Daily Drop (182)
Rogue HackerOne employee steals bug reports to sell on the side
FROM THE MEDIA: A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards. The rogue worker had contacted about half a dozen HackerOne customers and collected bounties “in a handful of disclosures,” the company said on Friday. HackerOne is a platform for coordinating vulnerability disclosures and intermediating monetary rewards for the bug hunter submitting the security reports.
READ THE STORY: BleepingComputer
Evilnum Hacking Group Updates TTPs Targeting Fintech
FROM THE MEDIA: Evilnum, a hacking group primarily targeting fintech firms in the U.K. and Europe, has updated its tactics, techniques and procedures by using MS Office Word documents, leveraging document template injection to deliver the malicious payload to victims' machines.
In earlier campaigns in 2021 the main distribution vector used by this threat group was LNK files - a type of shortcut used in Windows sent inside malicious archive files as email attachments in spear-phishing emails to victims.
Zcaler's ThreatLabz researchers say that they have identified several previously undocumented domains associated with the Evilnum advanced persistent threat group; they say that this indicates the group has been successful at flying under the radar and has remained undetected for a long time.
READ THE STORY: GOV INFOSEC
Kaspersky Reveals a Backdoor Targeting Organizations Around the World
FROM THE MEDIA: Kaspersky has revealed a "poorly detected backdoor" it calls SessionManager that has been used against organizations in Africa, South Asia, Europe, and the Middle East since at least March 2021.
"The SessionManager backdoor enables threat actors to keep persistent, update-resistant, and rather stealth access to the IT infrastructure of a targeted organization," Kaspersky says(Opens in a new window). "Once dropped into the victim’s system, cybercriminals behind the backdoor can gain access to company emails, update further malicious access by installing other types of malware, or clandestinely manage compromised servers, which can be leveraged as malicious infrastructure."
READ THE STORY: PCMAG
Group-IB Unveils Unified Risk Platform
FROM THE MEDIA: Group-IB, one of the global leaders in cybersecurity headquartered in Singapore, has today unveiled the Unified Risk Platform, an ecosystem of solutions that understands each organization’s threat profile and tailors defenses against them in real-time. Every product and service in Group-IB’s now consolidated security suite is enriched with information from a Single Data Lake, which contains 60 types of sources of adversary intelligence. The Unified Risk Platform automatically configures your Group-IB defenses with the precise insights needed to provide the best possible defense against targeted attackson the infrastructure and endpoints, breaches, fraud,brand and IP abuse.
READ THE STORY: MENAFN
CYBERSECURITY PROFESSIONALS WARN AGAINST ‘BLACK BASTA’ RANSOMWARE
FROM THE MEDIA: Cybercriminals operate under the assumption that upsetting established companies is the key to surviving in the ever-changing digital environment. This way of thinking inspires them to innovate and create powerful offensive strategies. Due to organizations improving their cybersecurity perimeter, lone criminals have turned to form ransomware gangs by teaming up with other like-minded players. They can target more companies at once and receive greater rewards by banding together. BlackFog’s data reports from 2022 show that hostile hackers and ransomware gangs are focusing on sectors like technology, manufacturing, healthcare, and government. An abrupt increase in average ransomware demands, which increased by 518 percent in 2021 compared to 2020, can be used to measure the impact of such gangs. Black Basta is one of the most recent ransomware groups to appear.
READ THE STORY: Analytics Insight
Crypto Crash Rattles Cybercriminals, Pushing Them Beyond Ransomware
FROM THE MEDIA: The collapse of cryptocurrencies is rippling through the world of ransomware, security researchers say, even though bitcoin, ether and other digital tokens remain the payment of choice for cybercriminals locking up corporate computer systems.
Over the past few months, the value of cryptocurrencies has plummeted amid rising inflation, economic shocks caused by the war in Ukraine and falling global stock markets. Hundreds of billions of dollars in value has been wiped out over that period, which is starting to be known as crypto winter. On one day alone, more than $200 billion in value was wiped from the broad crypto market.
READ THE STORY: CNET
Raspberry Robin: Microsoft warns about high-risk worm infecting lots of Windows networks
FROM THE MEDIA: The battle between good and evil is a constant one when it comes to the cybersecurity space. We regularly hear about new exploits being leveraged by malicious actors as well as the defenses that are being built against them on a reactive and proactive basis. Now, Microsoft has issued private advisories about a high-risk worm that is infecting hundreds of Windows enterprise networks.
Dubbed "Raspberry Robin", the malware is spread via infected USB devices containing a .LNK file. As soon as a user clicks on this file, the worm creates an msiexec.exe process through Command Prompt and launches another malicious file. Then, it communicates with command and control servers with a short URL. If the connection is successful, it downloads and installs a bunch of other malicious DLLs, which then attempt to communicate with TOR nodes.
READ THE STORY: NEOWIN
North Korea Leads the World in Crypto Crime
FROM THE MEDIA: Even though the true extent of North Korea’s contribution to global crypto crime rates is unknown, Coincub stated that DPRK’s cyber program is large and well-organized.
A vast majority of citizens in the country struggle with food insecurity and undernutrition, and lack of access to basic services. They do not have access to the global internet. Yet the country has become a hacking superpower.
Economically isolated from the rest of the world, North Korea has managed to birth a breed of hackers that have spearheaded some of the most catastrophic breaches. When it comes to crypto crime, skilled North Korean hackers have stolen funds for the country’s weapons programs by carrying out a series of profitable cyberattacks.
READ THE STORY: Crypto Potato
Putin's hackers could destroy UK economy - and British retaliation would 'escalate quickly
FROM THE MEDIA: Russia has been blamed for cyberattacks around the world for years, and last week it was accused of shutting down public and private websites in Norway. An attack on the UK could be imminent according to the National Cyber Security Centre (NCSC), potentially affecting millions of people and leading to the loss of money and sensitive information. Professor Alan Woodward is a cybersecurity expert at the University of Surrey and he explained that cyber attacks are increasingly going after the software used by British organizations.
READ THE STORY: Express
Great Power Competition — China’s Use of Guerrilla Warfare and Information Power in Pursuit of Its Epochal World Order
FROM THE MEDIA: Comprehending China’s twenty-first century global actions in search of wider power requires knowledge of their perspective on power and competition. That lens is one which sees guerilla warfare and information power used to invade social order to change the existing order in favor of the CPC. Insight into their methods reveal their path to victory is in the truest wisdom of Sun Tzu, “For to win one hundred victories in one hundred battles is not the acme of skill. To subdue the enemy without fighting is the acme of skill.”
READ THE STORY: Small Wars Journal
THE IPHONE IS A HIT IN CHINA AND SURPASSES ALL COMPETITORS
FROM THE MEDIA: This is news that may bring a smile to the Apple brand on the Asian market. While Apple is experiencing several delivery delays due to the Chinese lockdown and global component shortages; during the Chinese 6.18 festival, Apple’s iPhone sales in the country had great results.
The 6.18 Festival is an event not to be missed in China. If the United States has Black Friday, Cyber Monday or even Amazon Prime Day, the Chinese 6.18 can generate more revenue than the three American events mentioned. This festival spans 18 days in June, and e-commerce businesses see a significant portion of their annual revenue coming from this event.
READ THE STORY: GIZ China
Beijing directed cyber attacks against Canadian mining company
FROM THE MEDIA: Cybersecurity experts are warning that the People’s Republic of China (PRC) is targeting the Canadian rare earths company Appia Rare using information warfare methods to stifle Canadian development in the mining industry.
According to a report by Mendiant Inc. the “Dragonbridge” operation went after three rare earth mineral companies including Appia.
“Since rare earths mineral mining is of strategic significance to the PRC, and these entities are challenging the PRC’s global market dominance in that industry, our experts believe Dragonbridge is targeting this sector to maintain its advantage,” a Mendiant spokesperson told the Globe and Mail.
READ THE STORY: The Paradise
Thousands of children at risk from grooming gangs as hackers leak their private details to the dark web
FROM THE MEDIA: Thousands of British school pupils have had their private details leaked online by a cyber gang, The Mail on Sunday can reveal. Hackers stole private data including photocopies of children’s passports, disciplinary records and child protection reports relating to vulnerable pupils. Experts last night warned that the hack left some youngsters exposed to grooming by criminal gangs.
DC driver kills cyclist and fireworks stand worker after losing control of truck 'during medical emergency' in horror smash that left one victim 'DECAPITATED', and other top stories from July 03, 2022. The hackers plundered five schools and a sixth form college, including the £36,000-a-year independent Durham School, the alma mater of former Downing Street aide Dominic Cummings.
READ THE STORY: The Daily Mail
Chinese internet trolls deployed to protect rare earths stranglehold
FROM THE MEDIA: For the unsuspecting Facebook user in Texas, posts, along with the emergence of new groups on their feeds highlighting threats posed by a new rare earths separation plant, may appear legitimate.
Seemingly published by Texans, they flooded the social media platform after Australian rare earth miner, Lynas Resources (ASX: LYC), won a major U.S. Government grant to build a facility in Texas that will process rare earths from a massive mine in the west of Australia.
“My friends and I have been resisting the construction of a rare earth processing plant in Texas by Lynas. If nothing is done Lynas’ waste discharge will directly or indirectly affect the health of local residents, and this pollution is irreversible,” one Facebook post said.
READ THE STORY: Asia Markets
Scott Hollifield: When there is cyber-devilishness afoot
FROM THE MEDIA: hen it comes to falling for internet trickery, I am not your huckleberry. Recently, the company sent out a mock phishing email after training us on not clicking on phishing email links to see who would click on the link anyway, which could trigger a potential takeover of hundreds of thousands of computers by cybercriminals or an evil foreign nemesis intent on world domination.
I passed the test. After getting the email and reading it, I knew there was devilishness afoot. I immediately contacted Einstein, the IT expert who would later help me diffuse the beeping noise and/or bomb in the server room (it was the blue wire) to get his take on the situation.
READ THE STORY: Mcdowell News
Items of interest
Will There Be War Over Taiwan - The Next Spy Thriller
FROM THE MEDIA: I usually go through a rhythm of reading one or two serious books, followed by a few works of fiction and with summer on the way I wanted to highlight a few of both. In that regard I have just finished Laurence Durrell’s ‘White Eagles in Serbia’, an old-fashioned espionage thriller where the hero Colonel Methuen is dropped behind enemy lines in post war Serbia (he speaks excellent Serbo-Croat) and becomes embroiled in a violent plot to overthrow Tito.
The book is a warm-up to reading Durrell’s ‘The Alexandria Quartet’, a work that nearly won him the Nobel Prize. Durrell was part of an interesting Anglo-Irish family, who largely considered themselves Indian – his brother Gerald, the naturalist and writer, touches on this in ‘My Family and Other Animals’.
READ THE STORY: Forbes
eBAY Cyber Crime | $20 Million | 48 Years Prison Time (Video)
FROM THE MEDIA: eBAY cyber crime committed by hackers in Romania cost America $20 Million in damages. The hackers were extradited and sentenced to a total of 48 years in prison.
Chinese Hackers Are Disseminating An SMS Bomber Tool That Contains Malware (Video)
FROM THE MEDIA: A threat organization with connections to the hacking group known as Tropic Trooper is seen deploying a new malware developed in the Nim programming language. Tropic Trooper (also named KeyBoy, Pirate Panda, and Earth Centaur) is a hacker group with a history of several attacks in Taiwan, the Philippines, and Hong Kong with a major focus on government, transportation, healthcare, and high-tech organizations.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at firstname.lastname@example.org