Saturday, December 10, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
The Lord of War is back in the game
Analyst Comment: Viktor Bout was a historic figure in the black market arms world. With aged contacts (about two decades old) is he still a threat? In short yes - nations use assets to push their agendas - rumor has it Viktor was in bed with the GRU. His release was purposeful - standby to see how he is utilized in the Ukrainian conflict.
FROM THE MEDIA: How does the release of one of the world’s most notorious criminals threaten national security? DEREK MALTZ, a former Drug Enforcement Agency agent, helped lead the team that eventually took down Bout 14 years ago in Thailand. Before his capture, Bout worked across the world selling arms, including to militants in Africa, to Al Qaeda and to the Taliban. He was set to serve a 25-year prison sentence. Now, Maltz says though he is happy about Griner’s release, Bout’s poses perhaps an even greater threat to Americans than before he was arrested. He's back out there with the ability to cause harm and destruction around the world,” Maltz said in an interview. “And now he's going to be way smarter because he knows some of the techniques that have been used against him.”
READ THE STORY: Politico
Lawmakers request Twitter insight regarding PRC social media influence
Analyst Comment: Nation States using social media networks (SMN) for information operations (IO) is nothing new. Beijing’s Global Media Influence: Authoritarian Expansion and the Power of Democratic Resilience, details efforts by the Chinese government and its proxies IO campaigns attempts. Again not new - but they are evolving this capability.
FROM THE MEDIA: U.S. Reps. Raja Krishnamoorthi (D-IL), Adam Schiff (D-CA), and Jackie Speier (D-CA), members of the House Permanent Select Committee on Intelligence, recently forwarded correspondence to Twitter CEO Elon Musk regarding insight into People’s Republic of China (PRC) social media influence. The legislators inquired about the possibility the PRC may have used a network platform manipulation campaign on Twitter, resulting in restricted access to news about protests in the PRC, citing concerns about the potential impacts of PRC’s cyber capabilities.
READ THE STORY: HPN
How facial recognition allowed the Chinese government to target minority groups
FROM THE MEDIA: Journalist Alison Killing explains her investigation in Xinjiang, China, where the government has used facial recognition cameras to track Uyghurs and detain them in camps across the region. In 2021, she and her co-journalists won the Pulitzer Prize for International Reporting for their work investigating a network of detention camps in Xinjiang, China using satellite imagery and architectural techniques. Her other investigations have included: understanding how social media can be used to track user’s movements and migrant journeys.
READ THE STORY: WAMU
Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant
FROM THE MEDIA: Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe. The attacks targeting law firms throughout 2020 and 2021 involved a revamped variant of a malware called Janicab that leverages a number of public services like YouTube as dead drop resolvers, Kaspersky said in a technical report published this week. Janicab infections comprise a diverse set of victims located in Egypt, Georgia, Saudi Arabia, the UAE, and the U.K. The development marks the first time legal organizations in Saudi Arabia have been targeted by this group.
READ THE STORY: THN
Cyber’s Most Wanted: FBI Is Hunting 10 Russian Threat Actors
FROM THE MEDIA: Who are some of the most wanted Russian hackers and cyber threat actors? A partial list from the FBI includes six Russian military intelligence (GRU) officers, three members of the Energetic Bear threat actor group, and one computer programmer employed by an affiliate of the Russian Ministry of Defense. They represent 10 of the agency’s Cyber’s Most Wanted list of suspects. According to the FBI, all six are officers in Unit 74455 of the Russian military intelligence agency called the Main Intelligence Directorate (GRU). These individuals and their co-conspirators are known to the threat research community by the monikers: “Sandworm Team,” “Telebots,” “Voodoo Bear,” and “Iron Viking.”
READ THE STORY: Blackberry
Claroty unveils web application firewall bypassing technique
FROM THE MEDIA: OT security vendor Claroty developed an attack technique that would allow a threat actor to bypass the web application firewalls of several top vendors. The technique came from Claroty's threat research team Team82, which revealed the generic bypass in a blog post Thursday. The attack technique is generic, meaning it works against web application firewalls (WAFs) from multiple vendors. According to the blog post, the technique has been successfully tested against products from Amazon Web Services, Cloudflare, F5, Imperva and Palo Alto Networks.
READ THE STORY: TechTarget
New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm
FROM THE MEDIA: Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patched remote code execution (RCE) flaw in Netwrix auditor as well as the Raspberry Robin worm. "Post-compromise activity included data theft and the execution of Clop ransomware," security researcher Tiago Pereira said in a Thursday report.
READ THE STORY: THN
France is giving Cuba the cyber power that the USA denied it for so long
FROM THE MEDIA: According to a media report by Reuters, Cuba has announced that it has begun work with French telecoms operator Orange on an alternative underwater cable that will link it to the island of Martinique in a bid to beef up its connection to the global internet and broadband corridors. Reportedly, the Cuban state-run telecoms operator ETECSA has announced that the alternative undersea cable project, called ARIMAO, has started to take shape, noting in a statement that “all the permissions are in place for its deployment.”
READ THE STORY: TFIGlobal
Arctic Wolf: Log4Shell Has a Long Tail
FROM THE MEDIA: The ongoing exploit activities of the Log4Shell vulnerability (CVE-2021-44228) in the popular Apache Log4j open source logging tool remain on a high level one year after it was first disclosed on December 9, 2021, Arctic Wolf noted in recent research. The research showed one-quarter of the security vendor’s customers have been targeted with Log4Shell exploitation attempts since January, and Arctic Wolf found threat actors continue to use the exploit throughout the year. “When we originally investigated this vulnerability in December 2021, we immediately knew this one would have a long-lasting impact on organizations around the world and that it would be attractive for Cyber Criminals to exploit.
READ THE STORY: SDXcentral
Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware
FROM THE MEDIA: Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by a remote attacker to cause remote code execution or a denial-of-service (DoS) condition. The networking equipment major said it's working on a patch to address the vulnerability, which is tracked as CVE-2022-20968 (CVSS score: 8.1) and stems from a case of insufficient input validation of received Cisco Discovery Protocol (CDP) packets.
READ THE STORY: THN
TSMC’s $40 Billion Bet on U.S.-Made Chips: Just a Start
FROM THE MEDIA: This past Tuesday, Taiwan Semiconductor Manufacturing TSM –0.14% announced that it would expand its investments in Arizona to more than $40 billion—from its initial $12 billion commitment. TSMC’s first Arizona fab will begin making 4-nanometer chips in 2024, and a second will produce 3-nanometer chips by 2026. Smaller chips normally are faster and more power-efficient than larger ones. Forty billion is a big number, but it’s not a panacea. TSMC didn’t lay out a time frame to spend the money. And it will be a fraction of TSMC’s overall capital spending, which J.P. Morgan JPM –0.54% estimates at $100 billion from 2022 to 2024.
READ THE STORY: Barrons
Japanese tech leaders warn Beijing will ride out US chip sanctions
FROM THE MEDIA: Tech executives in Japan have warned that the latest US chip export controls are unlikely to suppress China’s progress in artificial intelligence and super computers, calling into question the long-term effectiveness of the sanctions. The warnings from Sony’s chief technology officer and NEC’s chief executive come as Washington tries to convince the Netherlands and Japan, both big players in the global chipmaking industry, to strike a trilateral deal that would impose further restrictions on China obtaining tools to make chips.
READ THE STORY: FT
Dutch computer chips found in Iranian killer drones used in the war in Ukraine
FROM THE MEDIA: Iranian weapon drones used in the war in Ukraine contained chips supplied from Dutch companies. The British research organization Conflict Armament Research (CAR), which is responsible for researching Western technology in Iranian drones, confirmed this to the Dutch newspaper AD. Deputy Director of Operations at Conflict Armament Research Damien Spleeters said "Most of the western components we found were made between 2020 and 2021. There are also Dutch components among them. "In the summer of this year, the Dutch chip companies NXP and Nexperia received the message that their chips were found in Russian drones.
READ THE STORY: NLTIMES
The U.S.’s tech future depends on securing rare metals
FROM THE MEDIA: The Dec. 6 editorial “The future depends on chips. Is the U.S. ready?” rightly argued that chips are critical to U.S. security readiness and global competitiveness. But it was shortsighted. The problem is not the unreliable supply of chips; it’s the increasingly tight supply of the rare metals necessary to make them. With global consumption growing at an annual rate of 3 to 5 percent, demand for rare metals already outstrips supplies — and is projected to be five to 10 times greater by 2040 than today.
READ THE STORY: WP
Why deepfake phishing is a disaster waiting to happen
FROM THE MEDIA: Everything isn’t always as it seems. As artificial intelligence (AI) technology has advanced, individuals have exploited it to distort reality. They’ve created synthetic images and videos of everyone from Tom Cruise and Mark Zuckerberg to President Obama. While many of these use cases are innocuous, other applications, like deepfake phishing, are far more nefarious. A wave of threat actors are exploiting AI to generate synthetic audio, image and video content that’s designed to impersonate trusted individuals, such as CEOs and other executives, to trick employees into handing over information.
READ THE STORY: VB
Legit Android apps poisoned by sticky 'Zombinder' malware
FROM THE MEDIA: Threat researchers have discovered an obfuscation platform that attaches malware to legitimate Android applications to lure users to install the malicious payload and make it difficult for security tools to detect. Analysts with cybersecurity vendor ThreatFabric found the platform, named "Zombinder," on the darknet while investigating a campaign that targeted both Android and Windows users with different types of malware. Zombinder came to light while the researchers were analyzing a campaign involving the Ermac Android banking trojan. That effort yielded evidence of another campaign using multiple trojans aimed at both Android and Windows systems.
READ THE STORY: The Register
This ransomware gang is a right Royal pain in the AES for healthcare orgs
FROM THE MEDIA: Newish ransomware gang Royal has been spotted targeting the healthcare sector, the US Department of Health and Human Services (HHS) has said. The crew emerged this year, and follows the standard double extortionware playbook: it steals data from infected networks, encrypts those files, and then demands a fee to recover the data and to also not publicly leak the documents. In a security bulletin this week HHS told healthcare organizations to be on alert. After Royal gangsters compromise a victim's network, they typically demand organizations cough up between $250,000 to more than $2 million each, we're told.
READ THE STORY: The Register
How ChatGPT is changing the way cybersecurity practitioners look at the potential of AI
FROM THE MEDIA: In certain cybersecurity circles, it has become something of a running joke over the years to mock the way that artificial intelligence and its capabilities are hyped by vendors or LinkedIn thought leaders. That’s partly why the reaction from information security professionals over the past week to ChatGPT has been so fascinating. A community already primed to be skeptical around modern AI has become fixated on the real potential cybersecurity applications of a machine-learning chatbot.
READ THE STORY: SCMAG
Drone Incursions on Rise: New form of Cross-Border Terrorism
FROM THE MEDIA: As per the data released by the Government of India, 171 unmanned aerial vehicles (UAV) or drones from Pakistan entered Punjab in the nine months from 1 January 2022 to 30 September 2022. Another 20 were seen in the Jammu sector, making the total 191. Seven were reportedly shot down by the Border Security Force (BSF) personnel in Punjab’s Amritsar, Ferozepur and Abohar regions. The actual observations of drones have been much higher, as some never crossed over for some reasons. This has become a major internal and external security concern for India.
READ THE STORY: iDR
Keystone pipeline shutdown could lead to shortage in US
FROM THE MEDIA: The shutting down of the Keystone Pipeline after the largest oil spill in a decade could lead to a crude supply shortage in the US, experts said Friday. The pipeline carries crude oil to the US from Alberta, Canada and US Transportation Secretary Pete Buttigieg announced Friday it was shut down Wednesday after leaking 14,000 barrels into a creek in the American state of Kansas. "We are monitoring amp; investigating the Keystone Pipeline leak first detected (Wednesday) night," Buttigieg wrote on Twitter. He said an order was issued "requiring a shutdown of the affected segment, analysis of the cause, and other safety measures."
READ THE STORY: Yeni Safak // Reuters
Satellite Image Shows Saudi Arabia's Sci-Fi Megacity 'The Line' Is Actually Being Built
FROM THE MEDIA: Saudi Arabia’s bizarre new megacity, “The Line,” is going full steam ahead. While construction began on the project in October, new satellite images have revealed how much ground the project has covered, the scale of the city’s length, and the layout of its construction site. MIT’s Technology Review reviewed satellite images of The Line’s construction site from an Australian company called Soar, with a photo of the main base camp having been taken by a satellite from Chang Guang Satellite Technology Corporation on October 22, 2022.
READ THE STORY: Gizmodo
Telstra privacy breach sees customer details made public
FROM THE MEDIA: The details of more than 130,000 Telstra customers have been published online due an internal error. Some names, addresses and phone numbers have been listed incorrectly on the White Pages and Directory Assistance Services websites, Telstra said. The company said no cyber hack was involved and called it "a result of the misalignment of databases." "We are removing the identified impacted customer details from the Directory Assistance service and the online version of the White Pages," Telstra Chief Financial Officer Michael Ackland said.
READ THE STORY: 9 News
What ChatGPT know about API Security
FROM THE MEDIA: There is no doubt that you heard about and seen the latest OpenAI’s brilliant called ChatGPT. It can write poems, speak many languages, answer questions, play chess, make code and impress everyone. In this post, we show a few more of how this AI model is good in cybersecurity, in particular in API Security implementations. ChatGPT is a natural language processing (NLP) model that uses large amounts of data to generate human-like responses to chat messages. It was trained on a dataset of over 1.3 billion words from various sources, including social media conversations, books, and news articles. The model uses GPT-3, the largest and most powerful language model to date, to generate responses that are relevant and coherent to the input text. Because of the wide range of data sources used for training, ChatGPT can answer a lot of questions, even on a super specific topic, such as API Security.
READ THE STORY: Security Boulevard
Items of interest
Analysis of U.S. Ability to Counter the Russian Threat in the Arctic
FROM THE MEDIA: From the end of World War II until the fall of the Soviet Union in 1991, the United States and Russia stood on opposing sides of a potential conflict. Through the U.S. strategies of containment and limited war, mutual destruction was avoided, and the spread of communism was held back. Eventually, economic pressure, partially caused by the arms race and partially deriving from the fallacy of communist economics, destroyed the Soviet Union. Unfortunately, it was replaced with the new Russia, which has similar expansionist goals.
READ THE STORY: Modern Diplomacy
Diamond industry under attack – Week in security with Tony Anscombe (Video)
FROM THE MEDIA: This week, ESET researchers published their findings about a new wiper, Agrius, and its execution tool, Sandals, both attributed to the Iran-aligned Agrius APT group. The researchers discovered the malicious tool while analyzing a supply-chain attack that abused an Israeli software developer.
SpaceX Starlink HACKED or Even Worse (Video)
FROM THE MEDIA: Elon Musk SpaceX Starlink was hacked or maybe even worse!
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com