Sunday, May 15, 2022 // (IG): BB //Weekly Sponsor: Unsafe Waters
PSA:
This service remains free because of our sponsors - without the funding they give us this would be forced to move to a paid subscription model. Show them some love.
Leaky databases
FROM THE MEDIA: LAST year in April, Pakistani social media was abuzz with complaints by bank customers about having their money stolen via fraudulent and unauthorised internet transactions, money transfers, asset transfers, etc. After days of chatter, the bank concerned released only a short press release in which it maintained that it did not suffer any data breach. The statement appeared to imply that the transactions occurred because customers provided their confidential PINs and other details via phishing attacks and by accepting payment requests from fraudulent sources. The netizens did not agree and the discourse continued.
The large number of victims and their geographical spread, along with the fact that many claimed to never have even activated their internet banking or never receiving OTPs for these transactions, suggests some form of data breach may indeed have occurred. It also indicates that sensitive personal data of many customers somehow went into the wrong hands, allowing attackers to access others’ accounts or use their debit or credit cards for online transactions.
READ THE STORY: Dawn
Microsoft fixes new PetitPotam Windows NTLM Relay attack vector
FROM THE MEDIA: A recent security update for a Windows NTLM Relay Attack has been confirmed to be a previously unfixed vector for the PetitPotam attack.
During the May 2022 Patch Tuesday, Microsoft released a security update for an actively exploited NTLM Relay Attack labeled as a 'Windows LSA Spoofing Vulnerability' and tracked as CVE-2022-26925.
"An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows it."
READ THE STORY: BleepingComputer
NCC alerts Nigerians on new ways hackers unlock, steal vehicles, android apps
FROM THE MEDIA: The Nigerian Communications Commission (NCC) says it wishes to alert telecom consumers and members of the public on an ongoing cyber-vulnerability that allows a nearby hacker to unlock vehicles, start their engines wirelessly and make away with the cars.
It said that the fact that car remotes are categorized short range devices that make use of radio frequency (RF) to lock and unlock cars informed the need for the Commission to alert the general public on this danger, where hackers take advantage to unlock and start a compromised car.
According to the latest advisory released by the Computer Security Incident Response Team (CSIRT), the Cybersecurity Centre for the telecom sector established by the NCC, the vulnerability is a Man-in-the-Middle (MitM) attack or, more specifically, a replay attack, in which an attacker intercepts the RF signals normally sent from a remote key fob to the car, manipulates these signals, and re-sends them later to unlock the car at will.
READ THE STORY: DailyPost
Italy prevents pro-Russian hacker attacks during Eurovision contest
FROM THE MEDIA: Italian police thwarted hacker attacks by pro-Russian groups during the May 10 semi-final and Saturday final of the Eurovision Song Contest in Turin, authorities said on Sunday.
Ukraine's Kalush Orchestra won the contest with their entry "Stefania", riding a wave of public support to claim an emotional victory that was welcomed by the country's president Volodymyr Zelenskiy. read more
During voting and the performances, the police cybersecurity department blocked several cyber attacks on network infrastructure by the "Killnet" hacker group and its affiliate "Legion", police said.
READ THE STORY: Reuters
Putin plot: Finland now vulnerable to Russian ‘attacks’ says former NATO official
FROM THE MEDIA: Rose Gottemoeller, former Deputy Secretary General of NATO, believes Finland’s accession will take “more like 12 months” compared to previous projections that it would only be half a year. She fears Russia will engage in “mischief-making” while Finland remains outside of the alliance, making good on their threats to take “retaliatory steps” to the Nordic country’s declaration of intent to join NATO.
Ms Gottemoeller told LBC: “I was glad to see Boris Johnson step forward this week and provide that transitional kind of guarantee to Sweden and Finland because the process [of joining NATO] can take a long time.
READ THE STORY: Express
Strange Allies: North Korea-Iran Relations
FROM THE MEDIA:Diplomatic relations between North Korea and Iran were established in 1973. The 1970s was a crucial decade for North Korean foreign policy, as having achieved a remarkable level of economic development which made it stand ahead South Korea, Pyongyang began to subdue Seoul by expanding its diplomatic outreach. A major victory soon followed as it got accepted as a member in the Non-Aligned Movement (NAM) in 1975 at the expense of South Korea which had also applied for membership. However, it was soon revealed that the NAM itself was highly divided on the question of Korean Reunification as reflected in its 1976 Summit convened in Colombo. Moreover, in the 1979 NAM summit in Havana, Cuba criticised both the United States and China, adopting a more pro-Soviet stance which North Korea did not wish to support, prompting it to look elsewhere.
READ THE STORY: Modern Diplomacy
Drones seized at UK nuclear bases after a ‘swarm’ and reports of ‘red lights’
FROM THE MEDIA: Drones have been seized by security personnel at nuclear facilities with one report of a ‘swarm’ at a UK installation, newly released files show.
The unmanned aerial systems were either sighted or secured at sites across the country amid concerns over the security threat posed by the technology.
Twenty such reports between 2020 and last year have been released to Metro.co.uk under the Freedom of Information Act. In two instances, the drones landed ‘in the area’ and were secured by personnel.
Multiple other reports were made of the aerial vehicles near facilities or nuclear objects such as reactors, boats and submarines.
READ THE STORY: Metro
Huawei is committed to region’s digital transformation
FROM THE MEDIA: Huawei is committed to supporting governments across the region achieve their digital transformation visions with 5G networks and other advanced technologies as an enabler.
The telecom sector is an enabler for other industries’ sustainable development and growth in light of the evolving 5G landscape and the immense opportunities for enterprises in the 5G era, said Steven Yi, President of Huawei Middle East, in an exclusive group interview with journalists from 10 Middle Eastern countries.
Yi also noted that Huawei, together with carriers and partners, has signed 3,000 5G commercial contracts, and that 5G saw large-scale commercial deployment in many industries, including manufacturing, mining, steel, port, chemical, cement, power grid, and healthcare.
"Middle East countries are leading globally in 5G deployment. As an end-to-end leader in 5G, cloud, AI, devices and chips, Huawei will continue its commitment to help countries in the Middle East achieve their visions with digitization and sustainable development as key drivers,” Yi noted.
READ THE STORY: Zawya
How human traffickers are using the Ukrainian exodus to find their next victims
FROM THE MEDIA: Kateryna Cherepakha and her team run a telephone and online hotline in Ukraine for people impacted by domestic violence, human trafficking and gender-based discrimination. Since the start of the war in Ukraine, the hotline has had five times as many calls for assistance.
Run by La Strada International, a European anti-trafficking NGO platform, Cherepakha, who is the Director of the Ukrainian branch, says they receive calls from desperate voices, some hiding in basements away from the bombing above, others temporarily safe in shelters.
‘One woman got in touch who had been raped by Russian occupants,’ she tells Metro.co.uk. ‘We get messages from people who have lost everything. They are in such difficult conditions. They can be crying, but some struggle to even find the words to say.’
In the midst of their trauma, Ukrainians are trying their best to survive with the little they have left after fleeing,’ she explains. If in a ‘good’ position to flee, Cherepakha says a person will have all of their documents, some money, and a few pieces of clothing. Often however, they have had to flee with what they have on them, making them increasingly vulnerable for exploitation and trafficking to survive.
READ THE STORY: Metro
Future of space cooperation remains uncertain as Russia-Ukraine war drags on
FROM THE MEDIA: The ongoing war between Ukraine and Russia has put the entire world on tenterhooks. Across the planet, supply chains are under tremendous pressure, consumer sentiments have taken a huge hit, and global economic growth remains shrouded by a big cloud. Even the technology segment, which was experiencing immense growth in the past two years, has taken an immense blow. But what about Space – the final frontier for humanity?
As of May 2022, the space relations amongst the countries are on tenterhooks too. Even the International Space Station (ISS), which is floating about 400 kilometres away from the earth’s surface, isn’t immune to the effects of the war and related politics. While the US has committed to partaking in ISS-related missions till 2030, Russia hasn’t expressed any such interests.
READ THE STORY: Financial Express
Ransomware is Indiscriminatory – Prepare for Everything to Fail
FROM THE MEDIA: Ransomware attacks continue to grow in frequency. In the past 12 months, 76% of organizations have been affected by ransomware attacks, constituting a 15% YoY rise according to Veeam’s Data Protection Trends Report 2022. As well as being more common, ransomware is also getting more potent. When businesses are struck by ransomware, they are unable to recover over a third (36%) of the data they lose on average. The threat landscape is as volatile as it has ever been. There are more attacks taking place. They are more diverse. And they can have grave consequences for the companies they affect.
On the other hand, rather than tremble with fear at the awesome power of the cyberattacks waiting to be deployed against them, organizations must focus on what they can control – their defense. Protecting your business against cyber-attacks requires following some fundamental and consistent principles – no matter what is being thrown at you.
READ THE STORY: Security Boulevard
Rogues And Spyware: Pegasus Strikes In Spain
FROM THE MEDIA: Weapons, lacking sentience and moral orientation, are there to be used by all. Once out, these creations can never be rebottled. Effective spyware, that most malicious of surveillance tools, is one such creation, available to entities and governments of all stripes. The targets are standard: dissidents, journalists, legislators, activists, even the odd jurist.
Pegasus spyware, the fiendishly effective creation of Israel’s unscrupulous NSO Group, has become something of a regular in the news cycles on cyber security. Created in 2010, it was the brainchild of three engineers who had cut their teeth working for the cyber outfit Unit 8200 of the Israeli Defense Forces: Niv Carmi, Shalev Hulio and Omri Lavie.
NSO found itself at the vanguard of an Israeli charm offensive, regularly hosting officials from Mossad at its headquarters in Herzliya in the company of delegations from African and Arab countries. Cyber capabilities would be one way of getting into their good books.
The record of the company was such as to pique the interest of the US Department of Commerce, which announced last November that it would be adding NSO Group and another Israeli cyber company Candiru (now renamed Saito Tech) to its entity list “based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.”
READ THE STORY: Eurasia Review
Hired 'Hackers' Try, and Fail, to Invade Brazil Vote System
FROM THE MEDIA: More than 20 would-be hackers gathered in the Brazilian electoral authority’s headquarters in the capital this week. Their mission: infiltrate the nation’s voting system ahead of a hotly anticipated race in October.
Their 3-day battery of attempted assaults ended Friday and was part of planned testing that happens every election year, usually proceeding without incident or, for that matter, drawing any attention. But with President Jair Bolsonaro continuously sowing doubt about the system’s reliability, the test took on an outsized significance as the electoral authority, known as the TSE, seeks to shore up confidence in the upcoming general elections.
Analysts and members of the TSE said the test’s results were more encouraging than ever. All the experts attempting to disrupt the system — among whom were Federal Police agents and university professors in engineering, information technology, data security and computer science — had failed.
READ THE STORY: Security Week
Sysrv botnet Attack Windows, Linux Servers with New Exploits
FROM THE MEDIA: Using vulnerabilities in Web frameworks and WordPress, the Sysrv botnet now targets vulnerable Windows and Linux servers to deploy crypto-mining malware. This new variant (tracked as Sysrv-K) discovered by Microsoft may now scan WordPress and Spring deployments for unpatched code. As part of these newly added capabilities, Sysrv-K searches for WordPress configuration files and their backups in order to discover database credentials, which can then be used to infiltrate web servers.
Security researchers from Alibaba Cloud (Aliyun) had first discovered this malware in February after it was active since December 2020. Besides gaining the attention of researchers from Lacework Labs and Juniper Threat Labs, this malware also crossed the radar screens of security researchers in March.
Sysrv exploits the vulnerabilities in Linux and Windows enterprise servers by infecting them with Monero (XMRig) miners, as well as self-spreading malware.
READ THE STORY: GB Hackers
Conti ransomware gang calls for Costa Rican citizens to revolt if government doesn’t pay
FROM THE MEDIA: Conti is escalating its rhetoric to force Costa Rica to pay a ransom after the nation was breached last month, including calls for potential regime change from its newly elected president to assemble a government more willing to pay.
New President Rodrigo Chaves Robles declared a state of national emergency last week rather than pay an alleged $10 million ransom.
"I appeal to every resident of Costa Rica, go to your government and organize rallies so that they would pay us as soon as possible," Conti wrote on its leaks site in a new update. "[I]f your current government cannot stabilize the situation? maybe it's worth changing it?"
READ THE STORY: SC Magazine
US spy chiefs see China as vanguard of anti-West crusade
FROM THE MEDIA: More and more the United States views Russia’s war on Ukraine as a pivotal episode in a global contest that pits Washington not only against Moscow but against a group of active adversaries – with China at the group’s core.
At a briefing convened by the US Senate’s Armed Services Committee last week, China shared top billing with Russia and the conflict in Ukraine as a talking point. In particular, attention centered on China’s military plans vis-a-vis a possible takeover of Taiwan.
The two top intelligence agency heads – civilian and military – put China atop a list of four countries they viewed as effectively joined in an anti-Western crusade. China was followed by Russia, Iran and North Korea.
READ THE STORY: Asian Times
Which African country has the potential to become the next commercial logistics hub?
FROM THE MEDIA: During the pandemic, many sectors were hit by the virus and one such sector includes the supply chains and logistics activities. However, with the pandemic slowing down, the supply chains and logistics sector is back in Africa. In Africa, particularly West Africa, the logistics markets have been attractive for both domestic and international logistics providers. The factors contributing to this attraction can be attributed to air and ocean carriers, freight forwarders, investors and distributors over the past few years.
There has been a particular improvement in the logistics sector for Ghana has seen an improvement in the ranking of the 2022 Agility Emerging Markets Logistics Index. Ghana has successfully managed to climb eight ranks. Other top countries of Africa which are performing extremely well in the logistics index are Morocco, Egypt, South Africa and Kenya.
READ THE STORY: TechCity
Items of interest
Scarcity of semiconductor supply making JLR cars more desirable’
FROM THE MEDIA: Talks on with suppliers to secure long-term supply agreements to minimise future supply risk, says CEO
Tata Motors-owned Jaguar Land Rover (JLR) may be sitting on a record order bank that covers volumes for two quarters; the company believes the scarcity in chip supply has only made the two British brands more desirable.
JLR is asking customers to wait for six months to one year to get their vehicles delivered as each of its factories continue their struggle to get semiconductors due to a global shortage. The loss of production has even resulted in a loss of market share for JLR, but the company holds that the wait for the car has made the brand even more desirable. The new Range Rover makes up more than a quarter of the overall bookings of JLR while the new Range Rover Sport gets readied to go on sale in Q2.
READ THE STORY: The Hindu Businessline
Eurovision 2022 Final—Russian Hackers Say They Can Stop Ukraine Kalush (Video)
FROM THE MEDIA: The same Russian threat actors that this week targeted Italian parliamentary and military websites and threatened to disrupt U. K. National Health Service (NHS) services, could now have the Eurovision Song Contest 2022 final in their crosshairs. The Killnet threat group has threatened to “send 10 billion requests” to the Eurovision online voting system and “add votes to some other country.”The pro-Kremlin Killnet cybercriminal group boasts of conducting "military cyber exercises" to improve member skills, appears to be mostly involved in reasonably straightforward, if disruptive, Distributed Denial-of-Service (DDoS) attacks.
Cars and Cybersecurity: Good Password Hygiene & Multi-Factor Authentication (Video)
FROM THE MEDIA: It is more important than ever to make sure your computer is secure in today's world. With so much of our lives online, hackers and cybercriminals are constantly looking for new ways to access our personal information. One way to protect yourself is to use multiple layers of security, or "multi-factor authentication." This means using a combination of passwords, PIN numbers, and other security measures to make it more difficult for someone to access your account. Good password hygiene is also essential; avoid using the same password for all of your accounts, and change your passwords regularly. You can help keep your computer safe from potential threats by taking these steps.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com