Plus, the DoJ seizes $500K from North Korean hackers, and a UK convenience store takes heat for using facial rec tech.

Five tech media companies – Google, Meta, TikTok, Amazon, and Twitter – have agreed to sign up for the Aotearoa New Zealand Code of Practice for Online Safety and Harms, a voluntary move in which all five pledge to self-regulate their platforms to actively reduce harmful content in New Zealand. The code focuses on seven themes that lead to harmful content including cyberbullying, incitement of violence, misinformation, and the sexual exploitation of minors. Signatories of the code pledge their best efforts to empower users with more control to make informed decisions, to enhance transparency of their policies, and to support independent research. Critics of the new code say it is nothing more than “window dressing” and that it allows tech giants to avoid actual legal regulation. For more on this story, see ZDNet. 

US DoJ seizes $500,000 from North Korean hackers

Earlier this month, Deputy US Attorney General Lisa Monaco said that the Department of Justice had reclaimed approximately half a million dollars from North Korean government-backed hackers. Monaco said the money had initially been either extorted from healthcare organizations or used to launder ransom payments, and the DoJ has already started the process of returning the funds to the victims. She also urged US companies to report ransomware attacks to the FBI immediately, as many victims tend to try to deal with the problem themselves. Investigating one attack on a Kansas medical organization last year led the FBI to identify a new type of ransomware, as well as seize ransom payments back. See CNN for more on this story.

UK convenience store chain under fire for facial rec tech

Non-profit civil liberties group Big Brother Watch has complained to the Information Commissioner’s Office (ICO) about the facial recognition cameras being used at some Southern Co-op convenience stores. Thirty-five of the chain’s 200 stores currently have the biometric scans in place, which Big Brother Watch complains breaches data protection and privacy. The group argues that the system is “Orwellian to the extreme.” Southern Co-op says the “Facewatch” system helps protect its staff from people who have stolen from the store before or who have acted violently in one of the shops. Big Brother Watch counters that people may end up on a watch-list without knowing. See BBC News for more. 

LockBit 3.0 claims to have stolen 100GB from Italian tax agency

Earlier this week, ransomware group LockBit 3.0 posted a notice on its website claiming it had stolen 100GB of company documents, scans, financial reports, and contracts from l’Agenzia delle Entrate, Italy’s tax agency. The agency then reported on its own website that it was working with SOGEI SPA, a publicly owned IT company, to investigate. It later appended the notice to say that an initial analysis found no indication of a cyberattack. LockBit 3.0 does have a history of making grand claims that turn out to be bogus, but Italian authorities continue to investigate the issue. For more, see Cyberscoop. 

Lighting Framework malware targets Linux systems

Last week, researchers reported on a previously undocumented malicious framework dubbed Lighting Framework, which was designed specifically to compromise Linux systems. It is a post-exploit, modular malware that has the ability to install multiple types of rootkits and activate plugins. Attackers can run at least seven modules that allow various hacking activities such as command and control center communication, secure shell opening, and polymorphic malleable commands. However, as of yet, there are no known instances of Lightning Framework being used in the wild. To learn more, see Ars Technica. 

This week’s must-read on the Avast blog 

Studies show a clear link between time spent online and negative mental health outcomes. Here are seven signs that it’s time to put down your phone.