Monday, June 06, 2022 // (IG): BB //Weekly Sponsor: UNDERWORLD BJJ
Finland’s spy chief surprised at lack of Russian reprisals over NATO bid
FROM THE MEDIA: The head of Finnish intelligence has voiced his surprise that Russian reprisals have not yet followed its NATO application, as he sought to unblock the bid by reassuring Turkey on terrorism. Antti Pelttari, head of Supo, Finland’s security and intelligence service, told the Financial Times that Helsinki remained “vigilant” over the potential for Russian mischief but that its eastern neighbor's resources were tied up in the war in Ukraine. “It has been rather quiet and let’s hope it stays that way,” he said in a rare interview. “It’s a positive thing that nothing has happened. But it’s also a positive thing that we have been prepared and able to protect society.”
READ THE STORY: FT
DuckDuckGo Browser Allows Microsoft Trackers, Stolen Verizon Employee Database, Attacking Powered Off iPhones
FROM THE MEDIA: The DuckDuckGo mobile browser allows Microsoft trackers due to an agreement in their syndicated search content contract, a database of contact details for hundreds of Verizon employees was compromised after an employee was social engineered to give the attacker remote access to their corporate computer, and details about new research that shows that even when an iPhone running iOS 15 is turned off, its really not off and certain wireless features allow the phone to be located and possibly attacked.
READ THE STORY: Security Boulevard
Atlassian Confluence CVE-2022-26134 Vulnerability Proof-of-Concept Exploits Released: Is There a Patch?
FROM THE MEDIA: Confluence is a software collaborative documentation tool created by the company Atlassian. The CVE-2022-26134 vulnerability was discovered by the cybersecurity company Volexity, which alerted Atlassian on May 31. Following the discovery by Volexity that the vulnerability had been used by various threat actors in assaults, malicious actors became aware of it.
Because there was no patch available at the time, Atlassian advised administrators to either take their servers offline or prevent them from being accessible via the internet. If the vulnerability is exploited, it will allow unauthenticated, remote attackers to create new admin accounts, run commands, and eventually seize control of the system.
READ THE STORY: Itechpost
Costa Rican government held up by ransomware … again
FROM THE MEDIA: Last month the notorious Russian ransomware gang Conti threatened to overthrow Costa Rica's government if a ransom wasn't paid. This month, another band of extortionists has attacked the nation.
Fresh off an intrusion by Conti last month, Costa Rica has been attacked by the Hive ransomware gang. According to the AP, Hive hit Costa Rica's Social Security system, and also struck the country's public health agency, which had to shut down its computers on Tuesday to prevent the spread of a malware outbreak.
READ THE STORY: The Register
Motorola Solutions to upgrade Taiwan National Police Agency’s communications network
FROM THE MEDIA: The Taiwan National Police Agency has commissioned telecommunications equipment company Motorola Solutions to upgrade its mission-critical communications network. Under the deal, Motorola Solutions will support the prime contractor Mercuries Data Systems (MDS) to deliver the project worth US$128 million ($176 million) for the Taiwan Police Communication Office, National Police Agency of the Ministry of Interior.
The four-year project will deliver a private communications system to support public safety and protection in Taiwan. The upgrade to advanced, digitally encrypted radio communications based on the P25 standard, claims Motorola Solutions, is the most significant modernization of Taiwan’s mission critical communication system in almost two decades. It will provide Taiwan’s police agencies with higher quality coverage, new security features, and stronger links to strengthen communication between cities and regional areas.
READ THE STORY: ITwire
Yandex CEO Arkady Volozh resigns after being added to EU sanctions list
FROM THE MEDIA: Arkady Volozh, CEO of Russia's biggest internet company Yandex, has resigned after being added to the European Union's list of individuals sanctioned as part of its response to the illegal invasion of Ukraine.
Yandex is an analogue of Google, having started as a search engine and then added numerous productivity, cloud, and social services. The company has since expanded into ride-sharing and e-commerce.
The European Union (EU) last Friday named Volozh and many others as part of its sixth round of sanctions against Russia.
READ THE STORY: The Register
State-Backed Hackers Exploit Microsoft 'Follina' Bug to Target Entities in Europe and U.S
FROM THE MEDIA: A suspected state-aligned threat actor has been attributed to a new set of attacks exploiting the Microsoft Office "Follina" vulnerability to target government entities in Europe and the U.S. Enterprise security firm Proofpoint said it blocked attempts at exploiting the remote code execution flaw, which is being tracked CVE-2022-30190 (CVSS score: 7.8). No less than 1,000 phishing messages containing a lure document were sent to the targets.
"This campaign masqueraded as a salary increase and utilized an RTF with the exploit payload downloaded from 45.76.53[.]253," the company said in a series of tweets.
READ THE STORY: THN
Cybercriminals Exploiting Unpatched VMware Vulnerabilities: Cert-In
FROM THE MEDIA: The Indian Computer Emergency Response Team (Cert-In) has reported that cyber threat actors are taking advantage of certain unpatched VMware vulnerabilities. These vulnerabilities have been noticed across VMware products, including VMware Workspace ONE access, VMware Identity Manager, VMware vRealize Automation and more.
In a report on its website, Cert-In said that two types of vulnerabilities have been identified in VMware’s systems. Remote code execution vulnerability was noticed in VMware Workspace ONE access and Identity Manager, through which a threat actor can execute an arbitrary code on the target system.
Also, privilege access vulnerability was identified VMware Workspace ONE access, Identity Manager, and VMware vRealize Automation due to improper permissions in support scripts. Attackers can use this vulnerability by sending specially-crafted request that could allow them to gain elevated privileges on the target system.
READ THE STORY: Businessworld
Evasive phishing mixes reverse tunnels and URL shortening services
FROM THE MEDIA: Security researchers are seeing an uptick in the use of reverse tunnel services along with URL shorteners for large-scale phishing campaigns, making the malicious activity more difficult to stop.
This practice deviates from the more common method of registering domains with hosting providers, who are likely to respond to complaints and take down the phishing sites. With reverse tunnels, threat actors can host the phishing pages locally on their own computers and route connections through the external service. Using a URL shortening service, they can generate new links as often as they want to bypass detection.
READ THE STORY: BleepingComputer
CL0P Ransomware Activity Heats Up
FROM THE MEDIA: Ransomware activity from cybercriminal group CL0P increased massively in April over March this year, a new report by cybersecurity consultant NCC Group found. The number of CL0P’s victims increased from just one in March to 21 in April.
The April Threat Pulse research report notes that CL0P exhibited an explosive return to the ransomware threat landscape, pushing them from the least active criminal group in March to the fourth most prominent in April. NCC Group's threat intelligence team says CL0P’s presence has been extremely volatile throughout 2022 thus far – from zero attacks in January, to 10 in February, one in March, and 21 in April.
READ THE STORY: ITpro Today
Cyber-Attacks on Industrial Assets Cost Firms Millions
FROM THE MEDIA: Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today announced new research* revealing that 89% of electricity, oil & gas, and manufacturing firms have experienced cyber-attacks impacting production and energy supply over the past 12 months.
"Across the globe, industrial locations are going digital to drive sustainable growth. But this has invited a deluge of threats which they are ill-equipped to mitigate, causing major financial and reputational damage," said William Malik, vice president of infrastructure of strategies at Trend Micro. "Managing these heavily networked IT and OT environments effectively requires an experienced partner with the foresight and breadth of capabilities needed to deliver best-in-class protection across both environments."
READ THE STORY: Malay Mail
Exploit released for Atlassian Confluence RCE bug, patch now
FROM THE MEDIA: Proof-of-concept exploits for the actively exploited critical CVE-2022-26134 vulnerability impacting Atlassian Confluence and Data Center servers have been widely released this weekend.
The vulnerability tracked as CVE-2022-26134 is a critical unauthenticated, remote code execution vulnerability exploited through OGNL injection and impacts all Atlassian Confluence and Data Center 2016 servers after version 1.3.0.
Successful exploitation allows unauthenticated, remote attackers to create new admin accounts, execute commands, and ultimately take over the server.
READ THE STORY: Bleeping Computer
Multiplatform Linux kernel 'pretty much done' says Linus Torvalds
FROM THE MEDIA: Linus Torvalds has announced the first release candidate for version 5.19 of the Linux kernel, and declared it represents a milestone in multiplatform development for the project.
After first commenting that the development process for this version has been made difficult by many late pull requests, then applauding the fact that most were properly signed, Torvalds opined that Linux 5.19 "is going to be on the bigger side, but certainly not breaking any records, and nothing looks particularly odd or crazy."
Around 60 percent of the release is drivers, and there's another big load of code that gets AMD GPUs playing nicely with the kernel.
READ THE STORY: The Register
Ukraine Benefitted From Offensive U.S. Cyber Operations Against Russia
FROM THE MEDIA: Army General Paul Nakasone, who heads both Cyber Command and the NSA, told Sky News in an exclusive interview that American cyber operators were being proactive, conducting “hunt forward” operations to search out foreign hackers before they could target the U.S.
Nakasone said that the design of the operations was to target and neutralize Russian propaganda, especially its disinformation programs that could influence elections. Russia has traditionally targeted its disinformation programs to divide Americans along party lines utilizing “troll farms” that spread their propaganda disguised as American bloggers.
READ THE STORY: 1945
Russian ministry website appears hacked; RIA reports users data protected
FROM THE MEDIA: The website of Russia's Ministry of Construction, Housing and Utilities appeared to have been hacked, with an internet search for the site leading to a "Glory to Ukraine" sign in Ukrainian.
Russia's state news agency RIA late on Sunday quoted a ministry representative as saying that the site was down but users' personal data were protected.
RIA said that other media had reported that hackers were demanding a ransom to prevent the public disclosure of users' data. Reuters was not able to ascertain which media outlets were being cited by the RIA.
READ THE STORY: Reuters
Espionage, profiling and economic control mark Chinese commercial companies
FROM THE MEDIA: A two-year crackdown on Chinese entities by enforcement agencies have revealed a web of companies and individuals indulging in espionage, profiling of high value idividuals, large-scale tax evasion and exfiltration of bulk data that point to Beijing’s growing hunger for data and secrets.
A disturbing picture of Chinese Commercial Entities (CCE) has emerged after a series of actions by Indian authorities since 2020—busting of spying rings, tax raids on major Chinese telecom companies, a crackdown on mobile apps and a study of incoming investments into India. From uncovering of deep cover resident agents attempting to fund and influence Tibetan monks to a top executive of a telecom company found in the possession of sensitive documents and revelations of exhaustive profiling of key business leaders, Indian enforcement agencies have had their hands full.
READ THE STORY: Economic Times
Items of interest
Activists say cyber agency weakens voting tech advisory
FROM THE MEDIA: The nation’s leading cybersecurity agency released a final version Friday of an advisory it previously sent state officials on voting machine vulnerabilities in Georgia and other states that voting integrity activists say weakens a security recommendation on using barcodes to tally votes.
The advisory put out by the U.S. Cybersecurity and Infrastructure Security Agency, or CISA, has to do with vulnerabilities identified in Dominion Voting Systems’ ImageCast X touchscreen voting machines, which produce a paper ballot or record votes electronically. The agency said that although the vulnerabilities should be quickly mitigated, the agency “has no evidence that these vulnerabilities have been exploited in any elections.”
Dominion’s systems have been unjustifiably attacked since the 2020 election by people who embraced the false belief that the election was stolen from former President Donald Trump. The company has filed defamation lawsuits in response to incorrect and outrageous claims made by high-profile Trump allies.
The advisory CISA released Friday is based on a report generated by University of Michigan computer scientist J. Alex Halderman, an expert witness in a long-running lawsuit that is unrelated to false allegations stemming from the 2020 election.
The machines are used by at least some voters in 16 states, according to a voting equipment tracker maintained by watchdog Verified Voting. In most of those places, they are used only for people who can’t physically fill out a paper ballot by hand. But in some places, including Georgia, almost all in-person voting is done on the affected machines.
READ THE STORY: KXAN
Cyberthreat Hunting and Intelligence in Internet of Things IoT Environments (Video)
FROM THE MEDIA: Cybersecurity is a never-ending fight. As security professionals develop advanced strategies to stop one attack, malicious hackers invent more sophisticated tactics for penetrating networks and covertly stealing confidential data. Cyberthreat hunting and cyberthreat intelligence are emerging fields in cybersecurity. Security experts employ these practices to identify patterns of suspicious activity and thwart potential threats.
Infosec Job Hunting - Building Resumes using Job Descriptions with Jason Blanchard(Video)
FROM THE MEDIA: Jason Blanchard shows you how to reverse engineer job descriptions so you can build a "Catch-All Resume" you can use to complete your LinkedIn profile and create custom tailored resumes for future job hunts.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com