Social Media IO Roundup

Daily Drop (345)

Bob Bragg — Fri, 16 Dec 2022 11:13:49 GMT

Friday, December 16, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

Ukrainian Organizations Hit with New Supply Chain Attack

FROM THE MEDIA: Software supply chain attacks are not slowing down, and researchers have uncovered a new example that targeted victims in Ukraine with malicious Windows installer files that were designed to gather and exfiltrate sensitive data from compromised machines. The campaign involved the threat actors hosting the malicious files on torrent sites hosted in Russia and Ukraine. The files were disguised as legitimate installers for Windows 10 and researchers at Mandiant discovered the operation and attributed it to a new, unknown group it tracks as UNC4166. Though the actors are not known, Mandiant said some of the victim organizations overlapped with ones that APT28 has targeted previously with destructive malware attacks. APT28, also known as Fancy Bear, is associated with Russia’s GRU military intelligence unit.

READ THE STORY: DUO

NSA cyber director warns of Russian digital assaults on global energy sector

FROM THE MEDIA: National Security Agency Cyber Director Rob Joyce said Thursday he remains concerned about significant cyberattacks from Russia, warning that Moscow could unleash digital assaults on the global energy sector in the coming months. “I would not encourage anyone to be complacent or be unconcerned about the threats to the energy sector globally,” Joyce said. “As the [Ukraine] war progresses there’s certainly the opportunities for increasing pressure on Russia at the tactical level, which is going to cause them to reevaluate, try different strategies to extricate themselves.”

READ THE STORY: Cyberscoop

Russian hackers claim to have infiltrated FBI with names and bank details exposed

FROM THE MEDIA: Russian hacker group KillNet has claimed to have infiltrated the FBI in a massive cyber-attack on the US security agency. The pro-Kremlin group has reportedly posted online capturing to have stolen the personal data of more than 10,000 US federal agents. KillNet's attack is as yet unverified but the group claim's the data hacked includes social media passwords and bank details. Screenshots shared by the group of Telegram appear to boast of access to passwords from online stores, medical ID cards, and Google, Apple, and Instagram accounts. All passwords from online stores to the mass acceptance card, Google, and Apple accounts are at our disposal," read a statement attributed to the hackers on Russian Telegram channels.

READ THE STORY: Express (UK)

Spyware and surveillance-for-hire industry ‘growing globally’: report

FROM THE MEDIA: The spyware and surveillance-for-hire industry is “indiscriminately” targeting journalists, activists and political opposition, and growing on a global scale, the social media company Meta warned. In a new report published Thursday, the company said it has “continued to investigate and take actions against spyware vendors around the world, including in China, Russia, Israel, the United States and India, who targeted people in about 200 countries and territories.” Meta was one of the first to publicly challenge the spyware industry back in 2019, when it began legal proceedings against Israeli firm NSO Group for hacking into approximately 1,400 WhatsApp users’ mobile devices.

READ THE STORY: The Record

Ukraine’s Secret Weapon Is Ordinary People Spying on Russian Forces

FROM THE MEDIA: Ukraine—During Russia’s occupation of the southern Ukrainian city of Kherson, a large electronics store served Russian forces as a field hospital, barracks and storehouse for food. One morning last summer, Ukrainian forces struck the store, completely destroying it. It was one of numerous attacks that day on Russian-controlled territory deep inside the Kherson region. Before the blast, a small group of local Ukrainian activists had been sending photographs of the location and coordinates of the Russians over an encrypted Telegram channel to the Ukrainian military. That intelligence helped Ukrainian forces target the site, according to a military official who worked with such groups.

READ THE STORY: WSJ

Russia-Ukraine war reaches dark side of the internet

FROM THE MEDIA: In April, German police, acting on a tip-off from their American colleagues, discovered the servers of the single-largest online bazaar for narcotics and other contraband on the planet. From 2017, Hydra had dominated the illegal drug business in Russia and neighbouring countries. After taking control of the site, German authorities retrieved 23 million euros ($16.7m) in ill-gotten cryptocurrency. But what likely caught the attention of Western law enforcement was not Russian drug dealers, doing business mainly in Russia. Hydra also offered forged documents, hacking, and money laundering services, which could be used nefariously against Western interests or citizens.

READ THE STORY: Alijazeera

Ukrainian govt networks breached via trojanized Windows 10 installers

FROM THE MEDIA: Ukrainian government entities were hacked in targeted attacks after their networks were first compromised via trojanized ISO files posing as legitimate Windows 10 installers. These malicious installers delivered malware capable of collecting data from compromised computers, deploying additional malicious tools, and exfiltrating stolen data to attacker-controlled servers. One of the ISOs pushed in this campaign was hosted on the toloka[.]to Ukrainian torrent tracker by a user created in May 2022.

READ THE STORY: Bleeping Computer // Mandiant

The U.N. is sending Ukrainians aid in crypto. Should it?

FROM THE MEDIA: The United Nations said Thursday it will start aiding people displaced by Russia’s war in Ukraine with cryptocurrency. The organization’s refugee agency, the Office of the U.N. High Commissioner for Refugees (UNHCR), which often sends funds to those displaced from their homes for things like rent, food and heat, will transfer USD Coin (USDC) — a cryptocurrency pegged to the U.S. dollar and considered a stable coin — to uprooted Ukrainians who can ultimately exchange it for cash at MoneyGram locations worldwide. Proponents said it will help displaced people get money quicker and limit loss or theft in transit — but some skeptics say that adding another layer to getting aid at a time when the cryptocurrency market is in upheaval could be problematic and risky.

READ THE STORY: The Washington Post

FBI seizes 48 domains linked to DDoS-for-hire services: six charged in connection

FROM THE MEDIA: On Wednesday, the U.S. Department of Justice (DoJ) announced[1] that they had seized 48 domains that offered DDoS services to other potential cybercriminals. Six suspects have also been charged for their part in operating the “Stresser” or “Booter” platforms, which lowered the threshold for malicious activity and made it easier for anyone to commit these crimes. The FBI has shut down websites that allowed users to illegally pay for DDoS attacks. These types of attacks overload the target computer with information, which then gets “booted” from the internet (hence the name). Stresser platforms use identical functionality of DDoS features, although they are meant for genuine testing of the web service reliability. FBI has determined that these services were fake and were indeed used for malicious purposes instead.

READ THE STORY: 2 Spyware

Google drops TrustCor certificates as questions loom

FROM THE MEDIA: Google Thursday joined Mozilla and Microsoft in dropping TrustCor Systems as a root certificate authority. In Mozilla's dev-security-policy group, a public email discussion about certificate authority (CA) policies and governance, Google announced that "Due to a loss of confidence in its ability to uphold these fundamental principles and to protect and safeguard Chrome's users," the company would no longer support TrustCor certificates beginning with Chrome 111. The beta release of the browser is scheduled for Feb. 9, and the stable release is scheduled for March 7. Google's announcement follows decisions from Mozilla and Microsoft late last month to remove TrustCor from the root stores of their respective browsers.

READ THE STORY: TechTarget

Twitter’s war on bots cuts off users, Indonesia criminalizes online dissent, and US bill could block TikTok

FROM THE MEDIA: Rumors of Ukraine disappearing from Twitter have been popping up online this week. There have been credible reports that phone numbers with a Ukrainian country code are suddenly not recognized on the platform, leaving people who use two-factor authentication iced out. Although we could submit to the wicked notion that this is Musk trying to influence the war in Russia’s favor, it may just be a result of Twitter’s “war on bots.” Platformer reported that Twitter recently blocked traffic from 30 mobile carriers around the world, including some from Russia, in a (mostly failed) effort to snuff out spammers that temporarily cut off hundreds of thousands of users.

READ THE STORY: .Coda

Tracking Malicious Glupteba Activity Through the Blockchain

FROM THE MEDIA: Threat actors are increasingly leveraging blockchain technology to launch cyberattacks. By taking advantage of the distributed and decentralized nature of blockchain, malicious actors can exploit its anonymity for a variety of attacks, ranging from malware propagation to ransomware distribution. The Glupteba trojan is an example of a threat actor leveraging blockchain-based technologies to carry out their malicious activity. In this blog, Nozomi Networks Lab presents our latest findings on Glupteba and how security teams can search for malicious activity in the blockchain.

READ THE STORY: Security Boulevard

Chinese MirrorFace APT group targets Japanese political entities

FROM THE MEDIA: ESET researchers recently discovered a spear-phishing campaign targeting Japanese political entities and attributed it to the Chinese-speaking APT group tracked as MirrorFace. The experts tracked the campaign as Operation LiberalFace, it aimed at Japanese political entities, especially the members of a specific political party. The campaign was launched in June 2022, the spear-phishing messages were used to spread the LODEINFO backdoor, an implant used to deliver additional payloads, and exfiltrate the credentials and sensitive data from the victims. The researchers also detailed the use of a previously undescribed credential stealer named by ESET as MirrorStealer.

READ THE STORY: Security Affairs

Australian state hacker preparing “digital tribunal” for Putin’s cyberarmy

FROM THE MEDIA: Speaking with Ekonomichna Pravda, Australian state hacker and CEO of the Internet 2.0 cybersecurity company Robert Potter said that its possible to punish Russian hackers attacking Ukraine on the the Kremlin’s orders. “A digital tribunal is possible. We know the names of the leaders of Russian hacker communities. We are working on legal regulation and documentation of Russian cybercrime crimes. Australia has had positive experience prosecuting hackers in Nigeria and Vietnam. Russia is more difficult – we have no contact point with the Russian government.

READ THE STORY: Euromaidan Press

DPRK likely to focus on building 'three axes' of its weapons system next year: expert

FROM THE MEDIA: North Korea is likely to push forward with the development of its strategic and tactical nuclear weapons as well as reconnaissance satellites next year as Pyongyang seeks to strengthen its nuclear and missile capabilities, according to an expert Friday. "For the goal of the North Korean version of possessing 'two bombs and one satellite,' the North is likely to develop the three axes (of its weapons system) -- intercontinental ballistic missiles (ICBMs), submarine-launched ballistic missiles (SLBMs) and reconnaissance satellites," Hong Min, a researcher at the state-run Korea Institute for National Unification (KINU), said.

READ THE STORY: YNA

Microsoft Expanding 'Airband' Broadband Initiative Across Africa Via Satellite

FROM THE MEDIA: Microsoft aims to get another 10 million people online by linking two kinds of wireless connectivity: one to cover the first 22,000 or so miles, another to bridge the last several miles. The company announced(Opens in a new window) this new partnership with longstanding satellite-broadband operator Viasat Tuesday at the US-Africa Leaders Summit in Washington. This first addition of a satellite service to its Airband connectivity initiative(Opens in a new window) will bring internet access to 5 million people across Africa by 2025, with the other 5 million in Central and North America.

READ THE STORY: PCMAG

NSA warns Citrix devices are under attack from Chinese hackers, so update now

FROM THE MEDIA: The US National Security Agency (NSA) is warning that a hacking collective backed by the Chinese state is exploiting a zero-day security flaw in two common Citrix products to gain access to networks. The critical vulnerability, CVE-2022-27518(opens in new tab), affects the application delivery controller Citrix ADC and remote access tool Citrix Gateway, with both popular in business tech stacks. In an official blog post(opens in new tab), Peter Lefkowitz, chief security and trust officer at Citrix claimed that “limited exploits of this vulnerability have been reported,” but did not elaborate on the number of attacks or the industries involved.

READ THE STORY: TechRadar

Microsoft revised CVE-2022-37958 severity due to its broader scope

FROM THE MEDIA: Microsoft revised the severity rate for the CVE-2022-37958 vulnerability, the IT giant now rated it as “critical” because it discovered that threat actors can exploit the bug to achieve remote code execution. The CVE-2022-37958 was originally classified as an information disclosure vulnerability that impacts the SPNEGO Extended Negotiation (NEGOEX) security mechanism. The SPNEGO Extended Negotiation Security Mechanism (NEGOEX) extends Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) described in [RFC4178].

READ THE STORY: Security Affairs

Why the Twitter Files actually matter

FROM THE MEDIA: Big surprise: The Twitter Files — the reports based on internal Twitter documents and messages that the company’s new owner Elon Musk provided to journalists — have landed as a polarizing salvo in the culture war. Many inclined to distrust what they see as Big Tech’s liberal leanings have cried vindication. The documents show in detail how Twitter made key content moderation decisions that disadvantaged Trump, conservatives, and people who broke with the public health consensus on Covid-19. They say the evidence proves that, again and again, Twitter intervened to squelch speech that the liberal establishment didn’t like.

READ THE STORY: VOX

North Korean Spies Try New Hacking Method

FROM THE MEDIA: Daniel DePetris is a foreign affairs expert based in the United States. He received an email in October from Jenny Town, the director of 38 North, asking him to write about North Korea. But Town did not send the email. The sender was a suspected North Korean spy, cybersecurity researchers said. Instead of infecting DePetris’ computer and stealing important information, the sender appeared to be trying to get his thoughts on North Korean security issues. Cybersecurity researchers told Reuters news agency the email is part of a new campaign by a suspected North Korean hacking group. They said the group is targeting leading experts in foreign countries to better understand Western policy on North Korea.

READ THE STORY: VOA

Use of Tracking Technology- Walking the Regulatory Line (PDF)

FROM THE MEDIA: Across industries, organizations have deployed online tracking technologies, supplied by third-party vendors, on websites and mobile applications, to collect and analyze information about user behavior and enhance the user experience. Many organizations also rely on these technologies to ensure their websites and applications are functioning properly and to provide crash reports when users encounter issues, thereby playing an integral role in reducing downtime and timely addressing other website access and operational issues, as discussed further below. Tech giants such as Google1 and Meta, the parent company of Facebook,2 offer these technology services, which also include cookies, web beacons or tracking pixels, session replay scripts, and fingerprinting scripts, to organizations who may choose to embed them in the code of the organizations’ websites and applications.

READ THE STORY: Ropes & Gray

Automating Threat Intelligence Enrichment

FROM THE MEDIA: Recent events have given us a better idea of what cyber defeat looks like, and it’s not pretty. Whether it’s a data breach that costs an average of $4.24 million, a political leader targeted by hacking or government data being compromised – the stakes are high. Cybersecurity teams need to understand what malicious actors and hacking techniques are headed their way and what to do about them. We are starting to get a much better idea of what a cyber defeat looks like, and it’s not pretty. In response, the cybersecurity field developed threat intelligence, which focuses on identifying threats before they become breaches.

READ THE STORY: Security Boulevard

State-sponsored economic cyber-espionage for commercial purposes on the rise

FROM THE MEDIA: State-sponsored and cyber-enabled theft of intellectual property is on the rise as countries employ all means at their disposal to gain advantages in a global environment increasingly shaped by strategic rivalry and political mistrust. This is a conclusion we reach in our new ASPI report, State-sponsored economic cyber-espionage for commercial purposes: tackling an invisible but persistent risk to prosperity.

READ THE STORY: ASPI

Data breach hits Victoria’s revenue office

FROM THE MEDIA: The State Revenue Office of Victoria, the department responsible for administering the state’s taxation system, has suffered a data breach and a hacker group is offering to sell the data online. The attack follows a spate of data breaches and hacks at major Australian companies in recent months, most prominently telecommunications giant Optus and insurer Medibank. TPG Telecom also revealed this week that someone had broken into email servers to prowl for users’ cryptocurrency information. The SRO confirmed to The Australian Financial Review that it had suffered a “cyber incident involving a third-party provider”, but assured that “no customer data is involved” in the breach.

READ THE STORY: AFR

Ukraine Adapts To Power Cuts, Blunting Russia's Attacks On The 'Energy Front'

FROM THE MEDIA: When fuses blew and the music stopped at a rave party at the techno club Otel on the first weekend in December, shaven-headed men stripped to the waist and quirkily dressed women in sunglasses didn’t miss a beat, dancing on to their own rhythmic chants. As the wall of sound crumbled after each short-circuit of the generator, the crowd shouted “Putin is a d***head” -- a slogan that originated among soccer fans in 2014 and became more widespread following Russia’s invasion in February -- and waited, undaunted, for the power and the pulse to return.

READ THE STORY: Radio Free Europe Radio Liberty

FuboTV says World Cup streaming outage caused by a cyberattack

FROM THE MEDIA: FuboTV has confirmed that a streaming outage preventing subscribers from watching the World Cup Qatar 2022 semifinal match between France and Morocco was caused by a cyberattack. At approximately 2 PM ET, as users were getting ready to watch the World Cup semifinal, FuboTV subscribers found that they could not log in to the streaming service. Instead, they were greeted with a CB_ERR_OPEN error, stating "ff: downstream not available," when attempting to log in. Subscribers could not contact support to report the problem, as it requires a user to first log in to the FuboTV site, which could no longer be done.

READ THE STORY: Bleeping Computer

Charges dropped against French company that sold spyware to Egypt

FROM THE MEDIA: A Paris court yesterday dismissed charges of complicity in torture against a French company and its directors who sold advanced spyware to the Egyptian government. Nexa Technology and four of its executives were accused in 2021 of selling the Cerebro software to Egypt, which enabled the regime of President Abdel Fattah Al-Sisi to spy on political opponents, possibly torturing and forcibly disappearing them. However, the Paris Court of Appeal dropped the charges against Chairman Olivier Bohbot and CEO Stephane Salies among others, but did not order the case to be closed, meaning the investigation will continue.

READ THE STORY: MEMO

Unit 42 highlights threat intelligence importance as Russia, Ukraine ransomware attacks fly under the radar

FROM THE MEDIA: As threat actors continue to become more sophisticated, staying ahead of the curve is a game-changer. Threat intelligence is now more important than ever, because a perfect storm is brewing based on ransomware attacks between Russia and Ukraine, with nation-state actors undertaking significant cyber espionage work undetected, according to Wendi Whitmore (pictured), senior vice president for Unit 42 at Palo Alto Networks Inc. “When it comes to just general espionage techniques, data exfiltration, intellectual property theft, those are going on now more than ever,” she said. “We’re under the landscape of a major war going on between Russia and Ukraine of ransomware attacks. That’s one of the key reasons why having threat intelligence is so important. It’s become even more important now, because these groups switch teams more frequently than NFL trades.”

READ THE STORY: SiliconAngle

Phishing attack uses Facebook posts to evade email security

FROM THE MEDIA: A new phishing campaign uses Facebook posts as part of its attack chain to trick users into giving away their account credentials and personally identifiable information (PII). The emails sent to targets pretend to be a copyright infringement issue on one of the recipient's Facebook posts, warning that their account will be deleted within 48 hours if no appeal is filed. The link to appeal the account deletion is an actual Facebook post on facebook.com, helping threat actors bypass email security solutions and ensure their phishing messages land in the target's inbox. The Facebook post pretends to be "Page Support," using a Facebook logo to appear as if the company manages it.

READ THE STORY: Bleeping Computer

Items of interest

LEGO Fixes Startling BrickLink Exploit That Could Allow Hackers To Hijack Accounts

FROM THE MEDIA: Back in October, a researcher at the cybersecurity firm Salt Security uncovered multiple security vulnerabilities in the LEGO BrickLink website that could have allowed hackers to hijack users’ accounts and arbitrarily read files on the the Amazon cloud server hosting the website. Upon making this discovery, the researcher promptly disclosed the vulnerabilities to the LEGO security team, which confirmed the presence of the vulnerabilities. LEGO then updated the BrickLink website to fix these vulnerabilities in early November, with Salt Labs providing confirmation that the vulnerabilities were no longer exploitable.

READ THE STORY: HotHardWare

Philippe Laulheret - Intro to Hardware Hacking (Video)

FROM THE MEDIA: This talk is an introduction to hardware hacking and as a case study I’ll use the [REDACTED] Deskphone, a device frequently deployed in corporate environments. I’ll use it to introduce the tools and methodology needed to answer these questions.

Samy Kamkar's Crash Course in How to Be a Hardware Hacker (Video)

FROM THE MEDIA: Samy Kamkar is well known for many things, but lately it has been his hardware security hacks that have been turning heads. The nice thing to know is that, despite not having a background in hardware, Samy is able to run with the best of hardware researchers. At the Hackaday SuperConference he offered words of advice for anyone trying to walk the path of discovery with an exciting new piece of electronics. One might say it's a crash-course in how to be a hardware hacker.

These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com

Daily Drop (334)

Bob Bragg — Thu, 15 Dec 2022 10:53:17 GMT

Thursday, December 15, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

The Fevered Anti-China Attitude in Washington Is Going to Backfire

FROM THE MEDIA: With little fanfare or public debate, America has embarked on one of its most difficult and dangerous international challenges since the Cold War. The task: reversing decades of economic and technological integration with its chief rival, China. This technological decoupling, if done selectively, will help to preserve America’s military edge, protect key U.S. industries from unfair competition, and push back on Beijing’s human rights abuses. But if decoupling goes too far, it will drag down the U.S. economy, drive away allies, stymie efforts to address global crises like climate change, and increase the odds of a catastrophic war.

READ THE STORY: Politico

How ChatGPT can turn anyone into a ransomware and malware threat actor

FROM THE MEDIA: Ever since OpenAI launched ChatGPT at the end of November, commentators on all sides have been concerned about the impact AI-driven content-creation will have, particularly in the realm of cybersecurity. In fact, many researchers are concerned that generative AI solutions will democratize cybercrime. With ChatGPT, any user can enter a query and generate malicious code and convincing phishing emails without any technical expertise or coding knowledge.

READ THE STORY: VB

North Korean Hackers Push Crypto App on Telegram to Lure Victims

FROM THE MEDIA: Sometimes cryptocurrency apps promise to help users get rich. Sometimes they’re actually just tools for North Korean hackers. Take Somora, for instance. It’s an app that promises to give users a way to safely store their cryptocurrency. In fact, the software is loaded with North Korean malware, researchers from three threat intelligence firms told me. The nefarious goal is to trick users into downloading the app onto their phones to give hackers access to their virtual currency.

READ THE STORY: Bloomberg

Iran-linked Charming Kitten espionage gang bares claws to pollies, power orgs

FROM THE MEDIA: An Iranian cyber espionage gang with ties to the Islamic Revolutionary Guard Corps has learned new methods and phishing techniques, and aimed them at a wider set of targets – including politicians, government officials, critical infrastructure and medical researchers – according to email security vendor Proofpoint. Over the past two years, the threat actor group that Proofpoint's researchers track as TA453 (other intel teams call this state-backed gang Charming Kitten, Phosphorus, and APT42) has branched out from its usual victims – academics, researchers, diplomats, dissidents, journalists and human rights workers – and adopted new means of attack.n operators can freely share disinformation due to the lack of content moderation.

READ THE STORY: The Register // TechRepublic

Cyber-espionage group Cloud Atlas targets Russia and its supporters

FROM THE MEDIA: The cyber-espionage group Cloud Atlas has ramped up activities targeting Russia, Belarus and disputed parts of Ukraine and Moldova since Russia’s invasion this year, according to a new report. he group has been active since 2014, according to research published by Check Point last week, but since the outbreak of the war in Ukraine it has mainly attacked “high profile victims” in Russia, Belarus, Transnistria (a pro-Kremlin breakaway region of Moldova), and Russian-annexed territories of Ukraine, including Crimea, Luhansk, and Donetsk. The goals of the group are espionage and theft of confidential information, according to researchers from Positive Technologies. It is not yet clear who is behind the group.

READ THE STORY: The Record

Automated Cybercampaign Creates Masses of Bogus Software Building Blocks

FROM THE MEDIA: An automated attack within the NuGet open source ecosystem for .NET developers has resulted in a flood of malicious packages containing links to phishing campaigns. That's according to a joint report on Wednesday from Checkmarx and Illustria, which, upon digging deeper, found that automated attacks are taking aim on a broad level, against users of the npm, NuGet, and PyPI software developer ecosystems. The attack vector in the NuGet ecosystem involves the use of automated processes to create a large number of packages with names and descriptions designed to lure those interested in hacking, cheats, and free resources. These contain links to phishing campaigns built to steal personal information or other sensitive data.

READ THE STORY: DARKReading

Attackers use SVG files to smuggle QBot malware onto Windows systems

FROM THE MEDIA: QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows. This attack is made through embedded SVG files containing JavaScript that reassemble a Base64 encoded QBot malware installer that is automatically downloaded through the target's browser. QBot is a Windows malware arriving via a phishing email that loads other payloads, including Cobalt Strike, Brute Ratel, and ransomware. HTML smuggling is a technique used to "smuggle" encoded JavaScript payloads inside an HTML attachment or a website.

READ THE STORY: Bleeping Computer // Security Affairs

Musk's Twitter tweaks foreshadow EU showdown over new rules

FROM THE MEDIA: Self-proclaimed free speech warrior Elon Musk’s more unfettered version of Twitter could collide with new rules in Europe, where officials warn that the social media company will have to comply with some of the world’s toughest laws targeting toxic content. While the new digital rulebook means the European Union is likely to be a global leader in cracking down on Musk’s reimagined platform, the 27-nation bloc will face its own challenges forcing Twitter and other online companies to comply. The law doesn’t fully take effect until 2024, and EU officials are scrambling to recruit enough workers to hold Big Tech to account.

READ THE STORY: Chron

Hackers target Japanese politicians with new MirrorStealer malware

FROM THE MEDIA: A hacking group tracked as MirrorFace has been targeting Japanese politicians for weeks before the House of Councilors election in July 2022, using a previously undocumented credentials stealer named ‘MirrorStealer.’ The campaign was discovered by ESET, whose analysts report they could piece together evidence thanks to operational mistakes made by the hackers that left traces behind. The hackers deployed the new information-stealing malware along with the group’s signature backdoor, LODEINFO, which communicated with a C2 server known to belong to APT10 infrastructure.

READ THE STORY: Bleeping Computer

National Grid harnesses satellite tech to boost resilience of energy networks

FROM THE MEDIA: National Grid is using innovative satellite technology to boost the resilience of the energy network against climate change, improve its reliability and make millions in cost savings. The Eye in the Sky initiative is being led by National Grid alongside partners European Space Agency, Cranfield University, satellite data specialist Spottitt and expert in risk management and quality assurance DNV, and it is being funded by Ofgem and Innovate UK’s Strategic Innovation Fund. It is exploring how satellite imagery and data analytics could improve the visibility of electricity and gas network infrastructure in Britain, providing additional monitoring of the condition and the changes to the surrounding environment 24 hours a day.

READ THE STORY: New Civil Engineer

U.S. space internet companies fear competitive threat from China

FROM THE MEDIA: In the global race to deploy broadband constellations in low Earth orbit, the United States holds a major advantage. However, the U.S. government should “enact policies and incentives to keep U.S. companies competitive internationally” especially against China, says a new report released Dec. 14 by the Center for Strategic and International Studies. The study, funded by satellite broadband firms Amazon Kuiper and SpaceX, argues that economic and regulatory issues are creating competitive pressures for U.S. industry.

READ THE STORY: SN

North Korean Hackers Exploit Social Media to Fund Missile Program

FROM THE MEDIA: Pyongyang has been launching missiles with unprecedented frequency. Crypto asset theft by North Korean hackers is reportedly one of the sources funding their missile development. The North Korean hacker group Lazarus has a worldwide reach. Its cyberattacks against crypto asset providers this year alone have caused an estimated tens of billions of yen worth of damage. Although countries have strengthened countermeasures and sanctions in response, the damage continues to spread. The regime's methods and money laundering schemes are getting increasingly sophisticated.

READ THE STORY: Japan Forward

Advanced Azov data wiper likely to become active threat

FROM THE MEDIA: An emergent data wiper ransomware known as Azov – which first came to attention as a payload delivered by the SmokeLoader botnet – is becoming increasingly widespread and seems to be on its way to being an active and dangerous threat, according to researchers at Check Point. Azov is distinct from more common or garden forms of ransomware because it is capable of modifying certain 64-bit executables to run its own code, explained Check Point researcher Jiří Vinopal, who said this feature harked back to a more old-fashioned kind of malware.

READ THE STORY: Computer Weekly

The NDAA Includes Prohibitions Targeting Semiconductors Similar to Section 889

FROM THE MEDIA: Congress is advancing the final version of the National Defense Authorization Act (NDAA) for Fiscal Year 2023 (FY 2023). With provisions similar to Section 889 of the FY 2019 NDAA, Section 5949 of the FY 2023 NDAA prohibits executive agencies from procuring or contracting with entities to obtain any electronic parts, products, or services that include covered semiconductor products or services from certain Chinese companies. The House passed the FY 2023 NDAA on December 8, 2022, and the Senate is expected to vote this week, which will send the bill to the President for his signature.

READ THE STORY: Wiley

North Korean Hackers Trick Foreign researchers into writing intel

FROM THE MEDIA: Connectivity provides manufacturing plant operations many advantages like increased productivity, faster identification and remediation of quality defects, and better collaboration across functional areas. However, this connectivity is dramatically increasing smart factories’ vulnerabilities and leaving them exposed to cybersecurity threats. In a recent survey by Deloitte and the Manufacturers Alliance for Productivity and Innovation, 48% of respondents identified operational risks, which include cybersecurity, as the greatest danger to smart factory initiatives. Food and beverage processing plants are under particular assault.

READ THE STORY: CyberSecurityConnect

US-China trade war continues to polarise the physical security market

FROM THE MEDIA: “In recent years US-China geopolitical tensions within the physical security industry have escalated,” reports our latest security research. “Tensions between China and the US have seen a series of legislative moves, new sanctions, and tit-for-tat trade barriers erected that have hugely disrupted the flow of both physical security products and key product components critical to ongoing innovation between the two nations, as well as the ability of their respective manufacturers to trade in their respective markets.

READ THE STORY: IFSEC Global

Charges dropped against French company over Egypt spyware

FROM THE MEDIA: A Paris court ordered charges to be dropped Wednesday against a French company and its managers who were accused of complicity in torture after selling sophisticated spyware to the Egyptian government. Nexa Technologies and four executives were charged in 2021 over the sale of the Cerebro software to Egypt enabling President Abdel Fattah al-Sisi's regime to spy on political opponents. The Paris appeals court quashed the charges against chairman Olivier Bohbot and CEO Stephane Salies among others, but did not order the case to be closed, meaning investigating magistrates will continue their enquiries. Lawyers for the International Federation for Human Rights called the decision a "major disappointment" but said the "story was far from being over."

READ THE STORY: TechXplore

China reportedly bars export of homebrew Loongson chips to Russia – and everywhere else

FROM THE MEDIA: China has reportedly banned the export of chips that use the locally-designed Loongson architecture. A story in Russian business publication Коммерсантъ (Kommersant) cites sources at the Ministry of Digital Development as having said Beijing won't let military-grade Loongson kit cross the border to Russia, or any other nation. Beijing's reason is that the chips have defense applications and are therefore too sensitive to be allowed to leave the Middle Kingdom.

READ THE STORY: The Register

NSA says Chinese hackers are exploiting a zero-day bug in popular networking gear

FROM THE MEDIA: The U.S. National Security Agency is warning that Chinese government-backed hackers are exploiting a zero-day vulnerability in two widely used Citrix networking products to gain access to targeted networks. The flaw, tracked as CVE-2022-27518, affects Citrix ADC, an application delivery controller, and Citrix Gateway, a remote access tool, and are both popular in enterprise networks. The critical-rated vulnerability allows an unauthenticated attacker to remotely run malicious code on vulnerable devices — no passwords needed. Citrix also says the flaw is being actively exploited by threat actors.

READ THE STORY: TC

Scanning assets in the cloud: Challenges and improvements to make

FROM THE MEDIA: Keeping tabs on all of an organization's assets can be a challenge. Cloud service adoption, remote work and the occasional BYOD have changed (and expanded) what constitutes an organization's attack surface. But how do we secure the new perimeter? "Without a full, detailed inventory of all your IT assets," said cloud-security firm Qualys in a recent white paper, "your infosec team won't be able to properly protect your organization because the things that pose the highest risk are the ones that you don't know are there.

READ THE STORY: SCMAG

Severe vulnerabilities found in most industrial controllers

FROM THE MEDIA: The convergence of operational technology (OT) and information technology — which is more focused on collecting and transmitting data — in “internet of things” (IoT) devices such as routers and cameras means the threat is rising, Microsoft fears. That’s especially true for the most vital U.S. infrastructures. “While the prevalence of IoT and OT vulnerabilities presents a challenge for all organizations, critical infrastructure is at increased risk,” reads the latest edition of “Cyber Signals,” an ongoing Microsoft series of threat intelligence briefings. “Disabling critical services, not even necessarily destroying them, is a powerful lever.”

READ THE STORY: The Washington Post

CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks

FROM THE MEDIA: CISA added five flaws to its catalog on Tuesday, including ones affecting Veeam, Fortinet, Microsoft and Citrix products. Two security holes affecting Veeam’s Backup & Replication enterprise backup solution have been added to the list. The product is designed for automating workload backups and discovery across cloud, virtual, physical and NAS environments. The vulnerabilities, tracked as CVE-2022-26500 and CVE-2022-26501, have been rated ‘critical’ and they can be exploited by a remote, unauthenticated attacker for arbitrary code execution, which can lead to the hacker taking control of the targeted system.

READ THE STORY: Security Week

A Tool Capable of Tracking Cybercrime Financial Transactions in Bitcoin

FROM THE MEDIA: IMDEA Software researchers Gibran Gómez, Pedro Moreno-Sánchez, and Juan Caballero have created an open-source automated tool to track the financial relationships of malicious entities that abuse Bitcoin technology, tested on 30 malware families. The study "Watch Your Back: Identifying Cybercrime Financial Relationships in Bitcoin through Back-and-Forth Exploration," in which they present their research and the tool, was presented at the prestigious CCS'22 conference (ACM Conference on Computer and Communications Security) last November.

READ THE STORY: Lab Manager

AgentTesla Remains Most Prolific Malware in November, Emotet and Qbot Grow

FROM THE MEDIA: Emotet has returned as one of the most prevalent malware in the wild after a quiet summer. Additionally, the Trojan Qbot made the list for the first time since 2021, and the Raspberry Robin worm has had a notable influx in use. These are some of the key findings from Check Point Research (CPR)’s November 2022's Most Wanted Malware report published yesterday, which also highlighted that AgentTesla remained the most prevalent malware last month.

READ THE STORY: InfoSecMag

NSA shares tips on mitigating 5G network slicing threats

FROM THE MEDIA: The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI), have published a joint report that highlights the most likely risks and potential threats in 5G network slicing implementations. The report also provides mitigation advice and a framework for developing defense and prevention strategies implemented by 5G network operators, integrators, and providers.

READ THE STORY: Bleeping Computer

New GoTrim botnet brute forces WordPress site admin accounts

FROM THE MEDIA: A new Go-based botnet malware named 'GoTrim' is scanning the web for self-hosted WordPress websites and attempting to brute force the administrator's password and take control of the site. This compromise may lead to malware deployment, injection of credit card stealing scripts, hosting of phishing pages, and other attack scenarios, potentially impacting millions depending on the popularity of the breached sites. The botnet is notorious in the cybercrime underground, but Fortinet became the first cybersecurity firm to analyze it, reporting that while the malware is still a work in progress, it already has potent capabilities.

READ THE STORY: Bleeping Computer

Items of interest

Ransomware Attackers Use Microsoft-Signed Drivers to Gain Access to Systems

FROM THE MEDIA: Microsoft on Tuesday disclosed it took steps to implement blocking protections and suspend accounts that were used to publish malicious drivers that were certified by its Windows Hardware Developer Program. The tech giant said its investigation revealed the activity was restricted to a number of developer program accounts and that no further compromise was detected. Cryptographically signing malware is concerning not least because it not only undermines a key security mechanism but also allows threat actors to subvert traditional detection methods and infiltrate target networks to perform highly privileged operations.

READ THE STORY: THN

Assembly Language Programming with ARM – Full Tutorial for Beginners (Video)

FROM THE MEDIA: ARM is becoming an increasingly popular language in the world of computer programming. It is estimated that over 200 billion devices contain an ARM chip, making the ARM language valuable to understand.

Intro to Hardware Reversing: Finding a UART and getting a shell (Video)

FROM THE MEDIA: This video is part of the Figurable project, which is geared toward people who are curious about IoT security and looking for that first bite of the apple.

Daily Drop (343)

Bob Bragg — Wed, 14 Dec 2022 11:14:25 GMT

Wednesday, December 14, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

Putin to choose cyber warfare before nuclear weapons, former NSA chief says

FROM THE MEDIA: Retired Gen. Keith Alexander, the former National Security Agency director and head of U.S. Cyber Command, said on Tuesday that Russian President Vladimir Putin is likely to continue using cyberattacks against Ukraine before using nuclear weapons. Alexander explained that although Russia hasn’t done significant damage so far on the cyber front, Putin is not prepared to use nuclear weapons against Ukraine, as he knows doing so could pull the U.S. and other NATO countries into the war.

READ THE STORY: The Hill

How The Anonymous Hacker Group Wages Cyber Warfare

FROM THE MEDIA: While some people choose to protest through marches or sit-ins, a select group of computer hackers use their talents to wage cyberattacks as part of the collective known as Anonymous. The origins of this group are murky, but they’ve made a name for themselves over the years by targeting high-profile institutions, including the Church of Scientology, the CIA and the Russian government, as a form of hacktivism. Their usual form of online warfare is a distributed denial of service attack, known as DDoS, when a server is overwhelmed by an increase in traffic, according to Cloudflare.

READ THE STORY: Yahoo Entertainment

Mapping Threat Intelligence to the NIST Compliance Framework

FROM THE MEDIA: It is estimated that compliance drives 50% of the spend in the cybersecurity industry. Recently, some of our customer, defender-side colleagues indicated that threat intelligence was not typically considered within compliance frameworks. The main reason for this was noisy data feeds, a lack of identifiable metrics, and the lack of actionable intelligence related to the customer's pain points. Using the NIST Framework, organizations assess their current security posture, agree to organizational goals, understand their gaps and develop plans to optimize their security posture.

READ THE STORY: SecurityWeek

Russian disinformation rampant on far-right social media platforms

FROM THE MEDIA: A report released Tuesday by the Stanford Internet Observatory and the social media analytics firm Graphika documents how suspected Russian information operators are exploiting a lack of enforcement on alternative social media platforms to target right-wing users with politically divisive disinformation. The new research portrays a freewheeling alternative social media universe on platforms like Gab, Gettr, Parler and Truth Social where Russian information operators can freely share disinformation due to the lack of content moderation.

READ THE STORY: Cyberscoop

Cyber-espionage group Cloud Atlas targets Russia and its supporters

READ THE STORY: The Record

For Congress to confront cybersecurity, reps push to ramp up cyber literacy

FROM THE MEDIA: A bipartisan pair of House lawmakers on Tuesday pushed for support in enhancing literacy when it comes to cybersecurity, expressing urgency on the matter before the U.S. experiences a “doomsday”-like attack. As the expected incoming chair of the House Energy and Commerce Committee, Rep. Cathy McMorris Rodgers (R-Wash.) said the issue would be a top focus in the next Congress when the GOP will have the majority. “We need to do more education, have some hearings around what the growing threat around cyberattacks are,” Rodgers told The Hill’s Contributing Editor Steve Clemons at the Risk to Reliance event held at the Bipartisan Policy Center.

READ THE STORY: The Hill

Fleet and Freight Cyber Considerations for Protecting America’s Roads

FROM THE MEDIA: The United States has one of the most extensive vehicle transportation networks in the world, totaling more than 4 million miles of interstate highways, city freeways and rural roads. It makes sense, given the size of the country and the cost-effectiveness of ground-based systems in getting people and products from point A to point B as efficiently as possible. But it also comes with potential challenges. According to the National Highway Traffic Safety Administration, there were 42,915 motor vehicle–related fatalities in 2021, the largest number since 2005. While education about safe driving techniques and additional traffic enforcement can temporarily reduce the risk of crashes and fatalities, human nature inevitably leads drivers to make occasional rash decisions — choices that could cost their lives, those of their passengers and other drivers.

READ THE STORY: StateTech

TPG Telecom joins list of hacked Australian companies, shares slide

FROM THE MEDIA: Internet services provider TPG Telecom Ltd became the latest Australian company to fall victim to a high-profile cyberattack, announcing on Wednesday that the emails of up to 15,000 of its corporate customers had been accessed. Its shares fell on the news, closing down 2.8%. At least eight other Australian companies have gone public about hacks since October, prompting public outrage and the government to say last week it is developing a new cybersecurity strategy to tackle threats. It is also considering banning the payment of ransom to cyber criminals.

READ THE STORY: Yahoo Finance

I SPY WITH MY LITTLE EYE: Spies release Christmas card puzzle to find future codebreakers among UK schoolkids

FROM THE MEDIA: Spies at the government’s listening post have released their annual Christmas card puzzle – and it is aimed at teams of school kids to help find the next Alan Turing. Turing cracked the Nazi’s Enigma which helped win World War Two and is considered the father of modern computing. A series of “fiendish” Christmas conundrums cover languages, engineering, codebreaking, analysis, maths, coding and cyber security – all key skills for GCHQ spooks. They are included on spy chief Jeremy Fleming’s official Christmas card which is sent to partners and allied intelligence services around the world.

READ THE STORY: The U.S. Sun

It’s complicated:
psychology and national
security decisions

FROM THE MEDIA: The claim that Australia’s current national security environment has few precedents has almost become a cliché. Home Affairs Minister Clare O’Neil most recently asserted that “Australia faces the most dangerous set of strategic circumstances since the Second World War” and that “there would be few five-year periods in which Australia’s national security picture has changed so much”. But what really distinguishes Australia’s current predicament from earlier eras? It’s not necessarily danger: the Cold War, which dominated Australian national security for decades, was more dangerous than many now remember. It turned hot in Australia’s region more than once. Australia has been at war many times since 1945.

READ THE STORY: The Interpreter

Iranian influence and threats growing in the UK, says security minister

FROM THE MEDIA: Britain is facing growing interference, threats and influence from state actors including Iran, security minister Tom Tugendhat has warned. Since 10 Iranian plots were revealed in November more incidents have come to light. Foreign meddling of this nature, he said, poses monumental challenges to freedom of speech in the UK and residents' way of life. Speaking at London-based think tank Policy Exchange on Tuesday, he said that “acute threats” to national security require an immediate response. “But it is the strategic threats to our democracy because the actors are part of a systemic campaign over a long period of time to degrade our sovereignty that concern me most,” he added.

READ THE STORY: The National News

North Korea wants dollars. It’s a sign of trouble

FROM THE MEDIA: When Kim Jong Un, the leader of North Korea, ascended to power more than a decade ago, he repeated two promises that his family has made since founding the country in 1948: to strengthen the military and to improve the economy. On the military front, Kim, 38, has delivered more than his father and grandfather who ruled before him, accelerating the country’s nuclear and missile programs. On the economic front, he has struggled, an already isolated country made more so by years of international sanctions over his nuclear program and border closures since the pandemic.

READ THE STORY: DH

US, South Korea, Japan Seek to Curb North Korea’s Illicit Cyber Activities

FROM THE MEDIA: Senior diplomats from the United States, South Korea, and Japan agreed Tuesday to boost efforts to curb North Korea’s illicit cyber activities and other methods to finance its nuclear program and evade international sanctions. Meeting in Indonesia’s capital, the three envoys in charge of North Korea’s nuclear program also agreed to strengthen their trilateral security cooperation in the face of North Korea’s advancing nuclear and missile arsenals. In his opening remarks, Sung Kim, the U.S. envoy who also serves as Washington’s ambassador in Jakarta, said that North Korea’s provocative run of missile tests this year has proven yet again that the North “presents one of the most serious security challenges in the region and beyond.”

READ THE STORY: The Diplomat

Continued Exploitation and Evolution of ProxyShell Vulnerabilities

FROM THE MEDIA: In August 2021, threat actors started to exploit ProxyShell vulnerabilities in certain Microsoft Exchange Server versions. Today, not only is Kroll seeing actors continue to leverage ProxyShell in larger network intrusions but also now organizations must also be on guard for the so-called ProxyNotShell vulnerabilities, which surfaced in September 2022. ProxyShell, collectively known as CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207, allows remote code execution (RCE) without authentication on vulnerable deployments.

READ THE STORY: KROLL

Gulf leaders find new partner in China, challenging US dominance

FROM THE MEDIA: The United States is no longer the sole superpower active in the Arab Gulf. This was the message from a weekend summit in Saudi Arabia between Chinese President Xi Jinping and Arab leaders. Participants called it a “milestone,” cementing political ties and paving the way for a larger Chinese role in Arab economies and security. The Arab embrace of a more assertive China is a response both to criticism from U.S. President Biden’s administration and to Washington’s strategic pivot away from the Middle East toward Asia and Europe. More than that, what some observers are calling an “Arab-China renaissance” represents a bid by Gulf leaders for something they say the United States is failing to provide: a reliable partnership that won’t waver with the political winds.

READ THE STORY: CSM

Food and Beverage Manufacturers Face Mounting Cybersecurity Attacks

READ THE STORY: Food Engineering

Australia vies with China for Pacific influence, signs new security deal

FROM THE MEDIA: Australia has signed a new security deal with Oceania island country Vanuatu as part of an ongoing competition with China for influence in the Pacific. The new security pact covers humanitarian assistance, disaster relief, law enforcement, cyber security, defense, border security and maritime safety. The full text of the agreement has yet to be released. "We all have a responsibility to ensure our sovereign decisions enhance the security of all members of the Pacific and we're deeply proud to be the Vanuatu principal security partner of choice," Australian Foreign Minister Penny Wong told reporters Tuesday in the capital of Port Vila.

READ THE STORY: NPR

China Startup Hopes Methane-Powered Rocket Will Beat SpaceX to Orbit

FROM THE MEDIA: A Chinese startup seeking to be the country’s answer to SpaceX is preparing a satellite launch that could beat Elon Musk’s company and other rivals by relying on the next generation of rocket fuel. LandSpace Technology Corp. expects to launch an uncrewed rocket that burns a combination of liquid methane and liquid oxygen to put its payload into orbit on Wednesday, according to a person familiar with the matter. SpaceX and others have been developing rockets that can use methane-based fuel, thanks to its potential to be cleaner and safer than solid propellants, liquid hydrogen and other fuels currently used.

READ THE STORY: Bloomberg

Space Startup Wants to Build a Manufacturing Platform in Low Earth Orbit

FROM THE MEDIA: ThinkOrbital has big plans for low Earth orbit, designing an orbital platform that could be used to manufacture products in space, as well as remove and recycle space debris. The spherical structure, which was named the ThinkPlatform, would be a free-flying, non-pressurized platform that would either operate as part of a larger commercial station or it could dock with a spacecraft like SpaceX’s Starship, Lee Rosen, ThinkOrbital’s co-founder, president and chief strategy officer, told SpaceNews in an interview published Monday. Last year, NASA rejected ThinkOrbital’s commercial space station concept. Instead, the space agency awarded $415.6 million for space station proposals from Blue Origin, Nanoracks and Northrop Grumman. But the Colorado-based company is still vying for a spot in low Earth orbit, and Rosen believes that ThinkOrbital’s new concept is more viable.

READ THE STORY: Gizmodo

SpaceX supports expanding use of 12.7-13.25 GHz band for mobile broadband: FCC filing

FROM THE MEDIA: SpaceX added its support for expanding the use of the 12.7-13.25 GHz Band for mobile broadband in a new filing with the Federal Communications Commission (FCC) on Tuesday. The company noted that although it was already licensed to use the band for uplink operations, it submitted its comment in support of the Notice of Inquiry that the FCC will consider other productive uses of in the U.S. “SpaceX’s support of this NOI is consistent with its general encouragement of sharing spectrum—when technically feasible—to enable competition and ensure all spectrum is put to its highest and best use. In fact, SpaceX shares all of the spectrum it is licensed to use, both with competing next-generation satellite systems and with other technologies and Federal users.

READ THE STORY: TESLARATI

Apple security update fixes new iOS zero-day used to hack iPhones

FROM THE MEDIA: In security updates released today, Apple has fixed the tenth zero-day vulnerability since the start of the year, with this latest one actively used in attacks against iPhones. The vulnerability was disclosed in security bulletins released today for iOS/iPadOS 15.7.2, Safari 16.2, tvOS 16.2, and macOS Ventura 13.1, with Apple warning that the flaw "may have been actively exploited" against previous versions. The bug (CVE-2022-42856) is a type confusion issue in Apple's Webkit web browser browsing engine. The flaw was discovered by Clément Lecigne of Google's Threat Analysis Group, allowing maliciously crafted web content to perform arbitrary code execution on a vulnerable device.

READ THE STORY: Bleeping Computer

Malware campaign targets official Python and JavaScript repos

FROM THE MEDIA: An active malware campaign is targeting official Python and JavaScript repositories. Software supply chain security firm Phylum spotted the campaign. Phylum said that it discovered the campaign after noticing a flurry of activity around typosquats of the popular Python requests package. Typosquats take advantage of simple typos to install malicious packages. In this case, the PyPI typos include: dequests, fequests, gequests, rdquests, reauests, reduests, reeuests, reqhests, reqkests, requesfs, requesta, requeste, requestw, requfsts, resuests, rewuests, rfquests, rrquests, rwquests, telnservrr, and tequests.

READ THE STORY: Developer-Tech

Ransomware Gang Abused Microsoft Certificates to Sign Malware

FROM THE MEDIA: LESS THAN TWO weeks ago, the United States Cybersecurity & Infrastructure Security Agency and FBI released a joint advisory about the threat of ransomware attacks from a gang that calls itself “Cuba.” The group, which researchers believe is, in fact, based in Russia, has been on a rampage over the past year targeting an increasing number of businesses and other institutions in the US and abroad. New research released today indicates that Cuba has been using pieces of malware in its attacks that were certified, or given a seal of approval, by Microsoft. Cuba used these cryptographically signed “drivers” after compromising a target's systems as part of efforts to disable security scanning tools and change settings.

READ THE STORY: Wired

Lockbit ransomware gang hacked California Department of Finance

FROM THE MEDIA: On December 12, the California Department of Finance confirmed the security incident with a statement. “The California Cybersecurity Integration Center (Cal-CSIC) is actively responding to a cybersecurity incident involving the California Department of Finance.” reads the statement. “The intrusion was proactively identified through coordination with state and federal security partners. Upon identification of this threat, digital security and online threat-hunting experts were rapidly deployed to assess the extent of the intrusion and to evaluate, contain and mitigate future vulnerabilities. The response effort includes multiple public and private agencies including the partners who make up the Cal-CSIC: the Governor’s Office of Emergency Services, Department of Technology, California Military Department and California Highway Patrol.”

READ THE STORY: Security Affairs

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

FROM THE MEDIA: InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself.

READ THE STORY: KrebsonSecurity

New GoTrim botnet brute forces WordPress site admin accounts

READ THE STORY: Bleeping Computer

Chinese hackers innovate to get round proliferating cybersecurity laws and monetize their activities

FROM THE MEDIA: Where cybercrime is concerned, it seems the Chinese government’s blunderbuss approach to state and cybersecurity means that it sometimes shoots itself in the foot as it introduces more and more restrictive legislation to further enhance its control over its already heavily surveilled population. A detailed and very informative report from Insikt Group, the threat research division of Recorded Future, a private cybersecurity company based in Somerville, Massachusetts in the US that specializes in the collection, processing, analysis, and dissemination of threat intelligence, shows that part of the reaction to the layering of new restrictions on already deeply repressive legal foundations has resulted in Chinese cybercriminals resorting to imaginative, innovative ways to monetize their activities.

READ THE STORY: Telecom TV

Apple fixes ‘actively exploited’ zero-day security vulnerability affecting most iPhones

FROM THE MEDIA: Apple has confirmed that an iPhone software update it released two weeks ago fixed a zero-day security vulnerability that it now says was actively exploited. The update, iOS 16.1.2, landed on November 30 and rolled out to all supported iPhones — including iPhone 8 and later — with unspecified “important security updates.” In a disclosure to its security updates page on Tuesday, Apple said the update fixed a flaw in WebKit, the browser engine that powers Safari and other apps, which if exploited could allow malicious code to run on the person’s device. The bug is called a zero-day because the vendor is given zero day’s notice to fix the vulnerability.

READ THE STORY: TC

Items of interest

Hackers Planted Files to Frame an Indian Priest Who Died in Custody

FROM THE MEDIA: THE CASE OF the Bhima Koregaon 16, in which hackers planted fake evidence on the computers of two Indian human rights activists that led to their arrest along with more than a dozen colleagues, has already become notorious worldwide. Now the tragedy and injustice of that case is coming further into focus: A forensics firm has found signs that the same hackers also planted evidence on the hard drive of another high-profile defendant in the case who later died in jail—as well as fresh clues that the hackers who fabricated that evidence were collaborating with the Pune City Police investigating him.

READ THE STORY: Wired

Chinese MSS 2014 Cyber Espionage on Japanese Monju Nuclear Power Plant (Video)

FROM THE MEDIA: In January 2014 a cyber espionage operation took place at the Monju Nuclear Power Plant of Japan. Later on, experts attributed it to China's Ministry of State Security (MSS). The operation used a software supply-chain attack targeting the GOM Player of South Korea to infiltrate the power plant.

The Invisible World War: Why Cyber Warfare Is Everywhere (Video)

FROM THE MEDIA: Cyberwarfare is a new form of war in the era of technology that is used by governments like the United States, China, and Russia to compromise security and hack infrastructure.

Daily Drop (342)

Bob Bragg — Tue, 13 Dec 2022 11:24:19 GMT

Tuesday, December 13, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

The Great GPT Leap is Disruption in Plain Sight

FROM THE MEDIA: During my opening remarks for OODAcon this year, I noted several moments where the advancement of technology has taken me by surprise including the DARPA cyber grand challenge finale at Def Con and the images I was able to create with GPT. During our happy hour, former Congressman Will Hurd, who sits on the board of OpenAI, remarked that upcoming releases would represent a new opportunity for technology surprise. Bob Gourley wrote about this inflection point last week as well. Over the weekend, the newly upgraded and released ChatGPT felt like one of those moments. We will continue to evaluate these technologies and put them into context for our OODA Network, but here are a few fun experiments I conducted over the weekend that provide some insight into why this technology is so disruptive.

Thanks for reading Bob’s Newsletter! Subscribe for free to receive new posts and support my work.

READ THE STORY: OODALOOP

Did a Robot write this? we need watermarks to spot AI

FROM THE MEDIA: A talented scribe with stunning creative abilities is having a sensational debut. ChatGPT, a text-generation system from San Francisco-based OpenAI, has been writing essays, screenplays and limericks after its recent release to the public, usually in seconds and often to a high standard. Even its jokes can be funny. Many scientists in the field of artificial intelligence have marveled at how humanlike it sounds. And remarkably, it will soon get better. OpenAI is widely expected to release its next iteration known as GPT-4 in the coming months, and early testers say it is better than anything that came before. But all these improvements come with a price. The better the AI gets, the harder it will be to distinguish between human and machine-made text. OpenAI needs to prioritize its efforts to label the work of machines or we could soon be overwhelmed with a confusing mishmash of real and fake information online.

READ THE STORY: Money Control

Novel Janicab malware variant sets sights on legal, financial entities

FROM THE MEDIA: Hack-for-hire threat group Evilnum, also known as DeathStalker, has been deploying an updated variant of the Janicab malware in its attacks against travel agencies, financial investment organizations, and legal firms in Georgia, Egypt, Saudi Arabia, the United Arab Emirates, and the U.K., in an effort to exfiltrate corporate information, reports The Hacker News. YouTube and other public services are being used by the new Janicab malware variant to serve as dead drop resolvers, a report from Kaspersky revealed. "Since the threat actor uses unlisted old YouTube links, the likelihood of finding the relevant links on YouTube is almost zero. This also effectively allows the threat actor to reuse C2 infrastructure," said researchers.

READ THE STORY: SCMAG

New MuddyWater spear-phishing campaign hits several Asian countries

FROM THE MEDIA: Israel, Iraq, Egypt, Armenia, Qatar, Oman, Jordan, Azerbaijan, Tajikistan, and the United Arab Emirates have been targeted by Iran state-sponsored threat group MuddyWater, also known as TEMP.Zagros, Boggy Serpens, Mercury, Earth Vetala, Cobalt Ulster, Seedworm, and Static Kitten, in its latest spear-phishing attacks, The Hacker News reports. MuddyWater has leveraged Dropbox links or document attachments with a URL redirecting to a ZIP archive file as lures in its campaign, which also involved the use of compromised corporate email accounts, a Deep Instinct report showed. Attackers have also transitioned to Atera Agent after using installers for Remote Utilities and ScreenConnect in their archive files.

READ THE STORY: SCMAG

Play ransomware claims attack on Belgium city of Antwerp

FROM THE MEDIA: The Play ransomware operation has claimed responsibility for a recent cyberattack on the Belgium city of Antwerp. Last week, Digipolis, the IT company responsible for managing Antwerp's IT systems, suffered a ransomware attack that disrupted the city's IT, email, and phone services. Local media reported that many of the city's Windows applications were no longer available, and City council member Alexandra d'Archambeau publicly tweeted that email was not available. The disruption continues with the city warning that almost all services are unavailable or significantly delayed, including job applications, use of libraries, and new agreements with the city.

READ THE STORY: Bleeping Computer

Apple deserves €6 million fine for privacy violations, French data protection adviser says

FROM THE MEDIA: Apple should be fined €6 million ($6.3 million), the chief adviser to the French data protection regulator has recommended, for failing to properly notify users of apps tracking them. The recommendation was made on Monday by Francois Pellegrini, the rapporteur to the CNIL (Commission nationale de l’informatique et des libertés), following a complaint against Apple issued by France Digitale, an industry lobby group. Apple prohibits advertisers from accessing what it calls the Identifier for Advertisers (IDFA) — a unique device identifier which can be used to target ads to each device — without explicit consent from users. However, it did not apply the same standards of prior consent to its own apps and services, according to France Digitale and Pellegrini.

READ THE STORY: The Record

Is the New AI Chatbot the End of the World as We Know It

FROM THE MEDIA: Mathematician, computer scientist and famed code-breaker Alan Turing said that if you had a conversation with a computer and couldn’t distinguish what it said from what a human would say, then the computer must be intelligent and in some sense self-aware. The other day I ran a Turing test on ChatGPT, a chatbot recently released by Open AI. It flunked. But it’s still a student, and it shows promise. ChatGPT, its makers tell us, is still in beta form. Like a million other new users, I’ve been teaching it (tuition-free) so its answers will improve. It’s pretty easy to run a tutorial: once you’ve created an account, you’re invited to ask a question or give a command. Then you watch the reply, popping up on the screen at the speed of a fast and very accurate typist.

READ THE STORY: The Tyee

FBI is Not Thrilled About Apple’s New Encryption Services

FROM THE MEDIA: Apple has planned to significantly expand its end-to-end data encryption services. Apple’s new encryption will close a privacy loophole that previously allowed law enforcement to access a wide-reaching swath of data, including photos and messages, stored in user iCloud accounts. The expanded Apple’s new encryption system, an optional feature called Advanced Data Protection, would keep most data secure that is stored in iCloud, an Apple service used by many of its users to store photos, back up their iPhones, or save specific device data such as Notes and Messages. Apple’s new encryption is deeply concerning and the data would be protected in the event that Apple is hacked, and it also wouldn’t be accessible to law enforcement, even with a warrant.

READ THE STORY: Analytics Insight

Twitter says recently leaked user data are from 2021 breach

FROM THE MEDIA: Twitter confirmed that the recent data leak of millions of profiles resulted from the 2021 data breach that the company disclosed in August 2022. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered for sale the stolen data on the popular hacking forum Breached Forums. The seller claimed that the database was containing data (i.e. emails, phone numbers) of users ranging from celebrities to companies. The seller also shared a sample of data in the form of a csv file.

READ THE STORY: Security Affairs

Huawei strengthens cybersecurity collaboration at an industry conference in Bahrain

FROM THE MEDIA: Co-hosted by the National Cyber Security Centre (NCSC) and held under the patronage of Bahrain Crown Prince HRH Prince Salman bin Hamad Al Khalifa, the Arab International Cybersecurity Conference and Exhibition in Bahrain attracted the highest level of engagement in the region with participation from government, industry, and business verticals, including BFSI, oil & gas, energy, utilities, IT & telecom, manufacturing, education and more. Afke Schaart, Chief Global Impact Officer and Senior Vice President of Global Government Affairs at Huawei, delivered a keynote addressing cybersecurity building, collaboration, and unified standards.

READ THE STORY: Albawaba

New Python malware backdoors VMware ESXi servers for remote access

FROM THE MEDIA: A previously undocumented Python backdoor targeting VMware ESXi servers has been spotted, enabling hackers to execute commands remotely on a compromised system. VMware ESXi is a virtualization platform commonly used in the enterprise to host numerous servers on one device while using CPU and memory resources more effectively. The new backdoor was discovered by Juniper Networks researchers, who found the backdoor on a VMware ESXi server. However, they could not determine how the server was compromised due to limited log retention. They believe the server may have been compromised using the CVE-2019-5544 and CVE-2020-3992 vulnerabilities in ESXi's OpenSLP service.

READ THE STORY: Bleeping Computer

Hackers continue to leak data from Albanian intelligence services

FROM THE MEDIA: The cyber attack took place in July and September 2022 and brought all online government services to a halt causing significant problems for businesses, individuals and state functions. Since then, the hackers have periodically released data from the hack, including communications, wiretaps, and data on the movements of politicians and officials. Following the revelation of the hack by Iran, Albania suspended all diplomatic ties and expelled Iranian diplomats from the country, closing the embassy in the process. Iran’s involvement in the hack was confirmed by Albanian investigators and Microsoft who worked to unveil the perpetrators and hep the state regain security. “In cooperation with specialised digital anti-terrorist partner agencies, it was first discovered that the 15 July cyber attack on Albania was state aggression. The in-depth investigation provided indisputable evidence that the Islamic Republic of Iran sponsored the aggression,” Prime Minister Edi Rama announced in September.

READ THE STORY: EURACTIV

Dallas FBI warns Texas universities about intellectual property theft by Chinese government

FROM THE MEDIA: The FBI in Dallas recently warned about 100 administrators and faculty members at universities across Texas about the threat of intellectual property theft by the Chinese government. The Special Agent in Charge of the Dallas FBI at the time, Matthew DeSarno, said what's being targeted is the research being conducted on college campuses. "There are adversaries out there who are trying to steal as much intellectual property as they can to accelerate their own advancement," he said. DeSarno retired from the FBI at the end of October after 25 years of service. On the same day his agents at the Dallas headquarters welcomed dozens of university officials, DeSarno discussed with reporters his top concerns.

READ THE STORY: CBSNEWS

China Unveils First Batch of Scientific Images Taken by Solar Probe Kuaifu-1

FROM THE MEDIA: China’s Space Science Center released the first batch of scientific images captured by the country’s first comprehensive solar probe on December 13. The Advanced Space-Based Solar Observatory (ASO-S), dubbed Kuafu-1, has been operating in orbit for two months since its launch in October. Kuafu-1 is the world’s first near-Earth satellite telescope to simultaneously monitor solar flares, coronal mass ejections and the sun’s magnetic field. It aims to study their formation, evolution, interaction and correlation, and to provide support for space weather forecasting. The images were captured by three different payloads on the probe – Full-Disk MagnetoGraph (FMG), Lyman-Alpha Solar Telescope (LST) and Hard X-Ray Imager (HXI).

READ THE STORY: PAN DAILY

Former FTX CEO Sam Bankman-Fried arrested in the Bahamas

FROM THE MEDIA: The former CEO of failed cryptocurrency firm FTX, Sam Bankman-Fried, has been arrested in the Bahamas at the request of the U.S. government, U.S. and Bahamian authorities said Monday. The arrest was made Monday after the U.S. filed criminal charges that are expected to be unsealed Tuesday, according to U.S. Attorney Damian Williams. Bankman-Fried had been under criminal investigation by U.S. and Bahamian authorities following the collapse last month of FTX. The firm filed for bankruptcy on Nov. 11, when it ran out of money after the cryptocurrency equivalent of a bank run. “We expect to move to unseal the indictment in the morning and will have more to say at that time,” Williams said.

READ THE STORY: Market Beat

Russia, North Korea Restore Rail Trade Halted Since Early 2020

FROM THE MEDIA: Russia and North Korea appear to have resumed trade over a rail link that had been suspended for almost three years due Covid-19, according to satellite imagery, in the latest sign of warming ties between the neighbors. Goods were delivered from Russia to North Korea in late November and early December, 38 North said in report published late Monday. Unloaded cargo was spotted at least twice on the North Korean side and expanded freight handling at a station there suggested preparation for greater volume, the group said. “Based on our observations, it appears the resumption of trade between Russia and North Korea is well underway,” 38 North said, calling it “another sign of North Korea’s slow opening-up to the world as the Covid-19 pandemic lessens.”

READ THE STORY: Bloomberg // Asahi

Federal employee spyware hacks could number in the hundreds, lawmakers say

FROM THE MEDIA: New You can now listen to Insurance Journal articles! A US government investigation into the number of mobile phones of diplomats and government employees infected with spyware could “easily run into the hundreds,” according to a member of the House Intelligence Committee. Jim Himes, a Democratic representative from Connecticut, told Bloomberg News that the Biden administration is “just beginning to get a sense of the magnitude of the problem.” He predicted the probe could find spyware being used against “hundreds” of federal personnel in “multiple countries.” Himes was one of the lead authors of a letter in September urging the federal government to better protect US diplomats abroad from spyware and publicly reporting instances of such abuse. He received a letter last month co-authored by the Departments of Commerce and State confirming that commercial spyware was targeting U.S. government personnel serving abroad.

READ THE STORY: The Bharat Express News

Effective, fast, and unrecoverable: Wiper malware is popping up everywhere

FROM THE MEDIA: Over the past year, a flurry of destructive wiper malware from no fewer than nine families has appeared. In the past week, researchers cataloged at least two more, both exhibiting advanced codebases designed to inflict maximum damage. On Monday, researchers from Check Point Research published details of Azov, a previously unseen piece of malware that the company described as an “effective, fast, and unfortunately unrecoverable data wiper.” Files are wiped in blocks of 666 bytes by overwriting them with random data, leaving an identically sized block intact, and so on. The malware uses the uninitialized local variable char buffer[666].

READ THE STORY: arsTechnica

The effects of internet shutdowns on public mobilization

FROM THE MEDIA: In 2011, the United Nations declared internet access a basic human right, arguing that depriving individuals of connectivity violates human rights and international law. The report was issued the same day two-thirds of Syria's internet access was abruptly shut down without notice. In his report, the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue, underscored “the unique and transformative nature of the internet not only to enable individuals to exercise their right to freedom of opinion and expression, but also a range of other human rights, and to promote the progress of society as a whole.” The growing number of demonstrations across the globe has brought to light the intrinsic relationship between the internet and civil society mobilization on issues related to justice, equality, accountability, and human rights.

READ THE STORY: Global Voices

How North Korea’s cyber terrorists break into ‘unhackable’ crypto platforms

FROM THE MEDIA: This is the second installment of a three-part series shedding light on North Korea’s cryptocurrency thefts and their links to the hermit regime’s nuclear ambitions. — Ed. Early this year, a senior engineer at Axie Infinity, a Vietnamese company that runs a popular blockchain-based play-to-earn game, was encouraged to apply for a lucrative job through LinkedIn. But after the engineer opened a document file with a job offer letter, the network of the Ronin bridge, a platform created by Axie Infinity to transfer cryptocurrencies, was suddenly compromised. Spyware planted in the file enabled hackers to infiltrate the Ronin network and steal cryptocurrencies valued at $625 million in March.

READ THE STORY: ANN

Iranian APT targets US local governments with Drokbk malware

FROM THE MEDIA: Iranian advanced persistent threat group Cobalt Mirage, also known as UNC2448 or Nemesis Kitten, has exploited the Log4j vulnerability to compromise numerous U.S. local government networks with the Drokbk malware since February, according to The Record, a news site by cybersecurity firm Recorded Future. Cobalt Mirage is believed by Secureworks researchers to be behind a separate attack reported by the Cybersecurity and Infrastructure Security Agency that involved the compromise of a federal agency's server through Log4j vulnerability exploitation. Drokbk malware, which was found to be deployed following network infiltration, was also revealed to leverage GitHub for securing its command-and-control infrastructure.

READ THE STORY: SCMAG

Ransomware campaign targets popular open-source packages with cleverly hidden payload

FROM THE MEDIA: An ongoing ransomware campaign hides its payload in an uncommon way by targeting popular open-source packages that typically receive nearly 15 million installations per week, according to new findings by Checkmarx and Phylum. In a blog post, Checkmarx researchers said the campaign uses a form of typosquatting to target the popular “requests” package on Pypi and the “discord.js” package on NPM, and includes embedded ransomware. When executed, the ransomware encrypts files on the victim’s computer and demands payment of $100 in cryptocurrency to unlock them. Unlike most open-source attacks where malicious packages are being executed upon installation, Alik Koldobsky, security researcher at Checkmarx, told SC Media that the payload is hidden in multiple strategic locations and only executes when the victims use the actual functions of the packages, which makes the campaign hard to detect by many security scanners.

READ THE STORY: SCMAG

Items of interest

Researchers smell a cryptomining Chaos RAT targeting Linux systems

FROM THE MEDIA: A type of cryptomining malware targeting Linux-based systems has added capabilities by incorporating an open source remote access trojan called Chaos RAT with several advanced functions that bad guys can use to control remote operating systems. Trend Micro security researchers discovered the threat last month. Like earlier, similar versions of the miner that also target Linux operating systems, the code kills competing malware and resources that affect cryptocurrency mining performance. The newer malware then establishes persistence "by altering /etc/crontab file, a UNIX task scheduler that, in this case, downloads itself every 10 minutes from Pastebin," wrote Trend Micro researchers David Fiser and Alfredo Oliveira.

READ THE STORY: The Register

What Can Chat GPT do For the Average Person (Video)

FROM THE MEDIA: A short video showing examples of what Chat GPT can do for the average person.

How To Make Money With ChatGPT As A Beginner In 2022 - kinda (Video)

FROM THE MEDIA: The first step to making money with CHatGPT is to head over to OpenAi and scroll to the bottom then click ChatGPT, this will take you to the website. Once you are on the ChatGPT website sign up to get your free account.

Daily Drop (341)

Bob Bragg — Mon, 12 Dec 2022 21:50:38 GMT

Monday, December 12, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

Iran thwarts hackers’ attack on Imam Khomeini Airport City

FROM THE MEDIA: Iranian cybersecurity experts have foiled a hacking attack on Imam Khomeini Airport City in the south of the capital Tehran, preventing any major interruption in the airport’s operations. Iran’s Tasnim news agency quoted Mohammad Ja’farabadi, the director general of the airport, as saying on Monday that the so-called Anonymous hackers launched a distributed denial-of-service (DDoS) attack on the website of the airport on Sunday. “As a result, there were problems in the airport’s operations for about fifteen minutes. However, the airport city’s multilayered support system prevented the hackers from taking control of its website,” the official said.

READ THE STORY: PressTV

Post-quantum cryptography experts brace for long transition despite White House deadlines

FROM THE MEDIA: The White House’s aggressive deadlines for agencies to develop post-quantum cryptography strategies make the U.S. the global leader on protection, but the transition will take at least a decade, experts say. Canada led the Western world in considering a switch to post-quantum cryptography (PQC) prior to the Office of Management and Budget issuing its benchmark-setting memo on Nov. 18, which has agencies running to next-generation encryption companies with questions about next steps. The memo gives agencies until May 4, 2023, to submit their first cryptographic system inventories identifying vulnerable systems, but they’ll find the number of systems reliant on public-key encryption — which experts predict forthcoming quantum computers will crack with ease — is in the hundreds or thousands.

READ THE STORY: FEDSCOOP

New Research Raises Alarm Against Congress must pass Cornyn-Schumer’s NDAA microchips amendment

FROM THE MEDIA: While the COVID-19 pandemic opened the American public’s eyes to many aspects of governmental policy, perhaps the most striking was the realization that the nation has become too dependent on China for critical goods. From medical to high-tech devices, the American people began to clearly recognize that they could no longer remain beholden to the communist nation for life’s necessities. As a former up-and-coming member of the Chinese Communist Party before fleeing to the United States and becoming a leading American activist against it, I can attest to the urgent need for the U.S. to divest from China in areas of health and security importance.

READ THE STORY: Washington Times

TrueBot malware delivery evolves, now infects businesses in the US and elsewhere

FROM THE MEDIA: New research from Cisco Talos reveals that the infamous TrueBot malware has updated its modus operandi and now hits the U.S. with additional payloads such as the infamous Clop ransomware. According to Cisco Talos, TrueBot malware now collects Active Directory information, which means it targets businesses with larger IT resources. In addition to targeting larger organizations, the malware is experimenting with new delivery methods: Netwrix Auditor bundled with the Raspberry Robin malware. TrueBot is a downloader malware under active development since 2017. Its goal is to infect systems, collect information on the compromised host to help triage the targets and deploy additional malware.

READ THE STORY: TechRepublic

LockBit ransomware crew claims attack on California Department of Finance

FROM THE MEDIA: A notorious and prolific ransomware operation claimed on Monday to have stolen 76 gigabytes of data from the California Department of Finance. In a statement on its website posted early Monday, LockBit — a group the U.S. Department of Justice describes as one of the “most active and destructive ransomware variants in the world” — announced that it targeted systems belonging to the California Department of Finance and gave the agency a Dec. 24 deadline, when the group is threatening that it will publish the stolen files.

READ THE STORY: CYBERSCOOP

Indian foreign ministry’s Global Pravasi Rishta portal leaks expat passport details

FROM THE MEDIA: The Cybernews research team has been alerted that the Global Pravasi Rishta Portal was leaking sensitive user data. Unfortunately, the tip proved accurate. The platform exposed user names, surnames, country of residence, and email addresses in plaintext, as well as occupation status, phone and passport numbers. The leak was possible because of poor security measures, such as a lack of authentication methods. The Global Pravasi Rishta Portal is a platform with the goal of connecting 30 million Indian expats. The platform owner is the Ministry of External Affairs of India, the country’s government body responsible for implementing foreign policy.

READ THE STORY: Security Affairs

Fortinet urges customers to fix actively exploited FortiOS SSL-VPN bug

FROM THE MEDIA: Fortinet urges customers to update their installs to address an actively exploited FortiOS SSL-VPN vulnerability, tracked as CVE-2022-42475, that could be exploited by an unauthenticated, remote attacker to execute arbitrary code on devices. The CVE-2022-42475 flaw is a heap-based buffer overflow issue that resides in FortiOS sslvpnd. “A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.” reads the advisory published by the security vendor. “Fortinet is aware of an instance where this vulnerability was exploited in the wild,”

READ THE STORY: Security Affairs

Japan to amend laws to allow for offensive cyber operations against foreign hackers

FROM THE MEDIA: The Japanese government is planning to introduce new laws that will allow it to engage in offensive cyber operations for the purposes of defending itself. The Nikkei reported that the government will make “legislative changes so it can begin monitoring potential attackers and hack their systems as soon as signs of a potential risk are established.” Documents seen by the newspaper state that Japan will strengthen its cyber defense “to a level equal to major Western powers” and include measures for “active cyber defense” allowing the authorities to intervene before damage is caused, even when there is no use of traditional force against the country.

READ THE STORY: The Record

Xnspy stalkerware spied on thousands of iPhones and Android devices

FROM THE MEDIA: Alittle-known phone monitoring app called Xnspy has stolen data from tens of thousands of iPhones and Android devices, the majority whose owners are unaware that their data has been compromised. Xnspy is one of many so-called stalkerware apps sold under the guise of allowing a parent to monitor their child’s activities, but are explicitly marketed for spying on a spouse or domestic partner’s devices without their permission. Its website boasts, “to catch a cheating spouse, you need Xnspy on your side,” and, “Xnspy makes reporting and data extraction simple for you.”

READ THE STORY: TC

North Korean Cyber Spies’ New Tactic: Tricking Experts Into Writing Research for Them

FROM THE MEDIA: The sender was actually a suspected North Korean spy seeking information, according to those involved and three cybersecurity researchers. Instead of infecting his computer and stealing sensitive data, as hackers typically do, the sender appeared to be trying to elicit his thoughts on North Korean security issues by pretending to be 38 North director Jenny Town. “I realized it wasn’t legit once I contacted the person with follow up questions and found out there was, in fact, no request that was made, and that this person was also a target,” DePetris told Reuters, referring to Town. “So I figured out pretty quickly this was a widespread campaign.”

READ THE STORY: Insurance Journal

Cryptomining campaign targets Linux systems with Go-based CHAOS Malware

FROM THE MEDIA: In November 2022, Trend Micro researchers discovered a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). The Chaos RAT is based on an open-source project. Like the original project, the malware is able to terminate competing malware, security software, and is used to deploy the Monero (XMR) cryptocurrency miner. The malware maintains persistence by altering /etc/crontab file and downloads itself every 10 minutes from Pastebin. “This is followed by downloading additional payloads: an XMRig miner, its configuration file, a shell script looping “competition killer,” and most importantly, the RAT itself.” reads the analysis published by Trend Micro.

READ THE STORY: Security Affairs

Ukrainian railway, state agencies allegedly targeted by DolphinCape malware

FROM THE MEDIA: Ukrainian government agencies and the state railway are the latest victims of a new wave of phishing attacks, Ukraine’s Computer Emergency Response Team (CERT-UA) reported last week. The attacks involved an email campaign in which hackers sent out messages purportedly on behalf of Ukraine’s State Emergency Service with tips on how to identify a kamikaze drone, capitalizing on fears over the Russian use of Iranian-made Shahed-136 kamikaze drones to target crucial energy infrastructure in Ukraine. The attackers, tracked by CERT-UA as UAC-0140, used the emails to distribute the DolphinCape malware, developed with the Delphi programming language.

READ THE STORY: The Record

Royal Ransomware Targets US Healthcare

FROM THE MEDIA: The ransomware group known as Royal has been targeting the healthcare industry in the US, warned the Health Department (HC3) last week. "HC3 is aware of attacks against the Healthcare and Public Healthcare (HPH) sector," wrote the department in an analyst note last Wednesday. "Due to the historical nature of ransomware victimizing the healthcare community, Royal should be considered a threat to the HPH sector." According to the analyst note, requested ransom payment demands ranged from $250,000 to over $2m.

READ THE STORY: InfoSecMag

Major Android Security Leak: Manufacturer Signing Keys Used To Validate Malware Apps

FROM THE MEDIA: A security leak involving manufacturing keys from major device producers (such as LG and Samsung) has created a path for malware apps to make it onto user devices in the guise of legitimate updates. These malware apps can give an attacker full access to an Android device, as the operating system trusts any app that has been signed with this key with complete system-level access. This attack would not necessarily require the end user to download a new app; it could be inserted as an update to an existing app on the device. It would not matter if the app had originally been installed via the Play Store, a manufacturer-specific outlet such as the Galaxy Store, or if it was independently sideloaded onto the device.

READ THE STORY: CPOMAG

Evilnum group targets legal entities with a new Janicab variant

FROM THE MEDIA: Kaspersky researchers reported that a hack-for-hire group dubbed Evilnum is targeting travel and financial entities. The attacks are part of a campaign aimed at legal and financial investment institutions in the Middle East and Europe. The campaign took place in 2020 and 2021, but experts speculate it has been active since 2015. The threat actors employed a new variant of the Janicab malware that relies on public services like WordPress and YouTube as dead drop resolvers. The researchers spotted the new variant while investigating Evilnum (aka Deathstalker) intrusions that use the Janicab malware family. The experts believe DeathStalker is a group of mercenaries or threat actors that act as an information broker in financial circles.

READ THE STORY: Security Affairs

“Misleading attack” threatens blockchain security

FROM THE MEDIA: The cyber threat received such a name due to its misleading nature: as such, it attempts to deceive miners – those who mine digital currencies and validate transactions on a blockchain. Specifically, the attack steals some of their computational power and redirects it to a different chain. “The misleading attack is orchestrated by someone who redirects some miners computational power to a different chain, so that it (the attacker) can outrun the main chain and thus make its fork the dominant one,” CDU Professor Mamoun Alazab said. According to Alazab, through a series of competition losses, the threat actor’s chain becomes the dominant one. Not only does this attack have a high success rate, but it also increases the success rates of other blockchain attacks.

READ THE STORY: Cybernews

Twitter confirms recent user data leak is from 2021 breach

FROM THE MEDIA: Twitter confirmed today that the recent leak of millions of members' profiles, including private phone numbers and email addresses, resulted from the same data breach the company disclosed in August 2022. Twitter says its incident response team analyzed the user data leaked in November 2022 and confirms it was collected using the same vulnerability before it was fixed in January 2022. "In November 2022, some press reports published that Twitter users' data had been allegedly leaked online," reads the update. In January 2022, Twitter received a report through its bug bounty program that an API vulnerability allows an attacker to feed email addresses or phone numbers and get an associated Twitter ID for a registered account.

READ THE STORY: Bleeping Computer

Uber suffers new data breach after attack on vendor, info leaked online

FROM THE MEDIA: Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity incident. Early Saturday morning, a threat actor named 'UberLeaks' began leaking data allegedly stolen from Uber and Uber Eats on a hacking forum known for publishing data breaches. The leaked data includes numerous archives claiming to be source code associated with mobile device management platforms (MDM) used by Uber and Uber Eats and third-party vendor services.

READ THE STORY: Bleeping Computer

FCC to update satellite rules

FROM THE MEDIA: A US bipartisan House Energy & Commerce Committee has introduced potential legislation to update the FCC’s current satellite licensing rules. One aspect will be the prohibition of Chinese businesses, although it is not yet completely clear whether the legislation will cover satellites where ownership – as distinct to components – includes Chinese companies. This could affect Eutelsat and its merger with OneWeb, for example. Eutelsat has a Chinese shareholder. The legislation also covers Russia, although again further clarity will be needed on operators which are correctly licensed by the ITU and how that would impact their US services.

READ THE STORY: Advanced Television

Items of interest

Technical issue likely to blame for Iranian news channel outage, says Eutelsat

FROM THE MEDIA: A technical issue likely knocked Iran’s Press TV temporarily off the air last week, Eutelsat said as the French satellite operator calls on partners to stop broadcasting the news channel to comply with European sanctions. The Iranian state-owned news network lashed out at Eutelsat Dec. 7 via Twitter and an article — which has since been updated — after losing service for what it described as an attack on free speech. Press TV initially said Eutelsat had “taken Press TV off air” before updating the article’s text to instead focus on a notification about plans to drop the channel without mentioning the service outage.

READ THE STORY: SN

The State of Data Security: The Human Impact of Cybercrime (Video)

FROM THE MEDIA: Over one-third of organizations had a leadership change in the last year due to a cyberattack and its follow-on response.

Blurring the Lines Between Espionage and Cybercrime with Rafe Pilling (Video)

FROM THE MEDIA: Since 2020, Iranian threat groups have been conducting disruptive operations in Israel, quickly spreading to other parts of the world.

Daily Drop (340)

Bob Bragg — Sun, 11 Dec 2022 12:02:39 GMT

Sunday, December 11, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

US Keeps Eye on China's Space Activities for Potential Risks

Analyst Comment: China is progressing towards its national space strategy focusing on becoming a global leader by 2045 with hope of being there around 2030. The CCP appears to be politically committed to achieving this vision (435 launches as of 08DEC22).

FROM THE MEDIA: The U.S. is closely monitoring Chinese activities that potentially threaten American assets in space as debris rapidly accumulates in low Earth orbit, the head of United States military operations in space said Friday. Commander of U.S. Space Command Army Gen. James Dickinson also cheered the overwhelming passage in the United Nations of a resolution that countries not conduct direct-ascent antisatellite tests that create vast fields of space debris, which endanger satellites and space stations. Of the four countries that have conducted such ASAT tests, the United States was the only one that voted in favor, while China and Russia voted no and India abstained.

READ THE STORY: VOA

Blockchain Voting In India: Illusion Or Reality

FROM THE MEDIA: Recently, India saw two legislative elections and one local body election. Though there were fewer allegations regarding tampering of electronic voting machines (EVMs) in this election, EVMs’ vulnerability to hacking has always been a point of contention for the losing side. So what can make elections more transparent? The use of blockchain technology to make the election process more transparent is now being discussed globally. In October, it was reported that Greenland was exploring the feasibility of an online voting platform, possibly based on blockchain, reported Cointelegraph.

READ THE STORY: OUTLOOK

New Research Raises Alarm Against Advertising Tool That Exposes Users’ Data to Twitter

FROM THE MEDIA: A new advertising tool is wreaking havoc by exposing users’ data to Elon Musk’s Twitter platform. The news comes through a new study by researchers that have uncovered the ordeal which might be exposing the likes of various firms, governments, and even users to so many security risks linked to the digital social network. In October, we saw billionaire Elon Musk acquire the company for a staggering $44 billion and among the various other dilemmas that this deal brought forward, we were able to witness a resource that went unexplored.

READ THE STORY: DIW

Chinese newspaper accuses U.S. of stealing technology from "our Taiwan"

FROM THE MEDIA: An editorial printed in the Chinese tabloid called Global Times (via South China Morning Post) has attacked TSMC's plans to build two fabs in the United States. The first factory will go online in 2024 producing chips made using TSMC's 4nm process node. The second factory, announced just this past week, will produce 3nm chips for Apple and other companies starting in 2026. It is great news for the U.S. as it tries to become self-sufficient when it comes to producing chips. But the Global Times calls this a "dark turn" in the worldwide semiconductor industry and accuses the U.S. of tricking TSMC into building the new factories in Arizona.

READ THE STORY: Phone Arena

Apple says its new iMessage can send an alert if a state-sponsored hacker is spying on your conversation

FROM THE MEDIA: Apple said its new iMessage Contact Key Verification feature can notify people if their conversation is being breached by a state-sponsored hacker – but it only works if both people have it enabled. The iMessage feature will be available for people "who face extraordinary digital threats," like journalists, human rights activists, and politicians, Apple said in a press release. iMessages between two people who have the feature enabled will receive an automatic alert "if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications."

READ THE STORY: Business Insider (SA)

How the global spyware industry spiralled out of control

FROM THE MEDIA: The Biden administration took a public stand last year against the abuse of spyware to target human rights activists, dissidents and journalists: It blacklisted the most notorious maker of the hacking tools, Israeli firm NSO Group. But the global industry for commercial spyware — which allows governments to invade mobile phones and vacuum up data — continues to boom. Even the U.S. government is using it. The Drug Enforcement Administration is secretly deploying spyware from a different Israeli firm, according to five people familiar with the agency’s operations, in the first confirmed use of commercial spyware by the federal government.

READ THE STORY: Money Control

MuddyWater APT group is back with updated TTPs

FROM THE MEDIA: Deep Instinct’s Threat Research team uncovered a new campaign conducted by the MuddyWater APT (aka SeedWorm, TEMP.Zagros, and Static Kitten) that was targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and United Arab Emirates. The experts pointed out that the campaign exhibits updated TTPs. The first MuddyWater campaign was observed in late 2017 when targeted entities in the Middle East. The group evolved over the years by adding new attack techniques to its arsenal. Over the years the APT group also has also targeted European and North American nations. In January, US Cyber Command (USCYBERCOM) officially linked the MuddyWater APT group to Iran’s Ministry of Intelligence and Security (MOIS).

READ THE STORY: Security Affairs

Malaysia Launches Investigation Into AirAsia Ransomware Attack

FROM THE MEDIA: Last month, a ransomware attack compromised the personal data of approximately five million passengers and all AirAsia employees. Although it has been more than a month since the initial attacks, Malaysian authorities are still investigating the source and the overall impact but have gathered few leads so far. The cyber attacks happened on November 11th and 12th when samples of the stolen personal data were found leaked to the dark web approximately a week later. The posted samples contained varying degrees of sensitive information, such as employees' personal data, passenger booking information, and even photos, to name a few.

READ THE STORY: Simple Flying

How to Geolocate IP Addresses on Linux Using geoiplookup

FROM THE MEDIA: Have you ever wondered where a website is actually hosting its content from? You can geolocate domain names and IP addresses right from the Linux command line with geoiplookup. Here's how to use it. Geoiplookup is a command-line utility that uses MaxMind's geolocation database to find the country where an IP address or domain name is hosted. It queries a local file, typically stored in the /usr/share/GeoIP directory.

READ THE STORY: MUO

China buys $1.8 billion worth of gold in reserves, reduces USD assets

FROM THE MEDIA: Early this year, countries all across the world went on a gold-purchasing binge, which many believe may be a sign of escalating economic turmoil. Long used as currency, gold is valued for maintaining its worth despite the ups and downs of capitalism. It also has significant industrial applications, though. China's State Administration of Foreign Exchange recently disclosed statistics showing that it just made its first gold purchase for its reserves in three years. China now has 63.67 million ounces of total gold reserves, or nearly $112 billion, up from 62.64 million ounces before the purchase. It holds the sixth-largest gold reserve in the world, behind the US, Germany, Italy, France, and Russia.

READ THE STORY: Almayadeen

Antenna maker Anywaves plots aggressive US expansion

FROM THE MEDIA: French satellite antenna maker Anywaves said Dec. 8 it has raised around $3 million to help capture more business from U.S. customers. Anywaves CEO Nicolas Capet said the funds from French investor Ylliade Groupe enable the company to accelerate sales and marketing efforts in the United States, where only 10% of its customers are currently based. The majority of customers, about 80%, are based in Europe and the remaining 10% are from other countries including Australia and India. “Our objective is to balance this mix,” Capet told SpaceNews via email.

READ THE STORY: SN

Russia promises US and allies ‘legal consequences’ for helping Ukraine to pinpoint targets

FROM THE MEDIA: Vasily Nebenzya, the Russian Permanent Representative to the UN, on Friday, December 9, accused the United States and its allies of helping Ukraine to pinpoint targets for its weapons. Speaking at a meeting convened at the request of Moscow, he promised that ‘legal consequences’ would occur as a result. He particularly accused the Americans of being involved in the work of HIMARS, and that targeting is carried out using US military satellites. Nebenzya also claimed that the Russian strategic airfields of Dyagilevo and Engels were recently attacked by drones using American satellite data.

READ THE STORY: EuroWeekly

At least 4,460 vulnerable Pulse Connect Secure hosts are exposed to the Internet

FROM THE MEDIA: Pulse Connect Secure is a widely-deployed SSL VPN solution for remote and mobile users, for this reason, it is a target of attacks by multiple threat actors. Over the years, researchers disclosed several severe vulnerabilities in the server software, in April of 2021, CISA published a report warning of the exploitation of Pulse Connect secure flaws. Now Censys researchers discovered that 4,460 Pulse Connect Secure hosts out of 30,266 installs, which are exposed to the Internet, lack of security patches. “In total, Censys has found 30,266 Pulse Connect Secure hosts running on the internet.” reads the post published by Censys. “One of the easiest ways to find these running using Censys is to search for a specific URI that can be found in the HTTP response body of a Pulse Connect Secure web service.

READ THE STORY: Security Affairs

Japan eyeing introduction of ‘active cyber defense’ measures

FROM THE MEDIA: Negotiations between the Japanese government and the country's ruling Liberal Democratic Party (LDP) will begin in 2023 to amend the country's laws to allow local experts to conduct "active cyber defense," according to sources cited by The Nikkei newspaper. Under the pretext of safeguarding the infrastructure of the private sector, the Japanese government wants to create a system that will allow law enforcement to monitor and hack into "intruders'" systems even before they engage in suspicious activity. Next week, the National Security Strategy and two other security-related documents will be updated, and this initiative will be reflected in them.

READ THE STORY: Almayadeen

Xi proposes eight major initiatives on China-Arab practical cooperation

Analyst Comment: In proper BRI fashion - China aims to expand its trade with Arab states to 430 billion dollars by 2027. This push at a China-Arab union is to further their persistence in the region.

FROM THE MEDIA: Chinese President Xi Jinping on Friday proposed eight major initiatives on China-Arab practical cooperation at the first China-Arab States Summit held here at the King Abdul Aziz International Conference Center. The details are as follows: First, cooperation initiative on development support. China will discuss with the Arab side the implementation of assistance projects worth 5 billion yuan (about 719 million U.S. dollars) in development cooperation, and include 30 eligible Arab projects in the Global Development Initiative project pool.

READ THE STORY: CCTV

India's Digital Currency Will 'Finally' Replace Bank Notes

FROM THE MEDIA: As in the case of paper currency, the digital rupee would be distributed through banks. Currently, four banks have been selected - State Bank of India, ICICI Bank, IDFC First Bank and Yes Bank. Users must have a digital wallet through a participating bank, which would be stored on their mobile phone or other electronic device. Payments to merchants can be made using QR codes displayed at merchant locations. These four banks are expected to invite merchants and customers who would be part of the pilot project in the coming weeks which will help to build an ecosystem. It is expected that the digital rupee will eventually replace the use of currency notes. The pilot project will be implemented in thirteen cities in India. The digital currency will have denominations like regular currency and will also have images with serial numbers.

READ THE STORY: MENAFN

Australia announces ‘Magnitsky’ sanctions against targets in Russia and Iran

FROM THE MEDIA: Foreign Affairs Minister Penny Wong chose Human Rights Day to announce Magnitsky-style sanctions against 13 Russian and Iranian individuals and two entities, in response to egregious human rights abuses. Wong has described these sanctions as a means of holding human rights abusers to account, in situations where dialogue has proven ineffective. Magnitsky sanctions are named after Sergei Magnitsky, a Russian lawyer who was killed in prison for exposing corruption. Unlike more traditional sanctions targeting nation states, Magnitsky sanctions freeze the assets of targeted individuals and prevent them from travelling freely.

READ THE STORY: The Conversation

Freed Russian Arms Dealer Viktor Bout Would 'Volunteer' In Putin's War

FROM THE MEDIA: Viktor Bout, the notorious arm dealer who was freed by the U.S. in a high-profile prisoner exchange with Russia this week, was reported by Moscow-based news site Gazeta.ru as saying that he would volunteer to fight in Ukraine if possible. On Saturday, Gazeta—whose holding company Rambler Media Group passed under the sole ownership of state-owned company Sberbank in 2020—wrote on Twitter that Bout had said about the "special operation" in Ukraine: "If I had the opportunity and the necessary skills, I would, of course, volunteer."

READ THE STORY: NEWSWEEK

Australia's Telstra suffers privacy breach, 132,000 customers impacted

FROM THE MEDIA: Australia's largest telecoms firm Telstra Corp Ltd (TLS.AX) said on Sunday that 132,000 customers were impacted by an internal error that led to disclosure of customer details. Telstra, which has 18.8 million customer accounts equivalent to three-quarters of Australia's population, said an internal review found the details were made publicly available due to "a misalignment of databases". Telstra referred Reuters to a company blog post, issued on Friday, that said "some customers’ names, numbers and addresses" were listed when they should not have been.

READ THE STORY: Reuters

The metaverse will have its zombies — and yes, they can get you IRL

FROM THE MEDIA: Many of us have seen this scene in so many zombie movies: A howling horde advances on the outpost in the form of one roaring, crawling pile of plagued flesh. “There’s too many of ‘em! Fall back!..” Gunfire, now stuttering and distant. A crazed staccato of the last survivor’s hectic run-for-it… Then, finally, silence. Mēris (Latvian for “plague”), a modified version of the infamous Mirai botnet, brought some 250,000 “zombies,” or compromised devices, to the party last summer, and the assault they put up would have put the above scene to shame. According to researchers, the botnet was able to throw as many as 21.8 million requests per second at its victims, crashing their overloaded servers in a major Decentralized Denial-of-Service (DDoS) attack.

READ THE STORY: VB

Elon Musk says his politics are in the center but extremism experts say he's using Twitter to increasingly empower right-wing viewpoints

FROM THE MEDIA: Though he has long touted himself as "somewhere in the middle" on politics, Elon Musk has been sharing increasingly more conservative political views on Twitter since he first showed interest in purchasing the platform, and is now regularly amplifying anti-Democratic conspiracy theories while endorsing Republican candidates across the country. "In the past I voted Democrat, because they were (mostly) the kindness party," Musk wrote in a tweet this May. He then bashed the Democratic Party, adding: "But they have become the party of division & hate, so I can no longer support them and will vote Republican."

READ THE STORY: INSIDER

Elon Musk’s Twitter won’t censor hate speech but won’t boost it either

FROM THE MEDIA: Twitter revealed new rules on its treatment of hateful speech Saturday, part of new owner Elon Musk’s vow to make the social-media giant a transparent bastion of free expression. “People will still see slur words in Tweets when they follow an account that uses them,” according to a post from Twitter Safety’s official account. “However, we will not amplify Tweets containing slurs or hate speech, and we will not serve ads adjacent to those Tweets.” The account explained that blanket removal or suppression of tweets containing hateful comments will not be an option.

READ THE STORY: NYPOST

Generative AI may be the magic potion small marketing agencies have been waiting for

FROM THE MEDIA: Gartner recently released its list of 7 Technology Disruptions That Will Impact Sales Through 2027. One was generative Artificial Intelligence. Gartner defined generative AI as AI that “learns from existing content artifacts to generate new, realistic artifacts that reflect the characteristics of the training data, but do not repeat it.” In simple terms, it can produce entirely new content, like images, videos, text and code, with very simple inputs.

READ THE STORY: VB

Items of interest

Armenia and Iran combine forces against Azerbaijan

FROM THE MEDIA: In early December, the Azerbaijani media reported about free of charge military supplies of Iran to Armenia amidst the growing tensions between Azerbaijan and Islamic Republic. According to the reports, Islamic Revolutionary Guard Corps (IRGC) provided 500 units of the Dehlavieh anti-tank missile system and 100 units of Almas system to Armenia at the end of October. These supplies took place amidst the military exercises the Iranian army carried out along the borders with Azerbaijan for the second time since the end of the Second Karabakh War of 2020 – Iran never conducted military drills along the Azerbaijani borders before this war. Along with these, Azerbaijani media published evidence confirming that Iran also sends military personnel to the separatist Armenian forces in the Karabakh region of Azerbaijan that is currently under the temporary control of the Russian peacekeeping units. They are reportedly supposed to train the Armenian separatist forces who regularly carry out terrorist and sabotage attacks against the Azerbaijani army.

READ THE STORY: Modern Diplomacy

Coffeezilla: SBF, FTX, Fraud, Scams, Fake Gurus, Money, Fame, and Power (Video)

FROM THE MEDIA: Coffeezilla is a journalist and investigator on YouTube.

Top Cybersecurity job interview tips (Video)

FROM THE MEDIA: Never make this mistake in the job interview process! Make sure you know how to negotiate for more money in 2023.

Daily Drop (339)

Bob Bragg — Sat, 10 Dec 2022 14:34:24 GMT

Saturday, December 10, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

The Lord of War is back in the game

Analyst Comment: Viktor Bout was a historic figure in the black market arms world. With aged contacts (about two decades old) is he still a threat? In short yes - nations use assets to push their agendas - rumor has it Viktor was in bed with the GRU. His release was purposeful - standby to see how he is utilized in the Ukrainian conflict.

FROM THE MEDIA: How does the release of one of the world’s most notorious criminals threaten national security? DEREK MALTZ, a former Drug Enforcement Agency agent, helped lead the team that eventually took down Bout 14 years ago in Thailand. Before his capture, Bout worked across the world selling arms, including to militants in Africa, to Al Qaeda and to the Taliban. He was set to serve a 25-year prison sentence. Now, Maltz says though he is happy about Griner’s release, Bout’s poses perhaps an even greater threat to Americans than before he was arrested. He's back out there with the ability to cause harm and destruction around the world,” Maltz said in an interview. “And now he's going to be way smarter because he knows some of the techniques that have been used against him.”

READ THE STORY: Politico

Lawmakers request Twitter insight regarding PRC social media influence

Analyst Comment: Nation States using social media networks (SMN) for information operations (IO) is nothing new. Beijing’s Global Media Influence: Authoritarian Expansion and the Power of Democratic Resilience, details efforts by the Chinese government and its proxies IO campaigns attempts. Again not new - but they are evolving this capability.

FROM THE MEDIA: U.S. Reps. Raja Krishnamoorthi (D-IL), Adam Schiff (D-CA), and Jackie Speier (D-CA), members of the House Permanent Select Committee on Intelligence, recently forwarded correspondence to Twitter CEO Elon Musk regarding insight into People’s Republic of China (PRC) social media influence. The legislators inquired about the possibility the PRC may have used a network platform manipulation campaign on Twitter, resulting in restricted access to news about protests in the PRC, citing concerns about the potential impacts of PRC’s cyber capabilities.

READ THE STORY: HPN

How facial recognition allowed the Chinese government to target minority groups

FROM THE MEDIA: Journalist Alison Killing explains her investigation in Xinjiang, China, where the government has used facial recognition cameras to track Uyghurs and detain them in camps across the region. In 2021, she and her co-journalists won the Pulitzer Prize for International Reporting for their work investigating a network of detention camps in Xinjiang, China using satellite imagery and architectural techniques. Her other investigations have included: understanding how social media can be used to track user’s movements and migrant journeys.

READ THE STORY: WAMU

Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant

FROM THE MEDIA: Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe. The attacks targeting law firms throughout 2020 and 2021 involved a revamped variant of a malware called Janicab that leverages a number of public services like YouTube as dead drop resolvers, Kaspersky said in a technical report published this week. Janicab infections comprise a diverse set of victims located in Egypt, Georgia, Saudi Arabia, the UAE, and the U.K. The development marks the first time legal organizations in Saudi Arabia have been targeted by this group.

READ THE STORY: THN

Cyber’s Most Wanted: FBI Is Hunting 10 Russian Threat Actors

FROM THE MEDIA: Who are some of the most wanted Russian hackers and cyber threat actors? A partial list from the FBI includes six Russian military intelligence (GRU) officers, three members of the Energetic Bear threat actor group, and one computer programmer employed by an affiliate of the Russian Ministry of Defense. They represent 10 of the agency’s Cyber’s Most Wanted list of suspects. According to the FBI, all six are officers in Unit 74455 of the Russian military intelligence agency called the Main Intelligence Directorate (GRU). These individuals and their co-conspirators are known to the threat research community by the monikers: “Sandworm Team,” “Telebots,” “Voodoo Bear,” and “Iron Viking.”

READ THE STORY: Blackberry

Claroty unveils web application firewall bypassing technique

FROM THE MEDIA: OT security vendor Claroty developed an attack technique that would allow a threat actor to bypass the web application firewalls of several top vendors. The technique came from Claroty's threat research team Team82, which revealed the generic bypass in a blog post Thursday. The attack technique is generic, meaning it works against web application firewalls (WAFs) from multiple vendors. According to the blog post, the technique has been successfully tested against products from Amazon Web Services, Cloudflare, F5, Imperva and Palo Alto Networks.

READ THE STORY: TechTarget

New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm

FROM THE MEDIA: Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patched remote code execution (RCE) flaw in Netwrix auditor as well as the Raspberry Robin worm. "Post-compromise activity included data theft and the execution of Clop ransomware," security researcher Tiago Pereira said in a Thursday report.

READ THE STORY: THN

France is giving Cuba the cyber power that the USA denied it for so long

FROM THE MEDIA: According to a media report by Reuters, Cuba has announced that it has begun work with French telecoms operator Orange on an alternative underwater cable that will link it to the island of Martinique in a bid to beef up its connection to the global internet and broadband corridors. Reportedly, the Cuban state-run telecoms operator ETECSA has announced that the alternative undersea cable project, called ARIMAO, has started to take shape, noting in a statement that “all the permissions are in place for its deployment.”

READ THE STORY: TFIGlobal

Arctic Wolf: Log4Shell Has a Long Tail

FROM THE MEDIA: The ongoing exploit activities of the Log4Shell vulnerability (CVE-2021-44228) in the popular Apache Log4j open source logging tool remain on a high level one year after it was first disclosed on December 9, 2021, Arctic Wolf noted in recent research. The research showed one-quarter of the security vendor’s customers have been targeted with Log4Shell exploitation attempts since January, and Arctic Wolf found threat actors continue to use the exploit throughout the year. “When we originally investigated this vulnerability in December 2021, we immediately knew this one would have a long-lasting impact on organizations around the world and that it would be attractive for Cyber Criminals to exploit.

READ THE STORY: SDXcentral

Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware

FROM THE MEDIA: Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by a remote attacker to cause remote code execution or a denial-of-service (DoS) condition. The networking equipment major said it's working on a patch to address the vulnerability, which is tracked as CVE-2022-20968 (CVSS score: 8.1) and stems from a case of insufficient input validation of received Cisco Discovery Protocol (CDP) packets.

READ THE STORY: THN

TSMC’s $40 Billion Bet on U.S.-Made Chips: Just a Start

FROM THE MEDIA: This past Tuesday, Taiwan Semiconductor Manufacturing TSM –0.14% announced that it would expand its investments in Arizona to more than $40 billion—from its initial $12 billion commitment. TSMC’s first Arizona fab will begin making 4-nanometer chips in 2024, and a second will produce 3-nanometer chips by 2026. Smaller chips normally are faster and more power-efficient than larger ones. Forty billion is a big number, but it’s not a panacea. TSMC didn’t lay out a time frame to spend the money. And it will be a fraction of TSMC’s overall capital spending, which J.P. Morgan JPM –0.54% estimates at $100 billion from 2022 to 2024.

READ THE STORY: Barrons

Japanese tech leaders warn Beijing will ride out US chip sanctions

FROM THE MEDIA: Tech executives in Japan have warned that the latest US chip export controls are unlikely to suppress China’s progress in artificial intelligence and super computers, calling into question the long-term effectiveness of the sanctions. The warnings from Sony’s chief technology officer and NEC’s chief executive come as Washington tries to convince the Netherlands and Japan, both big players in the global chipmaking industry, to strike a trilateral deal that would impose further restrictions on China obtaining tools to make chips.

READ THE STORY: FT

Dutch computer chips found in Iranian killer drones used in the war in Ukraine

FROM THE MEDIA: Iranian weapon drones used in the war in Ukraine contained chips supplied from Dutch companies. The British research organization Conflict Armament Research (CAR), which is responsible for researching Western technology in Iranian drones, confirmed this to the Dutch newspaper AD. Deputy Director of Operations at Conflict Armament Research Damien Spleeters said "Most of the western components we found were made between 2020 and 2021. There are also Dutch components among them. "In the summer of this year, the Dutch chip companies NXP and Nexperia received the message that their chips were found in Russian drones.

READ THE STORY: NLTIMES

The U.S.’s tech future depends on securing rare metals

FROM THE MEDIA: The Dec. 6 editorial “The future depends on chips. Is the U.S. ready?” rightly argued that chips are critical to U.S. security readiness and global competitiveness. But it was shortsighted. The problem is not the unreliable supply of chips; it’s the increasingly tight supply of the rare metals necessary to make them. With global consumption growing at an annual rate of 3 to 5 percent, demand for rare metals already outstrips supplies — and is projected to be five to 10 times greater by 2040 than today.

READ THE STORY: WP

Why deepfake phishing is a disaster waiting to happen

FROM THE MEDIA: Everything isn’t always as it seems. As artificial intelligence (AI) technology has advanced, individuals have exploited it to distort reality. They’ve created synthetic images and videos of everyone from Tom Cruise and Mark Zuckerberg to President Obama. While many of these use cases are innocuous, other applications, like deepfake phishing, are far more nefarious. A wave of threat actors are exploiting AI to generate synthetic audio, image and video content that’s designed to impersonate trusted individuals, such as CEOs and other executives, to trick employees into handing over information.

READ THE STORY: VB

Legit Android apps poisoned by sticky 'Zombinder' malware

FROM THE MEDIA: Threat researchers have discovered an obfuscation platform that attaches malware to legitimate Android applications to lure users to install the malicious payload and make it difficult for security tools to detect. Analysts with cybersecurity vendor ThreatFabric found the platform, named "Zombinder," on the darknet while investigating a campaign that targeted both Android and Windows users with different types of malware. Zombinder came to light while the researchers were analyzing a campaign involving the Ermac Android banking trojan. That effort yielded evidence of another campaign using multiple trojans aimed at both Android and Windows systems.

READ THE STORY: The Register

This ransomware gang is a right Royal pain in the AES for healthcare orgs

FROM THE MEDIA: Newish ransomware gang Royal has been spotted targeting the healthcare sector, the US Department of Health and Human Services (HHS) has said. The crew emerged this year, and follows the standard double extortionware playbook: it steals data from infected networks, encrypts those files, and then demands a fee to recover the data and to also not publicly leak the documents. In a security bulletin this week HHS told healthcare organizations to be on alert. After Royal gangsters compromise a victim's network, they typically demand organizations cough up between $250,000 to more than $2 million each, we're told.

READ THE STORY: The Register

How ChatGPT is changing the way cybersecurity practitioners look at the potential of AI

FROM THE MEDIA: In certain cybersecurity circles, it has become something of a running joke over the years to mock the way that artificial intelligence and its capabilities are hyped by vendors or LinkedIn thought leaders. That’s partly why the reaction from information security professionals over the past week to ChatGPT has been so fascinating. A community already primed to be skeptical around modern AI has become fixated on the real potential cybersecurity applications of a machine-learning chatbot.

READ THE STORY: SCMAG

Drone Incursions on Rise: New form of Cross-Border Terrorism

FROM THE MEDIA: As per the data released by the Government of India, 171 unmanned aerial vehicles (UAV) or drones from Pakistan entered Punjab in the nine months from 1 January 2022 to 30 September 2022. Another 20 were seen in the Jammu sector, making the total 191. Seven were reportedly shot down by the Border Security Force (BSF) personnel in Punjab’s Amritsar, Ferozepur and Abohar regions. The actual observations of drones have been much higher, as some never crossed over for some reasons. This has become a major internal and external security concern for India.

READ THE STORY: iDR

Keystone pipeline shutdown could lead to shortage in US

FROM THE MEDIA: The shutting down of the Keystone Pipeline after the largest oil spill in a decade could lead to a crude supply shortage in the US, experts said Friday. The pipeline carries crude oil to the US from Alberta, Canada and US Transportation Secretary Pete Buttigieg announced Friday it was shut down Wednesday after leaking 14,000 barrels into a creek in the American state of Kansas. "We are monitoring amp; investigating the Keystone Pipeline leak first detected (Wednesday) night," Buttigieg wrote on Twitter. He said an order was issued "requiring a shutdown of the affected segment, analysis of the cause, and other safety measures."

READ THE STORY: Yeni Safak // Reuters

Satellite Image Shows Saudi Arabia's Sci-Fi Megacity 'The Line' Is Actually Being Built

FROM THE MEDIA: Saudi Arabia’s bizarre new megacity, “The Line,” is going full steam ahead. While construction began on the project in October, new satellite images have revealed how much ground the project has covered, the scale of the city’s length, and the layout of its construction site. MIT’s Technology Review reviewed satellite images of The Line’s construction site from an Australian company called Soar, with a photo of the main base camp having been taken by a satellite from Chang Guang Satellite Technology Corporation on October 22, 2022.

READ THE STORY: Gizmodo

Telstra privacy breach sees customer details made public

FROM THE MEDIA: The details of more than 130,000 Telstra customers have been published online due an internal error. Some names, addresses and phone numbers have been listed incorrectly on the White Pages and Directory Assistance Services websites, Telstra said. The company said no cyber hack was involved and called it "a result of the misalignment of databases." "We are removing the identified impacted customer details from the Directory Assistance service and the online version of the White Pages," Telstra Chief Financial Officer Michael Ackland said.

READ THE STORY: 9 News

What ChatGPT know about API Security

FROM THE MEDIA: There is no doubt that you heard about and seen the latest OpenAI’s brilliant called ChatGPT. It can write poems, speak many languages, answer questions, play chess, make code and impress everyone. In this post, we show a few more of how this AI model is good in cybersecurity, in particular in API Security implementations. ChatGPT is a natural language processing (NLP) model that uses large amounts of data to generate human-like responses to chat messages. It was trained on a dataset of over 1.3 billion words from various sources, including social media conversations, books, and news articles. The model uses GPT-3, the largest and most powerful language model to date, to generate responses that are relevant and coherent to the input text. Because of the wide range of data sources used for training, ChatGPT can answer a lot of questions, even on a super specific topic, such as API Security.

READ THE STORY: Security Boulevard

Items of interest

Analysis of U.S. Ability to Counter the Russian Threat in the Arctic

FROM THE MEDIA: From the end of World War II until the fall of the Soviet Union in 1991, the United States and Russia stood on opposing sides of a potential conflict. Through the U.S. strategies of containment and limited war, mutual destruction was avoided, and the spread of communism was held back. Eventually, economic pressure, partially caused by the arms race and partially deriving from the fallacy of communist economics, destroyed the Soviet Union. Unfortunately, it was replaced with the new Russia, which has similar expansionist goals.

READ THE STORY: Modern Diplomacy

Diamond industry under attack – Week in security with Tony Anscombe (Video)

FROM THE MEDIA: This week, ESET researchers published their findings about a new wiper, Agrius, and its execution tool, Sandals, both attributed to the Iran-aligned Agrius APT group. The researchers discovered the malicious tool while analyzing a supply-chain attack that abused an Israeli software developer.

SpaceX Starlink HACKED or Even Worse (Video)

FROM THE MEDIA: Elon Musk SpaceX Starlink was hacked or maybe even worse!

Daily Drop (338)

Bob Bragg — Fri, 09 Dec 2022 10:53:09 GMT

Friday, December 09, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

Researchers Uncover Darknet Service Allowing Hackers to Trojanize Legit Android Apps

FROM THE MEDIA: Researchers have shed light on a new hybrid malware campaign targeting both Android and Windows operating systems in a bid to expand its pool of victims. The attacks entail the use of different malware such as ERMAC, Erbium, Aurora, and Laplas, according to a ThreatFabric report shared with The Hacker News. "This campaign resulted in thousands of victims," the Dutch cybersecurity company said, adding, "Erbium stealer successfully exfiltrated data from more then 1,300 victims."

READ THE STORY: THN

MuddyWater Hackers Target Asian and Middle East Countries with Updated Tactics

FROM THE MEDIA: The Iran-linked MuddyWater threat actor has been observed targeting several countries in the Middle East as well as Central and West Asia as part of a new spear-phishing activity. "The campaign has been observed targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and the United Arab Emirates," Deep Instinct researcher Simon Kenin said in a technical write-up. MuddyWater, also called Boggy Serpens, Cobalt Ulster, Earth Vetala, Mercury, Seedworm, Static Kitten, and TEMP.Zagros, is said to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).

READ THE STORY: THN

Persecution of Falun Gong Laid Groundwork for China’s Digital Totalitarianism

FROM THE MEDIA: Former Chinese leader Jiang Zemin recently passed away, leaving behind a legacy that includes ushering China into a modern surveillance state. “Jiang took critical steps in the early days of the internet in China to build the system today known as the Great Firewall, cutting off Chinese users from the rest of the world,” Sarah Cook, research director for China, Hong Kong, and Taiwan at Freedom House, wrote on Twitter after China’s state-run media announced Jiang’s death on Nov. 30.

READ THE STORY: The Epoch Times

Android app with over 5m downloads leaked user browsing history

FROM THE MEDIA: A browsing app for Android devices, Web Explorer – Fast Internet, left open its Firebase instance, exposing app and user data, the Cybernews research team has discovered. Firebase is a mobile application development platform that offers many features, including analytics, hosting, and real-time cloud storage. Web Explorer – Fast Internet is a browsing app with over five million downloads on the Google Play store. It boasts of increasing browsing speed by 30% and has a user rating average of 4.4 out of five stars, across more than 58,000 reviews.

READ THE STORY: Security Affairs

APT37 Uses Internet Explorer Zero-Day to Spread Malware

FROM THE MEDIA: North Korean threat group APT37 was able to exploit an Internet Explorer zero-day vulnerability to deploy documents loaded with malware as part of its ongoing campaign targeting users in South Korea, including defectors, journalists, and human rights groups. Google's Threat Analysis Group (TAG) found the zero-day flaw in the Internet Explorer JScript engine in late October, tracked under CVE-2022-41128, and now reports that Microsoft was responsive and has issued applicable patches.

READ THE STORY: DARKReading

CommonSpirit Health ransomware attack exposed data of 623,000 patients

FROM THE MEDIA: CommonSpirit Health has confirmed that threat actors accessed the personal data for 623,774 patients during an October ransomware attack. This figure was published today on the U.S. Department of Health breach portal, where healthcare organizations are legally obligated to report data breaches impacting over 500 individuals. At the start of October, the Illinois-based non-profit health system first informed the public of a cyberattack that took down its IT systems. CommonSpirit Health is the second largest health system in the United States, operating 140 hospitals and over 1,000 care sites across 21 states, so any disruption in its operation has widespread impact potential.

READ THE STORY: Bleeping Computer

U.S. extends three firms' export ban over China exports

FROM THE MEDIA: The U.S. Commerce Department will continue to deny three U.S.-based firms' export privileges, the government announced on Thursday, saying the companies had illegally exported satellite, rocket and defense technology to China. The extension came after new concerns about Quicksilver Manufacturing Inc, Rapid Cut LLC and U.S. Prototype Inc, which the Commerce Department said in a June 7 order had sent technical drawings and blueprints from U.S. customers to manufacturers in China to 3-D print satellite, rocket and defense-related prototypes without authorization.

READ THE STORY: Reuters

US Health Dept warns of Royal Ransomware targeting healthcare

FROM THE MEDIA: The U.S. Department of Health and Human Services (HHS) issued a new warning today for the country's healthcare organizations regarding ongoing attacks from a relatively new operation, the Royal ransomware gang. The Health Sector Cybersecurity Coordination Center (HC3) —HHS' security team— revealed in a new analyst note published Wednesday that the ransomware group has been behind multiple attacks against U.S. healthcare orgs. "Since its appearance, HC3 is aware of attacks against the Healthcare and Public Healthcare (HPH) sector," the advisory says.

READ THE STORY: Bleeping Computer

Iranian APT Agrius Targets Diamond Industry Worldwide With Fantasy Wiper

FROM THE MEDIA: An Iran-based advanced persistent threat (APT) group known as Agrius has conducted supply chain-focused attacks against the diamond industry (and others) across three continents. The claims come from security researchers at welivesecurity by ESET, who published an advisory about Agrius on Wednesday. In the technical write-up, ESET senior threat intelligence analyst Adam Burgher said the team analyzed a supply chain attack targeted at an Israeli software developer to deploy Fantasy, Agrius’s new wiper. “The Fantasy wiper is built on the foundations of the previously reported Apostle wiper but does not attempt to masquerade as ransomware, as Apostle originally did,” Burgher explained.

READ THE STORY: InfoSecMag // SCMAG

Identification and Classification of Crypto-Malware Using ThreatMapper

FROM THE MEDIA: ThreatMapper, our open-source Cloud Native Application Protection Platform (CNAPP), now integrates natively with YaraHunter. YaraHunter is a powerful malware scanner for cloud-native – containers, images & hosts. In a previous post, we discussed scanning the cloud native assets for malware using YaraHunter – to identify and report possible indicators of malware across different cloud resources, pods, virtual machines, file systems, image registries, and build artifacts. In this post, we will discuss using ThreatMapper to classify various cloud-native malware, the enhancements to the Yara rulesets to identify crypto signature malware risks, and prioritize those risks using runtime context to build a better security posture.

READ THE STORY: Security Boulevard

REvil-hit Medibank to pull plug on IT, shore up defenses

FROM THE MEDIA: Australian health insurance company Medibank will take all of its IT systems offline and close its branches over the weekend as part of its ongoing efforts to improve security and recover from a massive data security breach in October. The planned outage, dubbed Operation Safeguard, begins at 2030 Sydney time on Friday, December 9. The insurer said it expects all systems to be back online by Sunday "at the latest." Microsoft's response team will show up at the insurer's Melbourne headquarters to help with the security overhaul.

READ THE STORY: The Register

Automated dark web markets sell corporate email accounts for $2

FROM THE MEDIA: Cybercrime marketplaces are increasingly selling stolen corporate email addresses for as low as $2 to fill a growing demand by hackers who use them for business email compromise and phishing attacks or initial access to networks. Analysts at Israeli cyber-intelligence firm KELA have closely followed this trend, reporting at least 225,000 email accounts for sale on underground markets. The largest webmail shops are Xleet and Lufix, claiming to offer access to over 100k breached corporate email accounts, with prices ranging between $2 and $30, if not more, for highly-desirable organizations.

READ THE STORY: Bleeping Computer

‘Zombinder’ service allows cybercriminals to easily add malware to legitimate apps

FROM THE MEDIA: A newly discovered service on the dark web has been found to allow cybercriminals to easily add malware to legitimate apps. Detailed today by researchers at ThreatFabric B.V., “Zombinder” was discovered while researching several cases of threat actors using a form of Android banking malware known as Ermac. As the researchers dug further, they uncovered a campaign that employed several different types of malware targeting Android and Windows users, including Erbium, the Aurora stealer and Laplas “clipper.”

READ THE STORY: SiliconAngle

Google: How Android’s Private Compute Core protects your data

FROM THE MEDIA: Google has disclosed more technical details about how Private Compute Core (PCC) on Android works and keeps sensitive user data processed locally on protected devices. Introduced in Android 12, PCC is a secure, isolated, and trusted environment within the operating system where data from sensors, GPS, microphone, camera, and screen are stored and processed to offer machine learning features to the user. Examples of those intelligent features include 'Live Caption,' which uses the microphone for speech recognition, 'Now Playing,' which recognizes the song, or 'Smart Reply,' which suggests responses in messaging apps.

READ THE STORY: Bleeping Computer

Ukraine-Russia War: Putin Hedging on Cyberwarfare

FROM THE MEDIA: If there’s one thing we learned in this months-long run of the Ukraine-Russia war, it is that Russian troops are not only demoralized but have fallen short of expectations. Moreover, many of the factors of their loss could be attributed to poor military leadership compared to Ukraine’s highly streamlined directives from their generals. Nonetheless, Russia continues to attack Ukrainians in more ways than the battle on the borders. One way they’re doing that is by cyber warfare. Russia has been using highly sophisticated cyber-attacks to achieve its strategic objectives in Ukraine.

READ THE STORY: SOFREP

Novel Botnet Dubbed 'Zerobot' Targets Slew of IoT Devices

FROM THE MEDIA: A novel botnet is taking advantage of vulnerabilities in a slew of networking equipment and networked cameras with an emphasis on equipment manufactured in East Asia. Among the targeted devices are three types of Totolink-brand routers made by Hong Kong-based Zioncom and a variety of cameras made by China-based Hikvision. The botnet, dubbed Zerobot by cybersecurity firm Fortinet, also uses a vulnerability identified in thermal sensor cameras made by U.S.-based Teledyne FLIR.

READ THE STORY: BankInfoSec

North Korea using freelance techies to fund missiles and nukes

FROM THE MEDIA: North Korean IT pros are using freelancing platforms to earn money that the nation's authoritarian government uses to fund the development of missiles and nuclear weapons, according to South Korea's government. Seoul therefore wants gig platforms to impose stricter checks to restrict its enemy's activities. South Korea's intelligence services, national police, and five ministries yesterday published a warning about the North's (DPRK) tactics.

READ THE STORY: The Register

Elon Musk's brain chip company has killed so many animals that the USDA is investigating them

FROM THE MEDIA: Elon Musk can't stay out of the headlines. The Silicon Valley tycoon, already under fire for making a series of unpopular changes at Twitter after purchasing the company for a deal in which he admits he overpaid, is embroiled in a new controversy over Neuralink — a smaller company he founded with the express intent to develop implantable brain chips that can interact with computers. In the process of testing brain implants on animals, Neuralink has allegedly killed almost all of them. Now, Musk's medical device company is being investigated by the federal government for possible animal-welfare violations.

READ THE STORY: Salon

Overlooked Chinese Chip Maker’s Military-Industrial Ties Revealed

FROM THE MEDIA: A critical yet little-known chipmaker that supplies several big-name Chinese military companies is facing heightened scrutiny as a new report, expected today, will warn that Beijing wants to use the firm to increase foreign dependency on Chinese supply chains. Its release comes amid news that Congress this week watered down a bill to address that threat. Critical yet little-known chipmaker that supplies several big-name Chinese military companies is facing heightened scrutiny as a new report, expected today.

READ THE STORY: National Review

Metropolitan Opera dealing with cyberattack that shut down website, box office

FROM THE MEDIA: The Metropolitan Opera confirmed that it is dealing with a crippling cyberattack that has shut down their website and box office. The New York-based opera house said on Wednesday evening that the cyberattack impacted their network systems, including their “website, box office, and call center.” While all performances will continue as scheduled, the organization is unable to process new ticket orders or provide exchanges and refunds. “Once normal operations have resumed, we will honor all refunds and exchanges that we have been unable to process during this period,” the company said in a statement on Twitter.

READ THE STORY: The Record

South Korean authorities issue warning about disguised North Koreans getting IT jobs

FROM THE MEDIA: South Korean authorities issued an interagency advisory Thursday warning companies about hiring North Korean IT workers who disguise their true nationality and use their wages to help fund the country’s sanctioned nuclear weapons program. The advisory was published by several ministries, alongside South Korea’s National Police Agency and its National Intelligence Service, requesting “enhanced due diligence and more stringent identity verification process from domestic companies to avoid hiring or engaging in business contracts with [North Korean] IT workers who disguise their nationality and identities.”

READ THE STORY: The Record

US National Cyber Director plans Japan trip to bolster digital cooperation

FROM THE MEDIA: U.S. National Cyber Director Chris Inglis plans on traveling to Japan later this month to advise government officials there on bolstering cybersecurity defenses, according to a source briefed on the upcoming trip. The official visit appears to be an effort to improve cybersecurity cooperation with a key ally in Asia amid a strained relationship between the United States and China, according to two people who confirmed Inglis’ travel plans but asked not to be named because they are not authorized to speak to the press.

READ THE STORY: Cyberscoop

Google Ad Manager outage costs big websites ad sales

FROM THE MEDIA: A Google service relied upon by many large websites to sell and display ads was down for about three hours Thursday, denying major news publishers revenue during the crucial holiday period, two sources familiar with the matter said. "The issue with Google Ad Manager has been resolved and ad serving has now been restored for the affected users,” Google said in a tweet on Thursday evening. “We apologize for the inconvenience.”

READ THE STORY: Reuters

Killer robots have arrived to Ukrainian battlefields

FROM THE MEDIA: Amid Ukraine’s muddy trench warfare, grinding artillery bombardments and Soviet-era tank battles, a futuristic digital war is waged as the line between human and machine decision-making becomes ever thinner. Since Russia invaded Ukraine in February, AI-powered drones — both homemade and highly sophisticated — have been deployed on an unprecedented scale on the battlefield. Russia has reportedly used the Kalashnikov Kub and Lancet Kamikaze “highly autonomous” drones. Ukraine has relied on the Turkish Bayraktar TB2 that has autonomous flight capabilities and boasts “laser guided smart ammunition.”

READ THE STORY: .Coda

China's Reported Manipulation of Twitter Draws Lawmaker Questions

FROM THE MEDIA: Influential lawmakers on the House Intelligence Committee sent a letter to Twitter CEO Elon Musk on Tuesday expressing “deep concern” over reports that the People’s Republic of China—or PRC—orchestrated a manipulation campaign on the social media platform to obscure news about mass public demonstrations across the country. “We are gravely concerned about the potential impacts of the PRC’s growing cyber-enabled capabilities, including foreign malign influence operations, on U.S. national security interests both at home and abroad,” Committee Chairman Adam Schiff, D-Calif., and Reps. Raja Krishnamoorthi, D-Ill., and Jackie Speier, D-Calif., said in the Dec. 6-dated letter.

READ THE STORY: NextGov

Semiconductors, The Fourth Industrial Revolution and the End of Globalization

FROM THE MEDIA: Semiconductors are a key player in the Fourth Industrial Revolution as they are at the heart of so many inventions with potential to dramatically affect the production capabilities in many industries, including computing, healthcare, military systems, transportation, and clean energy. But, as only a handful of countries have the complex knowledge and capital capacity needed to produce them, their limited supply became a geopolitical thorn involving harsh trade wars and security risks.

READ THE STORY: Yahoo Finance

Rise of deep-fakes to spread misinformation for Ukraine – Russia crisis, possible spillovers, and impact

FROM THE MEDIA: Volodymyr Zelensky appeared in a video during the third week of the Ukraine crisis earlier this year, wearing a dark green shirt and speaking slowly and deliberately while standing behind a white presidential podium bearing his country’s coat of arms. The Ukrainian president’s body barely moved as he spoke, with the exception of his head. As he appeared to exhort Ukrainians to surrender to Russia, his voice sounded warped and almost gravelly. In the tape, which was instantly detected as a deep-fake, he appeared to say, in Ukrainian, “I ask you to lay down your weapons and go back to your families,” “This war is not worth dying for.

READ THE STORY: Modern Diplomacy

Items of interest

NDAA requires intelligence agencies to study creation of cyber collaboration program

FROM THE MEDIA: Key federal agencies in charge of intelligence and cybersecurity will be required by the upcoming National Defense Authorization Act (NDAA) bill to study how to build a new cyber information collaboration environment to enable government and industry to better mitigate malicious cyber activity. The leaders of the National Security Agency (NSA) and Cybersecurity & Infrastructure Security Agency (CISA) will be required by April 30, 2023, to conduct a study and brief relevant Armed Services Committees in Congress regarding how Department of Defense components and entities, such as the NSA, can support the development of a “cyber threat information collaboration environment program,” the NDAA 2023 bill stated.

READ THE STORY: Fedscoop

Stephan Gerling - Yacht Hacking from SatCOM to engine control - DEF CON 27 Hack the Sea Village (Video)

FROM THE MEDIA: Yacht Hacking from SatCOM.

Hack a Satellite [Hack-A-Sat] Contest | DEF CON 29 (Video)

FROM THE MEDIA: Hacking a Satellite is beyond standard application and web security. When I stumbled across Hack-A-Sat at DEF CON 29, I had to stop and hear about what it was all about.

Daily Drop (337)

Bob Bragg — Thu, 08 Dec 2022 11:04:27 GMT

Thursday, December 08, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

Iranian hackers accused of targeting diamond industry with wiper malware

FROM THE MEDIA: Hackers allegedly connected to the Iranian government have been accused of targeting diamond companies in South Africa, Israel and Hong Kong with a wiper malware built to destroy data. Researchers from ESET attributed the wiper tool – named Fantasy – to the Agrius APT group, which other researchers have indicated has ties to Iran’s government. ESET said the group is a newer Iran-aligned group targeting victims primarily in Israel and the United Arab Emirates since 2020.

READ THE STORY: The Record // THN

Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers

FROM THE MEDIA: An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware. The discovery, reported by Google Threat Analysis Group researchers Benoît Sevens and Clément Lecigne, is the latest set of attacks perpetrated by ScarCruft, which is also called APT37, InkySquid, Reaper, and Ricochet Chollima.

READ THE STORY: THN // Reuters // Duo // VOA // The Record

How the Decades-Long Chinese Espionage Campaign "Stole" US Military Technology

FROM THE MEDIA: Paradigm-changing deep-penetrating warheads, new hardened, heat resistant nano-composite materials enabling hypersonic weapons flight, vertical take-off-and-landing drones and a new generation of submarine “quieting” technologies are all massively impactful breakthrough technology of vital significance to cutting-edge and future US weapons systems. All of these areas of innovation and scientific exploration, some of which involved the discovery and development of “disruptive” or breakthrough technologies, were heavily focused upon in recent decades at the well known, prestigious US Los Alamos National Laboratory.

READ THE STORY: Warrior Maven

UK lawmakers warned of cyber-attacks and possible harassment from Iranian operatives

FROM THE MEDIA: British lawmakers have been warned to be on alert for cyber-attacks and possible harassment from Iranian operatives, according to correspondence sent to lawmakers in both the upper and lower chambers last month. In letters sent on November 21, which were obtained by CNN, the speakers of the House of Commons and the House of Lords reminded members of parliament to increase the security of their mobile devices. The speakers said the police and intelligence agencies had not discovered “any hostile Iranian activity specifically focused on Parliamentarians.”

READ THE STORY: CNN

U.S. Security Reviews of Foreign Tech Are Going Wide

FROM THE MEDIA: Communications Commission banned the sale of equipment in the U.S. made by Chinese tech firms Huawei and ZTE . It was the first time the agency blocked the commercial sale of technology equipment on national security grounds. Then, last week, Team Telecom, the U.S. executive branch committee that screens foreign-linked telecommunications projects for national security risks, recommended blocking a proposed submarine cable from Cuba to the United States. Part of the stated concern was that Cuban intelligence could access sensitive information flowing over the infrastructure.

READ THE STORY: Barrons // The Epoch Times

How Railroads Mitigate Cyberthreats Against Their Networks

FROM THE MEDIA: What if hackers attacked a rail company 2,745,267 times in just six weeks? This was the thought experiment conceived by Project Honeytrain, which was created in 2015 by European security experts to analyze how cybercriminals would gain access to a Potemkin railroad created wholly online. The primary method of assault was millions of automated dictionary attacks, which work to break unknown passwords. Some hackers got inside and wrested control of the headlight system on a hypothetical locomotive. The top country originating the incursions? China.

READ THE STORY: StateTech

Data Brokers Are a Threat to National Security

FROM THE MEDIA: While there are numerous definitions of data brokers, at their core, data brokers collect and sell information on individuals with whom they have no “direct relationship.” More important, though, is the “data brokerage ecosystem,” which includes not only the brokers but also companies that provide a product to consumers and, in return, gather information from them. Billions of data points are collected on Americans. Every time a product is purchased, a smart car is driven, or an application is downloaded, new data points are created.

READ THE STORY: USNI

IT Army of Ukraine Hit Russian Banking Giant with Crippling DDoS Attack

FROM THE MEDIA: Russia’s second-largest bank experienced the largest cyber attack (DDoS attack) in its history. The government-controlled St Petersburg-based VTB financial institution announced on Tuesday that it was experiencing an “unprecedented cyber attack from abroad.” The bank warned customers of temporary difficulties in accessing its mobile app and website due to the ongoing DDoS attack (distributed denial of service attack) but assured them that their data remained safe. VTB stores its customer data in the internal perimeter of its infrastructure which the attackers did not breach.

READ THE STORY: HACKRead

Israel targeted by suspected Iranian threat actor

FROM THE MEDIA: A new ransomware group that is apparently motivated more by politics than profit has been spotted in the wild by cyber defense company Cyble. Calling itself BlackMagic, it is believed to be linked to Iran and primarily going after companies in Israel. The group appears to be opting for the double extortion tactic, stealing the victim organization’s vital data as well as rendering it beyond the owner’s use by encrypting it. “During a routine threat-hunting exercise, Cyble came across a new group named BlackMagic,” said the analyst.

READ THE STORY: Cybernews

CloudSEK claims it was hacked by another cybersecurity firm

FROM THE MEDIA: Indian cybersecurity firm CloudSEK says a threat actor gained access to its Confluence server using stolen credentials for one of its employees' Jira accounts. While some internal information, including screenshots of product dashboards and three customers' names and purchase orders, was exfiltrated from its Confluence wiki, CloudSEK says the attackers didn't compromise its databases. "We are investigating a targeted cyber attack on CloudSEK. An employee's Jira password was compromised to get access to our confluence pages," the company's CEO and founder, Rahul Sasi, said on Tuesday.

READ THE STORY: Bleeping Computer

Ensuring compliance without compromising on IT modernization initiatives

FROM THE MEDIA: Balancing the need to meet today’s security goals and existing compliance mandates demands a more modern approach to cloud workloads, says a former federal security leader now working at Google. That is why Google Cloud is working to modernize the way it integrates compliance controls into its platform that can help government customers more easily integrate federal and DOD frameworks into their workloads. “’Compliance without compromise’ means bringing the best of Google in a way that government can use because we are compliant with their various FedRAMP and DOD frameworks.

READ THE STORY: Cyberscoop

New Zerobot malware has 21 exploits for BIG-IP, Zyxel, D-Link devices

FROM THE MEDIA: A new Go-based malware named ‘Zerobot’ has been spotted in mid-November using exploits for almost two dozen vulnerabilities in a variety of devices that include F5 BIG-IP, Zyxel firewalls, Totolink and D-Link routers, and Hikvision cameras. The purpose of the malware is to add compromised devices to a distributed denial-of-service (DDoS) botnet to launch powerful attacks against specified targets. Zerobot can scan the network and self-propagate to adjacent devices as well as run commands on Windows (CMD) or Linux (Bash).

READ THE STORY: Bleeping Computer

Vice Society ransomware 'persistent threat' to education sector

FROM THE MEDIA: Vice Society is actively targeting the education sector, with 33 schools listed on its public data leak site so far this year, according to new research. Using information collected from incident response cases and Vice Society's victims list, Palo Alto Networks' Unit 42 threat researcher J.R. Gumarin determined that the ransomware group remains a "persistent threat" to K-12 and higher education institutions.

READ THE STORY: TechTarget

Apple unveils new cybersecurity measure for iMessage, iCloud and more

FROM THE MEDIA: Apple announced several new security features designed to better protect users from an array of emerging threats. On Wednesday, the tech giant unveiled three new features: iMessage Contact Key Verification, Security Keys for Apple ID and Advanced Data Protection for iCloud. The new features for iMessage will allow users to verify that they are only sending messages to the intended person and the Apple ID tool will give customers the chance to mandate that a physical security key is needed to sign into their Apple ID account.

READ THE STORY: The Record // AXIOS

Musk launches govt-focused satellite internet service called Starshield

FROM THE MEDIA: Elon Musk-run SpaceX has announced a new government-focused satellite internet service called Starshield with a focus on "national security".
Starshield leverages SpaceX's Starlink technology and launch capability to support national security efforts, the company said on its website. While Starlink is designed for consumer and commercial use, Starshield is designed for government use, with an initial focus on three areas: Earth observation, communications and hosted payloads.

READ THE STORY: ET

Defense Innovation Unit seeks commercial options to deploy satellites in deep space

FROM THE MEDIA: The Defense Innovation Unit is seeking proposals for commercial services to deploy and operate payloads in outer space beyond Earth orbit, an area known as cislunar space. DIU, a Defense Department agency created to bring commercially developed technology into military programs, is looking for “responsive access” to the vast region of space that begins at geosynchronous Earth orbit and extends out to the Earth-moon Lagrange point on the far side of the moon.

READ THE STORY: SN

“Commercial Spyware” Vendor Linked to Exploitation Framework Using Zero-Days in Chrome, Firefox and Windows

FROM THE MEDIA: A spyware vendor in Spain has been linked to a zero-day exploitation framework that impacted Windows, as well as the Chrome and Firefox browsers, from 2018 to 2021. Variston IT, based in Barcelona, publicly bills itself as a security firm. The exploitation framework is not advertised on its website, and it is unclear exactly who the firm was providing this spyware to. The exploitation framework was outlined by Google’s Threat Analysis Group in a recent blog post. Though Variston IT does not advertise or claim the spyware, the Google researchers presented markers found in its code including a script that is signed by the company.

READ THE STORY: CPO

All Eyes on Colombia’s Tech Sector

FROM THE MEDIA: While the benefits and opportunities that technology and digitization have reaped for Colombia are undeniable—for example, for the innovation in commercial, productive, and scientific search, as well as making more agile several production and institutional processes, there are still very significant human elements that make its systems vulnerable to cybersecurity threats, espionage and breaches of information.

READ THE STORY: The Global Americans

Alphabet To Merge Waze And Google Maps Teams

FROM THE MEDIA: Alphabet to make some consolidation around its mapping and navigation units, amid pressure at the search engine giant to cut costs and consolidate operations. Reuters reported Google as saying on Thursday that it will merge its teams working on mapping service Waze and products like Google Maps, effective Friday 9 December, in a bid to consolidate processes. Google indicated that it didn’t expect any layoffs as part of the reorganization, but Waze CEO Neha Parikh will exit the company following a transition period.

READ THE STORY: Silicon

The Ethics of Espionage

FROM THE MEDIA: As the war in Ukraine continues, the pressure on western, Ukrainian and Russian spies to gain intelligence that will give one side a battlefield advantage is intense. At the same time, spies from all around the world are trying to gain insight into President Putin’s mind and predict what he might do next, including under what circumstances he would use nuclear weapons. There are also, hopefully, spies trying to gain insight into who might succeed Putin.

READ THE STORY: Aero

Equinix to reduce overall power by adjusting data center temperature range

FROM THE MEDIA: Equinix will begin to define a multi-year global roadmap for thermal operations within its data centers aimed at achieving more efficient cooling and decreased carbon impacts. IT equipment within data centers, including routers, servers and storage arrays, emit high levels of heat that requires data centers to be fitted with robust cooling systems to remove that heat. The initiative is expected to enable thousands of customers to reduce the Scope 3 carbon emissions associated with their data center operations.

READ THE STORY: iTwire

Inside Estonia’s efforts to help Ukraine fend off Russian hackers

FROM THE MEDIA: Ukraine has surprised the world with its ability to fend off major cyberattacks from Russia. And one small country — Estonia — has played an outsized role in helping them do so. The nation of just over 1 million, which has fought off cyberattacks inside its borders from Russia for years, is now leading many of the efforts to provide cyber threat intelligence, funding and critical international connections to protect Ukraine from Russian hackers.

READ THE STORY: Politico

Supply chains risk a dose of 'long-Covid' thanks to inflation and weak global markets

FROM THE MEDIA: While supply chain problems may have eased, they are far from over with further challenges on the horizon, according to a risk analysis by Massey University. Senior lecturer in supply chain management Dr Carel Bezuidenhout says that while New Zealand seems to be emerging from a period of unprecedented disruption, our supply chains still appear to be suffering from “a little bit of long-Covid”. A report on the outlook for 2023 from Massey’s supply chain risk analytics network shows inflation and weaknesses in global markets, combined with high inventory levels, labor shortages, freight issues and fall out from the war in Ukraine will continue to have an influence.

READ THE STORY: Stuff

New Arms War: Applications

FROM THE MEDIA: In three years working for the U.S. Air Force, Nic Chaillan stood up PlatformOne, a multi-cloud DevOps program supporting 100,000 developers writing battlefield programs for the U.S. Air Force, Navy and Army. The platform includes more than a thousand hardened open source programs (which he likens to Lego building blocks) shared between different branches of the armed forces and defense contractors serving these agencies. “PlatformOne is our DevSecOps enabler to allow Navy, Army and Air Force partners to build their systems, including connected weapons systems, with an agile frame of mind and to deliver capabilities into the hands of the warfighter multiple times a day rather than the three- to five-year cycles typically associated with updating government systems,” he explains.

READ THE STORY: Security Boulevard

Items of interest

DoD Space Policy Director Lays Out China’s Military Space Developments

FROM THE MEDIA: China has launched 150 satellites so far this year to bring its total to 650 and is expected to develop an anti-satellite (ASAT) weapon targeting Geosynchronous Earth orbit (GEO) systems, a top Pentagon official said on Dec. 6. “China has the operational direct ascent ASAT missile intended to target Low Earth Orbit satellites, and the intelligence community assesses that China probably intends to develop a similar system to target satellites up to Geosynchronous Earth orbit,” Travis Langster, the U.S. Department of Defense principal director of space and missile defense policy, told an Atlantic Council forum on U.S. preparation for future space contingencies.

READ THE STORY: Via Satellite

Why India Is Weaponizing Outer Space (Video)

FROM THE MEDIA: The Indian space organization has come a long way from its humble beginnings in the 1960s. At its inception, India's space program was driven by a desire to do good for the nation and its people.

Project NIKE: Earliest US Air Defense Program - Cold War DOCUMENTARY (Video)

FROM THE MEDIA: Our historical documentary series on the history of the Cold War continues with a video on the project NIKE - the earliest US Air Defense System.

Daily Drop (337)

Bob Bragg — Wed, 07 Dec 2022 11:15:36 GMT

Wednesday, December 07, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

Can Bitcoin Be a Weapon of War in the Ongoing Israeli-Palestinian Conflict

FROM THE MEDIA: Can Bitcoin become a weapon of war? First, Russia-Ukraine, and now Palestinians in the Gaza Strip are showing interest in Bitcoin and other cryptocurrencies. While the answers may become obvious, there are still some practical issues with crypto usage pre- and post-war. How does a war, whether on a state or national level, affect cryptocurrencies? Geopolitical tensions are at an all-time high, while the threat of a potential world war continues to rage on, most recently triggered by the unfortunate conflicts between Russia and Ukraine. These instances demonstrate that cryptocurrencies such as Bitcoin play a vital role in a fight to survive.

READ THE STORY: BEINGCRYPTO

How a Russian oil tanker tried to conceal its location

FROM THE MEDIA: A Russian oil tanker sought to disguise its whereabouts by using sanction-busting techniques, adding to growing evidence that Moscow-linked operators have acquired the means to blunt western oil export restrictions imposed in retaliation for Vladimir Putin’s invasion of Ukraine. Shipping brokers have warned that Russia has amassed a “shadow fleet” of more than 100 tankers to carry crude and circumvent an EU ban on seaborne oil imports and a G7-led initiative to impose a price cap on Russian crude shipped elsewhere.

READ THE STORY: FT

Microsoft: Hackers target cryptocurrency firms over Telegram

FROM THE MEDIA: Microsoft's Security Threat Intelligence Center (MSTIC) is tracking the activity under the name DEV-0139, and builds upon a recent report from Volexity that attributed the same set of attacks to North Korea's Lazarus Group. DEV-0139 via Telegram groups used to communicate with the firms' VIP customers. "Microsoft recently investigated an attack where the threat actor, tracked as DEV-0139, took advantage of Telegram chat groups to target cryptocurrency investment companies," the company's Security Threat Intelligence team revealed.

READ THE STORY: Bleeping Computer // THN

UK lawmakers warned of cyber-attacks and possible harassment from Iranian operatives

READ THE STORY: CNN

Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks

FROM THE MEDIA: A malicious campaign targeting the Middle East is likely linked to BackdoorDiplomacy, an advanced persistent threat (APT) group with ties to China. The espionage activity, directed against a telecom company in the region, is said to have commenced on August 19, 2021 through the successful exploitation of ProxyShell flaws in the Microsoft Exchange Server. Initial compromise leveraged binaries vulnerable to side-loading techniques, followed by using a mix of legitimate and bespoke tools to conduct reconnaissance, harvest data, move laterally across the environment, and evade detection.

READ THE STORY: THN

How Elon Musk is complicating America’s understanding of free speech

FROM THE MEDIA: Last week, Elon Musk promised the world that a treasure trove of internal Twitter documents showing how the social media company had suppressed reporting on Hunter Biden’s laptop in 2020 would be released. These so-called Twitter Files were proof of “free speech suppression,” the billionaire claimed. The document dump, such as it was, turned out to yield little new information. But for supporters, the details are less important than the narrative: another battle in Musk’s grand war to protect and enable “free speech” — seemingly everywhere and anywhere.

READ THE STORY: NBC NEWS

How Far Should Tech Companies Go to Neutralize Cyber Threats

FROM THE MEDIA: A recent article in Lawfare highlighted the increasing role of the private sector in a nation’s cyber defense posture during periods of armed conflict. Specifically, the article emphasized Microsoft’s role in defending not only Ukraine, but the larger global community, from the cyber attacks that have occurred since Russia invaded its neighbor. The message is clear: Microsoft’s unique position as an international tech company with global visibility into the activities transpiring in cyberspace has made it an integral partner for governments.

READ THE STORY: OODALOOP

How one Russian group exposed the soft underbelly of federal cyber defenses

FROM THE MEDIA: In early November, at least two agencies fell victim to a cyber attack from a group based in Russia. The hacking group Killnet took responsibility on Twitter for taking down sites run by the Commerce Department and the Cybersecurity and Infrastructure Security Agency in the Department of Homeland Security. While the distributed denial of service (DDoS) attack was more of a headache than anything else.

READ THE STORY: Federal News Network

Microsoft: (Cyber) winter is coming as DDoS attack disrupts Russian bank

FROM THE MEDIA: Microsoft has warned Europe to be on alert for cyber attacks from Russia this winter, just as a series of attacks hit Russian organizations – including the country's second-largest bank. The government-controlled St Petersburg-based VTB financial institution announced on Tuesday it was facing an "unprecedented cyber attack from abroad," and added that the DDoS flood was the largest in the bank's history. "Analysis of the DDoS attack indicates that it is planned and large-scale," the bank said in a statement released to Russian media. "Its purpose is to cause inconvenience to the bank's customers by hindering the operation of banking services."

READ THE STORY: The Register

Swiss Government Wants to Implement Mandatory Duty to Report Cyber-Attacks

FROM THE MEDIA: The Swiss government has asked Parliament to amend the Information Security Act to make it mandatory for critical infrastructure providers to report cyber-attacks to the National Cyber Security Centre (NCSC). The move would be aimed at shedding light on hackers and sounding the alarm more widely on cyber-threats in the country. "Successful cyber-attacks can have far-reaching consequences for the availability and security of the Swiss economy," reads a press release published last Friday.

READ THE STORY: InfoSecMag

Amnesty International Canada claims attack by China-backed forces

FROM THE MEDIA: The Canadian branch of Amnesty International was the target of an attack it has pinned on a Chinese state-sponsored actor. The human rights organization said it could not find evidence of donor or membership data theft, but it was speaking publicly about the attack to "caution other human rights defenders on the rising threat of digital security breaches." The attackers reportedly sought the organization's contacts and details of its future plans. The org brought on cyber security and forensic experts to investigate and protect its systems after it detected suspicious activity in its IT infrastructure in early October.

READ THE STORY: The Register // Bleeping Computer

Iran-backed hackers allegedly responsible for phishing attacks on human rights activists

FROM THE MEDIA: An investigation from Human Rights Watch has uncovered an Iranian government-backed social engineering and credential phishing campaign targeting activists, journalists, and politicians working on issues in the Middle East and North Africa. Two Human Rights Watch staff members are among the victims, along with at least eighteen other individuals, including a correspondent for a major US newspaper, a women’s rights defender based in the Gulf region, and Nicholas Noe, an advocacy consultant for Lebanon-based Refugees International. Victims received messages on WhatsApp containing links to fake login pages where their email password and authentication code were captured.

READ THE STORY: The Cyberwire

Microsoft warns that Russian cyberattacks may extend beyond Ukraine

FROM THE MEDIA: As 2022 draws to a close and the Russian-Ukrainian conflict continues, Microsoft’s Digital Threat Analysis Center is warning that a recent ransomware-style attack on Poland and the amplification of Russian propaganda may be a preview for countries aiding Ukraine. In a Dec. 3 blog post, Clint Watts, the general manager of Microsoft’s threat center, said wiper attacks on infrastructure by Russian-affiliated cyberthreat actors moved outside Ukraine to Poland in a “possible attempt to disrupt the movement of weapons and supplies to the front.” "We believe these recent trends suggest that the world should be prepared for several lines of potential Russian attack in the digital domain over the course of this winter," Watts wrote.

READ THE STORY: SCMAG

Antwerp's city services down after hackers attack digital partner

FROM THE MEDIA: The city of Antwerp, Belgium, is working to restore its digital services that were disrupted last night by a cyberattack on its digital provider. The disruption has affected services used by citizens, schools, daycare centers, and the police, which have been working intermittently today. An investigation is ongoing, but the little information available points to a ransomware attack from a threat actor that has yet to be disclosed. According to Het Laatste Nieuws (HLN), the hackers were able to disrupt Antwerp's services after breaching the servers of Digipolis, the city's digital partner that provides administrative software.

READ THE STORY: Bleeping Computer

Overshadowed by failures, crypto hacking exacts higher price

FROM THE MEDIA: The cryptocurrency industry is circling the wagons in defense as hackers siphon more money from the sector each year. Hackers made off with more than $3 billion in digital assets so far this year, according to research firm Chainalysis. In October alone, $718 million was taken in 11 different hacks, making it the worst month in the worst year for crypto hacking, the firm said. That included $100 million from the largest cryptocurrency exchange in the world, Binance, when its blockchain network, Binance Smart Chain, was exploited.

READ THE STORY: OODALOOP

Suspects arrested for hacking US networks to steal employee data

FROM THE MEDIA: Four men suspected of hacking into US networks to steal employee data for identity theft and the filing of fraudulent US tax returns have been arrested in London, UK, and Malmo, Sweden, at the request of the U.S. law enforcement authorities. The suspects identified in four recently unsealed U.S. indictments are Akinola Taylor (Nigeria), Olayemi Adafin (United Kingdom), Olakunle Oyebanjo (Nigeria), and Kazeem Olanrewaju Runsewe (Nigeria). The four men are accused of transnational wire fraud and identity theft for filing false tax claims with the United States Internal Revenue Service (IRS) to steal money from the agency through tax refunds.

READ THE STORY: Bleeping Computer

Samsung Galaxy S22 hacked twice on first day of Pwn2Own Toronto

FROM THE MEDIA: Contestants have hacked the Samsung Galaxy S22 smartphone twice during the first day of the Pwn2Own Toronto 2022 hacking competition, the 10th edition of the consumer-focused event. The STAR Labs team was the first to successfully exploit a zero-day on Samsung's flagship device by executing their improper input validation attack on their third attempt, earning $50,000 and 5 Master of Pwn points. Another contestant, Chim, also demoed a successful exploit targeting the Samsung Galaxy S22 and was able to execute an improper input validation attack earning $25,000 (50% of the prize for the second round of targeting the same device) and 5 Master of Pwn points.

READ THE STORY: Bleeping Computer

Rise of the bots: ‘Scary’ AI ChatGPT could eliminate Google within 2 years

FROM THE MEDIA: It’s the little engine that could … bring down Google and perhaps the human race. A tech company has developed a state-of-the-art AI chatbot so sophisticated that it could render search engines — not to mention countless jobs — obsolete. Unveiled last week by the OpenAI company, ChatGPT has already amassed more than 1 million users worldwide with its advanced functions, which range from instantaneously composing complex essays and computer code to drafting marketing pitches and interior decorating schemes.

READ THE STORY: NYPOST

New Go-based Zerobot Botnet Exploiting Dozen of IoT Vulnerabilities to Expand its Network

FROM THE MEDIA: A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen security vulnerabilities in the internet of things (IoT) devices and other software. The botnet "contains several modules, including self-replication, attacks for different protocols, and self-propagation," Fortinet FortiGuard Labs researcher Cara Lin said. "It also communicates with its command-and-control server using the WebSocket protocol." The campaign, which is said to have commenced after November 18, 2022, primarily singles out the Linux operating system to gain control of vulnerable devices.

READ THE STORY: THN // CyberScoop

Threat Actors Use Malicious File Systems to Scale Crypto-Mining Operations

FROM THE MEDIA: Threat actors have been observed using an open-source tool called PRoot to increase the scope of their operations to several Linux distributions. The Sysdig Threat Research Team (TRT) has discovered the technique and explained earlier this week why it is particularly dangerous. “Typically, the scope of an attack is limited by the varying configurations of each Linux distribution,” the company wrote in an advisory published on Monday. “Enter PRoot, an open-source tool that provides an attacker with a consistent operational environment across different Linux distributions, such as Ubuntu, Fedora, and Alpine. PRoot also provides emulation capabilities, which allow for malware built on other architectures, such as ARM [advanced RISC machine], to be run.”

READ THE STORY: InfoSecMag

Largest Dark Web Webinjects Marketplace “In The Box” Discovered

FROM THE MEDIA: According to Resecurity’s cybersecurity researchers, the new marketplace, called “In The Box” has been available for scammers and cybercriminals on the TOR network since at least early May 2020. Since then, the marketplace has evolved into a full-fledged cybercrime services facilitator and has become the Dark Web’s largest marketplace, given the many unique tools and WEB-injects up for sale. Cybercriminals can use these tools for online banking and financial fraud, including theft.

READ THE STORY: HACKREAD

What Will It Take to Secure Critical Infrastructure

FROM THE MEDIA: Securing critical infrastructure is complicated because of the vast network of facilities and management systems. Threats targeting this sector can have dire consequences, and when attacks do happen, they're often accompanied by a media storm. This generates interest among concerned citizens, which prompts a reaction from politicians, who are spurred into action to ensure the necessary cyber protections are implemented to calm the concerned citizens — the electorate.

READ THE STORY: DarkReading

Want to detect Cobalt Strike on the network? Look to process memory

FROM THE MEDIA: Enterprise security pros can detect malware samples in environments that incorporate the highly evasive Cobalt Strike attack code by analyzing artifacts in process memory, according to researchers with Palo Alto Networks' Unit 42 threat intelligence unit. Cobalt Strike is possibly the best-known example of legitimate commercial security software – it was designed to help red teams test their organizations' cyber defenses – that has been co-opted by threat groups that use it to get around those defenses. The Nighthawk command-and-control framework could become another example of abused legit infosec software.

READ THE STORY: The Register

South Pacific vacations may be wrecked by ransomware

FROM THE MEDIA: New Zealand's Privacy Commission has signalled it may open an investigation into local managed services provider Mercury IT, which serves many government agencies and businesses and has been hit by ransomware. Mercury's website is, at the time of writing, a single page that states "Mercury IT provides a wide range of IT services to customers throughout New Zealand." But according to the privacy commissioner, on or before November 30 Mercury was attacked.

READ THE STORY: The Register

This dangerous botnet might have been taken down by a simple typo

FROM THE MEDIA: A threat actor irretrievably destroyed its own botnet with nothing more than a typo. Cybersecurity firm Akamai spotted the blunder in KmsdBot, a cryptomining botnet that also had distributed denial of service (DDoS(opens in new tab)) capabilities, before recently crashing and reporting an “index out of range” error. Akamai’s researchers were monitoring the botnet while an attack on a crypto-focused website was taking place.

READ THE STORY: TechRadar

Crypto hacking behind N. Korea’s renewed nuclear ambition

FROM THE MEDIA: Borders were closed and trade was cut off while international sanctions continued throughout the COVID-19 pandemic, further isolating North Korea, one of the world’s most impoverished nations. But its regime has discovered new ways of raking in funds to continuously pursue its missile ambitions and divert sanctions and regulations at the same time — via hacking cryptocurrencies. Through such highly engineered methods, North Korean hackers have been channeling billions of dollars into the secluded regime’s pockets, according to experts from the US and South Korea.

READ THE STORY: ANN

Chinese tech companies nurtured by CCP’s handbook to censor, condition public opinion

FROM THE MEDIA: Chinese tech companies are nurtured by the Chinese Communist Party’s (CCP) handbook to monitor, censor, and condition public opinion online and they support state-driven agenda to promote absolute control of cyberspace in the country, says an article by Sergio Restelli in The Times of Israel. It notes that the surveillance tools are utilized to conduct intensive surveillance operations on targeted groups that are presumed to be threats to social stability.

READ THE STORY: The Print

Items of interest

Regulation won't fix internet routing security

FROM THE MEDIA: Without the global internet routing system, you wouldn’t be reading this. You wouldn’t be doing anything online, actually. That routing system enables the internet to function by distributing countless bits of data around the world at a moment’s notice. That’s why routing system security is essential. It’s critical to maintaining privacy online and making sure your information isn’t hijacked by malicious actors and that the information a business, critical infrastructure operator or government agency sends — and receives — is trustworthy.

READ THE STORY: CyberScoop

The Weaponization Of The Dollar (Video)

FROM THE MEDIA: The sanctions on Russia’s central bank use the reserve currency status of the US dollar to punish an American adversary. Will the US dollar lose its exorbitant privilege? What currency might replace the US Dollar as a reserve currency?

Musk’s Twitter files make Watergate look like ‘jaywalking’: Clay Travis (Video)

FROM THE MEDIA: OutKick founder Clay Travis reacts to Elon Musk’s decision to expose Twitter’s previous suppression of the Hunter Biden laptop story on ‘Fox & Friends Weekend.

Daily Drop (335)

Bob Bragg — Tue, 06 Dec 2022 10:56:41 GMT

Tuesday, December 06, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

'Team Mysterious Bangladesh' Hackers Target Indian Education Entity

FROM THE MEDIA: A threat actor group named “Team Mysterious Bangladesh” has claimed to have compromised the Indian Central Board of Higher Education (CBHE) systems. According to a new advisory by cybersecurity experts at CloudSEK, the hackers would have stolen personally identifiable information (PII), including names, Aadhaar numbers, Indian Financial System Codes (IFSC codes) and other details of numerous individuals. “CloudSEK’s contextual AI digital risk platform [...] discovered a threat actor group named Team Mysterious Bangladesh who claimed to have compromised the CBHE Delhi, India,” the company wrote.

READ THE STORY: InfoSecMag

Weaponizing the IT Supply Chain: Leviathan’s Attacks and Kinetic Naval Intervention in the South China Sea

FROM THE MEDIA: From the description of the presentation “Rising Tide Redux” at CYBERWARCON 2022, which was held recently in-person (and virtual) in Arlington, VA: Leviathan, a Chinese APT [advanced persistent threat] actor and contractor known to support the Chinese Ministry of State Security, is targeting the supply chains of naval defense and energy exploration entities active in the South China Sea.

READ THE STORY: OODALOOP

Amnesty International Canada hit by cyberattack out of China

FROM THE MEDIA: The Canadian branch of Amnesty International was the target of a sophisticated cyber-security breach this fall — an attack forensic investigators believe originated in China with the blessing of the government in Beijing. The intrusion was first detected on October 5, the human rights group said Monday. The attack showed signs of being the work of what's known as an advanced persistent-threat group (APT), according to the cyber security company that conducted the forensic investigation.

READ THE STORY: CBC

Wiper, Disguised as Fake Ransomware, Targets Russian Orgs

FROM THE MEDIA: Companies infected with purported ransomware may no longer have an option to pay a ransom. A new malicious program acts exactly like crypto-ransomware — overwriting and renaming files, then dropping a text file with a ransom note and a Bitcoin address for payment — but the program instead deletes the contents of a victim's files. The program, CryWiper, currently targets Russian organizations but could easily be used against companies and organizations in other nations, according to cybersecurity firm Kaspersky, which analyzed the program.

READ THE STORY: DARKReading

Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware

FROM THE MEDIA: A version of an open source ransomware toolkit called Cryptonite has been observed in the wild with wiper capabilities due to its "weak architecture and programming." Cryptonite, unlike other ransomware strains, is not available for sale on the cybercriminal underground, and was instead offered for free by an actor named CYBERDEVILZ until recently through a GitHub repository. The source code and its forks have since been taken down. Written in Python, the malware employs the Fernet module of the cryptography package to encrypt files with a ".cryptn8" extension.

READ THE STORY: THN

Ukrainian software developers deal with power outages

FROM THE MEDIA: Ukrainian IT services companies are using diesel generators and creative time management to overcome power outages due to Russian missile attacks on energy infrastructure, the most recent of which was underway today. Planned shutdowns and emergency restrictions on electricity continue in parts of Ukraine as repairs are made on the power grid. Ukrainian energy company DTEK last week informed its customers in Kyiv that it would aim to provide electricity for two to three hours, twice a day.

READ THE STORY: TechTarget

Elon Musk Says 'Significant' Risk of Assassination, Talks Hunter Biden, Free Speech

FROM THE MEDIA: Elon Musk has expressed anxiety about his own safety while discussing free speech and his plans for Twitter amid the release of private communications from inside the social media company in the lead up to the 2020 presidential election. While engaging in a Twitter Spaces discussion, the CEO said, "Frankly the risk of something bad happening or literally even being shot is quite significant. I'm definitely not going to be doing any open air car parades, let me put it that way."

READ THE STORY: toofab

Ukrainian long-range drone attacks expose Russian air defenses

FROM THE MEDIA: A third Russian airfield was ablaze on Tuesday from a drone strike, a day after Ukraine demonstrated an apparent new ability to penetrate hundreds of kilometers deep into Russian air space with attacks on two Russian air bases. Officials in the Russian city of Kursk, located closer to Ukraine, released pictures of black smoke above an airfield in the early morning hours of Tuesday after the latest strike. The governor said an oil storage tank there had been set ablaze but there were no casualties.

READ THE STORY: Reuters

Chinese government-linked hackers stole millions in COVID funds

FROM THE MEDIA: The U.S. government has just confirmed the first official case of pandemic fraud linked to foreign state-sponsored hackers. At least $20 million in COVID relief funds have been stolen by the China-based, state-sponsored hacking group, APT41, according to the Secret Service per NBC News. And officials believe there is much more of this going on that's yet to be discovered as over 1,000 related investigations are underway. APT41 is a sophisticated group that has carried out high-level attacks on the U.S. before.

READ THE STORY: Mashable

Hackers hijack Linux devices using PRoot isolated filesystems

FROM THE MEDIA: Hackers are abusing the open-source Linux PRoot utility in BYOF (Bring Your Own Filesystem) attacks to provide a consistent repository of malicious tools that work on many Linux distributions. A Bring Your Own Filesystem attack is when threat actors create a malicious filesystem on their own devices that contain a standard set of tools used to conduct attacks. This file system is then downloaded and mounted on compromised machines, providing a preconfigured toolkit that can be used to compromise a Linux system further.

READ THE STORY: Bleeping Computer

Sneaky hackers reverse defense mitigations when detected

FROM THE MEDIA: A financially motivated threat actor is hacking telecommunication service providers and business process outsourcing firms, actively reversing defensive mitigations applied when the breach is detected. The campaign was spotted by Crowdstrike, who says the attacks started in June 2022 and are still ongoing, with the security researchers able to identify five distinct intrusions. The attacks have been attributed with low confidence to hackers tracked as 'Scattered Spider,' who demonstrate persistence in maintaining access, reversing mitigations, evading detection, and pivoting to other valid targets if thwarted.

READ THE STORY: Bleeping Computer

Russian Hackers 'Intensify' Cyberattacks On Italy's Government Websites

FROM THE MEDIA: Russian hackers intensified their cyberattacks against Italy's government websites, causing alarm for officials. Italy's Computer Security Incident Response Team (CSIRT), the incident response team of the National Cybersecurity Agency of Italy, detected an increase in distributed denial of service (DDoS) attacks against the country's official websites by hacker groups of Russian origin, the Italian news agency ANSA reported.

READ THE STORY: IBT

DHS secretary says US faces 'a new kind of warfare'

FROM THE MEDIA: Secretary of Homeland Security Alejandro Mayorkas said national security and homeland security are now more interconnected than ever before, largely driven by the fact that U.S. adversaries can execute attacks “with a keystroke.” In a speech Monday, Mayorkas said that global interconnectedness and the willingness of nations to unleash digital attacks that have international ramifications has brought the national security threat “directly to our communities.”

READ THE STORY: CyberScoop

Killnet DDoS Group Executes a Cyber Attack on the EU Parliament Website After Resolution Against Russia

FROM THE MEDIA: The EU parliament website suffered a distributed denial of service (DDoS) cyber attack, moments after declaring Russia a state sponsor of terrorism and calling for further isolation. A DDoS attack involves flooding the targeted website with requests to prevent legitimate users from accessing it. Anonymous Russia, a cyber-hacktivist group linked to the Killnet DDoS group, claimed responsibility for the attack. EU parliament officials linked the cyber attack to a pro-Russian group known for executing DDoS attacks against countries that oppose Russia.

READ THE STORY: CPOMAG

Microsoft warns of Russian cyberattacks throughout the winter

FROM THE MEDIA: Microsoft has warned of Russian-sponsored cyberattacks continuing to target Ukrainian infrastructure and NATO allies in Europe throughout the winter. Redmond said in a report published over the weekend that it observed a pattern of targeted attacks on infrastructure in Ukraine by the Russian military intelligence threat group Sandworm in association with missile strikes. The attacks have been accompanied by a propaganda campaign to undermine Western support (from the U.S., EU, and NATO) for Ukraine.

READ THE STORY: Bleeping Computer

Elon Musk's SpaceX unveils Starshield satellite services for U.S. military

FROM THE MEDIA: SpaceX is rolling out a new business called Starshield to support U.S. military applications, building upon the company's existing satellite system. The latest Elon Musk endeavor expands on Starlink Internet satellite technology for national security uses, to include secure communications and space surveillance payloads, for its largest customer, the Pentagon. "While Starlink is designed for consumer and commercial use, Starshield is designed for government use," the company wrote on its website, "with an initial focus on three areas: Earth observation, communications and hosted payloads."

READ THE STORY: UPI

Nearly 500 Million WhatsApp Records Allegedly Stolen in Data Leak, Offered on Dark Web for a Few Thousand Dollars

FROM THE MEDIA: The world’s most commonly used messaging app may have suffered a data leak impacting about 487 million of its users, if a dark web posting is to be believed. The threat actor is offering the information for a relatively low cost, dividing it up by country of origin and offering each package for prices in the range of several thousand dollars. It remains to be seen if the entire collection is legitimate, but samples provided by the hackers have been verified by security researchers. If the full data leak is legitimate, it would impact about a quarter of WhatsApp’s global user base.

READ THE STORY: HackRead

Iran: State-Backed Hacking of Activists

FROM THE MEDIA: Hackers backed by the Iranian government have targeted two Human Rights Watch staff members and at least 18 other high-profile activists, journalists, researchers, academics, diplomats, and politicians working on Middle East issues in an ongoing social engineering and credential phishing campaign, Human Rights Watch said today. An investigation by Human Rights Watch attributed the phishing attack to an entity affiliated with the Iranian government known as APT42 and sometimes referred to as Charming Kitten.

READ THE STORY: CPO

Hive Social Buzzing With Security Flaws, Analysts Warn

FROM THE MEDIA: Social media users looking for an alternative to Elon Musk's Twitter should probably avoid Hive Social, according to a team of cybersecurity experts who turned their attention to the platform after it hit more than a million users. German researchers Zerforschung issued an all-out warning to avoid Hive Social. "The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages," the team wrote in its report. "This also includes private email addresses and phone numbers entered during login."

READ THE STORY: DARKReading

CommonSpirit confirms network accessed a week before ransomware attack

FROM THE MEDIA: CommonSpirit Health issued an update on the ransomware attack that brought down multiple hospitals across the country for more than a month, confirming the threat actors first gained network access weeks before the attack and patient data was, indeed, accessed. As previously reported, the attackers first struck CommonSpirit on Oct. 2 and spurred network IT outages at various care sites operated by the country’s second-largest nonprofit hospital chain. While reports suspected all 142 hospitals and 700 care sites were impacted, the attack did not affect Dignity Health, TriHealth, Virginia Mason Medical Center, or Centura Health.

READ THE STORY: SCMAG

Education sector hit by Hive ransomware in November

FROM THE MEDIA: November saw an influx of ransomware attacks reported against the education sector, with some tied to the Hive ransomware group after threat actors claimed responsibility through the groups' public data leak site. At least five of the 24 confirmed or disclosed ransomware attacks last month were against K-12 schools and universities, though that figure is likely much larger. While TechTarget Editorial tracks publicly reported ransomware events and official disclosures that include terms such as "encrypted data," there were signs that ransomware was involved in several additional instances referred to only as a cyber attack or security incident.

READ THE STORY: TechTarget

Ransomware attack forces French hospital to transfer patients

FROM THE MEDIA: The André-Mignot teaching hospital in the suburbs of Paris had to shut down its phone and computer systems because of a ransomware attack that occurred on Saturday evening. According to Richard Delepierre, the co-chairman of the hospital's supervisory board, the attackers behind this ransomware incident have already demanded a ransom. "A ransom, the amount of which I do not know, has been requested but we do not intend to pay it," Delepierre said per an RFI report.

READ THE STORY: Bleeping Computer

Ransomware Professionalization Grows as RaaS Takes Hold

FROM THE MEDIA: Ransomware groups are getting their acts together, growing in sophistication and business acumen while monetizing ransomware beyond encryption, including double and triple extortion, as the market for ransomware-as-a-service (RaaS) matures. In first half of 2022, LockBit, Conti, Alphv, Black Basta, and Vice Society were among the most prolific ransomware gangs, focusing their attack on US-based organizations, according to a LookingGlass report on the topic.

READ THE STORY: DARKReading

Wiper, Disguised as Fake Ransomware, Targets Russian Orgs

READ THE STORY: DARKReading

Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware

READ THE STORY: THN

Ransomware Gang Steals Employee and Customer Data From LJ Hooker

FROM THE MEDIA: A ransomware gang claims to have stolen 375 gigabytes worth of employee and customer data from a franchise of the Australian real estate giant, LJ Hooker, including passport scans, credit card details, and loans data. On November 30, LJ Hooker was added to the victim list of Russia-linked ransomware gang, ALPHV, also known as “BlackCat”, in a blog post on the dark web previewing some of the data stolen in the breach. So far, the group has published passport details of staff members, seen by VICE, along with login details to a throng of social media accounts, a couple of profit and loss statements, and a property sale contract.

READ THE STORY: VICE

Google warns stolen Android keys used to sign info-stealing malware

FROM THE MEDIA: Compromised Android platform certificate keys from device makers including Samsung, LG and Mediatek are being used to sign malware and deploy spyware, among other software nasties. Googler Łukasz Siewierski found and reported the security issue and it's a doozy that allows malicious applications signed with one of the compromised certificates to gain the same level of privileges as the Android operating system — essentially unfettered access to the victim's device.

READ THE STORY: The Register

Infostealer Malware Market Booms, as MFA Fatigue Sets In

FROM THE MEDIA: Malicious actors are finding success deploying information stealer (infostealer) malware, combining stolen credentials and social engineering to carry out high-profile breaches and leveraging multifactor authentication (MFA) fatigue attacks. These were among the findings of a report from Accenture’s Cyber Threat Intelligence team (ACTI) surveying the infostealer malware landscape in 2022, which also noted a spike in the number of Dark Web advertisements for variety of new infostealer malware variants.

READ THE STORY: DARKReading

Items of interest

Cyber Extortion Growing Exponentially in Africa, Middle East and China, Finds Orange

FROM THE MEDIA: Cyber extortion remains a top threat, but its geographical reach is shifting, Orange Cyber defense (OCD) found in the Security Navigator 2023, the latest edition of its annual report on the threat landscape, released on December 1, 2022. The report shows that cyber extortion, a category designated ‘Cy-X’ by OCD represents the compromise of some assets from a corporate network for ransom and includes ransomware, ranks as the number one type of cyberattack. Such attacks accounted for a large majority of the 29,291 incidents the report was able to confirm, Charl van der Walt, head of OCD’s Security Research Center and lead author of the report, told Infosecurity.

READ THE STORY: InfoSecMag

Chris Miller: Chip War and the Battle Between the US and China (Video)

FROM THE MEDIA: From microwaves to missiles, smartphones to the stock market, our world is increasingly dependent on microchip technology. According to Chris Miller, microchips are the new oil, a critical resource that defines the current state of military, economic and geopolitical power.

Why The World Relies On ASML For Machines That Print Chips (Video)

FROM THE MEDIA: In a Dutch factory, there’s a revolutionary chipmaking machine the whole world has come to rely on. It takes months to assemble, and only one company in the world knows how: Advanced Semiconductor Materials Lithography.

Daily Drop (334)

Bob Bragg — Mon, 05 Dec 2022 10:07:19 GMT

Monday, December 05, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

Cybersecurity expert: ‘Technological giants are becoming political actors’

FROM THE MEDIA: A physicist and mathematician, Eviatar Matania splits his teaching schedule between Oxford and Tel Aviv University. A former head of the Israeli National Cyber Directorate under Benjamin Netanyahu, he has published widely on issues of cybersecurity and artificial intelligence. Matania, 56, sat down for an interview with EL PAÍS while visiting Madrid for a conference.

READ THE STORY: El Pais

Remuneration coming for TrustCor customers impacted by CA revocation

FROM THE MEDIA: Certificate Authority TrustCor responded to its ejection from Mozilla and Microsoft's browsers by offering refunds for some customers, while leaving others to pick up the mess on their own. In a list of upcoming changes published to TrustCor's website, the company said all of its resellers had been notified that TrustCor "will not offer new or renewed server certificates commercially at this time." As for refunds, we noted in our previous TrustCor coverage that Microsoft opted to terminate TrustCor's certificates retroactively on November 1, while Mozilla gave the outfit a distrust date of November 30.

READ THE STORY: The Register

Lazarus APT uses fake cryptocurrency apps to spread AppleJeus Malware

FROM THE MEDIA: Volexity researchers warn of a new malware campaign conducted by the North Korea-linked Lazarus APT against cryptocurrency users. The threat actors were observed spreading fake cryptocurrency apps under the fake brand BloxHolder to deliver the AppleJeus malware for initial access to networks and steal crypto assets. The APT group employed the AppleJeus malware since at least 2018 to steal cryptocurrencies from the victims. The new campaign observed by Volexity started in June 2022, the APT group registered the domain name bloxholder[.]com, and then set up a website related to automated cryptocurrency trading.

READ THE STORY: Security Affairs

Drone warfare: more honored in the breach

FROM THE MEDIA: In your leader (FT View, November 12) you discuss the evolution of drones in combat. That they may be run by artificial intelligence in the future in massive numbers is probably a blip in time, however, due to the corresponding evolution of defensive measures against drones. In the last paragraph you bemoan the fact that “conventions in warfare are often honored more in the breach than the observance”, referring of course to the reality that armies quickly dispense with ideas of moral obligations once they are threatened with losing.

READ THE STORY: FT

Google is shutting down Duplex on the Web

FROM THE MEDIA: Another Google service will soon join the company’s graveyard of apps. The search giant quietly announced this week it is shutting down Duplex on the Web. In a support page spotted by TechCrunch, the company notes the service won’t work after the end of 2022. “As we continue to improve the Duplex experience, we’re responding to the feedback we’ve heard from users and developers about how to make it even better,” a Google spokesperson told the outlet.

READ THE STORY: Yahoo

Rackspace customers rage as email outage continues and migrations create migraines

FROM THE MEDIA: Rackspace has not offered any explanation of the "security incident" that has taken out its hosted Exchange environment and led the company to predict multiple days of downtime before restoration. In response to inquiries from The Register, Rackspace said its incident status page and an FAQ provided to customers are all it can provide at this time. Both documents warn of a lengthy outage, and advise migration to Microsoft 365 for mail services. Both are also silent on the risk of data loss, or data leaks.

READ THE STORY: The Register

North Carolina power outage caused by ‘intentional’ attacks

FROM THE MEDIA: With no suspects or motive announced, the FBI is joining the investigation into power outages in a North Carolina county believed to have been caused by “intentional” and “targeted” attacks on substations that left around 40,000 customers in the dark Saturday night, prompting a curfew and emergency declaration. The mass outage in Moore County turned into a criminal investigation when responding utility crews found signs of potential vandalism of equipment at different sites – including two substations that had been damaged by gunfire, according to the Moore County Sheriff’s Office.

READ THE STORY: CNN // Security Boulevard

North Korean APT37 Unleashes Dolphin Backdoor on South Korea

FROM THE MEDIA: On 30th November, ESET researchers uncovered Dolphin, a sophisticated backdoor used by an APT group named ScarCruft, likely to be linked to North Korea. The group also referred to as APT37, InkySquid, Reaper, and Ricochet Chollima, is known to attack government entities, diplomats, and news organizations in South Korea and certain other Asian countries. The geopolitical espionage group has been active since 2012, working to compromise targets linked to the interests of North Korea.

READ THE STORY: HackRead

Iran: State-Backed Hacking of Activists

READ THE STORY: HRW

Skills Shortage and Integration Challenges Halt Cybersecurity Adoption

FROM THE MEDIA: BlackFog, the leader in on-device data privacy, data security and ransomware prevention, has today released research findings which highlight that a skills shortage is halting cybersecurity adoption and the practical challenges that organizations face in managing an increasingly complex threat landscape. According to research, 50% of surveyed IT Security Decision Makers in the US and UK had been prevented from adopting a new cybersecurity solution due to integration issues or challenges with legacy infrastructure.

READ THE STORY: Security Boulevard

IRGC, Basij militia personal information leaked online by protesters

FROM THE MEDIA: The home addresses and cell phone numbers of members of Iran’s IRGC, its Basij militia and police forces who are oppressing and attacking Iranian protesters are being published on the darknet to enable the public to seek out revenge, The Jerusalem Post has learned. Israeli cyber intelligence firm Deep Void, whose founders have a background in Israeli intelligence, has revealed the phenomenon in which Iranian dissidents are using the darknet, a shadow realm within the Internet, to fight back against the ayatollahs’ foot soldiers, who during past protests could attack protesters and then disappear into anonymity.

READ THE STORY: JP

Data on thousands of Aussies for sale on bot markets

FROM THE MEDIA: he hackers are selling digital fingerprints, cookies, up-to-date logins, screenshots, and webcam snaps. New Zealand has been similarly affected, with over 6,000 Kiwis having their data stolen and sold. The NordVPN research looked into three major bot markets. For clarity, “bot” here refers to data-harvesting malware and a bot market is an online marketplace hackers use to sell data they stole from victims' devices with bot malware. The data is sold in packets containing the full digital identity of a compromised person.

READ THE STORY: iTwire

Private Data Leaked in Ransomware Attack on Virginia Mason Franciscan Health

FROM THE MEDIA: The parent firm of Virginia Mason Franciscan Health was recently the target of a ransomware assault, the healthcare system disclosed earlier this week. The organization linked to 10 VMFH hospitals spread across the Puget Sound region, CommonSpirit Health, stated some patients’ names, addresses, phone numbers, and dates of birth were included in leaked files while the cyberattack was being investigated. Additionally included were special IDs that the hospital utilized internally (not insurance IDs or medical record numbers).

READ THE STORY: IT Security News

Android malware apps with 2 million installs spotted on Google Play

FROM THE MEDIA: UPDATED A new set of Android malware, phishing, and adware apps have infiltrated the Google Play store, tricking over two million people into installing them. The apps were discovered by Dr. Web antivirus and pretend to be useful utilities and system optimizers but, in reality, are the sources of performance hiccups, ads, and user experience degradation. One app illustrated by Dr. Web that has amassed one million downloads is TubeBox, which remains available on Google Play at the time of writing this.

READ THE STORY: Bleeping Computer

Ransomware Cuba extorts over $60 million

FROM THE MEDIA: The perpetrators behind the Cuba ransomware (by the hackers called COLDDRAW) have received more than 60 million dollars in ransom payments and have compromised over 100 entities worldwide as of August 2022. In a new alert shared by the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), the agencies highlighted a “sharp increase in both the number of compromised US entities and ransom amounts.”

READ THE STORY: Ruetir

Apartheid is lucrative for Israeli tech

FROM THE MEDIA: Bruce Reed, deputy chief of staff to United States President Joe Biden, took the stage at a press event on October 4 to celebrate a milestone for his administration. They would be releasing a blueprint for use of artificial intelligence that would guide future policies around its ethical use. “Most Americans think Washington can be better at artificial than at intelligence, but this is a group that got it right,” Reed said, before arguing that tech should be used to strengthen democracy rather than undermine it. “We’re kicking off this work, leading by example, with real commitments from across the federal government.”

READ THE STORY: Mondoweiss

MIT’s tissue-box-sized satellite achieves fastest laser link from space yet

FROM THE MEDIA: A small satellite developed by engineers at the Massachusetts Institute of Technology (MIT) has set a new record for data transmission between a satellite and Earth. MIT’s TeraByte InfraRed Delivery (TBIRD) system has delivered terabytes of data from a satellite to Earth at record-breaking rates of up to 100 gigabits per second (100 Gbps) – a rate that will transform future science missions. This data transfer rate is more than 1,000 times higher than that of the radio-frequency links traditionally used for satellite communication and the highest ever achieved by a laser link from space to ground.

READ THE STORY: InceptiveMind

Law enforcement agencies can extract data from thousands of cars’ infotainment systems

FROM THE MEDIA: Data managed by infotainment systems in modern vehicles are a valuable source of information for the investigation of law enforcement agencies. Modern vehicles come with sophisticated infotainment systems that are connected online and that could represent an entry point for attackers, as demonstrated by many security experts over the years. Law enforcement and intelligence worldwide are buying technologies that exploit weaknesses in vehicle systems.

READ THE STORY: Security Affairs

Rocket Lab forms dedicated military and intelligence unit

FROM THE MEDIA: Rocket Lab has created a US-based, wholly-owned subsidiary “to serve the defense and intelligence community”. Rocket Lab National Security LLC “will deliver reliable launch services and space systems capabilities to the US Government and its allies”, the Kiwi-American firm says. Publicizing its new defense unit marks a shift in optics by the Kiwi-American company, which has previously downplayed that aspect of its business, notwithstanding that military grants and contracts have always figured large.

READ THE STORY: NZHERALD

Items of interest

Cyber Attacks on AIIMS India state Chinese Involvement

FROM THE MEDIA: A few days ago, the All-India Institute of Medical Sciences (AIIMS) based in Delhi was hit by a cyber attack of ransomware variant and sources report that the hackers are demanding Rs 200 Crores to return the stolen information belonging to millions of patients that would be otherwise sold on the dark web. According to a probe conducted by CERT-IN, Chinese involvement is suspected behind the incident and reports are in that the hackers targeted a few of the other government agencies whose attack details are yet to be made public.

READ THE STORY: Cyber Security Insiders

Cyber Warfare in the 21st Century (Video)

FROM THE MEDIA: Cyber Warfare .

Matthew Garrett: Who watches the scooters (Video)

FROM THE MEDIA: You put a bunch of scooters online and you have an app that can tell you if you're near one so you can hire it. But what can people do with that knowledge?

Daily Drop (333)

Bob Bragg — Sun, 04 Dec 2022 12:07:47 GMT

Sunday, December 04, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

The next AMD, Apple and Nvidia chips 100% Made In USA

FROM THE MEDIA: TSMC will begin production on U.S. soil in 2024 at its Arizona plant. Recently, Apple has put pressure on TSMC to benefit from the company’s latest innovations. TSMC, despite its power, does not seem to have much choice because of the protectionist policies that the USA is putting in place, but also because of the geopolitical uncertainty that poses certain threats to the independence of Taiwan. It is in this context that in the next few hours the American president Biden accompanied by the CEO of Apple Tim Cook, but also of NVIDIA, Jensen Huang, the CEO of AMD, Dr. Lisa Su, will be present to attend a ceremony in Arizona announcing the acceleration of the deployment of TSMC on American soil.

READ THE STORY: Overclocking

Elon Musk slams NY Times for ignoring his exposé

FROM THE MEDIA: Elon Musk attacked The New York Times on Saturday for not covering his exposé of how Twitter executives were urged by Biden staff to delete tweets relating to the damaging contents of Hunter Biden's laptop. Other left-leaning outlets including CBS News, ABC and The Washington Post are also yet to cover the 'Twitter Files', despite their contents causing a sensation among American conservatives and free-speech advocates. In response to the alleged lack of coverage from the Times, Musk described the newspaper as an 'unregistered lobbying firm for far left politicians'.

READ THE STORY: DailyMail UK

6 Quadrillion Token Heist Hits BNB Chain-Based DeFi Protocol Ankr

FROM THE MEDIA: Web3 infrastructure provider Ankr is the latest victim of hacking and financial theft. The BNB Chain-Based DeFi protocol has confirmed in a series of tweets that it got hacked, and the attacker managed to steal six quadrillion tokens. The stolen crypto was Ankr Reward Bearing Stake/aBNBc. Lookomchain, an on-chain analytics firm, stated that the hacking occurred on Friday, and the hacker stole around $10 million worth of crypto (USDC coins).

READ THE STORY: HackRead

Russia reaped $1 billion of wheat in occupied Ukraine

FROM THE MEDIA: Ukraine has lost at least $1 billion of wheat that was harvested in areas controlled by Russia, according to research using satellite imagery from NASA’s food security and agriculture program. The analysis gives an idea of what’s happening in occupied territories, where information is tightly controlled. It uses a machine-learning model detecting texture and color changes based on a time-series of satellite images to map where crops have been harvested or left unharvested.

READ THE STORY: Press Herald

China's Emerging Subsurface Presence In The Indian Ocean "

FROM THE MEDIA: From manned submarines to underwater drones, China's stepped-up deployments in the region are concerning to India. According to the United States'“China's Military Power Report 2022,” China's People's Liberation Army Navy (PLAN) is““numerically” the largest navy in the world. The report also highlights that the PLA support base in Djibouti is going to play a crucial role in providing China the capacity to“project and sustain military power at a greater distance.”

READ THE STORY: MENAFN

Counter speech as a strategy to prevent hate speech in Uganda

FROM THE MEDIA: There has been a great deal of hue and cry among the Ugandans over the scale of hate speech targeting certain members of society. Some episodes of hate speech have recently fomented or triggered instances of mob actions as counter measures in certain quarters in Uganda. It is little wonder that Uganda has recently enacted the Computer Misuse Act (2022) with specific provisions to address hate speech online. This approach has had many detractors with good reason prophesying the law will have claw back effects on freedom of expression.

READ THE STORY: Monitor

Cambridge Water customers’ bank details published to dark web after cyber attack

FROM THE MEDIA: Cambridge Water has written to customers to warn them that “criminals may try to use this compromised data to carry out fraud, in particular by submitting fraudulent Direct Debit mandates to your bank or building society using the data compromised in the cyber-attack”. Andy Willicott, managing director of Cambridge Water, said in a statement: “We understand that customers trust us to keep their data safe and I’d personally like to say sorry to all those customers impacted – we’ll be doing what we can to support you through this.”

READ THE STORY: Cambridge Independent

Attack of drones: airborne cybersecurity nightmare

FROM THE MEDIA: Once a niche technology, drones are about to explode in terms of market growth and enterprise adoption. Naturally, threat actors follow the trend and exploit the technology for surveillance, payload delivery, kinetic operations, and even diversion. There exists a class of tiny and highly maneuverable devices that introduce a variety of cybersecurity risks you probably haven’t considered before. Drones currently occupy a unique legal position as they are classified as both aircraft and networked computing devices.

READ THE STORY: security Affairs

New CryWiper wiper targets Russian entities masquerading as a ransomware

FROM THE MEDIA: Researchers from Kaspersky discovered a previously unknown data wiper, dubbed CryWiper, that was employed in destructive attacks against Russian mayor’s offices and courts. The malware masquerades as ransomware, but the analysis of the code demonstrates that it does not actually encrypt, but only destroys data in the infected system. According to Kaspersky, the wiper was first spotted in the fall of 2022 when it was employed in an attack against an organization’s network in the Russian Federation.

READ THE STORY: Security Affairs // HackRead

Google fixed the ninth actively exploited Chrome zeroday this year

FROM THE MEDIA: Google rolled out an emergency security update for the Chrome web browser to address a new zero-day vulnerability, tracked as CVE-2022-4262, that is actively exploited. The CVE-2022-4262 vulnerability is a type confusion bug in the V8 JavaScript. The vulnerability was reported by Clement Lecigne of Google’s Threat Analysis Group on November 29, 2022. “CVE-2022-4262: Type Confusion in V8. Reported by Clement Lecigne of Google’s Threat Analysis Group on 2022-11-29” reads the advisory published by Google. “Google is aware that an exploit for CVE-2022-4262 exists in the wild.”

READ THE STORY: Security Affairs

How To Unravel The Minefield That Is Web App Security

FROM THE MEDIA: Web application security aims to preventatively circumvent the catastrophic effects of a cyberattack or data breach. Common attack vectors against web-based applications include injections, man-in-the-middle (MITM) attacks, and session hijacking amongst other types of exploits. There is no doubt about it: web application security is key, especially when studies find that cybercrime will cost $5.2 trillion in lost value across all industries by 2024.

READ THE STORY: Information Security Buzz

Cloud provider Rackspace hit by ongoing 12-hour Exchange outage

FROM THE MEDIA: American cloud computing services provider Rackspace is investigating a 12-hour-long and still active outage leading to connectivity issues and affecting hosted Microsoft Exchange environments they manage for their customers. The list of impacted services includes MAPI/RPC, POP, IMAP, SMTP, ActiveSync, and the Outlook Web Access (OWA) interface used to access the Hosted Exchange instance to manage email online. "We are investigating an issue that is affecting our Hosted Exchange environments. More details will be posted as they become available," Rackspace said on Friday night, at 02:49 AM EST, when it acknowledged the outage.

READ THE STORY: Bleeping Computer

Medibank prognosis gets worse after more stolen data leaked

FROM THE MEDIA: Australian health insurer Medibank's prognosis following an October data breach keeps getting worse as criminals dumped another batch of stolen customer data on the dark web. The miscreants, believed to be linked to Russia's REvil ransomware gang, posted what they claimed to be the rest of the exfiltrated data on Thursday, adding: "Case closed." Medibank said it's still analyzing the leaked data, which includes six "sipped files in a folder called 'full' containing the raw data that we believed the criminal stole."

READ THE STORY: The Register

Rackspace rocked by ‘security incident’ that has taken out hosted Exchange services

FROM THE MEDIA: UPDATED Some of Rackspace’s hosted Microsoft Exchange services have been taken down by what the company has described as a “security incident”. The company’s most recent incident report at the time of writing, time-stamped 01:57 Eastern Time on December 3rd, offers the following information. “On Friday, Dec 2, 2022, we became aware of an issue impacting our Hosted Exchange environment. We proactively powered down and disconnected the Hosted Exchange environment while we triaged to understand the extent and the severity of the impact. After further analysis, we have determined that this is a security incident.”

READ THE STORY: The Register

Preparing for a Russian cyber offensive against Ukraine this winter

FROM THE MEDIA: As we report more fully below, in the wake of Russian battlefield losses to Ukraine this fall, Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support, domestic and foreign. This approach has included destructive missile and cyber strikes on civilian infrastructure in Ukraine, cyberattacks on Ukrainian and now foreign-based supply chains, and cyber-enabled influence operations[1]—intended to undermine US, EU, and NATO political support for Ukraine, and to shake the confidence and determination of Ukrainian citizens.

READ THE STORY: Microsoft

America’s Critical Infrastructure is Fragile and Vulnerable

FROM THE MEDIA: In May of last year, the 5,500-mile-long Colonial Pipeline shut down for the first time ever. A ransomware attack on the pipeline created fuel shortages on the entire East Coast, driving up gas prices and creating a state of emergency. The attack sparked immense concern over critical infrastructure cyber security. Cyber networks and information systems support critical infrastructure. Transportation systems, energy, financial services, and communications are inherently at risk for cyber-attacks and cyber intrusions.

READ THE STORY: IPD

Arabs hack phones of IDF soldiers, publish footage from military service

FROM THE MEDIA: Arab sources have uploaded a video clip showing portions of videos and photographs that they claim to have accessed through hacking the mobile phones of IDF soldiers. The video, titled, "You Are Not Safe," presents photos of soldiers in combat units, including in the Armored Corps, footage of Armored Corps training, a helicopter landing during an exercise, shooting at a firing range, the launch of an Iron Dome intercept missile, IDF soldiers at a military base, soldiers in their living quarters, in an office, and on a bus, preparations for a ceremony, and personal photos of soldiers throughout their military service.

READ THE STORY: Israel National News

The financing of North Korea’s nuclear development comes from digital currency theft. Now that FTX has fallen, may it also

FROM THE MEDIA: The repercussions of FTX, the second-largest cryptocurrency exchange in the world, declaring bankruptcy earlier this month have been felt globally. However, there are some less than innocent people among the numerous victims. Cryptocurrency theft has proven to be a (relatively) easy means for the Democratic People’s Republic of Korea, a nation under stringent sanctions, to finance its growing nuclear weapons. It is well known that for years, North Korea’s military operation under Kim Jong-un has been stealing cryptocurrencies to fund its nuclear and missile programs.

READ THE STORY: Inside Bitcoins

Ransomware attack on India’s premier medical institute likely involved Chinese hackers, ‘foreign state actor’

FROM THE MEDIA: The ransomware cyberattack that crippled the online management system of the All India Institute of Medical Sciences (AIIMS) in New Delhi involved China-based hackers including possibly “a foreign state actor”, reported the indianexpress.com and the timesofindia.com Dec 3, citing preliminary investigation. The cyber incident that took place last month had brought the online management system of the institute to a halt, and raised concerns over the data of crores of patients being compromised, including that of high-profile political personalities.

READ THE STORY: Tibetan Review

Google terminates thousand of YouTube channels in China, Russia, Brazil

FROM THE MEDIA: Google has purged thousands of YouTube channels in China, Russia and Brazil as part of its investigation into coordinated influence operations.
The tech giant terminated 5,197 YouTube channels and 17 Blogger blogs as part of its ongoing investigation into coordinated influence operations linked to China.
"These channels and blogs mostly uploaded spammy content in Chinese about music, entertainment, and lifestyle. A very small subset uploaded content in Chinese and English about China and US foreign affairs," the company said in a blog post.

READ THE STORY: ET

NATO prepares for cyber war

FROM THE MEDIA: Some 150 NATO cybersecurity experts assembled in an unimposing beige building in the heart of Estonia’s snow-covered capital this week to prepare for a cyberwar. It’s a scenario that has become all too real for NATO member states and their allies since the Russian invasion of Ukraine. The conflict has forced Ukraine to defend against both missile attacks and constant efforts by Russian hackers intent on turning off the lights and making life more difficult for their besieged neighbors.

READ THE STORY: Politico

Items of interest

How Semiconductor Chips Changed the Driving Experience Forever—and Not for the Better

FROM THE MEDIA: A confession: Until recently, whenever talk of semiconductor shortages came up, I was under the impression that most cars made do with just a handful of the things. I say a handful. One seemed like it would be enough: one car, one engine, one big fat semiconductor. My estimate was a little short. Some cars come loaded with as many as 3,000. Semiconductors—aka microchips—are big business, as you probably know. According to an organization called World Semiconductor Trade Statistics, more than 932 billion of them were made in 2020, a number so vast I don’t even know what to compare it to.

READ THE STORY: Robb Report

The Case of China's Cyber Army - Hacking the World (Video)

FROM THE MEDIA: The Case of China's Cyber Army - Hacking the World. Chinas Hacker Army has been conducting a world wide Cyber Espionage Campaign. PLA Unit 61398 is suspected to be behind these cyber attacks.

MWI War Council: Cyber Operations in Modern Warfare - Ukraine and Beyond (Video)

FROM THE MEDIA: The Modern War Institute at West Point hosted a multi-disciplinary panel to discuss how the war in Ukraine is—or is not—changing core assumptions about conflict in the cyber domain. In many ways, the war in Ukraine appears to undermine assumptions about the changing nature of warfare, as the most decisive elements have played out on land rather than in new technological domains.

Daily Drop (332)

Bob Bragg — Sat, 03 Dec 2022 11:52:41 GMT

Saturday, December 03, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

Should Ukraine rein in its patriotic hackers

FROM THE MEDIA: When Russia invaded Ukraine in February, a 23-year-old from Kyiv who goes by Vlad decided to fight back. But instead of a rifle, he picked up the weapon he knows how to use best — his computer. Vlad, who works as an information security specialist, and his friends started to hack Russian websites and leak sensitive data. They also took control of Russian surveillance cameras to monitor the movement of enemy troops. Vlad declined to go into detail about his activities and asked The Record not to use his last name due to safety concerns — he does not serve in the military and may be criminally liable for his cyberattacks, as well as targeted by Russia.

READ THE STORY: The Record

Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices

FROM THE MEDIA: Mayors' offices and courts in Russia are under attack by never-before-seen malware that poses as ransomware but is actually a wiper that permanently destroys data on an infected system, according to security company Kaspersky and the Izvestia news service. Kaspersky researchers have named the wiper CryWiper, a nod to the extension .cry that gets appended to destroyed files. Kaspersky says its team has seen the malware launch “pinpoint attacks” on targets in Russia. Izvestia, meanwhile, reported that the targets are Russian mayors' offices and courts. Additional details, including how many organizations have been hit and whether the malware successfully wiped data, weren’t immediately known.

READ THE STORY: arsTECHNICA

Android Phone Makers’ Encryption Keys Stolen and Used in Malware

FROM THE MEDIA: While Google develops its open source Android mobile operating system, the “original equipment manufacturers” who make Android smartphones, like Samsung, play a large role in tailoring and securing the OS for their devices. But a new finding that Google made public on Thursday reveals that a number of digital certificates used by vendors to validate vital system applications were recently compromised and have already been abused to put a stamp of approval on malicious Android apps.

READ THE STORY: Wired

‘Black Panthers’ – A SIM Swap Gang Connected With Dark Web Got Arrested

FROM THE MEDIA: Spanish National Police arrested the notorious SIM-swapping gang operating under the name “Black Panthers” for various cyber crimes. The law enforcement agents arrested 55 people, including the leader heading this Black Panthers gang. The operators behind this Black Panthers committed the bank scams through SIM swapping attacks with other methods such as social engineering techniques, Vishing, Phishing, or Carding to call forwarding. There 100s of victims got scammed and this group stole around 250,000 euros.

READ THE STORY: GBHACKERS

US Air Force reveals B-21 Raider stealth bomber that'll fly the unfriendly skies

FROM THE MEDIA: In Palmdale, California on Friday, Northrop Grumman CEO Kathy Warden revealed a US Air Force warplane that had only been shown in artist renderings and is supposed to be seldom seen, the B-21 Raider. "The B-21 Raider changes everything, reaffirming peace through deterrence, advancing technology and ushering in a new paradigm in aircraft design, development, and manufacturing," said Warden. "With this aircraft, we're delivering the next generation of stealth technology designed for the US Air Force to meet its most complex missions."

READ THE STORY: The Register

A new Linux flaw can be chained with other two bugs to gain full root privileges

FROM THE MEDIA: Researchers at the Qualys’ Threat Research Unit demonstrated how to chain a new Linux vulnerability, tracked as CVE-2022-3328, with two other flaws to gain full root privileges on an affected system. The vulnerability resides in the snap-confine function on Linux operating systems, a SUID-root program installed by default on Ubuntu. The snap-confine is used internally by snapd to construct the execution environment for snap applications, an internal tool for confining snappy applications. The CVE-2022-3328 is a Snapd race condition issue that can lead to local privilege escalation and arbitrary code execution.

READ THE STORY: Security Affairs

Schoolyard Bully Malware Stealing Facebook Credentials on Android

FROM THE MEDIA: Mobile security company Zimperium’s zLabs has released a warning about a notorious Android trojan that has stolen around 300,000 credentials of Facebook users. According to zLabs, Schoolyard Bully malware is the name of malware used in a brand-new Android threat campaign that has been active since at least 2008. The attackers specifically target Facebook user credentials, and the malware is found in several applications downloaded from third-party app stores and the Google Play Store. The malware’s primary targets are based in Vietnam.

READ THE STORY: HackRead

Binance freezes $3 million worth of crypto stolen in Ankr hack

FROM THE MEDIA: Binance, one of the last remaining crypto giants, froze about $3 million worth of cryptocurrency early on Friday morning after Web3 infrastructure provider Ankr was hacked. Ankr said $5 million worth of Binance coin was stolen from the platform and that it planned to cover all of the losses suffered by its users. Another platform, Helio, confirmed that it was also hit in a connected attack. “Ankr understands the concern this has created within the community and will continue working to mitigate the situation and has already taken the necessary steps to prevent future similar incidents,” the company said on Friday.

READ THE STORY: The Record

Concern Over DDoS Attacks Falls Despite Rise in Incidents

FROM THE MEDIA: Even with the shifting threat landscape, organizations view malware, phishing, and data breaches as their biggest threats. Almost a third of respondents in Fastly's Fight Fire with Fire survey consider data breaches and data loss as the biggest cybersecurity threat to their organization over the next 12 months. Malware (29%) and phishing (26%) round out the top three. What's notable is the change in focus from 2021, when 31% of respondents named malware as their biggest threat, followed by distributed denial of service attacks (26%) and attacks targeting known vulnerabilities (25%).

READ THE STORY: DarkReading

FBI warns about Cuba, no, not that one — the ransomware gang

FROM THE MEDIA: The US government has issued an alert about Cuba; not the state but a ransomware gang that's taking millions in purloined profits. The Cuba gang has hit more than 100 organizations worldwide, demanding over $145 million in payments and successfully extorting at least $60 million since August, according to a joint FBI and US Cybersecurity and Infrastructure Security Agency (CISA) advisory. The FBI first warned about the cybercrime gang in December 2021, and since then, the victim count in the US alone has doubled. In that the same time, the ransom payments received also jumped.

READ THE STORY: The Register

Cyber Safety Review Board to probe Lapsus$ ransomware spree

FROM THE MEDIA: The Cyber Safety Review Board is set to examine the Lapsus$ ransomware gang, the U.S. Department of Homeland Security announced Friday. A prolific group, Lapsus$ has targeted a wide range of global companies and government agencies, sometimes with ruthless digital extortion, since late 2021. The 15-member board, chaired by DHS Under Secretary for Policy Robert Silvers, reviewed the ransomware group’s activities over the past year and sent recommendations to President Joe Biden via Homeland Security Secretary Alejandro Mayorkas and Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency.

READ THE STORY: Cyber Security Dive

Cloud provider Rackspace hit by ongoing 12-hour Exchange outage

READ THE STORY: Bleeping Computer

Medibank prognosis gets worse after more stolen data leaked

READ THE STORY: The Register

Will OpenAI’s ChatGPT be used to write malware

FROM THE MEDIA: New OpenAI chatbot ChatGPT could be used to generate malware, some analysts have warned. Artificial intelligence-generated code could have a devastating effect on cybersecurity, as human-written defensive software may not be sufficient to protect against it. As reported by Tech Monitor yesterday, OpenAI released the ChatGPT chatbot this week. Based on the company’s GPT-3 large language AI model, it has already proved itself adept at completing a wide variety of tasks from answering customer queries to generating code and writing complex and accurate prose based on simple prompts.

READ THE STORY: TechMonitor

Google Expands Support For Ukraine In Fight Against Russia

FROM THE MEDIA: Google announced on Dec. 1, it’s reinforcing its commitment to support Ukraine in its war conflict with Russia by announcing new steps that the company is taking to support Ukraine. The support comes after Ukrainian Vice Prime Minister of Ukraine Mykhailo Fedorov visited the Google offices in Washington, D.C., and detailed some of the challenges the nation has been facing due to the conflict in Ukraine. One of the key forms of support that Google has given the Ukrainian government is by delivering 50,000 new google workspace licenses.

READ THE STORY: Meritalk // Axios

BlackProxies proxy service increasingly popular among hackers

FROM THE MEDIA: A new residential proxy market is becoming popular among hackers, cybercriminals, phishers, scalpers, and scammers, selling access to a million claimed proxy IP addresses worldwide. The new platform was spotted by DomainTools analysts who have been watching the emergence of these services, reporting that ' BlackProxies' is one of the most quickly growing newcomers in the space. A new entity that claims such a big pool of available proxies is an important development considering that law enforcement has shut down several large proxy providers like RESNET and INSORG in the past couple of years.

READ THE STORY: Bleeping Computer

Novel DuckLogs malware-as-a-service detailed

FROM THE MEDIA: More than 6,000 victims have been compromised by the new DuckLogs malware-as-a-service operation, whose platform is being leveraged by over 2,000 cybercriminals, according to BleepingComputer. Cyble researchers discovered that DuckLogs features an info-stealing component aimed at exfiltrating hardware and software information, browser-stored account credentials and cookies, local disk files, data from messaging apps, Outlook and Thunderbird emails, FileZilla and TotalCommander data, CrypticVPN, OpenVPN, NordVPN, and ProtonVPN data, Steam, Minecraft, Battle.Net, and Uplay accounts, and Metamask, Exodus, Coinomi, Atomic, and Electrum cryptocurrency wallets.

READ THE STORY: SCMAG

Applying AI Techniques in Cybersecurity, Counterterrorism, and International Security

FROM THE MEDIA: From predicting terrorist attacks to destabilizing terrorist networks to predicting, detecting, and mitigating cyber-attacks in real time, artificial intelligence (AI) has shown potential as a valuable tool to protect against nefarious actors around the world. A newly launched Northwestern lab will help lead in developing and deploying AI technologies that serve as solutions to these global threats. Led by V.S. Subrahmanian, Walter P. Murphy Professor of Computer Science in Northwestern Engineering and a faculty fellow at the Northwestern Roberta Buffett Institute for Global Affairs, the new Northwestern Security and AI Lab (NSAIL) is conducting fundamental research in AI relevant to issues of cybersecurity, counterterrorism, and international security.

READ THE STORY: Northwestern

Ye suspended from Twitter (again)

FROM THE MEDIA: The rapper Ye, formerly known as Kanye West, has once again been suspended from Twitter after he tweeted a photo of a swastika. Meanwhile, Edward Snowden, a former NSA contractor who leaked classified information in 2013, has been granted a Russian passport and has sworn his allegiance to the former Soviet Union nation. “I tried my best. Despite that, he again violated our rule against incitement to violence. Account will be suspended,” Musk said in an early morning tweet. Thursday evening, Ye tweeted out an image of the Star of David containing a swastika inside.

READ THE STORY: The Hill

Russian Telegram channel spreads digitally modified photo of Poland’s prime minister

FROM THE MEDIA: The Russian army has been implementing defensive facilities in the Kherson region since October, preparing for either a Ukrainian army advance or an organized retreat. Russian forces remain entrenched in various parts of Kherson and southern Ukraine. Ukrainian forces reportedly damaged a rail bridge north of Melitopol that served as a critical supply route for Russian troops. After the successful Ukrainian counteroffensive in Kherson, Russian forces are likely to increase attacks on critical infrastructure, such as factories and warehouses. On November 19, the Russian armed forces attacked the Motor Sich plant in Zaporizhzhia with Iranian drones. Video emerged on Telegram of explosions at the site of the attack. The plant manufactures aircraft engines and industrial marine gas turbines.

READ THE STORY: Atlantic Council

Taiwan Semiconductor Manufacturing to Offer Advanced Chips

FROM THE MEDIA: Last week, Taiwan Semiconductor Manufacturing Co. founder Morris Chang announced that the company was planning to produce chips with advanced 3-nanometer technology. But now, TSMC will offer advanced 4-nanometer chips when its new $12 billion plant in Arizona opens in 2024. Citing unnamed sources familiar with the matter, Bloomberg is reporting that TSMC is doing this after customers like Apple, Advanced Micro Devices, and Nvidia have pushed the company into doing so.

READ THE STORY: NASDAQ

Ukraine works to keep infrastructure up as deadly Russian strikes continue

FROM THE MEDIA: Russian forces continued to shell the city of Kherson and the surrounding area, killing at least three, Ukrainian authorities said, as the nation works to maintain civilian infrastructure. There were 42 separate strikes against Ukrainian-held territory in the Kherson province alone on Thursday, the provincial governor, Yaroslav Yanushevych, said Friday. “The enemy purposefully attacks the civilian infrastructure of the region and kills civilians,” he said.

READ THE STORY: NYPOST

Experts argue 'sludge' could muck up cyber attacks

FROM THE MEDIA: Threat actors can be discouraged from attacking networks when small changes are made to make their operations more difficult. That's according to a recent paper from infosec experts at the National Security Agency (NSA), Johns Hopkins University and Fastly. Known as "sludge," the paper describes several small security steps and network conditions that create technical red tape and can potentially slow down the process of data collection and exfiltration. The concept of sludge was popularized in 2021 book titled Sludge: What Stops Us from Getting Things Done and What to Do about It by legal scholar Cass Sunstein.

READ THE STORY: TechTarget

Where Advanced Cyberttackers Are Heading Next: Disruptive Hits, New Tech

FROM THE MEDIA: In November, Ukraine's president revealed that the country's IT defenses fended off more than 1,300 Russian cyberattacks, including attacks on satellite communications infrastructure. The onslaught of cyberattacks highlights one of the shifts in advanced persistent threat (APT) attacks seen in the past year: In 2022, geopolitical tensions ratcheted up, and along with them, cyber operations became the go-to strategy for national governments. While Russia and other nations have used cyberattacks to support military actions in the past, the ongoing war represents the most sustained cyber operation to date and one that will undoubtedly continue in the coming year, experts say.

READ THE STORY: DarkRead

Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies

FROM THE MEDIA: In this attack campaign, the adversary demonstrates persistence in trying to gain access to victim environments and performs constant, and typically daily, activity within the target environment once access is gained. It is imperative for organizations to swiftly implement containment and mitigation actions if this adversary is in the environment. In multiple investigations, CrowdStrike observed the adversary become even more active, setting up additional persistence mechanisms, i.e. VPN access and/or multiple RMM tools, if mitigation measures are slowly implemented. And in multiple instances, the adversary reverted some of the mitigation measures by re-enabling accounts previously disabled by the victim organization.

READ THE STORY: CrowdStrike

The Twitter Files: Hunter’s Laptop

FROM THE MEDIA: Someone needs to go and wake up Sleepy Joe, because Twitter CEO Elon Musk is airing the social media company’s dirty laundry when it comes to #LaptopGate as if they were episodes on Netflix. Musk has made good on his threat to reveal the internal communications at Twitter that led to management and ‘community safety’ actively killing the Hunter Biden laptop story, tweeting: ‘Tune in for Episode 2 of The Twitter Files tomorrow!’

READ THE STORY: spectator

Teenagers led a group of hackers who breached some of the world's biggest tech companies.

FROM THE MEDIA: The Biden administration announced Friday the U.S. would investigate recent hacks linked to a teenage cybercriminal group that focused on extortion. The U.S. Cyber Safety Review Board, a 15-member panel of experts from across government and private sector, will probe a series of high-profile hacks by the group, known as Lapsus$. Homeland Security Secretary Alejandro Mayorkas said its goal is to "evaluate how this group has allegedly impacted some of the biggest companies in the world, in some cases, with relatively unsophisticated techniques, and determine how people can build resilience against innovative social engineering tactics and address international partnership in combatting criminal cyber actors."

READ THE STORY: CBSNEWS

Water Utility Drips Alert 4 Months After Breach

FROM THE MEDIA: South Staffordshire Water in England this week began warning customers that their personal details were exposed in a data breach, elevating their risk of identity theft. The privately owned utility serves 1.7 million Britons but won't say how many were caught up in the breach, which occurred in July, the company confirmed in August. That delayed acknowledgment happened after the Cl0p ransomware group had already taken responsibility, albeit after first erroneously fingering Thames Water Utilities as the victim. Subsequently, South Staffs Water issued a data breach notification, confirming that it was the victim, as data leaked by Cl0p suggested (see: Comedy of Errors: Ransomware Group Extorts Wrong Victim).

READ THE STORY: GovInfoSec

US must affirm Iranians’ demands: Freedom, not the Islamic Republic

FROM THE MEDIA: For eight weeks, Iranians have taken the streets with a basic rallying cry: “Woman, life, freedom!” Tehran cannot and never will heed that call — the regime is built on misogyny, killing, and tyranny. That’s why protesters have chanted “[Iranian Supreme Leader Ali] Khamenei will be overthrown this bloody year!”, “Death to Khamenei!”, and “Death to the dictator!” It is time for the U.S. to endorse what the Iranian people want: The end of the “Islamic Republic” and the establishment of a free democracy.

READ THE STORY: The Hill

Disruptions dodged as diesel shortage eases

FROM THE MEDIA: There is still a national diesel fuel shortage, but a small price drop and the reactivation of a few American refineries have avoided disruptions in the crucial traffic of trucks, trains and ships. Waco economist Ray Perryman and Texas Oil & Gas Association President Todd Staples say the scenario is getting more complex by the day. “While diesel supplies remain very tight, they are holding fairly steady,” Perryman reported. “Prices have fallen slightly over the past few weeks, though they remain elevated compared to a year ago.

READ THE STORY: OA Online

Uganda says its debut satellite launched into orbit

FROM THE MEDIA: Uganda’s first satellite has been successfully launched into orbit from the International Space Station (ISS) and the East African nation’s ground controllers were in contact with the device, the government said on Friday. The PearlAfricaSat-1 spacecraft was rocketed to the ISS by NASA on Nov. 7, alongside Zimbabwe’s ZimSat-1, with officials saying it will help Uganda monitor weather and disasters, map its mineral wealth and generate other crucial data. "Today, Friday Dec 2, 2022 at 1045 EAT Uganda’s first satellite PearlAfricaSat-1 was deployed into orbit from the International Space Station," Monica Musenero Musanza, minister for science, technology and innovation said in a statement.

READ THE STORY: DUNYAN News

Sivers Semiconductors signs $16.4 agreement with European satellite communications company

FROM THE MEDIA: Sivers Semiconductors AB ("Sivers") today announces that its business unit, Sivers Wireless, has signed a strategic development agreement worth $16.4 million (approx. 170 MSEK) with a European satellite communications company to develop several chipsets for satellite communication ground terminals. Sivers has already received purchase orders of approx. 16.1 MSEK for development work to this project from August to November 2022 (whereof 7.5 MSEK was announced on 27th of September). The agreement includes the development of multiple chips, forming the core of the customer's next generation of ground terminals, which is redefining communications by enabling ubiquitous connectivity and once-unattainable performance and functionality across a broad range of SATCOM markets.

READ THE STORY: Market Screener

Items of interest

US chip group: $52b is not enough, we need an extra $30b in federal funding

FROM THE MEDIA: America's top booster for federal semiconductor aid is arguing that the country needs to spend tens of billions more in silicon incentives to ensure it doesn't lose leadership in chip design to other countries. In a report released on Wednesday, the Semiconductor Industry Association (SIA) said the US should invest roughly $20 billion to $30 billion in semiconductor design and research and development through 2030 on top of the $52 billion in chip manufacturing subsidies that were approved by Congress in July. The group hired Boston Consulting Group to crunch numbers and lay out the reasoning.

READ THE STORY: The Register

Jammer! He Just Wanted Privacy, But This Little Device Caused Big Trouble (Video)

FROM THE MEDIA: Gary Bojczak drove a truck for a construction company that was constantly tracking his vehicle. Plugging a little dongle into the cigarette lighter could block that surveillance, but ended up causing way more problems than it solved.

Qakbot Campaign and the Black Basta Ransomware Group (Video)

FROM THE MEDIA: The Cybereason Global SOC (GSOC) team is investigating Qakbot infections observed in customer environments related to a potentially widespread ransomware campaign run by Black Basta.

Daily Drop (331)

Bob Bragg — Fri, 02 Dec 2022 11:09:06 GMT

Friday, December 02, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

UPDATE: Mozilla and Microsoft distrust TrustCor root certificates in their browsers

FROM THE MEDIA: There is no evidence to suggest that TrustCor violated conduct, policy, or procedure' says biz. New information came to light during the course of the discussion on the security group. A representative of TrustCor provided information. In the end, it was clear that there were ties between Measurement Systems and TrustCor, at least until 2021, and that one developer hired by TrustCor had access to an unobfuscated version of the source code of the Measurement System malware SDK. However, there no evidence of the mis-issuing of certificates was presented. Mozilla decided to distrust TrustCor certificates from November 30, 2022 that are included in the Mozilla root store.

READ THE STORY: GHACKS // The Register

How Ukrainians have fought back with humorous war-related memes

FROM THE MEDIA: Since the start of Russia’s full-scale invasion, Ukrainians have fought back with humor, creating a trove of war-related memes that have countered Russian propaganda and disinformation campaigns. The Kyiv Independent has offered a handy guide to making sense of these Ukrainian memes that have been thriving on social media ever since a defiant Ukrainian border guard on Snake Island said “Russian warship, go fu-k yourself” on the first day of the war.

READ THE STORY: Daily Kos

W4SP continues to nest in PyPI: Same supply chain attack, different distribution method

FROM THE MEDIA: Days after researchers for Phylum and Checkmarx revealed an ongoing software supply chain attack spreading the W4SP Stealer malware through malicious packages on the Python Package Index (PyPI), ReversingLabs researchers discovered 10 additional PyPI packages pushing modified versions of W4SP that were overlooked. The newly discovered packages appear to be part of the same campaign but are using slightly modified versions of the W4SP Stealer malware and different command and control infrastructure. Here’s our discoveries and indicators of compromise (IOCs), as well as links to a ReversingLabs YARA rule that can be used to detect the malicious Python packages in your environment.

READ THE STORY: Security Boulevard

WhatsApp Files on Dark Web Show Millions of Records For Sale

FROM THE MEDIA: In mid-November, a threat actor posting on a dark web forum claimed to have stolen the personal information of almost 500 million WhatsApp users. Now, Check Point Research (CPR) has published a new advisory analyzing the exposed files and confirming the leak includes 360 million phone numbers from 108 countries. While CPR was unable to confirm the leaked numbers belonged to WhatsApp users, their analysis showed that the phone numbers varied in quantity among countries, ranging from 604 in Bosnia and Herzegovina to 35 million attributed to Italy.

READ THE STORY: InfoSecMag

CISA: Cuba ransomware group has stolen $60 million from at least 100 organizations

FROM THE MEDIA: The Cuba ransomware group has launched attacks against 100 organizations around the world and brought in $60 million between December 2021 and August 2022, according to a new advisory from the Cybersecurity and Infrastructure Security Agency (CISA) and FBI. The two agencies also said there is no indication that the group is based in or has any connection to the Republic of Cuba. The advisory follows a December 2021 release from the FBI that found the group earned at least $43.9 million from ransom payments after attacks on at least 49 entities in five critical infrastructure sectors.

READ THE STORY: The Record // CISA

Archives overtake Office formats as top file type for delivering malware

FROM THE MEDIA: HP Wolf Security on Thursday reported in its Q3 report that archives have become the most popular file type for delivering malware, seeing an 11% growth in samples isolate compared with Q2, overtaking Office formats for the first time. The HP report found that attackers are bypassing perimeter network security controls such as email scanners by encrypting malicious payloads inside archives and HTML files. They then rely on social engineering techniques — mainly via email — to lure in unsuspecting victims.

READ THE STORY: SCMAG

Hackers Target Colombia's Healthcare System With Ransomware

FROM THE MEDIA: Colombian healthcare provider Keralty reported a ransomware attack on Sunday, which affected its systems as well as two of its subsidiaries: EPS Sanitas and Colsanitas. The attack has been reported on by Colombian news outlet El Tiempo, and would have disrupted the companies' IT operations, websites and scheduling of medical appointments. Keralty said on Monday they were suffering technical issues but did not disclose the cause. On Tuesday, the company released an additional statement confirming the cyber-attack.

READ THE STORY: InfoSecMag

Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days

FROM THE MEDIA: A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to deploy a payload to a target device," Google Threat Analysis Group (TAG) researchers Clement Lecigne and Benoit Sevens said in a write-up.

READ THE STORY: THN // InfoSecMag

New DuckLogs malware service claims having thousands of ‘customers’

FROM THE MEDIA: A new malware-as-a-service (MaaS) operation named 'DuckLogs' has emerged, giving low-skilled attackers easy access to multiple modules to steal information, log key strokes, access clipboard data, and remote access to the compromised host. DuckLogs is entirely web-based. It claims to have thousands of cybercriminals paying a subscription to generate and launch more than 4,000 malware builds.

READ THE STORY: Bleeping Computer

New Redigo malware drops stealthy backdoor on Redis servers

FROM THE MEDIA: A new Go-based malware threat that researchers call Redigo has been targeting Redis servers vulnerable to CVE-2022-0543 to plant a stealthy backdoor and allow command execution. CVE-2022-0543 is a critical vulnerability in Redis (Remote Dictionary Server) software with a maximum severity rating. It was discovered and fixed in February 2022. Attackers continued to leverage it on unpatched machines several months after the fix came out, as proof-of-concept exploit code became publicly available. The name of the malware, Redigo, was coined from the machine it targets and the programming language for building it.

READ THE STORY: Bleeping Computer

Android malware infected 300,000 devices to steal Facebook accounts

FROM THE MEDIA: An Android malware campaign masquerading as reading and education apps has been underway since 2018, attempting to steal Facebook account credentials from infected devices. According to a new report by Zimperium, the campaign has infected at least 300,000 devices across 71 countries, primarily focusing on Vietnam. Some apps used for spreading the trojan, which Zimperium named 'Schoolyard Bully,' were previously on Google Play but have since been removed.

READ THE STORY: Bleeping Computer

Chinese protesters back Iranian women, Ethiopia hosts internet meet while keeping the internet off, and NSO’s legal woes

FROM THE MEDIA: It feels as if the world can see and hear the voices of regular people in China in a way that seemed impossible just a few weeks ago. Reports of new demonstrations happening in different city plazas and university campuses across the country seem to surface by the hour. Protesters are taking incredible risks in the face of China’s notorious surveillance regime, most of them for the very first time. China operates the world’s most powerful and sophisticated digital censorship apparatus for this express purpose: to keep people quiet.

READ THE STORY: CODA

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

FROM THE MEDIA: A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 (CVSS score: 9.8), the shortcoming could be trivially abused by a malicious actor without any privileges. "The vulnerability is found in the Dev UI Config Editor, which is vulnerable to drive-by localhost attacks that could lead to remote-code execution (RCE)," Contrast Security researcher Joseph Beeton, who reported the bug, said in a write-up.

READ THE STORY: THN

Google warns about commercial Heliconia spyware hitting Chrome, Firefox and Microsoft Defender

FROM THE MEDIA: Google's Threat Analysis Group (TAG) said on Wednesday that its researchers discovered commercial spyware called Heliconia that's designed to exploit vulnerabilities in Chrome and Firefox browsers as well as Microsoft Defender security software. Google's researchers said they became aware of the framework after an anonymous Chrome bug report that included instructions and source code with the names "Heliconia Noise," "Heliconia Soft" and "Files."

READ THE STORY: The Register

Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable

FROM THE MEDIA: The Legit Security Research Team discovered a new class of software supply chain vulnerabilities that leverages artifact poisoning and attacks the underlying software development pipelines for projects using GitHub Actions. In this fourth blog covering vulnerable GitHub Actions, we will explore this new technique of artifact poisoning and describe who could be vulnerable, including how we found this vulnerability in the Rust programming language and assisted in its remediation.

READ THE STORY: Security Boulevard

Exchange Online and Microsoft Teams go down across Asia

FROM THE MEDIA: Microsoft's flagship cloudy productivity services are down across the Asia-Pacific region. "Our initial investigation indicates that there our service infrastructure is performing at a sub-optimal level, resulting in impact to general service functionality" states an advisory time-stamped 12:41PM on December 2. The incident means customers of Exchange Online may not be able to access the service, send email and/or files, or use what Microsoft described as "General functionality".

READ THE STORY: The Register

Twitter Discontinuing its Covid19 Misinformation Policy Distorts Free Speech

FROM THE MEDIA: Twitter added a one-line update on its online rules on Monday night: “Effective November 23, 2022, Twitter is no longer enforcing the Covid19 misleading information policy.” This marks an end the platform’s nearly three-year-long effort in curbing misinformation relating to the Covid19 pandemic. Healthcare workers fear the discontinuation of the misinformation policy — together with Musk’s ideas to verify any account for $8 — could spell serious trouble for public health. As the latest change in the social media site after the takeover by Elon Musk, the move raises questions about how technocrats like Musk view free speech.

READ THE STORY: The Swaddle

Ransomware attack against Guatemala’s Foreign Ministry under investigation

FROM THE MEDIA: Guatemala's Ministry of Foreign Affairs has not provided any details regarding a ransomware attack earlier this year amid the ongoing investigation into the incident, according to The Record, a news site by cybersecurity firm Recorded Future. The Onyx ransomware operation listed Guatemala's Foreign Affairs Ministry on its leak site in late September and on Nov. 21. Initially identified in April and reported by BlackBerry researchers to have used ransomware based on the Chaos v4.0 ransomware builder, the Onyx ransomware gang was later noted by Dragos researchers to be launching attacks against critical infrastructure operations.

READ THE STORY: SCMAG

War against infrastructure, kinetic and cyber

FROM THE MEDIA: Further Russian withdrawals from the towns around Kherson, but on the east bank of the Dnipro, are being reported, according to the Telegraph. Russia's partial mobilization remains deeply unpopular, and military-aged men have been voting with their feet. Some estimates put the number of those fleeing conscription as high as a million. A report by Foreign Policy notes an interesting sidelightt (Extra credit to the two who crossed the Bering Sea to Alaska in a small boat--that's showing motivation of the highest degree).

READ THE STORY: The Cyberwire

Of Exploits and Experts: The Professionalization of Cybercrime

FROM THE MEDIA: Just as you keep up with the latest news, tools, and thought leadership in order to protect and secure your organization from cybercriminals, your adversaries are doing the same thing. They are connecting on forums, evaluating new software tools, talking with potential buyers, and searching for new ways to outsmart your security stack. A peek into their world shows they have advanced capabilities that often outmaneuver well-funded security teams and corporate security tools, especially when pitted against legacy solutions like signature-based antiviruses.

READ THE STORY: DARKReading

Russian embassy claims Australian Federal Police yet to get in touch over Medibank hackers

FROM THE MEDIA: Russia has denied any contact from Australian authorities over the Medibank hack, three weeks after federal police singled out Russian cyberhackers. Australian Federal Police (AFP) commissioner Reece Kershaw said on 11 November a group of "loosely affiliated cybercriminals” from Russia was responsible for the hack which affected 9.7 million current and former Medibank customers, and that talks would be held with Russian law enforcement agencies about the bad actors.

READ THE STORY: SBSnews

Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines

FROM THE MEDIA: An attacker submitting changes to an open source repository on GitHub could cause downstream software projects that include the latest version of a component to compile updates with malicious code. That's according to software supply chain security firm Legit Security, which said in an advisory published on Dec. 1 that this "artifact poisoning" weakness could affect software projects that use GitHub Actions — a service for automating development pipelines — by triggering the build process when a change is detected in a software dependency.

READ THE STORY: DARKReading

A Syntax Error Led to Crashing of KmsdBot Cryptomining Botnet

FROM THE MEDIA: Named by Akamai Security Intelligence Response Team (SIRT) in November 2022, KmsdBot is was a crypto mining botnet equipped with command-and-control abilities. It infected victims by exploiting weak credentials and SSH via brute force. The Akamai team assessed and reported on the botnet after one of its honeypots got infected. The botnet targeted both Linux and Windows devices using a range of microarchitectures to deploy mining software and include the compromised hosts in its DDoS bot army. Its main targets included gaming and tech firms and luxury vehicle makers.

READ THE STORY: Hackread

Eufy's security cameras send data to the cloud without consent, and that's not the worst part

FROM THE MEDIA: Eufy's claims to keep "privacy in your own hands" have been rendered null, after a researcher caught the security camera company uploading local-only footage to the cloud without user authorization or knowledge. To top it all off, users have also been made aware that you can watch camera streams using VLC without authentication. Paul Moore, a security researcher, was the first to expose the security flaw in local data being stored in the cloud.

READ THE STORY: ZDNET

Department of Energy taps blockchain for electricity grid cybersecurity amid rising vulnerabilities

FROM THE MEDIA: Oak Ridge National Laboratory (ORNL), a Department of Energy (DOE) research institute, is exploring the use of distributed ledger technology (DLT), or blockchain technology, to make electricity grids impervious to cybersecurity attacks. ORNL notes that DLT could hold the key to solving the existential threats plaguing America’s energy grid. The team argues that the decentralized nature of distributed ledgers creates multiple hash copies, triggering an alert if nodes have inconsistent data.

READ THE STORY: COINGEEK

Ukrainian engineers scramble to keep mobile phones working

FROM THE MEDIA: With Ukraine scrambling to keep communication lines open during the war, an army of engineers from the country’s phone companies has mobilized to help the public and policymakers stay in touch during repeated Russian missile and drone strikes. The engineers, who typically go unseen and unsung in peacetime, often work around the clock to maintain or restore phone service, sometimes braving minefields to do so. After Russian strikes took out the electricity that cellphone towers usually run on, they revved up generators to keep the towers on.

READ THE STORY: My Journal Courier

Proceeds from sale of Banksy sculpture will aid refugees

FROM THE MEDIA: A Banksy sculpture is up for sale during Miami Art Week at the satellite fair Context Art Miami (until 4 December), with up to 50% of the total sales benefitting Choose Love, an advocacy organization that provides humanitarian aid to refugees around the world. Dream Boat is a coin-operated piece that debuted in 2015 as part of the mysterious artist’s “Dismaland” project, a pop-up dystopian theme park in Somerset, England. The arresting fibreglass-and-resin object depicts a crowded boat of refugees. In its original display, the boat floated around a dingy outdoor fountain, chased by a menacing miniature coast guard.

READ THE STORY: The Art Newspaper

FCC authorizes SpaceX to begin deploying up to 7,500 next-generation Starlink satellites

FROM THE MEDIA: The Federal Communications Commission issued a key authorization to Elon Musk’s SpaceX on Thursday, granting approval for the company to move forward with launching up to 7,500 next-generation satellites in its Starlink internet network. “Our action will allow SpaceX to begin deployment of Gen 2 Starlink,” the FCC wrote in the order. The FCC did not grant SpaceX’s full application, which included deployment of nearly 30,000 satellites in low Earth orbit, and it placed some conditions on the company’s plan to deploy the satellites.

READ THE STORY: CNBC

The PLA And Intelligentized Warfare

FROM THE MEDIA: China is deploying advanced technologies, including artificial intelligence (AI) and machine learning, automation and robots, quantum computing, big data, 5G networking, and the Internet of Things (IoT), for military purposes. In its 14th Five Year Plan (FYP) (2021–25), China outlined the main aims and objectives of modernizing the People’s Liberation Army (PLA), including that of ‘elevating the level to being an intelligent force’.

READ THE STORY: Eurasia Review

China rapidly building space arms to ‘blind and deafen’ U.S. military

FROM THE MEDIA: China’s military is rapidly building a large force of space weapons, including sophisticated anti-satellite missiles, lasers, jammers, orbiting killer robots and cyber tools, designed to “blind and deafen” the American military in a future war, the U.S. military is warning. New details of Beijing’s growing space arms arsenal were revealed the Pentagon’s latest annual report to Congress on the Chinese military, released publicly on Tuesday.

READ THE STORY: Washington Times

How Much Of Chinese 5G Technology Is Still Used In Europe

FROM THE MEDIA: For many years European telecom operators have used Chinese 3G and 4G technology from vendors such as Huawei and ZTE. The issue was a no-brainer. China was not seen as a national security threat –in fact, the EU had signed a comprehensive strategic partnership with China in 2003– and Chinese technology was cheaper and, for many tech experts, even better than that of European vendors like Ericsson and Nokia. Hence, many European telecoms signed strategic partnerships with their Chinese providers and used their technology both in Europe and in their overseas businesses in the Global South.

READ THE STORY: Eurasia Review

Chinese firm selling surveillance tech to Iran comes under scrutiny

FROM THE MEDIA: As Iran tries to stifle anti-regime protests, human rights advocates and lawmakers are concerned Iranian authorities can draw on sophisticated video surveillance technology provided by a Chinese company that uses U.S. manufactured chips. Tiandy Technologies has sold its surveillance cameras to Iran’s Revolutionary Guards and other security services, according to a Tiandy website and social media posts. Intel Corp., one of America’s major semiconductor firms, lists the Chinese company as a partner, providing Intel-made processors for some of Tiandy’s video recording equipment.

READ THE STORY: NBC News

Items of interest

The Russian Threat to Subsea Cable Internet Infrastructure

FROM THE MEDIA: Increased Russian naval activity in recent years around deep-sea cables, the critical infrastructure of the global internet, has heightened concerns that Russia may target them in an effort to disrupt Western daily life as the country seeks new means of coercion amid its war in Ukraine. Deep-sea or submarine cables are fiber optic cables that lay the foundation for global internet connectivity across the world. The cables, which are often thousands of miles/kilometers in length, transmit an estimated 95% of international data traffic from country to country by connecting two or more land points across bodies of water.

READ THE STORY: DRANE

Putin’s Secret Private Army: The Wagner Group (Video)

FROM THE MEDIA: Who are the Wagner group.

Russian mercenary videos 'top 1bn views' on TikTok (Video)

FROM THE MEDIA: Russian mercenary videos 'top 1bn views' on TikTok.

Daily Drop (330)

Bob Bragg — Thu, 01 Dec 2022 10:19:11 GMT

Thursday, December 01, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

Thursday, December 01, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

Web browsers drop mysterious company with ties to U.S. military contractor

FROM THE MEDIA: Major web browsers moved Wednesday to stop using a mysterious software company that certified websites were secure, three weeks after The Washington Post reported its connections to a U.S. military contractor. Mozilla’s Firefox and Microsoft’s Edge said they would stop trusting new certificates from TrustCor Systems that vouched for the legitimacy of sites reached by their users, capping weeks of online arguments among their technology experts, outside researchers and TrustCor, which said it had no ongoing ties of concern. Other tech companies are expected to follow suit.

READ THE STORY: WP // Google Groups

New Exploit Broker on the Scene Pays Premium for Signal App Zero-Days

FROM THE MEDIA: Gray-market exploit brokers are alive and kicking, with the latest sign of this flourishing market coming in the form of a bidding war for Signal messaging app zero-days from a relatively new entrant. Russia-based OpZero went on the record recently with a $1.5 million offer for Signal remote code execution (RCE) exploits, more than tripling the relatively stable high-water mark for that app offered by American firm Zerodium.

READ THE STORY: DARKReading

Vatican hit by suspected cyber attack days after Pope criticizes Russia

FROM THE MEDIA: The Vatican's website was down on Wednesday evening amid "abnormal access attempts", according to the Holy See. “Technical investigations are ongoing due to abnormal attempts to access the site,” Vatican spokesman Matteo Bruni said. He did not give any further information. Throughout Wednesday, several Vatican sites were offline and the official Vatican.va website was inaccessible well into the evening. The suspected hack came a day after Moscow rebuked Pope Francis’s latest condemnation of Russia’s invasion of Ukraine.

READ THE STORY: Euronews

TikTok users must be cautious about malware filled ‘Invisible Challenge’

FROM THE MEDIA: To all those who are about to take part in TikTok’s latest ‘Invisible Challenge’ where you are supposed to use a software filter while dancing N$de to shield your modesty, here’s a warning. According to a discovery and report released by cybersecurity firm Checkmarx, some hackers are hijacking the trend to steal victims’ information and that can turn more surreptitious in the coming weeks. Checkmarx experts state that some online users were being lured by threat actors to download a ‘Space Unfilter’ software that helps download videos to reveal the hidden nak*d bodies of TikTok users who already took the ‘Invisible Challenge’.

READ THE STORY: Cyber Security Insiders // Security Affairs

Guatemala’s Foreign Ministry investigating ransomware attack

FROM THE MEDIA: Guatemala’s Foreign Ministry said it is investigating a ransomware attack that happened earlier this year. The Ministry of Foreign Affairs shared the Law on Access to Public Information with The Record and said they were unable to comment on the cyberattack because of it. “The Ministry is not in a position to respond to your request, since it is in the investigation phase,” a spokesperson said. The Foreign Ministry was added to the leak site of the Onyx ransomware group on September 27 and was added again on November 21.

READ THE STORY: The Record

China-Based Hackers Target Southeast Asia With USB-Based Malware

FROM THE MEDIA: Cyber espionage activity relying on USB devices as an initial infection vector has been spotted targeting public and private entities in Southeast Asia and the Philippines in particular. Cybersecurity experts at Mandiant shared their findings about the new campaigns on Monday, attributing them to a China-based threat actor they call UNC4191. According to the technical write-up, UNC4191 operations have affected several entities in Southeast Asia but also in the US, Europe and Asia Pacific Japan.

READ THE STORY: InfoSecMag

LastPass says it was breached — again

FROM THE MEDIA: Password manager LassPass said it’s investigating a security incident after its systems were compromised for the second time this year. LastPass chief executive Karim Toubba said in a blog post that an “unauthorized party” recently gained access to some customers’ information stored in a third-party cloud service shared by LastPass and its parent company, GoTo. Toubba said the unauthorized party used information stolen from LastPass’ systems in August, which the company disclosed at the time.

READ THE STORY: TechCrunch

North Korea Hackers Using New "Dolphin" Backdoor to Spy on South Korean Targets

FROM THE MEDIA: The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. "The backdoor [...] has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing credentials from browsers," ESET researcher Filip Jurčacko said in a new report published today. Dolphin is said to be selectively deployed, with the malware using cloud services like Google Drive for data exfiltration as well as command-and-control.

READ THE STORY: THN // Bleeping Computer

Zero-Day Flaw Discovered in Quarkus Java Framework

FROM THE MEDIA: A high-severity zero-day vulnerability has been discovered in the Red Hat build of Quarkus, a full-stack, Kubernetes-native Java framework optimized for Java virtual machines (JVMs) and native compilation. Tracked CVE-2022-4116, the flaw has a CVSS v3 base score rating of 9.8 and can be found in the Dev UI Config Editor, which is vulnerable to drive-by localhost attacks, potentially leading to remote code execution (RCE). According to Joseph Beeton, a senior application security researcher at Contrast Security, exploiting the vulnerability is relatively straightforward and can be done by a threat actor without any privileges.

READ THE STORY: InfoSecMag

Hyundai vulnerability allowed remote hacking of locks, engine

FROM THE MEDIA: Security researchers have discovered a vulnerability affecting Hyundai and Genesis cars, which would have allowed hackers to remotely control functions such as the door locks and engine. The exploit impacts cars by Hyundai and Genesis released since 2012 and targets a weakness in the use of insecure vehicle data in mobile apps intended for use by the owners of the vehicles. The API calls used to control the locks, horn, engine, headlights, and boot controls of cars were easily exploitable, and could be backwards engineered to give hackers full remote access to the car’s functions, the researchers said.

READ THE STORY: TechCentral

Singapore releases blueprint to combat ransomware attacks

FROM THE MEDIA: Singapore has released what it says is a blueprint to combat growing ransomware threat and offer guidelines on how to mitigate such attacks. These include a reference ransomware "kill chain" and recommendations on whether to pay ransom demands. Ransomware risks had increased significantly in scale and impact, becoming an "urgent" problem that countries including Singapore must address, said Cyber Security Agency (CSA) in a statement Wednesday.

READ THE STORY: ZDNET

Keralty ransomware attack impacts Colombia's health care system

FROM THE MEDIA: The Keralty multinational healthcare organization suffered a RansomHouse ransomware attack on Sunday, disrupting the websites and operations of the company and its subsidiaries. Keralty is a Colombian healthcare provider that operates an international network of 12 hospitals and 371 medical centers in Latin America, Spain, the US, and Asia. The group employs 24,000 people and 10,000 medical doctors who provide healthcare to over 6 million patients. The company offers further healthcare services through its subsidiaries, Colsanitas, Sanitas USA, and EPS Sanitas.

READ THE STORY: Bleeping Computer

GoTo says hackers breached its dev environment, cloud storage

FROM THE MEDIA: Remote access and collaboration company GoTo disclosed today that they suffered a security breach where threat actors gained access to their development environment and third-party cloud storage service. GoTo (formerly LogMeIn) began emailing customers Wednesday afternoon, warning that they have started investigating the cyberattack with the help of Mandiant and have alerted law enforcement. The company says they first learned of the incident after detecting unusual activity in their development environment and third-party cloud storage service.

READ THE STORY: Bleeping Computer

Black Basta Crew using Qakbot in widespread Ransomware Strikes

FROM THE MEDIA: A potentially widespread ransomware campaign run by the Black Basta hacking crew is primarily targeting U.S.-based companies with Qakbot (aka QBot, Pinkslipbot) malware, a new Cybereason report said. Black Basta, which surfaced this past April and is composed of founding Conti members, typically targets organizations in the U.S., Canada, U.K., Australia, and New Zealand. The group is known for pilfering sensitive information and then extorting victims for as much as $2 million by threatening to post the data on the dark market unless the victim meets its ransomware demands.

READ THE STORY: MSSPAlert

Let Data Breach Victims Sue Marriott

FROM THE MEDIA: A company harvested your personal data, but failed to take basic steps to secure it. So thieves stole it. Now you’ve lost control of your data, and you’re at greater risk of identity theft. But when you sue the negligent company, they say you haven’t really been injured, so you don’t belong in court – not unless you can prove a specific economic harm on top of the obvious privacy harm. We say “no way.” Along with our friends at EPIC, and with assistance from Morgan & Morgan, EFF recently filed an amicus brief arguing that negligent data breaches inflict grievous privacy harms in and of themselves, and so the victims have “standing” to sue in federal court – without the need to prove more.

READ THE STORY: EFF

CI Fuzz CLI Brings Fuzz Testing to Java Applications

FROM THE MEDIA: The open source security tool CI Fuzz CLI now supports Java, according to Code Intelligence, the company behind the project. Back in September, Code Intelligence announced CI Fuzz CLI, which lets developers run coverage-guided fuzz tests directly from the command line to find and fix functional bugs and security vulnerabilities at scale. CI Fuzz CLI can be integrated into common build systems such as Maven and Bazel; integrated development environments (IDEs), and continuous integration/continuous delivery (CI/CD) tools such as Jenkins.

READ THE STORY: DARKReading

Lockbit 3.0 has BlackMatter ransomware code, wormable traits

FROM THE MEDIA: The latest version of the LockBit ransomware strain contains new capabilities and utilizes features of another prominent ransomware, BlackMatter, according to Sophos research published Wednesday. Sophos said it analyzed multiple incidents utilizing the latest version of LockBit, referred to as LockBit 3.0 or "LockBit Black." The original LockBit ransomware was first observed in mid-2019, with an upgraded 2.0 version discovered last year. Version 3.0 was initially tracked earlier this year. Most recently, source code for the new variant was leaked in September.

READ THE STORY: TechTarget

IKEA’s Kuwait, Morocco franchises hit by Vice Society ransomware gang

FROM THE MEDIA: Major Swedish furniture retail firm IKEA had its Kuwait and Morocco franchises compromised by the Vice Society ransomware gang, resulting in disruptions for certain operating systems, according to The Record, a news site by cybersecurity firm Recorded Future. Vice Society added both IKEA franchises on its leak site on Monday, with the shared file names suggesting the theft of business and employee data, as well as information from Jordan-based IKEA outlets.

READ THE STORY: SCMAG

PII May Have Been Stolen in Virginia County Ransomware Attack

FROM THE MEDIA: Personal identifiable information may have been leaked in a recent ransomware attack targeting Southampton County in the state of Virginia. The county recently warned individuals that their information may have been stolen after cybercriminals were able to gain access to a single server and encrypted it. Southampton County stated that its IT team took appropriate steps to contain the incident and are also conducting an investigation to determine the nature and scope of the data breach.

READ THE STORY: OODALOOP

Ransomware Gang Takes Credit for Maple Leaf Foods Hack

FROM THE MEDIA: The Black Basta ransomware group has claimed responsibility for an attack that occurred earlier this month targeting Maple Leaf Foods. The company experienced outages as a result of the cyberattack despite taking action immediately after identifying the breach. The Canadian packaged meats company has not verified the extent of financial losses caused by the cyberattack. Additionally, it is unclear whether the company plans on paying a ransom or has done so, however, the hacking group has already begun to leak data indicating that the company has not given into demands.

READ THE STORY: OODALOOP

Australia will now fine firms up to AU$50 million for data breaches

FROM THE MEDIA: The Australian parliament has approved a bill to amend the country's privacy legislation, significantly increasing the maximum penalties to AU$50 million for companies and data controllers who suffered large-scale data breaches. The financial penalty introduced by the new bill is set to whichever is greater: AU$50 million, Three times the value of any benefit obtained through the misuse of information or 30% of a company's adjusted turnover in the relevant period.

READ THE STORY: Bleeping Computer

A syntax error took down the KmsdBot cryptomining botnet, effectively killing it

FROM THE MEDIA: Akamai on Wednesday reported that in some continued research its team did on the KmsdBot, a syntax error caused the bot to stop sending commands, effectively killing the botnet. The Akamai researchers had earlier released a blog post about the KmsdBot, a cryptomining botnet with command-and-control capabilities that infected victims via SSH and weak credentials. The Akamai team had analyzed and reported on KmsdBot after it infected one of its honeypots. “It’s not often we get this kind of story in security,” said the researchers. “In our world of zero-days and burnout, seeing a threat that can be mitigated with the coding equivalent of a typo is a nice story.”

READ THE STORY: SCMAG

Medibank hackers declare 'case closed'

FROM THE MEDIA: Australia's information commissioner has begun an investigation into Medibank's data-handling practices as the hackers behind the breach dumped the last customer information they stole on the dark web. The health insurer reported the breach on October 13 and the Russian ransomware group has been releasing customer information in a staged manner since early November. But the Office of the Australian Information Commissioner confirmed on Thursday it was examining Medibank after preliminary inquiries found enough evidence to press further.

READ THE STORY: Perthnow

Reformed Russian Cybercriminal Warns That Hatred Spreads Hacktivism

FROM THE MEDIA: Dmitry Smilyanets cost U.S. companies hundreds of millions of dollars when he was a hacker living in Russia in the 2000s. He said a selfie from a trip to Amsterdam in 2012 tipped off U.S. authorities to his whereabouts, ultimately landing him in prison. Mr. Smilyanets now helps companies protect themselves against cyberattacks and studies the activity of Russian ransomware gangs as principal product manager for identity intelligence at the cybersecurity company Recorded Future Inc. He is the subject of a WSJ podcast series, Hack Me If You Can.

READ THE STORY: WSJ

Cybersecurity researchers take down DDoS botnet by accident

FROM THE MEDIA: While analyzing its capabilities, Akamai researchers have accidentally taken down a cryptomining botnet that was also used for distributed denial-of-service (DDoS) attacks. As revealed in a report published earlier this month, the KmsdBot malware behind this botnet was discovered by members of the Akamai Security Intelligence Response Team (SIRT) after it infected one of their honeypots. KmsdBot targets Windows and Linux devices with a wide range of architectures, and it infects new systems via SSH connections that use weak or default login credentials.

READ THE STORY: Bleeping Computer

Spyware vendor Variston exploited Chrome, Firefox and Windows zero-days, says Google

FROM THE MEDIA: A Barcelona-based company that bills itself as a custom security solutions provider exploited several zero-day vulnerabilities in Windows, and Chrome and Firefox browsers to plant spyware, say Google security researchers. In research shared with TechCrunch ahead of publication on Wednesday, Google’s Threat Analysis Group (TAG) says it has linked Variston IT, which claims to offer tailor-made cybersecurity solutions, to an exploitation framework that enables spyware to be installed on targeted devices.

READ THE STORY: TechCrunch

A Hacked Newsroom Brings a Spyware Maker to U.S. Court

FROM THE MEDIA: Roman Gressier, an American journalist working for the Salvadoran news outlet El Faro, spent the spring of 2021 in his small, dorm-like apartment outside the capital. He was twenty-six, and had recently moved to San Salvador to pursue his long-standing ambition of working for El Faro, one of Central America’s foremost news organizations. Breaking a string of stories documenting corruption and malfeasance in the administration of El Salvador’s populist President, Nayib Bukele, El Faro has become a leading source of accountability in Central American media—and a source of frustration to Bukele.

READ THE STORY: The New Yorker

SpaceX's Starlink hit by global outage

FROM THE MEDIA: SpaceX's satellite Internet service has been impacted by a global outage. The issue appears to have caused near total downtime for 22 minutes, and users are still reporting some problems. "The SpaceX Starlink satellite Internet service experienced a global outage beginning at 20:56 UTC today," Doug Madory, the director of Internet analysis at network observability company Kentik, said on Twitter.

READ THE STORY: DCD

Amazon Satellite Experiment Puts the Cloud in Low Earth Orbit

FROM THE MEDIA: Satellite operators are often challenged by the horrendous amounts of data that satellites collect and transmit back to Earth. A recent experiment with prototype Amazon Web Services (AWS) software suggests cloud-based solutions, when used way above Earth’s actual clouds, can lessen the data load. AWS, describing the experiment as the “first of its kind,” announced the test at the Amazon subsidiary’s re:Invent conference in Las Vegas on Tuesday.

READ THE STORY: Gizmodo

Internet of Military Things (IoMT) and the Future of Warfare

FROM THE MEDIA: The Internet of Military Things (IoMT) is a class of heterogeneously connected devices employed for future warfare. It has wide applications in advanced combat operations and intelligence-oriented warfare. For example, it allows real-time connection among devices, such as between unmanned vehicles and a central command station. Likewise, it would enable a broader warfighting concept interpreted as Joint All Domain Command and Control (JADC2) by the United States (US) military. JADC2 is based on a similar network of sensors that connect all battlefield devices.

READ THE STORY: Modern Diplomacy

NVIDIA releases GPU driver update to fix 29 security flaws

FROM THE MEDIA: NVIDIA has released a security update for its GPU display driver for Windows, containing a fix for a high-severity flaw that threat actors can exploit to perform, among other things, code execution and privilege escalation. The latest security update addresses 25 vulnerabilities on the Windows and Linux GPU drivers, while seven flaws are categorized as high-severity.

READ THE STORY: Bleeping Computer

What is Ransom Cartel? A ransomware gang focused on reputational damage

FROM THE MEDIA: Ransom Cartel, a ransomware-as-a-service (RaaS) operation, has stepped up its attacks over the past year after the disbanding of prominent gangs such as REvil and Conti. Believed to have launched in December 2021, Ransom Cartel has made victims of organizations from among the education, manufacturing, utilities, and energy sectors with aggressive malware and tactics that resemble those used by REvil.

READ THE STORY: ARN

Items of interest

Russia launches final GLONASS-M navigation satellite into orbit

FROM THE MEDIA: Russia added another piece to its GLONASS satellite-navigation network on Monday (Nov. 28). A Soyuz rocket rocket topped with a GLONASS-M satellite lifted off from Plesetsk Cosmodrome in northwestern Russia Monday at 10:17 a.m. EST (1517 GMT; 6:17 p.m. Moscow time). The spacecraft was successfully delivered to its target orbit and has received the designation Cosmos 2564, Roscosmos, Russia's federal space agency, announced via Telegram(opens in new tab) shortly after the launch.

READ THE STORY: SPACE

How does Starlink Satellite Internet Work (Video)

FROM THE MEDIA: With Starlink internet, data is continuously being sent between a ground dish and a Starlink satellite orbiting 550km above. Furthermore, the Starlink satellite zooms across the sky at 27,000km/hr!

Who are the Black Reward Hacking Team (Video)

FROM THE MEDIA: This group has actively targeted the Iranian government with their cyberattacks, in one of their attacks, they claim to have obtained audio recordings of an IRGC general talking with an Qatari about how individuals can be kept out of the World Cup.

Daily Drop (329)

Bob Bragg — Wed, 30 Nov 2022 10:50:19 GMT

Wednesday, November 30, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

Sandworm hacking group linked to new ransomware deployed in Ukraine

FROM THE MEDIA: The notorious state-backed Russian hacking group known as Sandworm may be behind a new wave of ransomware attacks in Ukraine, according to new research from cybersecurity company ESET. Malware called RansomBoggs hit several organizations in Ukraine before it was discovered by the Slovakia-based firm last week. The attack carried multiple references to the animated film Monsters, Inc. The ransom note sent to infected computers was purportedly written on behalf of the movie’s main protagonist, the monster James P. Sullivan, whose job in the film was to scare kids.

READ THE STORY: The Record

Crafty threat actor uses 'aged' domains to evade security platforms

FROM THE MEDIA: A sophisticated threat actor named 'CashRewindo' has been using 'aged' domains in global malvertising campaigns that lead to investment scam sites. Malvertising involves the injection of malicious JavaScript code in digital ads promoted by legitimate advertising networks, taking website visitors to pages that host phishing forms, drop malware, or operate scams. The CashRewindo malvertising campaigns are spread across Europe, North and South America, Asia, and Africa, using customized language and currency to appear legitimate to the local audience.

READ THE STORY: Bleeping Computer

Cyberattackers Selling Access to Networks Compromised via Recent Fortinet Flaw

FROM THE MEDIA: Fortinet customers that have not yet patched a critical authentication bypass vulnerability that the vendor disclosed in October in multiple versions of its FortiOS, FortiProxy, and FortiSwitch Manager technologies now have an additional reason to do so quickly. At least one threat actor, operating on a Russian Dark Web forum, has begun selling access to multiple networks compromised via the vulnerability (CVE-2022-40684), and more could follow suit soon.

READ THE STORY: DarkReading

Oracle Fusion Middleware Flaw Flagged by CISA

FROM THE MEDIA: A critical bug in Oracle's Fusion Middleware Access Manager has landed on the Cybersecurity and Infrastructure Security Agency's list of known exploited vulnerabilities. The critical flaw, tracked under CVE-2021-35587, could allow a threat actor to compromise and take over the Oracle Access Manager. Oracle's Fusion Middleware is an enterprise cloud platform used by customers that include large telecom carriers and factories, according to its site.

READ THE STORY: DarkReading

Espionage group using USB devices to hack targets in Southeast Asia

FROM THE MEDIA: USB devices are being used to hack targets in Southeast Asia, according to a new report by cybersecurity firm Mandiant. The use of USB devices as an initial access vector is unusual as they require some form of physical access — even if it is provided by an unwitting employee — to the target device. Earlier this year the FBI warned that cybercriminals were sending malicious USB devices to American companies via the U.S. Postal Service with the aim of getting victims to plug them in and unwittingly compromise their networks.

READ THE STORY: The Record

ENC Security, the encryption provider for Sony and Lexar, leaked sensitive data for over a year

FROM THE MEDIA: When you buy a Sony, Lexar, or Sandisk USB key or any other storage device, it comes with an encryption solution to keep your data safe. The software is developed by a third-party vendor – ENC Security. Netherlands-based company with 12 million users worldwide provides “military-grade data protection” solutions with its popular DataVault encryption software. As it turns out, ENC Security had been leaking its configuration and certificate files for more than a year, the Cybernews research team discovered.

READ THE STORY: Security Affairs

Software-Defined Vehicles: The Convergence of IT and IoT Behind the Wheel

FROM THE MEDIA: The effects that the digital world can now have on the physical world via cyber-physical systems are more prominent than ever. Organizations need to take note, as this may provide cyber threat actors additional ways to affect a person's physical safety. The rapid development of cyber-physical systems is largely due to two things: the growth and evolution of the internet of things (IoT), and a move toward more software-centric and intrinsically internet- and cloud-reliant technologies. The internet has fast become an integral component to the operation of our devices, as connectivity enables new features that were previously not possible.

READ THE STORY: Blackberry

Binance CEO Warns Users to Be Vigilant as Dark Web Hackers Auction Off 500 Million Whatsapp Numbers

FROM THE MEDIA: Binance CEO Changpeng Zhao has warned users of an upcoming wave of phishing scams as hackers are selling up-to-date mobile phone numbers of nearly 500 million WhatsApp users. In a tweet, Zhao, who goes by the name CZ on Twitter, said over 487 million WhatsApp phone numbers are for sale on the Dark Web. He stated that the numbers seem legit and that users should be prepared to receive phishing links and scam messages.

READ THE STORY: OODALOOP

Trigona ransomware spotted in increasing attacks worldwide

FROM THE MEDIA: A previously unnamed ransomware has rebranded under the name 'Trigona,' launching a new Tor negotiation site where they accept Monero as ransom payments. Trigona has been active for some time, with samples seen at the beginning of the year. However, those samples utilized email for negotiations and were not branded under a specific name. As discovered by MalwareHunterTeam, starting in late October 2022, the ransomware operation launched a new Tor negotiation site where they officially named themselves 'Trigona.'

READ THE STORY: Bleeping Computer

Google files lawsuit accusing ‘G Verifier’ scammers of impersonating company

FROM THE MEDIA: Google announced on Tuesday that it has filed a lawsuit against a company allegedly impersonating it through telemarketing calls and manipulating reviews of Business Profiles on Google Search and Maps. A Google spokesperson shared dozens of reports sent to them from people who said they had been scammed by the company – which went by “G Verifier” – by attempting to charge people for creating Business Profiles, something Google provides for free.

READ THE STORY: The Record

Fake COVID-19 Tracking App Spreads Punisher Ransomware

FROM THE MEDIA: Remember when malicious actors were spreading Nerbian RAT through fake WHO Safety emails on COVID-19? Well, If you believe that threat actors and scammers have given up on COVID-19-related scams, then you are wrong as Punisher ransomware is out there with the help of fake COVID-19 tracking apps. It is just as important now to access reliable sources for COVID-related updates as it was back when the pandemic was at its peak.

READ THE STORY: HackRead

Maryland county disrupted by Thanksgiving cyberattack

FROM THE MEDIA: Some government systems in Maryland's Washington County have been disrupted by a cyberattack on Thanksgiving, with numerous services and websites yet to be restored, Government Technology reports. While Washington County would not be able to accept and process taxes, water and sewer service payments, and permits due to the cyber incident, phone services and 911 have not been impacted by the attack, according to the county.

READ THE STORY: SCMAG

How to find hidden data breaches and uncover threats in your supply chain

FROM THE MEDIA: A company’s supply chain is like a body’s nervous system: a mesh of interconnected manufacturers, vendors, sub-contractors, service delivery firms, even coding and collaboration tools. The connected enterprise is an efficient enterprise. Provided that the supply chain works. Supply chain topics tend to focus on manufacturing and labor. Yet there’s far less attention being given to another aspect of the supply chain, no less important: cybersecurity. When one node of the interconnected enterprise is breached, the pain can spread thick and fast.

READ THE STORY: HelpNetSecurity

Lockheed Martin's Army cyber training platform goes civilian

FROM THE MEDIA: Locheed Martin has bagged a government contract to train 17,000 remote US Army civilian employees on security readiness, and wants to also extend the offer to private entities. The defense contractor will supply the Army's Civilian Career Management Activity with its new Mission Readiness and Reporting (MR2) platform, which was originally designed for the US military's Joint Cyber Command and Control ecosystem. Lockheed Martin describes MR2 as "a simple concept" that operates similarly to other cloud-based management applications and displays data "as a customizable dashboard that monitors the capacity of personnel, teams, equipment and infrastructure."

READ THE STORY: The Register

FTX hacker reportedly transfers a portion of stolen funds to OKX after using Bitcoin mixer

FROM THE MEDIA: Hackers who drained FTX and FTX USA of over $450 million worth of assets just moments after the doomed crypto exchange filed for bankruptcy on Nov. 11, continue to move assets around in an attempt to launder the money. A crypto analyst who goes by ZachXBT on Twitter alleged that the FTX hackers have transferred a portion of the stolen funds to the OKX exchange, after using the Bitcoin mixer ChipMixer. The analyst reported that at least 225 BTC — worth $4.1 million USD — has been sent to OKX so far.

READ THE STORY: Investing

Apple helps the Chinese communists suppress protests

FROM THE MEDIA: While journalists are trying to pressure Apple into dumping Twitter from the app store, Apple is already bending its knee to the Chinese Communist Party, at the expense of protesters in China. With protests spreading across China over Xi Jinping’s zero-COVID strategy, Apple has restricted the use of AirDrop on iPhones and Apple devices in the country. Protesters use AirDrop to bypass the communist regime's censorship of the internet and communicate directly with other protesters by “forming a local network of devices that don’t need the internet to communicate,” according to Quartz.

READ THE STORY: Washington Examiner

Million-dollar bug bounties: The rise of record-breaking payouts

FROM THE MEDIA: Bug bounty rewards have breached the $1 million mark, and there are reports of even higher payouts within the ethical hacking community. But are these ‘mega bounties’ good for security researchers, and the firms that offer them? And are they truly achievable for those partaking? In early 2022, a security researcher named ‘satya0x’ earned $10 million for discovering a vulnerability in crypto platform Wormhole. The reward was paid through Immunefi and – so far, at least – stands as the largest bug bounty payout so far.

READ THE STORY: Portswigger

New Chinese cyberespionage campaign targets Asia and US

FROM THE MEDIA: A recently discovered attack campaign likely run by threat actors in China has been targeting public and private organizations in the Philippines, Europe, and the United States for perhaps as long as a year using multi-stage malware that is capable of self-replicating and is designed to steal data. The campaign may have been ongoing since September 2021 but researchers at Mandiant discovered it recently, and found that the threat actor is relying on the older technique of deploying USB drives with malware on them as the initial infection vector.

READ THE STORY: DUO

Musk suggests that he wants to "go to war" against Apple, starts lobbing "tweet grenades"

FROM THE MEDIA: These days you have to wonder just exactly what is going through the mind of multi-billionaire Elon Musk. After spending $44 billion to buy Twitter, Musk is acting like someone who never made a major decision in his life. He says one thing, reverses direction in a day and reverts back to his original thought a few days later. At this point, can Twitter board members trust him to pick which flavor of ice cream cone to buy at Baskin Robbins? After all, the ice cream purveyor offers 31 flavors.

READ THE STORY: PhoneArena

Fear of 'angry people' drove Bankman-Fried to open withdrawals for Bahamians

FROM THE MEDIA: FTX’s former CEO Sam Bankman-Fried has divulged what really went on in the days before it filed for bankruptcy when the exchange selectively reopened withdrawals — only for Bahamian users. In a telephone interview with crypto blogger Tiffany Fong, dated Nov. 16, Bankman-Fried claims to have made the decision to reopen withdrawals to Bahamian citizens as he did not want himself, nor the exchange, to be in a country “with a lot of angry people in it.”

READ THE STORY: Cointelegraph

Here’s a look at free speech absolutist Elon Musk’s ties to Chinese censorship

FROM THE MEDIA: A good portion of Elon Musk’s time since the Thanksgiving holiday has been devoted to attacking Apple, and subsequently the national media, for not supporting free speech full-throatedly enough. (He fired off five anti-Apple tweets in just 30 minutes on Monday.) His own commitment to this principle is supposedly demonstrated by his belief that his new Twitter should reinstate accounts, ranging from various neo-Nazis’ to Donald Trump’s, which had been banned for violating the platform’s rules against hate speech, bullying, and discrimination.

READ THE STORY: Fast Company

The Greatest Threats to U.S. National Security: Russia, China, and Iran/Terrorism

FROM THE MEDIA: Russia’s threat to the United States includes: direct military conflict, cyber attacks, supporting separatists, threats to freedom of navigation, and territorial expansion. On November 15, a missile blast killed two people in Poland, near the Ukraine border. Russia was the primary suspect. President Joe Biden later told the Poles that the missile was part of a Ukrainian defense system. Whether the missile actually came from Russia directly or was the indirect result of Russian shelling, the incident underscores the danger Russia poses.

READ THE STORY: Modern Diplomacy

Defense Intelligence Agency forms ‘China mission group’ to track rival

FROM THE MEDIA: The Defense Intelligence Agency is pulling together a group of analysts and experts to monitor competition with China, a world power Pentagon officials consider the leading threat to U.S. national security. John Kirchhofer, the DIA’s chief of staff, on Nov. 29 said his agency, which produces, analyzes and disseminates military intelligence, established a “China mission group” that will reach full operational capacity early next year.

READ THE STORY: Yahoo News

'Russian missiles can't destroy the cloud': Ukraine leader describes emergency migration

FROM THE MEDIA: Ukraine's Mykhailo Fedorov, vice prime minister and minister for digital transformation, spoke to press at Amazon Web Services' re:Invent conference in Las Vegas, describing how emergency migration to the cloud is securing the country's digital infrastructure. "Let me be honest with you. This is priceless. State registers and databases are critical information infrastructure," he said. According to Liam Maxwell, AWS Director of Government Digital Transformation, "in January 2022 it was increasingly clear there was going to be an attack on Ukraine from Russia.

READ THE STORY: The Register

Hackers cripple prestigious Indian hospital’s Internet systems

FROM THE MEDIA: Cyberattackers have crippled systems at one of India’s most prominent hospitals for a week, forcing the institution to operate a raft of key medical services and labs manually. The All India Institute of Medical Sciences – a hospital that’s traditionally treated the country’s top politicians – has succumbed to a ransomware attack that’s shut down centralized records since Nov 23, the institution said in a statement. India’s premier state-run teaching hospital has advised various departments to store data individually until systems can be restored, people familiar with the matter said, asking to remain anonymous disclosing sensitive information.

READ THE STORY: The Straits Times

How to Use Cyber Deception to Counter an Evolving and Advanced Threat Landscape

FROM THE MEDIA: As software supply chain attacks increase, cybersecurity talent wanes, and alert fatigue leads to burnout, an always-on, defense-first mentality will no longer suffice. While many defense strategies aim for zero incidents across an entire network, it's time to reevaluate that thinking. Take a page out of the bad actors' book by implementing new strategies that ensure fast detection and intelligence collection. Enter cyber deception. Cyber deception is a proactive cyber defense methodology that, when executed well, puts the defender in the driver's seat.

READ THE STORY: DarkReading

Stolen Twitter Data Leaked Online, Even Bigger Breach Revealed

FROM THE MEDIA: A data breach that impacted Twitter back in the summer has come back to haunt Elon Musk’s platform, after stolen data was published online. It was in July this year when Twitter was compromised by a vulnerability that had existed since late 2021. The hacker, who went by the username “devil”, began touting the Twitter database of 5.4 million users on hacker forum, Breached Forums in the summer for $30,000. Breached Forums was the same hacker forum that gained international attention in July 2022 after a data breach exposed over 1 billion Chinese residents.

READ THE STORY: Silicon

Research paves way for communications that cannot be hacked, scientists say

FROM THE MEDIA: Groundbreaking research into a phenomenon could in future render communications impossible to hack, experts have said. Scientists at Heriot-Watt University’s Institute of Photonic and Quantum Sciences made the discovery in their study of quantum entanglement. The phenomenon is when two particles – such as photons of light – remain connected, even when they are separated by vast distances. Quantum technology involves harnessing the physics of sub-atomic particles to develop ultra-high performance applications, including more powerful computing, more secure communications and more reliable navigation systems.

READ THE STORY: Independent

Hacked Twitter data includes phone numbers, personal emails for celebrities, prominent politicians

FROM THE MEDIA: More than 5.4 million user records from Twitter have been published online, exposing everything from private phone numbers to email addresses. The data, which was released for free on a popular hacking forum this month, was pilfered last December after hackers exploited an API vulnerability on the social media platform. Although Twitter says the issue was patched in January after it was reported to the HackerOne bug bounty program, numerous threat actors were able to take advantage before the vulnerability was fixed.

READ THE STORY: Daily Dot

Vulnerabilities found affecting OT products from German companies Festo and CODESYS

FROM THE MEDIA: Three vulnerabilities have been disclosed affecting operational technology (OT) products from two German companies: factory automation manufacturer Festo and automation software company CODESYS. Researchers from cybersecurity firm Forescout said two of the bugs affect Festo automation controllers and one affects the CODESYS software, which is used by hundreds of device manufacturers in different industrial sectors, including Festo. These vulnerabilities affect hundreds of industrial devices in the supply chain.

READ THE STORY: The Record

Items of interest

Data stolen in ransomware attack against North Carolina college

FROM THE MEDIA: North Carolina-based Guilford College has confirmed having sensitive student, faculty, and staff data stolen in a ransomware attack last month by the Hive ransomware gang, which posted a sample of the stolen data on Friday, reports The Record, a news site by cybersecurity firm Recorded Future. Investigation into the incident continues but law enforcement and individuals who may have been impacted by the ransomware attack have already been notified.

READ THE STORY: SCMAG

Objectives of Nation State Cyber Attackers (Video)

FROM THE MEDIA: It is important to look into the motivations of government orchestrated cyberattacks, such as SolarWinds, as understanding the threat-agent’s objectives can provide important insights to their long-term goals and potential next steps.

Understanding the Business of Cybercrime (Video)

FROM THE MEDIA: It might be easy to characterize cyber criminals as random threat actors, but plenty of them work within sophisticated organizations that function like legitimate businesses.

Daily Drop (327)

Bob Bragg — Mon, 28 Nov 2022 10:09:46 GMT

Monday, November 28, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

Ransomware Gang Leaks Local Belgian Police’s Data, Exposes Personnel Identities

FROM THE MEDIA: One of the biggest data leaks in the history of the Belgian public service has occurred. The Ragnar Locker ransomware gang recently released stolen data regarding many of the local Belgian police department's investigations, reports, and personnel details publicly, putting almost everyone involved at risk for a follow-up attack. The gang was allegedly supposed to leak the data of the municipality the police department belonged to, per Bleeping Computer. Zwijndrecht Police confirmed to local media through a post on Facebook that its data was stolen and published online, which includes numerous car number plates, fines, crime report files, personnel details, investigation reports, and more.

READ THE STORY: iTechPost

IKEA posted on ransomware gang’s leak site

FROM THE MEDIA: Vice Society has supposedly posted data taken from IKEA stores in Morocco and Kuwait. Snippets from the ransomware gang’s leak site suggest threat actors got ahold of confidential business data. Names of the files on Vice Society’s leak site also point to threat actors taking data from IKEA stored in Jordan as well. File and folder names indicate that sensitive employee data such as passports might have leaked. IKEA, the Swedish-Dutch furniture manufacturer headquartered in the Netherlands, operates two stores in Jordan, three in Kuwait, and four in Morocco.

READ THE STORY: Cybernews

Hackers leak personal data of over 100,000 Israelis

FROM THE MEDIA: A new hacker group called BlackMagic hacked into several Israeli websites over the past weekend and disclosed personal records of over 100,000 Israelis, including personal data and even pictures of IDs. As of now, it's hard to track the source of the new BlackMagic hackers, but American-Israeli cyber firm Check Point Software Technologies has indications that the group is currently holding records of Israeli companies and civilians. Amongst the companies whose data the hackers claim to have access to are state-owned Elbit Systems, Rafael Advanced Defense Systems, and several shipping and logistics companies. Some of the data is dated from the last few months, meaning the threat is recent, and the companies were unaware of the infiltration.

READ THE STORY: YNETNEWS

Yandex plans to break up with its Russian motherland

FROM THE MEDIA: Russia's most prominent tech company, Yandex, has announced steps to move some of its intellectual property out of Putin country and dispose of the rest to local interests. Yandex is a sprawling conglomerate often characterized as Russia's Google. It started as a search company, then moved into advertising, maps, e-commerce, cloud, and software for self-driving cars. Like its Silicon Valley analogs, Yandex also looked for a more advantageous jurisdiction for its headquarters and picked The Netherlands, which has for more than a decade been home to holding company Yandex NV.

READ THE STORY: The Register

Threat Modeling Using the Purdue Model for ICS Security

FROM THE MEDIA: The Purdue industrial control system (ICS) security model is a segmented approach to protecting physical processes, supervisory controls and operations, sensors, and logistics. Despite the rise of edge computing and direct-to-cloud connectivity, the ICS network segmentation model remains a crucial framework for protecting operational technology (OT) from attacks like malware. Industrial Control System (ICS) security has a lot to consider. Security professionals have to put processes and procedures in place based on the general risks involved in the industry. However, it is recommended that organizations specializing in ICS security should implement best practices as outlined by NSA and CISA for the Purdue Model for ICS Security.

READ THE STORY: Security Boulevard

RansomBoggs Ransomware hit several Ukrainian entities, experts attribute it to Russia

FROM THE MEDIA: Researchers from ESET observed multiple attacks involving a new family of ransomware, tracked as RansomBoggs ransomware, against Ukrainian organizations. The security firm first detected the attacks on November 21 and immediately alerted the CERT US. The ransomware is written in .NET and experts noticed that deployment is similar to previous attacks attributed to the Russia-linked Sandworm APT group. Sandworm (aka BlackEnergy and TeleBots) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST).

READ THE STORY: Security Affairs

Elon Musk Confirms Twitter 2.0 will Bring End-to-End Encryption to Direct Messages

FROM THE MEDIA: Twitter chief executive Elon Musk confirmed plans for end-to-end encryption (E2EE) for direct messages on the platform. The feature is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "everything app." Other functionalities include longform tweets and payments, according to a slide deck shared by Musk over the weekend. The company's plans for encrypted messages first came to light in mid-November 2022, when mobile researcher Jane Manchun Wong spotted source code changes in Twitter's Android app referencing conversation keys for E2EE chats.

READ THE STORY: THN

Operation Morning Light podcast review — a toxic Soviet spy satellite falls to earth

FROM THE MEDIA: In the winter of 1978, a group of men appeared in the town of Snowdrift (population: 300) in Canada’s Northwest Territories dressed in gloves, goggles and white suits. They carried instruments that appeared to be testing for radiation and instructed the local school to send its children home for the day. Several hundred miles away, two Americans, John Mordhorst and Mike Mobley, were running their dog sled teams across a vast tundra called The Barrens, when they found a pit in the snow. Looking more closely, they saw a tangled mess of metal that was frozen into the ice. Mordhorst recalls returning to their cabin and telling a friend what they saw.

READ THE STORY: FT

White House’s former ‘disinformation czar’ Nina Jankowicz registers as a foreign agent

FROM THE MEDIA: The White House’s former "disinformation czar" has recently registered as a foreign agent for a non-profit that is based in the United Kingdom. Registration documents viewed by Fox News Digital show that Nina Jankowicz is now working for "Centre for Information Resilience." According to its website, CIR is an "independent, non-profit social enterprise dedicated to countering disinformation, exposing human rights abuses, and combating online behavior harmful to women and minorities."

READ THE STORY: Foxnews

Australia beefs up scrutiny of Medibank following data breach

FROM THE MEDIA: Australia is beefing up its scrutiny of Medibank and will assess if further regulatory action is necessary, following a data breach that impacted 9.7 million customers. The insurance group also has pledged to share the outcome of an external review into the breach, which is believed to be the work of Russian hackers. Noting that the breach raised concerns about the robustness of Medibank's operational risk controls, the Australian Prudential Regulation Authority (APRA) said Monday it had "intensified" its supervision of Medibank.

READ THE STORY: ZDNET

Iran coordinated with Qatar to suppress opposition at World Cup

FROM THE MEDIA: Iranian authorities worked with Qatar to suppress any anti-regime expressions at the ongoing FIFA World Cup in the Gulf state, according to documents leaked by the Black Reward hacktivist group. The documents were seized by Black Reward after infiltrating the systems of the Fars News Network and shared with the Iran International news agency before being published on the group's Telegram channel. Basij commander General Ghasem Ghoreyshi told a Fars news reporter in the leaked recording that Qatar had provided a list of Iranians who had bought tickets to the games, noting that 500 individuals known for anti-regime activity were on the list.

READ THE STORY: JP

Xi’s Congress rhetoric and the PLA’s march ahead

FROM THE MEDIA: The developments in the wake of the 20th Party Congress of the Communist Party of China (CPC), China’s rise, its domestic debates and agenda merit a closer examination of the People’s Liberation Army’s (PLA) role as a geopolitical actor. Chinese President Xi Jinping, who made history with his unprecedented third term in office at the Party Congress in October, told the Chinese elite at the quinquennial gathering that it was important to further expedite military modernization to make it a world-class force. He underscored that the PLA should be able to stage military operations quickly and have the “ability to win local wars”.

READ THE STORY: The Hindu

Japanese MoD Report on Chinese Gray Zone, Influence Operations

FROM THE MEDIA: The People’s Liberation Army (PLA) is the Party’s army. It follows the Party’s command and defines its most important role as protecting the Party’s regime. Until President Xi Jinping’s military reforms, the Party exercised control over the military mainly through the PLA’s political work organizations, including the General Political Department, and political commissars. Such indirect control, however, was susceptible to communication issues and hindering the execution of joint operations, and caused widespread bribery and corruption in the PLA.

READ THE STORY: USNI News

Russia’s Ukraine Claims Risk Thwarting a Global Conference on Bioweapons

FROM THE MEDIA: Hundreds of diplomats and health security experts are gathering in Geneva to grapple with the increasing risk that viruses, bacteria and other pathogens could be used as weapons. But Russia’s presence threatens to undercut their efforts. Russia’s disinformation campaign alleging that the US has supported secret biological weapons laboratories in Ukraine is likely to undermine negotiations at a conference geared toward strengthening the Biological Weapons Convention, the first global disarmament treaty that sought to ban an entire category of weapons of mass destruction.

READ THE STORY: Bloomberg

Tik Tok’s influence on polls reflects China’s intention to mold political process in Malaysia

FROM THE MEDIA: China’s intentions to influence the political process in Malaysia were clearly seen when the global subsidiary of the Beijing-based social media company ByteDance, Tik Tok influenced polls in the South Asian country, the Singapore Post reported. The video-sharing social networking service controlled the elections by influencing the youth of the country. The Malaysian voters were influenced by the political parties extensively through the Chinese social media platform which produced videos and recruited social media influencers to target the young base who was its frequent users.

READ THE STORY: The Print

Critical Vulnerability in VM2 Sandbox Found Affecting Spotify Portal Platform Backstage

FROM THE MEDIA: Spotify Backstage, an open-source platform used to build developer portals and in use at a number of large companies, has been found vulnerable to a critical remote code execution vulnerability. Confirming that most vulnerabilities are found in indirect dependencies, the Backstage vulnerability is enabled by another vulnerability found in its JavaScript VM2 sandbox dependency. The Backstage vulnerability was discovered by the Oxeye research team and received a CVSS score of 9.8. The exploit consists in overriding the renderString function used by Backstage template engine error handling component to cause the execution of arbitrary code.

READ THE STORY: InfoQ

5.4 million Twitter users' stolen data leaked online — more shared privately

FROM THE MEDIA: Over 5.4 million Twitter user records containing non-public information stolen using an API vulnerability fixed in January have been shared for free on a hacker forum. Another massive, potentially more significant, data dump of millions of Twitter records has also been disclosed by a security researcher, demonstrating how widely abused this bug was by threat actors. The data consists of scraped public information as well as private phone numbers and email addresses that are not meant to be public. Last July, a threat actor began selling the private information of over 5.4 million Twitter users on a hacking forum for $30,000.

READ THE STORY: Bleeping computer

Thousands of Dockers Container Images found Hiding Malicious Content

FROM THE MEDIA: According to the report of the Sysdig Threat Research Team, thousand of docker container images hosted on the popular database repository Docker Hub are malicious, putting users at risk of cyberattack. Sysdig Threat Research Team performed an analysis of over 250,000 Linux images in order to understand what kind of malicious payloads are hiding in the container images on Docker Hub. The result they found was shocking as thousands of images contained nefarious assets such as crypto miners, backdoors, and DNS hijackers.

READ THE STORY: Cyber Kendra

Cyberattack on L.A. schools shows bolder action needed to stop ransomware

FROM THE MEDIA: A ransomware attack on the Los Angeles Unified School District should serve as a wake-up call about the persistent threat to the nation’s critical sectors from cyberattacks and the need for more aggressive, concerted action to protect them. The breach of the nation’s second-largest school system, with more than 650,000 students and 75,000 employees, forced the shutdown of some of the district’s computer systems. The only silver lining is that no immediate demand for money was made and schools opened as scheduled on Sept. 6.

READ THE STORY: Venturebeat

Cyber black market selling hacked ATO and MyGov logins shows Medibank and Optus only tip of iceberg

FROM THE MEDIA: The highly sensitive information of millions of Australians — including logins for personal Australian Tax Office accounts, medical and personal data of thousands of NDIS recipients, and confidential details of an alleged assault of a Victorian school student by their teacher — is among terabytes of hacked data being openly traded online. An ABC investigation has identified large swathes of previously unreported confidential material that is widely available on the internet, ranging from sensitive legal contracts to the login details of individual MyGov accounts, which are being sold for as little as $1 USD.

READ THE STORY: ABC (AU)

Student Verification: How Edtech can benefit from Student ID Verification APIs

FROM THE MEDIA: Due to the growing acceptance of distance learning, digital courses, and most recently, the COVID-19 epidemic, online education has seen a significant increase. Online student identity verification has become more popular as a quick and secure method of verifying student IDs and a cost-effective approach to onboarding new students and employees. The rapidly disappearing manual and paper-based student verification procedures are neither scalable nor practical for educational institutions. They frequently lead to lost student records, protracted search times, verification mistakes leading to inaccurate student records, low productivity for administrators, and significant costs paid owing to inefficient storage.

READ THE STORY: Security Boulevard

Experts discuss the rise of Machine Learning adoption in the Middle East

FROM THE MEDIA: To make decisions more quickly and accurately, enterprises are increasingly turning to Machine Learning, arguably today’s most practical application of Artificial Intelligence (AI). Machine Learning is a type of AI that allows software applications to become more accurate at predicting outcomes without being explicitly programmed to do so. Machine Learning algorithms use historical data as input to predict new output values. Industry pundits share insights why Machine Learning has been made a central part of business operations. As organizations emerge from the lockdown restrictions that were imposed on businesses because of the COVID-19 pandemic, Machine Learning has taken center stage because it gives enterprises a view of trends in customer behavior and business operational patterns, as well as supports the development of new products.

READ THE STORY: Intelligent CIO

Twitter's Brussels Staff Sacked by Musk

FROM THE MEDIA: After a conflict on how the social network's content should be regulated in the Union, Elon Musk shut down Twitter's entire Brussels headquarters. Twitter's connection with the European Union, which has some of the most robust regulations controlling the digital world and is frequently at the forefront of global regulation in the sector, may be strained by the closing of the company's Brussels center. Platforms like Twitter are required by one guideline to remove anything that is prohibited in any of the EU bloc's member states.

READ THE STORY: Cysecurity

China develops de-orbiting sail to manage space debris

FROM THE MEDIA: Hundreds of millions of items of human-made debris are continually circling Earth, including broken rocket bodies, defunct satellites and fragments from orbital collisions. Keen to tackle the space-junk problem, Chinese aerospace scientists have managed to use a large "sail" to de-orbit spacecraft at the end of their life. The de-orbiter is a sail-like device made of a thin film, the thickness of which is less than one tenth of the diameter of a hair. Folded, it is approximately the size of an adult's palm, but it can cover an area of 25 square meters when unfolded. When a spacecraft is decommissioned, the sail onboard can be automatically opened.

READ THE STORY: UN

Items of interest

US bans Chinese telecoms imports – won't even consider authorizing them

FROM THE MEDIA: The United States' Federal Communications Commission (FCC) has barred itself from authorizing the import or sale of Chinese telecoms and video surveillance products from Huawei, ZTE, Hytera Communications, Hikvision, and Dahua, on national security grounds. As it is not legal to offer such products in the US without FCC approval, the move is effectively a ban on the five vendors' products. It's an expression of The Secure Equipment Act – a Biden administration law that requires the FCC to update its equipment authorization procedures.

READ THE STORY: The Register

API Exploitation: Hack your grades (Video)

FROM THE MEDIA: Dr Katie Paxton-Fear shows us how to hack the Generic University and change grades using the university API. You will learn some of the OWASP top 10 vulnerabilities including Broken Object Level Authorization and Broken User Authentication.

Certificates of Authority: Do you really understand how SSL / TLS works (Video)

FROM THE MEDIA: The Internet would be unusable without certificates and Certificates of Authority. If CAs got comprised or their private keys got stolen, we would be in big trouble.

Daily Drop (326)

Bob Bragg — Sun, 27 Nov 2022 13:37:25 GMT

Sunday, November 27, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

Cybersecurity Threats Require More Hands-On Investment by US Oil and Gas Companies

FROM THE MEDIA: The US oil and gas industry is going through an exciting period of change, with a noticeable trend towards integrating new technologies into their operations that improve their environmental impact, streamline services and enhance their customer experience. Much of this transformation has been driven by the demand for data and leveraging IoT, AI and automation, and has helped to modernise how many US oil and gas companies operate. While these technologies are rightly attracting significant investment in the sector, it’s an opportune moment for these businesses to also review how they’re investing in cyber security.

READ THE STORY: Cyber Defense Magazine

EU gets serious on privacy, but too many companies ignore the risk

FROM THE MEDIA: To start, let’s look at Twitter’s announcement this summer that a hacker had been in its system for more than six months, and was offering to sell user data from 5.4 million accounts. (In 2020 a Florida teen was also charged with taking over accounts). Hackers breaching Twitter’s system pose a security problem. But since these hackers may have had access to millions or billions of records, that’s also a privacy problem. This summer, Meta was fined $403 million by Ireland’s GDPR (General Data Protection Regulation) authority. Last year, European regulators fined Amazon $888 million.

READ THE STORY: Venturebeat

A Leak Details Apple’s Secret Dirt on a Trusted Security Startup

FROM THE MEDIA: Corellium, a cybersecurity startup that sells phone-virtualization software for catching security bugs, offered or sold its tools to controversial government spyware and hacking-tool makers in Israel, the United Arab Emirates, and Russia, and to a cybersecurity firm with potential ties to the Chinese government, according to a leaked document reviewed by WIRED that contains internal company communications. The 507-page document, apparently prepared by Apple with the goal of using it in the company’s 2019 copyright lawsuit against Corellium.

READ THE STORY: HITB

Google and other OEMs have yet to patch a critical Android security flaw

FROM THE MEDIA: Google has detailed a critical security flaw for phones containing a Mali GPU that has yet to be properly addressed. Google's Project Zero team posted on its official blog details on what this issue is and why it is so important that a fix for it comes out immediately. The critical security issue, CVE-2022-33917, affects devices containing ARM's Mali GPU. The report lists users of devices from Google, Samsung, Xiaomi, and OPPO with a Mali GPU are at risk of this critical unpatched security flaw.

READ THE STORY: HITB

Economic war to energy war: Ukraine War reflects new dimensions of warfare

FROM THE MEDIA: The war in Ukraine started as conventional war under nuclear hangover. It soon turned into hybrid war with non-state actors, triggered sanctions against Russia as part of economic war and transformed into energy war with Russia trying to starve the opponents of as much energy as possible, and the West trying to minimize Russian financial gains by capping the price and coercion of non-compliant states, albeit with a divided house. While the kinetic, contact, hybrid war continues between Russia and Ukraine, the US led NATO too continue fighting a non-kinetic, non-contact war in economic, information, diplomatic and political domains, simultaneously against Russia.

READ THE STORY: WION

Nearly 500 million WhatsApp User Records Sold Online

FROM THE MEDIA: In what is becoming a rather common trend, a threat actor is claiming to sell 487 million WhatsApp users’ mobile phone numbers on a popular hacking community forum which surfaced as an alternative to popular and now-sized Raidforums. The 2022 database is said to contain WhatsApp user data from 84 countries with Egypt having the largest chunk of stolen phone numbers (45 million), Italy with 35 million, and the US with 32 million.

READ THE STORY: HackRead

Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches

FROM THE MEDIA: At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered for sale the stolen data on the popular hacking forum Breached Forums. In January, a report published on Hacker claimed the discovery of a vulnerability that can be exploited by an attacker to find a Twitter account by the associated phone number/email, even if the user has opted to prevent this in the privacy options.

READ THE STORY: Security Affairs

AIIMS ‘ransomware’ attack: Key patient data at risk, sale on Dark Web

FROM THE MEDIA: With the All India Institute of Medical Sciences (AIIMS), New Delhi, still struggling to get its servers up and running after a massive ransomware attack earlier this week, cyber-security researchers on Saturday said the most reported attacks in the healthcare industry, which rose during the pandemic, involve the leak or sale of databases on the Dark Web. The exploited databases contain Personally Identifiable Information (PII) of patients and healthcare workers, as well as administrative information such as blood donor records, ambulance records, vaccination records, caregiver records, login credentials, etc.

READ THE STORY: The North Lines

Ragnar Locker Ransomware Leaked the Belgium Police’s Data

FROM THE MEDIA: The leaked data contains vehicle number plates, crime reports, PII, investigation reports, etc. Zwijndrecht police responded to the media, saying that it was a human error, and are informing the concerned persons. People affected by this leak are advised to change their sensitive records for good. The current leak regarding Zwijndrecht police was actually aimed at the Zwijndrecht municipality, but the Ragnar Locker gang instead hit the local police in their process. Well, after a prolonged time, the hackers have now leaked the stolen data on their darknet website.

READ THE STORY: Techdator

Wiretapping Scandal in Greece: Police Chief was ‘Under Surveillance’

FROM THE MEDIA: A new media report on the wiretapping scandal in Greece on Sunday alleged that the former Head of Hellenic Police (ELAS) and a senior judge were under surveillance by the intelligence service. The report on the weekly Documento newspaper, which has almost single-handedly exposed the scandal, says that the police chief and current Secretary General of the Ministry of Citizen Protection Michalis Karamalakis and the prosecutor of the scandal Vasiliki Vlachou were wiretapped.

READ THE STORY: Greek Reporter

American CIA Offers Jobs To Disgruntled Russians, But Can Human Intelligence Outperform New-Age Technology

FROM THE MEDIA: The open invitation of the Central Intelligence Agency (CIA) to the disgruntled Russians to join it as spies could be interpreted as the admission of arguably the best-endowed spy network of the world that its policy of dealing with Moscow so far was inadequate. But will recruiting Russians as American spies work in this cyber age? The answer may prove difficult, given the growing importance of technology, not manpower, in the success of intelligence gathering.

READ THE STORY: Eurasian Times

GameStop Experiences a Data Breach, Customer Private Information Leaked Through Website

FROM THE MEDIA: Customers’ billing addresses and payment histories may have been exposed after a data breach at the retailer GameStop. On Saturday, clients were allegedly seeing other users’ details while refreshing their purchase pages, according to many people on social media. Although one person posted a picture of a partial credit card number, it’s unclear whether this also contains entire digits. In the end, there seems to have been a bug in GameStop’s user database, where customers were unintentionally accessing and/or updating their information and viewing names, orders, addressees, and maybe even credit card information for other GameStop users.

READ THE STORY: Appuals

Cyber attacks 'crippled Scots NHS systems' with patient records stored on pieces of paper

FROM THE MEDIA: Doctors were forced to keep patient records on pieces of paper and emails after a huge cyber attack crippled critical Scots NHS systems. Health Secretary Humza Yousaf has been accused of suppressing details of the hack, despite fears confidential files for millions of people could have been stolen and treatment waiting times hit. The ransomware attack, which crippled the Adastra system, blocked access to patient records for months, with some parts still not working today.

READ THE STORY: Daily Record

Cyber attack hits Iran’s Fars news agency

FROM THE MEDIA: Hackers have disrupted the work of Iran’s Fars news agency, one of the main sources of news disseminated by the state during protests over Mahsa Amini’s death, the agency said. Iran has been rocked by protests since Amini’s death in custody on September 16, after her arrest for an alleged breach of the country’s dress code for women. Fars said its website had been disrupted late Friday by a “complex hacking and cyberattack operation”. “Removing possible bugs... may cause problems for some agency services for a few days,” it said in a statement posted Saturday on its Telegram channel.

READ THE STORY: New Indian Express

Network tokenization is innovating the payments experience

FROM THE MEDIA: The global economy is in the midst of a digital payment revolution. Accelerated by the effects of COVID-19, the pandemic pushed many consumers from cash to using digital and contactless payment options for the first time. Nowhere else has unprecedented and unforeseen growth occurred as in the digital and ecommerce sectors, especially businesses within industries that rely heavily on digital transactions such as retail, restaurants, banking and insurance.

READ THE STORY: Fintech Mag

In the wake of Thanksgiving, let’s review Alaska’s food security

FROM THE MEDIA: Being off from work and thinking of the Thanksgiving feast this season, the one thing that bubbled to the top of my mind is: the importance of food, and, as President Abraham Lincoln initiated it during the Civil War, a day of thanksgiving and praise. Leaving aside culture wars, which historical narrative is right about the holiday’s origin four centuries ago, the role of Providence, the subsequent expanding railroads and Indian wars, etc., I think that in our state, we are going to individually take more seriously the individual responsibility for figuring out how to get what we need to eat.

READ THE STORY: ADN

UK joins others in banning Chinese-made security cameras

FROM THE MEDIA: Chinese-made security cameras have been banned by the UK Government. It has joined the US, India, EU, Australia, and many more in banning their use, especially in sensitive areas where AI and facial recognition may be surreptitiously used. The US issued a blanket ban in 2019 to immediately rip-and-replace specific brands of Chinese-made security cameras and 5G network infrastructure. In a statement to the UK parliament, Cabinet Office Minister Oliver Dowden said that after a security review, Government Departments had been instructed to immediately stop deploying equipment produced by companies subject to the National Intelligence Law.

READ THE STORY: CyberShack

Is Russia 'weaponizing' winter? Europe scrambles to keep Ukraine warm

FROM THE MEDIA: European officials are scrambling to help Ukraine stay warm and keep functioning through the bitter winter months, pledging Friday to send more support that will mitigate the Russian military’s efforts to turn off the heat and lights. Nine months after Russia invaded its neighbor, the Kremlin’s forces have zeroed in on Ukraine’s power grid and other critical civilian infrastructure in a bid to tighten the screws on Kyiv. Officials estimate that around 50% of Ukraine’s energy facilities have been damaged in the recent strikes.

READ THE STORY: CS MONITOR

Afghanistan imported electricity problem now resolved

FROM THE MEDIA: The Uzbekistan-imported electricity supply in 18 Afghan provinces has been restored to normal operations, Da Afghanistan Breshna Sherkat (DABS), the country’s state-run electricity company announced. DABS tweeted on Friday, the 25th of November, that the second circuit of imported electricity has been reconnected last night after the technical issue in Uzbekistan had been resolved. According to an earlier announcement from DABS, Uzbekistan’s technical problems were to blame for load shedding and blackouts in Kabul and other Afghan provinces.

READ THE STORY: PAKOBSERVER

Kim vows North Korea to have world’s most powerful nuclear force

FROM THE MEDIA: Kim also handed promotions to more than 100 officials and scientists for their work on the Hwasong-17 – dubbed the “monster missile” by analysts and believed to be capable of reaching the US mainland – just days after Pyongyang test-fired it in one of its most powerful launches yet. Hailing the new ICBM as “the world’s strongest strategic weapon”, Kim said North Korean scientists had made a “wonderful leap forward in the development of the technology of mounting nuclear warheads on ballistic missiles”, the official Korean Central News Agency (KCNA) reported.

READ THE STORY: BRECORDER

Ottawa to bolster security to combat foreign influence, disinformation in new Indo-Pacific strategy

FROM THE MEDIA: Foreign Affairs Minister Mélanie Joly will unveil a long-awaited Indo-Pacific strategy on Sunday that promises to bolster the ability of national security agencies to combat foreign influence and disinformation campaigns in the region and in Canadian affairs. Ottawa will provide nearly $230-million over the next five years to expand the capacity of Canadian intelligence and cyber security agencies to work closely with partners in the Indo-Pacific region and also to protect “Canadians from attempts by foreign states to influence them covertly or coercively,” according to the national security chapter provided to The Globe and Mail on Saturday.

READ THE STORY: The Globe and Mail

US FCC bans the import of electronic equipment from Chinese firms

FROM THE MEDIA: The US government has already added the companies to the Covered List and the new rules aims at protecting the Americans from national security threats involving telecommunications. “The Federal Communications Commission adopted new rules prohibiting communications equipment deemed to pose an unacceptable risk to national security from being authorized for importation or sale in the United States. This is the latest step by the Commission to protect our nation’s communications networks.” reads the announcement published by FCC. “In recent years, the Commission, Congress, and the Executive Branch have taken multiple actions to build a more secure and resilient supply chain for communications equipment and services within the United States.”

READ THE STORY: Security Affairs

Items of interest

Twitter Users Warned Not To Delete Their Accounts—Here’s Why

FROM THE MEDIA: Nobody expected the Elon Musk takeover of Twitter to be business as usual after the world's richest person was essentially forced to complete his over-valued purchase of the social network. But the seeming scattergun business decisions that Musk started within days of taking control have shaken Twitter to its core. With thousands of staff sacked or let go, complete departments gutted and questions raised about Twitter's ability to moderate content or even maintain uptime, ordinary and high-profile members have been quitting in droves. But if you are thinking of joining them, there's one important thing you should not do: delete your Twitter account.

READ THE STORY: Forbes

Elon Musk: A future worth getting excited about (Video)

FROM THE MEDIA: What's on Elon Musk's mind? In this exclusive conversation with head of TED Chris Anderson, Musk details how the radical new innovations he's working on -- Tesla's intelligent humanoid robot Optimus, SpaceX's otherworldly Starship and Neuralink's brain-machine interfaces, among others -- could help maximize the lifespan of humanity and create a world where goods and services are abundant and accessible for all. It's a compelling vision of a future worth getting excited about.

Social Media’s Free Speech Problem (Video)

FROM THE MEDIA: The defense of free speech by social media companies can only go so far without permanently damaging a democracy — is it too late to fix? The problem of misinformation on social media has ballooned over the last few years, especially in relation to elections. The result has been further polarization of our already divided country.

Daily Drop (325)

Bob Bragg — Sat, 26 Nov 2022 11:41:57 GMT

Saturday, November 26, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob

Maple Leaf Foods confirms it was hit by ransomware, won’t pay attackers

Analyst Notes: UPDATE - This was first mentioned in Daily Drop 307. Black Basta Ransomware group is poss. formed of the former CONTI group and has ties with the Russian government.

FROM THE MEDIA: Maple Leaf Foods has confirmed it was hit by ransomware, and that it won’t pay for the return of stolen data. The Black Basta ransomware gang now lists Canadian meat processor Maple Leaf Foods as one of its victims. It isn’t clear but this could be related to the cyber incident the company acknowledged earlier this month. At the time of the incident, a Maple Leaf Foods spokesperson said an IT outage was creating some operational and service disruptions that varied by business unit, plant, and site. In reply to a request for comment by IT World Canada on the listing of its company by Black Basta, the company issued a statement saying, “We won’t dignify criminals by naming them.”

READ THE STORY: CDN

ICEYE Satellite Leased By Ukrainians Helped To Identify About 2,600 Pieces Of Equipment Of Russian Troops

FROM THE MEDIA: This is stated in the message that the Defense Intelligence of the Ministry of Defense of Ukraine published on its Telegram channel. In general, since gaining access to the satellite and database of other ICEYE devices, the Defense Intelligence has carried out radar reconnaissance of 150 areas of the Russian troops. The observation was carried out both in the temporarily occupied territories of Ukraine and in Russia and Belarus. The observation made it possible to identify and confirm about 2,600 units of enemy equipment. We are talking about land, air and sea equipment, as well as pontoon crossings, radar stations and tents in the locations of the occupiers.

READ THE STORY: Ukrainian News

U.S. Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk

FROM THE MEDIA: The U.S. Federal Communications Commission (FCC) formally announced it will no longer authorize electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, deeming them an "unacceptable" national security threat. All these Chinese telecom and video surveillance companies were previously included in the Covered List as of March 12, 2021. "The FCC is committed to protecting our national security by ensuring that untrustworthy communications equipment is not authorized for use within our borders, and we are continuing that work here," FCC Chairwoman Jessica Rosenworcel said in a Friday order.

READ THE STORY: THN

Elon Musk says Twitter will re-launch its verification program next week

FROM THE MEDIA: Elon Musk says he has a tentative timeframe to once again roll out his new paid verification system for Twitter. "Sorry for the delay, we're tentatively launching Verified on Friday next week," the embattled new CEO wrote in a tweet early Friday. This will be his second attempt at launching a paid verification system. His first attempt earlier this month failed after users successfully impersonated companies and celebrities, including Lebron James, Former President George W. Bush and Musk himself.

READ THE STORY: NPR

Russian Hackers Target Dutch LNG Terminal

FROM THE MEDIA: Russian hackers have been doing “exploratory research” into the systems of the Dutch LNG terminals, trying to find ways into the systems, American cyber security company Dragos has reported. According to Dragos’ Casey Brooks, hacker groups Xenotime and Kamacite have been poking at the digital systems of Gasunie’s LNG terminal in Eemshaven in Rotterdam. The FBI has revealed that Xenotime and Kamacite have ties to the Russian secret service. Dutch company ElectricIQ has also reported increased activity around vital infrastructure in Europe and the Netherlands.

READ THE STORY: Yahoo Finance

China intensifies disinformation, cyberattacks on Taiwan

FROM THE MEDIA: China's armed forces are increasingly engaging in nonmilitary warfare on Taiwan that weaponizes disinformation and psychological manipulation, according to a report released Friday by a Japanese Defense Ministry think tank. The annual China Security Report, published by the National Institute for Defense Studies (NIDS), focuses on the cognitive warfare being adopted by the Chinese Communist Party. That approach propagates information useful to the party through social media platforms and cyberspace.

READ THE STORY: NikkeiAsia

Android users in Middle East, South Asia targeted with spyware posing as fake VPN apps

FROM THE MEDIA: Android users in the Middle East and South Asia are being targeted by a government-linked group with spyware posing as VPN websites, according to a new report from ESET. Researchers determined the campaign has been running since January, and attributed it to the notorious Bahamut advanced persistent threat (APT) group. The organization did not respond to requests for comment about which country the APT is believed to be affiliated with. The spyware is being distributed through a fake SecureVPN website with apps for Android.

READ THE STORY: The Record

Russia Runs Out Of ‘Cheap & Chirring’ Iranian Drones

FROM THE MEDIA: The UK Military Intelligence update said Russia has likely “exhausted” the “One Way Attack (OWA) aircraft” and can procure more from abroad faster than it can “manufacture new cruise missiles domestically.” Earlier this month, on November 6, Iranian Foreign Minister Hossein Amirabdollahian admitted that Iran had supplied the drones to Russia but clarified that it was several months before the war. But the British and Iranian claims have tremendous implications and hints about the magnitude of planning Russia undertook for a possible military intervention, presumably a year in the making.

READ THE STORY: Eurasian Times

The US Chip Blockade Against China Is Creating Unplanned Consequences

FROM THE MEDIA: The US trade and tech wars against China continued under President Joe Biden, who escalated export controls related to technology. The US wants to cut China’s access to advanced semiconductors and the equipment used to manufacture them in order to prevent their use for military purposes. The restrictions follow the CHIPS and Science Act, passed in August 2022 which showers $52 billion in subsidies on the US chip industry and grants over $200 billion in additional research and development (R&D) and science funding.

READ THE STORY: Eurasia Review

ConnectWise closes XSS vector for remote hijack scams

FROM THE MEDIA: A cross-site scripting (XSS) vulnerability in ConnectWise Control, the remote monitoring and management (RMM) platform, offered attackers a powerful attack vector for abusing remote access tools. Now patched, the stored XSS flaw was disclosed by Guardio Labs, which in July published an analysis of tech support scams, a widespread phenomenon whereby scammers abuse RMM platforms in order to create fake technical support portals and dupe victims into inadvertently installing malware.

READ THE STORY: Portswigger

New ransomware attacks in Ukraine linked to Russian Sandworm hackers

FROM THE MEDIA: New ransomware attacks targeting organizations in Ukraine first detected this Monday have been linked to the notorious Russian military threat group Sandworm. Slovak software company ESET who first spotted this wave of attacks, says the ransomware they named RansomBoggs has been found on the networks of multiple Ukrainian organizations. "While the malware written in .NET is new, its deployment is similar to previous attacks attributed to Sandworm," ESET's Research Labs said.

READ THE STORY: Bleeping Computer

Putin’s Chef Sends ‘Bloody’ Sledgehammer to EU Parliament

FROM THE MEDIA: A sledgehammer smeared with fake blood, packed in a violin case – that was Russian tycoon Yevgeny Prigozhin’s macabre message to the European Parliament after EU legislators demanded that his notorious mercenary group be placed on the EU’s terrorist list. The European Parliament had passed a resolution on the latest developments in Russia’s war against Ukraine on Wednesday, identifying Russia as a “state sponsor of terrorism” that employs “means of terrorism”. The non-binding symbolic document urged the EU’s decision maker.

READ THE STORY: OCCRP

Remote Code Execution Vulnerability Found in Windows Internet Key Exchange

FROM THE MEDIA: A series of exploits have been found in the wild targeting Windows Internet Key Exchange (IKE) Protocol Extensions. According to a new advisory recently shared by security company Cyfirma with Infosecurity, the discovered vulnerabilities could have been exploited to target almost 1000 systems. The attacks observed by the company would be part of a campaign that roughly translates to “bleed you" by a Mandarin-speaking threat actor. The Cyfirma Research team has also observed unknown hackers sharing an exploit link on underground forums, which could be used to target vulnerable systems.

READ THE STORY: InfoSecMag

Drones over Ukraine are reinventing war

FROM THE MEDIA: From HG Wells’s War of the Worlds to the Terminator film franchise, the future of war has been fertile territory for the sci-fi genre. The technology imagined by writers and popularized by Hollywood has become an inspiration for forward-looking military boffins: a world of laser rays, robots and artificial intelligence. But for science fact rather than science fiction it is enough to study the nine months of combat between Russia and Ukraine. Vladimir Putin’s invasion is revolutionizing war fighting, pitting drone against drone, weaponizing consumer tech, and creating start-up companies that adapt arms and kit for the changing battlefield.

READ THE STORY: The Times

Chinese trollers insult Islam, unleash blasphemy on Prophet

FROM THE MEDIA: China's genocidal policy against Uyghurs, an ethnic Turkish group that inhabits Xinjiang Uyghur Autonomous Region, has reached a new phase as the Wumao army or the "50 Cent Army" insults Islam and unleashes blasphemy on the Prophet, Theodoros Benakis writes in European Interest. In the social media space, the Wumao army, which is a group of state-backed internet commentators, is often seen hurting the Uyghur religious sentiments. Social media often described Muslims as extremists and terrorists, even though PRC nurtures close relationships with conservative Muslim states such as Pakistan, Indonesia, or the Arab Peninsula.

READ THE STORY: Devdiscourse

Why the public and private sectors must join forces to address cyber risk for national security

FROM THE MEDIA: In the wake of high-visibility cybersecurity incidents over the past few years, including SolarWinds, Log4j, and the 2021 Colonial Pipeline ransomware attack, the U.S. government has issued directives and guidance to address cybersecurity across the digital ecosystem and lifecycle. The White House and federal agencies have leaned forward to advance the cybersecurity posture of government and industry alike, while keeping our most critical infrastructure secure, resilient, and operational.

READ THE STORY: The Hill

Sharkbot malware infects thousands of Android users with file manager apps

FROM THE MEDIA: Google has made significant attempts to restrict harmful apps by partnering with known security firms such as ESET, but hackers are devising new ways to dodge them and slip malware-filled apps onto Android smartphones. Attackers recently developed fake Android file managers called "X-File Manager" and tricked users into downloading them. The Android file managers offer to assist users in managing and transferring data between the storage on their smartphone and a computer. However, it is infected with the harmful SharkBot malware, according to Bitdefender, a cyber security outfit.

READ THE STORY: News 9

Canadian menswear chain Harry Rosen confirms cyber attack

FROM THE MEDIA: Canadian menswear retailer Harry Rosen has acknowledged being hit by a cyber attack last month. This comes after the BianLian group listed the company as a victim on the gang’s site. The page lists “File server data. Projects, Marketing, HR, Public Relations,” which suggests these are files that have been copied and will potentially be released. According to Brett Callow, a British Columbia-based threat analyst with Emsisoft, BianLian has released a 1GB file as proof of its attack. It claims the file is a list of Harry Rosen’s Gold+ clients, sales information, and various other types of documents.

READ THE STORY: itWorld Canada

Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations

FROM THE MEDIA: Ukraine has come under a fresh onslaught of ransomware attacks that mirror previous intrusions attributed to the Russia-based Sandworm nation-state group. Slovak cybersecurity company ESET, which dubbed the new ransomware strain RansomBoggs, said the attacks against several Ukrainian entities were first detected on November 21, 2022. "While the malware written in .NET is new, its deployment is similar to previous attacks attributed to Sandworm," the company said in a series of tweets Friday.

READ THE STORY: THN

Hackers Rewritten The RansomExx Ransomware in Rust Language To Evade Detection

FROM THE MEDIA: There has recently been a discovery made by IBM Security X-Force Threat Researchers regarding a new variant of ransomware known as RansomExx that is dubbed RansomExx2 which was written in Rust language. While threat actor behind this malware is known as Hive0091 (aka DefrayX). Apart from this, the RansomExx is also known by following these names: Defray777 and Ransom X. With the release of this new variant, a growing trend has been noticed in which ransomware developers are switching to the Rust programming language, which has become a common programming language for threat actors.

READ THE STORY: GBhackers

Vice Society ransomware claims attack on Cincinnati State college

FROM THE MEDIA: The Vice Society ransomware operation has claimed responsibility for a cyberattack on Cincinnati State Technical and Community College, with the threat actors now leaking data allegedly stolen during the attack. The hackers posted a long list of documents on their Tor data leak site they claim was stolen from the college, indicating that a ransom was never paid. The documents date from several years ago until November 24, 2022, possibly indicating that the threat actors maintain access to the breached systems, but this has not been verified.

READ THE STORY: Bleeping Computer

Leaked EU Anti-Money Laundering Regulations Indicate Bloc Plans to Ban Privacy Coins

FROM THE MEDIA: Privacy coins may soon disappear from EU exchanges, if leaked plans from ongoing talks among member nations are to be believed. New anti-money laundering regulations currently under discussion would include a ban on tokens such as Dash, Monero and Zcash that add further layers of anonymity to the standard blockchain transaction. The privacy coins have a number of legitimate uses for those that do not want wallet activity made available to the general public, but the highly anonymous nature also makes them naturally popular with cyber criminals.

READ THE STORY: CPO MAG

Active Threat of Black Basta Ransomware on US Companies by QakBot Malware

FROM THE MEDIA: Recently Joakim Kandefelt and Danielle Frankel, researchers at Cybereason, a cybersecurity organization, announced that the Black Basta ransomware is operating a new campaign targeting U.S. companies with QakBoat malware. The malicious actors are trying to enter and later capture the organization’s network through this campaign. The threat actors use dangerous ransomware known as Black Basta Ransomware as a tool to capture the data of the victim’s network or system.

READ THE STORY: Cysecurity

The new iPhone 14 and iOS upgrade include some big cybersecurity changes

FROM THE MEDIA: It’s Black Friday and the official start of the holiday shopping season, and there’s a new iPhone 14 for consumers in the market looking to upgrade their Apple device. From better cameras and longer battery life to faster chips, there are plenty of features consumers will consider when buying a new iPhone — that is, if you can find one amid what’s looking like a season short on supply of some of Cupertino’s newest models. One new safety feature that has been getting a lot of attention is emergency satellite connectivity. Cybersecurity may not be among the top selling points, but the new iPhone and iOS16 do have some significant security upgrades, too.

READ THE STORY: CNBC

Iran: Fars News Agency Website Hacked

FROM THE MEDIA: Website of Iran's Fars News Agency has been hacked on Friday. The news agency is managed by the Islamic Revolutionary Guard Corps. The Islamic Revolutionary Guard Corps is an armed wing which is loyal to the Supreme leader of Iran Sayyid Ali Hosseini Khamenei. The country is currently facing protests over death of Mahsa Amini. Further details are awaited.

READ THE STORY: Latestly

Stealing Secrets With a Malicious GitHub Action

FROM THE MEDIA: Last time, a cryptocurrency scammer scanned Android APKs on the Internet Archive and found thousands of leaked Twitter API keys. After that, the scammer invested money into an altcoin and used the leaked API keys to promote the altcoin with hijacked Twitter accounts. The story ended with a classic pump-and-dump that made the crypto scammer millions of dollars at the expense of duped investors. In this series, we will dissect not just what an attacker can do to get access to credentials, but also what they would do after getting that initial access.

READ THE STORY: DZONE

Stealing Secrets With a Malicious GitHub Action

READ THE STORY: DZONE

Former members call out OSSTF for handling of personal information stolen in cyberattack

FROM THE MEDIA: On Wednesday, Global News learned that the Ontario Secondary School Teachers Federation (OSSTF) had sent letters to current and past members that a cyberattack had impacted their information in May of 2022. That has left many past members questioning why their information was still on file with the union in the first place. When she first received a letter earlier this week stating her social insurance number (SIN) and their information had been breached in a cyberattack, Susan Skelton was “shocked and surprised,” since she had only worked as a teacher for one year and left the profession in 1994.

READ THE STORY: Global News

Items of interest

How to Build Your Own Decentralized Twitter

FROM THE MEDIA: Within the written conventions of a novel, you can understand that two people are talking to each other when you come across these two lines. There may also have been a narrator, and there had to be an author. With social media, the lines are not reported speech, but posts from live protagonists in real time. The narrator becomes the social media platform. So, holding the conversation together when a platform does not have a controlling position is challenging.

READ THE STORY: The New Stack

The Evolution of Cybercrime with Alex Tilley (Video)

FROM THE MEDIA: From eBay scams to information theft, cybercrime has escalated in the past few decades as criminals have become more creative in their techniques in stealing money, identities, and assets.

How is the Ukraine-Russia Conflict Shaping Cybercrime (Video)

FROM THE MEDIA: Nozomi Network's security evangelists Roya Gordon and Vincent D’Agostino, Head of Cyber Forensics and Incident Response at BlueVoyant, discuss how the Russia-Ukraine conflict is shaping cyber crime and what organizations across sectors need to prepare for.

Social Media IO Roundup

Daily Drop (345)

Ukrainian Organizations Hit with New Supply Chain Attack

NSA cyber director warns of Russian digital assaults on global energy sector

Russian hackers claim to have infiltrated FBI with names and bank details exposed

Spyware and surveillance-for-hire industry ‘growing globally’: report

Ukraine’s Secret Weapon Is Ordinary People Spying on Russian Forces

Russia-Ukraine war reaches dark side of the internet

Ukrainian govt networks breached via trojanized Windows 10 installers

The U.N. is sending Ukrainians aid in crypto. Should it?

FBI seizes 48 domains linked to DDoS-for-hire services: six charged in connection

Google drops TrustCor certificates as questions loom

Twitter’s war on bots cuts off users, Indonesia criminalizes online dissent, and US bill could block TikTok

Tracking Malicious Glupteba Activity Through the Blockchain

Chinese MirrorFace APT group targets Japanese political entities

Australian state hacker preparing “digital tribunal” for Putin’s cyberarmy

DPRK likely to focus on building 'three axes' of its weapons system next year: expert

Microsoft Expanding 'Airband' Broadband Initiative Across Africa Via Satellite

NSA warns Citrix devices are under attack from Chinese hackers, so update now

Microsoft revised CVE-2022-37958 severity due to its broader scope

Why the Twitter Files actually matter

North Korean Spies Try New Hacking Method

Use of Tracking Technology- Walking the Regulatory Line (PDF)

Automating Threat Intelligence Enrichment

State-sponsored economic cyber-espionage for commercial purposes on the rise

Data breach hits Victoria’s revenue office

Ukraine Adapts To Power Cuts, Blunting Russia's Attacks On The 'Energy Front'

FuboTV says World Cup streaming outage caused by a cyberattack

Charges dropped against French company that sold spyware to Egypt

Unit 42 highlights threat intelligence importance as Russia, Ukraine ransomware attacks fly under the radar

Phishing attack uses Facebook posts to evade email security

Items of interest

LEGO Fixes Startling BrickLink Exploit That Could Allow Hackers To Hijack Accounts

Philippe Laulheret - Intro to Hardware Hacking (Video)

Samy Kamkar's Crash Course in How to Be a Hardware Hacker (Video)

Daily Drop (334)

The Fevered Anti-China Attitude in Washington Is Going to Backfire

How ChatGPT can turn anyone into a ransomware and malware threat actor

North Korean Hackers Push Crypto App on Telegram to Lure Victims

Iran-linked Charming Kitten espionage gang bares claws to pollies, power orgs

Cyber-espionage group Cloud Atlas targets Russia and its supporters

Automated Cybercampaign Creates Masses of Bogus Software Building Blocks

Attackers use SVG files to smuggle QBot malware onto Windows systems

Musk's Twitter tweaks foreshadow EU showdown over new rules

Hackers target Japanese politicians with new MirrorStealer malware

National Grid harnesses satellite tech to boost resilience of energy networks

U.S. space internet companies fear competitive threat from China

North Korean Hackers Exploit Social Media to Fund Missile Program

Advanced Azov data wiper likely to become active threat

The NDAA Includes Prohibitions Targeting Semiconductors Similar to Section 889

North Korean Hackers Trick Foreign researchers into writing intel

US-China trade war continues to polarise the physical security market

Charges dropped against French company over Egypt spyware

China reportedly bars export of homebrew Loongson chips to Russia – and everywhere else

NSA says Chinese hackers are exploiting a zero-day bug in popular networking gear

Scanning assets in the cloud: Challenges and improvements to make

Severe vulnerabilities found in most industrial controllers

CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks

A Tool Capable of Tracking Cybercrime Financial Transactions in Bitcoin

AgentTesla Remains Most Prolific Malware in November, Emotet and Qbot Grow

NSA shares tips on mitigating 5G network slicing threats

New GoTrim botnet brute forces WordPress site admin accounts

Items of interest

Ransomware Attackers Use Microsoft-Signed Drivers to Gain Access to Systems

Assembly Language Programming with ARM – Full Tutorial for Beginners (Video)

Intro to Hardware Reversing: Finding a UART and getting a shell (Video)

Daily Drop (343)

Putin to choose cyber warfare before nuclear weapons, former NSA chief says

How The Anonymous Hacker Group Wages Cyber Warfare

Mapping Threat Intelligence to the NIST Compliance Framework

Russian disinformation rampant on far-right social media platforms

Cyber-espionage group Cloud Atlas targets Russia and its supporters

For Congress to confront cybersecurity, reps push to ramp up cyber literacy

Fleet and Freight Cyber Considerations for Protecting America’s Roads

TPG Telecom joins list of hacked Australian companies, shares slide

I SPY WITH MY LITTLE EYE: Spies release Christmas card puzzle to find future codebreakers among UK schoolkids

It’s complicated:psychology and nationalsecurity decisions

Iranian influence and threats growing in the UK, says security minister

North Korea wants dollars. It’s a sign of trouble

US, South Korea, Japan Seek to Curb North Korea’s Illicit Cyber Activities

It’s complicated:
psychology and national
security decisions