Information Technology

When it comes to Australia’s encryption laws, two out of the three arms can now be publicly said to have been used, following the release of the Telecommunications (Interception and Access) Act 1979 — Annual Report 2020-21 this week. In previous years, agencies had only used voluntary Technical Assistance Requests (TAR) to get service providers to help them, but the latest report shows NSW Police in the past year also turned to the first of the compulsory notices available. That request, used in a homicide investigation, is the first use of a compulsory Technical Assistance Notice (TAN) to force a provider to use a capability they already possess. Assistance notices issued by state-level law enforcement are reviewed by the Commissioner of the Australian Federal Police (AFP). Read more: What’s actually in Australia’s encryption laws? Everything you need to know This leaves the compulsory Technical Capability Notice (TCN) as the only form of notice yet to be publicly disclosed as used. The TCN forces providers to build a new capability for agencies and requires sign-off from the federal Attorney-General and Minister for Communications. The report said no TCNs were sought across the reporting period.Of the 25 TARs issued by agencies, NSW Police accounted for 16, Victoria Police for five, with the AFP and Australian Criminal Intelligence Commission both issuing a pair. The category of offences under which the TAR was issued were eight for organised offences, seven for homicide, seven for drug offences, and one each for sexual assault, cybercrime, and acts intended to cause injury. Australia’s encryption laws were passed in December 2018, with then-Labor leader Bill Shorten saying he wanted to make Australians safe over Christmas. A year later after losing an election, Labor wanted to fix the laws it voted for.

Since its passing, the most public display of these powers has been Operation Ironside, which the AFP labelled its “most significant operation in policing history”.A recent review of the TOLA Act gave a tick to the laws, but it did so while asking for additional safeguards to be added.For the now AU$238 million metadata retention scheme, over 314,000 requests for telco data were made. Almost 270,000 pieces of retained data were less than three months old, while over 5,700 were beyond the two-year retention window. Victoria Police made the most requests, with over 110,000, followed by NSW Police on 106,000, and WA Police making just over 26,200 requests for the period. Over 312,000 of the requests related to criminal offences, and almost 3,500 related to missing persons. Following the trend of years past, drug offences continued to be the offence with the most requests, this year with 68,500, followed by fraud, homicide, unlawful entry, abduction, and sexual assault all sitting in a band between 29,000 to 20,000 requests each. No agencies were authorised to become an enforcement agency in the 2020-21 reporting period, the report said. Inception warrants also continued the trend of past years, with Administrative Appeals Tribunal (AAT) members continuing to issue the vast bulk of said warrants, accounting for 2,900 of the 3,500 warrants issued. Of the AAT member number, just shy of 1,700 warrants were applied for by NSW Police with the force only getting 72 from Federal Court judges. Similarly, the AFP had 590 warrants approved by AAT members from its 653 total. Overall, 3,481 interception warrants were issued to all agencies, and information gained was used in 3,327 arrests, 6,424 prosecutions, and 2,610 convictions. Related Coverage More

Image: Getty Images
The circulation of election conspiracy theories in Australia has increased with the country set to have its federal election later this year, Australia’s electoral commissioner said on Tuesday night. Appearing before Senate estimates, AEC commissioner Tom Rogers said the uptick in election conspiracy theories mirrored what has been occurring in overseas jurisdictions. Among the conspiracies posted online has been that postal voting is not secure, Rogers said. The AEC commissioner also warned of other election conspiracies, specifically debunking misinformation that unvaccinated people will not be allowed to vote in person.”One [conspiracy] doesn’t seem to go away is that somehow we’re mandating that voters be vaccinated, and that this will deny people the vote,” he said, confirming that people will be allowed to vote in person regardless of their vaccination status. To address the rise in conspiracy theories, Rogers said his agency has been working more closely with social media platforms to quickly remove election misinformation and disinformation. For one instance of the postal voting conspiracy content arising online, the commissioner said his agency pointed out to Twitter that the content breached the platform’s terms of service, which culminated in that information being removed within three hours. “Twitter and others get rightly criticised, but it’s a shout out to them for being very responsive to remove something that’s dangerous,” Rogers said.

He noted, however, that addressing election misinformation is a complex issue as the nature of some conspiracies means their removal can fuel the creation of further conspiracies. “[This] can become very circular, so you need to exercise some judgment about how we deal with those issues,” he said. Rogers added that while the AEC was able to reach out to Twitter, negotiations are still ongoing with Digital Industry Group Inc (DiGi), the industry group advocating for big tech, to create a formal protocol for working with social media platforms to remove election disinformation and misinformation. In the meantime, all major social media platforms have given “assurances” that they would allocate more resources for monitoring election disinformation and misinformation for the upcoming Australian federal election, said deputy electoral commissioner Jeff Pope, who appeared alongside Rogers at Senate estimates. “For this election, we’re getting assurances from all of them that they will be expanding their hours of service, including having not just expanded hours of service here in Australia but then actually having staff in other parts of the world so that they can try and get as close to 24/7 coverage — so they’re not confined by the business hours of the staff here in Australia,” Pope explained. “For instance, some of them have staff here in Australia, they have a regional office in Singapore, then they have another office in Europe. They will be effectively following the sun as we go through the election to try and get as much maximum coverage as possible.” For the upcoming federal election, where voting is mandatory, the commission expects to go through 4.5 million pencils — up from 100,000 in 2019 — along with 34,000 bottles of surface cleaner, and 63,000 litres of hand sanitiser as part of its pandemic safety measures. Related Coverage More

VMware released patches for several vulnerabilities affecting VMware ESXi, Workstation, Fusion, and Cloud Foundation on Tuesday after security researchers participating in China’s Tianfu Cup discovered the issues.The company published a security advisory, VMSA-2022-0004, and told ZDNet that they encourage customers to deploy their products “in a security hardened configuration” while also applying all updates, security patches, and mitigations. The advisory covers CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, and CVE-2021-22050. 

“VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.4. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host,” the company explained. It added that VMware ESXi, Workstation, and Fusion also contain a double-fetch vulnerability in the UHCI USB controller.”These issues were discovered as part of the Tianfu Cup, a Chinese security event that VMware participates in. These vulnerabilities were reported to the Chinese government by the researchers that discovered them, in accordance with their laws,” VMware said in another FAQ on the issues. VMware also said ESXi contains an unauthorized access vulnerability due to VMX having access to setting authorization tickets. It gave the issue a maximum CVSSv3 base score of 8.2, noting that a hacker with privileges within the VMX process may only be able to access settings service running as a high-privileged user. VMware ESXi also has a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. That issue also has a maximum CVSSv3 base score of 8.2 because it allows malicious actors with access to settings to escalate their privileges by writing arbitrary files. “ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests,” VMware added. 

In the security advisory, VMware thanked Wei and VictorV of Kunlun Lab — working with the 2021 Tianfu Cup Pwn Contest — for reporting the issues. George Noseevich and Sergey Gerasimov of SolidLab were also thanked for their help with the issues. While VMware urged users to apply all patches, they also included workarounds in their advisories, telling customers that removing the USB controllers from virtual machines may also help deal with the issue. But the advisory says that may be infeasible at scale and “does not eliminate the potential threat like patching does.”

“The ramifications of this vulnerability are serious, especially if attackers have access to workloads inside your environments. Organizations that practice change management using the ITIL definitions of change types would consider this an ’emergency change,'” VMware said. VMSA-2022-0004 is widespread in terms of versions affected and operating systems it can run on, according to nVisium director of infrastructure Shawn Smith and Vectra vice president Aaron Turner. Turner said the use of VMWare technologies within most enterprises is widespread, well beyond what most security teams track as part of their vulnerability management programs.But Blumira CTO Matthew Warner said the vulnerabilities all require local access and, in some cases, privileged local access. In theory, CVE-2021-22041 could be executed remotely if an attacker exploited the guest, got onto the guest, and mounted a USB to it, Warner noted. “Ideally, remote execution of CVE-2021-22050 (DoS) should be impossible because ESXi should not be exposed to the internet. As usual, patch as soon as you can and ensure that your VMWare environments are not facing the internet. Treat local VMWare virtualization like Workstation and Fusion with care by ensuring you are collecting data from endpoints utilizing this software,” he said.  Turner echoed those remarks but said it could be a significant vulnerability exploited in an East-West or lateral movement campaign to gain access to virtualized workloads. More

The Ukrainian Defense Ministry and several state-backed banks were hit with distributed denial-of-service (DDoS) incidents or disruptions on Tuesday. The Defense Ministry website is down, and it confirmed that it was attacked, telling the public that it will be communicating through Twitter and Facebook. “The MOU website was probably attacked by DDoS. An excessive number of requests per second were recorded. Technical works on restoration of regular functioning are being carried out,” the Defense Ministry said on Tuesday afternoon.

❗️Сайт МОУ зазнав, ймовірно, DDoS-атаки: фіксувалася надмірна кількість звернень на секунду.Проводяться техроботи з відновлення штатного функціонування.Комунікація через сторінки в FB та Twitter, сайти АрміяInform https://t.co/ukMW41irPW та Армія FM https://t.co/IpDnBXoMXw.— Defence of Ukraine (@DefenceU) February 15, 2022

The confirmation came as residents of Ukraine reported issues with some ATMs and banking services at State Savings Bank, PrivatBank, and Oschadbank. NetBlocks, an organization tracking internet outages around the world, confirmed the loss of service to multiple banking and online platforms in Ukraine “in a manner consistent with a denial of service attack.””Metrics indicate impact beginning from early Tuesday intensifying in severity over the course of the day. Work is ongoing to assess the incident, which is ongoing at the time of writing,” the organization said. Their data showed that service returned after about an hour or two of issues. 

The Ukrainian Strategic Communications Center and Information Security also confirmed the attacks on the country’s banks in a statement, telling the public that they too believed it was a DDoS attack. 

“For the last few hours, Ukraine’s largest state-owned bank, Privatbank, has been under a massive DDoS attack. Users of the bank’s internet banking service Privat24 report problems with payments and the application in general,” it said, adding that customers of Oschadbank were also reporting serious issues.  

PrivatBank told the Strategic Communications Center and Information Security that no user funds have been stolen during the incident. The National Police later announced a criminal investigation into the DDoS incidents. The attack came as Russia announced a partial troop withdrawal from areas near Ukraine’s border. Russian President Vladimir Putin also said on Tuesday that he was interested in security discussions with the United States and NATO.Russia has faced international backlash for troop buildups near Ukraine’s border but has denied it plans to attack the country. US officials — who will not share their intelligence with the press — have repeatedly said a Russian attack is imminent. The US began evacuating almost all of the staff from its embassy in Kyiv this week, and Jake Sullivan, President Joe Biden’s national security adviser, urged all Americans in Ukraine to leave as soon as possible. Doug Madory, director of internet analysis at Kentik, said he analyzed some of the DDoS attacks and found that the targets include Mirohost (AS28907), which hosts the websites of the Ukraine Army. “Additionally, there has been a sudden surge of traffic directed at Ukraine’s largest bank, PrivatBank (AS15742) in recent hours,” Madory said. 
Kentik/Doug Madory
Christian Sorensen, former lead of the international cyber warfare team at US CYBERCOM, said the attacks are designed to ratchet up attention and pressure. “It doesn’t sound like much impact yet. In the coming hours/days, I would anticipate more activities to isolate and disrupt Ukrainian citizens and especially government activities,” said Sorensen, who is now CEO of cybersecurity firm SightGain. 

“The purpose at this stage is to increase leverage in negotiations. The next stage will be impactful and continue deterrence for other countries to get involved.” Biden responded forcefully to reports of a wide-ranging cyberattack on Ukrainian government systems in January, telling reporters that the US would respond with its own cyberattacks if Russia continues to target Ukraine’s digital infrastructure.  Biden’s comments came after Ukrainian officials told journalist Kim Zetter that dozens of systems within at least two government agencies were wiped during a cyberattack in January. Microsoft released a detailed blog about the wiping malware, named “WhisperGate,” and said it was first discovered on January 13. The wipers were launched days after more than 70 Ukrainian government websites were defaced by groups allegedly associated with Russian secret services. Both the National Cyber Security Centre (NCSC) in the UK and the Cybersecurity and Infrastructure Security Agency (CISA) have issued warnings about the potential for cyberattacks against both Ukraine and its allies. The Washington Post reported late on Tuesday that US officials believe hackers tied to the Russian government have already “broadly penetrated Ukrainian military, energy, and other critical computer networks.”  More

Singapore is stepping up security measures to bolster the local banking and communications infrastructures, which include the need for SMS service providers to check against a registry before sending through messages. Bank also are expected to develop “more versatile” artificial intelligence (AI) models to detect suspicious transactions.  The additional safeguards come in the heels of a recent spate of SMS phishing scams, which wiped out SG$13.7 million ($10.17 million) from the accounts of 790 OCBC Bank customers. Scammers had manipulated SMS Sender ID details to push out messages that appeared to be from OCBC, urging the victims to resolve issues with their bank accounts. They then were redirected to phishing websites and instructed to key in their bank login details, including username, PIN, and One-Time Password (OTP).   Describing the incident as the country’s most serious phishing scam involving spoofed SMSes impersonating banks, Minister for Finance Lawrence Wong said various steps would be taken to better mitigate the risks of such scams. These would span the entire ecosystem, including banks, telecommunications, law enforcement, and consumer education, Wong said Tuesday during his ministerial statement in parliament. The minister also is deputy chairman of the Monetary Authority of Singapore (MAS).  The OCBC scams prompted MAS to mandate new security measures last month that, amongst others, required banks to remove hyperlinks from email or SMS messages sent to consumers and implement a 12-hour delay in activating mobile software tokens. 

Wong noted that MAS last October were in discussions with local banks to highlight gaps that surfaced from the regulator’s “focused supervisory review”, which was conducted in the third quarter of 2021. Initiated in view of the increase in scam cases over the past two years, the review assessed fraud controls in the digital banking channels of the three local banks, including DBS Bank and UOB.  Wong said the banks were provided recommendations to remediate the gaps and they put in place timelines to deploy the various measures, some of which required extensive changes in their IT systems. With the spike in phishing scams last December, he said OCBC accelerated the implementation of some of these measures, such as extending the cooling period–during which higher risk transactions could not be carried out–after a digital token had been set up on a new mobile device.  More steps were in the works, the minister said. 

Banks would be working to further bolster their fraud monitoring capabilities to better identify suspicious and anomalous transactions, including credit card transactions. While most banks already had some rules-based parameters, these needed to be expanded to take account of a brander range of scam scenarios, Wong explained.  “Beyond pre-defined parameters, MAS will expect banks to develop more versatile algorithms employing AI and machine learning to detect suspicious transactions,” he said. “Such algorithms should be based on multiple sources of information, including customer profile and vulnerabilities, past transaction patterns, account activity, and mobile device identification.” He stressed, though, that advanced fraud monitoring systems would not be able to detect every scam.  Singapore banks also would be beefing up their ability to more quickly block suspicious transactions and contact customers to verify their authenticity. Transactions would only be unblocked and processed when confirmed by the customer, he said. Again, while banks already had these capabilities today, he noted that these were not consistent across various types of transactions.  In addition, MAS was looking into the possibility of allowing customers to freeze their own accounts without needing to contact the banks.  Banks also would introduce additional confirmations from customers, beyond notifications, for significant changes made to their accounts or high-risk transactions, such as changes in the details of the account holder and activation of tokens on another device.  These would come with added inconvenience to customers carrying out legitimate transactions, but were necessary to boost the security of digital banking and users would have to adapt, Wong said.  Local banks also would look at widening the use of biometrics as a means of authentication, in addition to passwords and OTPs. The minister said this would add another layer of security that could not be easily phished by scammers.  Banks would further accelerate the move towards using mobile banking apps to authenticate customer’s identity, authorise transactions, and deliver bank notifications.  A review also was being carried out on the use of SMS-based OTPs and measures needed to reduce the risks of its use.  Security measures needed across infrastructures Further steps are in the pipeline that involve other proponents in the ecosystem, specifically, telecommunications services providers. Commenting on the need to beef up defences through telco networks, Minister for Communications and Information Josephine Teo, said: “To combat phishing and spoofing by scammers, we should disrupt as many parts of their modus operandi as possible. Apart from enhanced safeguards in the banking system to prevent scams from easily succeeding, upstream measures are also needed to disrupt scammers’ reach to potential victims.”  For one, SMS service providers and telcos will be required to check against the national Sender ID registry and only send through messages when the sender details match the registry records, Teo said Tuesday, during her ministerial statement in parliament. This means that SMS messages that spoof registered IDs will not reach their intended targets.  A pilot was launched last August to enable organisations to register SMS Sender ID headers they wished to safeguard with the registry. Doing so would help ensure messages sent via unauthorised use of the protected SMS Sender ID would be blocked.  According to Teo, all organisations also must have a valid UEN (unique entity number) if they want to send SMS messages through registered IDs, to phone subscribers in Singapore.  She added that MAS had made it mandatory for all major retail banks to register their Sender ID details with the registry. All government agencies also would do likewise.  Noting that scammers also used IDs that looked similar to legitimate Sender IDs, she said the government was exploring the possibility of requiring all users of alphanumeric IDs to be registered. This would prevent scammers from sending SMS messages using such IDs, without first joining the registry, she said.  Teo said these measures would require time to implement and involved additional costs for businesses. Those that chose not to register their Sender ID details would have their SMS messages show up only with their telephone number. Customers then would have to save the number in their contact list to recognise future messages from the organisation.  Industry regulator Infocomm Media Development Authority would consider such implications in deciding whether to mandate the registration of all alphanumeric IDs, she said.  She urged businesses to assess their use of SMS to engage customers, as the medium was based on an old technology and not designed for secure communications. She called for “more restraint” in using the platform to transmit sensitive or confidential information or for high value transactions.  Other measures also were planned, including telcos’ efforts to incorporate additional analytics to block more suspected scam calls. This could lead to 55 million calls blocked a month, up from the 15 million, or one in seven of all incoming overseas calls to Singapore, currently blocked each month.Phishing websites also would continue to be blacklisted. Some 12,000 scam websites were blocked last year, up from 500 websites blocked in 2020, according to Teo.The National Crime Prevention Council also will start a WhatsApp channel, by the third quarter of this year, to crowdsource from the public information on scam websites and messages, she added. Wong said: “There is no single measure that can guarantee the security of digital banking. The techniques employed by scammers are constantly evolving and gaining in sophistication. This is why in the fight against scams, banks need to employ a combination of measures in prevention, detection, response and recovery, and constantly review and recalibrate these measures.”He added that customers, the industry, and infrastructure providers must remain alert to prevent a recurrence of large-scale scams such as those involving OCBC. “The breadth of the issues raised underscore we need to take an ecosystem approach to strengthen our collective defence against phishing scams, and scams in general,” he said. “Everyone in this ecosystem must play their part.”In the OCBC phishing scams, to date, the Singapore Police Force has frozen 121 bank accounts here and recovered some SG$2 million. Another SG$2.2 million of victims’ funds were traced to 89 overseas bank accounts. At least 107 local and 171 overseas IP addresses were linked to the unauthorised access of the victims’ internet banking accounts. Many of the phishing websites used in the OCBC scams were hosted on web hosting companies based overseas, according to Minister of State for Ministry of Home Affairs, Desmond Tan. He said the SPF was working with the Interpol and foreign law enforcement agencies to investigate recipients of funds transferred overseas as well as hosts of the scam websites.RELATED COVERAGE More

Facebook parent company Meta has reached a $90 million settlement in a case that’s been ongoing since 2012. The legal fight was caused by Facebook’s use of cookies and a proprietary browser plug-in in 2010 and 2011 to track users after they had completely logged off the social network. Although users had to agree to being tracked while they were logged into Facebook, that tracking was supposed to end upon logout, according to the end-user licensing agreement. It did not. 

Per Variety, the settlement to the privacy-focused suit is now being considered by the US District Court for the Northern District of California, which will need to approve the agreement. The case has been simmering for nearly a decade thanks to a series of appeals from both sides, with Facebook having won out in several previous hearings. However, in 2020, the 9th Circuit Court ruled against the social network. This decision, followed by the US Supreme Court declining to hear the case, likely prompted its decision to finally settle the matter. As Variety notes, this settlement, if approved, would be one of the 10 largest penalties ever paid in the US for violating user privacy. Under the terms of Meta’s proposed settlement, Facebook will sequester and delete all of the data collected during this period. Facebook’s opponent in the case, the law firm of DiCello Levitt Gutzler, noted that the $90 million represents “at least 100% of any unjust profits earned on the data at issue.”

This is Facebook’s second entry on the top 10 list of privacy settlements in US history. Its other entry was the staggering $650 million in total penalties the site agreed to pay to settle a lawsuit surrounding its previous use of a facial recognition system as part of its photo tagging feature. That privacy violation settlement currently remains the most costly of its kind in US history. A Meta spokesperson told Variety, “Reaching a settlement in this case, which is more than a decade old, is in the best interest of our community and our shareholders and we’re glad to move past this issue.”Just as this case may finally be ending, Meta finds itself with another privacy suit joining the long list of those against it. This time, the company is in hot water with the Texas Attorney General claiming it violated user privacy through its use of biometric data. Facebook previously told ZDNet that the latest suit’s “claims are without merit and we will defend ourselves vigorously.”

Social Networking More

The unsweetness of love?
Shutterstock
In a week when so many profess their love, I profess confusion.

I was intently ignoring the tawdry spectacle of Valentine’s Day when a press release muscled its way onto my laptop, claiming to smell like a rose.The headline was joyous: “Seeking.com Cuts the Sugar and Rebrands for Success-Minded Individuals Looking to Date Up.”From ‘love doesn’t exist’ to ‘I’ll never divorce.’A tricky maneuver, rebranding. There’s always the suspicion that you’re running away from what you were before. Especially if you used to be called SeekingArrangement.com and your founder and CEO once declared that “love doesn’t exist.”The clue to the rebrand, however, seems to lie in cutting the sugar. Seeking.com, you see, was rather known for being the place for highly sweetened relationships.Or, in the company’s own words: “What started as an elite dating site for finding honest, authentic connections based on success-minded interests has become misrepresented over the years, with the phrase ‘sugar dating’ taking on a more negative, transactional connotation.”

Also: Microsoft quietly released a little feature and suddenly it caused outrageOh, the tragedy of misrepresentation. The ghastly nuance of cynicism polluting true love.But now things have changed, says “the world’s largest upscale dating website.””Seeking will ditch the sugar,” proclaims the company. It will be “relaunching as the largest platform for like-minded individuals looking to date up and forge relationships on their own terms.”Dating up is a curious concept. Does it mean dating someone far more physically fetching than you are? Or does it merely mean dating someone who’s got more money than you do?I feared the latter; I really did. Somehow, money is a currency that embraces far more than numbers and things. It conveys, in too many minds, a desirability that really shouldn’t be there. And I’m not referring to any famous tech CEOs when I say that.But never let it be said that tech CEOs are egotistical, purely driven by their own self-involvement and self-regard. Then again, here are the thoughts of Seeking’s CEO, Brandon Wade: “When I started Seeking in 2006, my dating life flourished. I was arrogant and openly embraced non-monogamy. But everything changed when I met my soulmate Dana.””Oh, Dana,” I hear you wail. “How I hope you’re a lot richer than Brandon.”I also hear you wail: “So arrogance and openly embracing non-monogamy are the pillars of a flourishing dating life?”Please hold those thoughts, as Wade wants you to wade through more drama: “The evolution of Seeking now reflects my personal journey.” So much so that Wade says he’s giving up his legal right to divorce.Dating up or diving down?I can hear you moan: “What? Are you totally off your chump?”I can tell, though, that you want to be taken by this Damascene conversion. I can also tell that, as a committed ZDNet reader, you’re concerned about updating security. Headlines such as “Hacker leaks data of 2.28 million dating site users” are all too familiar.Our newly self-discovered, sugar-free CEO has thought of that. Also: Google’s new motto: Don’t be evil, be AppleSeeking declares: “The security team uses both AI and human-in-the-loop (humans using AI) technology, in addition to state-of-the-art protection and security monitoring of all profiles. Overseeing more than 2.5 million pieces of content daily, Seeking offers the most sophisticated dating bot detection on the market.”You’re desperate to believe, aren’t you?I was desperate to wonder what the difference is between sugar daddyism and dating up. So I asked Seeking for its definition.The company replied: “Dating up is the belief that one can do better on the dating scene than one currently is.”Doesn’t that cover just about everyone? Except for Wade, pre-conversion?But Seeking’s definition has only just begun. This is, as apparent British Prime Minister Boris Johnson might put it, all about leveling up.”Evaluating one’s self-esteem, worth, wants, life goals and judgment to at least one level up to live as they choose versus society dictating the terms, typically targeting a more exciting and fulfilling lifestyle,” the company says.At least one level up. Who’s measuring the levels? You are, I suppose. But wait, Seeking levels up further, with some hilariously taut philosophy.It adds an additional definition: “The act of being truthful in what one wants out of a relationship and elevating one’s status in the process.”The truth will not only set you free, but it will also elevate your status.I fear many feel they elevate their status when they go online and buy the latest MacBook. So, on hearing that Seeking intends to place its definition of dating up in the Urban Dictionary, I asked for a more, well, urban interpretation.This is what I received: “I can’t believe Matt was dating cheugy Karen. What a simp. She was so cringe. Natalie is the blueprint — hot, bougie and all sass. It’s about time bruh is finally dating up. Props to Matt for upscaling his options in the dating experience.”Seriously.Here, then, is your ultimate definition of dating success, should you wish to accept it: Hot, bougie and all sass. I suppose they call that a business model.

ZDNet Recommends More

The combination of Squirrelwaffle, ProxyLogon, and ProxyShell against Microsoft Exchange Servers is being used to conduct financial fraud through email hijacking. 

ZDNet Recommends

The best security key

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

On Tuesday, researchers from Sophos revealed a recent incident in which a Microsoft Exchange Server, which had not been patched to protect it against a set of critical vulnerabilities disclosed last year, was targeted to hijack email threads and spread malspam. Microsoft issued emergency patches on March 2, 2021, to resolve zero-day vulnerabilities exploitable to hijack servers. The advanced persistent threat (APT) group Hafnium was actively exploiting the bugs at this time, and other APTs quickly followed suit.  While the ProxyLogon/ProxyShell vulnerabilities are now well-known, some servers are still unpatched and open to attacks.  The recent case documented by Sophos combined the Microsoft Exchange Server flaws with Squirrelwaffle, a malware loader first documented last year in malicious spam campaigns. The loader is often distributed through malicious Microsoft Office documents or DocuSign content tacked on to phishing emails.  If an intended victim enables macros in the weaponized documents, Squirrelwaffle then is often used to pull and execute CobaltStrike beacons via a VBS script.  Also: FritzFrog botnet returns to attack healthcare, education, government sectors

Sophos says that in the recent campaign, the loader was deployed once the Microsoft Exchange Server had been compromised. The server, belonging to an unnamed organization, was used to “mass distribute” Squirrelwaffle to internal and external email addresses by hijacking existing email threads between employees. Email hijacking can take many forms. Communication threads can be compromised through social engineering and impersonation — such as by an attacker pretending to be an executive to fool accounting departments into signing off a fraudulent transaction — or by sending email blasts containing links leading to malware payloads.  In this case, the spam campaign was used to spread Squirrelwaffle, but in addition, attackers extracted an email thread and used the internal knowledge within to conduct financial fraud.  Customer data was taken, and a victim organization was selected. The attackers registered a domain with a name very close to the victim — a technique known as typo-squatting — and then created email accounts through this domain to reply to the email thread outside of the server. “To add further legitimacy to the conversation, the attackers copied additional email addresses to give the impression that they were requesting support from an internal department,” Sophos explained. “In fact, the additional addresses were also created by the attacker under the typo-squatted domain.”  Over six days, the attackers tried to direct a legitimate financial transaction to a bank account they owned. The payment was on its way to being processed, and it was only due to a bank involved in the transaction realizing the transfer was likely fraudulent that the victim did not fall prey to the attack.  “This is a good reminder that patching alone isn’t always enough for protection,” commented Matthew Everts, Sophos researcher. “In the case of vulnerable Exchange servers, for example, you also need to check the attackers haven’t left behind a web shell to maintain access. And when it comes to sophisticated social engineering attacks such as those used in email thread hijacking, educating employees about what to look out for and how to report it is critical for detection.” See alsoHave a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More