Two US universities added to Cl0p’s target list. The dangers of using public Wi-Fi. Iowa school district says thousands impacted in data breach. Read More
The CyberWire
The all in one place for non-profit security aid.
Two US universities added to Cl0p’s target list. The dangers of using public Wi-Fi. Iowa school district says thousands impacted in data breach. Read More
The CyberWire
Julian Assange Freed: WikiLeaks Founder Released in Stunning Deal with U.S.
London, June 25, 2024—In a dramatic and unexpected turn of events, WikiLeaks founder Julian Assange has been released from prison after reaching a deal with the U.S. government.
The agreement, announced early today, ends the long-standing legal battle between Assange and the U.S. authorities.
Assange, 52, was arrested at the Ecuadorian embassy in London in April 2019 and has been held in Belmarsh prison since then. He was facing extradition to the United States on charges related to WikiLeaks’ publication of classified U.S. military records and diplomatic cables in 2010 and 2011.
Under the terms of the deal, Assange has agreed to plead guilty to one count of conspiracy to commit computer intrusion, a charge that carries a maximum sentence of five years in prison.
However, in a surprise move, the U.S. government has agreed to drop all remaining charges against him, including espionage charges that could have carried a sentence of up to 175 years in prison.
Julian Assange boards flight at London Stansted Airport at 5PM (BST) Monday June 24th. This is for everyone who worked for his freedom: thank you.#FreedJulianAssange pic.twitter.com/Pqp5pBAhSQ
— WikiLeaks (@wikileaks) June 25, 2024
In exchange for his guilty plea, Assange will be released from prison immediately and will be allowed to return to his home in London. He will also be required to cooperate with U.S. authorities in their ongoing investigations related to WikiLeaks.
The deal marks a significant shift in the U.S. government’s stance on Assange, who has been a thorn in the side of successive U.S. administrations.
The Obama administration had previously declined to prosecute Assange, citing concerns about the implications for press freedom. However, the Trump administration had taken a harder line, with then-Attorney General Jeff Sessions stating that Assange’s arrest was a “priority.”
Scan Your Business Email Inbox to Find Advanced Email Threats – Try AI-Powered Free Threat Scan
Assange’s supporters, who have long argued that he was being unfairly targeted for his role in exposing U.S. war crimes and human rights abuses, are hailing the deal as a major victory.
“This is a huge win for Julian and for press freedom,” said WikiLeaks lawyer Jennifer Robinson. “We are thrilled that Julian will finally be able to return home and resume his life.”
JULIAN ASSANGE IS FREE
Julian Assange is free. He left Belmarsh maximum security prison on the morning of 24 June, after having spent 1901 days there. He was granted bail by the High Court in London and was released at Stansted airport during the afternoon, where he boarded a…
— WikiLeaks (@wikileaks) June 24, 2024
The deal is also seen as a significant blow to the U.S. government’s efforts to prosecute Assange, which human rights groups and journalists around the world had widely criticized.
Amnesty International, which had campaigned for Assange’s release, welcomed the news, saying that it was “a long-overdue recognition of the need to protect freedom of expression and the right to information.”
Assange’s release is expected to spark a new wave of debate about the role of whistleblowers and the importance of protecting press freedom in the digital age.
As the world becomes increasingly interconnected and dependent on digital technologies, the question of how to balance national security with the need for transparency and accountability is only likely to become more pressing in future years.
Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free
The post Julian Assange Freed: WikiLeaks Founder Released in Stunning Deal with U.S. appeared first on Cyber Security News.
Russia sentences Hydra dark web market leader to life in prison
Russian authorities have sentenced the leader of the criminal group behind the now-closed dark web platform Hydra Market to life in prison. […] Read More
SmokeLoader – A Modular Malware With Range Of Capabilities
Hackers misuse malware for diverse illicit intentions, including data theft, disrupting systems, espionage, or distortion for unethical monetary benefits.
Besides this malware is also helpful in conducting cyber warfare or receptive intelligence by the nation-state actors of a certain country as well.
SmokeLoader is a versatile and modular malware initially functioning as a downloader. It has evolved into a sophisticated framework with information-stealing capabilities.
Over the years, it’s been undergoing significant development. Zscaler ThreatLabz’s analysis supported Operation Endgame in 2024, disinfecting tens of thousands of infections, and has documented SmokeLoader’s versions extensively.
Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot.
Starting from 2011, the earliest SmokeLoader samples without any version numbers were quite simple but laid down a base for C2 client communication.
These “prehistoric” variants had two shellcodes injected into svchost.exe processes that included one with “getload” or “getgrab” commands for querying the C2 server and the other registering bot using HTTP GET requests.
Malware has undergone different injection techniques ranging from shared sections to APC queue injection.
Although simple in nature, these initial steps set a foundation for the subsequent development of SmokeLoader into modular and advanced threats.
The SmokeLoader 2012 panel leaked source code showed that it supported different commands, including “getgrab” for retrieving a module used to steal information and “getshell” for implementing a remote shell.
Hash-based API resolution, string encryption, and others were built to prevent the analysis process.
By 2014, significant changes had been implemented in the SmokeLoader program, such as a multi-stage loading process, an updated bot ID generation algorithm, a separate encrypted C2 list, and a new stager component.
That is why the next versions of the malware stealing part will be separated into standalone plugins with multifunctional options for proper execution.
This illustrated that SmokeLoader was never static but always developing with more sophisticated evasions and expanding its features.
In SmokeLoader version 2014, the stager component contains the main module’s decryption and decompression function.
It also executes a few anti-analysis checks and injects the malware into svchost.exe via APC queue code injection.
The essential obfuscation techniques applied include non-polymorphic decryption loops and string encryption.
It was modified to allow persistence, updated its bot ID generation algorithm, kept strings in plain text, implemented environment checks against analysis tools, and introduced a copy-protection mechanism based on CRC32 values.
The network protocol was changed so encrypted commands and arguments could be sent via HTTP POST requests.
This marks one of the significant evolutionary advancements made by SmokeLoader.
Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free
The post SmokeLoader – A Modular Malware With Range Of Capabilities appeared first on Cyber Security News.