By Waqas
Ukraine used Clearview AI, now it is up for grabs by US Defense agencies!
This is a post from HackRead.com Read the original post: Controversial Clearview AI Added to US Government’s Tech Marketplace

Clearview AI, a facial recognition company mixed up in privacy debates, is now listed on the US government’s Tradewinds Solutions Marketplace – This move puts their technology in the running for potential use by national defence agencies, sparking renewed concerns about facial recognition and its role in security. Will Clearview AI be a valuable tool or an erosion of privacy?

On March 19, 2024, the controversial facial recognition technology company, **Clearview AI**, announced its inclusion in the Tradewinds Solutions Marketplace. This move grants Clearview AI “Awardable” status, making its facial recognition platform a potential candidate for use in national defence contracts across the United States.

It is worth mentioning that in March 2022, Clearview AI’s facial recognition solution was also **used by Ukraine**, which the country claimed was utilized to monitor ‘People of Interest.’

The **Tradewinds Solutions Marketplace**, managed by the Chief Digital and Artificial Intelligence Office (CDAO), functions as a repository of digital tools that have been pre-approved for consideration by US federal agencies.

This streamlined process allows agencies, particularly the Department of Defense, to efficiently identify and procure vetted technologies that meet the requirements of federal acquisition regulations.

Clearview AI’s facial recognition system boasts an extensive **database of over 40 billion images** culled from publicly available sources across the internet. This vast collection of data allows the platform to identify individuals with a high degree of accuracy, according to the company.

Clearview AI emphasizes the potential benefits of its technology for national security. The company argues that its platform can be a powerful tool for intelligence and defence agencies, enabling them to identify unknown individuals and enhance national security efforts through the use of open-source intelligence (**OSINT**).

****Clearview AI and privacy and cybersecurity issues****

However, Clearview AI’s data collection practices have raised privacy concerns in the past. Critics argue that the company’s unrestricted scraping of publicly available images constitutes a privacy intrusion, raising questions about the potential for misuse of the technology.

**In March 2020**, Apple suspended the Clearview AI app from the App Store for breaching the company’s Developer Enterprise Program terms and services. Before the suspension, in February 2020, unknown hackers **claimed** a data breach at Clearview AI which the company denied.

The New York Times originally uncovered Clearview AI’s privacy breaches, revealing that the company shares data with law enforcement to identify suspects by comparing their images with online photos. Clearview AI retains deleted photos in its database.

Following these revelations, Twitter, Facebook, and Google issued cease-and-desist notices to Clearview AI. Additionally, lawmakers in New Jersey prohibited law enforcement agencies from utilizing its software or services.

In response to the allegations, the company’s founder and CEO, Hoan Ton-That, stated that he aims to establish a prominent American enterprise by providing life-saving technology for detecting criminals. He emphasized that the company’s practices are not maliciously intended, as the software is never sold to other countries.

However, in the **press release** published on March 19, 2924, in response to the inclusion, the CEO called it a matter of pride for the company and its “cutting-edge” technology.

> _“We are proud to be approved to offer our cutting-edge technology on the Tradewinds Marketplace. National Security and Military organizations will get immediate access to a secure facial recognition search engine that can help to identify unknown individuals, and enhance national security efforts using Open Source Intelligence (OSINT).”_
> 
> — Hoan Ton-That, Co-Founder & CEO of Clearview AI

Nevertheless, the addition of Clearview AI to the Tradewinds Solutions Marketplace will set off the debate surrounding **facial recognition technology** and its role in national security. While some see it as a valuable tool for law enforcement and defence, others worry about the potential for government overreach and the erosion of individual privacy.

1.  Deepfakes Used in Bypass Facial Recognition Systems
2.  Fawkes privacy tool blocks images from facial recognition
3.  Meet IRpair & Phantom; powerful anti-facial recognition glasses
4.  Chinese facial recognition database tracking Muslims left exposed
5.  Police locate suspect from a crowd of 60K using Facial Recognition

Controversial Clearview AI Added to US Government’s Tech Marketplace

There is also a newly disclosed vulnerability in a graphics driver for some NVIDIA GPUs that could lead to a memory leak.

Wednesday, March 20, 2024 12:00

Cisco Talos’ Vulnerability Research team recently disclosed three vulnerabilities across a range of products, including one that could lead to remote code execution in a popular Netgear wireless router designed for home networks. 

There is also a newly disclosed vulnerability in a graphics driver for some NVIDIA GPUs that could lead to a memory leak. 

All the vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. 

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.  

**Netgear RAX30 JSON parsing stack-based buffer overflow vulnerability **

_Discovered by Michael Gentile._ 

The Netgear RAX30 wireless router contains a stack-based buffer overflow vulnerability that could allow an attacker to execute arbitrary code on the device.  

An adversary could send a targeted device a specially crafted HTTP request to eventually cause a buffer overflow condition. 

The RAX30 is a dual-band Wi-Fi router that’s commonly used on home networks. In an advisory about TALOS-2023-1887 (CVE-2023-48725), Netgear stated that the vulnerability “requires an attacker to have your WiFi password or an Ethernet connection to a device on your network to be exploited.” 

**NVIDIA D3D10 driver out-of-bounds read vulnerability **

_Discovered by Piotr Bania._ 

TALOS-2023-1849 (CVE-2024-0071) is an out-of-bounds read vulnerability in the shader functionality of the NVIDIA D3D10 driver that runs on several NVIDIA graphics cards. Drivers like D3D10 are usually necessary for the GPU to function properly. 

An adversary could send a specially crafted executable or shader file to the targeted machine to trigger an out-of-bounds read and eventually leak memory.  

This vulnerability could be triggered from guest machines running virtual environments to perform a guest-to-host escape. Theoretically, it could be exploited from a web browser, but Talos tested this vulnerability from a Windows Hyper-V guest using the RemoteFX feature, leading to execution of the vulnerable code on the Hyper-V host. While RemoteFX is no longer actively maintained by Microsoft, some older machines may still use this software.  

An out-of-bounds read vulnerability exists in the Shader functionality of NVIDIA D3D10 Driver, Version 546.01, 31.0.15.4601. A specially crafted executable/shader file can lead to an out-of-bounds read. An attacker can provide a specially crafted shader file to trigger this vulnerability. 

An adversary could also use this vulnerability to leak host data to the guest machine. 

**Denial-of-service vulnerability in Google Chrome Video Encoder **

_Discovered by Piotr Bania._ 

A denial-of-service vulnerability in Google Chrome’s video encoder could crash the browser.  

TALOS-2023-1870 is triggered if the targeted user visits an attacker-created website that contains specific code.  

Talos’ sample exploit runs a JavaScript code related to the Chrome video encoding functionality, eventually causing a denial-of-service in the browser and stopping all processes in Chrome.

Netgear wireless router open to code execution after buffer overflow vulnerability

By Uzair Amir
In today’s data-driven online world, the imperative for stringent Data Loss Prevention (DLP) measures has never been more…
This is a post from HackRead.com Read the original post: How To Craft The Perfect Data Loss Prevention Strategy

In today’s data-driven online world, the imperative for stringent Data Loss Prevention (DLP) measures has never been more critical. With the rise of cybersecurity threats and the increasing regulatory demands for data privacy and security, organizations are compelled to prioritize the safeguarding of sensitive information. 

That said, this article will delve into the essential components and steps involved in crafting a perfect DLP strategy, offering a comprehensive roadmap for organizations aiming to fortify their defences against the ever-evolving domain of data security threats. 

****What Is DLP?****

DLP is a set of strategies, technologies, and processes designed to protect sensitive data from being lost, misused, accessed, or disclosed without authorization. Generally, DLP solutions from service providers, such as Next DLP, aim to detect and prevent the unauthorized transfer and use of confidential information within an organization’s network and on endpoints such as laptops and mobile devices. 

DLP systems identify, monitor, and protect data in use (accessed or processed), in motion (transmitted over a network), and at rest (stored on physical or virtual storage systems). Administrators can configure these systems to automatically classify and encrypt sensitive data, enforce data handling policies, and block any leakage or unauthorized sharing of sensitive information.

****Key Components Of DLP** **

The effectiveness of a DLP strategy hinges on several key components, each playing a vital role in the protection of data across an organization. Below is an elaboration on these components:

*   **Content Discovery and Classification**: Scanning storage and endpoints to find sensitive information, classify it according to its level of sensitivity, and apply appropriate security controls.
*   **Policy Enforcement**: Creating rules that define how sensitive data should be handled based on regulatory compliance requirements and internal data protection policies. These rules can specify actions to be taken when policy violations are detected, such as blocking data transfers or alerting administrators. 
*   **Monitoring and Reporting**: Continuously monitoring data movement and access within the organization, detecting policy violations, and generating reports for compliance audits and forensic analysis. 
*   **Incident Response and Workflow**: Providing tools for incident management and remediation, including workflows to handle detected policy violations appropriately.

****Effective Strategy For Data Loss Prevention****

Crafting the perfect DLP strategy involves a comprehensive approach that protects sensitive data from unauthorized access, use, disclosure, modification, recording, or destruction. This strategy is crucial for organizations to protect their intellectual property and customer data and maintain compliance with regulations. Here’s how to develop an effective DLP strategy:

1.  **Understanding Your Data**

The first step in creating an effective DLP strategy involves a deep understanding of the data your organization handles. This means identifying what data is considered sensitive, which could range from personal identifiable information (PII) to financial details, intellectual property, and trade secrets. 

Once identified, it’s crucial to classify this data based on its sensitivity and the potential impact its loss could have on the organization. Classifying data helps determine the level of protection needed for different types of data, ensuring that resources are allocated efficiently to safeguard the most critical information.

2.  **Knowing Your Regulatory Requirements**

Compliance with legal and regulatory requirements is another critical aspect of a DLP strategy. Different industries and regions have specific regulations governing the handling and protection of data, such as the General Data Protection Regulation (GDPR) in the European Union, the Health Insurance Portability and Accountability Act (HIPAA) in the healthcare sector, and the Payment Card Industry Data Security Standard (PCI DSS) for payment data. 

Understanding these requirements is crucial for developing policies that not only protect sensitive data but also ensure the organization complies with relevant laws, thereby avoiding potential legal and financial penalties.

3.  **Implementing Strong Access Controls**

Implementing strong access controls is foundational to preventing unauthorized access to sensitive data. This involves adhering to the principle of least privilege, where employees have access only to the data necessary for their job functions. 

Effective authentication and authorization mechanisms are also vital, as they help define clear access levels and ensure that only authorized personnel can access certain data types, thus minimizing the risk of internal and external breaches.

4.  **Utilizing Technology Solutions**

Technology plays a pivotal role in DLP strategies. Implementing DLP software solutions can help monitor, detect, and prevent the unauthorized use or transmission of sensitive information across the organization’s networks, storage, and endpoints. Encryption is another essential tool, securing data at rest and in transit to ensure that it remains inaccessible and unreadable to unauthorized individuals, even in the event of a breach.

5.  **Monitoring And Incident Response**

Continuous monitoring of data access and movement is critical for early detection of potential data loss incidents. Alongside monitoring, having a solid incident response strategy is crucial. This plan must specify the immediate steps to take after a data breach, including containing the breach, evaluating its impact, informing impacted individuals, and taking steps to avoid future breaches. Ensuring the incident response plan is up-to-date and regularly tested prepares organizations for any data security challenges.

6.  **Educating And Training Staff**

Human error is a significant factor in many data breaches. Therefore, educating and training staff on the importance of data protection and secure data handling practices is indispensable. Regular awareness programs, alongside simulated phishing attacks, can enhance employees’ ability to recognize and respond to security threats, thereby playing a proactive role in safeguarding the organization’s data.

7.  **Conducting Regular Audits And Improvements**

Regular audits are necessary to ensure the effectiveness of a DLP strategy. These audits assess the strategy’s performance, identify any weaknesses or gaps, and provide insights for improvement. A culture of continuous improvement helps the organization adapt to evolving threats and changes in the business environment, ensuring that the DLP strategy remains effective over time.

8.  **Partnering With Trusted Vendors**

Choosing the right technology and partners is crucial for an effective DLP strategy. Partnering with reputable vendors known for their robust data protection solutions can provide the tools and support necessary for preventing data loss. Evaluating potential vendors based on their features, scalability, and customer support ensures that the organization’s DLP needs are met both now and in the future.

9.  **Cloud and End-point Protection**

With the rise of remote work and cloud computing, a modern DLP strategy must extend its reach to cloud storage and end-point devices. Implementing cloud access security brokers (CASBs) can provide visibility and control over cloud services, ensuring that DLP policies are consistently applied across cloud environments. Similarly, end-point DLP solutions can monitor and control data transfer on individual devices, protecting against data loss even outside the corporate network. 

10.  **Incorporating DLP Into Company Culture**

Lastly, embedding data loss prevention into the company culture is vital. Making data protection a core value and priority at all levels of the organization encourages a proactive stance on data security. Open communication about potential risks and the collective responsibility to protect data reinforces the importance of everyone’s role in the DLP strategy.

****Conclusion****

Effective data loss prevention is not just about compliance or avoiding negative outcomes – it’s about enabling the organization to confidently leverage its data to drive innovation, growth, and competitive advantage. By ensuring that sensitive information is secure and used appropriately, DLP empowers organizations to maximize the value of their data while minimizing risk.

1.  Top Data Security Issues of Remote Work
2.  Approaching Complex Data Security for Small Businesses
3.  Data Security: Leveraging AI for Enhanced Threat Detection
4.  CloudNordic Faces Severe Data Loss After Ransomware Attack
5.  Hacker Delete Bykea Database, Backup Saves Firm from Data Loss

How To Craft The Perfect Data Loss Prevention Strategy

By Daily Contributors
Last week, Charles Dray from Resonance Security organized a meeting for me with Davide Vicini, the CEO of Freename, which is a company in…
This is a post from HackRead.com Read the original post: Owning Versus Renting – The Circumstances of Web3 Domains

Last week, Charles Dray from Resonance Security organized a meeting for me with Davide Vicini, the CEO of Freename, which is a company in the Web3 domain name space.

We chatted for five minutes about the relative merits of Florence and Rome and then had a further forty-minute conversation about the decentralized future of DNS, which got quite deep and technical at times.

However, don’t worry. Although Davide would love for me to dig into all the nuances and subtleties of the products and services relating to Web3 domain names his company offers, I know that the best articles make one single clear point.

The point I want to make with this article is that Web3 has a habit of blindly walking down the same old centralized approaches that Web2 has taken, often to our disadvantage.

No more so than in the Web3 domain name space.

But first, a little sidebar about domain names, and then ownership.

****Are you on the bus?****

I can still remember the first time I saw a website address on the back of a bus in Cambridge, back in 2001. It was an advertisement for an estate agency, with two improbably cheerful people in suits standing in front of a house, and a URL at the bottom.

I remember thinking, “Gosh, if people like that are going to put website addresses up on buses, then they might be something significant in the future.”

Domains are the equivalent of buying land in a space of scarcity. Even so, with the universe drawing an obvious parallel in the advert (domain name = real estate), I didn’t go and look for a promising domain name to buy.

I already had my domain — registered in 2001, so it’s 23 years old. And it’s a ridiculous domain: _ongar.org_. At that time I could have bought _vodka.org_ or _spaceships.com_, for heaven’s sake!

Back then, hardly anyone appreciated that domain names were like the island of Manhattan just before the skyscrapers started going up. We now consider domain names as significant, even though they’re a made-up concept.

Domains are big business, and even though they are virtual, good ones can change hands for millions of dollars.

****About ownership****

What is it about blockchain and Web3 that makes them different from databases and Web2?

When you dig into it, the answer is that blockchains allow you to create digital “objects” that you can independently own. For example, provided you are careful with your private key, the Bitcoin you own is yours, and can only be taken from by force; through torture or intimidation.

> _“A blockchain allows you to create a unique, unforgeable, and unalterable digital item, on a computer network, with clearly defined ownership.”_

But when you think about it more deeply, you’ll realize you don’t own much, if anything, in the real world. The loaf of bread you bought from the shop this morning, or the nice-looking pine cone you found on your walk to work is probably the closest you can get to true independent ownership.

You see, although you may ‘own’ a house, (or perhaps dream of owning a house if you’re a millennial), you never really will.

Even if you’ve paid off your mortgage, in most countries you still have to pay property and land taxes or it gets taken off you. So, in a sense, you’re renting it from the government.

Similarly, the government may decide that they want to build a road or bypass through your garden, and again, most countries have laws that allow them to force you to sell your property to them for this purpose.

That doesn’t sound much like ownership to me.

****The rent is too high in Web2****

We live in a world where the trend has been towards renting and away from owning. Instead of buying music on vinyl or CD, we now borrow it from Spotify, at a price. A subscription to a video streaming service provider means we don’t own our copies of movies anymore.

And on the Internet, we don’t own our Web2 website address — we rent it, through a registrar that gets its authority from ICANN (that’s the Internet Corporation for Assigned Names and Numbers) or some other organization like it.

They get a yearly cut, and we get a leasehold on the domain name.

****Why is there rent in Web3?****

You would think that in the brave new world of blockchain, the Web3 equivalent of domain name services would respect the concept of ownership.

You’d be wrong.

I searched for companies offering their implementations of domain names in Web3 and found ten leading companies. Only two of them offered you the right to buy your domain name in perpetuity for a fixed fee — Freename and Unstoppable.

****The rest use the Web2 business model.****

There’s a reason why Web2 methodologies are enticing to companies — they’re highly profitable. Subscriptions make more money over time than selling a one-off license or product.

Just as Google and Facebook (sorry, Meta) were irresistibly compelled to harvest and sell our data for the vast profits this avails them, Web3 companies are drawn to offer subscription models rather than outright ownership in the original spirit of blockchain, because of the recurring stream of revenue they offer.

“But what happens if someone buys a name and then loses the keys or dies without passing them on?” is an objection that one person raised with me.

****My response? “So what?”****

What happens today the Web2 domain you want, _yourcompanyname.com_, is not available. You try _your-company-name.com_, or _yourcompanyname.io_, or some other suitable domain. You will find one because there are now many top-level domains to choose between and even more second-level domain variants to select from.

As for the number of options and companies out there when it comes to obtaining a Web3 domain?

They highlight the fact that Web3 is still a frontier industry — we still have the opportunity to stake claims and shape its future, or at least vote with our feet and our crypto.

For now.

1.  The Benefits Of Blockchain In The Travel Industry
2.  What is Blockchain Gaming and its Play-to-Earn Model?
3.  The Rise of Blockchain Gaming and Secure Marketplaces
4.  Web3 Requires More Than IPFS for True Decentralization
5.  Signal21 Launch Bridges Gap in Blockchain Intelligence Services

**Keir Finlow-Bates**

**_This article was authored and contributed by Keir Finlow-Bates, a passionate blockchain enthusiast and technologist._**

Owning Versus Renting – The Circumstances of Web3 Domains

Ubuntu Security Notice 6699-1 - Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service. It was discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel did not properly handle network packets in certain conditions, leading to a use after free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6699-1March 18, 2024linux vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 14.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernelDetails:Reima Ishii discovered that the nested KVM implementation for Intel x86processors in the Linux kernel did not properly validate control registersin certain situations. An attacker in a guest VM could use this to cause adenial of service (guest crash). (CVE-2023-30456)It was discovered that the Quick Fair Queueing scheduler implementation inthe Linux kernel did not properly handle network packets in certainconditions, leading to a use after free vulnerability. A local attackercould use this to cause a denial of service (system crash) or possiblyexecute arbitrary code. (CVE-2023-4921)It was discovered that a race condition existed in the SCSI EmulexLightPulse Fibre Channel driver in the Linux kernel when unregistering FCFand re-scanning an HBA FCF table, leading to a null pointer dereferencevulnerability. A local attacker could use this to cause a denial of service(system crash). (CVE-2024-24855)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 14.04 LTS (Available with Ubuntu Pro):   linux-image-3.13.0-197-generic  3.13.0-197.248   linux-image-3.13.0-197-lowlatency  3.13.0-197.248   linux-image-generic             3.13.0.197.207   linux-image-generic-lts-trusty  3.13.0.197.207   linux-image-lowlatency          3.13.0.197.207   linux-image-server              3.13.0.197.207   linux-image-virtual             3.13.0.197.207After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6699-1   CVE-2023-30456, CVE-2023-4921, CVE-2024-24855

Ubuntu Security Notice USN-6699-1

Large language models (LLMs) powering artificial intelligence (AI) tools today could be exploited to develop self-augmenting malware capable of bypassing YARA rules.
"Generative AI can be used to evade string-based YARA rules by augmenting the source code of small malware variants, effectively lowering detection rates," Recorded Future said in a new report shared with The Hacker News.

From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks

By Owais Sultan
Web3 infrastructure leader COTI is excited to announce a significant community rewards initiative, with the platform airdropping up…
This is a post from HackRead.com Read the original post: COTI Announces Upcoming V2 Airdrop Campaign Worth +10M USD

COTI V2 is thrilled to announce a massive 40 million token Airdrop Campaign

Web3 infrastructure leader COTI is excited to announce a significant community rewards initiative, with the platform airdropping up to 40 million COTI V2 tokens, currently worth approximately $10 million, to its Native and ERC-20 $COTI holders. The need for COTI V2 as a confidentiality layer on Ethereum has resulted in a large, vocal community of supporters, and the platform is thrilled to reward that critical support.

The COTI V2 Airdrop Campaign will begin on Monday, March 25th, 2024. The planned distribution of the COTI V2 tokens will take place in Q4 2024, shortly after the COTI V2 TGE.  All Treasury participants will automatically be included in the airdrop of 40 million tokens, whether they are holding Native or ERC-20 $COTI.

Note, that this airdrop is in addition to all APY rewards for token holders. Users simply need to have a deposit in the Treasury to participate, but those who have made deposits before February 28th 2024 will receive an additional bonus as a show of the COTI team’s gratitude for their early support.

The Airdrop rewards will be determined for each member through a combination of each deposit’s current APY, the other deposit settings including multiplier and locking period, and the amount of time and activity spent in the Treasury itself.

****COTI V2 Ecosystem and Treasury****

COTI has quickly become a major Web3 infrastructure developer, building the lightest and fastest confidentiality layer for the Ethereum ecosystem. The key to this data protection breakthrough is a cryptographic protocol that is derived from Garbled Circuits, allowing for the privacy of on-chain data.  This layer is secured by Ethereum’s L1, which creates the most comprehensive data privacy solution that maintains full compliance. 

This breakthrough is nothing less than the key to unlocking brand new use cases for the Web3 economy, allowing confidentiality while utilizing all the data integrity and trustless benefits of blockchain.  Web3 companies will soon build applications for decentralized identification, DeFi, private auctions, data broker analysis (while protecting data privacy), and even Artificial Intelligence applications.

****QUOTE ABOUT THE AIRDROP HERE****

The COTI Treasury was launched in 2022 to provide a reward structure for those wishing to deposit $COTI and earn APY in the form of $COTI and $gCOTI.  As an indication of the COTI community’s overwhelming support, members have deposited over 500 million $COTI into the Treasury. 

In addition, to support, depositors have also been drawn to the Treasury by the strength of its rewards, allowing a member to customize their desired potential APY by setting the amount to deposit, a multiplier, a lock period, and an APY boost. The team plans to extend rewards even further by offering longer lock periods of 180, 270, and 360 days starting 25 March.

This campaign is also notable because, for the first time, the community’s $COTI ERC-20 token holders without VIPER wallets can also participate in Treasury rewards, both APY and the Airdrop Campaign. 

For those who don’t have a deposit in the Treasury yet, there is still time to visit Treasury.coti.io, connect a VIPER or Metamask Wallet, and set up a deposit by selecting the amount, multiplier, lock period, and APY boost (tutorial). Those with deposits already set up in the Treasury do not need to take further action, but do have the option to extend the locking period of their deposit to earn additional rewards.

The COTI V2 Airdrop Campaign is another successful step in COTI’s roadmap toward a thriving community of developers and users who are passionate about building an ever-improving Web3 ecosystem. 

With COTI’s compliant confidentiality layer, entire new industries within Web3 can be unlocked, which will continue COTI, Ethereum, and the rest of Web3 toward mass adoption across the globe. The airdrop is a very heartfelt thank you to the community that joins in COTI’s vision, rewarding both new and long-standing members for their continued support.

****About COTI****

COTI is the fastest and lightest confidentiality layer on Ethereum. Powered by the breakthrough cryptographic protocol Garbled Circuits and secured by Ethereum, COTI introduces the most advanced and compliant solution for data protection on the public blockchain.

Paving the way for the next wave of Web3 innovation and adoption, COTI unlocks a whole new world of use cases, including confidential transactions, Artificial Intelligence, DeFi, decentralized identification, and more.

COTI Announces Upcoming V2 Airdrop Campaign Worth +10M USD

Plus: The operator of a dark-web cryptocurrency “mixing” service is found guilty, and a US senator reveals that popular safes contain secret backdoors.

How do you know the internet has a deepfake porn problem? Just look at copyright takedown requests. WIRED found this week that Google is receiving thousands of Digital Millennium Copyright Act complaints for deepfake nudes, most of which are published by just a handful of websites. Experts say the deluge of DMCA takedown requests is evidence that Google should delist the offending sites from search. In Texas, meanwhile, a federal court upheld the state’s age-verification requirements for porn sites, which could lead to even more lawsuits.

In a win for privacy advocates, Airbnb announced on Monday that it will ban the use of indoor security cameras at short-term rental properties around the world. The ban extends to outdoor areas where there is a “greater expectation of privacy,” such as saunas or outdoor showers. The company has long banned the use of hidden cameras and required hosts to tell guests where it has security cameras installed. Hosts who violate the security cam ban could have their properties removed from Airbnb.

Cryptocurrency firm Binance’s troubles have gone from bad to downright scary. Two of the company's executives—Tigran Gambaryan, a former financial crimes investigator for the IRS, and UK-based government affairs specialist Nadeem Anjarwalla, have been held for weeks by Nigeria’s government amid its broader crackdown on cryptocurrency. Neither man has been charged with any crime, and their families are asking the US and UK governments for help securing their release.

In case you’re wondering: No, the US government isn’t hiding evidence of aliens, according to a new Pentagon report. But it sure seems to be hiding _something_, raising more questions about what’s out there if that thing isn’t UFOs. Elsewhere in the world of government secrets, the US House Intelligence Committee chair recently held a closed-door meeting in which he urged lawmakers to block privacy reforms to a major US surveillance program by citing how it could be used to surveil US-based protesters, further raising civil liberties concerns. Congress’ efforts to renew that program, known as Section 702, remain ongoing.

Donald Trump this week earned enough delegates in the 2024 Republican primary to officially win the party’s nomination. If Trump does win another term in the White House, experts fear he could use a slate of “emergency powers” to carry out an authoritarian agenda—and there’s little the other branches of government could do to stop him.

Finally, reporters at _Der Spiegel_, Recorder, _The_ _Washington Post_, and WIRED collaborated on an investigation into a global network of violent predators who use major platforms like Discord, Telegram, and even Roblox to target children and extort them into committing horrific acts of abuse—or worse.

And that’s not all. Each week, we round up the security news we didn’t cover in-depth ourselves. Click the headlines to read the full stories, and stay safe out there.

Insurance companies have long offered discounts to drivers who'll carry GPS devices or download smartphone apps that track their driving habits. But when wary drivers refuse, insurers find other ways of monitoring their driving. Data brokers like LexisNexus are buying people's car data directly from manufacturers, such as General Motors, which are making a killing by selling it off. This data is then used to create “risk” scores for individual drivers, which insurance providers use to set premiums. The businesses claim the data-sharing is consensual, but most drivers have no idea what's happening. Drivers whose risk scores are shared with insurance providers often see their monthly insurance payments skyrocket.

**The Bitcoin Fog Case Ends in a Guilty Verdict**

The operator of a darknet cryptocurrency “mixing” service called Bitcoin Fog faces a maximum of 20 years in prison after his conviction this week by a federal jury in Washington, DC. Roman Sterlingov, 35, ran Bitcoin Fog between 2011 and 2021, moving roughly $400 million worth of currency, much of which, prosecutors say, was tied to narcotics, identity theft, and cybercrime. Sterlingov had denied founding Bitcoin Fog in interviews with WIRED; however, the US Justice Department countered that claim in court with blockchain analysis and a trial of financial paperwork.

**Popular Safes Contain Secret Backdoors**

Two commercial safe makers have been called out for installing backdoors in their safes, according to a letter by Ron Wyden, a US senator from Oregon. The reset codes are one reason the Department of Defense has banned the safes from being used inside the US government. Knowledge of the codes, which Wyden says leaves consumers vulnerable to criminals and spies, was made public through a letter he wrote to the National Counterintelligence and Security Center. In it, he asks the agency to issue an alert, warning Americans about the risks posed by the safes.

Automakers Are Telling Your Insurance Company How You Really Drive

For months, US lawmakers have examined every side of a historic surveillance debate. With the introduction of the SAFE Act, all that’s left to do now is vote.

A bill introduced by senators Dick Durbin and Mike Lee to reauthorize the Section 702 surveillance program is the fifth introduced in the US Congress this winter. The authority is threatening to expire in a month, disrupting a global wiretapping program said to inform a third of articles in the President’s Daily Briefing—a morning “tour d’horizon” of US spies’ top concerns.

But the stakes aren't exactly so clear. With or without Congress, the Biden administration is seeking court approval to extend the 702 program into 2025. From the moment US representative Mike Johnson assumed the House speakership, he’s been unable to orchestrate a vote on the program. Outgunned most recently by Mike Turner, the chairman of the House Intelligence Committee, Johnson was forced to kill a vote after a month of negotiations.

This, even though Congress can essentially agree on one thing if nothing else: that the 702 program is vital to the national defense and that it can’t be allowed to expire. Johnson has, once again, vowed to hold a vote on the matter, this time after Easter. And historically, this is where things have begun to fall apart.

The biggest hurdle to reauthorizing the program is a dispute between lawmakers over whether the government should get search warrants before looking up Americans using 702, a massive wiretap database full of millions of email, voice, and text conversations intercepted by spies.

The Durbin-Lee bill contains tweaks designed, its authors say, to meet the Biden administration halfway. While all the legislation up to this point has wrestled over the title of “reform bill,” Durbin’s has set its sights on an idea far more defensible: The Security and Freedom Enhancement (SAFE) Act, he says, is a “bill of compromise.”

Unlike other reform bills, the SAFE Act would _not_ require the FBI to obtain a warrant to find out if the 702 database contains an American’s communications. Only if the search produces results would investigators need a warrant, and only if they wanted to read what the messages say.

Without going to court, investigators could learn whether the communications they’re after exist, whether the person they’re looking at communicated with any foreigners under US surveillance, and when exactly those conversations took place. As it’s generally trivial for law enforcement to obtain these kinds of records anyway, this is a compromise that doesn’t serve up a major loss for lawmakers on the side of reform.

The tweak will add to the difficulty the FBI is having convincing lawmakers that warrants will hinder investigations or destroy the program altogether. “This narrow warrant requirement is carefully crafted to ensure that it is feasible to implement,” Durbin says, “and sufficiently flexible to accommodate legitimate security needs.”

“There is little doubt that Section 702 is a valuable national security tool,” adds Durbin, but the program sweeps up “massive amounts of Americans’ communications.”

“Even after implementing compliance measures, the FBI still conducted more than 200,000 warrantless searches of Americans’ communications in just one year—more than 500 warrantless searches per day,” he says.

The SAFE Act contains the same menu of emergency exceptions that members of the House Judiciary Committee offered up in previously introduced legislation. The exceptions would allow the FBI to ignore the warrant requirements during emergencies, such as people faced with imminent harm or death. The bureau can search the database at will using “known threat signatures” linked to cybercrimes as well, a carve-out designed to help the FBI dodge legal red tape while mitigating harm from malicious software.

While the possibility looms that the Foreign Intelligence Surveillance Court (FISC) will approve the Biden administration’s request, extending the 702 program into 2025 on its own, it's an outcome that all sides seem eager to avoid—improvising a way to prolong a hotly debated surveillance program being a bad look for nearly everyone involved.

One of the program’s core tenets, according to a “fact sheet” distributed by the Office of the Director of National Intelligence (ODNI) this year, reflects the bargain it strikes between the government and the public: US spies are to receive an “invaluable source of intelligence on foreigners located outside the US.” Americans get in return “robust civil liberties and privacy safeguards, overseen by all three branches of government.”

If Congress had meant, in 2018, to reauthorize the 702 program for seven years rather than six, its members wouldn’t have found out last week. Allowing the program to carry on without a mandate from Congress—with nothing but a green light from a secret court—is a legacy of dysfunction that most members aren’t eager to carry, and one that the intelligence community may also come to resent, as people start to question the integrity of its oversight.

“Although the legislation does not include every reform we have called for, it is a thoughtful compromise that would meaningfully restore privacy in the United States,” says Sean Vitka, policy director at Demand Progress, a digital rights nonprofit.

“An overwhelming number of Americans from across the political spectrum want Congress to seize this once-in-a-generation moment and get this done.”

Sinking Section 702 Wiretap Program Offered One Last Lifeboat

Talos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later.

Friday, March 15, 2024 10:00

In ancient Greek mythos, the mighty Hercules faced a seemingly insurmountable challenge when he encountered the Lernaean Hydra. This fearsome serpent had a terrifying ability: For every head that Hercules severed, two more would spring forth, creating a never-ending cycle of regrowth and renewal. 

Much like the Hydra, modern ransomware gangs present society with a daunting task. When law enforcement manages to take one adversary or low-level member off the streets, the victory is often short-lived. In the hidden depths of these criminal organizations, the heads — or leaders — remain shrouded in shadow, orchestrating their operations often with impunity. 

And so, as one member falls, two more may rise to take their place, perpetuating an enduring saga of illicit activity that are the challenges of our time: the ransomware ecosystem. A landscape where affiliates tend to move from ransomware group to ransomware group, following the money, bringing their skills and tools with them to conduct new attacks.

In this blog, we’ll explore the recent law enforcement takedown of LockBit, a group who previously held the title of the number one most deployed ransomware variant for two years running. Just seven days after the takedown, LockBit claimed to resume their operations.

**The History of LockBit**

LockBit emerged around 2019. Since then, it has continually evolved and innovated to update their ransomware and build their RaaS program.

For the past two years, LockBit ransomware operations accounted for over 25 percent of the total number of posts made to data leak sites. CISA’s assessment is also that LockBit has been the most deployed ransomware variant in recent years.

As we wrote in the 2023 Talos Year in Review report, posts made to the group’s data leak site ebbed and flowed from September 2022 to August 2023. Detections of LockBit activity appear to spike in March, partially coinciding with LockBit’s deployment against vulnerable instances of the printer management software PaperCut, where it has remained consistently high**.**

💡

In 2020, Talos researchers made contact with a self-described LockBit operator. Over several weeks, we conducted multiple interviews that gave us a rare, first-hand account of a ransomware operator’s cybercriminal activities. Confirmed theories included LockBit having a profit-sharing requirement that the affiliate has to meet for the first four or five ransoms. This also used to be the case for Maze. Also, keeping your word to the victim is an important part of LockBit’s business model. Read the interview in full __here__.

**The Collaboration Trend**

For the past two years, Talos researchers have written about a growing ransomware trend, wherein actors are increasingly collaborating with each other and sharing tools and infrastructure (aka the affiliate model).

For example, Talos recently reported on how the GhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries. The two groups have started a new ransomware-as-a-service (RaaS) program STMX\_GhostLocker, providing various options for their affiliates.

We are seeing more diversified groups employing multiple encryption programs, as well as less sophisticated actors “standing on the shoulders” of giants by using leaked ransomware code. Some players are exiting the game altogether, but not before selling their source code to the highest bidder. This is posing significant challenges to the security community, especially when it comes to attributing attacks.

In the case of LockBit, this was also a group that operated as a RaaS model. They recruited affiliates by offering them shares of profits and encouraging them to conduct ransomware attacks using LockBit’s tools and infrastructure. These affiliates were often unconnected, and as a result, there were many variations in the attacks that used LockBit ransomware.

Notably, the LockBit ransomware group posted on a Russian-speaking dark web forum in December 2023 offering to recruit ALPHV (BlackCat) and NoEscape ransomware affiliates and any of the ALPHV developers, after the Federal Bureau of Investigation (FBI)’s announcement of a disruption campaign against the ALPHV ransomware operation.

**Operation Cronos**

The NCA, working closely with the FBI and supported by international partners from nine other countries, covertly investigated LockBit as part of a dedicated taskforce called Operation Cronos. 

On Feb. 20, 2024, after infiltrating the group’s network, the NCA took control of LockBit’s primary administration environment. This environment enabled affiliates to build and carry out ransomware attacks, as well as host the group’s public-facing leak site on the dark web, which was used to threaten the publication of data stolen from victims. 

The technical infiltration and disruption were only the beginning of a series of actions against LockBit and their affiliates. In wider actions coordinated by Europol, at least three LockBit affiliates were arrested in Poland and Ukraine, and more than 200 cryptocurrency accounts linked to the group have been frozen.

**The Return**

Seven days after the operation, messages and leak information was published on a new LockBit page. Here are screenshots of their leak site taken daily from Feb. 27 – March 4, with a huge increase of cards on March 3.

The site lists both pre- and post-takedown victims, suggesting LockBit may not have lost access to their entire dataset or infrastructure. 

Of particular interest is the fbi.gov card in the lower right corner that links to a lengthy writeup (in English and Russian), stating what LockBit thinks happened during the operation. They talk about lessons learned, speculations and discredit the law enforcement agencies. Talos believes the operation was carried out by the NCA, not the FBI, as LockBit stated.

**A recurring theme**

While LockBit is currently dominating the headlines, we’ve seen similar stories before following takedown attempts. For example, the commodity trojan Trickbot had its infrastructure dismantled in February 2022.

However, Talos telemetry picked up Trickbot activity throughout 2023, as covered in our Year in Review.

**Still open for business**

Talos has intelligence that Lockbit is still accepting affiliates into their program. 

Does this mean that law enforcement operations are pointless? Far from it. Takedown attempts such as Operation Cronos severely disrupt their operations, and forces ransomware operators to change their attacks. The operation against LockBit doesn’t appear to have inflicted the final blow against the ransomware group, but it has wounded them. 

We also know that law enforcement was able to obtain troves of intelligence through their operation. That intelligence will only serve to be useful in further disruptions, undermining Lockbit's growth. Therefore, if you put Lockbit into a market perspective, they appear to be quite exposed. 

Crucially, as with the case of LockBit, decryption tools can be released so that victims of ransomware can gain access to their systems again. In January Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor.

Therefore, it’s important not to view this operation as a “one and done” effort. Sustained, targeted approaches from law enforcement and the defender community can and do have a significant impact. For example, following the FBI’s actions against BlackCat/ALPHV, the group reportedly denied an affiliate a $22 million ransomware payment before subsequently going out of business in early March, as Brian Krebs wrote about on his website a few days ago.

Azim Khodjibaev from Talos’ threat interdiction and intelligence organization team discusses the ebs and flows of ransomware groups after a takedown in the episode of Talos Takes below. This episode was recorded in 2022 after a separate law enforcement operation to disrupt LockBit.

**The lucrative affiliate model**

One of the major issues when tackling ransomware crime is the nature of the affiliate program, with actors often working for multiple RaaS outfits at a time. In underground forums, we are seeing increased advertisements by RaaS groups showcasing their affiliate programs and offering profit shares. They can offer large profits, as threat actors can conduct multiple campaigns using the encryption programs that are offered or distributed. 

In the case of the GhostSec group, they have a business model that offers affilates three different options: a paid version, a free version and a version that allows actors who don’t want to become a member ransomware gang but would like to publish victim data on their leak site.

We are also seeing multiple groups working together, sharing their malicious tooling with each other, then falling out, and then building trust back up with each other, adding to the difficulty in attributing attacks. Here are Talos’ Nick Biasini and Matt Olney talking about the impact of leaked ransomware code, where Matt describes the situation as “The Real Housewives of Eastern Europe:”

Fundamentally, ransomware continues to be hugely profitable and widespread. In the last quarter, the Talos Incident Response team responded to ransomware incidents involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time, and there was a 17% rise in ransomware incidents in this quarter.

In the end, Operation Cronos may have disrupted LockBit’s operations temporarily with valuable assets gained, a weaker market position for the group, and a few affiliates are now sitting in jail. However, the Hyrdra’s roots run deeper, and this is why we may continue to see LockBit activity throughout the course of the year.

**Where to go from here**

Like Hercules who outwitted the Hydra with a blend of strength and strategy, our law enforcement’s relentless efforts are essential and commendable. It’s going to take persistent, strategic efforts to significantly damage RaaS operations and weaken the regenerative power of these gangs. Arrests at the top will be a key part of this. In the case of LockBit, it appears as though the leaders of the group have evaded arrest on this occasion.  

At the very same time the people of Lerna (or us, the private defenders), need to pay attention to the entire threat landscape. We can’t rely on just Hercules to take them down. Just like we can’t be sure there is just a single Hydra.

Read more about the recent ransomware operations Talos Incident Responders engaged in.

Tag

#intel