The United States economy plunged at an unprecedented rate this spring and even with a record rebound expected in the just-ended third quarter, the US economy will likely shrink this year for the first time since the Great Recession.

Gross domestic product (GDP), which measures the economy’s total output of goods and services, fell at a rate of 31.4 percent in the April-June quarter, only slightly changed from the 31.7 percent drop estimated one month ago, the Commerce Department reported on Wednesday.

The government’s last look at the second quarter showed a decline that was more than three times larger than the fall of 10 percent in the first quarter of 1958 when Dwight Eisenhower was president, which had been the largest decline in US history.

Economists believe the economy will expand at an annual rate of 30 percent in the current quarter as businesses have reopened and millions of people have gone back to work. That would shatter the old record for a quarterly GDP increase, a 16.7 percent surge in the first quarter of 1950 when Harry Truman was president.

The government will not release its July-September GDP report until October 29, just five days before the presidential election.

While President Donald Trump is counting on an economic rebound to convince voters to give him a second term, economists said any such bounce back this year is a longshot.

Economists are forecasting growth will slow significantly in the final three months of this year to a rate of about 4 percent and the US could actually topple back into a recession if Congress fails to pass another stimulus measure or if there is a resurgence of COVID-19. There are upticks in infections occurring right now in some regions of the country, including New York.

“There are a lot of potential pitfalls out there,” said Gus Faucher, chief economist at PNC Financial Services. “We are still dealing with a number of significant reductions because of the pandemic.”

In 2020, economists expect GDP to fall by about 4 percent, which would mark the first annual decline in GDP since a drop of 2.5 percent in 2009 during the recession triggered by the 2008 financial crisis.

“With economic momentum cooling, fiscal stimulus expiring, flu season approaching and election uncertainty rising, the main question is how strong the labor market will be going into the fourth quarter,” said Gregory Daco, chief US economist at Oxford Economics.

“With the prospect of additional fiscal aid dwindling, consumers, businesses and local governments will have to fend for themselves in the coming months,” Daco said.

The Trump administration is forecasting solid growth in coming quarters that will restore all of the output lost to the pandemic. Yet most economists believe it could take some time for all the lost output to be restored and they do not rule out a return to shrinking GDP if no further government support is forthcoming.

So far this year, the economy fell at a 5 percent rate in the first quarter, signalling an end to a near 11-year-long economic expansion, the longest in US history. That drop was followed by the second-quarter decline of 31.4 percent, which was initially estimated two months ago as a drop of 32.9 percent, and then revised to a decline of 31.7 percent last month.

The slight upward revision in this report reflected less of a plunge in consumer spending than had been estimated. It was still a record fall at a rate of 33.2 percent, but last month projections were for a decline of 34.1 percent. This improvement was offset somewhat by downward revisions to exports and to business investment.

Cisco yesterday released security patches for two high-severity vulnerabilities affecting its IOS XR software that were found exploited in the wild a month ago.

Tracked as CVE-2020-3566 and CVE-2020-3569, details for both zero-day unauthenticated DoS vulnerabilities were made public by Cisco late last month when the company found hackers actively exploiting Cisco IOS XR Software that is installed on a range of Cisco’s carrier-grade and data center routers.

Both DoS vulnerabilities resided in Cisco IOS XR Software’s Distance Vector Multicast Routing Protocol (DVMRP) feature and existed due to incorrect implementation of queue management for Internet Group Management Protocol (IGMP) packets on affected devices.

IGMP is a communication protocol typically used by hosts and adjacent routers to efficiently use resources for multicasting applications when supporting streaming content such as online video streaming and gaming.

“These vulnerabilities affect any Cisco device that is running any release of Cisco IOS XR Software if an active interface is configured under multicast routing and it is receiving DVMRP traffic,” Cisco said in an advisory.

“An administrator can determine whether multicast routing is enabled on a device by issuing the show igmp interface command.”

Successful exploitation of these vulnerabilities could allow remote unauthenticated hackers to send specially crafted IGMP packets to affected devices to either immediately crash the IGMP process or exhaust process memory and eventually crash.

The memory consumption may negatively result in instability of other processes running on the device, including routing protocols for both internal and external networks.

The vulnerabilities affect all Cisco devices running any release of Cisco IOS XR Software if an active interface is configured under multicast routing, and it is receiving DVMRP traffic.

At the time Cisco initially made these vulnerabilities public, the company provided some mitigation to resolve the issues and block the active exploitation attempts, but now it has finally released Software Maintenance Upgrades (SMUs) to address the vulnerabilities completely.

“Although there are no workarounds for these vulnerabilities, there are multiple mitigations available to customers depending on their needs,” the company said.

“When considering mitigations, it should be understood that for the memory exhaustion case, the rate limiter and the access control methods are effective. For the immediate IGMP process crash case, only the access control method is effective.”

Cisco customers are highly recommended to make sure they are running the latest Cisco IOS XR Software release earlier than 6.6.3 and Cisco IOS XR Software release 6.6.3 and later.

Cybersecurity researchers on Tuesday uncovered a new espionage campaign targeting media, construction, engineering, electronics, and finance sectors in Japan, Taiwan, the U.S., and China.

Linking the attacks to Palmerworm (aka BlackTech) — likely a China-based advanced persistent threat (APT) — Symantec’s Threat Hunter Team said the first wave of activity associated with this campaign began last year in August 2019, although their ultimate motivations still remain unclear.

“While we cannot see what Palmerworm is exfiltrating from these victims, the group is considered an espionage group and its likely motivation is considered to be stealing information from targeted companies,” the cybersecurity firm said.

Among the multiple victims infected by Palmerworm, the media, electronics, and finance companies were all based in Taiwan, while an engineering company in Japan and a construction firm in China were also targeted.

In addition to using custom malware to compromise organizations, the group is said to have remained active on the Taiwanese media company’s network for a year, with signs of activity observed as recently as August 2020, potentially implying China’s continued interest in Taiwan.

This is not the first time the BlackTech gang has gone after business in East Asia. A 2017 analysis by Trend Micro found the group to have orchestrated three campaigns — PLEAD, Shrouded Crossbow, and Waterbear — with an intent to steal confidential documents and the target’s intellectual property.

Stating that some of the identified malware samples matched with PLEAD, the researchers said they identified four previously undocumented backdoors (Backdoor.Consock, Backdoor.Waship, Backdoor.Dalwit, and Backdoor.Nomri), indicating “they may be newly developed tools, or the evolution of older Palmerworm tools.”

The brand new custom malware toolset alone would have made the attribution difficult if it were not for the use of dual-use tools (such as Putty, PSExec, SNScan, and WinRAR) and stolen code-signing certificates to digitally sign its malicious payloads and thwart detection, a tactic that it has been found to employ before.

Another detail that’s noticeably not too clear is the infection vector itself, the method Palmerworm has used to gain initial access to the victim networks. The group, however, has leveraged spear-phishing emails in the past to deliver and install their backdoor, either in the form of an attachment or through links to cloud storage services.

“APT groups continue to be highly active in 2020, with their use of dual-use tools and living-off-the-land tactics making their activity ever harder to detect, and underlining the need for customers to have a comprehensive security solution in place that can detect this kind of activity,” Symantec said.

Authors of new report call for radical change to economy, recognition of unpaid care work, usually done by women.

People in the United Kingdom would be happy to pay higher taxes for a fairer, more caring and gender-equal society as the coronavirus pandemic transforms people’s views about the world they want to live in, economists said on Wednesday.

In a report to be presented to parliamentarians, regional governments and business leaders, they laid out a radical road map for building a “caring economy” that puts people and the planet first.

“This is an idea whose time has come,” said Mary-Ann Stephenson, director of the Women’s Budget Group, a think-tank, which published the report.

“People don’t want to return to business as usual. We’re calling for a fundamental change in the way we approach the economy. It’s about a vision for doing things differently,” she told the Thomson Reuters Foundation.

At the heart of the proposed new economy is a recognition of society’s reliance on paid and unpaid care work – most of which is done by women – and the need to distribute this more equally.

Proposals include introducing free social care, free childcare, equal sharing of parental leave, a fairer minimum wage, a universal basic income for retired people and reducing the working week to about 30 hours.

Stephenson said the pandemic could be a catalyst for reform, similar in its effect to the introduction of the UK’s welfare system after World War II.

The transformation could be funded by major changes to the taxation system and borrowing, she added.

The survey of more than 2,000 people showed a significant majority would be willing to pay more tax to support secure jobs for everyone, a pay rise for key workers, green transport and affordable housing.

The British government’s budget deficit – the excess of its spending compared with its receipts – reached a record 174 billion pounds ($223bn) in the first five months of its fiscal year as it rolled out programmes to support laid-off workers and struggling businesses, the Office for Budget Responsibility reported last week.

The government’s net debt – the difference between its financial assets and liabilities – grew by almost 22 percent in August compared to a year earlier to 102 percent of the size of the UK economy, its highest since the 1960-61 fiscal year.

After reports that the UK’s Chancellor of the Exchequer, Rishi Sunak, was considering raising taxes to help plug the holes in the government’s finances, business groups and members of his Conservative Party were quoted in local media as saying that doing so would “choke off” the country’s economic recovery.

A more caring society

Stephenson said the pandemic had brought into stark relief the importance of care work to the economy – both paid and unpaid.

Women do 60 percent more unpaid work than men, reducing their time for paid employment, hurting their earnings and leaving them poorer in old age, she said.

The Women’s Budget Group poll suggested men, as well as women, overwhelmingly agreed that a better balance was needed between paid work, caring responsibilities and free time.

Three-quarters of respondents thought economic equality between women and men was the mark of a good society.

Four in five respondents – including three-quarters of men – agreed women and men should equally share caring for children, older and disabled relatives, with most saying the government should financially support men to provide more care.

“The way things work at the moment they don’t work for women, but they don’t work for men either,” Stephenson said. “Just as women need some time free from care, men need time to care.”

Troops brought together at joint training sites across South Sudan were deserting because of a lack of food, UN says.

The United Nations special envoy to South Sudan on Tuesday said almost no progress has been made in unifying the country’s warring forces under one army, as promised under a hard-fought peace deal.

The pledge to bring government and rebel soldiers under a national banner was a cornerstone of a September 2018 peace agreement that paused five years of bloodshed in which 380,000 people died.

But troops brought together at joint training sites across the troubled country were deserting because of a lack of food and other essentials, said UN Mission in South Sudan (UNMISS) special representative David Shearer.

“There has been almost no movement on the critical areas of security sector reform,” Shearer told a news conference in Juba.

“At the moment, the process is stuck. It hasn’t even moved past the first stage, where forces are trained and graduated. Urgent action is needed to move the process forward.”

There was a risk of renewed violence as soldiers disillusioned with the promise of peace return to their villages hungry and frustrated, he said.

“Disillusion is not a good thing – it could lead to frustration and anger and possibly violence,” he said.

“A number of people who are there with a promise of joining the armed forces are now going back to the villages… and could cause further instability on the ground.”

Shearer also criticised South Sudan’s government army for interfering with peacekeeping missions by UN troops tasked with protecting civilians and aid workers in hotspots plagued by armed unrest.

Last month, he said 92 blue helmets were prevented from taking up positions at a new UN base in Lobonok, some 110 kilometres (68 miles) from Juba, by government troops who have been fighting the National Salvation Front (NAS), a holdout rebel group.

The September 2018 agreement, to which NAS is not a signatory, paved the way for the creation of a power-sharing government in Juba, which took control in February 2020, formally ending the war.

But the young country, born in 2011 from an independence struggle with Sudan, is still fragile, racked by armed violence at a local level and crisis levels of food security.

I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks.

For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable to a critical privilege escalation bug that resides in the Netlogon Remote Control Protocol for Domain Controllers.

In other words, the underlying vulnerability (CVE-2020-1472) could be exploited by an attacker to compromise Active Directory services, and eventually, the Windows domain without requiring any authentication.

What’s worse is that a proof-of-concept exploit for this flaw was released to the public last week, and immediately after, attackers started exploiting the weakness against unpatched systems in the wild.

As described in our coverage based on a technical analysis published by Cynet security researchers, the underlying issue is Microsoft’s implementation of AES-CFB8, where it failed to use unique, random salts for these Netlogon messages.

The attacker needs to send a specially crafted string of zeros in Netlogon messages to change the domain controller’s password stored in the Active Directory.

For THN readers willing to learn more about this threat in detail, including technical information, mitigations, and detection techniques, they should join a live webinar (register here) with Aviad Hasnis, CTO at Cynet.

The free cybersecurity educational webinar is scheduled for September 30th at 5:00 PM GMT, and also aims to discuss exploits deployed in the wild to take advantage of this vulnerability.

Besides this, the Cynet team has also released a free detection tool that alerts you to any Zerologon exploitation in your environment.

Register for the live webinar here.

At least 17 of the 21-crew members of an ore carrier, which last changed crews in Manila, tested positive for COVID-19.

Australian soldiers are being deployed to Port Hedland, one of the world’s largest iron ore loading ports, to help contain a coronavirus outbreak on a bulk carrier that last changed crews in the seafaring city of Manila.

Seventeen of the 21-crew members on the ship have tested positive for the virus, ship owner Oldendorff Carriers said in a statement.

Ten of those confirmed with the virus have been moved to hotel quarantine while seven remain on board as part of an 11-person crew, authorities said.

Oldendorff said that the Manila crew change on September 5 complied with all protocols.

The statement neither mentioned the nationalities of the crew members with the virus, nor how many of the vessel’s staff are from the Philippines.

“All crew members tested negative for the virus before leaving the Philippines,” Oldendorff said.

The ship, which was scheduled to collect manganese ore which is used in steel production, is anchored off Port Hedland on the coast of Western Australia.

The sparsely populated state contained the virus early in the pandemic by closing its international and domestic borders. It now bars cruise ship arrivals but allows export carriers and limited international air arrivals in conjunction with a mandatory 14-day quarantine.

Up to 10 Australian Defence Force (ADF) personnel were expected to be deployed to Port Hedland after a request for assistance from the state government, an ADF spokesman said in a statement.

Nationwide cases down

Australia’s coronavirus hotspot state of Victoria on Tuesday reported 10 new cases in the past 24 hours, turning around a second wave that only last month was infecting more than 700 people every day.

The country’s second most populous state placed nearly five million residents of Melbourne, the state capital, under a stringent lockdown and curfew in early August, which it only began to lift on Sunday.

A key indicator, the rolling 14-day average, fell to 18.2, tracking ahead of state government expectations, officials said.

“That continuous improvement will serve us well as we continue to open up,” Premier Daniel Andrews told reporters on Tuesday.

“This strategy is working (and) is delivering us those lower numbers.”

Meanwhile, in neighbouring New South Wales, Premier Gladys Berejiklian said on Tuesday it was a “significant day again” after the state recorded zero local coronavirus cases for the fourth day in a row.

Two cases were reported under hotel quarantine over the last 24 hours.

The state of Queensland also reported zero new cases with only eight active cases remaining.

Earlier on Tuesday, Australian Prime Minister Scott Morrison issued a statement after worldwide coronavirus deaths reached one million.

“In the absence of a vaccine, we may have to live this way for years,” he said.

Australia has reported more than 27,000 cases and 882 deaths from the virus, many in care homes for the elderly.

Morrison also said that as the country looks to reopen its international borders to select countries with low COVID-19 cases, individuals arriving in Australia could be allowed to quarantine at home instead of staying at hotels for two weeks.

“We do look … to have our borders open up at some point to safe locations, whether it be New Zealand or parts of the Pacific, or places like South Korea or Japan, or countries that have had a much higher rate of success, then there are opportunities to look at those alternative methods,” he said.

Nearly half of the total annual figure of $88.6bn is accounted for by the export of commodities such as gold, diamonds and platinum, the report found.

Africa is losing nearly $89bn a year in illicit financial flows such as tax evasion and theft, amounting to more than it receives in development aid, a new UN study shows.

The estimate, published on Monday in the United Nations Conference on Trade and Development’s (UNCTAD) 248-page report, is the UN’s most comprehensive to date for Africa. It shows an increasing trend over time and is higher than most previous estimates.

Nearly half of the total annual figure of $88.6bn is accounted for by the export of commodities such as gold, diamonds and platinum, the report said. For example, gold accounted for 77 percent of total under-invoiced exports worth $40bn in 2015, it showed.

Understating a commodity’s true value helps conceal trade profits abroad and deprives developing countries of foreign exchange and erodes their tax base, UNCTAD said.

The report calls Africa a “net creditor to the world”, echoing economists’ observations that the aid-reliant continent is actually a net exporter of capital because of these trends.

“Illicit financial flows rob Africa and its people of their prospects, undermining transparency and accountability and eroding trust in African institutions,” said UNCTAD Secretary-General Mukhisa Kituyi.

Junior Davis, head of policy and research at UNCTAD’s Africa division, told the Reuters news agency the figure was likely an underestimate, citing data limitations.

Tackling illicit flows is a priority for the UN, whose General Assembly adopted a resolution on this in 2018, and the report urges African countries to draw on the report to present “renewed arguments” in international forums.

Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information.

Dubbed “Operation SideCopy” by Indian cybersecurity firm Quick Heal, the attacks have been attributed to an advanced persistent threat (APT) group that has successfully managed to stay under the radar by “copying” the tactics of other threat actors such as the SideWinder.

Exploiting Microsoft Equation Editor Flaw

The campaign’s starting point is an email with an embedded malicious attachment — either in the form of a ZIP file containing an LNK file or a Microsoft Word document — that triggers an infection chain via a series of steps to download the final-stage payload.

Aside from identifying three different infection chains, what’s notable is the fact that one of them exploited template injection and Microsoft Equation Editor flaw (CVE-2017-11882), a 20-year old memory corruption issue in Microsoft Office, which, when exploited successfully, let attackers execute remote code on a vulnerable machine even without user interaction.

Microsoft addressed the issue in a patch released in November 2017.

As is often the case with such malspam campaigns, the attack relies on a bit of social engineering to bait the user into opening a seemingly realistic Word document that claims to be about the Indian government’s defense production policy.

What’s more, the LNK files have a double extension (“Defence-Production-Policy-2020.docx.lnk”) and come with document icons, thereby tricking an unsuspecting victim into opening the file.

Once opened, the LNK files abuse “mshta.exe” to execute malicious HTA (short for Microsoft HTML Applications) files that are hosted on fraudulent websites, with the HTA files created using an open-sourced payload generation tool called CACTUSTORCH.

A Multi-stage Malware Delivery Process

The first stage HTA file includes a decoy document and a malicious .NET module that executes the said document and downloads a second-stage HTA file, which in turn checks for the presence of popular antivirus solutions before copying Microsoft’s credential back and restore utility (“credwiz.exe”) to a different folder on the victim machine and modifying the registry to run the copied executable every time upon startup.

Consequently, when this file gets executed, not only does it side-load a malicious “DUser.dll” file, it also launches the RAT module “winms.exe,” both of which are obtained from the stage-2 HTA.

“This DUser.dll will initiate the connection over this IP address ‘173.212.224.110’ over TCP port 6102,” the researchers said.

“Once successfully connected, it will […] then proceed for performing various operations based on the command received from C2. For example, if C2 sends 0, then it collects the Computer Name, Username, OS version etc. and sends it back to C2.”

Stating the RAT shared code-level similarities with Allakore Remote, an open-sourced remote-access software written in Delphi, Quick Heal’s Seqrite team noted that the Trojan employed Allakore’s RFB (remote frame buffer) protocol to exfiltrate data from the infected system.

Possible Links to Transparent Tribe APT

In addition, a few attack chains are also said to have dropped a previously unseen .NET-based RAT (called “Crimson RAT” by Kaspersky researchers) that comes equipped with a wide range of capabilities, including access files, clipboard data, kill processes, and even execute arbitrary commands.

Although the modus operandi of naming DLL files shares similarities with the SideWinder group, the APT’s heavy reliance on the open-sourced toolset and an entirely different C2 infrastructure led the researchers to conclude with reasonable confidence that the threat actor is of Pakistani origin — specifically the Transparent Tribe group, which has been recently linked to several attacks targeting the Indian military and government personnel.

“Thus, we suspect that the actor behind this operation is a sub-division under (or part of) Transparent-Tribe APT group and are just copying TTPs of other threat actors to mislead the security community,” Quick Heal said.

What is the difference between a penetration test and a red team exercise? The common understanding is that a red team exercise is a pen-test on steroids, but what does that mean?

While both programs are performed by ethical hackers, whether they are in-house residents or contracted externally, the difference runs deeper.

In a nutshell, a pen-test is performed to discover exploitable vulnerabilities and misconfigurations that would potentially serve unethical hackers. They primarily test the effectiveness of security controls and employee security awareness.

The purpose of a red team exercise, in addition to discovering exploitable vulnerabilities, is to exercise the operational effectiveness of the security team, the blue team. A red team exercise challenges the blue team’s capabilities and supporting technology to detect, respond, and recover from a breach. The objective is to improve their incident management and response procedures.

The challenge with pen-testing and red team exercises is that they are relatively high-resource intensive. A pen test can run for 1 to 3 weeks and a red team exercise for 4 to 8 weeks and are typically performed annually, if at all.

Today’s cyber environment is one of rapid and constant change. It is driven by evolving threats and adversarial tactics and techniques, and by the accelerated rate of change in IT and adaptations to the security stack. This has created a need for frequent security testing and demand for automated and continuous security validation or breach and attack simulation (BAS).

These solutions discover and help remediate exploitable vulnerabilities and misconfigurations, and they can be performed safely in the production environment. They enable security teams to measure and improve the operational effectiveness of their security controls more frequently than pen-testing. But can they be used in a red team exercise?

There are two approaches that need to be considered. The first, red team automation, has the obvious advantage of increasing the operational efficiency of a red team. It enables them to automate repetitive and investigative actions, identify exploitable weaknesses and vulnerabilities, and it provides them a good picture of what they are up against, fast.

In principle, this is not too far from what BAS provides today by supporting a broad set of attack simulations and providing a rich library of atomic executions codified to the MITRE ATT&CK framework. They even provide red teams the capability to craft their own executions. Red team automation can support red team activities, but the value is limited, and most red teams have their own set of homegrown tools developed for the same purpose.

A new approach, red team simulation, takes these capabilities a step further. It enables a red team to create complex attack scenarios that execute across the full kill chain, basically creating custom APT flows. Instead of executing a bank of commands to find a weakness, it performs a multi-path, sequenced flow of executions.

The primary advantage of this approach is that it incorporates logic into the flow. As the simulation progresses, it leverages the findings of previous executions in addition to external data sources and tools. It will even download tools on a target machine, based on the dependencies of an execution.

For example, a sample flow could include Mimikatz providing credential input to a PSexec based technique and drop to disk PSexec on the target machine if it’s missing. A red team simulation can include all the stages of an attack from initial access to impact and even reconnaissance performed in the pre-attack stage.

The benefits of red team simulation extend beyond operational efficiency for both in-house red teams and companies that provide red team services. Scenarios can be replayed to validate lessons learned from previous exercises. Red teams that operate in global companies can cover more geographies.

Even with red team simulation, the human factor remains key in assessing the result of an exercise and providing guidance to improve incident management and response procedures, but it makes red team exercises accessible and achievable to a larger market, where cost is a limiting factor.

For more information, visit www.cymulate.com and register for a Free Trial.

India’s coronavirus case tally passed 6 million on Monday after it reported 82,170 new infections in the last 24 hours, as the pandemic rages across the vast South Asian nation.

With 6.1 million infections according to the health ministry, India is on course to pass the United States in the coming weeks as the country with the most cases.

COVID-19 deaths rose by 1,039 in the last 24 hours to 95,542, the ministry said, which is 1.6 percent of total infections.

The nation of 1.3 billion people is home to some of the world’s most densely populated cities and has long been expected to record a large number of COVID-19 cases.

India has been adding 80,000 to 90,000 new infections each day since it started reporting the world’s highest daily rises from late August.

The infection is well-entrenched in the community

Anand Krishnan, a community medicine professor at the AIIMS

Prime Minister Narendra Modi on Sunday called on people to keep wearing face coverings when they venture out of their homes.

“These rules are weapons in the war against corona. They are potent tools to save the life of every citizen,” Modi said in his monthly radio address.

The virus initially hit large metropolises including the financial hub Mumbai and national capital New Delhi but has since spread to provincial and rural areas where healthcare systems are fragile and patchy.

Despite the continued march of the illness, the government is unlikely to reimpose the lockdown it has gradually lifted, after the harsh restrictions battered the economy and wrecked the livelihoods of millions of people, particularly the poor.

Some schools have reopened, and trains, metros, domestic flights, markets and restaurants have been allowed to operate with restrictions.

‘Part of our lives’

Anand Krishnan, a community medicine professor at the All India Institute of Medical Sciences (AIIMS) in Delhi, said the focus should be on treating people who contract the virus.

The virus initially hit large metropolises but has since spread to rural areas [Adnan Abidi/Reuters]

“The infection is well-entrenched in the community,” he told AFP news agency.

“The only thing that we can do is take care of people who are ill – identify them faster and treat them better. And follow the social-distancing norms. Beyond that, I don’t think there is anything specific that can be done.”

Some residents AFP spoke to in Delhi said that, while they remain cautious, their fears about the pandemic had lessened since the start earlier this year.

“I’m out of the house all day because of my work. I don’t step out of the house for anything else,” said 23-year-old medical store worker Umang Chutani.

“The future is uncertain but one can only be cautious and follow all safety protocols.”

Himanshu Kainthola, 61, who recovered from the virus last month after testing positive along with two other relatives, said his family’s fears “have reduced substantially”.

“We have made peace with it. We take the necessary precautions and invest in increasing our immunity rather than being anxious or scared of it.”

Creative writing student Santosh added that the virus was now “part of our lives”.

“You cannot shut down every business, because the economy cannot collapse… COVID-19 is not going to pay the rent,” he told AFP.

Belarusian police detained about 200 people as tens of thousands took to the streets in support of opposition leader Svetlana Tikhanovskaya, days after the country’s strongman president staged a secret inauguration.

Ahead of Sunday’s march, the top opposition Telegram channel, Nexta Live, which has more than two million subscribers, urged Belarusians to stage a symbolic “people’s inauguration of the real president” Tikhanovskaya.

The opposition movement calling for an end to President Alexander Lukashenko’s rule has kept up a wave of large-scale demonstrations since his disputed election win last month, with about 100,000 or more people taking to the streets every weekend.

AFP correspondents estimated a similar turnout on Sunday as crowds built up in Minsk despite the rain.

Tens of thousands of protesters including prominent athletes, drummers and a choir marched through the capital, with some demonstrators sporting cardboard crowns.

Protesters chanted “impostor” and “Sveta is our president” as they marched through Minsk and other cities decked out in red-and-white opposition colours.

“We have elected our president,” said protester Eleonora Naumova, holding a portrait of Lukashenko’s opposition rival Tikhanovskaya.

“We don’t want to live in a concentration camp,” the 48-year-old designer said.

Another protester, 36-year-old Sergei Mikhailov, said he wanted Belarus to become free and safe.

Wearing a makeshift crown from Burger King, he said: “If every impostor here can be crowned so why not me too?”

Armoured vehicles and water cannon were deployed on the streets ahead of the protest, several metro stations in central Minsk were closed, and the Palace of Independence, Lukashenko’s residence, was heavily guarded by riot police and barriers.

Interior Ministry spokeswoman Olga Chemodanova told the AFP news agency that “around 200” people were detained across Belarus.

Police used tear gas in the second largest city of Gomel and stun grenades in the eastern city of Mogilev, Viasna rights group said.

Chemodanova denied that police used stun grenades but confirmed that members of law enforcement used “riot control” equipment.

Fiftieth day of protests

Tikhanovskaya, who claimed victory over Lukashenko in the August 9 election and has taken shelter in Lithuania, a member of the European Union, said she supported the demonstrators.

“Today is the 50th day of our protests,” she said in a video address.

“We’ve come out to stop this regime, and we are doing this peacefully.”

Sunday’s march came a day after riot police in balaclavas detained 150 people at women’s rallies where protesters chanted “Sveta the president”.

Central squares and shopping centres where protesters have sought refuge from violent police detentions during earlier rallies were closed, AFP journalists reported.

Over the past month, riot police have detained thousands of protesters who have reported torture and abuse in custody, prompting international condemnation and proposed EU sanctions.

Several people have died in the crackdown.

Lukashenko has dismissed opposition calls for his resignation and sought help from Russia’s President Vladimir Putin, who has promised military backup if needed and a $1.5bn loan.

Lukashenko, who has ruled ex-Soviet state Belarus for 26 years, has also accused Western countries and NATO of supporting protesters or trying to destabilise the country.

He put his military on high alert after the vote and Belarus will host war games with several other ex-Soviet countries including Russia next month in what is being touted as a show of force against NATO.

European leaders have said they do not recognise, Lukashenko’s re-election and promised to impose sanctions on Belarus for rigging the vote and waging a post-election crackdown on peaceful demonstrations.

Russia said the EU’s decision not to recognise Lukashenko as the legitimate president contradicted international law and amounted to indirect meddling in the country.

On our first family holiday to the Blue Mountains, we were surrounded by thick bush. Early mornings smelled of eucalyptus oil from the gum trees. It was winter and cold, but I delighted in running through the rooms with my brother, pulling on the long cords hanging down from the high ceilings to turn the lights on and off. My joy did not last.

In the disinfectant soaked emergency room, the doctors marvelled at my stoicism. At only four years old, I stuck out my tongue unbidden and breathed in for the stethoscope, despite lung-wrenching bursts of asthma that had me gasping for air. I made no other sound. Right from the start, crying from fear or pain, or crying for any reason really, was actively discouraged. Snot and mucous blocked my already overburdened sinuses, making me worse. I was always an obedient child.

When I was young, I often fell sick. I was allergic to cow’s milk since birth and then to almost anything I touched, ingested or smelled. Sunshine makes me sneeze, and I get headaches from even the most expensive of perfumes worn by people standing a considerable distance away. My sense of taste has been diminished along with the ability to recognise and name every flavour in the food on my plate.

But despite, or perhaps because of, the damage, my sense of smell has been enhanced.

Lavender

Standing in our kitchen at home one day, aged eight, an intense aroma of lavender enveloped the room. When I inhaled deeply, it flooded my senses, and the solid countertops, cupboards and floors around me vanished from sight.

I remember nothing else, just an aide-memoire, a photo of me as a toddler sitting on the veranda at my grandmother’s house. It is black and white, but I know my hair was bright blonde back then. I had been caught in the act of falling over or awkwardly sitting down the way babies do when they are dressed in baggy overalls on top of voluminous cloth nappies.

As I look at this much smaller, much younger me, my nostrils fill with bouquets of lavender once more. It grew in great whorls along my grandmother’s driveway, and she made sachets of it to put in the drawers with her clothes.

That day in the kitchen grandmother came to say goodbye. Lavender is happiness mixed with melancholy and longing.

Jasmine and cigars

My parents fought a lot before they separated that same year. I perceived that the noise they made was not good, but I was too young to understand the content.

In summer, the house was permeated with the heady scent of jasmine. A vine grew around the railings on the terrace outside and when mum was happy, she would cut long tendrils of it and arrange it in three white elliptical vases. They fitted together to make a whole, in a way we as a family never did.

Most days she spent a lot of time in bed, curtains drawn. Dad worked and played hard, and was not in the house very often and when he was, the home became a battlefield with me the unwilling spectator. Yet the waft of a smouldering cigar still takes me back to sitting on his lap, content.

Pepper

Dinner times were sacred in that house. Mum was half English, so we sat up at the table and asked before we got down.

Serviettes were made of paper and only used when we had a takeaway, but napkins were nice and always made of cloth. The soup should be spooned away from the body, and the special round-headed spoons should never be confused with the oval-headed ones laid out for dessert.

Mum was big on rules. But it did not stop the fights between my older brother and sister. The tang of pepper always hits me like the shaker one of them threw at the other. I cannot remember who raised their arm, missed their target and got me square in the forehead instead. Dead centre. The lid came off, releasing the contents, making my eyes sting, and my nose run uncontrollably. Pepper still makes me sneeze but not as much as then. Its spice is tinged with threat.

Silver polish

At everyday meals we used the ordinary cutlery, keeping the silver set for best. Polishing it was one of the many chores I was given.

The silver polish, a pink semi-unguent liquid emanating forcefully from a plastic bottle, was unlike other chemical concoctions because it left my olfactory nerve in peace.

The repetition of applying the polish, rubbing it in and going over and over the surface until the black grease from handling was replaced by a brilliant sheen, was seductively hypnotic.

The non-stop chattering, as my mind tried to process life events and determine their meaning, stopped, and I just was. Calm.

In my teenage years, I did as my mother instructed and used my brain to question and challenge at every turn. Her method for dealing with this was to remain suspended in a palpable seething silence for weeks at a time.

When she did unleash, every moment of self-doubt, intimate secret joy, fear or concern I had confessed, in fact any daughterly intimacy I shared, no matter how insignificant, could and would be used to punish, torment and hurt me.

I learned early on that showing a reaction, any at all, was ill-advised.

By the time I was 18, I no longer gave her any ammunition, even about events as momentous as losing my virginity. How I longed to tell her, just to experience the thrill of knocking her off balance, if only for a moment.

[Jawahir Al-Naimi/Al Jazeera]

My memory paintbox

Looking back at my childhood is like viewing an incomplete painting. I can make out scattered, isolated instances of happiness, but on the whole, the canvas is largely blank.

My memory paintbox holds no fine brushes to define outlines or rich colour palette to fill in the hues. It only contains an automatic self-defence mechanism that blurs all the details when it comes to my emotions.

If voices are raised and feelings aired, a red cloud blankets my brain. Whole sentences and single words are obscured or even replaced by another from the same lexicon, similar but not equally exact in meaning. Nuance disables my comprehension. A few minutes after the fact, I cannot remember clearly what was said to me or what I myself said. Even innocuous titbits like what I was wearing, elude me.

Just thinking of initiating discussions about what makes me unhappy or facing conflict head-on suffocates me. I fight against intense panic and dread, and fail to understand what it is I am feeling, let alone know whether it is appropriate or not.

Throughout, my olfactory memory bank overflows. Like a dog distracted by high-pitched sounds, when I pick up a scent, I become completely obsessed by something no one else can discern. Crinkling my nostrils I have to sniff incessantly until I am able to identify what it is I can smell.

Blood

My first all-consuming, life-changing love was with a married man whose wife left him in spirit when she had a one night stand, years before she left him in person.

He and I lived together for two years, although I spent the last six months mustering up the willpower to leave him. I was 22 by then and cried a lot in the shower and constantly changed my mind.

Afterwards, we remained friends, good ones, joking about how we would grow old and disgraceful together. At least I would, he was already known for being outspoken and rude.

Then one day he took the lid off a bottle of paint thinner and drank it all down. He was not found for two weeks.

When I went round to his house a week later, the metallic stench of blood still lingered and clung to every corner of every room. It registered so pungently with my nasal cilia that I could taste it on my tongue. I sometimes notice a diluted version when I am at the dentist, or sucking a paper cut on my finger. Brackish and full of loss.

Sandalwood

I dropped out of university and went to London and hitch-hiked, bussed and ferried around Europe. For a whole year, I was free, from my family, my mother and my incomprehensible emotion-laden memories. I drank more than was good for me, danced with strangers and reinvented myself.

“Love ’em and leave ’em” was my unoriginal creed and a trailing caress of sandalwood my calling card.

The pure oil was sold in tiny exotic tinted glass bottles at Portobello Market in London, by solemn Indian men dressed in dhoti, armoured against the cold in ancient furs or discarded army greatcoats.

For once, I was just like all the other women I hung around with – pretty, young and fragrant. Normal.

Damp, talc and hospital smells

My father spent the last six weeks of his life in a drab palliative care unit built in a gully, dense with eucalyptus trees.

The building never really saw the sun, so a pervasive trace of damp mingled with the everyday hospital odours, like microwaved meals drowned in white sauce, the antiseptic whiff of soap and the fetid presence of death.

It was summer, and I went to see dad every day. It was so hot I carefully slathered my face with thick sunscreen each morning for the long walk down the hill, and back up again.

I took care to dress well, with matching handbag, shoes and lipstick to accentuate the smile on my face my father loved to see until the day he stopped talking.

Dad had always been a smart dresser and used the same brand of talc day in, day out. I can smell him shaking the light floury spots of white powder all over his shoulders from a time when I first started to retain memories. The red squeeze bottle standing sentry next to his hospital bed ran out the same day he was declared to be actively dying.

Substituting smells for feelings

I used to get great satisfaction in working out what it was I could smell. It substituted perfectly for needing to know what I felt. Acknowledging an emotion, perceiving a sentiment, or just identifying a memory as an expression of feeling a particular way is something I had never been able to completely articulate or comprehend.

When dad died, that began to change. After his death, if by chance I breathed in a waft of his talcum powder emanating from a passing stranger, I always looked up and smiled, expecting to see him. Of course I never did, but I relished the fragrance because it marked his presence, confirmed that he once was.

In contrast, I despised the sickly perfume of the sunscreen I wore to the hospital, and will not willingly choose to use it again. At first, it was because it served to remind me of my father’s absence. All the attendant feelings that accompanied the weeks he lay dying were listed in its ingredients. I was afraid if I rubbed it onto my skin again, those emotions would engulf me, just like the red fog that shuts down my brain during arguments.

However, the olfactory memories of my father sparked by the talc and the sunscreen are equally zoetic. They represent the whole of my father’s being and the total of my experience of his life and death. The negative emotions they evoke are as necessary and essential as the positive.

Without large, frightening, and overwhelming emotional episodes, times of joyous, delirious excitement and pleasure have no meaning. They need a context in which to take form, otherwise life is bereft of connotation and nothing more than an objective description of events.

Now, when I deliberately reach for a different brand of sunscreen, it is because I like the smell, and no longer a way to avoid identifying and dealing with how I feel.

The 18-year-old suspect says he carried out the attack in anger over republished caricatures of the Prophet Muhammad.

The chief suspect in a double stabbing in Paris told investigators he carried out the attack outside the former offices of Charlie Hebdo magazine in anger over caricatures of the Prophet Muhammad it recently republished.

The 18-year-old suspect said he intended to target the satirical weekly, which in January 2015 was targeted by gunmen, an official close to the investigation told AFP news agency on Saturday.

The attack on Friday came three weeks into a trial in Paris of suspected accomplices in the January 2015 attacks on Charlie Hebdo, a policewoman, and a Jewish supermarket that killed 17 people.

While the man is believed to have carried out the stabbings alone, eight other people are now also under arrest following two more detentions on Saturday.

The two new individuals arrested were the suspect’s younger brother and another acquaintance, a judicial source said.

The people wounded were employees of prize-winning TV production agency Premieres Lignes, whose offices are in the same block in central Paris that used to house Charlie Hebdo.

However, it is believed the two victims, who stepped out onto the street for a cigarette break, were not specifically attacked. They were badly wounded but their lives are not in danger.

The suspect mistakenly believed Charlie Hebdo’s offices were still in that building and wanted to attack journalists from the magazine, a source said, confirming information first published in the Le Parisien newspaper.

Charlie Hebdo moved offices after the 2015 attack and its current address is kept secret for security reasons.

French Interior Minister Gerald Darmanin said on Friday the attack was “clearly an act of Islamist terrorism”. Anti-terrorism prosecutors have opened an investigation.

Five of the individuals arrested were in an apartment in Pantin in the northern Paris suburb of Seine-Saint-Denis, the last presumed address of the suspected attacker.

The suspect arrived in France three years ago as an unaccompanied minor, apparently from Pakistan, but his identity was still being verified, the minister said.

Late on Friday, police released another man who was close to the scene of the attack but who was confirmed to have been a witness who “chased the assailant”, a judicial source said.

‘Could have done better’

Twelve people, including some of France’s most celebrated cartoonists, were killed in the attack on Charlie Hebdo’s offices by gunmen on January 7, 2015.

Charlie Hebdo angered many Muslims around the world by publishing cartoons of the Prophet Muhammad in 2006, and in a defiant gesture reprinted some of the caricatures before the trial.

In court are 14 alleged accomplices of brothers Said and Cherif Kouachi, the perpetrators of the 2015 attack on Charlie Hebdo that was claimed by a branch of al-Qaeda.

A female police officer was killed a day later, followed by the killing of four men in a hostage-taking at a Jewish supermarket by gunman Amedy Coulibaly the next day.

The magazine received new threats from al-Qaeda this month after it republished the controversial cartoons.

Darmanin admitted the risk of an attack around the former offices had been “underestimated” and said he had asked for an explanation from the police.

“It is obvious that we could have done better,” he said.

Former president’s candidacy rejected by Ivory Coast’s Constitutional Council on the grounds that he was handed a 20-year jail term by an Ivorian court last November.

The African Court on Human and Peoples’ Rights has said Ivory Coast should allow former President Laurent Gbagbo, who has been barred from running in October’s presidential election, to participate in the high-stakes poll.

The court, based in Arusha in Tanzania, on Friday asked Ivory Coast to “take all necessary steps to immediately remove all obstacles” preventing Gbagbo from being added to the electoral roll.

Ivory Coast withdrew its recognition of the court’s jurisdiction in April this year.

Gbagbo, who was president from 2000 to 2010, is not on the electoral roll which was updated this year, and thus cannot vote or be a candidate in the election.

The 75-year-old was freed conditionally by the International Criminal Court (ICC) in The Hague after he was cleared in January 2019 of crimes against humanity. He is living in Brussels pending the outcome of an appeal against the ICC ruling.

His candidacy was rejected by Ivory Coast’s Constitutional Council on the grounds that he was handed a 20-year prison term by an Ivorian court last November over the looting of the local branch of the Central Bank of West African States during the crisis that engulfed the country in 2010. Then, Gbagbo had refused to stand down after the electoral commission declared incumbent President Alassane Ouattara the winner of a delayed election.

At least 3,000 people were killed in the fighting that ensued between forces loyal to the two men, with both sides accused of committing atrocities.

The Arusha-based court also said Gbagbo’s conviction should not be included on his judicial record until it had time to deliver a full judgement.

The Constitutional Council, Ivory Coast’s top court, has rejected 40 of 44 applications to contest the October 31 election, which is taking place against a backdrop of rising political tensions.

Besides Gbagbo, those barred include former rebel leader Guillaume Soro, a 47-year-old former Ouattara ally and rebel commander who helped the president come to power in 2011.

The Ivorian court, however, accepted an application by Ouattara, 78, who is seeking a third term despite criticism that this sidesteps constitutional limits.

On September 15, the African court handed down a verdict in Soro’s favour, saying Ivory Coast should also “immediately remove all obstacles” preventing him from competing in the ballot.

Soro, who lives today in France, was barred from contesting the election on the grounds of a 20-year sentence, also in absentia, for alleged embezzlement of public funds, handed down in April.

Ouattara has blasted attempts by Gbagbo and Soro to contest the presidential election as “provocation” and said one of them belongs behind bars.

“Soro, like Gbagbo, was excluded because he has a criminal record,” Ouattara told the French magazine Paris Match.

“Each of them are perfectly aware that their candidacies are based on provocation … Guillaume Soro doesn’t deserve to be on the campaign trail but in prison,” he said.

“This young man, drunk on money and power, has simply lost his head.”

Soro, who was prime minister from 2007-2012 and head of parliament until last year, has dubbed Ouattara’s bid for a third term a “civilian coup d’etat” and urged the opposition to unite to stop him. Meanwhile, Ouattara’s main challenger, 86-year-old Henri Konan Bedie, has called for civil disobedience.

They accuse Ouattara, who has been in power for a decade, of violating the constitution by seeking another term. Ouattara says a constitutional change means his two-term limit has been reset.

Microsoft’s long-lived operating system Windows XP—that still powers over 1% of all laptops and desktop computers worldwide—has had its source code leaked online, allegedly, along with Windows Server 2003.

Yes, you heard that right.

The source code for Microsoft’s 19-year-old operating system was published as a torrent file on notorious bulletin board website 4chan, and it’s for the very first time when source code for Microsoft’s operating system has been leaked to the public.

Several reports suggest that the collection of torrent files, which weigh 43GB in size, also said to include the source code for Windows Server 2003 and several Microsoft’s older operating systems, including:

• Windows 2000
• Windows CE 3 
• Windows CE 4 
• Windows CE 5 
• Windows Embedded 7
• Windows Embedded CE
• Windows NT 3.5
• Windows NT 4
• MS-DOS 3.30 
• MS-DOS 6.0

The torrent download also includes the alleged source code for various Windows 10 components that appeared in 2017 and source code for the first operating system of the original Xbox that appeared online in May.

While Microsoft has not officially confirmed or denied the leak yet, several independent security researchers have since begun analyzing the source code and spoken of its legitimacy (1, 2).

Using the name billgates3, the leaker claims to have compiled the collection of leaked Microsoft source code over the course of the last few months.

The leaker also said that many Microsoft operating system source code files had been passed around privately between hackers for years.

So, the leaker decided to share the source code to the public, saying that “information should be free and available to everyone.”

“I created this torrent for the community, as I believe information should be free and available to everyone, and hoarding information for oneself and keeping it secret is an evil act in my opinion,” the leaker said, adding that the company “claims to love open source so then I guess they’ll love how open this source code is now that it’s passed around on BitTorrent.”

Besides containing source code, the torrent also includes a media folder (files and videos) related to conspiracy theories about Bill Gates.

The leaked source code should not come as a surprise as Microsoft does have a history of providing its OS source code to governments worldwide via a special Government Security Program (GSP) the company runs that allows governments and organizations controlled access to the source code.

Needless to say, Microsoft ended its support for Windows XP back in 2014, so its source code leak doesn’t make the systems running the outdated OS version more of a target, because there’s probably a ton of other unpatched vulnerabilities already exist.

But since operating systems may share code, exploitable flaws found in the Windows XP source code still present in Windows 10 can allow hackers to target newer versions of Windows operating system altogether, which would be a real threat to billions of users.

Kyle Rittenhouse, the teenager charged with killing two protesters and injuring another during demonstrations about race and justice in Kenosha, Wisconsin last month, will fight extradition from the US state of Illinois, his lawyer told a court hearing on Friday.

Rittenhouse, 17, has been charged by Kenosha County’s district attorney with six criminal counts in connection with the shooting of three people who tried to subdue or disarm him during protests on August 25, two of whom died.

Rittenhouse participated in the hearing at the Lake County Circuit Court in Illinois via video link from the detention facility where he is being held. He was wearing a black sweatshirt and a grey mask covered his face.

“Good morning, your honour,” he said to the judge in his only remarks in the hearing, which lasted just a few minutes.

Rittenhouse’s lawyers have said he acted in self-defence and have portrayed him as a courageous patriot who was exercising his right to bear arms during unrest over the police shooting of Jacob Blake, a Black man.

Kyle Rittenhouse raising his arms up as he walks towards law enforcement vehicles during a protest last month in Kenosha, Wisconsin [File: Brendan Gutenschwager/via Reuters]

The deadly Kenosha shootings occurred amid nationwide protests against anti-Black racism and police violence in the United States – and only two days after police in the Wisconsin city shot Blake seven times in the back, leaving him paralysed from the waist down.

During the Friday hearing, Rittenhouse’s lawyer John Pierce said he intends to challenge the extradition from Illinois “by writ of habeas corpus”.

Judge Paul Novak gave the defence 14 days to review papers and file pleadings before the October 9 hearing.

Pierce had asked for a month to prepare arguments challenging extradition that he said involve “issues of some complexity, frankly that have not arisen in the country for some time”.

He did not provide further details at the hearing about the basis for the challenge. The delay in returning Rittenhouse to Wisconsin is the second in the case.

The deadly shootings in Kenosha came amid US-wide protests against police brutality and anti-Black racism [File: Kerem Yucel / AFP]

Mike Nerheim, the Lake County state’s attorney, said after the hearing that Illinois Governor JB Pritzker had signed a warrant to return Rittenhouse to Wisconsin after a request was made by Wisconsin Governor Tony Evers, a fellow Democrat.

Rittenhouse’s lawyer asked for a chance to review the warrant, which Nerheim said he had received Friday morning.

Rare request

David Erickson, a former state appellate judge who teaches at Chicago Kent College of Law, said challenges to extradition are rare. When challenges do occur, he said, there are generally two arguments: that no crime was committed in the other state or that the defendant was not the person who committed the crime.

But Rittenhouse’s lawyers’ stated plan to pursue a habeas corpus challenge, which is generally defined as an argument that there are legal grounds for a defendant’s release, is even further outside the norm, Erickson said.

“It’s going to be some unique kind of theory, that’s for sure,” he said. “It’s not the standard two of ‘it ain’t me’ or ‘there’s no crime’,” he said.

When extradition is challenged, a judge will hold a hearing to consider arguments and witness testimony, Erickson said. If the court does not rule in Rittenhouse’s favour, he could appeal to the Illinois Supreme Court. But Erickson said he doubts it would take up such an appeal because the likeliest reason to overturn an extradition ruling would be a judge abusing his or her discretion.

Novak seems to be approaching the case with caution by giving Rittenhouse’s team weeks to prepare their arguments, Erickson said.

Six criminal counts

Rittenhouse is charged with first-degree intentional homicide in the killing of two protesters and attempted intentional homicide in the wounding of a third. He also faces a misdemeanour charge of underage firearm possession for wielding a semiautomatic rifle.

If convicted of first-degree homicide, Rittenhouse faces a mandatory life in prison sentence.

Tear gas filling the air as police in riot gear try to push back demonstrators near the Kenosha County Courthouse [File: Scott Olson/Getty Images/AFP]

Rittenhouse’s extradition might not be an issue at all if he had been arrested in Kenosha the night of the shootings.

A mobile phone video that captured some of the action shows Rittenhouse afterwards walking slowly towards a police vehicle with his hands up, only to be waved through by police. He returned to his Illinois home and turned himself in soon after.

Police later blamed the chaotic conditions for not arresting Rittenhouse at the scene.

Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems.

Developed by a German company, FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the world but has also been found in use by oppressive and dubious regimes to spy on activists.

FinSpy, also known as FinFisher, can target both desktop and mobile operating systems, including Android, iOS, Windows, macOS, and Linux, to gain spying capabilities, including secretly turning on their webcams and microphones, recording everything the victim types on the keyboard, intercepting calls, and exfiltration of data.

According to the human rights organization Amnesty International, the newly discovered campaign is not linked to ‘NilePhish,’ a hacking group known for attacking Egyptian NGOs in a series of attacks, involving an older version of FinSpy, phishing technique, and malicious Flash Player downloads.

Instead, the new versions of FinSpy for Linux and macOS, along with Android and Windows, were used by a new unknown hacking group, which they believe is state-sponsored and active since September 2019.

Uploaded on VirusTotal, all new malware samples were discovered as part of an ongoing effort by Amnesty International to actively track and monitor NilePhish’s activities.

The new binaries are obfuscated and stop malicious activities when it finds itself running on a virtual machine to make it challenging for experts to analyze the malware.

Moreover, even if a targeted smartphone isn’t rooted, the spyware attempts to gain root access using previously disclosed exploits.

“The modules available in the Linux sample are almost identical to the MacOS sample,” the researchers said.

“The modules are encrypted with the AES algorithm and compressed with the aplib compression library. The AES key is stored in the binary, but the IV is stored in each configuration file along with a MD5 hash of the final decompressed file.”

“The spyware communicates with the Command & Control (C&C) server using HTTP POST requests. The data sent to the server is encrypted using functions provided by the 7F module, compressed using a custom compressor, and base64 encoded.”

Meanwhile, the researchers have also provided indicators of compromise (IoC) to help researchers further investigate these attacks and users check whether their machines are among compromised ones.

Kaspersky researchers last year revealed a similar cyber-espionage campaign where ‘then-new’ FinSpy implants for iOS and Android were being used to spy on users from Myanmar.

As the pandemic continues to accelerate the shift towards working from home, a slew of digital threats have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks.

Now according to network security platform provider SAM Seamless Network, over 200,000 businesses that have deployed the Fortigate VPN solution to enable employees to connect remotely are vulnerable to man-in-the-middle (MitM) attacks that could allow an attacker to present a valid SSL certificate and fraudulently take over a connection.

“We quickly found that under default configuration the SSL VPN is not as protected as it should be, and is vulnerable to MITM attacks quite easily,” SAM IoT Security Lab’s Niv Hertz and Lior Tashimov said.

“The Fortigate SSL-VPN client only verifies that the CA was issued by Fortigate (or another trusted CA), therefore an attacker can easily present a certificate issued to a different Fortigate router without raising any flags, and implement a man-in-the-middle attack.”

To achieve this, the researchers set up a compromised IoT device that’s used to trigger a MitM attack soon after the Fortinet VPN client initiates a connection, which then steals the credentials before passing it to the server and spoofs the authentication process.

SSL certificate validation, which helps vouch for the authenticity of a website or a domain, typically works by verifying its validity period, digital signature, if it was issued by a certificate authority (CA) that it can trust, and if the subject in the certificate matches with the server the client is connecting to.

The problem, according to the researchers, lies in the use of default self-signed SSL certificates by companies. 

Given that every Fortigate router comes with a default SSL certificate that is signed by Fortinet, that very certificate can be spoofed by a third-party as long as it’s valid and issued either by Fortinet or any other trusted CA, thus allowing the attacker to re-route traffic to a server their control and decrypt the contents.

The main reason for this is that the bundled default SSL certificate uses the router’s serial number as the server name for the certificate. While Fortinet can use the router’s serial number to check if the server names match, the client appears to not verify the server name at all, resulting in fraudulent authentication.

In one scenario, the researchers exploited this quirk to decrypt the traffic of the Fortinet SSL-VPN client and extract the user’s password and OTP. 

“An attacker can actually use this to inject his own traffic, and essentially communicate with any internal device in the business, including point of sales, sensitive data centers, etc,” the firm said. “This is a major security breach that can lead to severe data exposure.”

For its part, Fortinet said it has no plans to address the issue, suggesting that users can manually replace the default certificate and ensure the connections are safe from MitM attacks.

Currently, Fortinet provides a warning when using the default certificate: “You are using a default built-in certificate, which will not be able to verify your server’s domain name (your users will see a warning). It is recommended to purchase a certificate for your domain and upload it for use.”

“The Fortigate issue is only an example of the current issues with security for the small-medium businesses, especially during the epidemic work-from-home routine,” Hertz and Tashimov noted.

“These types of businesses require near enterprise grade security these days, but do not have the resources and expertise to maintain enterprise security systems. Smaller businesses require leaner, seamless, easy-to-use security products that may be less flexible, but provide much better basic security.”

Pro-democracy politicians call for the release of 12 Hong Kong activists arrested at sea by Chinese authorities.

Opposition politicians in Hong Kong have staged a protest in the city’s legislature, calling for the release of 12 activists arrested at sea by China as international concern grows over the status of the detainees.

About a dozen members of Hong Kong’s legislature surrounded Chief Secretary Matthew Cheung on Friday, demanding he meet the detainees’ families and try to bring them home.

“Release the 12 Hong Kongers immediately,” the politicians shouted, holding up placards with the same message and delaying the start of Friday’s session.

The 12, who include a 16-year-old, were arrested on August 23 shortly after they set off from Hong Kong in a boat bound for self-ruled Taiwan.

Chinese police have said the detainees, who are being held in the southern city of Shenzhen, were suspected of illegal border crossing and they have been labelled “separatists” by China’s foreign ministry. Hong Kong authorities say they are all suspected of crimes in the territory related to the anti-government protests that erupted last year.

The families of some of the 12 held a news conference on September 12, masked and hooded to avoid identification, and made a plea to Chinese authorities to allow the detainees to contact family members and be represented by independent lawyers.

Relatives of 12 Hong Kong activists detained at sea by Chinese authorities attend a press conference in Hong Kong on Saturday, September 12, 2020 [Kin Cheung/ AFP]

China’s legal system is controlled by and loyal to the ruling Communist Party, meaning courts do not usually challenge party or government accusations.

Mainland authorities have said the legitimate rights of the 12 were being protected according to the law. Hong Kong’s government has said it cannot interfere on their behalf and they must face legal proceedings in China before they can come home, although it has said it is willing to provide “feasible” assistance to their families.

Responding to the legislators’ protest on Friday, Cheung said the detainees “were fugitives who committed serious crimes, skipped bail, violated laws in mainland waters”.

He added: “The immigration department and security bureau are the professional department to handle the matters. Senior management will continue to pay attention to the incident.”

Legal rights

The detainees include Wong Wai-yin, a 29-year-old unemployed mechanic who is facing criminal charges of manufacturing explosives. His wife told Reuters News Agency that Wong wrote a farewell note before his departure, saying: “I am sorry and thanks for accompanying me throughout the years.”

Wong’s wife, who feared the worst after reading the hand-written note, said her “heart lit up” when she heard that he was still alive. “But soon I became very nervous,” she said, fearing her husband would not receive fair treatment in mainland China.

She hired a lawyer on the mainland to represent Wong, but told Reuters her husband has not been allowed to meet him.

The incident has become another flashpoint in US-China relations, and added to tension between Beijing and Taiwan. Secretary of State Mike Pompeo said earlier this month that the United States was deeply concerned about the case, noting the detainees had been denied access to lawyers of their choice.

In Geneva on Wednesday, Western diplomats and academics urged China to clarify the status of the 12 detainees.

“Twelve Hong Kong democracy activists arrested in August off the coast have been denied access to lawyers of their choice. Local authorities have yet to provide information about their welfare or the charges against them,” said Mark Cassayre, deputy US ambassador.

Steve Tsang, an expert in Hong Kong and Chinese politics at the School of Oriental and African Studies (SOAS) at the University of London said “none of them have been accorded the normal legal rights that they would expect to enjoy as Hong Kong citizens”.

A senior Chinese official, speaking at the event, said the 12 were entitled to access to lawyers and the presumption of innocence, but did not say whether they had seen lawyers of their choice.