Be aware of the proton VPN you are using.Your internet activities are not secure

Hackers used fake ProtonVPN installers to infect users with nasty Azorult malware.

One of the easiest ways to lure users to install malware on their computers is to imitate legitimate websites. This is exactly what certain attackers have done as recently investigated by researchers at Kaspersky by targeting ProtonVPN.

For the unfamiliar, ProtonVPN is a Swiss-based product by the very same company that operates the very famous ProtonMail. Currently, ProtonVPN has more than 2 million users around the world and that makes it a lucrative target for cybercriminals.

According to Kaspersky, hackers have cloned the design of ProtonVPN’s official website (protonvpn[.]com) to drop AZORult malware through its installer file.

Snapshot of the fake ProtonVPN website:

For your information, Azorult is a RAT (remote access Trojan) that can infect any computer successfully. Azorult was previously found targeting thousands of Magneto sites and spreading PayPal themed banking malware. The same malware was caught last month spreading itself using Drake’s “kiki do you love me” song.

According to Kaspersky’s blog post, to clone the website successfully, hackers made use of a program named HTTrack which made the fake website look similar in its design to the real one.

A comment indicating the user of HTTrack for the site’s clone.

Therefore, if a user did not know of the original site’s exact domain, they would naturally believe that the site they are visiting is indeed legitimate and hence proceed to download the ProtonVPN installer.

However, instead, they would get AZORult malware in the form of a file named ProtonVPN_win_v1.10.0[.]exe which then can collect highly sensitive information such as one’s passwords, financial information, browsing history, cookies & much more once installed.

The data collected is then relayed to the attackers through their C2 server, also located on their fake website at accounts[.]protonvpn[.]store.

To take things a step further, the AZORult can also steal your cryptocurrencies from any wallets that are locally installed on your computers such as Electrum along with “credentials for WinSCP, Pidgin messenger, and others.”

A snapshot of an analysis being done by Kaspersky of the malware.

To add to this, the fake domain was registered in November 2019 through a Russian registrar service. Since then, the attackers have also started targeting users through malicious advertising campaigns, more specifically “affiliation banners networks.”

To conclude, there have been several similar incidents in the past and we can expect them to keep occurring. An example was when we saw fake sites claiming to be official Fortnite distributors spring up prompting users to download malware in actuality. Last year, hackers used similar tactics by cloning the NordVPN website to drop banking trojan.

Iranian hackers targeting Israel!

The new report claims that Iranian hackers have been targeting Israel and other countries with this campaign.

According to the findings of the UK-based cybersecurity firm ClearSky, an Iranian APT group has been running a widespread hacking campaign to compromise VPN servers and install backdoors or bugs to access networks of different organizations across the globe. 

Dubbed Fox Kitten; the campaign was launched three years back (2017) to target “dozens of companies and organizations in Israel around the world,” the company stated in its official statement.

The attackers successfully infiltrated networks of many organizations across diverse sectors from IT, oil and gas, telecom, security, and government. The organizations have footprints throughout the world, which makes this campaign a global scam.

Image credit: ClearSky

The alarming fact is that during this operation, Iranian hackers not only gained access to the networks of so many organizations around the world but made sure that they were able to hijack the device for as long as they wanted to.

Using the campaign, hackers could develop and maintain access routes to their target companies and obtain sensitive data.

“Hackers maintained a long-lasting foothold at the targeted organizations and breach additional companies through supply-chain attacks,” researchers said in their blog post.

To pull off the attack, hackers used different tools, a majority of which were open-source software while some were self-enveloped. As per previous research, the most successful attack vector that Iranian hackers have used so far is the exploitation of systems vulnerabilities encouraged by unpatched RDP and VPN services.

Image credit: ClearSky

Once they are able to access the organizational networks, they tend to create more access points to reach the core corporate network. This is why closing one access point doesn’t affect their capability of monitoring company networks.

In fact, ClearSky claims that Iranian APT groups can exploit VPN flaws in a few hours, as soon as the bug is disclosed. ZDNet reports that Fortinet, Pulse Secure, Citrix VPNs, and Palo Alto Networks are some of the targets of Iranian hacker groups.

United States on Sunday successfully tested an unarmed life-extended Trident II (D5LE) ballistic missile capable of carrying a nuclear warhead, the US Navy said.

United States on Sunday successfully tested an unarmed life-extended Trident II (D5LE) ballistic missile capable of carrying a nuclear warhead, the US Navy said.

According to the statement, the missile was launched from the Ohio-class ballistic missile submarine USS Maine (SSBN-741) off the coast of San Diego, California.

"Today's scheduled test validated performance expectations of the life-extended Trident II (D5LE) Strategic Weapon System (SWS) and gathered additional data on the SWS' reliability, accuracy, and performance factors. This launch marks 178 successful missile launches of the Trident II (D5 &D5LE) strategic weapon system", the statement said.

The Trident II strategic weapon system, originally designed with a life span to 2024, recently underwent a life extension that will keep it operational through the late 2040s, according to the US Navy.

Submarine-launched ballistic missiles Trident II comprise about 70 percent of the US nuclear deterrent, which also includes the US Air Force's intercontinental ballistic missiles and nuclear-capable bombers.

What is wrong at Facebook????????

Between 1969 and 1971, the US National Reconnaissance Office deployed its state-of-the-art unmanned aerial vehicles over China in a bid to surreptitiously keep a watchful eye on a Beijing's nuclear programme.
In his article for The National Interest, the US magazine’s defence editor David Axe focused on declassified records which documented “[...] termination of the [US] ‘Tagboard’ drone system” which was tasked with spying on China in the late 1960s.
The US National Reconnaissance Office (NRO) released the documents on 21 March, 2019, fifty years after the Tagboard system, also known as the Lockheed-made D-21 unmanned aerial vehicle (UAV), entered service with the US Army.
Axe recalls that the 19-feet-wingspan D-21 was made of titanium and weighed 12 tons [10 tonnes], and that “in its early forms launched from atop a special variant of the A-12 reconnaissance plane, the CIA [Central Intelligence Agency]'s version of the Mach-3 [long-range, high-altitude strategic reconnaissance aircraft] SR-71.”
“The A-12, in essence, was the booster for the drone, climbing to 80,000 feet in altitude and accelerating to Mach 3.3 before separating from the pilotless vehicle”, the author notes.
The hope was that the D-21 would help the US military to spy on strategic targets, including those in China, “more reliably than a satellite could do at the time, and without risking a human pilot”.
There were also experiments with using the airplane to launch the D-21 drone, but these were abandoned when a crewmember was killed on the 4th test flight
pic.twitter.com/G8Bx6Bh3Fg
— Mike Hankins (@Hankinstien) January 26, 2020
"The Tagboard drone provides a unique technical capability to satisfy national requirements to conduct imagery reconnaissance operations against targets hostile or potentially hostile to the United States," the country’s Joint Chiefs of Staff claimed in a September 1969 memo.
Axe recalled that Tagbaord was a “complex and costly system”, with a price tag for two A-12 launch planes and 20 drones amounting to $440 million in 2019 dollars.
“A fatal crash during July 1966 abruptly ended the effort to combine the A-12 and D-21. The NRO added a rocket booster to the D-21 and migrated the system to a small fleet of lightly-modified B-52H bombers”, he noted.
Between 1969 and 1971, the NRO oversaw what it described as four “unsuccessful” D-21 missions over China, including the one on 4 March 4, 1971, when a drone failed to safely eject its film capsule.
“Although the main parachute canopy lowered the payload to the water surface, a subsequent pickup attempt by a Navy vessel was unsuccessful due to procedural errors, and the payload sank”, the NRO reported to the Defence Department at the time.
The D-21 drone on top the M-21, a variant of the A-12. During the fourth flight the D-21 hit the tail of the 21 and both planes and a pilot were lost. #aviation #AvGeek
#history #speed#USAF #CIA pic.twitter.com/ZbIkxhH0ry
— The Shadow of the Eagle (@clemente3000) December 23, 2019
In this context, Axe cited then-NRO director John McLucas as saying in an April 1971 memo that he had “become increasingly convinced” that the US military “should be expending our efforts on upgrading our satellite activities, rather than trying to continue with air-breathing vehicles”.
With the NRO concluding that “unsafe and unreliable drones” were unnecessary for strategic overhead reconnaissance , McLucas predicted the UAVs’ comeback in a different mission in the future.
"I believe that there is a weapons-carrying role for drones which ought to be exploited”, he was cited by Axe as saying.
The author concluded by recalling that a number of surviving D-21s are currently showcased at several US museums, with the wreck of another such UAV now on display in Beijing.

The new system is expected to add a fourth layer of air defence in Israel, which often suffers from aerial attacks by its enemies, such as the Hamas movement. Israel currently has separate defence systems to neutralise short-, medium- and long-range missile threats.
Israeli company Rafael Advanced Defence Systems has published a video showing its latest development, the Drone Dome system armed with a laser, in action, downing several unmanned aerial vehicles (UAVs) flying as a swarm. According to Rafael, the system, mounted on an all-road vehicle, is capable of detecting nearby drones, identifying those who are not friendly, and performing a "hard kill" on hostile targets using its powerful laser.

In the video, the Drone Dome first downs a single flying drone and later turns to a swarm of three UAVs downing them one by one. Rafael noted that the system requires just one person to operate properly.
Rafael presented the Drone Dome system for the first time in 2016 , but back then it looked completely different. It was a set of equipment that could be set up in any spot, instead of being mounted on a vehicle. That model also used a "soft kill" method by jamming or interfering with the drone's command signal , forcing it to land or to switch off, instead of burning through it with a laser beam.

Pacific Light Cable Network (PLCN) cable and why it delayed

There's been a lot of press about delayed approval for the
Pacific Light Cable Network (PLCN) cable, which is due to connect Hong Kong, Taiwan, and the Philippines to the United States.
You can understand why this cable has gotten extra attention. Backers include Google, Facebook, and Pacific Light Data Communication (PLDC), which is owned by Chinese ISP Dr. Peng Telecom & Media Group.
While the whole system is awaiting approval from U.S. authorities, Google and Facebook have requested that the FCC allow activation of the Taiwan and Philippines portions of the cable.
There are many regulatory and political issues at play, but I felt a bit of background on the trans-Pacific cable market is warranted amid these headlines.
As you read more about the PLCN, keep these four facts in mind.
Several submarine cables already connect China and the United States
PLCN would not be the first cable to link Hong Kong, or even mainland China, to the U.S. Existing cables include:
Trans Pacific Express (TPE): this cable entered service in 2008
Asia-America Gateway (AAG) : activated in 2009, this cable links many southeast Asian countries to the U.S. with landings in Hong Kong, Guam, Hawaii, and American West Cost.
New Cross Pacific (NCP) : the most recent cable to enter service in the Pacific, this cable connects China, South Korea, Taiwan, and Japan to the U.S.
Direct cables are not the only way data can travel between China and the United States
While cables that offer a direct path between countries is preferable in many cases, data can traverse any number of cables en route to its final destination.
Even though there several cables that link China and the United States directly, there's certainly a substantial amount of traffic that travels on an intra-Asian cables, like the Southeast Asia-Japan Cable or Asia Pacific Gateway, from China to Japan.
In Japan, this traffic can transfer to a trans-Pacific cable, such as FASTER or Unity , to reach the U.S.
PLCN is not the only planned cable between Hong Kong and the United States
PLCN is just one of several planned submarine cables that intend to link Hong Kong to the United States (or U.S. territories). These include:
Hong Kong-Americas (HKA) : this consortium cable involves several parties including Facebook, China Telecom, and China Unicom.
Hong Kong-Guam: Google is an investor in this cable alongside RTI
Bay to Bay Express (BtoBE) : this system is backed by Facebook, Amazon, and China Mobile
Content providers are investing in many new cables
Google and Facebook’s involvement in PLCN is one of many investments made by these two companies. And other content providers are following suit.

Chinese advances in space technology worrying NATO as expressed by Norway's intelligence

As we all know,Norway plays an important role in space exploration for key military space facilities used by the US, including the Globus II radar in Finnmark County, sometimes referred to as the world's most advanced radar for tracking satellites.
In recent years, the Chinese intelligence service has succeeded in obtaining advanced Norwegian technology several times, the Scandinavian country's intelligence service has stressed, warning that China is en route to becoming “a military superpower in Norway's neighbourhood”.
“With growing interest in the Arctic, we believe that China will continue to influence the situation, even in our proximity”, the head of the intelligence service, Lieutenant General Morten Haga Lunde, said, as quoted by national broadcaster NRK.
According to Haga Lunde, advanced technology with military application is especially sought after.
For instance, the Andøya Space Centre at Andenes in Nordland County, which is vying to become the first in Europe to launch satellites, has admittedly noticed penetration attempts.
“We notice that the interest and awareness of our sector is only getting bigger, even when it comes to penetration attempts”, Odd Roger Enoksen, Managing Director of the Andøya Space Centre, told High North News.
Focus 2020, the new threat assessment by the Intelligence Service (E-Tjenesten), also lists Norwegian space research facilities among the main targets for the Chinese intelligence service, which, it claims, has shown a high interest in dual-use technology . According to Focus 2020, Chinese intelligence has on several occasions succeeded in obtaining this type of advanced technology.
A report by the US Congress raised suspicions about China hacking US satellites via the Svalsat ground station on the Svalbard archipelago as early as 2007 and 2008.
Norway's Intelligence Service stressed that only a few of China's satellites are referred to as military, whereas civilian polar satellites are used for both intelligence and military purposes. Last year, China surpassed the US in the number of satellites launched, Focus 2020 stressed.
The Andøya Space Centre, formerly named Andøya Rocket Range, is a rocket launch site and spaceport on the island of Andøya (the northernmost in the Vesterålen archipelago) in Nordland County, Norway. Since 1962, over 1,200 sounding and suborbital rockets of various configurations have been launched from the site. It has about 100 employees and is considered one of Norway's most technologically advanced facilities.
To place Norway's concerns into a broader picture, the Scandinavian nation plays a key role in space exploration owing to important military space facilities used by the US, including the radar Globus II in Finnmark County, which is often labelled the world's most advanced radar for tracking satellites and has become the bone of contention in Norway's relations with Russia, who sees it as a spying tool. The radar is now being upgraded.

Facebook under fire from UK's government

Facebook and some other social media companies have recently come under fire for failing to remove allegedly misleading and harmful content from their platforms. Now, British regulatory authority Ofcom is reportedly set to be given a role in policing social media companies.
Britain’s media watchdog Ofcom will have more power in regulating social media companies in the UK, such as Facebook, Twitter, YouTube or Snapchat, and will make them accountable for harmful content, the BBC reported citing Digital Secretary Baroness Nicky Morgan.
Social media companies have long defended their rights to control unacceptable content on their platforms related to violence, terrorism or child abuse, but according to reports, this is now going to change in the UK.
"There are many platforms who ideally would not have wanted regulation, but I think that's changing”, Nicky Morgan, Baroness Morgan of Cotes, was quoted as saying. “I think they understand now that actually regulation is coming”.
The information has not been confirmed by the UK’s Department for Digital, Culture, Media and Sport but it was reported that on Wednesday the government will present a draft of the new legislation related to online harm and will announce Ofcom’s new powers. So far, the authority has only been entitled to regulate British media, not social media platforms or internet safety. The news could cause some concerns among the public about potential censorship over online content.
Facebook has long been criticised for failing to take responsibility for content on its platform, including its refusal to remove political ads that may contain misinformation, citing its monitoring, rather than regulatory role.
Mark Zuckerberg , Facebook’s CEO, has maintained that the company was still accountable for removing harmful content related to child exploitation, terrorism, or violence from the its platform. However, in relation to political ads, he cited the policy of free speech and insisted that social media users were still able to make up their own minds about the political agenda.