Short video.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
The latest Jan. 6 committee hearing on Tuesday examined the role of conspiracy theory communities like 8kun[.]top and TheDonald[.]win in helping to organize and galvanize supporters who responded to former President Trump’s invitation to “be wild” in Washington, D.C. on that chaotic day. At the same time the committee was hearing video testimony from 8kun founder Jim Watkins, 8kun and a slew of similar websites were suddenly yanked offline. Watkins suggested the outage was somehow related to the work of the committee, but the truth is KrebsOnSecurity was responsible and the timing was pure coincidence.
In a follow-up video address to his followers, Watkins said the outage happened shortly after the Jan. 6 committee aired his brief video testimony.
“Then everything that I have anything to do with seemed to crash, so that there was no way for me to go out and talk to anybody,” Watkins said. “The whole network seemed to go offline at the same time, and that affected a lot of people.”
8kun and many other sites that continue to push the false narrative that the 2020 election was stolen from the 45th president have long been connected to the Internet via VanwaTech, a hosting firm based in Vancouver, Wash. In late October 2020, a phone call to VanwaTech’s sole provider of connectivity to the Internet resulted in a similar outage for 8kun.
Following that 2020 outage, 8kun and a large number of QAnon conspiracy sites found refuge a Russian hosting provider. But when the anonymous “Q” leader of QAnon suddenly began posting on 8kun again earlier this month, KrebsOnSecurity received a tip that 8kun’s ISP was once again connected to the larger Internet via a single upstream provider based in the United States.
On Sunday, July 10, KrebsOnSecurity contacted Psychz Networks, a hosting provider in Los Angeles, to see if they were aware that they were the sole Internet lifeline for 8kun et. al. Psychz confirmed that in response to a report from KrebsOnSecurity, VanwaTech was removed from its network around the time of the Jan. 6 hearing on Tuesday.
8kun and its archipelago of conspiracy theory communities have once again drifted back into the arms of a Russian hosting provider (AS207651), which is connected to the larger Internet via two providers. Those include AS31500 — which appears to be owned by Russians but is making a fair pretense at being located in the Caribbean; and AS28917, in Vilnius, Lithuania.
8kun’s newfound Russian connections will likely hold, but that hardly means Lithuania should stand idly by. Late last month, pro-Russian hackers claimed responsibility for an extensive distributed denial-of-service (DDoS) attack against Lithuanian state and private websites, which reportedly was in response to Vilnius’s decision to cease the transit of some goods under European Union sanctions to Russia’s Kaliningrad exclave.
The Jan. 6 hearing referenced in this story is available via CSPAN.
The survey highlights significant security oversights in the general population
The analysis provides fresh insights into the notorious Log4j vulnerability
graphviz-5.0.0-2.fc37
Automatic update for graphviz-5.0.0-2.fc37.
* Fri Jul 15 2022 Jiri Vanek <jvanek@redhat.com> – 5.0.0-2
– adapted to removal of java on i686
– finsihing merged https://src.fedoraproject.org/rpms/graphviz/pull-request/9#request_diff
– ifed out on i686 recomanded rm -v…
– set –enable-java=no for non java arches
– added changelog entry, bumped release
– https://bugzilla.redhat.com/show_bug.cgi?id=2104225
The group, going by the name H0lyGh0st, has been developing and conducting cross-national malware attacks for over a year
flatpak-runtime-f35-3520220715142120.1
flatpak-sdk-f35-3520220715142120.1
This updates the Flatpak runtime and SDK for F35 to current packages, including numerous security fixes and bug fixes.
Falling cryptocurrency prices are making it harder for threat actors to monetize their attacks
flatpak-runtime-f36-3620220713115040.1
flatpak-sdk-f36-3620220713115040.1
This updates the Flatpak runtime and SDK for F36 to current packages, including numerous security fixes and bug fixes.
Boards underestimate cyber risks from outside their organizations, report suggests