Sunday, May 22, 2022 // (IG): BB //Weekly Sponsor: UNDERWORLD BJJ
DOES THE TALIBAN POSE A CYBER-THREAT?
FROM THE MEDIA: The rapid advancement in cyber capabilities and greater dependence on cyberspace has not only changed the landscape of modern wars but also introduced a new dimension of threats, especially in cyberspace. Seemingly harmless data in the wrong hands can become a potential cyber threat in today’s world. The chaotic withdrawal of the United States from Afghanistan and the Taliban takeover of Kabul in August 2021 has opened new avenues of cyber vulnerabilities for the United States as well as Afghanistan.
While the Taliban has struggled to shift from an insurgent group to a functional government, it might not pose an instant cyber threat to the United States. However, indirect cyber threats may soon emanate from countries that are ready to take the advantage of the hasty withdrawal. For this reason, cybersecurity experts have warned the U.S. govt. of vulnerabilities in biometric devices, aircraft, weaponry, and other sensitive information that has been left behind after the US withdrawal. There are multiple parts to the question of whether the Taliban poses a threat to the U.S., including whether weapons, aircraft, and other information were shared by the Taliban with countries such as Iran and China.
READ THE STORY: Tribune
Russia's dreaded cyberwarriors seem to be struggling in Ukraine
FROM THE MEDIA: One day after Russian tanks broke through Ukrainian border posts on February 24, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a rare "Shields Up" alert warning that "every organization — large and small — must be prepared to respond to disruptive cyber activity." The expectation was that Russia would attack not only Ukraine but also Ukraine's western allies. For some reason, that hasn't really happened in a big way.
"We haven't seen anything that we can directly attribute to Russia turning its sights to Canada," Sami Khoury, head of the Canadian Centre for Cyber Security, told CBC News. "There's been probably spillover effects in some cases, but we haven't seen anything that is directly targeted at the Canadian infrastructure or Canadian ecosystem."
READ THE STORY: CBC
New Google Gmail Vulnerability is Capable of Hacking Credentials Upon Signing Up
FROM THE MEDIA: According to a report by Forbes, Youssef Sammouda, a security researcher, said that the exploit lies in the authentication code of Google's free email service. Interestingly, the flaw is connected to Facebook. As such, accounts linked that are used when signing up for Gmail could be affected by this security problem. Sammouda added that the Google OAuth redirects are connected to FB's logout. Additionally, it's also linked to the sandbox systems.
For those unfamiliar with Google OAuth, it's a shortcut term for "Open Authorization" which several tech giants like Microsoft and Amazon have been implementing for the users.
READ THE STORY: TechTimes
WordPress theme Jupiter patches critical privilege escalation flaw
FROM THE MEDIA: A critical vulnerability present among 90,000-plus active installations of the Jupiter WordPress theme allows for the takeover of target websites.
Although attackers must be authenticated to exploit the privilege escalation flaw, which has a CVSS score of 9.9, they only need to do so as a subscriber or customer. For websites that allow users to self-register, this offers little protection against potential attacks.
The bug, along with another, high severity vulnerability and a trio of medium severity flaws, has been patched by the theme’s developer, ArtBees, according to a blog post published on Wednesday (May 18) by Wordfence.
READ THE STORY: Cyber Reports
Google Chat Is Warning Users About Suspicious Links
FROM THE MEDIA: Google Chat has been updated to warn users before they click on suspicious links. The company says(Opens in a new window) that users will "see banners warning against potential phishing and malware messages coming from users with personal Google Accounts" moving forward. (It's not clear if links from hackers using professional accounts will be subject to the same level of scrutiny.)
Google says the feature will "help protect users against malicious actors, keeping data safe," and notes that similar banners have been displayed to Gmail and Google Drive users for a while. Now malicious links shared via the more casual Google Chat will also be flagged.
READ THE STORY: PCMAG
Expert Shows Access Vulnerability In Tesla And Other Electric Vehicles
FROM THE MEDIA: Electric cars, and more especially Tesla (which is actually a sort of "high-tech computer on wheels"), have implemented certain methods for opening, starting and exiting the vehicle, with which they dispense with the traditional key or remote control. Tesla basically transformed the key into a sort of access and unlocking card for the EV itself; however, a cybersecurity specialist has shown how these same technology features will make it easier for malicious hackers to potentially get full control of one of these electric vehicles.
It is Sultan Qasim Khan, a specialist and principal security consultant at NCC Group, who publicly demonstrated how easy it can be for a malicious hacker to access an EV model, start it and even drive without the need to have an original access card, which Tesla normally uses. The mechanism used by Tesla is allegedly the easiest to imitate and hack, according to him; however, he clearly states that other brands and models could also be vulnerable.
READ THE STORY: Torquenews
The DOJ’s new stance on hackers
FROM THE MEDIA: The U.S. Justice Department announced Thursday it will not bring charges under federal hacking laws against security researchers and hackers who act in good faith.
The policy for the first time “directs that good-faith security research should not be charged” under the Computer Fraud and Abuse Act (CFAA), a seismic shift away from its previous policy that allowed prosecutors to bring federal charges against hackers who find security flaws for the purpose of helping to secure exposed or vulnerable systems.
READ THE STORY: TechCrunch
National Cyber Director’s Vision for the Future Flags Overdue National Plan
FROM THE MEDIA: National Cyber Director Chris Inglis drew attention on Friday to the continued absence of a national cybersecurity strategy—something the Government Accountability Office expects his office to deliver—while envisioning collaboration across sectors of industry that may have independently managed risks in the past, but are now increasingly dependent on each other.
“I thought I might give voice to what is the sense of an emerging strategy,” Inglis said. “This isn’t the US strategy, but it is a sense of the emerging strategy that I would, in part, observe, in part kind of use as my mantra of what we need to do going forward that addresses not just ransomware but more broadly addresses kind of the causes underneath that give rise to that phenomenon and so many others.”
READ THE STORY: Cyber Reports
VR SPECTRUM ANALYZER
FROM THE MEDIA: At one point or another, we’ve probably all wished we had a VR headset that would allow us to fly around our designs. While not quite the same, thing, [manahiyo831] has something that might even be better: a VR spectrum analyzer. You can get an idea of what it looks like in the video below, although that is actually from an earlier version.
The video shows a remote PC using an RTL dongle to pick up signals. The newer version runs on the Quest 2 headset, so you can simply attach the dongle to the headset. Sure, you’d look like a space cadet with this on, but — honestly — if you are willing to be seen in the headset, it isn’t that much more hardware.
What we’d really like to see, though, is a directional antenna so you could see the signals in the direction you were looking. Now that would be something. As it is, this is undeniably cool, but we aren’t sure what its real utility is.
READ THE STORY: Hackaday
Firefox Browser Hacked In 8 Seconds Using 2 Critical Security Flaws
FROM THE MEDIA: With Windows 11, Microsoft Teams, Ubuntu Desktop, and the Tesla Model 3 all falling victim to hackers in one week, you might be forgiven for not noticing that Mozilla Firefox was also hacked. In just eight seconds using two critical security vulnerabilities.
The hacker in question was the supremely talented Manfred Paul who pulled off the lightning-fast double exploit using two critical vulnerabilities at the PWN2OWN Vancouver, 2022, event that came to an end on Friday, May 20.
Manfred Paul was the fourth on stage during the opening session of PWWN2OWN on Wednesday, May 18. His incredibly quick, double-headed, zero-day hack earned him a total of $100,000 in bounty money from the event organizers. Later the same day, he went on to win another $50,000 for a successful zero-day exploit on the Apple Safari browser.
READ THE STORY: Forbes
Malicious PyPI package opens backdoors on Windows, Linux, and Macs
FROM THE MEDIA: Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems. PyPI is a repository of open-source packages that developers can use to share their work or benefit from the work of others, downloading the functional libraries required for their projects. Threat actors uploaded a malicious package named 'pymafka' onto PyPI. The name is very similar to PyKafka, a widely used Apache Kafka client that counts over four million downloads on the PyPI registry.
READ THE STORY: BleepingComputer
Still crying? WannaCry five years on
FROM THE MEDIA: Some anniversaries are designed to send shivers down the spine, and world of Information Technology is no exception. May 2022 marks five 5 years since the worldwide WannaCry ransomware cryptoworm targeted Microsoft operating systems.
The malicious code took effect by encrypting data and demanding ransom payments in Bitcoin. It is most likely that the origin of the attack was from within North Korea. WannaCry was ultimately undone by one self-taught security researcher identifying a single ‘quick trick’ to disable WannaCry’s most destructive features. However, ransomware has since become more sophisticated.
READ THE STORY: DigitalJournal
National bank hit by ransomware trolls hackers instead of paying ransom
FROM THE MEDIA: The Bank of Zambia suffered a ransomware attack by the Hive operation on Monday, May 9. Clearly, it established that they were not going to pay the ransom asked by the hackers. They did so by a posting a rather graphic image depicting the male genitalia, with a comment under it. The country’s central bank, Bank of Zambia revealed last week that recent technical outages were a result of a cyberattack.
READ THE STORY: TechStory
Ransomware attack exposed data of half-million Chicago students, staff
FROM THE MEDIA: The personal information of more than half a million Chicago Public Schools students and staff was compromised in a ransomware attack last December, but the vendor didn't report it to the district until last month, officials said.
The data breach occurred December 1 and technology vendor Battelle for Kids notified CPS April on 26, the district said Friday.
A server used to store student and staff information was breached and four years' worth of records were accessed, CPS said.
In total, 495,448 student and 56,138 employee records were accessed from 2015-16 through 2018-2019 school years, CPS said.
READ THE STORY: Business Standard
Cytrox’s Spyware Attack Android Users with Zero-Day Exploits
FROM THE MEDIA: An analysis carried out by the TAG on Thursday released a list of five zero-day vulnerabilities exploited by Cytrox, a North Macedonian spyware developer. Four of these five zero-day vulnerabilities were found in Chrome and one in Android. These zero-day vulnerabilities are targeting Android users.
As a rule of thumb, all three campaigns began with a spear-phishing email with fake URL shortener services mimicked in a one-time link the users would be needed to click on. The rogue URLs attack the targets by redirecting them to a rogue domain that drops the exploits before directing them to an authentic site where the exploits will be applied. The researchers assessed that the ultimate goal of the operation was to have malicious software dubbed “ALIEN” distributed on infected Android devices, a prelude to when Predator is loaded.
In addition to recording audio, adding CA certificates, and hiding apps to evade detection, this “simple” malware runs on a system running Predator over an IPC mechanism.
READ THE STORY: Cyber Security News
Expanding SEC’s Crypto Assets and Cyber Unit Is Essential
FROM THE MEDIA: Industry needs investors to have faith in the market
SEC will be better equipped to police wrongdoing in the crypto markets
The SEC as of late reported that it was multiplying the size of its unit which manages digital money resources. It intends to expand the impression of the unit to arrive at 50 specialists. The unit was first sent off in 2017 and from that point forward, has presented more than 80 implementation activities, for the most part connected with extortion and unregistered contributions.
It has brought about money related alleviation of more than $2 billion. The focal point of the new positions will be on crypto resource contributions, crypto trades, crypto resource loaning and marking items, DeFi stages, NFTs and stablecoins.
READ THE STORY: The Coin Republic
Why India needs strong cyber security norms to curb misuse of VPNs
FROM THE MEDIA: After concerns were raised over the new cyber-security directives by the Indian Computer Emergency Response Team (CERT-In), industry experts said on Sunday that if the new guidelines are strictly enforced, corporate and enterprise virtual private networks (VPNs) will have to compulsory report several serious offences that will over help end users. The new cyber-security norms mandates reporting of cybersecurity incidents and misuse of VPNs.
After the uproar over the April 28 directives, the CERT-In that comes under the IT Ministry issued an updated document or FAQs, saying that the new directives will only apply to general internet users who use commercially available VPNs.
READ THE STORY: EconomicTimes
India Can Turn To Her Past For Her Quantum Computing Charge
FROM THE MEDIA: What’s the undeniable link between modern-day quantum computing, Srinivasa Ramanujan’s mathematical brilliance, and Vedic scholar Vatsyayana?
On the face of it, there is none. But the common thread that ties all of these together is coding and decoding, encryption and decryption, which enables data transfer on the information highway, safe and sound, and at lightning speed.
Unravelling this deep link may provide a clue to Indian quantum thrust, even as China and the United States (US) battle it out for supremacy, bit by bit, all the way.
At a time when cyber wars and cyber security are the buzzwords, India’s itihasa of protecting information may provide the basis for our policy formulation and has a fighting chance to take on the quantum biggies globally.
READ THE STORY: Swarajyamag
Banning Huawei, ZTE won’t address all 5G security vulnerabilities, experts warn
FROM THE MEDIA: Canada needs to focus much more vigilantly on boosting the defense of its 5G wireless network after banning Huawei and ZTE, experts warn, as the country is far behind in cybersecurity.
Thursday’s announcement that Canada would bar the Chinese telecom giants from the network came with a promise of speedy legislation to protect critical infrastructure from cyber attacks. That legislation must come with regulations and forward-looking actions that the bans do not address, researchers say.
“Just removing Huawei won’t fix everything,” said Christopher Parsons, a cybersecurity researcher at the University of Toronto’s Citizens Lab.
“It will certainly address certain kinds of concerns … but it will not address that broader spectrum of threats that are real or emerging.”
READ THE STORY: Global News
Items of interest
U.S. Violates Its Promises to China; Asserts Authority Over Taiwan
FROM THE MEDIA: As Werner Rügemer headlined on 28 November 2021 and truthfully summarized the relevant history, “Taiwan: US deployment area against mainland China — since 1945”. However, despite that fact, America did officially issue a “Joint Communique” with China recognizing and acknowledging not only that Taiwan is a province of China but that for America or its allies or any other nation to challenge that historical fact would be unethical.
The U.S. regime hides this crucial historical fact, in order to hoodwink its masses of suckers into assuming to the exact contrary — that Taiwan isn’t a Chinese province. Here is how they do this:
The CIA-edited and written Wikipedia, which blacklists (blocks from linking to) sites that aren’t CIA-approved, is the first source for most people who become interested in what is officially known as the Shanghai Communique of 1972, or the 27 February 1972 “JOINT COMMUNIQUE BETWEEN THE UNITED STATES AND CHINA”. That article, avoids presenting the Communique’s 1,921-word text, but instead provides, in its “Document” section, a mere 428-word very selective, and sometimes misleading, summary of some of the document’s less-important statements, and also fails to provide any link to the document itself, which they are hiding from readers.
READ THE STORY: Modern Diplomacy
Ransomware-as-a-Service: demystifying a multi-billion dollar industry (Video)
FROM THE MEDIA: Ransomware has become one of the main keywords in the cyber security world in recent years. While it has been around for more than 20 years, ransomware today has reached a level that by many security professionals is considered an industry of its own. Ransomware operators look very much like a legitime organization with employees on their payroll, suppliers to facilitate their operations, and partners to maximize their profit. They have an HR department to handle recruitment and employee vacations, a Finance department to manage their expenses, and an IT team to set up their infrastructure. Unlike in the movies, these groups consist of tens or hundreds of cyber criminals and are making billions in revenue.
Hacking Back Scammers (Video)
FROM THE MEDIA: The scammer epidemic is ever-present in our connected world and shows no sign of slowing down. Last year in the United States alone, an estimated $29.8 billion USD was lost to scammers, a number that has more than quadrupled since 2015. Scams of all kinds are ubiquitous, and we as student researchers hope to raise awareness about these dangerous (not to mention plain annoying) security threats. Our team is comprised of Arizona State University seniors who, for our graduating capstone project, decided to fight back against this scammer epidemic.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com