Home » #LeBrief: dismantled blockchain botnet, numbering plan, Cybermallix, Ubisoft Quartz

#LeBrief: dismantled blockchain botnet, numbering plan, Cybermallix, Ubisoft Quartz

#lebrief:-dismantled-blockchain-botnet,-numbering-plan,-cybermallix,-ubisoft-quartz

Google entrave Glupteba, un botnet d'1 million de machines Windows qui minait du bitcoin Credits: alexaldo / iStock / Thinkstock

The Google Threat Analysis Group (TAG) has just announced that it has “ taken action to disrupt the operations of Glupteba, a sophisticated botnet that targets Windows machines and protects using blockchain technology ”. Glupteba is said to currently involve around one million compromised Windows devices worldwide, and is growing at the rate of thousands of new devices per day.

To keep their grip on such a large number of devices, hackers “ use advertisements on Google for job offers for websites ”which carry out illegal activities, AFP said. Cyber ​​security experts had alerted to the existence of Glupteba as soon as 945. It was masquerading as free software or videos to download.

Glupteba is said to be known to steal user credentials and data, mine crypto – currencies on infected hosts, deploy and operate proxy components targeting Windows systems and IoT devices and configure proxies to channel other people’s internet traffic through infected machines and routers.

TAG also “ terminated approximately 60 million Google documents that distributed Glupteba, 1 320 Google accounts, 908 cloud projects and 870 Google Ads accounts associated with their distribution. In addition, 3.5 million users were warned before downloading a malicious file via Google Safe Browsing warnings ”.

Google has just launched a dispute for fraud, computer abuse and trademark infringement against two of its managers, suspected of being located in Russia. This would be the “ first lawsuit against a blockchain-enabled botnet which we believe will set a precedent, legal liability for botnet operators and help deter activity. futures ”.

Wi-Fi 6E : l’Arcep publiera les retours de sa consultation « d’ici la fin d’année »

This December 1, the decision allowing the use of the frequency band between 5 945 and 6 500 MHz has been published in the Official Journal. This officially kicks off Wi-Fi 6E in France.

A public consultation was organized by Arcep upstream, but the feedback had not been put online even though the regulator had undertaken to do so “ for the sake of transparency “,” excluding items of information covered by business secrecy “, although obviously.

Questioned by us, the Authority tells us that this will be the case “ of here the end of the year ”. It will then be time to study them.

    Wi-Fi 6E (5 908 to 6 320 MHz) is officially usable in France

Firefox 95 est disponible (même sur le Microsoft Store), avec RLBox

This is a solution to strengthen the security of the browser vis-à-vis third-party libraries with a new layer of sandboxing, detailed here.

Mozilla also mentions the arrival of its browser in the Microsoft application store, but beware, this requires manually changing the one used by default.

Others small improvements are added in passing, everything is detailed here. New features for developers are detailed on this page.

  • Download Firefox

    Firefox 95 est disponible (même sur le Microsoft Store), avec RLBox

  • Le nouveau gouvernement allemand défendra fermement le chiffrement de bout en bout

    The next German government intends to come out more strongly in favor of end-to-end encryption and against the introduction of backdoors, said Jens Zimmermann, the digital policy expert for the German Social Democrats (SPD), during an interview with EURACTIV.

    Discussions are in fact currently taking place at EU level with a view to weakening the encryption and introducing “ backdoors ”(backdoors in English). Messaging services such as WhatsApp or Telegram, so far protected by end-to-end encryption, could thus allow searches to identify content relating to child abuse.

    It is of course no coincidence that once again the fight against child abuse is used as a vehicle to achieve certain ends , “Zimmermann said, noting that on an emotional level, this is” bigger lever that can be operated ”.

    L’Arcep consulte sur un « projet de décision modifiant le plan national de numérotation » Credits: yellowsarah / iStock

    There are multiple objectives. There are “ measures aimed at protecting users against fraud and abuse, at promoting innovation and supporting new uses, and at improving the management of the scarcity of numbering resources ”. But also changes to “ various provisions of the numbering plan due to the transposition into French law of the latest European electronic communications code “.

    Among the measures put forward and” in order to take into account the new mobile uses, without risking a shortage of mobile numbers at 09 figures ”, There are“ measures intended to accommodate the implementation of innovative communications solutions between a mobile subscriber and a “technical platform”, reserving for this purpose a new category of numbers starting with 07 ”.

    The Autorité also proposes to reserve the use of mobile numbers in 06 – 07, permanently attached to a user in the mind of all, exclusively to number-based interpersonal communications services ”.

    The regulator also wants a “ more efficient management of these numbering resources, by further rationalizing ” two elements:

    • the allocation of resources by the Authority : Arcep proposes in particular to allocate new numbering resources at a minimum granularity of 1 000 numbers, instead of 10 numbers until then;

    management of numbers: Arcep offers notamm ent that the numbers assigned to French users are for a minimum period of twelve hours and that the period during which an operator cannot reassign a number to an end user be reduced between 45 and 64 days (rather than 3 to 6 months).

    The regulator asks all the actors concerned – operators, consumer associations, publishers and individuals – to give their feedback on this draft decision. The deadline is February 2022.

    All details on this new draft decision can be found here.

    Scaleway a corrigé un bug dans l'accès VNC à ses Mac M1

    In a blog (in English only), the host discusses its Apple machine rental solution which has encountered a remote access problem recently. It was considered too slow.

    The network was not the cause, other remote access solutions did not pose any problem, just the VNC managed natively via macOS. It was a traffic analysis that made it possible to identify the problem and find the solution.

    In reality, attackers specifically targeted these machines, trying to access them in “ brute force mode ”. After initial tests confirming the situation, it was decided to set up automatic IP blocking and packet filtering.

    Everything is stored in memory, so that if the user finds himself blocked due to a mistake, he just has to restart the machine via his console to try to reconnect.

    New features are mentioned for Scaleway’s M1 offer in 2022, but without further details for the moment.

    Armory Drive de F-Secure : du chiffrement « ouvert » pour cartes microSD

    The MkII USB key is made up of a small complete system, designed in open hardware, and which can use specific firmware to protect the data of a third-party card.

    Access is via an application for iPhone specified in the announcement. It uses the device’s security features to unlock data access.

    Everything is available from specialist resellers like Mouser.

    Réquisitions des fadettes : le garde des Sceaux affirme que tout va bien, oubliant le droit européen Credits: iStock / ThinkStock

    On December 3, the Constitutional Council censored the possibility for the prosecutor of the Republic to request connection data, including “ fadettes “, as part of an investigation preliminary.

    The legislator has in fact forgotten to provide for the supervision of this invasion of the privacy of the persons concerned. The Constitutional Council reported to 29 December 2022 the date of the repeal of the provisions in question, in order to limit their impact and leave time for the expected legislative patch.

    The deputy Philippe Latombe (MoDeM) nevertheless noted yesterday in session that a judgment of the Court of Justice of the European Union could be invoked during this transitional period.

    In this Prokuratuur judgment of March 2 2016, the CJEU ruled that national legislation “ giving jurisdiction to the public prosecutor, whose mission is contrary to European law is to direct the criminal investigation procedure and to exercise (…) public action in a subsequent procedure, to authorize access by a public authority to traffic data and location data for the purposes of ‘a criminal investigation ”.

    A judgment targeting Estonia, but the generality of which concerns all the Member States where the situation is equivalent. Question from the parliamentarian: how to concrete the preliminary investigations by the end 2021? Is there not a risk that lawyers invoke the unconventionality of the French regime to bring down the procedures? res to the chain? How will the judicial posts necessary for the supervision requested by the CJEU be budgeted?

    Response from the Minister of Justice, Éric Dupond-Moretti: “ I want to reassure you, the Prokuratuur judgment of the Court of Justice of the Union seems to only concern the Estonian public prosecutor’s office. Finally, future legislation will have no impact in terms of the number of magistrates ”. And this, despite the volume of annual requisitions. “ Edifying: in 2021, a Minister of Justice affirms that a European judgment does not concern France ”starts the lawyer Nicolas Hervieu.

    In 2016, questioned by MP Lionel Tardy on the connection data retention regime, as interpreted by the Court of Justice of the EU, the French government had already explained that the regime French was essentially perfect. Four years later, the CJEU hit the spotlight on the table, forcing France to correct the situation.

    Une panne de plusieurs heures chez AWS a entraîné plusieurs services dans son sillage

    Yesterday at 15 h 37, Amazon posted a message on its status page: “ We are seeing impact on several AWS APIs in the US-EAST-1 region. This issue also affects some of our monitoring and incident response tools, delaying our ability to provide updates. We have identified the root cause and are actively working on recovery ”.

    From 21 h, improvements are announced at AWS, but no time to return to normal was specified. Shortly after midnight, “ many services were back “, but others were still inaccessible. The return to normal occurs around 1am in the morning.

    As always in such a situation , services based on AWS have also experienced more or less significant disruptions depending on the case. Disney + paid the price … but also Roomba robot vacuums, as reported by ZDNet.com.

    Des AirTags utilisés par des voleurs pour traquer des véhicules de luxe, et les voler

    It includes the CNRS, the University of Lorraine, Inria and Wallix, a European publisher of cybersecurity software. “ The objective is to design and develop predictive cybersecurity solutions, based on artificial intelligence, in order to maximize the detection of malware ”, explains the CNRS.

    Scientists from CNRS, Inria and the University of Lorraine, will also perform, in common with WALLIX engineers, research work on cybersecurity, in order to explore the security issues of connected objects, in particular autonomous vehicles ”.

    In its Journal, the National Center for Scientific Research takes the opportunity to offer an in-house interview with Jean-Yves Marion, director of Loria. It explains how attacks work and how to counter them.

  • Ransomware: the search goes on the offensive

    Firefox 95 est disponible (même sur le Microsoft Store), avec RLBox

    Des AirTags utilisés par des voleurs pour traquer des véhicules de luxe, et les voler

    A new report from York Regional Police in Canada identified five separate incidents where thieves surreptitiously slipped an AirTag onto a “ high-end vehicle ”with the intention of stealing it, Jalopnik recounts.

    The thieves technique is to leave the tracker somewhere on a target vehicle when parked in public places like shopping malls or parking lots and then track its location in the app Apple’s “ Find My ” to find out where it is parked. The thieves then track the targeted vehicles to the victim’s home, where they are stolen from the driveway. Thieves typically use tools such as screwdrivers to enter vehicles through the driver or passenger door, while being careful not to set off alarms.

    Once inside, an electronic device, typically used by mechanics to reprogram factory settings, is connected to the on-board diagnostic port under the dashboard and programs the vehicle to accept a key the thieves brought with them. Once the new key has been programmed, the vehicle starts and the thieves leave with it.

    Jalopnik points out that the deactivation of the network “ Apple’s Find My ”can prevent your phone from reporting the location of nearby AirTags, and third-party Bluetooth scanning apps can report if new devices appear near you.

    The Canadian police recommend for its part to park, if possible, its vehicle in a locked garage, to put an anti-theft device on the steering wheel (which could also serve as a visible deterrent), and install a lock on the data port.

    MikroTik publie RouterOS 7.1

    According to Equinix, this is a “ major player in data centers and connectivity solutions in West Africa, present in Nigeria, Ghana and Ivory Coast ”. The amount of the transaction is 183 millions of dollars.

    The American company adds that it is “ the first step in Equinix’s long-term strategy to become an independent and leading player in digital infrastructure in Africa

    This buyout should be finalized in the first quarter 2021, subject of course to obtaining the necessary regulatory authorizations.

    MikroTik publie RouterOS 7.1

    After no less than two years of beta and release candidate, a stable version has finally been put online. As you might expect, the changes are many and far-reaching.

    Linux kernel 5.6.3 is used, user management has been completely revised, just like the management of Wi-Fi (Wave 2) and BGP, IPv6, MPLS, NTP, OSPF, etc.

    The creation of Let’s Encrypt certificates makes its entry, just like Wireguard, IPv6 NAT, L3 hardware acceleration (CRS3xx), L2TPv3, OpenVPN in UDP, VXLAN, ZeroTier (ARM / ARM 64), etc. A presentation video is available here.

      Download RouterOS

    Firefox 95 est disponible (même sur le Microsoft Store), avec RLBox

    Ubisoft annonce Quartz, sa « plateforme de NFT éco-responsables » pour jeux triple A

    A first of its kind claims the company, which specifies that this project is still in beta. It will allow access to Digits which are “ a new way to personalize the experience through cosmetic elements of the game, whether they are vehicles, cars or games. ‘weapons or equipment ”, available for the moment in Tom Clancy’s Ghost Recon Breakpoint, on PC and via Ubisoft Connect.

    Each Digit is accompanied by a certificate of ownership stored on the blockchain, a technology independent of Ubisoft, decentralized and community, which allows players to benefit from an unprecedented level of control ”.

    Interest according to the company is that “ digital items are no longer condemned to remain in the inventory if they are no longer used: they can be put up for sale so that other eligible players can acquire them outside the Ubisoft ecosystem ”. Everything is based on Tezos, “ a blockchain operating on a consensus mechanism with proof of stake, called” Proof-of-Stake “, whose operation consumes considerably less energy than Proof-of-Work blockchains “.

    Ubisoft Quartz will be available” from December 9 at 21 hours, French time, in France, in the United States, in Canada, Spain, Germany, Italy, Belgium, Australia and Brazil. The experience will start with 3 free editions on the 9th, 11 and 15 next December, in order to reward the first users ”.

    The project should extend over the course of the year 2021 . More details are given here.

    • See the Ubisoft Quartz presentation video

    npm renforce le processus de connexion pour la publication au sein de son registre

    A bet updated started Hubble, le retour !, due to end on January 4. It encourages two-factor authentication (2FA) for maintainers.

    Hubble, le retour ! Those who have not activated it on their account will now receive a one-time code (OTP) by email in the event of an identification attempt on the site or via the CLI. The process is detailed in the documentation.

    Hubble, le retour ! The idea is ultimately to strengthen account security with publication rights on important projects by forcing the use of 2FA, the latter’s support to be improved and reinforced, in particular by WebAuthn for security key support.

    This will concern 95 most popular projects as of February 1, then the 500 first start 2022.

    Tails 4.25 est disponible, avec un utilitaire de sauvegarde

    This is the second time that the Space Telescope over 30 years out of “ coma ” this year. It experienced a first major blackout this summer, then a second at the end of October.

    The Hubble instruments were then switched to safe mode and NASA had opened an investigation. During the month of November, the instruments were restarted: Advanced Camera for Surveys to begin with, Wide Field Camera 3 two weeks later, then Spectrograph Returns on 25 November.

    With the return to operations of the Space Telescope Imaging Spectrograph, the four scientific instruments are now collecting data. Obviously, the telescope remains under surveillance by the US Space Agency.

  • The Hubble Space Telescope celebrates its years old and awaits the relief of the James Webb Space Telescope

    À Orléans, des détecteurs de sons anormaux couplés aux caméras municipales

    The tool makes its entry, allowing you to make a copy of your persistent storage on another key é Tails. In fact, it “ automates the process described so far in our documentation ” specifies the team.

    Of course we are also entitled to patches and updates to packages such as the Tor browser (11. 0.2) and Tor (0.4.6.8).

    We also note the addition “ a shortcut to restart Tails when the Unsecured Browser has not been activated in the Welcome screen ”, and“ of a link on the Tor Connection Assistant error screen to our documentation ”.

      Download Tails

    À Orléans, des détecteurs de sons anormaux couplés aux caméras municipales Credits: maxkabakov / iStock

    The city of Orleans is going to test ectors of abnormal sounds ”, title France Bleu. Helped by Sensivic, a local start-up, the town hall intends to pair the cameras installed in the public space with microphones to detect suspicious noises.

    Detonations, broken glass, cries of distress, accidents, etc. will trigger an alert with municipal services. “ The agent just receives an alert, but in no case does he directly hear the sound ” indicate our colleagues for whom “ respect for private life is therefore guaranteed ”.

    Pour la Quadrature du Net, which recalls that the start-up “ has also joined the LORIAS project , an innovation laboratory for the air force ”, this device is illegal. She remembers the experiment imagined by the city of Saint-Étienne which had prompted this letter from the CNIL, circulated in our columns.

    The commission had denounced a continuous, systematic and undifferentiated recording “ of sounds in public space can therefore capture private conversations “, a camera and microphone coupling which” leads to reinforcing the intrusiveness of the system and the level of surveillance to which the population living, moving or working in the area concerned is subject ” .

    The CNIL had denounced a risk of infringement of the right to respect for private life all the more important, “ that no technical or legal guarantee makes it possible to prevent, in a sufficient manner, a live listening to the sounds or a recording thereof ”.

    Thus, “ the persons concerned may be led to alter their behavior, for example by censoring their own comments made on public roads or even by modifying their movement, or even their residence or place of work, to avoid the areas where sound sensors are installed

    The fact of technically preventing agents from being able to listen to conversations, by limiting the device to simple alerts, will it be enough to pass between the clutches of the Commission?

    Notepad pour Windows 11 avec « dark mode » disponible pour les Insiders

    This company té specializes in “ securing source code “, in particular “ secret detection ”. GitGuardian claims more than 130 users, the vast majority of whom are in the United States. “ We are 60 people, all based in Paris, signing 6-figure (and soon 7-figure!) contracts with companies from Fortune 500 that startups generally cannot win ”.

    Fundraising was carried out by Eurazeo and Sapphire , with the participation of existing investors Balderton, Fly Ventures and BPI. In total, the investments in the start-up are 44 millions of dollars (including 44 millions of the day).

    It will take advantage of this financial windfall to develop further in the United States, where the bulk of its customers are located. Its CEO, Jérémy Thomas, is moving to Austin, Texas.

    2022

    Microsoft indicates that the rollout has started on the Dev Channel. Among the new features, a “ completely updated user interface ” to align with that of Windows 11 and a dark theme.

    The editor also highlights a redesign of the search and replace function, as well as the support for cancellation at several levels (undo function) .

    Newsletter

    About the author

    cnadmin