Security and Microsoft Tax Evasion

posted by Roy Schestowitz on Oct 17, 2022

• iTWire - Optus' digital ad spend back to normal after breach, says data firm

  Australia's second biggest telco Singtel Optus dropped its daily digital advertising spend from US$55,000 (A$88.1 million) on 21 September to less than US$5000 on 22 September, the day it announced a massive data breach, a data analytics company says.

  Digital marketing intelligence company Pathmatics said Optus’ decision to reduce its advertising did not come as a surprise as this is the normal response during a crisis.

  Ten days after the breach, the company had yet to re-ignite its advertising efforts. But since 14 October, the digital advertising spend has come back to normal levels.

• Security updates for Monday

  Security updates have been issued by Arch Linux (kernel, linux-hardened, linux-lts, and linux-zen), Debian (python-django), Fedora (apptainer, kernel, python3.6, and vim), Gentoo (assimp, deluge, libvirt, libxml2, openssl, rust, tcpreplay, virglrenderer, and wireshark), Slackware (zlib), SUSE (chromium, python3, qemu, roundcubemail, and seamonkey), and Ubuntu (linux-aws-5.4 and linux-ibm).

• CISA releases RedEye open-source analytic tool - Help Net Security

  CISA has released RedEye, an interactive open-source analytic tool to visualize and report Red Team command and control activities.

• Microsoft’s out-of-date driver list left Windows PCs open to malware attacks for years

  This gap in coverage left users vulnerable to a certain type of attack called BYOVD, or bring your own vulnerable driver. Drivers are the files your computer’s operating system uses to communicate with external devices and hardware, such as a printer, graphics card, or webcam. Since drivers can access the core of a device’s operating system, or kernel, Microsoft requires that all drivers are digitally signed, proving that they are safe to use. But if an existing, digitally-signed driver has a security hole, hackers can exploit this and gain direct access to Windows.

  We’ve already seen several of these attacks carried out in the wild. In August, hackers installed BlackByte ransomware on a vulnerable driver used for the overclocking utility MSI AfterBurner. Another recent incident involved cybercriminals exploiting a vulnerability in the anti-cheat driver for the game Genshin Impact. North Korean hacking group Lazarus waged a BYOVD attack on an aerospace employee in the Netherlands and a political journalist in Belgium in 2021, but security firm ESET only brought it to light late last month.

• Microsoft accused of using tax havens, subsidiaries to minimise tax

  Microsoft has been accused of using a huge network of tax havens and subsidiaries to minimise the quantum of tax it pays in Australia, a report from a tax transparency group claims.

  The Centre for International Corporate Tax Accountability and Research said in a 36-page report that while Microsoft reported an operating profit of more than 30% to shareholders, the financial reports from its subsidiaries in the UK, Australia and New Zealand among other countries listed profit as being between 3% and 5%.

  The report, which needs to be read in its entirety to understand the scale of these tax-minimisation operations, pointed out that Microsoft's Irish subsidiaries took in profits from around the world and paid nothing in corporate taxes.

  "The Irish subsidiary Microsoft Round Island One has previously made headlines for its US$315 billion (A$506.4 billion) annual profit – nearly equivalent to three-quarters of Ireland’s GDP – and a corporate tax bill of zero dollars, thanks, in part, to its tax residency in Bermuda," the report claimed.