Thursday, June 16, 2022 // (IG): BB //Weekly Sponsor: UNDERWORLD BJJ
Critical Citrix Bugs Impact All ADM Servers, Agents
FROM THE MEDIA: Citrix is advising users of its Application Delivery Management (ADM) solutions to update their systems against a pair of newly discovered vulnerabilities. Tracked under CVE-2022-27511, the first vulnerability could allow system corruption leading to the admin password being reset after reboot. The second, CVE-2022-27512, if exploited, could allow a threat actor to temporarily disrupt the ADM license service. Although a fix has been issued, customers using outdated, unsupported versions are advised by Citrix to upgrade.
READ THE STORY: DarkReading
Protect Your Customer Base From Fraud and Account Takeover With CCM-C
FROM THE MEDIA: Threat actors targeting credentials once struggled to bypass anti-fraud technologies. However, as the threat landscape has evolved, cybercriminals are now leveraging malware infections and “anti-detect” browsers that allow them to appear as a trusted user and ultimately gain access to protected accounts.
With this access in hand, threat actors can steal session cookies data, browser data, customer credentials, and other sensitive data that could compromise valuable assets across your organization. It’s imperative for organizations to have a plan for proactively preventing customer fraud and account takeover (ATO) originating from stolen credentials. But without visibility into illicit communities where these credentials are leaked and sold, organizations may not even be aware whether their customers’ credentials have been compromised.
READ THE STORY: Security Boulevard
BlackCat Extortion Technique: Public Access to Breached Data
FROM THE MEDIA: Operators of the BlackCat ransomware as a service appear to be using a new extortion technique: creating a dedicated website on the public internet revealing personal data stolen from victims.
On Tuesday, the BlackCat "name and shame" website published a link to an open website resolving to a typosquatted domain containing the personally identifiable information of thousands of individuals. The data appears to belong to employees of an Oregon wine country luxury spa and resort. As of late afternoon today, the typosquatted site appears to be offline.
READ THE STORY: Bank Info Security
Microsoft and Intel issue warning about MMIO Stale Data vulnerability on Windows 11, 10
FROM THE MEDIA: Intel and Microsoft have published fresh security advisories regarding a list of new CPU vulnerabilities affecting Intel Core processors. These security flaws are related to a CPU's memory-mapped I/O (MMIO) and hence are called "MMIO Stale Data Vulnerabilities" collectively. A threat actor, upon successful exploitation of a vulnerable system, can read privileged information on a compromised system.
Microsoft, in its security advisory ADV220002, has described how potential attack scenarios can unfold. An attacker who successfully exploited these vulnerabilities might be able to read privileged data across trust boundaries. In shared resource environments (such as exists in some cloud services configurations), these vulnerabilities could allow one virtual machine to improperly access information from another. In non-browsing scenarios on standalone systems, an attacker would need prior access to the system or an ability to run a specially crafted application on the target system to leverage these vulnerabilities.
READ THE STORY: Neowin
Elasticsearch server with no password or encryption leaks a million records
FROM THE MEDIA: Researchers at security product recommendation service Safety Detectives claim they’ve found almost a million customer records wide open on an Elasticsearch server run by Malaysian point-of-sale software vendor StoreHub.
Safety Detectives’ report states it found a StoreHub sever that stored unencrypted data and was not password protected. The security company’s researchers were therefore able to waltz in and access 1.7 billion records describing the affairs of nearly a million people, in a trove totaling over a terabyte.
READ THE STORY: The Register
Americans Warned of China Potentially Spying via Smart Coffee Makers: Researcher
FROM THE MEDIA: U.S.-based researcher Christopher Balding said he found evidence that the Chinese Communist Party (CCP) is obtaining data via smart coffee machines that are made in China, warning that such tactics may be employed against American consumers. Balding, who released a report via New Kite Data Labs, said that issues with the Chinese internet-connected coffee machines are allowing CCP officials to collect data on Americans. “China is really collecting data on really just anything and everything,” he said in the report, released this week. “As a manufacturing hub of the world, they can put this capability in all kinds of devices that go out all over the world.”
READ THE STORY: The Epoch Times
Chinese Hackers Able to Directly Exploit Major Telcos via Routers and Networking Equipment, Largely Using Published Vulnerabilities
FROM THE MEDIA: The Cybersecurity and Infrastructure Security Agency (CISA) has published an alarming warning indicating that state-backed Chinese hackers have deep penetration into “major” US telcos, and are getting in by compromising an assortment of networking equipment and routers. The report declined to name specific impacted telcos, but did indicate that this is not a case of zero-day exploits or even any sort of advanced tradecraft; the Chinese hackers appear to be using published exploits on various types of equipment that have simply not been patched or remediated.
READ THE STORY: CPO MAG
In modern war, we have as much to fear from cyber weapons as kinetics
FROM THE MEDIA: In this hyper-connected world, cyberattacks that threaten the internet are a terrifying prospect. "The real world and the virtual world have become so interdependent," said Ian Hill, director of cyber security at BGL Insurance, speaking at the first day of Computing's Cybersecurity Festival last week. "Our physical world, certainly in the context of Western society, has pretty much got to the point of no return, where our dependency on technology - and technology's dependence on the internet - that the economy cannot exist without them. If anything happens to the internet, or some connected technology, we've got a real problem."
READ THE STORY: Computing UK
Microsoft fixes bug that let Chinese hackers target Windows users
FROM THE MEDIA: Microsoft has patched a serious Windows bug that allowed China government-backed hackers, who previously targeted the Tibetan government-in-exile based in Dharamshala, to actively exploit it in Microsoft Office to steal and delete users' data. According to cyber-security firm Proofpoint, the newly-discovered zero-day vulnerability titled 'Follina' in Microsoft Office was being exploited by advanced persistent threat (APT) group 'TA413' linked to the Chinese government.
"Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability," Microsoft said in its latest advisory on Wednesday. "Customers whose systems are configured to receive automatic updates do not need to take any further action," the company added. Microsoft has finally released a fix for 'Follina', a zero-day vulnerability in Windows that's being actively exploited by state-backed hackers.
READ THE STORY: The Hans India
BRICS meet: NSAs discuss new threats and challenges to national security
FROM THE MEDIA: Top security officials of the BRICS countries have held an in-depth exchange of views and reached a consensus on issues such as strengthening multilateralism and global governance and responding to new threats and challenges to national security.
National Security Advisor Ajit Doval on Wednesday attended via video link the 12th Meeting of BRICS (Brazil, Russia, India, China and South Africa) National Security Advisers and High Representatives on National Security. Doval called for bolstering cooperation against terrorism without any reservations as he addressed a virtual meeting of the five-nation grouping BRICS.
READ THE STORY: Business Standard
Banning Huawei is the start, not the end, of protecting cyber infrastructure
FROM THE MEDIA: For years, concerns have been raised that companies like Huawei pose serious security threats to Canada’s critical infrastructure. And yet, since the government announced its decision in May 2022, not much has been said about the matter that has vexed so many for so long. This is odd, as the decision has important implications. Banning Huawei (as well as ZTE, another Chinese telecommunications firm) from Canada’s 5G network is not “mission accomplished” when it comes to protecting critical infrastructure. There is a great deal of unfinished business ahead.
READ THE STORY: The Standard
China uses AI deception in simulated space battle
FROM THE MEDIA: A Chinese research team has reported an experiment in which it says an anti-satellite AI learned to successfully trick its target in a simulated space battle. In a paper published on April 25 in the domestic peer-reviewed journal Aerospace Shanghai, Dang Zhaohui, professor of astronautics from Northwestern Polytechnical University, and his colleagues conducted an experiment in which an AI commanded three small hunter satellites to capture a high-value target, repeating the exercise thousands of times.
The researchers also set penalty parameters for the hunter satellites, such as consuming more fuel and colliding with a teammate. In contrast, the target satellite gained points for each penalty incurred by hunter satellites.
READ THE STORY: Asian Times
Russia’s cyber fog in the Ukraine war
FROM THE MEDIA: Russia’s state-supported cyberattacks increased both before and during its invasion of Ukraine. The moves are part of Moscow’s broader attempt to disrupt services and create intimidation and confusion. Up until now, however, the Kremlin has not launched a devastating cyberwar against NATO countries, despite numerous warnings in recent months.
Western experts are still uncertain whether fears of American cyber retaliation and the existence of a “Mutual Assured Cyber Destruction” (“cyber-MAD”) are the reason why such attacks have not materialized. But any further Western sanctions (such as the European Union’s declared oil embargo on Russia) will increase the risk of devastating Russian cyberattacks.
READ THE STORY: GIS
Interpol arrests thousands in global cyber fraud crackdown
FROM THE MEDIA: Some 2,000 cyber crime operatives, fraudsters and money launderers have been arrested, with 4,000 bank accounts frozen and $50m (£41.5m) of illicit funds seized in a two-month, worldwide operation against cyber fraud, coordinated by Interpol.
Operation First Light, which began in March 2022, saw law enforcement bodies in 76 different countries collaborate with the international agency, conducting more than 1,700 raids and identifying more than 3,000 suspects, in many cases triggering new investigative leads that will pay off in the future.
The operation’s targets included telephone scammers, long-distance romance scammers, email fraudsters and other connected financial criminals, identified through a prior intelligence operation using Interpol’s secure global comms network, sharing data on suspects, suspicious bank accounts, unlawful transactions, and communications means such as phone numbers, email addresses, fake websites and IP addresses.
READ THE STORY: Computer Weekly
Ransomware Response Essential: Fixing Initial Access Vector
FROM THE MEDIA: A lot has changed in the three years since cybersecurity veteran Raj Samani was last able to attend the RSA Conference in San Francisco. But what hasn't changed is the innovation being practiced by ransomware groups and the challenges facing cybersecurity teams, including dealing with the latest vulnerabilities, or "vuls."
"The thing that's probably causing most people concern is this deluge of big critical vuls," Samani says. "And the time to exploitation is getting shorter and shorter." He also says that any organization hit by ransomware must never forget the imperative to identify how attackers broke in and if they've given themselves persistent ways to regain access. Otherwise, he says, "They'll hit you again and again."
READ THE STORY: Bank Info Security
Cyber threats and current landscape put food defense on agenda
FROM THE MEDIA: Cyber-attacks and ransomware are among the major novel threats to food firms, according to speakers during a panel discussion about food fraud and defense. Tim Lang, Jennifer van de Ligt and Jon Woody spoke about food defense, and the many definitions, at a recent Health Talks webinar organized by the World Health Organization (WHO).
Lang, professor of food policy at City University London’s Centre for Food Policy, said the term “food defense” is being used too narrowly. “The challenges in the food system are not just about food safety, they include climate change and societal and political challenges. Think only of Ukraine. The risks to food defense are not just medical or microbiological,” he said.
READ THE STORY: Food Safety News
Cybercrime Chatter: US Critical Infrastructure Off-Limits?
FROM THE MEDIA: As the Russia-Ukraine war continues, many cybersecurity experts warn that Moscow may yet retaliate against sanctions and other Western moves by launching major cyberattacks against the West. Of course, whether or not such attacks do occur, potentially using Russian cybercriminals as a proxy force isn't a foregone conclusion. Indeed, Jon DiMaggio, chief security strategist at Analyst1, says he's been seeing signs that Russian threat actors and ransomware groups may have no incentive to move against U.S. critical infrastructure.
READ THE STORY: Gov Info Security
Russia Might Try Reckless Cyber Attacks as Ukraine War Drags On, US Warns
FROM THE MEDIA: As the Ukraine war continues, U.S. officials worry that Russia might resort to new sorts of cyber attacks that could have big unintended consequences. “I do think there there is a risk that the deeper you get into this conflict that the Russians will…be pressed to resort to more aggressive operations,” Neal Higgins, the deputy national cyber director for national cybersecurity at the White House’s Office of the National Cyber Director, said on Tuesday during the Defense One Tech Summit. If you're acting quickly and desiring a large impact, there is a risk that you lose control and that that did occur. It certainly is a risk that we continue to monitor across the government.”
Higgins was alluding to the 2017 NotPetya attacks, which spread beyond their intended targets—Ukrainian power companies—and went on to be the most destructive cyber event in history, infecting computers across the globe, including in Russia.
READ THE STORY: Defense One
Deepfake attacks expected to be next major threat to businesses
FROM THE MEDIA: Deepfake-driven cyber attacks are set to become more popular in the near future as the artificial intelligence technology (AI) becomes more widely used, security experts at Cisco warned this week. Such attacks could involve fake videos of companies’ CEOs being sent to employees, telling them to conduct wire transfers, for example. Deepfake technology involves training an AI program with large amounts of data in order for it to learn how any given individual would look when saying certain words, and how they sound, including accurate intonation and speech pauses.
“Well, your targets are those that have public personas, because you need lots of training footage to do this,” said Nick Biasini, head of outreach at Cisco Talos. “So it'd be much easier to pick your CEO, go after the CEO, because they're on video constantly, and they're talking constantly. You could use that to easily make a video of them that all of a sudden your CEO is calling you, it looks like your CEO sounds like your CEO, and they're telling you to do a wire transfer.”
READ THE STORY: ITpro
Items of interest
Cyber-Criminals Smuggle Ukrainian Men Across Border
FROM THE MEDIA: The war in Ukraine continues to offer cyber-criminals new opportunities to monetize conflict, with threat researchers observing ads offering to smuggle men out of the war-torn country.
Intel 471 said criminals are using insiders, including border service staff, to offer people smuggling services on the dark web. Since the start of the war, the Ukrainian government has forbidden any males of fighting age from leaving the country.
“Shortly after the start of the war, the actor claimed the insider could facilitate illegal border crossings for Ukrainian males aged 18 to 60,” the report noted.
“Accomplices used to facilitate the activity allegedly would transfer a person seeking to cross the Moldova-Ukraine border and bypass official checkpoints. The border crossing records for the person using the actor’s service would be backdated on a passport and government databases as part of the scheme.”
The conflict is also creating some unusual alliances. A separate report from Cybersixgill argues that Chinese and Russian cyber-criminals are starting to collaborate on the dark web.
READ THE STORY: Info Security Mag
Energy Critical Infrastructure Sector Cybersecurity (Video)
FROM THE MEDIA: This video is an introduction to the energy critical infrastructure sector and cybersecurity. In this video we identify what comprises the energy sector, factors affecting the protection of the energy sector, the current state of protecting the energy sector, cyber threats to the sector, and the consequences of an attack. A second video posted soon will provide more detail on cyber threats and attacks, consequences, and emerging government regulations and guidelines.
HORN & HARDART AUTOMAT - Life in America (Video)
FROM THE MEDIA: Horn & Hardart, founded in 1888 by Joseph Horn and Frank Hardart, was noted for operating the first food service automats in Philadelphia and New York City. The restaurant chain was well known in the U.S. for serving food out of a vending machine for a nickel. The last New York Horn & Hardart Automat closed in April 1991.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com