Monday, May 23, 2022 // (IG): BB //Weekly Sponsor: UNDERWORLD BJJ
Anonymous declares war on pro-Russian hacker group Killnet
FROM THE MEDIA: The Anonymous collective has made a powerful statement on social media. The hackers have officially launched a cyber war against the pro-Russian group Killnet, which recently attacked European institutions.
Just weeks after anonymous hackers officially declared war on Russia to support Ukraine, the collective is now attacking another group of hackers, Killnet. On Twitter, the @YourAnonOne account announced that: the Anonymous group was now officially in cyberwarfare against the pro-Russian hackers Killnet† Killnet had been talking a lot about him after the group a few days ago attacked the websites of the Italian Parliament, the military, and the National Institute of Health† The attack also hit the Automobile Club d’Italia and several other Italian institutions. Other Russian hackers also posed as diplomats to hack into embassies.
READ THE STORY: Research Snipers
Global Food Supply Chain Threatened By Hackers
FROM THE MEDIA: As reported by BBC News, modern “smart” farm machinery is vulnerable to malicious hackers, leaving global supply chains exposed to risk, experts are warning. It is feared hackers could exploit flaws in agricultural hardware used to plant and harvest crops. Agricultural manufacturing giant John Deere says it is now working to fix any weak spots in its software. A recent University of Cambridge report said automatic crop sprayers, drones and robotic harvesters could be hacked. The UK government and the FBI have warned that the threat of cyber-attacks is growing.
READ THE STORY: Information Security Buzz
Apple users alert! Device could be hacked if not updated, claims CERT-In advisory
FROM THE MEDIA: Apple devices are considered to be the most secure when it comes to hacking. However, recent research has unveiled two serious vulnerabilities in Apple Watch, TV and Mac that can help hackers to take control of your devices. These vulnerabilities could let hackers use you device for nefarious purposes.
Otherwise regarded as status symbols, Apple devices have brought in a huge boom in the technology market as Indian buyers have become increasingly conscious about their buying choices. The rising demand for smartwatch has hiked sales of Apple watches.
READ THE STORY: DNA India
Hack Another ELF on The Stack
FROM THE MEDIA: [dropbear] recently found herself in a pickle. Dumping some data out of an Android app at a specific point for reverse engineering purposes. While it worked great in the simulator, it was painfully slow on hardware via lldb. The solution was to write a patch and apply it to the ELF file.
Writing the AArch64 assembly to dump the buffer is relatively trivial, but adding it to the existing ELF and repackaging it into a new APK leads to strange errors. The relative offsets into .rodata
are now all wrong. For those who don’t routinely interface with the format of ELF files, we have a fantastic resource to take you into the dark depths. But the quick summary version is that sections contain various resources, and you find parts of those resources by relative offsets. The program header describes what type of resources each section contains.
READ THE STORY: HackaDay
Targeted phishing scam nets $438K in crypto and NFTs from hacked Beeple account
FROM THE MEDIA: Digital artist and popular nonfungible token (NFT) creator Mike Winkelmann, more commonly known as Beeple, had his Twitter account hacked on Sunday as part of a phishing scam. Harry Denley, security analyst of MetaMask, alerted users that Beeple’s tweets at the time containing a link to a raffle of a Louis Vuitton NFT collaboration were, in fact, a phishing scam that would drain the crypto out of users’ wallets if clicked.
The scammers were likely looking to capitalize on a real recent collaboration between Beeple and Louis Vuitton. Earlier in May, Beeple designed 30 NFTs for the luxury fashion brand’s Louis The Game mobile game, which were embedded as rewards to players.
READ THE STORY: Cointelegraph
Major Cyber Organizations of the Russian Intelligence Services
FROM THE MEDIA: If you have followed any of the Russian cybersecurity hacks over the last many years you know that we have become adept at identifying which organization instigated the hack—down to the individual.
The Department of Homeland Security has put together this PowerPoint that gives you the background on each of the various elements of the Russian government and what their cyber interests are.
I highly recommend you review this to become more familiarized with the who's who in the cyber-zoo: Major Cyber Organizations of the Russian Intelligence Services
READ THE STORY: Govtech
Ukraine war highlights 'vulnerability' of UK food security
FROM THE MEDIA: The union has called for political priorities to change as it fears the UK could be 'sleepwalking into a disaster' on maintaining food supply. Farmers 'need confidence' from government to continue producing high-quality and affordable food, the UFU said, as skyrocketing input costs show no signs of easing. Producers across the country are struggling to manage unprecedented inflationary costs, with input prices for diesel, electricity, steel and concrete having doubled.
Fertilizers, along with agricultural chemicals, have also tripled in price over the same time period. UFU president David Brown warned that the UK's food security would 'take a massive hit' if government, and retailers, do not step in to ease the pressure.
READ THE STORY: Farming UK
Google’s Threat Analysis Group reveals how commercial spyware was used to hack into Android
FROM THE MEDIA: Google’s Threat Analysis Group (TAG) has discovered three zero-day malware government-backed campaigns that used the Predator spyware suite developed by commercial surveillance firm Cytrox. The hacking group took advantage of five previously unknown Android vulnerabilities and some vulnerabilities that were known but not patched by the victims. The attacks were similar to those conducted using the infamous Pegasus software from NSO.
A zero-day is an unidentified vulnerability in a system that is not known to the developers who created the software. A zero-day attack is when hackers take advantage of such vulnerabilities to gain unauthorised access to a system. Google’s Project Zero researchers had earlier reported on a sharp uptick in the discovery of such exploits in 2021.
READ THE STORY: Indian Express
Printers may be the most overlooked security risk in your office
FROM THE MEDIA: We live in a digital age, and printing is still a vital part of every business. Hard copies of information are still prominent, but finding a way to maintain printing access without risking your security can be challenging. Managed print services (MPS) are a great way to address this issue and implement modern solutions to secure your business.
Digital security is critical for every business. Even if you understand the dangers, it’s easy to overlook the risks of any network. Printers are arguably the most overlooked item of all.
READ THE STORY: Biz Journals
Chinese "Twisted Panda" Hackers Caught Spying on Russian Defense Institutes
FROM THE MEDIA: At least two research institutes located in Russia and a third likely target in Belarus have been at the receiving end of an espionage attack by a Chinese nation-state advanced persistent threat (APT).
The attacks, codenamed "Twisted Panda," come in the backdrop of Russia's military invasion of Ukraine, prompting a wide range of threat actors to swiftly adapt their campaigns on the ongoing conflict to distribute malware and stage opportunistic attacks.
READ THE STORY: THN
South Africa's cyberspace is under attack by China-linked group that targets job hunters
FROM THE MEDIA: South Africa's cyberspace has seen an increasing number of attacks linked to a China-based threat actor known as Mustang Panda that's targeting telecommunications and banks, sometimes through false recruitment sites.
Attacks on South Africa's vulnerable cyberspace are increasing. Data gathered by cybersecurity company Trellix shows a sustained surge in threats during the first quarter of 2022, which is not entirely unusual considering the holiday-associated lull in December and January.
READ THE STORY: Business Insider // ITNEWS
BT trials a new quantum radio to boost next-generation 5G & IoT networks
FROM THE MEDIA: Atomic Radio Frequency (RF) receiver technology represents a revolutionary new way of detecting radio waves that could find much weaker signals than conventional receivers, BT https://www.bt.com/about stated.
The receiver works by using a quantum effect called “electromagnetically induced transparency” to form a highly sensitive electric field detector. BT said its trial represents the first time a digitally-encoded message has been received on a 3.6GHz (5G) carrier frequency. Previously, simple audio has been received using much higher frequencies but this trial is the first industrial demonstration using digital modulation within a main commercial 5G frequency range.
READ THE STORY: IT Wire
Elon Musk deep fakes promote new cryptocurrency scam
FROM THE MEDIA: Cryptocurrency scammers are using deep fake videos of Elon Musk and other prominent cryptocurrency advocates to promote a BitVex trading platform scam that steals deposited currency.
This fake BitVex cryptocurrency trading platform claims to be owned by Elon Musk, who created the site to allow everyone to earn up to 30% returns on their crypto deposits. This scam campaign started earlier this month with threat actors creating or hacking existing YouTube accounts to host deep fake videos of Elon Musk, Cathie Wood, Brad Garlinghouse, Michael Saylor, and Charles Hoskinson.
READ THE STORY: Bleeping Computer
Conti Ransomware Shuts Down Operation, Rebrands Into Smaller Units
FROM THE MEDIA: It has been reported that the notorious Conti ransomware gang has officially shut down its operation, with infrastructure taken offline and team leaders told that the brand is no more. This news comes from Advanced Intel’s Yelisey Boguslavskiy, who tweeted this afternoon that the gang’s internal infrastructure was turned off. While public-facing ‘Conti News’ data leak and the ransom negotiation sites are still online, Boguslavskiy told BleepingComputer that the Tor admin panels used by members to perform negotiations and publish “news” on their data leak site are now offline.
READ THE STORY: Information Security Buzz
Cyberattacks Give Food Security a Bad Taste
FROM THE MEDIA: IoT and digital technologies are vital for the future of agriculture and food production, yet they could also be a risk as a vector for digital havoc.
A BI Intelligence survey expects that the adoption of IoT devices in the agriculture industry will reach 75 million in 2020, growing 20% annually. At the same time, the global smart agriculture market size is expected to triple by 2025, reaching USD15.3 billion from just over USD5 billion in 2016.
In Australia, the National Farmers Federation has a goal for the nation’s agriculture industry to be worth AUD100 billion by 2030. Still, to get there, the industry will need to implement the digital tools of smart farming as widely as possible.
READ THE STORY: CDO Trends
International experts forecast food cyber risks for ag-tech
FROM THE MEDIA: Flinders University has highlighted cybersecurity risks in using smart ag-tech in partnership with King Abdulaziz University in Saudi Arabia, and Aix-Marseille University in France, conducted via complex IT and math modelling. Smart sensors and systems are used to monitor crops, plants, the environment, water, soil moisture, and diseases,” King Abdulaziz University lead author Professor Abel Alahmadi said.
“The transformation to digital agriculture would improve the quality and quantity of food for the ever-increasing human population, which is forecast to reach 10.9 billion by 2100.” This progress in production, genetic modification for drought-resistant crops, and other technologies is prone to cyber-attack – particularly if the ag-tech sector doesn’t take adequate precautions like other corporate or defence sectors, researchers warn.
READ THE STORY: FoodMag
Russia keeps getting hacked
FROM THE MEDIA: A nation that has famously been on the offensive when it comes to cyber attacks — is now facing its own barrage of hacks as multiple sanctions hit the country from the West. In a meeting with the Russian Security Council on Friday, Russian President Vladimir Putin said the number of cyber attacks by foreign "state structures" had increased several times over, Reuters reported.
Putin said the challenges came on the heels of Western suppliers having "unilaterally stopped technical support of their equipment in Russia" in response to Russia's invasion of Ukraine. Since then, there have been data leaks abound, from Russia's second-biggest bank to e-commerce sites, Reuters reported.
READ THE STORY: Mashable
India Can Turn To Her Past For Her Quantum Computing Charge
FROM THE MEDIA: What’s the undeniable link between modern-day quantum computing, Srinivasa Ramanujan’s mathematical brilliance, and Vedic scholar Vatsyayana?
On the face of it, there is none. But the common thread that ties all of these together is coding and decoding, encryption and decryption, which enables data transfer on the information highway, safe and sound, and at lightning speed.
READ THE STORY: Swarajyamag
South Korean and US presidents gang up on North Korea's cyber-offensives
FROM THE MEDIA: US president Biden and South Korea's new president Yoon Suk Yeol have pledged further co-operation in many technologies, including joint efforts to combat North Korea.
While the US agreed to deploy physical weapons and hold military drills if necessary to defend the South against the North, the pair together vowed to "significantly expand cooperation to confront a range of cyber threats from the DPRK, including but not limited to, state-sponsored cyber-attacks."
READ THE STORY: The Register
XorDdos – Powerful DDoS Malware Attack Linux Devices
FROM THE MEDIA: Over the past six months, a stealthy and modular Linux malware called XorDdos has witnessed a significant rise of 254% increase in its activity. While communicating with C2 servers this stealthy malware use XOR-based encryption and not only that even it is employed by the threat actors on the compromised devices to launch DDoS attacks.
That’s why this stealthy and modular Linux malware is known as “XorDdos,” and apparently, the malware has been active since at least 2014, but it is not known when it was first discovered.
READ THE STORY: CyberSecurityNews
Items of interest
Online Fraud is On the Rise, Are Bad Bots to Blame?
FROM THE MEDIA: Automation has made a lot of things easier because of the fact that this is the sort of thing that could potentially end up putting them in the hands of AI that has no problem with rote tasks, but it has also benefited malicious actors. These threat actors frequently use bad bots to conduct their cyber attacks, and the truly shocking thing is that well over a quarter of all internet traffic in 2021, or 27.7% to be precise, is comprised of these bad bots, as per the data compiled by Imperva.
With all of that having been said and now out of the way, it is important to note that this represents a startling increase from 2020, where only 25.6% of all internet traffic was composed of these bots. About 65.6% of these bad bots are called evasive bots, which means they use a veritable bag of tricks to stay hidden with all things having been considered and taken into account.
READ THE STORY: Digital Information World
Talking Cyber Security with The XSS Rat (Video)
FROM THE MEDIA: Talking Cyber Security with The XSS RatHacking Back Scammers
Cyber crime - you need to know || Part -1 || Tech Cookie (Video)
FROM THE MEDIA: This video is all about letting you about the cyber crimes happening in the world right now so that you can protect yourself.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com