Thursday, May 05, 2022
Council Study Session - 5/2/2022
| File #: | 22-0181 |
| Type: | Ordinance | Status: | Agenda Ready |
| In control: | City Council |
| On agenda: | 5/2/2022 |
| Title: | ZON21-00940 (District 2) Within the 3100 block of East Southern Avenue (south side) and the 1200 block of South 32nd Street (west side). Located east of Lindsay Road on the south side of Southern Avenue (2.4± acres). Rezone from Single Residence 9 (RS-9) to Multiple Residence 3 with a Planned Area Development overlay (RM-3-PAD) and Site Plan Review. This request will allow for a multiple residence development. Staff Recommendation: Approval with conditions P&Z Board Recommendation: Approval with conditions (Vote: 6-0) (Continued to the June 20, 2022 City Council meeting) |
| Attachments: | 1. Presentation, 2. Council Memo, 3. Staff Report, 4. Ordinance, 5. Ordinance Map, 6. Vicinity Map, 7. Site Plan, 8. Good Neighbor Policy, 9. P&Z Minutes, 10. Submittal Documents |
| Meeting Name: | City Council Study Session | Agenda status: | Final |
| Meeting date/time: | 5/2/2022 4:30 PM | Minutes status: | Draft |
| Meeting location: | Lower Council Chambers | ||
| Published agenda: |  Agenda | Published minutes: | Not available | |
| Meeting video: |
| Attachments: |
| File #: | 22-0590 |
| Type: | Presentation | Status: | Agenda Ready |
| In control: | City Council Study Session |
| On agenda: | 5/2/2022 |
| Title: | Hear a presentation, discuss, and provide direction on the Parks, Recreation and Community Facilities Department budget, including the City's special events. |
| Attachments: | 1. Presentation |
| File #: | 22-0581 |
| Type: | Contract | Status: | Agenda Ready |
| In control: | City Council |
| On agenda: | 5/2/2022 |
| Title: | Dollar-Limit Increase to the Term Contract for Contractor Building Maintenance Services as requested by the Parks Recreation and Community Facilities Department (PRCF) (Citywide) The increase will provide sufficient funding for necessary repairs to Mesa City Plaza and Dobson Ranch Golf Course, as well as future building maintenance services required by PRCF, until the contract expires on 10/31/2022. The Parks Recreation and Community Facilities Department and Purchasing recommend increasing the dollar limit with Builders Guild Inc. (a Mesa business), Diamond Ridge Development, East Valley Disaster Services (a Mesa business), SDB Inc., Skyline Builders, August Building Company, LLC; BWC Enterprises Inc., dba Woodruff Construction; and Robert N Ewing General Contractor, Year 5 by $3,500,000, from $2,700,000 to $6,200,000, based on estimated requirements. |
| Attachments: | 1. Presentation, 2. Council Report |
Wednesday, May 04, 2022
You might have missed this ...News from The Other Side
3 May, 2022 15:15
Terror attack foiled near Ukrainian border – Transnistria
A weaponized cargo drone was intercepted overnight near a large telecom center located in the village of Mayak, the Interior Ministry of the self-proclaimed republic of Transnistria said on Tuesday.
The intercepted drone appeared to be a home-made contraption, jury-rigged from different parts, the ministry said.
“The drone with a diameter of one and a half meters was assembled from various components. The equipment was so powerful it could move loads of up to 20 kilograms to a distance of some 30 kilometers from the operator who controlled it,” it added.
The drone carried a canister containing “unknown brown liquid” and a small barrel containing two kilograms of plastic explosives with radio detonators attached. Imagery released by the Transnistrian authorities suggest the drone was also fitted with a payload release system to drop its deadly cargo.
The aircraft was “neutralized” by the border guards deployed to patrol the crucial facility after it was attacked by unknown assailants late in April. Back then, two large radio masts transmitting Russian radio stations were blown up in the center.
In recent days, Transnistria has endured a string of mysterious incidents involving the region’s critical civilian and military infrastructure. Apart from the attacks on the Mayak broadcasting center, Transnistria’s Ministry of State Security was targeted by three unknown assailants, who fired shoulder-mounted rocket launchers at the building, shattering its windows and damaging its façade. Several explosions also occurred at a military compound outside Transnistria’s capital city of Tiraspol.
The president of the self-proclaimed republic, Vadim Krasnoselsky, blamed the incidents he described as “terror attacks” on Ukrainian nationals, urging Kiev to probe the armed groups that had allegedly infiltrated his region.
Transnistria, officially known as the Pridnestrovian Moldavian Republic (PMR), is an unrecognized state located along a narrow strip of land between the Dniester River and Ukrainian border in the eastern part of Moldova.
The region broke away from Moldova in the early 1990s, shortly after the collapse of the Soviet Union. The region maintains close ties with Russia, with Russian peacekeepers stationed there and a vast part of the local population holding Russian citizenship."
1,2,3 >> DNS POISONING FLAW ...ISPs ordered to block the pirate websites "by any technological means available."
THREE REPORTS:
1 First discovered in 2008 by researcher Dan Kaminsky, DNS poisoning requires a hacker to first masquerade as an authoritative DNS server and then use it to flood a DNS resolver inside an ISP or device with fake lookup results for a trusted domain. When the fraudulent IP address arrives before the legitimate one, end users automatically connect to the imposter site. The hack worked because the unique transaction assigned to each lookup was predictable enough that attackers could include it in fake responses.
Gear from Netgear, Linksys, and 200 others has unpatched DNS poisoning flaw
Vulnerability in 3rd-party libraries can send devices users to malicious sites.
"Hardware and software makers are scrambling to determine if their wares suffer from a critical vulnerability recently discovered in third-party code libraries used by hundreds of vendors, including Netgear, Linksys, Axis, and the Gentoo embedded Linux distribution.
The flaw makes it possible for hackers with access to the connection between an affected device and the Internet to poison DNS requests used to translate domains to IP addresses, researchers from security firm Nozomi Networks said Monday. By feeding a vulnerable device fraudulent IP addresses repeatedly, the hackers can force end users to connect to malicious servers that pose as Google or another trusted site.
The vulnerability, which was disclosed to vendors in January and went public on Monday, resides in uClibc and uClibc fork uClibc-ng, both of which provide alternatives to the standard C library for embedded Linux. Nozomi said 200 vendors incorporate at least one of the libraries into wares that, according to the uClibc-ng maintainer, include the following:
- Linksys WRT54G - Wireless-G Broadband Router
- NetGear WG602 wireless router
- Most Axis network cameras
- Embedded Gentoo
- Buildroot, a configurable means for building busybox/uClibc-based systems.
- LEAF Bering-uClibc, the successor of the Linux Router Project that supports gateways, routers, and firewalls.
- Tuxscreen Linux Phone
[ ]
What's DNS poisoning, anyway?
DNS poisoning and its DNS cache-poisoning relative allow hackers to replace the legitimate DNS lookup for a site such as google.com or arstechnica.com—normally 209.148.113.38 and 18.117.54.175 respectively—with malicious IP addresses that can masquerade as those sites as they attempt to install malware, phish passwords, or carry out other nefarious actions . . ."
2 The three lawsuits were filed by Israeli TV and movie producers and providers against Doe defendants who operate the websites. Each of the three rulings awarded damages of $7.65 million. TorrentFreak pointed out the rulings in an article Monday.
Every ISP in the US has been ordered to block three pirate streaming services
ISPs ordered to block the pirate websites "by any technological means available."
"A federal judge has ordered all Internet service providers in the United States to block three pirate streaming services operated by Doe defendants who never showed up to court and hid behind false identities.
The blocking orders affect Israel.tv, Israeli-tv.com, and Sdarot.tv, as well as related domains listed in the rulings and any other domains where the copyright-infringing websites may resurface in the future. The orders came in three essentially identical rulings (see here, here, and here) issued on April 26 in US District Court for the Southern District of New York.
Each ruling provides a list of 96 ISPs that are expected to block the websites, including Comcast, Charter, AT&T, Verizon, and T-Mobile. But the rulings say that all ISPs must comply even if they aren't on the list:
It is further ordered that all ISPs (including without limitation those set forth in Exhibit B hereto) and any other ISPs providing services in the United States shall block access to the Website at any domain address known today (including but not limited to those set forth in Exhibit A hereto) or to be used in the future by the Defendants ("Newly Detected Websites") by any technological means available on the ISPs' systems. The domain addresses and any Newly Detected Websites shall be channeled in such a way that users will be unable to connect and/or use the Website, and will be diverted by the ISPs" DNS servers to a landing page operated and controlled by Plaintiffs (the "Landing Page").
That landing page is available here and cites US District Judge Katherine Polk Failla's "order to block all access to this website/service due to copyright infringement."
"If you were harmed in any way by the Court's decision you may file a motion to the Federal Court in the Southern District of New York in the above case," the landing page also says.
[. ] Rulings further target web hosts and banks. . .Financial institutions face similar bans on doing business with the blocked websites. The rulings directly target the defendants' monetary accounts, saying that plaintiffs "shall have the ongoing authority to serve this Order on any party controlling or otherwise holding such accounts" until they have "recovered the full payment of monies owed to them by any Defendant under this Order." This applies to PayPal, banks, and payment providers in general."
3 It’s not the kind of security discovery that happens often. A previously unknown hacker group used a novel backdoor, top-notch tradecraft, and software engineering to create an espionage botnet that was largely invisible in many victim networks.
Botnet that hid for 18 months boasted some of the coolest tradecraft ever
Once-unknown group uses a tunnel fetish and a chameleon's ability to blend in.
". . .The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims’ networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim environment and picking up where things left off. There are many keys to its stealth, including:
- The use of a unique backdoor Mandiant calls Quietexit, which runs on load balancers, wireless access point controllers, and other types of IoT devices that don’t support antivirus or endpoint detection. This makes detection through traditional means difficult.
- Customized versions of the backdoor that use file names and creation dates that are similar to legitimate files used on a specific infected device.
- A live-off-the-land approach that favors common Windows programming interfaces and tools over custom code with the goal of leaving as light a footprint as possible.
- An unusual way a second-stage backdoor connects to attacker-controlled infrastructure by, in essence, acting as a TLS-encrypted server that proxies data through the SOCKS protocol.
A tunneling fetish with SOCKS
In a post, Mandiant researchers Doug Bienstock, Melissa Derr, Josh Madeley, Tyler McLellan, and Chris Gardner wrote:
Throughout their operations, the threat actor demonstrated sophisticated operational security that we see only a small number of threat actors demonstrate. The threat actor evaded detection by operating from devices in the victim environment’s blind spots, including servers running uncommon versions of Linux and network appliances running opaque OSes. These devices and appliances were running versions of operating systems that were unsupported by agent-based security tools, and often had an expected level of network traffic that allowed the attackers to blend in. The threat actor’s use of the QUIETEXIT tunneler allowed them to largely live off the land, without the need to bring in additional tools, further reducing the opportunity for detection. This allowed UNC3524 to remain undetected in victim environments for, in some cases, upwards of 18 months.
The SOCKS tunnel allowed the hackers to effectively connect their control servers to a victim’s network where they could then execute tools without leaving traces on any of the victims' computers. . .
[. ]
One of the ways the hackers maintain a low profile is by favoring standard Windows protocols over malware to move laterally. To move to systems of interest, UNC3524 used a customized version of WMIEXEC, a tool that uses Windows Management Instrumentation to establish a shell on the remote system.
Eventually, Quietexit executes its final objective: accessing email accounts of executives and IT personnel in hopes of obtaining documents related to things like corporate development, mergers and acquisitions, and large financial transactions. . ."
-
Flash News: Ukraine Intercepts Russian Kh-59 Cruise Missile Using US VAMPIRE Air Defense System Mounted on Boat. Ukrainian forces have made ...
