Monday, December 05, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Cybersecurity expert: ‘Technological giants are becoming political actors’
FROM THE MEDIA: A physicist and mathematician, Eviatar Matania splits his teaching schedule between Oxford and Tel Aviv University. A former head of the Israeli National Cyber Directorate under Benjamin Netanyahu, he has published widely on issues of cybersecurity and artificial intelligence. Matania, 56, sat down for an interview with EL PAÍS while visiting Madrid for a conference.
READ THE STORY: El Pais
Remuneration coming for TrustCor customers impacted by CA revocation
FROM THE MEDIA: Certificate Authority TrustCor responded to its ejection from Mozilla and Microsoft's browsers by offering refunds for some customers, while leaving others to pick up the mess on their own. In a list of upcoming changes published to TrustCor's website, the company said all of its resellers had been notified that TrustCor "will not offer new or renewed server certificates commercially at this time." As for refunds, we noted in our previous TrustCor coverage that Microsoft opted to terminate TrustCor's certificates retroactively on November 1, while Mozilla gave the outfit a distrust date of November 30.
READ THE STORY: The Register
Lazarus APT uses fake cryptocurrency apps to spread AppleJeus Malware
FROM THE MEDIA: Volexity researchers warn of a new malware campaign conducted by the North Korea-linked Lazarus APT against cryptocurrency users. The threat actors were observed spreading fake cryptocurrency apps under the fake brand BloxHolder to deliver the AppleJeus malware for initial access to networks and steal crypto assets. The APT group employed the AppleJeus malware since at least 2018 to steal cryptocurrencies from the victims. The new campaign observed by Volexity started in June 2022, the APT group registered the domain name bloxholder[.]com, and then set up a website related to automated cryptocurrency trading.
READ THE STORY: Security Affairs
Drone warfare: more honored in the breach
FROM THE MEDIA: In your leader (FT View, November 12) you discuss the evolution of drones in combat. That they may be run by artificial intelligence in the future in massive numbers is probably a blip in time, however, due to the corresponding evolution of defensive measures against drones. In the last paragraph you bemoan the fact that “conventions in warfare are often honored more in the breach than the observance”, referring of course to the reality that armies quickly dispense with ideas of moral obligations once they are threatened with losing.
READ THE STORY: FT
Google is shutting down Duplex on the Web
FROM THE MEDIA: Another Google service will soon join the company’s graveyard of apps. The search giant quietly announced this week it is shutting down Duplex on the Web. In a support page spotted by TechCrunch, the company notes the service won’t work after the end of 2022. “As we continue to improve the Duplex experience, we’re responding to the feedback we’ve heard from users and developers about how to make it even better,” a Google spokesperson told the outlet.
READ THE STORY: Yahoo
Rackspace customers rage as email outage continues and migrations create migraines
FROM THE MEDIA: Rackspace has not offered any explanation of the "security incident" that has taken out its hosted Exchange environment and led the company to predict multiple days of downtime before restoration. In response to inquiries from The Register, Rackspace said its incident status page and an FAQ provided to customers are all it can provide at this time. Both documents warn of a lengthy outage, and advise migration to Microsoft 365 for mail services. Both are also silent on the risk of data loss, or data leaks.
READ THE STORY: The Register
North Carolina power outage caused by ‘intentional’ attacks
FROM THE MEDIA: With no suspects or motive announced, the FBI is joining the investigation into power outages in a North Carolina county believed to have been caused by “intentional” and “targeted” attacks on substations that left around 40,000 customers in the dark Saturday night, prompting a curfew and emergency declaration. The mass outage in Moore County turned into a criminal investigation when responding utility crews found signs of potential vandalism of equipment at different sites – including two substations that had been damaged by gunfire, according to the Moore County Sheriff’s Office.
READ THE STORY: CNN // Security Boulevard
North Korean APT37 Unleashes Dolphin Backdoor on South Korea
FROM THE MEDIA: On 30th November, ESET researchers uncovered Dolphin, a sophisticated backdoor used by an APT group named ScarCruft, likely to be linked to North Korea. The group also referred to as APT37, InkySquid, Reaper, and Ricochet Chollima, is known to attack government entities, diplomats, and news organizations in South Korea and certain other Asian countries. The geopolitical espionage group has been active since 2012, working to compromise targets linked to the interests of North Korea.
READ THE STORY: HackRead
Iran: State-Backed Hacking of Activists
FROM THE MEDIA: Hackers backed by the Iranian government have targeted two Human Rights Watch staff members and at least 18 other high-profile activists, journalists, researchers, academics, diplomats, and politicians working on Middle East issues in an ongoing social engineering and credential phishing campaign, Human Rights Watch said today. An investigation by Human Rights Watch attributed the phishing attack to an entity affiliated with the Iranian government known as APT42 and sometimes referred to as Charming Kitten.
READ THE STORY: HRW
Skills Shortage and Integration Challenges Halt Cybersecurity Adoption
FROM THE MEDIA: BlackFog, the leader in on-device data privacy, data security and ransomware prevention, has today released research findings which highlight that a skills shortage is halting cybersecurity adoption and the practical challenges that organizations face in managing an increasingly complex threat landscape. According to research, 50% of surveyed IT Security Decision Makers in the US and UK had been prevented from adopting a new cybersecurity solution due to integration issues or challenges with legacy infrastructure.
READ THE STORY: Security Boulevard
IRGC, Basij militia personal information leaked online by protesters
FROM THE MEDIA: The home addresses and cell phone numbers of members of Iran’s IRGC, its Basij militia and police forces who are oppressing and attacking Iranian protesters are being published on the darknet to enable the public to seek out revenge, The Jerusalem Post has learned. Israeli cyber intelligence firm Deep Void, whose founders have a background in Israeli intelligence, has revealed the phenomenon in which Iranian dissidents are using the darknet, a shadow realm within the Internet, to fight back against the ayatollahs’ foot soldiers, who during past protests could attack protesters and then disappear into anonymity.
READ THE STORY: JP
Data on thousands of Aussies for sale on bot markets
FROM THE MEDIA: he hackers are selling digital fingerprints, cookies, up-to-date logins, screenshots, and webcam snaps. New Zealand has been similarly affected, with over 6,000 Kiwis having their data stolen and sold. The NordVPN research looked into three major bot markets. For clarity, “bot” here refers to data-harvesting malware and a bot market is an online marketplace hackers use to sell data they stole from victims' devices with bot malware. The data is sold in packets containing the full digital identity of a compromised person.
READ THE STORY: iTwire
Private Data Leaked in Ransomware Attack on Virginia Mason Franciscan Health
FROM THE MEDIA: The parent firm of Virginia Mason Franciscan Health was recently the target of a ransomware assault, the healthcare system disclosed earlier this week. The organization linked to 10 VMFH hospitals spread across the Puget Sound region, CommonSpirit Health, stated some patients’ names, addresses, phone numbers, and dates of birth were included in leaked files while the cyberattack was being investigated. Additionally included were special IDs that the hospital utilized internally (not insurance IDs or medical record numbers).
READ THE STORY: IT Security News
Android malware apps with 2 million installs spotted on Google Play
FROM THE MEDIA: UPDATED A new set of Android malware, phishing, and adware apps have infiltrated the Google Play store, tricking over two million people into installing them. The apps were discovered by Dr. Web antivirus and pretend to be useful utilities and system optimizers but, in reality, are the sources of performance hiccups, ads, and user experience degradation. One app illustrated by Dr. Web that has amassed one million downloads is TubeBox, which remains available on Google Play at the time of writing this.
READ THE STORY: Bleeping Computer
Ransomware Cuba extorts over $60 million
FROM THE MEDIA: The perpetrators behind the Cuba ransomware (by the hackers called COLDDRAW) have received more than 60 million dollars in ransom payments and have compromised over 100 entities worldwide as of August 2022. In a new alert shared by the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), the agencies highlighted a “sharp increase in both the number of compromised US entities and ransom amounts.”
READ THE STORY: Ruetir
Apartheid is lucrative for Israeli tech
FROM THE MEDIA: Bruce Reed, deputy chief of staff to United States President Joe Biden, took the stage at a press event on October 4 to celebrate a milestone for his administration. They would be releasing a blueprint for use of artificial intelligence that would guide future policies around its ethical use. “Most Americans think Washington can be better at artificial than at intelligence, but this is a group that got it right,” Reed said, before arguing that tech should be used to strengthen democracy rather than undermine it. “We’re kicking off this work, leading by example, with real commitments from across the federal government.”
READ THE STORY: Mondoweiss
MIT’s tissue-box-sized satellite achieves fastest laser link from space yet
FROM THE MEDIA: A small satellite developed by engineers at the Massachusetts Institute of Technology (MIT) has set a new record for data transmission between a satellite and Earth. MIT’s TeraByte InfraRed Delivery (TBIRD) system has delivered terabytes of data from a satellite to Earth at record-breaking rates of up to 100 gigabits per second (100 Gbps) – a rate that will transform future science missions. This data transfer rate is more than 1,000 times higher than that of the radio-frequency links traditionally used for satellite communication and the highest ever achieved by a laser link from space to ground.
READ THE STORY: InceptiveMind
Law enforcement agencies can extract data from thousands of cars’ infotainment systems
FROM THE MEDIA: Data managed by infotainment systems in modern vehicles are a valuable source of information for the investigation of law enforcement agencies. Modern vehicles come with sophisticated infotainment systems that are connected online and that could represent an entry point for attackers, as demonstrated by many security experts over the years. Law enforcement and intelligence worldwide are buying technologies that exploit weaknesses in vehicle systems.
READ THE STORY: Security Affairs
Rocket Lab forms dedicated military and intelligence unit
FROM THE MEDIA: Rocket Lab has created a US-based, wholly-owned subsidiary “to serve the defense and intelligence community”. Rocket Lab National Security LLC “will deliver reliable launch services and space systems capabilities to the US Government and its allies”, the Kiwi-American firm says. Publicizing its new defense unit marks a shift in optics by the Kiwi-American company, which has previously downplayed that aspect of its business, notwithstanding that military grants and contracts have always figured large.
READ THE STORY: NZHERALD
Items of interest
Cyber Attacks on AIIMS India state Chinese Involvement
FROM THE MEDIA: A few days ago, the All-India Institute of Medical Sciences (AIIMS) based in Delhi was hit by a cyber attack of ransomware variant and sources report that the hackers are demanding Rs 200 Crores to return the stolen information belonging to millions of patients that would be otherwise sold on the dark web. According to a probe conducted by CERT-IN, Chinese involvement is suspected behind the incident and reports are in that the hackers targeted a few of the other government agencies whose attack details are yet to be made public.
READ THE STORY: Cyber Security Insiders
Cyber Warfare in the 21st Century (Video)
FROM THE MEDIA: Cyber Warfare .
Matthew Garrett: Who watches the scooters (Video)
FROM THE MEDIA: You put a bunch of scooters online and you have an app that can tell you if you're near one so you can hire it. But what can people do with that knowledge?
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com