The US NSA warned yesterday that Russia’s GRU continues to exploit the Exim mail vulnerability (CVE-2019-10149). NSA identifies the Russian unit involved as, specifically, belonging to GRU’s Main Center for Special Technologies (GTsST), the group commonly known as Sandworm. The vulnerability was disclosed and patched in June of last year, and NSA advises users to apply it. This provides another object lesson in the importance of keeping software up to date: the GRU has been exploiting the bug since August 2019.
Kaspersky outlines a campaign against industrial targets in Japan, Italy, Germany and the UK. The specific goals of the campaign are unknown, although Kaspersky says they’ve observed “destructive activity” and extraction of data. The attackers use steganography in the data extraction process. That and other aspects of the campaign make the attacks difficult to detect and block.
Yesterday US President Trump signed an Executive Order on Preventing Online Censorship intended to address ways in which social media are applying “selective censorship that is harming our national discourse.” It addresses Section 230 of the Communications Decency Act, which affords civil liability…
