AnonymousMedia.org

Category: Uncategorized

  • Grand Jury Declines to Indict Dems Who Who Urged Troops to Reject Illegal Orders

    Grand Jury Declines to Indict Dems Who Who Urged Troops to Reject Illegal Orders


    Lawmakers and legal observers said it was deeply alarming that Trump’s DOJ even tried to secure the indictment.

    Honest, paywall-free news is rare. Please support our boldly independent journalism with a donation of any size.

    A federal grand jury on Tuesday declined to go along with an effort by the Trump Justice Department to indict Democratic lawmakers involved in a November video reminding members of the US military of their duty to refuse illegal orders, a message that came as President Donald Trump deployed troops to major American cities.

    The failed attempt to indict the six Democratic lawmakers was led by Trump loyalist Jeanine Pirro, a former Fox News host who is now serving as US attorney for the District of Columbia. The New York Times reported that federal prosecutors “sought to persuade the grand jurors that the lawmakers had violated a statute that forbids interfering with the loyalty, morale, or discipline of the US armed forces.”

    Trump, who has repeatedly weaponized the Justice Department against his political opponents, erupted in response to the 90-second video, accusing the Democratic lawmakers behind it of “seditious behavior, punishable by death.”

    The lawmakers who appeared in the video were Sens. Mark Kelly of Arizona and Elissa Slotkin of Michigan as well as Reps. Jason Crow of Colorado, Chrissy Houlahan and Chris Deluzio of Pennsylvania, and Maggie Goodlander of New Hampshire. The Democrats learned they were under investigation last month when they received inquiries from Pirro’s office.

    Lawmakers and legal observers said it was deeply alarming that the DOJ even tried to secure the indictment.

    “What an ugly assault on the First Amendment and on Congress,” said legal scholar Ryan Goodman. “Thankfully, thwarted.”

    Kelly, a retired Navy captain who is facing Pentagon attempts to censure him and cut his military benefits, said the effort to indict him and his fellow Democratic lawmakers was “an outrageous abuse of power by Donald Trump and his lackies.”

    “It wasn’t enough for Pete Hegseth to censure me and threaten to demote me, now it appears they tried to have me charged with a crime — all because of something I said that they didn’t like,” Kelly wrote on social media. “That’s not the way things work in America.”

    Slotkin, a former CIA officer who organized the November video, said Pirro pursued the indictment “at the direction of President Trump, who said repeatedly that I should be investigated, arrested, and hanged for sedition.”

    “Today, it was a grand jury of anonymous American citizens who upheld the rule of law and determined this case should not proceed. Hopefully, this ends this politicized investigation for good,” the senator said. “But today wasn’t just an embarrassing day for the administration. It was another sad day for our country.”

    “Because whether or not Pirro succeeded is not the point. It’s that President Trump continues to weaponize our justice system against his perceived enemies,” Slotkin added. “No matter what President Trump and Pirro continue to do with this case, tonight we can score one for the Constitution, our freedom of speech, and the rule of law.”

    Speaking against the authoritarian crackdown

    In the midst of a nationwide attack on civil liberties, Truthout urgently needs your help.

    Journalism is a critical tool in the fight against Trump and his extremist agenda. The right wing knows this — that’s why they’ve taken over many legacy media publications.

    But we won’t let truth be replaced by propaganda. As the Trump administration works to silence dissent, please support nonprofit independent journalism. Truthout is almost entirely funded by individual giving, so a one-time or monthly donation goes a long way. Click below to sustain our work.





    Source link

  • US reopens airspace over Texas border town after 'drone incursion'

    US reopens airspace over Texas border town after 'drone incursion'



    The FAA had closed the airspace around El Paso for more than a week citing security measures, but then quickly said flights could resume.



    Source link

  • WSL in the Malware Ecosystem

    WSL in the Malware Ecosystem


    WSL or “Windows Subsystem Linux”[1] is a feature in the Microsoft Windows ecosystem that allows users to run a real Linux environment directly inside Windows without needing a traditional virtual machine or dual boot setup. The latest version, WSL2, runs a lightweight virtualized Linux kernel for better compatibility and performance, making it especially useful for development, DevOps, and cybersecurity workflows where Linux tooling is essential but Windows remains the primary operating system. It was introduced a few years ago (2016) as part of Windows 10.

    WSL can be compared to a LOLBIN (living-off-the-land) because it’s implemented by Microsoft and allow many interesting operations. Attackers can drop Linux tools inside the WSL rootfs and execute it! Here is a quick example.

    You can access the WSL root filesystem through the “\\wsl$” share name:

    Once you copy a file into this directory, it becomes available in WSL:

    The test.sh file is just a simple shell script.

    But, more interesting, you can execute it from Windows too:

    Pretty cool isn’t it?

    I found a malware sample that checks for the presence of WSL in its code. Written in JavaScript, it first implement a method called is_wsl():

    
"is_wsl": () => {
  if (process.env.WSL_DISTRO_NAME) {
    return true;
  }
  try {
    if (fs.existsSync("/proc/version")) {
      const I = fs.readFileSync("/proc/version", "utf8");
      if (I.toLowerCase().includes("microsoft") || I.toLowerCase().includes("wsl")) {
        return true;
      }
    }
  } catch (S) {}
  return false;
},

    Another interesting one is get_wu() that will retrieve the username:

    
"get_wu": () => {
  try {
    const I = execSync("cmd.exe /c echo %USERNAME%", {
      "encoding": "utf8"
    }).trim();
    if (I && I.length > 0 && !I.includes("%USERNAME%")) {
      return I;
    }
  } catch (g) {}
  try {
    if (fs.existsSync("/mnt/c/Users")) {
      const Y = fs.readdirSync("/mnt/c/Users", {
        "withFileTypes": true
      });
      const w = ["Public", "Default", "All Users", "Default User"];
      for (const u of Y) {
        if (u.isDirectory() && !w.includes(u.name)) {
          return u.name;
        }
      }
    }
  } catch (M) {}
  return process.env.USERNAME || process.env.USER || null;
},

    And later in the code:

    
if (is_wsl()) {
    const windowsUsername = get_wu();
    if (windowsUsername) {
        return getWindowsBrowserPaths(windowsUsername);
   }
}

    If WSL is used, the /mnt directory is added in the list of interesting directories to process. This mount point provides indeed access to the host drives (C, D, …)

    
if (is_wsl()) {
    priorityDirs.push(\"/mnt\");
}

    The malware sample is “ottercookie-socketScript-module-3.js” (SHA256:f44c2169250f86c8b42ec74616eacb08310ccc81ca9612eb68d23dc8715d7370). It’s an Cryxos trojan with infosteaker capabilities.

    [1] https://learn.microsoft.com/en-us/windows/wsl/

    Xavier Mertens (@xme)

    Xameco

    Senior ISC Handler – Freelance Cyber Security Consultant

    PGP Key



    Source link