NSA warns of ongoing GRU campaign. Steganography against industrial targets. Executive Order on Preventing Online Censorship. Notes on COVID-19.

The US NSA warned yesterday that Russia's GRU continues to exploit the Exim mail vulnerability (CVE-2019-10149). NSA identifies the Russian unit involved as, specifically, belonging to GRU's Main Center for Special Technologies (GTsST), the group commonly known as Sandworm. The vulnerability was disclosed and patched in June of last year, and NSA advises users to apply it. This provides another object lesson in the importance of keeping software up to date: the GRU has been exploiting the bug since August 2019.

Kaspersky outlines a campaign against industrial targets in Japan, Italy, Germany and the UK. The specific goals of the campaign are unknown, although Kaspersky says they've observed "destructive activity" and extraction of data. The attackers use steganography in the data extraction process. That and other aspects of the campaign make the attacks difficult to detect and block.

Yesterday US President Trump signed an Executive Order on Preventing Online Censorship intended to address ways in which social media are applying "selective censorship that is harming our national discourse." It addresses Section 230 of the Communications Decency Act, which affords civil liability protection to online service providers that act as "neutral platforms" as opposed to "editors." The Secretary of Commerce will lead a "petition for rulemaking" to clarify Section 230. Federal agencies will evaluate spending on platforms that engage in "viewpoint discrimination," and the Federal Trade Commission will investigate unfair trade practices related to content moderation. The Order is widely viewed as a response to the President's recent experiences with Twitter.

Comments are closed.