Thursday, December 08, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Iranian hackers accused of targeting diamond industry with wiper malware
FROM THE MEDIA: Hackers allegedly connected to the Iranian government have been accused of targeting diamond companies in South Africa, Israel and Hong Kong with a wiper malware built to destroy data. Researchers from ESET attributed the wiper tool – named Fantasy – to the Agrius APT group, which other researchers have indicated has ties to Iran’s government. ESET said the group is a newer Iran-aligned group targeting victims primarily in Israel and the United Arab Emirates since 2020.
READ THE STORY: The Record // THN
Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers
FROM THE MEDIA: An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware. The discovery, reported by Google Threat Analysis Group researchers Benoît Sevens and Clément Lecigne, is the latest set of attacks perpetrated by ScarCruft, which is also called APT37, InkySquid, Reaper, and Ricochet Chollima.
READ THE STORY: THN // Reuters // Duo // VOA // The Record
How the Decades-Long Chinese Espionage Campaign "Stole" US Military Technology
FROM THE MEDIA: Paradigm-changing deep-penetrating warheads, new hardened, heat resistant nano-composite materials enabling hypersonic weapons flight, vertical take-off-and-landing drones and a new generation of submarine “quieting” technologies are all massively impactful breakthrough technology of vital significance to cutting-edge and future US weapons systems. All of these areas of innovation and scientific exploration, some of which involved the discovery and development of “disruptive” or breakthrough technologies, were heavily focused upon in recent decades at the well known, prestigious US Los Alamos National Laboratory.
READ THE STORY: Warrior Maven
UK lawmakers warned of cyber-attacks and possible harassment from Iranian operatives
FROM THE MEDIA: British lawmakers have been warned to be on alert for cyber-attacks and possible harassment from Iranian operatives, according to correspondence sent to lawmakers in both the upper and lower chambers last month. In letters sent on November 21, which were obtained by CNN, the speakers of the House of Commons and the House of Lords reminded members of parliament to increase the security of their mobile devices. The speakers said the police and intelligence agencies had not discovered “any hostile Iranian activity specifically focused on Parliamentarians.”
READ THE STORY: CNN
U.S. Security Reviews of Foreign Tech Are Going Wide
FROM THE MEDIA: Communications Commission banned the sale of equipment in the U.S. made by Chinese tech firms Huawei and ZTE . It was the first time the agency blocked the commercial sale of technology equipment on national security grounds. Then, last week, Team Telecom, the U.S. executive branch committee that screens foreign-linked telecommunications projects for national security risks, recommended blocking a proposed submarine cable from Cuba to the United States. Part of the stated concern was that Cuban intelligence could access sensitive information flowing over the infrastructure.
READ THE STORY: Barrons // The Epoch Times
How Railroads Mitigate Cyberthreats Against Their Networks
FROM THE MEDIA: What if hackers attacked a rail company 2,745,267 times in just six weeks? This was the thought experiment conceived by Project Honeytrain, which was created in 2015 by European security experts to analyze how cybercriminals would gain access to a Potemkin railroad created wholly online. The primary method of assault was millions of automated dictionary attacks, which work to break unknown passwords. Some hackers got inside and wrested control of the headlight system on a hypothetical locomotive. The top country originating the incursions? China.
READ THE STORY: StateTech
Data Brokers Are a Threat to National Security
FROM THE MEDIA: While there are numerous definitions of data brokers, at their core, data brokers collect and sell information on individuals with whom they have no “direct relationship.” More important, though, is the “data brokerage ecosystem,” which includes not only the brokers but also companies that provide a product to consumers and, in return, gather information from them. Billions of data points are collected on Americans. Every time a product is purchased, a smart car is driven, or an application is downloaded, new data points are created.
READ THE STORY: USNI
IT Army of Ukraine Hit Russian Banking Giant with Crippling DDoS Attack
FROM THE MEDIA: Russia’s second-largest bank experienced the largest cyber attack (DDoS attack) in its history. The government-controlled St Petersburg-based VTB financial institution announced on Tuesday that it was experiencing an “unprecedented cyber attack from abroad.” The bank warned customers of temporary difficulties in accessing its mobile app and website due to the ongoing DDoS attack (distributed denial of service attack) but assured them that their data remained safe. VTB stores its customer data in the internal perimeter of its infrastructure which the attackers did not breach.
READ THE STORY: HACKRead
Israel targeted by suspected Iranian threat actor
FROM THE MEDIA: A new ransomware group that is apparently motivated more by politics than profit has been spotted in the wild by cyber defense company Cyble. Calling itself BlackMagic, it is believed to be linked to Iran and primarily going after companies in Israel. The group appears to be opting for the double extortion tactic, stealing the victim organization’s vital data as well as rendering it beyond the owner’s use by encrypting it. “During a routine threat-hunting exercise, Cyble came across a new group named BlackMagic,” said the analyst.
READ THE STORY: Cybernews
CloudSEK claims it was hacked by another cybersecurity firm
FROM THE MEDIA: Indian cybersecurity firm CloudSEK says a threat actor gained access to its Confluence server using stolen credentials for one of its employees' Jira accounts. While some internal information, including screenshots of product dashboards and three customers' names and purchase orders, was exfiltrated from its Confluence wiki, CloudSEK says the attackers didn't compromise its databases. "We are investigating a targeted cyber attack on CloudSEK. An employee's Jira password was compromised to get access to our confluence pages," the company's CEO and founder, Rahul Sasi, said on Tuesday.
READ THE STORY: Bleeping Computer
Ensuring compliance without compromising on IT modernization initiatives
FROM THE MEDIA: Balancing the need to meet today’s security goals and existing compliance mandates demands a more modern approach to cloud workloads, says a former federal security leader now working at Google. That is why Google Cloud is working to modernize the way it integrates compliance controls into its platform that can help government customers more easily integrate federal and DOD frameworks into their workloads. “’Compliance without compromise’ means bringing the best of Google in a way that government can use because we are compliant with their various FedRAMP and DOD frameworks.
READ THE STORY: Cyberscoop
New Zerobot malware has 21 exploits for BIG-IP, Zyxel, D-Link devices
FROM THE MEDIA: A new Go-based malware named ‘Zerobot’ has been spotted in mid-November using exploits for almost two dozen vulnerabilities in a variety of devices that include F5 BIG-IP, Zyxel firewalls, Totolink and D-Link routers, and Hikvision cameras. The purpose of the malware is to add compromised devices to a distributed denial-of-service (DDoS) botnet to launch powerful attacks against specified targets. Zerobot can scan the network and self-propagate to adjacent devices as well as run commands on Windows (CMD) or Linux (Bash).
READ THE STORY: Bleeping Computer
Vice Society ransomware 'persistent threat' to education sector
FROM THE MEDIA: Vice Society is actively targeting the education sector, with 33 schools listed on its public data leak site so far this year, according to new research. Using information collected from incident response cases and Vice Society's victims list, Palo Alto Networks' Unit 42 threat researcher J.R. Gumarin determined that the ransomware group remains a "persistent threat" to K-12 and higher education institutions.
READ THE STORY: TechTarget
Apple unveils new cybersecurity measure for iMessage, iCloud and more
FROM THE MEDIA: Apple announced several new security features designed to better protect users from an array of emerging threats. On Wednesday, the tech giant unveiled three new features: iMessage Contact Key Verification, Security Keys for Apple ID and Advanced Data Protection for iCloud. The new features for iMessage will allow users to verify that they are only sending messages to the intended person and the Apple ID tool will give customers the chance to mandate that a physical security key is needed to sign into their Apple ID account.
READ THE STORY: The Record // AXIOS
Musk launches govt-focused satellite internet service called Starshield
FROM THE MEDIA: Elon Musk-run SpaceX has announced a new government-focused satellite internet service called Starshield with a focus on "national security".
Starshield leverages SpaceX's Starlink technology and launch capability to support national security efforts, the company said on its website. While Starlink is designed for consumer and commercial use, Starshield is designed for government use, with an initial focus on three areas: Earth observation, communications and hosted payloads.
READ THE STORY: ET
Defense Innovation Unit seeks commercial options to deploy satellites in deep space
FROM THE MEDIA: The Defense Innovation Unit is seeking proposals for commercial services to deploy and operate payloads in outer space beyond Earth orbit, an area known as cislunar space. DIU, a Defense Department agency created to bring commercially developed technology into military programs, is looking for “responsive access” to the vast region of space that begins at geosynchronous Earth orbit and extends out to the Earth-moon Lagrange point on the far side of the moon.
READ THE STORY: SN
“Commercial Spyware” Vendor Linked to Exploitation Framework Using Zero-Days in Chrome, Firefox and Windows
FROM THE MEDIA: A spyware vendor in Spain has been linked to a zero-day exploitation framework that impacted Windows, as well as the Chrome and Firefox browsers, from 2018 to 2021. Variston IT, based in Barcelona, publicly bills itself as a security firm. The exploitation framework is not advertised on its website, and it is unclear exactly who the firm was providing this spyware to. The exploitation framework was outlined by Google’s Threat Analysis Group in a recent blog post. Though Variston IT does not advertise or claim the spyware, the Google researchers presented markers found in its code including a script that is signed by the company.
READ THE STORY: CPO
All Eyes on Colombia’s Tech Sector
FROM THE MEDIA: While the benefits and opportunities that technology and digitization have reaped for Colombia are undeniable—for example, for the innovation in commercial, productive, and scientific search, as well as making more agile several production and institutional processes, there are still very significant human elements that make its systems vulnerable to cybersecurity threats, espionage and breaches of information.
READ THE STORY: The Global Americans
Alphabet To Merge Waze And Google Maps Teams
FROM THE MEDIA: Alphabet to make some consolidation around its mapping and navigation units, amid pressure at the search engine giant to cut costs and consolidate operations. Reuters reported Google as saying on Thursday that it will merge its teams working on mapping service Waze and products like Google Maps, effective Friday 9 December, in a bid to consolidate processes. Google indicated that it didn’t expect any layoffs as part of the reorganization, but Waze CEO Neha Parikh will exit the company following a transition period.
READ THE STORY: Silicon
The Ethics of Espionage
FROM THE MEDIA: As the war in Ukraine continues, the pressure on western, Ukrainian and Russian spies to gain intelligence that will give one side a battlefield advantage is intense. At the same time, spies from all around the world are trying to gain insight into President Putin’s mind and predict what he might do next, including under what circumstances he would use nuclear weapons. There are also, hopefully, spies trying to gain insight into who might succeed Putin.
READ THE STORY: Aero
Equinix to reduce overall power by adjusting data center temperature range
FROM THE MEDIA: Equinix will begin to define a multi-year global roadmap for thermal operations within its data centers aimed at achieving more efficient cooling and decreased carbon impacts. IT equipment within data centers, including routers, servers and storage arrays, emit high levels of heat that requires data centers to be fitted with robust cooling systems to remove that heat. The initiative is expected to enable thousands of customers to reduce the Scope 3 carbon emissions associated with their data center operations.
READ THE STORY: iTwire
Inside Estonia’s efforts to help Ukraine fend off Russian hackers
FROM THE MEDIA: Ukraine has surprised the world with its ability to fend off major cyberattacks from Russia. And one small country — Estonia — has played an outsized role in helping them do so. The nation of just over 1 million, which has fought off cyberattacks inside its borders from Russia for years, is now leading many of the efforts to provide cyber threat intelligence, funding and critical international connections to protect Ukraine from Russian hackers.
READ THE STORY: Politico
Supply chains risk a dose of 'long-Covid' thanks to inflation and weak global markets
FROM THE MEDIA: While supply chain problems may have eased, they are far from over with further challenges on the horizon, according to a risk analysis by Massey University. Senior lecturer in supply chain management Dr Carel Bezuidenhout says that while New Zealand seems to be emerging from a period of unprecedented disruption, our supply chains still appear to be suffering from “a little bit of long-Covid”. A report on the outlook for 2023 from Massey’s supply chain risk analytics network shows inflation and weaknesses in global markets, combined with high inventory levels, labor shortages, freight issues and fall out from the war in Ukraine will continue to have an influence.
READ THE STORY: Stuff
New Arms War: Applications
FROM THE MEDIA: In three years working for the U.S. Air Force, Nic Chaillan stood up PlatformOne, a multi-cloud DevOps program supporting 100,000 developers writing battlefield programs for the U.S. Air Force, Navy and Army. The platform includes more than a thousand hardened open source programs (which he likens to Lego building blocks) shared between different branches of the armed forces and defense contractors serving these agencies. “PlatformOne is our DevSecOps enabler to allow Navy, Army and Air Force partners to build their systems, including connected weapons systems, with an agile frame of mind and to deliver capabilities into the hands of the warfighter multiple times a day rather than the three- to five-year cycles typically associated with updating government systems,” he explains.
READ THE STORY: Security Boulevard
Items of interest
DoD Space Policy Director Lays Out China’s Military Space Developments
FROM THE MEDIA: China has launched 150 satellites so far this year to bring its total to 650 and is expected to develop an anti-satellite (ASAT) weapon targeting Geosynchronous Earth orbit (GEO) systems, a top Pentagon official said on Dec. 6. “China has the operational direct ascent ASAT missile intended to target Low Earth Orbit satellites, and the intelligence community assesses that China probably intends to develop a similar system to target satellites up to Geosynchronous Earth orbit,” Travis Langster, the U.S. Department of Defense principal director of space and missile defense policy, told an Atlantic Council forum on U.S. preparation for future space contingencies.
READ THE STORY: Via Satellite
Why India Is Weaponizing Outer Space (Video)
FROM THE MEDIA: The Indian space organization has come a long way from its humble beginnings in the 1960s. At its inception, India's space program was driven by a desire to do good for the nation and its people.
Project NIKE: Earliest US Air Defense Program - Cold War DOCUMENTARY (Video)
FROM THE MEDIA: Our historical documentary series on the history of the Cold War continues with a video on the project NIKE - the earliest US Air Defense System.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com