Mediaboss Marketing

Written by Joe Warminsky Dec 8, 2020 | CYBERSCOOP

The former National Security Agency contractor convicted in 2018 of illegally leaking top secret information to a news organization will remain in federal prison after an appeals court upheld a ruling against a compassionate release amid the COVID-19 pandemic.

The eight-page opinion Monday from the U.S. Court of Appeals for 11th Circuit backed an earlier ruling that lawyers for Reality Winner had not sufficiently shown that her medical conditions or prison conditions justified an early release. The appeals court didnt rule on the merits of Winners argument it simply said the lower court had considered her request properly.

After careful consideration and with the benefit of oral argument, we conclude that the District Court did not abuse its discretion in denying Ms. Winners motion, Mondays opinion says. Because we resolve her appeal on this basis alone, we need not (and do not) address Ms. Winners other arguments.

In early April, Winner, now 29, had filed a motion for compassionate release with the U.S. District Court for the Southern District of Georgia, saying that she suffers from depression and an eating disorder, and that COVID-19 related prison lockdowns affected her ability to cope with those conditions, thus making her more susceptible to further illness. The district court rejected Winners motion without holding an evidentiary hearing.

Winner was working as a linguist for Pluribus International Corp., a government contractor, when she was accused of leaking leaking a report on Russian interference in U.S. elections. The Intercept published details from the document but says it did not know the exact source. Afterward, Winner was arrested and pleaded guilty to violating the Espionage Act.

Some have branded Winner a whistleblower, given that the leaked document expanded the publicly available information about the Russian threat to elections at a time when the White House was claiming it was a hoax.

Winner is serving her 63-month prison sentence at Federal Medical Center Carswell in Fort Worth, Texas, where it was reported this summer that she and about 500 other detainees had contracted COVID-19. She could be released by November 2021.

Her lawyers have noted that she is a nonviolent first offender who admitted her mistake. Those arguments and others werent enough to persuade the district court.

Winner has not carried the burden of demonstrating that her specific medical conditions under the particular conditions of confinement at FMC Carswell place her at a risk substantial enough to justify early release, U.S. District Judge J. Randal Hall wrote in April, in rejecting Winners motion. In fact, the court is constrained to observe that Winner is in a medical prison, which is presumably better equipped than most to deal with any onset of COVID-19 in its inmates.

U.S. courts have been hearing many requests like Winners this year as the COVID-19 pandemic rips through prison populations. In some cases, motions for compassionate release do succeed: Late last week a federal judge in Virginia sent a native of Kosovo back to his home country after the convicted hacker argued for his release.

Read the original here:
Former NSA contractor Reality Winner loses appeal, will remain imprisoned - CyberScoop

New Delhi: The Allahabad high court on Monday quashed the detention order of Javed Siddiqui under the stringent National Security Act (NSA) on the grounds that the authorities did not present his petition report before the advisory board on time.

According to a report in the Indian Express, a division bench of Justice Pradeep Kumar Srivastava and Justice Printinker Diwaker quashed the detention order on a habeas corpus plea by Siddiqui and observed that a law such as the NSA had to be exercised by the executive with extreme care.

Where the law confers extraordinary power on the executive to detain a person without recourse to the ordinary law of the land and to trial by courts, such a law has to be strictly construed and the executive must exercise the power with extreme care, the court said and noted that the executive was under obligation to pass detention order according to procedure established by law.

The court also ordered the forthwith release of Siddiqui, if he was not required in any other case.

The history of personal liberty is largely the history of insistence on observation of the procedural safeguards. The law of preventive detention, though is not punitive, but only preventive, heavily affects the personal liberty of individual enshrined under Article 21 of the Constitution of India and, therefore, the Authority is under obligation to pass detention order according to procedure established by law and will ensure that the constitutional safeguards have been followed, the high court observed.

Siddiqui was arrested earlier this year in June and booked under for arson and rioting after a number houses belonging to people from the Dalit community had been burnt down at Bhadethi village in the Sarai Khwaja locality of Jaunpur.

As per the courts order, the detention order against Siddiqui was passed on July 10 and the petitioner gave his representation July 20. The detention order for Siddiqui was approved on July 21, 2020. It is evident that the representation so given by the petitioner (Siddique) was well within the prescribed period of 12 days, the court said and noted that Siddiquis representation was rejected on August 14, 2020, after the advisory board had already made the recommendation for approval of the detention order on August 12.

Also read: UP is Primarily Using the National Security Act Against Those Accused of Cow Slaughter

The record shows that the representation of the petitioner was not placed before the Advisory Board till 12.08.2020 (August 12) even though the same was filed on 20.07.2020 (July 20). It remained pending with the State Government and after two days from the date the Advisory Board sent the recommendation, the same was rejected, the high court said.

The court also said that the state authority had given no reasonable explanation for the delay in forwarding the petitioners representation and not placing it before the advisory board. It is evident from the record that while extraordinary haste was shown in taking action against the petitioner, the authorities remained reluctant and there was complete inaction on their part causing an unjustified delay in processing the detenues representation against his detention under the NSA, the bench said in its order.

This inaction on the part of the authorities certainly resulted in deprivation on the right of the petitioner of the fair opportunity of hearing and it also resulted in denial of the opportunity of fair hearing to the petitioner as provided under the law. This is not permissible and is in gross violation of established legal and procedural norms and legal and constitutional protection, the Allahabad high court said.

The court said that it was of the opinion that delaying and not placing the representation before the advisory board speaks in volume about the reluctance on the part of opposite parties.

The plea of Covid-19, officials suffering from pandemic, intervening holiday or negligence on the part of an official on account of which he was suspended, are no reason, which could be attributed towards any fault or lapse on the part of the petitioner. Even on the date when the case was fixed before the Advisory Board, the authorities could have placed the representation of the petitioner before the Board. Thus, we find that no reasonable explanation has been given for the delay and not placing the representation before the Board, the high court said.

Reportedly in June, following an alleged brawl among children, over a dozen huts of people from the Dalit community were set ablaze and massive damages were caused to 14 other houses. The FIR registered against Javed Siddiqui accused him of attacking the Bhadethi village slums along with 80 people and indulging in riots and arson there while heaping anti-Dalit abuses on the slum inhabitants.

Siddiqui was later arrested and the Jaunpur district magistrate subsequently on July 10 issued a detention order against him under section 3(2) of the National Security Act.

In his habeas corpus plea, Siddiqui contended that he was not given a fair opportunity to present his case before the UP advisory board, Lucknow to challenge the detention order. He alleged that neither his representation was placed before the advisory board in time nor he was supplied relevant documents about his detention under the NSA.

Earlier this year, in response to the Uttar Pradesh governments repeated instances of invoking the National Security Act against alleged cow slaughter cases, the Allahabad high court raised concerns that the law was being misused to target innocent people.

(With inputs from PTI)

See more here:
Quashing Detention Order, Allahabad HC Asks Govt to Exercise NSA With 'Extreme Care' - The Wire

VMware has released security updatesto address a zero-day vulnerability inVMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector.

The vulnerabilityis a command injection bug tracked asCVE-2020-4006 and publicly disclosed two weeks ago.

While it did not issue any security updates at the time it disclosed the zero-day, VMware provided a workaround to help admins mitigatethe bug on affected devices.

If successfully exploited, the vulnerabilityenables attackers to escalate privileges and execute commands on the host Linux and Windows operating systems.

The full list of VMware product versions affected by thezero-day includes:

While initially, the company didn't disclose the identity of the organization or researcher who reported the vulnerability, VMware acknowledged the US DefenseDepartment'sintelligence agency contribution in an update to the security advisory made on Thursday.

VMware also lowered the bug'sCVSSv3 base score to 7.2/10 and the maximum severity rating from 'Critical' to 'Important.'

CVE-2020-4006 exists intheadministrative configurator of some releases of VMware Workspace ONE Access, Access Connector, Identity Manager, and Identity Manager Connector.

"A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges on the underlying operating system," the advisory explains.

"This account is internal to the impacted products and a password is set at the time of deployment. A malicious actor must possess this password to attempt to exploit CVE-2020-4006."

Threat actors can obtain the password needed to exploit the vulnerability using techniques documented in the MITRE ATT&CK database.

VMware released security updates that fully mitigate the vulnerability on devices running one of the affected products.

Information onpatch deployment steps, expected changes, and how to confirm that the patch has been applied are available within the patch files.

Links to download security updates forCVE-2020-4006 are available in the table embedded below.

DHS-CISAencouragedadmins and users on Thursday to apply the patchissued by VMware to thwart attackers' attempts to take over vulnerable systems.

Admins who can't immediately download and deploy the patch can still use the temporary workaroundthat fully removes the attack vector on impacted systems and prevents CVE-2020-4006 exploitation.

Details on how to implement and revert the workaroundonLinux-based appliances andWindows-based servers are available HERE.

However, once the workaround is applied, "configurator-managed setting changes will not be possible" asVMware explains.

More:
VMware fixes zero-day vulnerability reported by the NSA - BleepingComputer

Researchers at Forescout this morning released a report on a set of TCP/IP vulnerabilities theyre calling AMNESIA:33, the 33 referring to the number of vulnerabilities theyve found. Four they consider critical, and in general the issues are believed to broadly and deeply affect Internet-of-things devices. SC Magazine says that the US Department of Homeland Security is expected to release a report on the vulnerabilities soon, perhaps as early as today.

Both Haaretz and the Guardian are reporting on Forbidden Stories Cartel Project, which describes the ways in which Mexican police, users of NSO Groups lawful intercept products, have allegedly been reselling that technology to drug cartels, which in turn have used the spyware to monitor journalists and other third-parties. Some of the allegations are attributed to sources in the US Drug Enforcement Agency.

According to the Washington Post, despite the prospect of a Presidential veto, the US House appears ready to pass the National Defense Authorization Act (NDAA). CyberScoop summarizes the significant cybersecurity measures the NDAA ("biggest cyber bill ever") includes.

ZDNet reports that 2,732 PickPoint package delivery lockers across Moscow were opened by a criminal who hacked the PickPoint app. Landlords and guards responded quickly to keep an eye on obviously malfunctioning lockers. Russian security organizations (and by implication law enforcement organizations) take a lot of stick in these pages (see, for example, yesterdays warning from NSA that Russian intelligence services are actively exploiting a VMware bug), but this is one case where we wish the Militia good hunting.

View original post here:
AMESIA:33 IoT device vulnerabilities. Mexican police alleged to pass spyware to cartels. The US NDAA nears passage. Hacking lockers. - The CyberWire

The National Sheep Association (NSA) has received an increase in reports of attacks on sheep by dogs over recent weeks, most likely linked to continuing Covid-19 restrictions including several regional and national lockdowns across the UK.

Consequently, it is urging the public to take responsibility for their actions when in the countryside, and especially near livestock.

A spokesperson said: "First and foremost, dog owners must keep their animals under control and on a lead when walking near sheep. Not only do dogs pose a threat of injury to sheep, but at this time of year, when most ewes are already or soon to be in lamb the stress of being chased can lead to the pregnant sheep losing their lambs.

"Sheep are a hugely valuable asset to the farmer, and any damage to the flock can have detrimental effects. Likewise, sheep worrying is also a hugely traumatic experience for the shepherd, with several studies carried out by NSA showing that the risk of a potential attack happening causes significant stress and anxiety to farmers.

"Recent cases of sheep worrying have resulted in dogs being shot as a last resort option to halt a serious attack. This, of course, is never an action carried out by a farmer with ease but the law states that a farmer is in his/her rights to shoot an animal if it is found to be in the act of worrying livestock and dog owners should be aware of the potential danger they put their pet dog in if they are not responsible whilst out walking."

Read next: Loose dog kills flock of 16 sheep overnight

NSA chief executive Phil Stocker said: It must be stressed to owners who allow their dogs to chase, attack and potentially kill livestock that it is a criminal act and for very good reason. Few people would understand the stress and anger that a farmer or shepherd goes through by finding a dog attacking and killing sheep and very occasionally this can result in dogs being shot. We appreciate how distressing this would be for a dog owner but very few farmers would do this out of choice and anyone driven to do this would be highly distressed by the action as well I am certain.

Attacks on dogs often cause huge financial cost for the farmer but for most the initial stress and anxiety is equally impactful. The only way to avoid incidents like this is for dog owners to take proper responsibility for the dogs know where they are at all times and keep them on leads anywhere in the vicinity of livestock.

NSA is also urging dog walkers as well as others enjoying the countryside at this time to be aware of their responsibility in terms of the Covid-19 pandemic. When passing through farmland and farmyards walkers must be vigilant and consider that touching gates, fence posts, and stiles could potentially contaminate them which in turn could increase the viral spread to farmers and other walkers. Contact with these objects should be minimised and hands sanitised or washed as often as possible.

More here:
NSA warns livestock worrying is on the rise - South West Farmer