Notices by Sean Gallagher :verified: 🐀 :donor: (thepacketrat@infosec.exchange)

I'm working on an update to my 2023 presentation about "the inevitable collapse of journalism as we know it"...because it happened.

http://thepacketrat.com/2025/03/04/everything-you-probably-avoided-knowing-about-the-collapse-of-mass-media-journalism-integrity-a-work-in-progress/

I wrote a LinkedIn thing but I’m putting it here as well so you don’t have to go there:

The TikTok ban is, more than anything, a protectionist move veiled in national security language. It addressses a privacy concern by banning one service that is not a US-based concern, while not addressing the privacy and security issues that every other social platform (including this one right here) have failed to address on their own adequately. And considering that China managed to hack law enforcement hooks into nearly every telecom service in the US, it’s a bit like closing the door to a barn that has already burned to the ground.

We are in a period of extended remix disinformation, unrestrained personal data harvesting, and algorithmic mass surveillance and manipulation that extends beyond social platforms into internet retail, education, search and as-a-service platforms. Every click, purchase, interaction, and view is being monetized in some way by default. Our ability as individuals to counter this is extremely limited; even when we opt out of data collection, we don’t really opt out of data collection-we just opt out of reaping its “benefits” within the platforms themselves.

Using Privacy Badger from Electronic Frontier Foundation (EFF) is one way to at least staunch some of the privacy bleed. But as we’ve seen, Google, Meta and others keep finding ways to gather data to ‘monetize’ in some way through their browsers and apps.

That data can be used for ill by a variety of players—including cybercriminals who use targeted malicious advertising on websites and search engines to deliver malware. It has been used in the past to target disinformation campaigns and manipulate political discourse.

True free speech is speech without manipulation, and being able to choose which conversations you want to be part of. Shutting down TikTok because of its China ties—an act that the incoming administration will likely seek to reverse in exchange for favors—is not the answer. It’s not even addressing the right question

TrustWave did a great job of outlining the operations of Rockstar2FA, a phishing-as-a-service platform with the ability to capture second-factor authentication tokens, a few weeks ago. But just before their report went out, Rockstar did a stage dive: most of their back-end infrastrucure got disconnected from Cloudflare's CDN. Given that they had started hosting a whole bunch of their phishing portals on Cloudflare itself through the pages.dev service, that was not good for them; abusing Cloudflare is a key element of their operations.

While they've been floundering, we saw another phish service with very similar TTPs step up their operations. At least one researcher had been tracking this group as "FlowerStorm." It's clear from our analysis of their front-end stuff that FlowerStorm and Rockstar share at least a common ancestor, if they're not just outright stealing code from each other or are somehow connected.

FlowerStorm has some subtle differences in their operation. We've done an analysis of those in a blot I pushed out today with the help of Mark Parsons, Johua Rawles, Mark Parsons, Jordon Olness, and Colin Cowie. We're continuing to dig into Flowerstorm as they've made some OpSec boo-boos, but never stop your enemy when they're making a mistake.

Read the report here: https://news.sophos.com/en-us/2024/12/19/phishing-platform-rockstar-2fa-trips-and-flowerstorm-picks-up-the-pieces/

It's like Trump tuned his picks to create the most chaos possible, the ones that would trigger every non-MAGA so hard that they would be shocked into a stupor by just how totally Dunning-Kruger his choices are.

My son keeps texting me Trump's reported cabinet picks for the lulz.

Please, G*d
“Cybersecurity is South Dakota’s next big industry,” Noem said last year. “South Dakota is in the middle of the country — and we’re landlocked, so foreign spy ships and subs can’t reach us. It makes a lot of sense for cybersecurity resources to be centered here.”
H/T to @gregotto https://cyberscoop.com/dhs-nominee-kristi-noem-cyber-grants-trump-admin/

This is your daily reminder that ad blockers and not clicking Google and other search ads are a good way to reduce your attack surface to some of the latest malware distribution methods. I'm currently putting together research on a couple of different malware / initial access tool delivery channels that use malvertising as their main method of distribution, using... *shocked face* compromised WordPress blogs as repositories.