Microsoft has released an out-of-band patch to fix authentication failures on Windows after installing the May 10, 2022 security update on Windows Server domain controllers. The new update should fix authentication failures that affected services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). 

“An issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller,” Microsoft explained. SEE: Microsoft warns: This botnet has new tricks to target Linux and Windows systemsThe US Cybersecurity and Infrastructure Security Agency (CISA) this week pulled Microsoft’s fix for the bug CVE-2022-26925 from its list of known exploited vulnerabilities that federal agencies must patch within a given timeframe.  The bug was a Local Security Authority (LSA) spoofing vulnerability. Details of the bug have been publicly disclosed and exploits exist for it. An unauthenticated attacker could “call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows it,” Microsoft said. The bug would have a severity score of 9.8 when it is chained with NTLM Relay Attacks on Active Directory Certificate Services (AD CS), Microsoft added.  The authentication issue was only caused after installing the May 10 update on Windows Server domain controllers. Any previously applied workarounds are no longer needed, according to Microsoft.  Microsoft’s out-of-band patch also fixes a separate issue caused by the April KB5011831 or later updates that stopped some Microsoft Store apps from opening. The cumulative updates with the out-of-band fix are available for Windows Server 2022 (KB5015013), Windows Server, version 20H2 (KB5015020), Windows Server 2019 (KB5015018), and Windows Server 2016 (KB5015019). Microsoft has also released standalone updates for Windows Server 2012 R2 (KB5014986), Windows Server 2012 (KB5014991), Windows Server 2008 R2 SP1 (KB5014987), Windows Server 2008 SP2 (KB5014990). Admins can manually import the updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager.  More

Image: Getty Images
The Australian Human Rights Commission (AHRC) has called for stronger laws around the use facial recognition and other biometric technology, asking for a ban on its use in “high-risk” areas.The call was made in a 240-page report [PDF] from the AHRC, with outgoing Human Rights Commissioner Edward Santow saying Australians want technology that is safe, fair, and reliable, and technology that with the right settings in law, policy, education, and funding, the government, alongside the private sector, can “build a firm foundation of public trust in new technology”.”The use of AI in biometric technology, and especially some forms of facial recognition, has prompted growing public and expert concern,” the report says.Must read: Facial recognition tech is supporting mass surveillance. It’s time for a ban, say privacy campaignersAs a result, the Commission recommends privacy law reform to protect against the “most serious harms associated with biometric technology”. “Australian law should provide stronger, clearer, and more targeted human rights protections regarding the development and use of biometric technologies, including facial recognition,” it wrote. “Until these protections are in place, the Commission recommends a moratorium on the use of biometric technologies, including facial recognition, in high-risk areas.”

The report details a number of concerns raised throughout the AHRC’s consultation on the use of biometrics, such as the risk of profiling and errors leading to the risk of discrimination, including bias against people of colour, as well as a blanket concern over mass surveillance.The AHRC has made a number of recommendations as a result, with the first asking federal, state, and territory governments to introduce legislation that regulates the use of facial recognition and other biometric technology. The legislation, it said, should expressly protect human rights; apply to the use of this technology in decision making that has a legal, or similarly significant, effect for individuals, or where there is a high risk to human rights, such as in policing and law enforcement; and be developed through in-depth consultation with the community, industry, and expert bodies such as the AHRC and the Office of the Australian Information Commissioner (OAIC).”To date, existing legislation has not proven to be an effective brake on inappropriate use of facial and other biometric technology,” the report says. “Without effective regulation in this area, it seems likely that community trust in the underlying technology will deteriorate.”It has urged all governments across the country to work together.The AHRC has asked the moratorium on the use of facial recognition and other biometric technology in decision making — which has a legal, or similarly significant, effect for individuals, or where there is a high risk to human rights, such as in policing and law enforcement — be continued until such time as legislation is in place.The moratorium, however, would not apply to all uses of facial and biometric technology. “Particular attention should be given to high-risk contexts, such as the use of facial recognition in policing, in schools and in other areas where human rights breaches are more likely to occur,” it adds.It also said the government should introduce a statutory cause of action for serious invasion of privacy where biometrics are concerned.Calling for a modernised regulatory system to ensure that AI-informed decision making is “lawful, transparent, explainable, responsible, and subject to appropriate human oversight, review, and intervention”, the AHRC has also requested the creation of a new AI Safety Commissioner to help lead Australia’s transition to an “AI-powered world”. Desirably operating as an independent statutory office, the AI Safety Commissioner should focus on promoting safety and protecting human rights in the development and use of AI in Australia, such as through working with regulators to build technical capacity regarding the development and use of AI in their respective areas, as well as be responsible for monitoring and investigating developments and trends in the use of AI.See also: Ethics of AI: Benefits and risks of artificial intelligence It has also asked the government to convene a multi-disciplinary taskforce on AI-informed decision making that could perhaps be led by the AI Safety Commissioner.”The taskforce should consult widely in the public and private sectors, including with those whose human rights are likely to be significantly affected by AI-informed decision making,” it said.The report has also asked the government resource the AHRC accordingly so that it can produce guidelines for how to comply with federal anti-discrimination laws in the use of AI-informed decision making.To that end, another recommendation is that the government introduce legislation to require that a human rights impact assessment (HRIA) be undertaken before any department or agency uses an AI-informed decision-making system to make administrative decisions, as well other legislation that requires any affected individual to be notified when AI is materially used in making an administrative decision.It has also asked for an audit on existing, or proposed, AI-informed decision making.Making a total of 38 recommendations, the AHRC also touches on legal accountability for private sector use of AI, asking the legislation flagged for government use of AI also be extended to non-government entities. Elsewhere, it has asked the Attorney-General develop a Digital Communication Technology Standard under section 31 of the Disability Discrimination Act 1992 and consider other law and policy reform to implement the full range of accessibility obligations regarding Digital Communication Technologies under the Convention on the Rights of Persons with Disabilities. Additionally, it wants federal, state, territory, and local governments to commit to using digital communication technology that fully complies with recognised accessibility standards.”We need to ask a crucial question: Can we harness technology’s positive potential to deliver the future we want and need, or will it supercharge society’s worst problems? The decisions we make now will provide the answer,” Santow said. He labelled the report as setting out a roadmap for achieving this goal.SEE ALSO More

Cyber-security firm ESET has published a report today detailing a new strain of Windows malware that the company has named KryptoCibule.
ESET says the malware has been distributed since at least December 2018, but only now surfaced on its radar.
According to the company, KryptoCibule is aimed at cryptocurrency users, with the malware’s main three features being to (1) install a cryptocurrency miner on victims’ systems, (2) steal cryptocurrency wallet-related files, and (3) replace wallet addresses in the operating system’s clipboard to hijack cryptocurrency payments.
These features are the results of extensive development work from the part of the malware’s creators, who have slowly added new items to KryptoCibule’s code since its first version back in late 2018.
Image: ESET
According to ESET, the malware has slowly evolved into a convoluted multi-component threat, far above what we have seen in most other malware strains.
Currently, the malware is spread via torrent files for pirated software. ESET says that users who download these torrents will install the pirated software they wanted, but they’ll also run the malware’s installer as well.
This installer sets up a reboot persistence mechanism that relies on scheduled tasks and then installs the core of the KryptoCibule malware (the launcher), the OS clipboard hijacker module, and Tor and torrent clients.
ESET says KryptoCibule uses the Tor client to securely communicate with its command-and-control (C&C) servers, hosted on the dark web, while the torrent client is used to load torrent files that will eventually download other additional modules, such as proxy servers, crypto-mining modules, and HTTP and SFT servers, all useful for one or more tasks in the malware’s modus operandi.

Image: ESET
All in all, KryptoCibule is bad news for cryptocurrency users, since this is clearly a strain designed by persons with knowledge of modern malware operations.
However, there is also good news, at least for now. ESET says that despite being a pretty complex threat, KryptoCibule’s distribution appears to have been limited to only two countries, namely the Czech Republic and Slovakia.
ESET researchers say that almost all the malicious torrents distributing pirated software laced with KryptoCibule were only available on uloz.to, a popular file-sharing site in the two countries.
This limited distribution appears to have been something that was planned from the beginning, as KryptoCibule also contains a feature that checks for the presence of antivirus software on a victim’s computer, and this module only checks for the presence of ESET, Avast, and AVG – all three being antivirus companies based either in the Czech Republic and Slovakia and most likely to be on the computers of most targeted users.
However, the fact that this malware strain is currently only distributed in a small area of the globe is no reason to believe this will remain so in the future.
Users should remain vigilant, and the simplest way to avoid a threat like KryptoCibule is to not install pirated software. Multiple reports over the last decade have warned users that most torrent files for pirated software are usually laced with malware and not worth the risk. More

A simple technique has helped cybercrime gangs steal more than $22 million in user funds from users of the Electrum wallet app; a ZDNet investigation has discovered.
This particular technique was first seen in December 2018. Since then, the attack pattern has been reused in multiple campaigns over the past two years.
ZDNet has tracked down multiple Bitcoin accounts where criminals have gathered stolen funds from attacks they carried out over the course of 2019 and 2020, with some attacks taking place as recently as last month, in September 2020.
Reports from victims submitted to Bitcoin abuse portals reveal the same story.
Users of the Electrum Bitcoin wallet app received an unexpected update request via a popup message, they updated their wallet, and funds were immediately stolen and sent to an attacker’s Bitcoin account.

Looking at how cybercriminals are stealing funds, this technique works because of the inner workings of the Electrum wallet app and its backend infrastructure.
To process any transactions, Electrum wallets are designed to connect to the Bitcoin blockchain through a network of Electrum servers — known as ElectrumX.

Image: Peter Kacherginsky
However, while some wallet applications control who can manage these servers, things are different in Electrum’s open ecosystem, where everyone can set up an ElectrumX gateway server.
Since 2018, cybercrime gangs have been abusing this loophole to spin up malicious servers and wait for users to randomly connect to their systems.
When this happens, the attackers instruct the server to show a popup on the user’s screen, instructing the user to access an URL and download and install an Electrum wallet app update.

Image: SoberNight

Image: Peter Kacherginsky
Usually, this update download link is not for the official Electrum website, located at electrum.org, but to lookalike domains or GitHub repositories.
If users don’t pay attention to the URL, they eventually end up installing a malicious version of the Electrum wallet, which the next time the user tries to use will ask for a one-time passcode (OTP).
Normally, these codes are only requested before sending funds, and not at the Electrum wallet’s startup. If users enter the requested code —and most do, thinking they are using the official wallet— they effectively give official approval for the malicious wallet to transfer all of their funds to an attacker’s account.
Since December 2018, users have reported around ten Bitcoin accounts being used in what’s currently known as the “fake Electrum update scam.”
These wallets currently hold 1980 bitcoin, which is roughly just over $22 million in current currency. Taking into account the 202 bitcoin stolen in our original December 2018 report, this brings the total to more than $24.6 million stolen with one simple technique.
However, it must be said that a large chunk of these funds appear to have been stolen in one single incident in August, when a user reported losing 1,400 bitcoin (~$15.8 million) after updating an Electrum wallet.
Since this technique was first seen in late 2018, the Electrum team has taken several steps to mitigate this attack.
They first implemented a server blacklisting system on Electrum X servers to block malicious additions to their networks, and they also added an update preventing servers from showing HTML formatted popups to end users.
Nevertheless, a malicious server usually slips through the cracks here and there, and the attack still works very well for Bitcoin users still using older versions of the Electrum wallet app to manage funds. More

Technology companies in Brazil are moving towards recovery in 2021, with cloud computing, analytics and security being the three key areas of investment for buyers, according to a new study by analyst firm IDC.
According to the IDC WW COVID-19 – Impact on IT Spending Survey report carried out in June 2020 and updated in September, a more optimist outlook has been noticed of late. In June, 48% of the Brazilian companies polled said they immersed in the crisis, while the number has dropped to 14% in September.
When it comes to IT budgets, 42% of the Brazilian organizations surveyed said their spending for the coming year will be greater than what was forecast before Covid-19, while 22% will stick to their forecast and 36% said budgets should decrease in the coming year.
According to the IDC study, IT spending in Brazil in a pre-Covid scenario 19 had been enjoying growth of 6%. Currently, growth has dropped to about 2.8%. The analyst firm argued that despite the drop, the fact there is still growth reiterates that companies will continue to invest in IT.
For 2021, IDC growth predictions before the pandemic surpassed 9% and have been readjusted to 6.8%. In Infrastructure as a Service (IaaS), for example, pre-pandemic projections pointed to a 38.8% growth in spending and the forecast is now close to 26.9%.
Companies will still invest in managed and support services in Brazil, even if at a slow pace, the analyst firm said. The same is not likely to happen in the server and storage segment, which, according to IDC, had been shrinking even before the pandemic.
On the other hand, sectors such as cloud have been bullish in Brazil. Separate research carried out by the Regional Center for Studies on the Development of the Information Society (Cetic.br), the research arm of the Brazilian Network Information Centre (NIC.br), show an evolution in usage when comparing the last edition of the research in 2017 and the numbers from 2019.

According to the research, cloud-based storage grew from 25% to 38%. Enterprise software in the cloud has increased from 20% to 27% in two years, as well as the use of cloud processing capacity, which went from 16% to 23% over the same period. More