The 96 internet service providers were told to enforce the orders “by any technological means available.”

A federal judge has ordered all internet service providers in the United States to block three pirate streaming services operated by Doe defendants who never showed up to court and hid behind false identities.

The blocking orders affect Israel.tv, Israeli-tv.com, and Sdarot.tv, as well as related domains listed in the rulings and any other domains where the copyright-infringing websites may resurface in the future. The orders came in three essentially identical rulings (see here, here, and here) issued on April 26 in the US District Court for the Southern District of New York.

Each ruling provides a list of 96 ISPs that are expected to block the websites, including Comcast, Charter, AT&T, Verizon, and T-Mobile. But the rulings say that all ISPs must comply even if they aren't on the list:

_It is further ordered that all ISPs (including without limitation those set forth in Exhibit B hereto) and any other ISPs providing services in the United States shall block access to the Website at any domain address known today (including but not limited to those set forth in Exhibit A hereto) or to be used in the future by the Defendants (“Newly Detected Websites”) by any technological means available on the ISPs' systems. The domain addresses and any Newly Detected Websites shall be channeled in such a way that users will be unable to connect and/or use the Website, and will be diverted by the ISPs' DNS servers to a landing page operated and controlled by Plaintiffs (the “Landing Page”)._

That landing page is available here and cites US District Judge Katherine Polk Failla's “order to block all access to this website/service due to copyright infringement.”

"If you were harmed in any way by the Court's decision you may file a motion to the Federal Court in the Southern District of New York in the above case," the landing page also says.

“Gone to Great Lengths to Conceal Themselves”

The three lawsuits were filed by Israeli TV and movie producers and providers against Doe defendants who operate the websites. Each of the three rulings awarded damages of $7.65 million. TorrentFreak pointed out the rulings in an article Monday.

The orders also contain permanent injunctions against the defendants themselves and other types of companies that provided services to the defendants or could do so in the future. That includes companies like Cloudflare, GoDaddy, Google, and Namecheap.

In all three cases, none of the defendants responded to the complaints or appeared in court, the judge's rulings said. “Defendants have gone to great lengths to conceal themselves and their ill-gotten proceeds from Plaintiffs' and this Court's detection, including by using multiple false identities and addresses associated with their operations and purposely deceptive contact information for the infringing Website,” the rulings say.

The defendants are liable for copyright infringement and violated the anti-circumvention provision of the Digital Millennium Copyright Act (DMCA), the judge wrote, describing the infringement as follows:

_Through the Website, Defendants have been re-broadcasting and streaming Plaintiffs' original content, broadcasting channels and TV services which are only authorized for broadcasting and/or viewing in the territory of the State of Israel and under a license. The Infringing Broadcasting includes original content produced and owned by Plaintiffs, mostly in Hebrew, and also from major studios in the United States and elsewhere, licensed to Plaintiffs for broadcasting exclusively in Israel (except as expressly licensed for broadcast in the United States)._

Rulings Further Target Web Hosts and Banks

The plaintiffs are United King Film Distribution, D.B.S. Satellite Services (1998), HOT Communication Systems, Reshet Media, and Keshet Broadcasting. While the plaintiffs “transmit their programming in an encrypted form,” the defendants' “various services and hardware permit end-user consumers to bypass the Plaintiffs' encryption to view Plaintiffs' content,” the rulings said.

The judge ordered domain registrars and registries to transfer the domain names to the plaintiffs. The rulings include injunctions against “third parties providing services used in connection with Defendants' operations,” including web hosts, content delivery networks, DNS providers, VPN providers, web designers, search-based online advertising services, and others.

Financial institutions face similar bans on doing business with the blocked websites. The rulings directly target the defendants' monetary accounts, saying that plaintiffs “shall have the ongoing authority to serve this Order on any party controlling or otherwise holding such accounts” until they have “recovered the full payment of monies owed to them by any Defendant under this Order.” This applies to PayPal, banks, and payment providers in general.

_This story originally appeared on_ _Ars Technica__._

Every ISP in the US Must Block These 3 Pirate Streaming Services

The vulnerability is 'critical' with a CVSS severity rating of 9.8 out of 10.

The vulnerability is ‘critical’ with a CVSS severity rating of 9.8 out of 10.

Application service provider F5 is warning a critical vulnerability allows unauthenticated hackers with network access to execute arbitrary commands on its BIG-IP systems.

The F5 BIG-IP is a combination of software and hardware that is designed around access control, application availability and security solutions.

The vulnerability is tracked as CVE-2022-1388  with a severity rating of 9.8 out of 10 by the Common Vulnerabilities Scoring System (CVSS) version 3.90.  

According to F5, the flaw resides in the representational state transfer (REST) interface for the iControl framework which is used to communicate between the F5 devices and users.

Threat actors can send undisclosed requests and leverage the flaw to bypass the iControl REST authentication and access the F5 BIG-IP systems, an attacker can execute arbitrary commands, create or delete files or disable servers.

“This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services,” said F5 in an advisory. “There is no data plane exposure; this is a control plane issue only,” they added.

A self-IP address is an IP address on a BIG-IP system, that a customer uses to associate with VLAN.

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert and advised users to apply the required updates.

****Affected Versions****

The security vulnerability that affects the BIG-IP product version are:

*   1.0 to 16.1.2
*   1.0 to 15.1.5
*   1.0 to 14.1.4
*   1.0 to 13.1.4
*   1.0 to 12.1.6
*   6.1 to 11.6.5

The F5 will not introduce fixes for versions 11.x (11.6.1 – 11.6.5) and 12.x (12.1.0 – 12.1.6).

The patches for versions v17.0.0, v16.1.2.2, v15.1.5.1, v14.1.4.6, and v13.1.5 were introduced by F5.

The advisory by F5 clarifies that the CVE-2022-1388 has no effect on other F5 products – BIG-IQ Centralized Management, F5OS-A, F5OS-C, or Traffic SDC.

F5 affected products and fixed versions (Source: F5)

The BIG-IP devices are commonly integrated into the enterprises there is a significant threat of widespread attack.

Security researcher Nate Warfield reported in a tweet that nearly 16,000 BIG-IP devices are exposed to the internet. A query shared by Warfield shows the exposed devices on Shodan.

Most of the exposed BIG-IP devices are located in the USA, China, India, and Australia. These systems are allocated to Microsoft corporation, Google LLC, DigitalOcean, and Linode.

****Mitigations****

Three “temporary mitigation” methods were advised by F5, for those who can’t deploy security patches immediately.

According to F5 “You can block all access to the iControl REST interface of your BIG-IP system through self IP addresses”. This can be done by changing the Port Lockdown settings to Allow None for each self-IP address in the system.

Another mitigation method is to restrict iControl REST access through the management interface or modify the BIG-IP httpd configuration.

Additionally, F5 has also released a more generic advisory to tackle another set of 17 high severity vulnerabilities discovered and fixed in BIG-IP.

In July 2020, a critical RCE bug left thousands of F5 BIG-IP users’ accounts vulnerable to an attacker.

F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems

Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.

@@ -1,18 +1,6 @@ /\*\* \* Copyright (c) 2006-2012, JGraph Ltd \*/ // Workaround for allowing target="\_blank" in HTML sanitizer // see https://code.google.com/p/google-caja/issues/detail?can=2&q=&colspec=ID%20Type%20Status%20Priority%20Owner%20Summary&groupby=&sort=&id=1296 if (typeof html4 !== 'undefined') { html4.ATTRIBS\['a::target'\] \= 0; html4.ATTRIBS\['source::src'\] \= 0; html4.ATTRIBS\['video::src'\] \= 0; // Would be nice for tooltips but probably a security risk... //html4.ATTRIBS\['video::autoplay'\] = 0; //html4.ATTRIBS\['video::autobuffer'\] = 0; }  
// Workaround for handling named HTML entities in mxUtils.parseXml // LATER: How to configure DOMParser to just ignore all entities? (function() @@ -1670,62 +1658,21 @@ Graph.removePasteFormatting = function(elt) };  
/\*\* \* Sanitizes the given HTML markup. \* Sanitizes the given HTML markup, allowing target attributes and \* data: protocol links to pages and custom actions. \*/ Graph.sanitizeHtml \= function(value, editing) { // Uses https://code.google.com/p/google-caja/wiki/JsHtmlSanitizer // NOTE: Original minimized sanitizer was modified to support // data URIs for images, mailto and special data:-links. // LATER: Add MathML to whitelisted tags function urlX(link) { if (link != null && link.toString().toLowerCase().substring(0, 11) !== 'javascript:') { return link; }  
return null; }; function idX(id) { return id };  
return html\_sanitize(value, urlX, idX); return DOMPurify.sanitize(value, {ADD\_ATTR: \['target'\], ALLOWED\_URI\_REGEXP: /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp|data):|\[^a-z\]|\[a-z+.\\-\]+(?:\[^a-z+.\\-:\]|$))/i}); };  
/\*\* \* Removes all script tags and attributes starting with on. \* Sanitizes the SVG in the given DOM node in-place. \*/ Graph.sanitizeSvg \= function(div) { // Removes all attributes starting with on var all \= div.getElementsByTagName('\*');  
for (var i \= 0; i < all.length; i++) { for (var j \= 0; j < all\[i\].attributes.length; j++) { var attr \= all\[i\].attributes\[j\];  
if (attr.name.length \> 2 && attr.name.toLowerCase().substring(0, 2) \== 'on') { all\[i\].removeAttribute(attr.name); } } }  
function removeAllTags(tagName) { var nodes \= div.getElementsByTagName(tagName);  
while (nodes.length \> 0) { nodes\[0\].parentNode.removeChild(nodes\[0\]); } };  
removeAllTags('meta'); removeAllTags('script'); removeAllTags('metadata'); return DOMPurify.sanitize(div, {IN\_PLACE: true}); };  
/\*\* @@ -13734,12 +13681,12 @@ if (typeof mxVertexHandler !== 'undefined') mxEvent.consume(evt); }));  
this.linkHint.appendChildGraph.createRemoveIcon(mxResources.get('removeIt', this.linkHint.appendChild(Graph.createRemoveIcon(mxResources.get('removeIt', \[mxResources.get('link')\]), mxUtils.bind(this, function(evt) { this.graph.setLinkForCell(this.state.cell, null); mxEvent.consume(evt); })); }))); } }

CVE-2022-1575: 18.0.0 release · jgraph/drawio@f768ed7

By Jung soo An, Asheer Malhotra and Justin Thattil, with contributions from Aliza Berk and Kendall McKay.

In February 2022, corresponding roughly with the start of the Russian Invasion of Ukraine, Cisco Talos began observing the China-based threat actor Mustang Panda conducting phishing campaigns...


[[ This is only the beginning! Please visit the blog for the complete entry ]]

Mustang Panda deploys a new wave of malware targeting Europe

All active GitHub users who contribute code will be required to enable at least one form of two-factor authentication by the end of 2023.

Security experts have been banging the multifactor authentication (MFA) drum for years, encouraging users to move away from solely relying on the username/password combination to secure their most sensitive accounts. Now GitHub is done with encouraging: By the end of 2023, all users who contribute code to GitHub-hosted repositories must have one or more forms of two-factor authentication (2FA) enabled, the company says.

Zero-day attacks and sophisticated exploits are scary, but social engineering and credential theft pose bigger headaches for enterprise defenders. User credentials grant attackers full access to the application and the associated data, or in case of a code repository like GitHub, visibility into source code as well as the ability to maliciously modify the code.

"This places not only the individuals and organizations associated with the compromised accounts at risk, but also any users of the affected code," says Mike Hanley, GitHub's CSO. The downstream effects of an attacker seizing control of a popular code repository is staggering, as "it can be downloaded tens of thousands of times, or hundreds of thousands of times," he says.

Attacks against the software supply chain jumped by more than 300% in 2021, Aqua Security said in January.

GitHub’s decision increases the complexity of account takeovers, says Andrew Hay, COO at LARES Consulting. "It has been proven time and time again that multifactor authentication provides an additional layer of protection to a user's account without exponentially complicating the login process," he says.

**Raising the Bar  
**Considering the sheer number of developers and active repositories on GitHub.com, this move has the potential to significantly enhance the security of the software supply chain. The company says the shift to 2FA will impact 83 million developers.

Hanley has said in the past that GitHub’s sheer size puts the company in a strong position to boost the security of the entire software ecosystem. By implementing new security features, GitHub is raising the bar on things developers and project maintainers have to do.

"Strong password management, privileged access security, and MFA will make it difficult for attackers to be successful at gaining an initial foothold," says Joseph Carson, chief security scientist and advisory CISO at Delinea. "This will likely force them to look for an easier target elsewhere."

**Move to Mandatory Enrollment  
**GitHub has offered 2FA in some form since 2013. Recognizing that attackers are increasingly targeting JavaScript packages on the npm registry, GitHub enrolled all the maintainers of the top 100 npm packages with mandatory 2FA back in February. Even so, adoption has lagged. Currently, only 16.5% of active GitHub users and 6.44% of npm users have enabled one or more forms of 2FA on their accounts, the company says.

The numbers are dismal but not wholly unexpected. Back in 2018, Google noted that seven years after introducing 2FA for Gmail, less than 10% of active accounts had enabled the feature. More than three-quarters (78%) of organizations with Microsoft Active Directory (AD) currently do not employ MFA for their user accounts, Microsoft said in its quarterly Cyber Signals report earlier this year. Microsoft has said repeatedly that "99.9% of breaches would be prevented if you just implemented MFA."

GitHub has taken other steps to improve security beyond relying on just the username and password. Earlier, GitHub deprecated basic authentication for Git operations and GitHub’s REST API, and now require email-based device verification. Since March, all npm accounts require enhanced login verification. The company launched 2FA for GitHub Mobile on iOS and Android back in January.

GitHub will allow multiple methods, including hardware security keys and mobile push notifications approved directly from the GitHub app.

GitHub already gives enterprise customers the ability to require developers to use 2FA to access enterprise repositories. When enforcement takes effect, there may be some issues if GitHub winds up removing users who do not have 2FA enabled from enterprise repositories, Hay notes. "It may lead to some calls to the support desk if a user finds that they can no longer access the code repositories they once had access to," he says.

**Delayed Enforcement  
**The shift to mandatory 2FA will occur in phases. All maintainers of the top 500 packages will be enrolled in mandatory 2FA on May 31. Maintainers of high-impact npm packages — which GitHub defined as those with more than 500 dependents or one million weekly downloads — will be enrolled in mandatory 2FA in the third quarter of 2022. The long lead time — more than a year out — will help GitHub "make sure we get this right" in terms of ensuring the user experience with the command line and the web interface, Hanley says.

Carson notes that recent advancements have made MFA "far less burdensome" to users. The most common mistake in enterprise deployments is to add MFA to existing authentication schemes rather than strengthening (and potentially replacing) them. MFA should be used to make logging in more efficient, as well as more secure.

"It is important to make authentication easier and the experience positive where possible," Carson says. "Otherwise users will find ways around the security control making them much weaker."

GitHub to Developers: Turn on 2FA or Lose Access

Operation CuckooBees uncovered the state-sponsored group's sophisticated new tactics in a years-long campaign that hit more than 30 tech and manufacturing companies.

China's Winnti cyberthreat group has been quietly stealing immense stores of intellectual property and other sensitive data from manufacturing and technology companies in North America and Asia for years.

That's according to researchers from Cybereason, who estimate that the group has so far stolen hundreds of gigabytes of data from more than 30 global organizations since the cyber-espionage campaign began. Trade secrets are a big part of that, they said, including blueprints, formulas, diagrams, proprietary manufacturing documents, and other business-sensitive information.

In addition, the attackers have harvested details about a target organization's network architecture, user accounts, credentials, customer data, and business units that they could leverage in future attacks, Cybereason says in reports summarizing its investigation this week.

The security vendor said it has shared its findings with the FBI, which back in 2019 had warned of China-based cyberthreat groups engaged in the massive theft of intellectual property from US firms to support the country's "Made in China 2025" modernization initiative.

"Global manufacturers are targets of Chinese state-sponsored threat groups," says Assaf Dahan, senior director and head of threat research at Cybereason. "Our research highlights the importance of protecting Internet-facing assets, early detection of scanning activity and exploitation attempts, the ability to detect web shell activity, persistence, reconnaissance attempts by legitimate Windows tools, credential dumping, and lateral movement attempts."

Darren Williams, CEO, and founder at BlackFog, says the campaign that Cybereason observed highlights a recent trend involving data theft by cybergangs operating out of China. He says that new research that BlackFog recently conducted found that 20% of all ransomware attacks exfiltrate data to China. There's also been a dramatic rise in attacks targeting the technology, manufacturing, and government sectors, he says

“We think its related to the increasing pressure from multiple nations on the manufacturing industry generally and the shift in reliance from Chinese manufacturing," he says. "Then when you look at trade wars China has with countries like Australia, there is a general market shift happening. We think these attacks are in response and even retaliation for many of these moves.”

**Winnti Stung by CuckooBees**  
Winnti (aka APT41, Wicked Panda, or Barium) is a threat group that has been active since at least 2010. The group is believed to be working on behalf of, or with the support of, the Chinese government. Some security vendors have described Winnti as an umbrella group comprised of multiple threat actors operating under the control of China's state intelligence agencies. The group has been linked to attacks in 2010 on scores of US firms (including Google and Yahoo). And in 2020, the US government indicted five members of the threat group, although the action did little to stop its activities.

Researchers from Cybereason stumbled upon the threat group's latest campaign when investigating a 2021 intrusion at a $5 billion global manufacturing company with operations in Asia, North America, and Europe, Dahan says, and has been gathering evidence on the activity since then.

The researchers dubbed the investigation "Operation CuckooBees," because cuckoo bees are very evasive, and the Winnti group is one of the most elusive hacking groups, Dahan explains.

"Operation CuckooBees was a 12-month investigation focused on Winnti Group's global espionage campaign against defense, aerospace, energy, biotech, and pharmaceutical manufacturers," Dahan says.

**New Tools, Rare Abuse of Windows CLFS Mechanism**  
Cybereason's investigation also revealed fresh aspects of the group's technical approach, including the development of new malware tools — or new versions of its old malware — and sophisticated new techniques for payload delivery and evasion.

The new tools include one called DeployLog, made for deploying the threat group's namesake Winnti kernel-level rootkit. New versions of tools it has used in the past include an initial payload called Spyder Loader; a privilege-escalation tool called PrivateLog; and a tool called StashLog for storing payloads in a hard-to-crack Windows function.

One notable aspect of Winnti group's new campaign, according to Cybereason, is the threat actor's use of a Windows high-performance logging feature called Common Log File System (CLFS) to hide malicious payloads.

"The CLFS mechanism is rather obscure and is still undocumented by Microsoft," Dahan notes. "The attackers used the CLFS mechanism to hide their payloads in a place most security products or practitioners wouldn’t look for." He adds that the ability to abuse the mechanism points to the level of sophistication and resources that the threat actors have at their disposal.

"It requires a lot of effort to reverse-engineer this mechanism to abuse it for nefarious purposes," he says.

Dahan says Cybereason has not observed any other threat group abuse the CLFS mechanism to stash payloads in the same manner.

**The Evolving Winnti Attack Chain**  
In its latest campaign, Winnti group threat actors targeted vulnerable Internet-facing servers as a vector for gaining an initial foothold on a target network. In some instances, the attackers gained initial entry on systems by exploiting known vulnerabilities in enterprise resource planning (ERP) platforms.

"To the best of our knowledge, the vulnerabilities that were exploited in the observed attacks have fixes that were issued by the vendor," Dahan says.

Once in, Cybereason observed the attackers adopting what it described as a "house-of-cards" approach to deploying its malicious payloads, where each component of the attack chain depended on the previous one and the other components to function properly. This made it difficult to analyze each malware component in the attack chain separately.

"If for some reason, one component is missing or gets detected – the entire thing would fall apart," Dahan says.

The approach also added another layer of protection and stealth because each of the components in the attack chain is not entirely malicious on its own, and so would be unlikely to be flagged as malicious by security products, Dahan says. To become malicious, the components in the attack chain must be assembled in a certain order.

"The ‘house of cards’ approach makes it difficult for security researchers to analyze the payload and the flow of the attack," he explains. "You really have to see the entire attack and collect all the payloads and know how to run them in the exact order in which they were designed to run."

China-Backed Winnti APT Siphons Reams of US Trade Secrets in Sprawling Cyber-Espionage Attack

The US has to adapt its own policies to counter the push, warns former DocuSign CEO and Under Secretary of State Keith Krach.

Despite the block on information flowing from China, stories about the nation's surveillance state have leaked out. From social credit scores and online censorship to electronic billboards that display a citizen's "violations" like jaywalking, surveillance is a part of everyday life for millions of Chinese people.

China is increasingly exporting not only its technology but the authoritarian values that underpin them, and this spread must be contained before it moves through more of the world, says Keith Krach, who served as DocuSign CEO from 2009 to 2019 before becoming Under Secretary of State for Economic Growth, Energy, and the Environment in the Trump administration in June 2019.

Krach, who continues to advise the administration of President Joe Biden and leads the Krach Institute for Tech Diplomacy at Purdue University, was nominated for the 2022 Nobel Peace Prize for his work on China. He recently spoke with Dark Reading about China's tech-centered authoritarianism, how the country is embedding its values in its exports, and what the US must do with its own tech policies to keep a moral high ground.

This interview has been condensed for length and clarity.

    

Source: Keith Krach

**Q: You've dedicated much of your career to fighting against "techno-authoritarianism." How do you define that term? What activities rise to the level of authoritarianism?**

**Krach:** Our rivals are playing the long game in what's a four-dimensional game of military, economic, diplomatic, and cultural chess — and the crossroads, the main battleground, is technology. It all intersects there. So here's what techno-authoritarianism is in the simplest \[terms\]: It is using technology for bad instead of for good. That could be a surveillance state, dangerous military weapons, or whatever else is done for bad.

You can think of it as sort of the opposite of what we \[in the United States\] honor as a nation and in the free world at large: respecting things like the rule of law, property of all kinds, nations' sovereignty, human rights, the environment, the press. Those good principles of collaboration, like transparency, reciprocity, accountability — these are things that we honor.

But these are things that China, Russia, the authoritarians don't live by. Instead they \[rule by\] a power principle: cooperation, coercion, concealment, intimidation, retaliation, retribution. And what \[affects us all\] is that when someone doesn't play by the rules, it's no longer a free market; it's a fool's market. For example, let's say you're a Silicon Valley CEO, and I'm a Chinese company. I can steal your intellectual property, I don't have to be transparent, I can use slave labor, I can use cheap energy from big coal-fired power plants.

I don't have to obey the law — or to be \[more precise\], I _am_ the law. How can you possibly compete? I'll beat you every time. So we've got to do something about it.

**Q: You've been particularly vocal about techno-authoritarianism in China — to the extent that you can no longer visit or do business there after officials sanctioned you and your family** **\[among other former Trump officials\] last year.**

**Can you provide context on the extent of Chinese surveillance? It's especially present in Xinjiang, where authorities closely track the habits and activities of millions of Uyghurs, a Muslim minority group in the city. The US is among several countries to accuse China of committing genocide** **of the Uyghurs, but surveillance happens all over the country in varying degrees.**

**Krach:** Oh, it's literally George Orwell's _1984_. They use technology to intimidate, and there is no privacy anymore. To the extent that in Beijing and a lot of the big cities, they have these big TV-like electronic billboards where they show, for example, if somebody jaywalks crossing the street. They'll flash your picture up there, they'll show how many violations they have, all this kind of personal stuff. They know exactly where people are doing, what people are spending, I mean ... everything. They assign people social credit scores based on their behavior and decide what you can and can't do.

It creates a paranoid society where everybody feels watched, and nobody trusts anyone — because there's also incentives for turning people in for violations. It's just a nasty, nasty way to live.

**Q: Chinese authorities, of course, say this surveillance is for the good of the people. They're leveraging technology in all sorts of new projects, including so-called safe cities** **underpinned by \[Chinese telecom\] Huawei that harness all kinds of data about people's activities — ostensibly created to be like what we call smart cities here, helping get ambulances to car accidents faster and assisting police in stopping crime. But in actuality, according to groups like the bipartisan Center for Strategic and International Studies, they're tracking facial recognition and license plate data, monitoring social media, and stomping out dissent.**

**Krach:** These wired cities are a Trojan horse, the same way that what they're doing in Xinjiang is a proving ground. It's beta testing for all this stuff to roll out in China and to export elsewhere. So Xinjiang is literally a glance into the future.

China is essentially exporting a "dictatorship-in-a-box" when they send their surveillance tools \[overseas\]. These are tools that the worst of dictators could have only dreamed up. And that's the stuff that enables genocide: the whole surveillance state, literally thought control. I call it China's Great One-Way Firewall, where all the data comes in for their own use. Propaganda goes out, but the truth does not come in. That's why \[China's President\] Xi \[Jinping\] is just obsessed with technology. His biggest obsession is the semiconductor business because he knows that's the foundation of everything.

**Q: Several countries, including Kyrgyzstan and Ecuador, have adopted Chinese-made surveillance tech. That's in part because China has worked to offer less-funded governments functional and more affordable semiconductors and 5G technologies. When China exports this technology, it seems that in many cases they're exporting the values behind them as well. How can that spread of authoritarianism be stopped?**  

**Krach:** I'll take you inside what happened with 5G for an example. You heard about the 5G race all the time a couple of years ago because it looked like China's most important \[tech\] company Huawei was going to run the table for 5G. They announced 91 5G deals, 47 in Europe. So \[in the US government\] we're hitting the panic button. 5G controls are much more than cell phones: It's utility grids, Internet of Things, people's personal data, the government's more precious secrets.

Right around February 2020 \[when I was Under Secretary of State for Economic Growth, Energy, and the Environment in the Trump administration\], it seemed US efforts to stop it were failing. So our team got the authority to make a last-ditch effort to defeat their 5G master plan. We combined our team with some of the greatest Foreign Service officers, and it was like magic with that diversity of thought.

What we heard was that \[US\] government guys going around the world, saying, "Don't buy Huawei." And I go, "That's the dumbest thing I've ever heard." If I'm a CEO, I'd say to my chief of staff, "Hey, let's check out Huawei. They must have something good." So I said, "Why don't we treat the countries, the telcos, like customers? The customer's always right, and to get a customer, you must have a value proposition. Why should they partner with us if they don't get anything out of it?"

In my first 60 bilateral \[meetings\] I had as under secretary, I asked all these governments, "How's your relationship with China?" They'd say, "Oh, they're a really important trading partner." And then they'd look both ways, as if someone was there, and add, "But we don't trust them." That rang bells in my head. Because trust is the basis of every relationship — personal, business, or otherwise. You buy from people you trust. You partner with people you trust. So we went around to the CEOs of these foreign telcos and said, "Do you want to give your government's and citizens' data to a country that requires any company to turn information over to the Chinese Communist Party? Or do you want to partner with someone you trust?"

We created a digital standard of trust, called the Trust Principle, built on principles like respect for human rights and collaboration. And that was the basis for what we did with the Clean Network, a group of 60 countries that represent two-thirds of the world's global GDP, \[along with\] 200 telcos and a whole host of companies that were committed to building a 5G system completely free of bad actors and dedicated to fair principles.

It's not an anti-China thing. It's your choice: You can either be locked out of 70% of the market, or you can change the way that you do business. That moral high ground is key. In one move, we took those things that they were using against us and weaponized the very principles that protect our freedoms. In less than a year, those 91 \[Huawei\] 5G deals dropped by \[dozens and dozens\].

    

Source: Keith Krach

**Q. I want to turn the lens inward now because ideas like the Trust Principle and the Clean Network depend on maintaining that moral high ground — and they're built on essentially what we think of as fundamental American ideals — but in reality, the US has participated in surveillance itself. And in the private sector, plenty of US tech companies have had their own issues with data privacy and security, with many of their businesses based on supplying free services and monetizing the data their users provide. Can we have a leg to stand on unless we reform our own practices here in the States?**

**Krach:** It's an interesting and important question. Most people have never heard of this position, but I was the US/EU ombudsman for the data privacy shield. Now what that meant was after the Snowden episode, the Europeans go, "You know, we don't want you guys to do it again." And so they came up with a one-way data privacy shield: From a governance standpoint, if the United States snooped on a European and the Europeans found out about it, then they had a mechanism where they take it to the EU, they'd sort it out, and then it would come directly to me. There was nobody in the executive branch overseeing me on this, to be honest — it was straight with the judicial branch, and those guys were serious. "We're gonna prosecute come hell or high water. Patriotism thrown out the door; you've got to do what's right." And that was an interesting thing.

But the first thing I thought was, why isn't this reciprocal? The No. 1 thing \[I said\] when I met with the Europeans was, "Why is this a one-way thing, but you guys are shielded?" And then I'd say, "Oh, hey, how's your EU/China data privacy shield going? You have one, right?" And they're like, "Uh ... no. You know, China will be China."

Anyway, from a company standpoint, when people think of US tech companies, they think of the social and search companies like Google and Facebook. They're important companies, sure, but that's a small fraction of it. In my view, the rules of the road have not fully been written yet on data, privacy, security, data flows. It's going to take not only all three branches of our government but also the private sector and international players. If I were \[a tech CEO\], I would get out in front of this one because you can see it's going to be coming down. Things like Elon Musk buying Twitter probably would be a catalyst for that.

**Q: What, then, does the US need to do? It sounds like you think there's a lot more coming pretty soon down the pipe in terms of regulatory and compliance.**

**Krach:** Yeah, yeah. And I think it needs to be clear. But also, US companies were getting robbed blind and locked out of the Chinese market. So there's a squeeze play there, and then \[on the government level\] the EU was coming up with these regulations that just target US companies, so there's another squeeze play. But here again, it all boils down to one word: trust. You have to be able to trust the people you partner with, and you have to be trusted yourself.

**Q: As we look at how technology is evolving in general — Web3, the metaverse — there's so much emerging. Which security issues do you think should be top of mind from a policy standpoint?**

**Krach:** The first one is protect from the enemy. On _60 Minutes_, FBI Director \[Christopher\] Wray talked at length about China's cyber threat and threat to intellectual property. Because their attitude is, if it's out there and we can take it, it's your fault for not protecting it. It's a wholly different value system. 

So the second piece is educating everyone about that, especially at the corporate board level. I just wrote an article for Fortune about how companies need to have their China contingency plan. \[Business leaders\] need to ask themselves, "What is our policy to make sure that we're trusted by our customers, our shareholders, our suppliers, our partners, all the governments we do business with?"

There's some things the government can help out on. For example, we could install something like the no-bribery law, in which American companies that go overseas and are asked for bribes have the law to fall back on. They can say, "No can do, it's against the law. I'll go to jail, sorry." Why don't we make a law that it's illegal to transfer technology to the Chinese? They have that divide-and-conquer system: "You guys won't give it to me? I'll go to your competitor." So there's some things that we can do along those lines, understanding their values and how we can weaponize ours. But again here, it takes collaboration across government and the private sector. It's critical that we figure it out.

Q&A: How China Is Exporting Tech-Based Authoritarianism Across the World

An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by editing virtualization command parameters of imported UNL files.

**Home**

EVE - The Emulated Virtual Environment  
For Network, Security and DevOps  
Professionals

EVE - The Emulated Virtual Environment  
For Network, Security and DevOps  
Professionals

EVE - The Emulated Virtual Environment  
For Network, Security and DevOps  
Professionals

EVE - The Emulated Virtual Environment  
For Network, Security and DevOps  
Professionals

EVE - The Emulated Virtual Environment  
For Network, Security and DevOps  
Professionals

**Important Note: LOG4J – CVE-2021-45046 CVE-2021-44228 CVE-2022-27903 DOES NOT affect EVE-NG.**

**EVE-NG Professional Edition:**

EVE-NG PRO platform is ready for today’s IT-world requirements. It allows enterprises, e-learning providers/centers, individuals and group collaborators to create virtual proof of concepts, solutions and training environments.

EVE-NG PRO is the first clientless multivendor network emulation software that empowers network and security professionals with huge opportunities in the networking world. Clientless management options will allow EVE-NG PRO to be as the best choice for Enterprise engineers without influence of corporate security policies as it can be run in a completely isolated environment.

   

EVE Professional Edition: 4.0.1-86 EVE-NG Professional (01 May 2022)

_Release notes link_

Download EVE Professional

**_Upgrade notes:_**

_**If you are upgrading your EVE PRO or EVE LC form Versions 3.0.1-16 or later, please follow the link below:**_

_Upgrade EVE Pro or LC to the newest version_

_**If you are upgrading your EVE PRO or EVE LC form Versions 2.0.6.52 or earlier, please Contact to the EVE Live Helpdesk:**_

_Live Helpdesk_

EVE-NG Professional/Learning Center Cookbook

**_EVE-NG PRO/LC Cookbook version 4.14 (23 October, 2021)_**_Download link EVE PRO/LC Cookbook_ **Section updates:** 3.3 Ubuntu download link update10.6 Remove Cloud interfaces for Editor and User14.1.5 Custom web page for server-gui docker14.1.6 Custom web page SSL for server-gui docker

****Some Features:****

EVE brings You the power You need to mastering your network within multivendor environment designing and testing.

  

*   KVM HW accelaration
*   Topology designer “click and play”
*   Import/export configuration
*   Labs xml file format
*   Picture import and maps “click and play”
*   Custom Kernel support for L2 protocols
*   Memory optimization ( UKSM )
*   CPU Watchdog
*   Full HTML5 User Interface
*   Ability to use without additionnals tools
*   Multiusers
*   Interaction with real network fully supported
*   Simultaneous lab instances
*   Derivated  from Ubuntu LTS 18.04 server for long term support 

****EVE-NG-PRO Emulation Software****

_The brand new structure is created with many updated features and improvements._  

*   Dynamic console porting, no limits, fixing issues for multi user consoling, Telnet porting choose is random
*   Hot links, interconnection running nodes, ports immediately response, shut no shut, Ethernet only
*   1024 nodes support per lab
*   Docker containers support
*   HTML desktop console to EVE management, clientless EVE management
*   Closing feature of running lab placing it to running folder, option run more than one lab simultaneously
*   Import/export configs for eve lab to/from local PC
*   Multiuser support, Administrator role only
*   EVE User account access time limitation
*   NAT cloud, integrated NAT option with DHCP on the EVE
*   Integrated Wireshark capture using docker, ethernet only
*   Multi configurations for single lab
*   Lab design features, links and objects
*   Custom template for own node deployment
*   Lab timer for self-training
*   EVE Labs control management
*   Information display of running labs and nodes per user. Admin control of processes
*   Link quality bandwidth, delay, jitter and loss set feature
*   EVE Cluster
*   Google Cloud EVE PRO support

_Upcoming features in EVE-NG PRO:_

*   Current version display and the newest available  
    
*   Fix permissions button on web  
    
*   New lab design options
*   Lab search option
*   Live lab resource widget, CPU, RAM
*   Lab timer, countdown improvement

CVE-2022-27903

Also adds support for Google Cloud Platform (GCP) and Microsoft Azure, and PCI compliance coverage.

WALTHAM, Mass. , May 4, 2022 /PRNewswire/ -- Uptycs, provider of the first cloud-native security analytics platform enabling cloud and endpoint security from a common solution, announced today new cloud infrastructure entitlement management (CIEM) capabilities that strengthen its cloud security posture management (CSPM) offering. In addition, Uptycs announced CSPM support for Google Cloud Platform (GCP) and Microsoft Azure, and PCI compliance coverage. These new capabilities provide Security and Governance, Risk, and Compliance teams with continuous monitoring of cloud services, identities, and entitlements so they can better reduce their cloud risk.

"Disparate cloud security solutions only deliver pieces of the picture, leaving Security teams unaware of new risks in a fast-changing cloud environment," says Ganesh Pai, CEO and co-founder of Uptycs. "As organizations scale out their cloud footprints—including across multiple public cloud providers—they need new types of security controls, especially in the realm of cloud identity and entitlement. Uptycs provides a unified platform for CSPM and CWPP that gives Security teams a holistic and fully integrated platform for securing their cloud resources, workloads, and infrastructure."

As they add cloud accounts, resources, and infrastructure, the number of user and machine identities grows exponentially. The majority of these identities have more access than they need to do their jobs, posing a serious risk if an attacker is able to steal credentials. According to Gartner, more than 95% of accounts in IaaS use, on average, less than 3% of the entitlements they are granted.1 In addition, Gartner estimates that "by 2023, 75% of security failures will result from inadequate management of identities, access and privileges, up from 50% in 2020."2

With new cloud identity and entitlement analytics capabilities in Uptycs, Security and Governance teams can solve these challenges:

*   **Monitor least privilege -** Continuously monitoring cloud infrastructure to spot identity misconfiguration and permissions gaps so they can move toward least-privilege access, minimizing the damage that can be caused by privilege escalation.
*   **Measure identity risk and governance posture -** Measuring the overall identity risk posture for cloud accounts based on factors such as root account configuration, credentials rotation, possibility of privilege escalation, and credential exposure.
*   **Harden cloud IAM policies -** Continuously analyzing cloud IAM policies and creating risk profiles so that teams can prioritize their efforts on tuning the most risky policies.
*   **Map identities and relationships -** Visually map relationships across accounts, rank connections based on riskiness, and show the impact a user can have on an asset or critical service.
*   **Detect and investigate identity misuse -** Show top cloud IAM principals and services denied based on specific time windows, enabling users to drill down into trends for a specific user/service and spot any anomalies from the regions based on historical data.

The cloud identity and entitlement analytics capabilities are generally available today for AWS as an add-on for the Uptycs CSPM offering. Uptycs' broader CSPM support for GCP and Azure (inventory, audit, compliance, and threat detection) is generally available.

1 Gartner, "Managing Privileged Access in Cloud Infrastructure," Paul Mezzera, December 7, 2021

2 Gartner, "Innovation Insight for Cloud Infrastructure Entitlement Management, Henrique Teixeira, Michael Kelley, Abhyuday Data, June 15, 2021

**About Uptycs  
**Uptycs provides the first cloud-native security analytics platform that enables endpoint and cloud security from a single platform. The solution provides a unique telemetry-powered approach to address multiple use cases—including Extended Detection & Response (XDR), Cloud Workload Protection (CWPP), and Cloud Security Posture Management (CSPM). Uptycs enables security professionals to quickly prioritize, investigate, and respond to potential threats across a company's entire attack surface. A free trial of Uptycs can be requested at www.uptycs.com/free-trial.

Uptycs Announces New Cloud Identity and Entitlement Management (CIEM) Capabilities

A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted.
"Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open

A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted.

"Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open malicious emails or click malicious links," Google Threat Analysis Group's (TAG) Billy Leonard said in a report.

"Financially motivated and criminal actors are also using current events as a means for targeting users," Leonard added.

One notable threat actor is Curious Gorge, which TAG has attributed to China People's Liberation Army Strategic Support Force (PLA SSF) and has been observed striking government, military, logistics and manufacturing organizations in Ukraine, Russia and Central Asia.

Attacks aimed at Russia have singled out several governmental entities, such as the Ministry of Foreign Affairs, with additional compromises impacting Russian defense contractors and manufacturers as well as an unnamed logistics company.

The findings follow disclosures that a China-linked government-sponsored threat actor known as Mustang Panda (aka Bronze President) may have been targeting Russian government officials with an updated version of a remote access trojan called PlugX.

Another set of phishing attacks involved APT28 (aka Fancy Bear) hackers targeting Ukrainian users with a .NET malware that's capable of stealing cookies and passwords from Chrome, Edge and Firefox browsers.

Also implicated were Russia-based threat groups, including Turla (aka Venomous Bear) and COLDRIVER (aka Calisto), as well as a Belarusian hacking crew named Ghostwriter in different credential phishing campaigns targeting defense and cybersecurity organizations in the Baltic region and high-risk individuals in Ukraine.

Ghostwriter's latest attacks directed victims to compromised websites, from where the users were sent to an attacker-controlled web page to harvest their credentials.

In an unrelated phishing campaign targeting entities in Eastern European countries, a previously unknown and financially motivated hacking group has been spotted impersonating a Russian agency to deploy a JavaScript backdoor called DarkWatchman onto infected computers.

IBM Security X-Force connected the intrusions to a threat cluster it's tracking under the moniker Hive0117.

"The campaign masquerades as official communications from the Russian Government's Federal Bailiffs Service, the Russian-language emails are addressed to users in Lithuania, Estonia, and Russia in the Telecommunications, Electronic and Industrial sectors," the company said.

The findings come as Microsoft divulged that six different Russia-aligned actors launched at least 237 cyberattacks against Ukraine from February 23 to April 8, including 38 discrete destructive attacks that irrevocably destroyed files in hundreds of systems across dozens of organizations in the country.

The geopolitical tensions and the ensuing military invasion of Ukraine have also fueled an escalation in data wiper attacks intended to cripple mission critical processes and destroy forensic evidence.

What's more, the Computer Emergency Response Team of Ukraine (CERT-UA) revealed details of ongoing distributed denial-of-service (DDoS) attacks directed against government and news portals by injecting malicious JavaScript (dubbed "BrownFlood") into the compromised sites.

DDoS attacks have been reported beyond Ukraine as well. Last week, Romania's National Directorate of Cyber ​​Security (DNSC) disclosed that several websites belonging to public and private institutions were "targeted by attackers who aimed to make these online services unavailable."

The attacks, claimed by a pro-Russian collective called Killnet, come in response to Romania's decision to support Ukraine in the military conflict with Russia.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#google