What I'm Reading 8/14/2020 - That Tech Giant Anti-Trust Case May Not Be As Easy As People Think

The Register - This NSA, FBI security advisory has four words you never want to see together: Fancy Bear Linux rootkit -

The NSA and FBI are sounding the alarm over a dangerous new strain of Linux malware being employed by Russian government hackers often dubbed the Fancy Bear crew.

Uncle Sam explicitly said on Thursday the miscreants – formally known as the 85th Main Special Service Center (GTsSS) – operate within the Russian intelligence directorate, aka the GRU. The software nasty in question is Drovorub, a rootkit designed to infect Linux systems, take control of them, and siphon off files. It is used against very particular targets that are valuable to the Kremlin, so before you panic, bear that in mind – no pun intended.

 Cyberscoop - Ex-DHS officials urge department to double down on its cybersecurity work -

A new bipartisan report from former DHS officials suggests the department cut ties with some of the “most partisan” aspects of its work, and redouble its efforts to protect the country from cyberthreats and infectious diseases.

“For the defense of American democracy to succeed, the secretary of homeland security and DHS generally will need to be, to the greatest extent possible, ‘above politics,’” states the report, which the Atlantic Council released Thursday.

The Verge - Amazon can be held liable for products sold on Marketplace, appeals court rules -

Amazon can be held liable for defective products sold on its Marketplace in California, an appeals court ruled Thursday. The California Fourth District Court of Appeals reversed a 2019 trial court ruling and reinstated claims from a woman who says she suffered third-degree burns when a defective laptop battery she bought from a third-party seller on Amazon caught fire.

NY Post - Trump: ‘A lot of people’ think Edward Snowden ‘not being treated fairly’  -

Trump’s comments reflect a remarkable softening in his views about the man he once deemed a “traitor” worthy of execution. Republican lawmakers and the Justice Department’s inspector general recently highlighted misuse of the Foreign Intelligence Surveillance Act and the secret FISA court to surveil former Trump adviser Carter Page.

“Snowden is one of the people they talk about. They talk about numerous people, but he is certainly one of the people that they do talk about,” Trump said on Thursday, before turning to his aides. “I guess the DOJ is looking to extradite him right now? … It’s certainly something I could look at. Many people are on his side, I will say that. I don’t know him, never met him. But many people are on his side.”

 Bloomberg - U.S. Faces Bumpy Antitrust Road Despite Big Tech’s Emails, Memos -

U.S. tech giants have enormous influence over what we buy, read, see and think. But is their market power illegal? At a July 29 House hearing, lawmakers leveled monopoly-abuse accusations at the leaders of Amazon.com Inc., Apple Inc., Alphabet Inc.’s Google and Facebook Inc. We sift through the charges, compile the evidence, summarize the CEOs’ defenses and ask the experts if the lawmakers made their case. 

 The Register - CREST: We are investigating NCC Group certification cheat sheet scandal – and not with NCC personnel -

Exclusive British infosec accreditation body CREST has changed some of its exams after cheat sheets containing exam answers and practical walkthroughs were posted on GitHub in a repo that NCC Group confirmed included its own documents.

In an email to all CREST members sent on the afternoon of 12th August, the certification body assured members that leaked elements of its certification exams have now been "deprecated" as part of a process already in motion "between June 2018 and July 2020".

 This probably means more to any random European passing thru here.  I don't think Crest exams are real popular in the US.