Tuesday, November 09, 2021

EDITED UPDATE PER REQUEST: Rogue Columnist Jon Talton: "I'm not offering a popular view among Rogue readers but here it is. . ."

(( 00 ___00 )) > A reduction in words responding to a admonition from JT

Go to the original for more clarity

THE MYSTERY ENDING ". ..If you can't beat the Real Estate Industrial Complex, join it. But the movie Chinatown was inspired by the California water wars of the early 20th century, especially securing Owens Valley water for Los Angeles. Here, it's backwards. There's no water to be had north of Buckeye. I don’t trust the state Department of Water Resources.

Whatever. The promoters will be rich and long gone when the catastrophe hits."

November 08, 2021

Writing off the news

No photo description available.

I know some friends of the blog are unenthusiastic when I post galleries of Phoenix history. But history is one of Rogue Columnist's missions. And the traffic goes through the roof. People love the photos. But back to the serious stuff.

The New York Times did an in-depth look at the astonishing lack of care in advance of the deadly crowd trampling at the rapper's concert on Friday. It says in part:

Concert organizers and Houston city officials knew that the crowd at a music festival planned by Travis Scott, a favorite local rapper turned megastar, could be difficult to control.

[. . .] But I urge you to read the whole thing here. I'll wait.

The concerns went unheeded and worse.

[. . .] A "mass casualty event" was declared by officials but the rapper continued for a shocking 40 more minutes. .

I come away from reading this and think, Are we insane?

• Meanwhile

[...] I'm not offering a popular view among Rogue readers but here it is.

[. . .] This "city of the future" would be entirely car-dependent, no commuter rail to Phoenix, and very sketchy water availability, especially long term. If anything, it's the city of the past.

Again I ask: Are we insane?

Yes. "It's Chinatown, Jonny." The bet on another huge Ponzi scheme. . ."

READ MORE AT THE SOURCE AND FILL-IN BETWEEN THE LINES

https://www.roguecolumnist.com/rogue_columnist/2021/11/writing-off-the-news.html

First Peoples Now Relegated to Reservations Get A Month, A Proclamation (and a Google Doodle) from the Rest of The Nation to Honor Their Heritage and Revise History

Better late than never or not at all. Readers of this blog are encourage to read more

Arizona

Indigenous Communities

Native American Heritage Month celebrates Indigenous communities across the nation

By: Shondiin Silversmith - November 2, 2021 10:55 am

"November is Native American Heritage Month, and for Indigenous people across the country, it’s a chance to share the unique ancestry, traditions, and contributions their communities make today and have made throughout history.

“Far too often in our founding era and in the centuries since, the promise of our Nation has been denied to Native Americans who have lived on this land since time immemorial,” President Joe Biden said in the proclamation naming November National Native American Heritage Month.

"Despite a painful history marked by unjust Federal policies of assimilation and termination, American Indian and Alaska Native peoples have persevered,” he added.

Biden signed a proclamation on Oct. 28, proclaiming November as National Native American Heritage Month. This provides a national spotlight for Indigenous people, communities, and organizations as they work to educate and share stories about the tribal nations across the US.

[. . .]

In Arizona, there are 22 federally recognized tribes, and each has its own culture, history and traditions — and the state has a population of over 332,000 Indigenous people, one of the highest in the US. Tribal land makes up 28% of Arizona’s land base, according to the Arizona Governor’s office.

Governor Doug Ducey on Wednesday announced that he signed a proclamation naming November Native American Heritage Month in Arizona as a way to recognize the historical, cultural, and economic contributions of Arizona’s Indigenous people. “Native American communities are an integral part of Arizona,” Ducey said. “Their diverse culture, rich history, and vibrant heritage strengthen our state, and we are thankful for all their contributions. This month, we are proud to recognize November as Native American Heritage Month.”

Ducey signed the proclamation at the State Capitol on Nov. 1.

> On the Navajo Nation, the Navajo Nation President Jonathan Nez and Vice President Myron Lizer shared their acknowledgment of National Native American Heritage Month across their social media platforms Monday.

> Gila River Gov. Stephen Roe Lewis commended Biden’s proclamation for November.

“Native American Heritage Month attests to the resilience and strength of the Gila River Indian Community, tribes across the state of Arizona, and across Indian Country,” Lewis said. “I appreciate President Biden’s proclamation designating the month of November as Native American Month and acknowledging that not only in this month but in every month, we must honor the enduring cultures and contributions of all Native Americans.”

> On a national level, Interior Secretary Deb Haaland — the first Native American to hold a cabinet post — kicked off the month in a video address on her Twitter page highlighting some of the work the U.S. Department of Interior continues to do for Native Americans, Alaska Natives, Native Hawaiians, and Island communities. Haaland is Laguna Pueblo from New Mexico.

‘Our nations, our stories’

How did Native American Heritage Month get started? The first proclamation for Native American Heritage Month came in 1990 from President George H.W. Bush, after Congress passed a resolution that designated November 1990 as National American Indian Heritage Month.

HOORAY! Chile's Green Hydrogen Push Will Be Huge, Minister Says

Facts USA: Data + Links to Learn More ...6 New Charts for Perspective on COVID-19 for second half of 2021

Reports include an increase in American Poverty for the first time in six years, measures to eliminate 2017 Tax Cuts and Jobs Act, data on veterans, Covid-19 cases and deaths, and the Delta Summer Surge.

Delta's summer surge by the numbers

Coronavirus cases are down 59% from the Delta variant's recent peak. Declining cases and the start of vaccinations for children 5 and up are promising signs at this point in the pandemic, but cases are still six times higher than they were in June. It's proven difficult to know what the future holds with this virus, but as the summer Delta surge subsides, USAFacts has six new charts for perspective on COVID-19 in the second half of 2021. Here's a sneak peek:

Alaska had the highest caseload during the four-month Delta surge, with 8% of its population infected. Maryland and Connecticut had the lightest caseloads, with just over 1% of their populations contracting COVID-19.

Before July, New Jersey had the country's highest cumulative COVID-19 death rate, with 297 deaths per 100,000 people. The Delta surge drove cumulative death rates in Mississippi, Alabama, and Louisiana over 300 per 100,000 residents. By then, New Jersey had the nation's lowest COVID-19 death rate: two deaths per 100,000.
The unvaccinated infection rate hit a Delta surge peak in the week ending August 21, when 737 out of 100,000 unvaccinated people were infected. The vaccinated infection rate that week was 121 new cases per 100,000 vaccinated people. See the chart below for cases among vaccination types.

The infection rate gap for vaccinated and unvaccinated Americans was the widest for those ages 12 to 17. For the week ending August 28, the weekly case rate among the unvaccinated in this group was 887 per 100,000 people. It was with 85 cases per 100,000 for vaccinated teenagers.

How are infection rates shifting for teens now? Or for the elderly? Click here for the data sorted by vaccinated and unvaccinated populations.

Celebrating Veterans Day

Thursday, November 11 is Veterans Day. What started as a day to commemorate the armistice that ended World War I has evolved in the United States to celebrate the service of thousands of men and women. Decades later, what's life like for American veterans? USAFacts has a data snapshot of veterans nationwide.

As of 2019, approximately 7% of American adults were veterans. That's 18 million people. The number of veterans is declining — there were more than 26 million in 2000. This is partly due to the shrinking size of the military and older veterans passing away.

The share of US veterans who served during the Vietnam War, Korean War, or World War II was 44.4% in 2019. The share who served after 9/11 was 21.7%. More than half of veterans were older than 65.
More than 9 million veterans were employed in 2019, with the largest group — 22% — working in government. Twelve percent of veterans were in manufacturing and 11% were in professional and business services, including consulting, management, and accounting.
Disability compensation has been the most-used benefit since at least 2000.

See more facts about former military members, including charts on Veterans Affairs expenditures, disability rates, and poverty rates.

Understanding the state and local tax deduction

Last week, lawmakers on Capitol Hill were deep in a debate on a measure enacted by the 2017 Tax Cuts and Jobs Act: the state and local tax deduction cap, often abbreviated as the SALT cap. Some in Congress want to keep it in place while others are demanding its removal. So, how does it work and what would it mean if it went away?

Typically, these deductions allow taxpaying homeowners who itemize their returns to deduct state and local taxes from what they'd pay to the government at tax time. The 2017 act capped the deduction amount at $10,000.
SALT's repeal could drastically change what taxes are collected. For example, California taxpayers filed $130 billion in state and local tax deductions for the 2017 tax year. In 2018, they claimed $83 billion. In New York, SALT deductions fell from $81 billion in 2017 to $42 billion in 2018.

See more background on SALT right here.

One last fact

According to Census Bureau data, the American poverty rate increased in 2020 for the first time in six years. Median household income dropped and fewer Americans had health insurance in 2020.

Monday, November 08, 2021

Ludovico Einaudi - Natural Light (Performance Video)

RANSOM WARE CYBER ATTACKS GONE WILD

WHOA! Bleep! Bleep! + More Bleep-Bleeps

MediaMarkt hit by Hive ransomware, initial $240 million ransom

Lawrence Abrams

BleepingComputer

Electronics retail giant MediaMarkt has suffered a Hive ransomware with an initial ransom demand of $240 million, causing IT systems to shut down and store operations to be disrupted in Netherlands and Germany.

MediaMarkt is Europe's largest consumer electronics retailer, with over 1,000 stores in 13 countries. MediaMarkt employs approximately 53,000 employees and has a total sales of €20.8 billion.

A Hive ransomware attack

MediaMarkt suffered a ransomware attack late Sunday evening into Monday morning that encrypted servers and workstations and led to the shutdown of IT systems to prevent the attack's spread.

BleepingComputer has learned that the attack affected numerous retail stores throughout Europe, primarily those in the Netherlands. . .

BleepingComputer has confirmed that the Hive Ransomware operation is behind the attack and initially demanded a huge, but unrealistic, $240 million ransom demand to receive a decryptor for encrypted files.

Ransomware gangs commonly demand large ransoms at the beginning to allow room for negotiation and usually receive a fraction of the initial demand. However, in the attack on MediaMarkt, BleepingComputer has been told it was almost automatically reduced to a much lower amount.

Hive ransom note

While it is not clear if unencrypted data has been stolen as part of the attack, Hive ransomware is known to steal files and publish them on their 'HiveLeaks' data leak site if a ransom is not paid.

When we reached out to MediaMarkt earlier today about the attack we received the following statement:

The MediaMarktSaturn Retail Group and its national organizations became the target of a cyberattack. The company immediately informed the relevant authorities and is working at full speed to identify the affected systems and repair any damage caused as quickly as possible. . .

Who is Hive ransomware?

Hive ransomware is a relatively new operation launched in June 2021 that is known to breach organizations through malware-laced phishing campaigns.

Once they gain access to a network, the threat actors will spread laterally through a network while stealing unencrypted files to be used in extortion demands.

When they gain admin access on a Windows domain controller, they deploy their ransomware throughout the network to encrypt all devices.

The ransomware gang is known to seek out and delete any backups to prevent them from being used by the victim to recover their data.

Hive has also created variants used to encrypt Linux and FreeBSD servers, commonly used to host virtual machines.

Unlike some ransomware operations that will not encrypt healthcare institutions, nursing homes, government agencies, and other essential services, Hive ransomware does not seem to care who they target.

In August, this was shown when Hive ransomware attacked the non-profit Memorial Health System, which forced staff to work with paper charts and disrupted scheduled surgeries.

Update 11/8/21 12:01 PM EST: Added statement from MediaMarkt.
Update 11/8/21 01:53 PM EST: Added information about Hive Ransomware.

State hackers breach defense, energy, healthcare orgs worldwide

Sergiu Gatlan

BleepingComputer

"Cybersecurity firm Palo Alto Networks warned over the weekend of an ongoing hacking campaign that has already resulted in the compromise of at least nine organizations worldwide from critical sectors, including defense, healthcare, energy, technology, and education.

To breach the orgs networks, the threat actors behind this cyberespionage campaign exploited a critical vulnerability (CVE-2021-40539) in Zoho's enterprise password management solution known as ManageEngine ADSelfService Plus which allows remotely executing code on unpatched systems without authentication.

The attacks observed by Palo Alto Networks researchers started on September 17 with scans for vulnerable servers, nine days after the US Cybersecurity and Infrastructure Security Agency (CISA) warned it detected exploits used in the wild and one day after a joint advisory was published by CISA, the FBI, and the United States Coast Guard Cyber Command (CGCYBER).

Exploitation attempts began on September 22 after five days of harvesting info on potential targets who hadn't yet patched their systems.

"While we lack insight into the totality of organizations that were exploited during this campaign, we believe that, globally, at least nine entities across the technology, defense, healthcare, energy and education industries were compromised," the researchers said.

"Through global telemetry, we believe that the actor targeted at least 370 Zoho ManageEngine servers in the United States alone. Given the scale, we assess that these scans were largely indiscriminate in nature as targets ranged from education to Department of Defense entities."

Following the joint advisory, the researchers observed another series of unrelated attacks that failed to compromise their targets, hinting at other state-backed or financially-motivated hacking groups likely joining in to exploit companies using Zoho servers.

Right now, according to Palo Alto Networks' scans, there are over 11,000 internet-exposed servers running the vulnerable Zoho software — it's currently unknown how many of these systems have been patched.

Targets on credentials, persistence

After successfully getting a foothold on their victims' systems using CVE-2021-40539 exploits, the threat actors first deployed a malware dropper that delivered Godzilla web shells on compromised servers to gain and maintain access to the victims' networks, as well as malware, including an open-source backdoor known as NGLite.

They also used KdcSponge, malware known as credential stealer, which hooks into Windows LSASS API functions to capture credentials (i.e., domain names, usernames, and passwords) that later get sent to attacker-controlled servers.

"After gaining access to the initial server, the actors focused their efforts on gathering and exfiltrating sensitive information from local domain controllers, such as the Active Directory database file (ntds.dit) and the SYSTEM hive from the registry," the researchers found.

"Ultimately, the actor was interested in stealing credentials, maintaining access and gathering sensitive files from victim networks for exfiltration."

Attacks linked to Chinese APT27 state hackers

Even though the researchers are working on attributing these attacks to a specific hacking group, they suspect that this is the work of a Chinese-sponsored threat group known as APT27 (also tracked as TG-3390, Emissary Panda, BRONZE UNION, Iron Tiger, and LuckyMouse).

The partial attribution is based on malicious tools and tactics used in this campaign that match APT27's previous activity as a hacking group active since at least 2010 and targeting the same range of industry sectors (e.g., defense, technology, energy, aerospace, government, and manufacturing) in cyber espionage campaigns.

Palo Alto Networks' report also includes analysis from US Government partners, including NSA's Cybersecurity Collaboration Center, a component designed to prevent and block foreign cyber threats to National Security Systems (NSS), the Department of Defense, and the Defense Industrial Base (DIB) with the help of private industry partners.

In early March, APT27 was also linked to attacks exploiting critical bugs (dubbed ProxyLogon) to achieve remote code execution without authentication on unpatched on-premises Microsoft Exchange servers worldwide.

US and allies, including the European Union, the United Kingdom, and NATO, officially blamed China in June for this year's widespread Microsoft Exchange hacking campaign

===========================================