New SUPERNOVA backdoor found in SolarWinds cyberattack analysis

While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor.

Named SUPERNOVA, the malware is a webshell planted in the code of the Orion network and applications monitoring platform and enabled adversaries to run arbitrary code on machines running the trojanized version of the software.

Another trojanized Orion component

The webshell is a trojanized variant of a legitimate .NET library (app_web_logoimagehandler.ashx.b6031896.dll) present in the Orion software from SolarWinds, modified in a way that would allow it to evade automated defense mechanisms.

Orion software uses the DLL to expose an HTTP API, allowing the host to respond to other subsystems when querying for a specific GIF image.

In a technical report last week, Matt Tennis, Senior Staff Security Researcher at Palo Alto Networks, says that the malware could potentially slip even manual analysis since the code implemented in the legitimate DLL is innocuous and is of “relatively high quality.”

The analysis shows that the threat actor added in the legitimate SolarWinds file four new parameters to receive signals from the command and control (C2) infrastructure.

The malicious code contains only one method, DynamicRun, which compiles on the fly the parameters into a .NET assembly in memory, thus leaving no artifacts on the disk of a compromised device.

This way, the attacker can send arbitrary code to the infected device and run it in the context of the user, who most of the times has high privileges and visibility on the network.

At the moment, the malware sample is available on VirusTotal, detected by 55 out of 69 antivirus engines.

It is unclear how long SUPERNOVA has been in the Orion software but Intezer’s malware analysis system shows a compilation timestamp of March 24, 2020.

https://www.bleepingcomputer.com/news/security/new-supernova-backdoor-found-in-solarwinds-cyberattack-analysis/

Poland to fine social media companies that censor lawful speech. A new bill will prohibit Big Tech companies to remove content or block accounts if the content does not break Polish law.

In a new bill which takes censorship decisions out of the hands of ideological activists at leftist tech giants, Polish Justice Minister Zbigniew Ziobro announced a legal initiative on Thursday which enables individuals to file complaints against social media companies who remove or censor their posts if they don’t break Polish law, according to Poland In.

Under its provisions, social media services will not be allowed to remove content or block accounts if the content on them does not break Polish law. In the event of removal or blockage, a complaint can be sent to the platform, which will have 24 hours to consider it. Within 48 hours of the decision, the user will be able to file a petition to the court for the return of access. The court will consider complaints within seven days of receipt and the entire process is to be electronic. –Poland In

https://www.investmentwatchblog.com/poland-to-fine-social-media-companies-that-censor-lawful-speech-a-new-bill-will-prohibit-big-tech-companies-to-remove-content-or-block-accounts-if-the-content-does-not-break-polish-law/

Syrian President Bashar al-Assad 'Owns The Libs'

Syrian President Bashar al-Assad's critique of liberalism from his latest public speech went viral Monday on social media.

Based Assad owns the libs in his latest speech. pic.twitter.com/UN5M0rblFy

— Syrian Girl 🎗️🇸🇾 (@Partisangirl) December 21, 2020

Assad owns the libs: "Liberalism is about turning people into animals". NATO is using neo-liberalism and a form of subterfuge against eastern nations. We have proof. pic.twitter.com/PAvfERefqo

— Syrian Girl 🎗️🇸🇾 (@Partisangirl) December 21, 2020

http://www.informationliberation.com/?id=61963

The U.K. woke up in the last 24 hours.

For those who don’t know, a third of England has been placed under a new “Tier 4”, which is simply the March lockdown rebranded. The areas affected are London and the South East, because there is a “new strain” there that they cannot prove exists. Originally, free movement was to be allowed for five days around Christmas, but this has been forbidden in Tier 4 areas and reduced to one day in the rest of the country.

This is the final straw for most people. Those who have stayed inside for the last nine months waiting patiently for a vaccine they now know will come are disobeying. The affected area experienced a mass exodus last night, with huge traffic jams and train stations crammed full of people. Default U.K. subs, usually willing to kiss the lockdown boot, are full of vitriol towards Johnson. Users are widely claiming that they will break the rules and they don’t believe the government. A song called “Boris Johnson is a Fucking Cunt” is currently at Number 2 in the U.K. singles chart.

And that’s not to mention the mainstream media’s reaction. Johnson and Hancock are widely being portrayed as Grinches with the words “Christmas cancelled” on the front of every newspaper, even those that would normally support the Conservatives, lockdowns or both. The new strain is either being downplayed as “not as deadly” and “still compatible with the vaccine” or being outright denied. The top story on BBC News right now is an interview with a terminally ill woman who is now forbidden from seeing her sister before she passes away, a perspective that has been widely ignored throughout the year.

We’re finally unplugging from the Matrix en masse here. Shit’s going to get real.

https://www.investmentwatchblog.com/the-u-k-woke-up-in-the-last-24-hours/

Ontario will enter strict lockdown on Dec. 26, nearly all non-essential businesses to close

TORONTO – Ontario will go into a strict province-wide lockdown on Dec. 26, forcing nearly all non-essential businesses to close.

The lockdown will begin at 12:01 a.m. on Dec. 26 and will last until Jan. 23 for all regions in southern Ontario, the government has announced. The health units not in southern Ontario will remain in lockdown until Jan. 9.

The lockdown was originally set to begin on Dec. 24 but was pushed back two days by cabinet on Monday.

The province-wide lockdown will look similar to the shutdown back in March, with only essential businesses being allowed to remain open.

Here's how long your region will be in lockdown

During the lockdown, no indoor public events or social gatherings will be allowed, except with members of the same household.

"This difficult action is without a doubt necessary to save lives and prevent our hospitals from being overwhelmed in the coming weeks," Premier Doug Ford said Monday. "Make no mistake, thousands of lives are at stake right now. If we fail to action now, the consequences could be catastrophic."

"The hard truth is that it's not going anywhere until we are able to vaccinate more Ontarians."

Schools to close for in-person learning after winter break

Publicly funded elementary and secondary schools in the province will close for in-person learning until at least Jan. 11.

All publicly-funded schools in northern public health regions are allowed to resume in-person learning on Jan. 11.

Elementary schools in southern Ontario can also resume in-person learning on Jan. 11, but secondary schools students in southern Ontario won't be allowed to return to the classroom until Jan. 25.

Child care centres will remain open for the duration of the lockdown, the government said. An earlier version of this story said that child care centres will only be open to essential workers but the premier's office has now confirmed that is not the case.

Under the lockdown orders, bars and restaurants may only remain open for takeout.

Shopping malls will be closed for in-person retail, with members of the public only permitted to access the facilities for essential services. Hardware stores and pet stores can only remain open for curbside pickup.

Personal care services, casinos, zoos, and museums are among some of the other businesses that will be forced to close. Libraries are allowed to remain open for curbside pickup.

https://toronto.ctvnews.ca/mobile/ontario-will-enter-strict-lockdown-on-dec-26-nearly-all-non-essential-businesses-to-close-1.5239810

Nice flags

Black Mirror S03E01 Airport scene

Members of Congress Bristle over Being Given 6 Hours to Read 5,593-Page Spending Bill

Several members of Congress are taking to social media to complain about the handful of hours they have to read the 5,593-page spending bill.

Early Monday afternoon, the behemoth piece of legislation was uploaded, and House Speaker Nancy Pelosi scheduled a vote for the evening.

“5600 pages. Votes allegedly in 6 hours,” Rep. Chip Roy (R-TX) wrote on Twitter about the $2.3 trillion bill.

“Neither Democrats nor Republicans should vote for this nonsense. There should be bipartisan rejection of this absurdity,” he added.

“Sorry, Speaker Pelosi,” Rep. Mark Green (R-TN) said. “I actually like to read legislation before I cast my vote,” he wrote, adding it would take more than six hours to read the bill.

https://www.breitbart.com/politics/2020/12/21/members-of-congress-bristle-over-being-given-6-hours-to-read-5593-page-spending-bill/

>>12121230

Coronavirus Stimulus Bill Funds Hundreds of Millions in Aid to Palestinians

The coronavirus relief bill released Monday includes $250 million in investment aid for the Palestinians and for encouraging Israeli-Palestinian dialogue in a provision titled the “Nita M. Lowey Middle East Partnership for Peace Act of 2020.”

The provision, named for retiring Rep. Nita Lowey (D-NY), is buried deep within the nearly 6,000-page legislative text.

Citing economic stagnation in the Palestinian Territories, and the potential for economic development to encourage peace, the Lowey Act would spend $50 million per year for the next five years. A version of the act passed the House in July.

The act would create the “People-to-People Partnership for Peace Fund,” run by the U.S. Agency for International Development (USAID) to “provide funding for projects to help build the foundation for peaceful co-existence between Israelis and Palestinians and for a sustainable two-state solution.”

It would also support projects that foster dialogue between Arab and Jewish citizens of Israel. The fund would have an advisory board of 13 members, plus two members “who are representatives of foreign governments or international organizations for renewable periods of 3 years.”

The act would also create the “Joint Investment for Peace Initiative,” which would provide investment funding for “projects that contribute to the development of the Palestinian private sector economy in the West Bank and Gaza.”

The act prohibits the funding from being used to aid any foreign government, including the Palestinian Authority and the Palestine Liberation Organization (PLO). It also prohibits funds from being given to any group deemed to be involved in, or encouraging, terrorist activity.

Congress limited funding to the Palestinian Authority in 2018 under the Taylor Force Act, which prevents U.S. taxpayer dollars from going to the Palestinian government while it continues to pay stipends to terrorists and their families.

President Donald Trump has also cut other forms of U.S. funding to the Palestinians. His Middle East peace plan, introduced earlier this year, provides for a two-state solution, on condition that the Palestinian state be demilitarized and reject terrorism.

https://www.breitbart.com/middle-east/2020/12/21/coronavirus-stimulus-bill-funds-hundreds-of-millions-in-aid-to-palestinians/

>>12121330

>https://toronto.ctvnews.ca/mobile/ontario-will-enter-strict-lockdown-on-dec-26-nearly-all-non-essential-businesses-to-close-1.5239810

Repost next