Wednesday, December 14, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Putin to choose cyber warfare before nuclear weapons, former NSA chief says
FROM THE MEDIA: Retired Gen. Keith Alexander, the former National Security Agency director and head of U.S. Cyber Command, said on Tuesday that Russian President Vladimir Putin is likely to continue using cyberattacks against Ukraine before using nuclear weapons. Alexander explained that although Russia hasn’t done significant damage so far on the cyber front, Putin is not prepared to use nuclear weapons against Ukraine, as he knows doing so could pull the U.S. and other NATO countries into the war.
READ THE STORY: The Hill
How The Anonymous Hacker Group Wages Cyber Warfare
FROM THE MEDIA: While some people choose to protest through marches or sit-ins, a select group of computer hackers use their talents to wage cyberattacks as part of the collective known as Anonymous. The origins of this group are murky, but they’ve made a name for themselves over the years by targeting high-profile institutions, including the Church of Scientology, the CIA and the Russian government, as a form of hacktivism. Their usual form of online warfare is a distributed denial of service attack, known as DDoS, when a server is overwhelmed by an increase in traffic, according to Cloudflare.
READ THE STORY: Yahoo Entertainment
Mapping Threat Intelligence to the NIST Compliance Framework
FROM THE MEDIA: It is estimated that compliance drives 50% of the spend in the cybersecurity industry. Recently, some of our customer, defender-side colleagues indicated that threat intelligence was not typically considered within compliance frameworks. The main reason for this was noisy data feeds, a lack of identifiable metrics, and the lack of actionable intelligence related to the customer's pain points. Using the NIST Framework, organizations assess their current security posture, agree to organizational goals, understand their gaps and develop plans to optimize their security posture.
READ THE STORY: SecurityWeek
Russian disinformation rampant on far-right social media platforms
FROM THE MEDIA: A report released Tuesday by the Stanford Internet Observatory and the social media analytics firm Graphika documents how suspected Russian information operators are exploiting a lack of enforcement on alternative social media platforms to target right-wing users with politically divisive disinformation. The new research portrays a freewheeling alternative social media universe on platforms like Gab, Gettr, Parler and Truth Social where Russian information operators can freely share disinformation due to the lack of content moderation.
READ THE STORY: Cyberscoop
Cyber-espionage group Cloud Atlas targets Russia and its supporters
FROM THE MEDIA: The cyber-espionage group Cloud Atlas has ramped up activities targeting Russia, Belarus and disputed parts of Ukraine and Moldova since Russia’s invasion this year, according to a new report. he group has been active since 2014, according to research published by Check Point last week, but since the outbreak of the war in Ukraine it has mainly attacked “high profile victims” in Russia, Belarus, Transnistria (a pro-Kremlin breakaway region of Moldova), and Russian-annexed territories of Ukraine, including Crimea, Luhansk, and Donetsk. The goals of the group are espionage and theft of confidential information, according to researchers from Positive Technologies. It is not yet clear who is behind the group.
READ THE STORY: The Record
For Congress to confront cybersecurity, reps push to ramp up cyber literacy
FROM THE MEDIA: A bipartisan pair of House lawmakers on Tuesday pushed for support in enhancing literacy when it comes to cybersecurity, expressing urgency on the matter before the U.S. experiences a “doomsday”-like attack. As the expected incoming chair of the House Energy and Commerce Committee, Rep. Cathy McMorris Rodgers (R-Wash.) said the issue would be a top focus in the next Congress when the GOP will have the majority. “We need to do more education, have some hearings around what the growing threat around cyberattacks are,” Rodgers told The Hill’s Contributing Editor Steve Clemons at the Risk to Reliance event held at the Bipartisan Policy Center.
READ THE STORY: The Hill
Fleet and Freight Cyber Considerations for Protecting America’s Roads
FROM THE MEDIA: The United States has one of the most extensive vehicle transportation networks in the world, totaling more than 4 million miles of interstate highways, city freeways and rural roads. It makes sense, given the size of the country and the cost-effectiveness of ground-based systems in getting people and products from point A to point B as efficiently as possible. But it also comes with potential challenges. According to the National Highway Traffic Safety Administration, there were 42,915 motor vehicle–related fatalities in 2021, the largest number since 2005. While education about safe driving techniques and additional traffic enforcement can temporarily reduce the risk of crashes and fatalities, human nature inevitably leads drivers to make occasional rash decisions — choices that could cost their lives, those of their passengers and other drivers.
READ THE STORY: StateTech
TPG Telecom joins list of hacked Australian companies, shares slide
FROM THE MEDIA: Internet services provider TPG Telecom Ltd became the latest Australian company to fall victim to a high-profile cyberattack, announcing on Wednesday that the emails of up to 15,000 of its corporate customers had been accessed. Its shares fell on the news, closing down 2.8%. At least eight other Australian companies have gone public about hacks since October, prompting public outrage and the government to say last week it is developing a new cybersecurity strategy to tackle threats. It is also considering banning the payment of ransom to cyber criminals.
READ THE STORY: Yahoo Finance
I SPY WITH MY LITTLE EYE: Spies release Christmas card puzzle to find future codebreakers among UK schoolkids
FROM THE MEDIA: Spies at the government’s listening post have released their annual Christmas card puzzle – and it is aimed at teams of school kids to help find the next Alan Turing. Turing cracked the Nazi’s Enigma which helped win World War Two and is considered the father of modern computing. A series of “fiendish” Christmas conundrums cover languages, engineering, codebreaking, analysis, maths, coding and cyber security – all key skills for GCHQ spooks. They are included on spy chief Jeremy Fleming’s official Christmas card which is sent to partners and allied intelligence services around the world.
READ THE STORY: The U.S. Sun
It’s complicated:
psychology and national
security decisions
FROM THE MEDIA: The claim that Australia’s current national security environment has few precedents has almost become a cliché. Home Affairs Minister Clare O’Neil most recently asserted that “Australia faces the most dangerous set of strategic circumstances since the Second World War” and that “there would be few five-year periods in which Australia’s national security picture has changed so much”. But what really distinguishes Australia’s current predicament from earlier eras? It’s not necessarily danger: the Cold War, which dominated Australian national security for decades, was more dangerous than many now remember. It turned hot in Australia’s region more than once. Australia has been at war many times since 1945.
READ THE STORY: The Interpreter
Iranian influence and threats growing in the UK, says security minister
FROM THE MEDIA: Britain is facing growing interference, threats and influence from state actors including Iran, security minister Tom Tugendhat has warned. Since 10 Iranian plots were revealed in November more incidents have come to light. Foreign meddling of this nature, he said, poses monumental challenges to freedom of speech in the UK and residents' way of life. Speaking at London-based think tank Policy Exchange on Tuesday, he said that “acute threats” to national security require an immediate response. “But it is the strategic threats to our democracy because the actors are part of a systemic campaign over a long period of time to degrade our sovereignty that concern me most,” he added.
READ THE STORY: The National News
North Korea wants dollars. It’s a sign of trouble
FROM THE MEDIA: When Kim Jong Un, the leader of North Korea, ascended to power more than a decade ago, he repeated two promises that his family has made since founding the country in 1948: to strengthen the military and to improve the economy. On the military front, Kim, 38, has delivered more than his father and grandfather who ruled before him, accelerating the country’s nuclear and missile programs. On the economic front, he has struggled, an already isolated country made more so by years of international sanctions over his nuclear program and border closures since the pandemic.
READ THE STORY: DH
US, South Korea, Japan Seek to Curb North Korea’s Illicit Cyber Activities
FROM THE MEDIA: Senior diplomats from the United States, South Korea, and Japan agreed Tuesday to boost efforts to curb North Korea’s illicit cyber activities and other methods to finance its nuclear program and evade international sanctions. Meeting in Indonesia’s capital, the three envoys in charge of North Korea’s nuclear program also agreed to strengthen their trilateral security cooperation in the face of North Korea’s advancing nuclear and missile arsenals. In his opening remarks, Sung Kim, the U.S. envoy who also serves as Washington’s ambassador in Jakarta, said that North Korea’s provocative run of missile tests this year has proven yet again that the North “presents one of the most serious security challenges in the region and beyond.”
READ THE STORY: The Diplomat
Continued Exploitation and Evolution of ProxyShell Vulnerabilities
FROM THE MEDIA: In August 2021, threat actors started to exploit ProxyShell vulnerabilities in certain Microsoft Exchange Server versions. Today, not only is Kroll seeing actors continue to leverage ProxyShell in larger network intrusions but also now organizations must also be on guard for the so-called ProxyNotShell vulnerabilities, which surfaced in September 2022. ProxyShell, collectively known as CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207, allows remote code execution (RCE) without authentication on vulnerable deployments.
READ THE STORY: KROLL
Gulf leaders find new partner in China, challenging US dominance
FROM THE MEDIA: The United States is no longer the sole superpower active in the Arab Gulf. This was the message from a weekend summit in Saudi Arabia between Chinese President Xi Jinping and Arab leaders. Participants called it a “milestone,” cementing political ties and paving the way for a larger Chinese role in Arab economies and security. The Arab embrace of a more assertive China is a response both to criticism from U.S. President Biden’s administration and to Washington’s strategic pivot away from the Middle East toward Asia and Europe. More than that, what some observers are calling an “Arab-China renaissance” represents a bid by Gulf leaders for something they say the United States is failing to provide: a reliable partnership that won’t waver with the political winds.
READ THE STORY: CSM
Food and Beverage Manufacturers Face Mounting Cybersecurity Attacks
FROM THE MEDIA: Connectivity provides manufacturing plant operations many advantages like increased productivity, faster identification and remediation of quality defects, and better collaboration across functional areas. However, this connectivity is dramatically increasing smart factories’ vulnerabilities and leaving them exposed to cybersecurity threats. In a recent survey by Deloitte and the Manufacturers Alliance for Productivity and Innovation, 48% of respondents identified operational risks, which include cybersecurity, as the greatest danger to smart factory initiatives. Food and beverage processing plants are under particular assault.
READ THE STORY: Food Engineering
Australia vies with China for Pacific influence, signs new security deal
FROM THE MEDIA: Australia has signed a new security deal with Oceania island country Vanuatu as part of an ongoing competition with China for influence in the Pacific. The new security pact covers humanitarian assistance, disaster relief, law enforcement, cyber security, defense, border security and maritime safety. The full text of the agreement has yet to be released. "We all have a responsibility to ensure our sovereign decisions enhance the security of all members of the Pacific and we're deeply proud to be the Vanuatu principal security partner of choice," Australian Foreign Minister Penny Wong told reporters Tuesday in the capital of Port Vila.
READ THE STORY: NPR
China Startup Hopes Methane-Powered Rocket Will Beat SpaceX to Orbit
FROM THE MEDIA: A Chinese startup seeking to be the country’s answer to SpaceX is preparing a satellite launch that could beat Elon Musk’s company and other rivals by relying on the next generation of rocket fuel. LandSpace Technology Corp. expects to launch an uncrewed rocket that burns a combination of liquid methane and liquid oxygen to put its payload into orbit on Wednesday, according to a person familiar with the matter. SpaceX and others have been developing rockets that can use methane-based fuel, thanks to its potential to be cleaner and safer than solid propellants, liquid hydrogen and other fuels currently used.
READ THE STORY: Bloomberg
Space Startup Wants to Build a Manufacturing Platform in Low Earth Orbit
FROM THE MEDIA: ThinkOrbital has big plans for low Earth orbit, designing an orbital platform that could be used to manufacture products in space, as well as remove and recycle space debris. The spherical structure, which was named the ThinkPlatform, would be a free-flying, non-pressurized platform that would either operate as part of a larger commercial station or it could dock with a spacecraft like SpaceX’s Starship, Lee Rosen, ThinkOrbital’s co-founder, president and chief strategy officer, told SpaceNews in an interview published Monday. Last year, NASA rejected ThinkOrbital’s commercial space station concept. Instead, the space agency awarded $415.6 million for space station proposals from Blue Origin, Nanoracks and Northrop Grumman. But the Colorado-based company is still vying for a spot in low Earth orbit, and Rosen believes that ThinkOrbital’s new concept is more viable.
READ THE STORY: Gizmodo
SpaceX supports expanding use of 12.7-13.25 GHz band for mobile broadband: FCC filing
FROM THE MEDIA: SpaceX added its support for expanding the use of the 12.7-13.25 GHz Band for mobile broadband in a new filing with the Federal Communications Commission (FCC) on Tuesday. The company noted that although it was already licensed to use the band for uplink operations, it submitted its comment in support of the Notice of Inquiry that the FCC will consider other productive uses of in the U.S. “SpaceX’s support of this NOI is consistent with its general encouragement of sharing spectrum—when technically feasible—to enable competition and ensure all spectrum is put to its highest and best use. In fact, SpaceX shares all of the spectrum it is licensed to use, both with competing next-generation satellite systems and with other technologies and Federal users.
READ THE STORY: TESLARATI
Apple security update fixes new iOS zero-day used to hack iPhones
FROM THE MEDIA: In security updates released today, Apple has fixed the tenth zero-day vulnerability since the start of the year, with this latest one actively used in attacks against iPhones. The vulnerability was disclosed in security bulletins released today for iOS/iPadOS 15.7.2, Safari 16.2, tvOS 16.2, and macOS Ventura 13.1, with Apple warning that the flaw "may have been actively exploited" against previous versions. The bug (CVE-2022-42856) is a type confusion issue in Apple's Webkit web browser browsing engine. The flaw was discovered by Clément Lecigne of Google's Threat Analysis Group, allowing maliciously crafted web content to perform arbitrary code execution on a vulnerable device.
READ THE STORY: Bleeping Computer
Malware campaign targets official Python and JavaScript repos
FROM THE MEDIA: An active malware campaign is targeting official Python and JavaScript repositories. Software supply chain security firm Phylum spotted the campaign. Phylum said that it discovered the campaign after noticing a flurry of activity around typosquats of the popular Python requests package. Typosquats take advantage of simple typos to install malicious packages. In this case, the PyPI typos include: dequests, fequests, gequests, rdquests, reauests, reduests, reeuests, reqhests, reqkests, requesfs, requesta, requeste, requestw, requfsts, resuests, rewuests, rfquests, rrquests, rwquests, telnservrr, and tequests.
READ THE STORY: Developer-Tech
Ransomware Gang Abused Microsoft Certificates to Sign Malware
FROM THE MEDIA: LESS THAN TWO weeks ago, the United States Cybersecurity & Infrastructure Security Agency and FBI released a joint advisory about the threat of ransomware attacks from a gang that calls itself “Cuba.” The group, which researchers believe is, in fact, based in Russia, has been on a rampage over the past year targeting an increasing number of businesses and other institutions in the US and abroad. New research released today indicates that Cuba has been using pieces of malware in its attacks that were certified, or given a seal of approval, by Microsoft. Cuba used these cryptographically signed “drivers” after compromising a target's systems as part of efforts to disable security scanning tools and change settings.
READ THE STORY: Wired
Lockbit ransomware gang hacked California Department of Finance
FROM THE MEDIA: On December 12, the California Department of Finance confirmed the security incident with a statement. “The California Cybersecurity Integration Center (Cal-CSIC) is actively responding to a cybersecurity incident involving the California Department of Finance.” reads the statement. “The intrusion was proactively identified through coordination with state and federal security partners. Upon identification of this threat, digital security and online threat-hunting experts were rapidly deployed to assess the extent of the intrusion and to evaluate, contain and mitigate future vulnerabilities. The response effort includes multiple public and private agencies including the partners who make up the Cal-CSIC: the Governor’s Office of Emergency Services, Department of Technology, California Military Department and California Highway Patrol.”
READ THE STORY: Security Affairs
FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked
FROM THE MEDIA: InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself.
READ THE STORY: KrebsonSecurity
New GoTrim botnet brute forces WordPress site admin accounts
FROM THE MEDIA: A new Go-based botnet malware named 'GoTrim' is scanning the web for self-hosted WordPress websites and attempting to brute force the administrator's password and take control of the site. This compromise may lead to malware deployment, injection of credit card stealing scripts, hosting of phishing pages, and other attack scenarios, potentially impacting millions depending on the popularity of the breached sites. The botnet is notorious in the cybercrime underground, but Fortinet became the first cybersecurity firm to analyze it, reporting that while the malware is still a work in progress, it already has potent capabilities.
READ THE STORY: Bleeping Computer
Chinese hackers innovate to get round proliferating cybersecurity laws and monetize their activities
FROM THE MEDIA: Where cybercrime is concerned, it seems the Chinese government’s blunderbuss approach to state and cybersecurity means that it sometimes shoots itself in the foot as it introduces more and more restrictive legislation to further enhance its control over its already heavily surveilled population. A detailed and very informative report from Insikt Group, the threat research division of Recorded Future, a private cybersecurity company based in Somerville, Massachusetts in the US that specializes in the collection, processing, analysis, and dissemination of threat intelligence, shows that part of the reaction to the layering of new restrictions on already deeply repressive legal foundations has resulted in Chinese cybercriminals resorting to imaginative, innovative ways to monetize their activities.
READ THE STORY: Telecom TV
Apple fixes ‘actively exploited’ zero-day security vulnerability affecting most iPhones
FROM THE MEDIA: Apple has confirmed that an iPhone software update it released two weeks ago fixed a zero-day security vulnerability that it now says was actively exploited. The update, iOS 16.1.2, landed on November 30 and rolled out to all supported iPhones — including iPhone 8 and later — with unspecified “important security updates.” In a disclosure to its security updates page on Tuesday, Apple said the update fixed a flaw in WebKit, the browser engine that powers Safari and other apps, which if exploited could allow malicious code to run on the person’s device. The bug is called a zero-day because the vendor is given zero day’s notice to fix the vulnerability.
READ THE STORY: TC
Items of interest
Hackers Planted Files to Frame an Indian Priest Who Died in Custody
FROM THE MEDIA: THE CASE OF the Bhima Koregaon 16, in which hackers planted fake evidence on the computers of two Indian human rights activists that led to their arrest along with more than a dozen colleagues, has already become notorious worldwide. Now the tragedy and injustice of that case is coming further into focus: A forensics firm has found signs that the same hackers also planted evidence on the hard drive of another high-profile defendant in the case who later died in jail—as well as fresh clues that the hackers who fabricated that evidence were collaborating with the Pune City Police investigating him.
READ THE STORY: Wired
Chinese MSS 2014 Cyber Espionage on Japanese Monju Nuclear Power Plant (Video)
FROM THE MEDIA: In January 2014 a cyber espionage operation took place at the Monju Nuclear Power Plant of Japan. Later on, experts attributed it to China's Ministry of State Security (MSS). The operation used a software supply-chain attack targeting the GOM Player of South Korea to infiltrate the power plant.
The Invisible World War: Why Cyber Warfare Is Everywhere (Video)
FROM THE MEDIA: Cyberwarfare is a new form of war in the era of technology that is used by governments like the United States, China, and Russia to compromise security and hack infrastructure.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com