Thursday, May 12, 2022 // (IG): BB //Weekly Sponsor: Unsafe Waters
Attackers eye vulnerabilities in Windows Print Spooler
FROM THE MEDIA: Researchers from Kaspersky say the number of attacks exploiting vulnerabilities in Windows Print Spooler have risen significantly over the past four months. Despite Microsoft regularly releasing patches for its Print Spooler, software that manages the printing process, bad actors continue to actively exploit its vulnerabilities.
This enables attackers to distribute and install malware on victims’ computers that has the ability to take control of servers and machines, even without a special admin access, and steal stored data. The most well-known vulnerabilities are CVE-2021-1675 and CVE-2021-34527, also called PrintNightmare, which were discovered in late June last year.
READ THE STORY: ITweb
Hacking CCTV and using drones as spies are outlawed in crackdown on espionage
FROM THE MEDIA: Hacking CCTV and using drones to photograph restricted sites are to be included in new spying laws. The Government’s new National Security Bill, which was part of the Queen’s Speech and announced in Parliament on Tuesday, will update laws designed prior to the First World War to protect Britain against spies.
The 1911 Official Secrets Act, currently the legislation underpinning Britain’s protection against hostile foreign states, was framed around “enemy plans” and included provision to detain people for sketching or making models of military bases and other sensitive sites.
Under the new legislation, the offence of unauthorized trespass will be expanded to cover such activities as hacking CCTV images or flying drones too close to sensitive sites.
READ THE STORY: Telegraph
Finland's president declares support for joining NATO
FROM THE MEDIA: Finland's president and prime minister announced Thursday their support for an application for NATO membership, setting in motion a process that will culminate in the alliance's ninth enlargement since its founding in 1949.
Finland will more than double the length of NATO's borders with Russia once it is officially admitted into the alliance. Sweden is expected to make an announcement on NATO membership on Sunday. The transformation of Europe's security landscape is a nightmare for Vladimir Putin — but one triggered by his own decision to invade Ukraine.
READ THE STORY: Axios
Cybersecurity expert says 'New Profile Pic' app isn't leaking your personal information to Russians
FROM THE MEDIA: You may have seen your friends on social media use it recently to create a cartoon version of themselves. Some have speculated on if the app has malicious origins. Information was circulating online that the app was created in Russia to harvest Americans' sensitive information. An article by Snopes debunked that theory, saying that's not true. However, apps do collect information from us but it's just a matter of how it's used.
"Most of the apps that we download, especially the ones that are free are harvesting some type of information because nothing is free. Our data is used as a currency in the internet. A lot of the time it's just collecting data about our preferences. Sometimes they'll have ads in these apps, and so you click on the ad and it'll build a little bit of a history about what you're preferences are, that information helps advertisers," said Doug Jacobson, a professor of computer engineering at Iowa State University.
READ THE STORY: KCCI
Russia-Ukraine War: Mahuta condemns cyberattacks, GCSB issues guidance after troll farms targeted
FROM THE MEDIA: Foreign Minister Nanaia Mahuta has condemned Russia for cyberattacks on Ukraine, and the Five Eyes powers have warned the spiteful cyber activity could intensify. "President Putin's illegal invasion of Ukraine and sponsorship of an ongoing campaign of disinformation and malicious cyber activity against Ukraine is unacceptable," Mahuta said today.
The European Union and New Zealand's Five Eyes partners have blamed Russia for deploying destructive malware on Ukrainian government and private sector networks. The Western countries said Russia was behind distributed denial-of-service (DDOS) attacks which disabled some Ukrainian banking systems.
READ THE STORY: NZHerald
Russia use Appliance Parts for its Weapons Says Ukraine—US Sanctions Prevent Access to Proper Tech
FROM THE MEDIA: Russia is reportedly now using appliance parts from the many homes in the country to build its weapons and supply its need to create many of its tools against Ukraine. The report came from Ukrainian officials closely monitoring its neighbor country amidst the conflict that both companies play a role in now.
The move by Russia is a result of the United States' sanctions that prevent it from accessing proper technology to build its weapons and needs for this global issue. According to a report by The Washington Post, Ukraine claims that Russia's latest venture is to create weapons out of salvaged appliance parts that the latter country use for its many needs. These weapons are then used against Ukraine and towards Russia's advancements in this conflict, as they ran out of resources long ago.
READ THE STORY: Techtimes
Pro-Russia hackers target Italian official websites
FROM THE MEDIA: The defense ministry’s website was “under maintenance” and the senate’s was inaccessible before both were back up and running hours after the attack. Italian daily Corriere della Sera said the pro-Kremlin group “Killnet” claimed the cyberattack, which had reportedly not compromised infrastructure but hindered access to several websites including the National Institute of Health.
The hack was a DDoS (Distributed Denial of Service) attack, which involves flooding a site with so many simultaneous access requests its servers become overloaded and the site becomes temporarily unusable, according to news agency Ansa.
READ THE STORY: The Local
Beware of state actors stepping up attacks on managed service providers: Cyber agencies
FROM THE MEDIA: The agencies responsible for cybersecurity from the United States, United Kingdom, Australia, and Canada have issued a second alert this week, stating that attacks on managed service providers (MSP) are expected to increase.
The advisory states that if an attacker is able to compromise a service provider, then ransomware or espionage activity could be conducted throughout a provider's infrastructure, and attack its customers.
"Whether the customer's network environment is on premises or externally hosted, threat actors can use a vulnerable MSP as an initial access vector to multiple victim networks, with globally cascading effects," the nations advised.
"NCSC-UK, ACSC, CCCS, CISA, NSA, and FBI expect malicious cyber actors -- including state-sponsored advanced persistent threat groups -- to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships."
READ THE STORY: ZDnet
Ukraine war a sorting hat for cyber-governance loyalties: Black Hat founder Jeff Moss
FROM THE MEDIA: The war in Ukraine, and the Declaration for the Future of the Internet signed by 60 nations in late April, should be understood in the context of a global effort to recruit the nations of the world into blocs with different attitudes to internet governance.
That's the opinion of Jeff Moss, founder of the Black Hat and DEF CON security conferences, who has also served as chief security officer at ICANN, is a member of the Council on Foreign Relations, and was asked to serve on the Obama administration's Homeland Security Advisory Council.
Speaking at the Black Hat Asia conference in Singapore today, Moss said the world is currently divided into three "teams" of nations with different approaches to internet governance.
READ THE STORY: The Register
Can Russia really disconnect from the rest of the digital world
FROM THE MEDIA: On a spring day in 1984, a shocking message came across Usenet, a messaging service that acted as the town square for the nascent internet: “well, today, 840401, this is at last the Socialist Union of Soviet Republics joining the Usenet network and saying hallo to everybody.” The author proposed a discussion with the US and Europe about “peaceful co-existence” between the Cold War rivals and encouraged a toast with vodka. It was signed by Soviet leader Konstantin Chernenko and originated from a machine named “moskvax,” implying a Digital Equipment VAX minicomputer—a powerful machine used by many US universities as their gateway to the internet—located in Moscow. That the Soviet Union would connect to the internet at the height of the Cold War, when information from the western world was smuggled in as samizdat, seemed impossible. That the United States, which had financed the computing network, would permit a Russian connection, seemed even less likely.
READ THE STORY: Prospect Magazine
Capabilities of Starlink Satellites Alarm China’s Military
FROM THE MEDIA: China Military Online said Wednesday that the international community should be on high alert on the matter of SpaceX’s planning to increase the constellation of Starlink internet satellites from 12 000 to 42 000.
The Chinese news site affiliated with the Central Military Commission, the PRC’s top national defense organ, said, “in addition to supporting communication, Starlink, as experts [have] estimated, could also interact with UAVs and, using big data and facial recognition technology might have already played a part in Ukraine’s military operations against Russia,” referring to the SpaceX’s intentions to use Starlink for providing high-speed internet services to Ukraine amid Kiev's conflict with Russia and the Donbass.
READ THE STORY: TeleSUR
It's time to kick China off social media, says tech governance expert
FROM THE MEDIA: The time has come to remove Chinese voices from global social media, according to Samir Saran, president of Delhi-based think tank Observer Research Foundation (ORF), a commissioner of The Global Commission on the Stability of Cyberspace, and a member of Microsoft's Digital Peace Now Initiative.
Speaking at the Black Hat Asia conference, Saran said China's Communist Party sees tech as a means of exerting control and uses social media to deliberately interfere in the affairs of other nations.
But China denies voices from other nations the ability to access its digital public square – while also preventing its own citizens venturing into spaces inhabited by those of other countries.
READ THE STORY: The Register
APT gang 'Sidewinder' goes on two-year attack spree across Asia
FROM THE MEDIA: The advanced persistent threat gang known as SideWinder has gone on an attack spree in the last two years, conducting almost 1,000 raids and deploying increasingly sophisticated attack methods.
Noushin Shaba, a senior security researcher on Kaspersky's global research and analysis team, today told the Black Hat Asia conference that SideWinder mostly targets military and law enforcement agencies in Pakistan, Bangladesh and other South Asian nations. The gang has previously been associated with Indian actors, but Shaba said previous indicators that led to that attribution have disappeared – she was not confident tying the group to any nation.
READ THE STORY: The Register
Nvidia open-sources Linux kernel GPU modules. Repeat, open-source GPU modules
FROM THE MEDIA: Nvidia on Wednesday published the R515 driver release of its Linux GPU kernel modules under an open source, dual GPL/MIT license.
The chip biz has made the source code available via the Nvidia Open GPU Kernel Modules repo on GitHub, a move that suggests the need to respond to AMD's long-standing open-source driver initiative.
"This release is a significant step toward improving the experience of using Nvidia GPUs in Linux, for tighter integration with the OS and for developers to debug, integrate, and contribute back," claimed Ram Cherukuri, senior product manager, Shirish Baskaran, senior system software manager, Andy Ritger, Linux OpenGL driver engineer, and Fred Oh, senior product marketing manager, in a blog post. "For Linux distribution providers, the open-source modules increase ease of use."
READ THE STORY: The Register
Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia
FROM THE MEDIA: An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021.
Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the Bitter APT based on overlaps in the command-and-control (C2) infrastructure with that of prior campaigns mounted by the same actor.
"Bangladesh fits the profile we have defined for this threat actor, previously targeting Southeast Asian countries including China, Pakistan, and Saudi Arabia," Vitor Ventura, lead security researcher at Cisco Talos for EMEA and Asia, told The Hacker News.
READ THE STORY: THN
BMW looks to quantum computers to speed R&D
FROM THE MEDIA: BMW has become the latest company to give quantum an early chance, with the goal of shrinking development cycles beyond traditional means.
Quantum computing systems and software startup Pasqal announced that it is partnering with the German automaker, which will use the French biz's proprietary differential-equation-solving algorithm to test quantum computing's applicability to metal-forming modeling.
BMW is experimenting with Pasqal's systems to reduce time spent building and testing physical models of metal components, which often have to be minutely tweaked after testing to achieve the results designers and engineers want.
READ THE STORY: The Register
Europe proposes tackling child abuse by killing privacy, strong encryption
FROM THE MEDIA: Proposed Europe regulations that purport to curb child abuse by imposing mass surveillance would be a "disaster" for digital privacy and strong encryption, say cybersecurity experts.
A number of options have been put forward for lawmakers to mull that aim to encourage or ensure online service providers and messaging apps tackle the "detection, removal, and reporting of previously-known and new child sexual abuse material and grooming."
These options range from voluntary detection and reporting of child sexual abuse material (CSAM) and grooming, to legally mandating that service providers find and report such material using whatever detection technology they wish — essentially scanning all private communications and, if necessary, breaking end-to-end (E2E) encryption for everyone.
READ THE STORY: The Register
Items of interest
'Israel must wage all-out cyber campaign against Hamas'
FROM THE MEDIA: In recent weeks, the Israeli defense establishment has detected an unmistakable spike in Hamas's online efforts to ignite terrorism and unrest, particularly on social-media networks. This is part of the strategy by Hamas's leader in the Gaza Strip, Yahya Sinwar, to destabilize the West Bank and Jerusalem and inflict Israeli casualties while weakening his domestic rival, the Palestinian Authority—all without risking Hamas's home turf of Gaza.
Ely Karmon, a senior research scholar at the International Institute for Counter-Terrorism (ICT) in Herzliya, told JNS that the time had come for an all-out offensive cyber campaign to disrupt and remove incitement to hatred and violence on Arabic social-media networks.
"The state has been doing almost nothing offensively on this front and has been waiting for the platforms, like Facebook, to act. The state should not wait; it should take this material down itself," said Karmon.
In the information campaign sphere, he said, Israel has made a lackluster effort to deflate false Hamas claims that the Al-Aqsa mosque is in danger. "No one is showing footage from inside the mosque on how rioters prepare to attack security forces and what they're entering the mosque with. No one is showing what the Waqf (the Jordanian Islamic trust in charge of the Temple Mount site) is telling worshippers. It is time for this material to come out," Karmon said.
He proposed that the Strategic Affairs and Public Diplomacy Ministry take on this project in a focused manner.
On the military front, Karmon said that if Israel did opt for targeted assassinations of Hamas leaders, then it would also have no choice to but launch a significant military offensive designed to target and eliminate Hamas's leadership.
"The timing is critical because if this government falls before making this decision, a transitional government will take over and then a new government will have to be formed, and the window of opportunity for ordering preparations for such a maneuver will be gone," he noted.
READ THE STORY: Israel Hayom
Cyber Security Expert Speaks on Changes to Google Search (Video)
FROM THE MEDIA: Google is making a change that’ll make it easier to restrict personal information from online searches. NBC10 Respond’s Tracy Davidson spoke with both a cyber security expert and a public liaison for Google Search about the change and how it could protect internet users.
Security Breach Ep. 13: Cyber Hygiene and Putin's Army of Criminal Hackers (Video)
FROM THE MEDIA: The rise in ransomware attacks throughout the industrial sector has led to a surge in another, related activity – the purchasing of cyber insurance to help soften the blow of these attacks. But today’s guest emphasizes that beyond just insurance to cover the costs of these intrusions, the manufacturing sector needs to implement more proactive strategies that encompass prevention and recovery. I’m pleased to welcome Allen Jenkins, VP of Cybersecurity Consulting at InterVision to this episode of Security Breach. InterVision is a leading provider of services focused on enterprise network security.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com