of occupied Ukraine and cleaved off Ukrainians in Russia-occupied Kherson, Melitopol, and Mariupol from the rest of the country, limiting access to news about the war and communication with loved ones.
The internet and cellular networks have been shut down in some territories. The internet restrictions began with critical infrastructure built years ago, after Russia annexed Crimea when a state telecom company built a subsea cable and other infrastructure across the Kerch Strait to redirect internet traffic from Crimea to Russia. Russian forces are also destroying infrastructure that linked the internet in the occupied areas to the rest of Ukraine and the global web. (Adam Satariano and Scott Reinhard / New York Times)
Researchers at Kaspersky say they have linked the Maui ransomware gang to the North Korean state-sponsored hacking group Andariel (aka Stonefly), known for using malicious cyber activities to generate revenue and causing discord in South Korea.
The researchers build on the previous revelations and present evidence of an earlier Maui attack against a Japanese housing company and subsequent unattributed attacks in India, Russia, and Vietnam. (Bill Toulas / Bleeping Computer)
Finland’s parliament said its website came under cyber attack as the Nordic country applied for NATO membership following Moscow’s invasion of Ukraine.
“A denial of service attack is taking place against the parliament’s external website,” parliament said in a statement. The attack began around 2:30 pm (1130 GMT), slowing down or denying site access. (AFP)
Hackers stole approximately $570,000 from the decentralized finance (DeFi) protocol Curve.Finance, according to a screenshot of the protocol’s wallet shared on Twitter.
The protocol’s operators said via Telegram that they found the source of the problem and fixed it. “If you have approved any contracts on Curve in the past few hours, please revoke immediately,” they said. The protocol also advised users to use curve.exchange until the propagation of curve.fi reverts to normal.
The suspected hacker appears to have changed the protocol's domain name system (DNS) entry, forwarding users to a fake clone and approving a malicious contract. The program’s contract remained uncompromised, however. (Elizabeth Napolitano / Coindesk)
Following the Treasury Department’s sanctioning of cryptocurrency mixer Tornado Cash, which bans Americans from doing business with the service, an anonymous user sent several Tornado Cash transactions to high-profile Ethereum addresses in what appears to be a troll implicating them in a potential regulatory mess.
According to Etherscan, affected wallets include those controlled by Coinbase CEO Brian Armstrong, TV host Jimmy Fallon, clothing brand Puma and a wallet created for donations to Ukraine. Despite the sanctions, blocking an incoming transfer on-chain is impossible, so exchanges and other parties would most likely have to block the addresses. (Eli Tan, Oliver Knight, Nikhilesh De / CoinDesk)
After the US Treasury Department said it had barred American companies and individuals from the Tornado Cash crypto mixer, code repository Google-owned GitHub took down the mixer’s account.
A spokesperson said that trade laws require GitHub to “restrict users and customers identified as Specially Designated Nationals (SDNs) or other denied or blocked parties, or that may be using GitHub on behalf of blocked parties.” Users posted links they described as mirrors of the code originally hosted on GitHub and to backup versions of the Tornado Cash website itself. (Immanual John Milton / Bloomberg)
Microsoft acknowledged a problem with encryption acceleration in the newest versions of Windows that could result in data corruption.
The problems only affect relatively recent PCs and servers that support Vector Advanced Encryption Standard (VAES) instructions for accelerating cryptographic operations. Microsoft says affected systems use AES-XTS or AES-GCM instructions "on new hardware." The company recommends installing the June 2022 security updates for Windows 11 and Windows Server 2022 "to prevent further damage." However, there are no suggested solutions for anyone who has already lost data because of the bug. (Andrew Cunningham / Ars Technica)
Cloudflare says some of its employees' credentials were also stolen in an SMS phishing attack similar to the one that led to Twilio's network being breached last week.
The company said that although the attackers got their hands on Cloudflare employees' accounts, they failed to breach its systems after their attempts to log in using them were blocked since they didn't have access to their victims' company-issued FIDO2-compliant security keys. (Sergiu Gatlan / Bleeping Computer)
U.S. Deputy Special Representative for North Korea Jung Pak and her South Korean counterpart, Lee Tae-woo, met to discuss ways to counter illicit cyber activities by North Korean actors, the State Department said.
A department spokesperson said, "The meeting addressed the dangers posed by the DPRK cyber program and focused on strategies to combat Pyongyang's ongoing attempts to generate revenue for its unlawful WMD and ballistic missile programs through malicious cyber activity.” (Byun Duk-kun / Yonhap News)
Intel’s latest generation of CPUs contains a vulnerability that the researchers who discovered it call ÆPIC Leak, which allows attackers to obtain encryption keys and other confidential information protected by the company’s software guard extensions known as SGX. This advanced feature is a digital vault for security users’ most sensitive secrets.
The vulnerability resides in APIC, short for Advanced Programmable Interrupt Controller. APIC is a mechanism built into many modern CPUs that manages and routes interrupts, which are signals generated by hardware or software that cause the CPU to stop its current task so it can process a higher-priority event.
Intel issued a lengthy statement and offered remediations saying that “researchers have demonstrated attacks against Intel SGX enclaves, where stale data may be exposed by an attacker who controls the OS and can read from the legacy xAPIC. On some processors, incorrectly aligned reads from addresses in the xAPIC MMIO page could return stale data, which may correspond to data previously read by the same processor core that is reading the xAPIC page.” (Dan Goodin / Ars Technica)
After defacing China's Heilongjiang Society Scientific Community Federation website as a welcome to U.S. Speaker of the House Nancy Pelosi, Anonymous, the decentralized international hacktivist and collective, hacked another Chinese website, the official website of Wenling City Harvest Petrol Factory, a Chinese gasoline generator factory based in the Zhejiang Province in China, to say thank you to Pelosi f for visiting Taiwan.
The site was immediately taken down following the hack and is still offline as of early Wednesday morning. An Anonymous operative named Allez-opi_omi disclosed that they uploaded an HTML page on the attacked site with the collective's emblem, Taiwan's national flag, and the phrase Taiwan Numbah Wan and a message directed to the U.S. House Speaker. (Nica Osorio / IBTimes)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two more flaws to its catalog of Known Exploited Vulnerabilities based on evidence of active exploitation.
One of them, CVE-2022-34713, informally referred to as DogWalk, has spent more than two years as a zero-day bug in the Windows Support Diagnostic Tool (MSDT) and has exploit code publicly available. The other vulnerability is CVE-2022-30333, a path traversal bug in the UnRAR utility for Linux and Unix systems. (Ionut Ilascu / Bleeping Computer)
Researchers at Cyble have discovered more details on the newly discovered Android spyware Dracarys used by the Bitter APT group in cyberespionage operations targeting users from New Zealand, India, Pakistan, and the United Kingdom.
Meta (Facebook) first reported the new Android malware in its Q2 2022 adversarial threat report, where they briefly mentioned its data-stealing, geo-locating, and microphone-activation capabilities. While Meta mentions laced versions of Telegram, WhatsApp, and YouTube, Cyble's investigation only uncovered a trojanized version of the Signal messaging app. (Bill Toulas / Bleeping Computer)
A group of 18 tech and cyber companies say they are building a common data standard for sharing cybersecurity information to fix a problem for corporate security chiefs who say that cyber products often don’t integrate, making it hard to assess hacking threats fully.
Amazon’s AWS cloud business, cybersecurity company Splunk Inc. and International Business Machines Corp.’s security unit, among others, launched the Open Cybersecurity Schema Framework, or OCSF, at the Black Hat USA cybersecurity conference in Las Vegas. Other companies involved in the initiative are CrowdStrike Rapid7, Palo Alto Networks, Cloudflare, DTEX Systems, IronNet, JupiterOne, Okta, Salesforce, Securonix, Sumo Logic, Tanium, Zscaler, and Trend Micro. (Kim Nash / Wall Street Journal)
Lysto, a blockchain start-up building verification tools for gamers, has raised $12 million in a pre-Series A funding round.
Square Peg, Beenext, and Hashed co-led the round, with Tiger Global and Better Capital participating. (Yogita Khatri / The Block)
Data privacy code scanning platform start-up Privya raised $6 million in a venture funding round.
Hyperwise Ventures led the round. (FinSMEs)
AppOmni, a software-as-a-service (SaaS) security provider, has received an unspecified amount of funding from Cisco Investments to propel product development and accelerate its market strategy.
The AppOmni Developer Platform enables universal coverage for any SaaS application or custom application and is currently used by both customers and MSP partners. (Jim Masters / MSSP Alert)