Discover more from Bob’s Newsletter
Daily Drop (184)
Google: Half of zero-day exploits linked to poor software fixes
FROM THE MEDIA: Half of the 18 'zero-day' bugs that were exploited before a patch was publicly available this year could have been prevented if only major software vendors created more thorough patches and did more testing. That's the verdict of researchers at Google Project Zero (GPZ), which has so far counted 18 zero-day bugs in 2022 affecting Microsoft Windows, Apple iOS and WebKit, Google's Chromium and Pixel, and Atlassian's Confluence server.
READ THE STORY: ZDNET
Teen “Hackers” on Discord Selling Malware for Quick Cash
FROM THE MEDIA: Avast security researchers have discovered a server on Discord where a group of minors is involved in developing, upgrading, marketing, and selling malware and ransomware strains on the platform, supposedly to earn pocket money. The researchers believe all of them are minors since they repeatedly mentioned their parents and teachers and casually used age-specific insults. Researchers learned about their activities through their discussion on Discord.
The hackers are involved in selling malware strains of Snatch, Lunar, and Rift and offer all kinds of services from info-stealers to ransomware and cryptominers. However, researchers noted that teen hackers mainly provide easy-to-use malware builders and toolkits, which help users employ the “Do it yourself” (DIY) approach to use them without actual programming. All they need to do is customization of appearance and functions.
READ THE STORY: Hackread
The British Army is investigating after its Twitter and YouTube accounts were hijacked
FROM THE MEDIA: The British Army is investigating after its Twitter and YouTube accounts were both breached. On July 3, as reported by the BBC, Army accounts were taken over and used to promote NFT and cryptocurrency schemes. This included YouTube videos posted with the image of entrepreneur Elon Musk.
The British Army's YouTube account name was changed. Screenshots also appeared to show the Army's Twitter account, its name changed, retweeting promotions for NFT projects, complete with images of a cartoon monkey.
READ THE STORY: ZDNET
Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web
FROM THE MEDIA: Cybersecurity researchers have detailed the various measures ransomware actors have taken to obscure their true identity online as well as the hosting location of their web server infrastructure.
"Most ransomware operators use hosting providers outside their country of origin (such as Sweden, Germany, and Singapore) to host their ransomware operations sites," Cisco Talos researcher Paul Eubanks said. "They use VPS hop-points as a proxy to hide their true location when they connect to their ransomware web infrastructure for remote administration tasks."
Also prominent are the use of the TOR network and DNS proxy registration services to provide an added layer of anonymity for their illegal operations.
READ THE STORY: THN
Django fixes SQL Injection vulnerability in new releases
FROM THE MEDIA: The Django project, an open source Python-based web framework has patched a high severity vulnerability in its latest releases.
Tracked as CVE-2022-34265, the potential SQL Injection vulnerability exists in Django's main branch, and versions 4.1 (currently in beta), 4.0, and 3.2. New releases and patches issued today squash the vulnerability.
Tens of thousands of websites, including some popular brands in the U.S. alone choose Django as their Model-Template-View framework, according to some estimates. This is why the need to upgrade or patch your Django instances against bugs like these is crucial.
READ THE STORY: Bleeping Computer
Kaspersky Discovers a New Backdoor Targeting Governments and NGOs across the Middle East, Turkey and Africa
FROM THE MEDIA: Kaspersky (https://www.Kaspersky.co.za/) experts have brought to light a poorly detected SessionManager backdoor that was set up as a malicious module within the Internet Information Services (IIS), a popular web server edited by Microsoft. Once propagated, SessionManager enables a wide range of malicious activities, starting from collecting emails to complete control over the victim’s infrastructure. First leveraged in late March 2021, the newly discovered backdoor has hit governmental institutions and NGOs across the globe with victims in eight countries from the Middle East, Turkey and Africa region, including Kuwait, Saudi Arabia, Nigeria, Kenya and Turkey.
READ THE STORY: African Business
Iranians' Remote Access to Banking Services Cut Off Over 'Cyber Attacks'
FROM THE MEDIA: Iranians’ access to domestic banking services from abroad has been temporarily cut off in aid of “preventing cyber attacks”, according to the official news agency IRNA.
The restrictions were confirmed on Monday, but Iranians outside the country first started reporting difficulties over the weekend. Follow-ups by IRNA with the “competent authorities” – who were not named in its coverage – established that the block on access to mobile and online banking facilities was only aimed at a “limited” number of banks with “the most foreign connections”.
It comes after a number of high-profile cyberattacks on state digital infrastructure. In the latest case, a group calling itself Ghiyam Ta Saraguni (“Uprising Until Overthrow”) hacked into the website of the Islamic Culture And Communication Organization, reportedly gaining access to 40,000 confidential messages and 1.5 million emails.
READ THE STORY: GZERO
DoD announces launch of a new bug bounty program
FROM THE MEDIA: Today, the Department of Defense (DoD) announced that the Chief Digital and Artificial Intelligence Office (CDAO), the Directorate for Digital Services and the Department of Defense Cyber Crime Center (DC3) are launching the “Hack U.S” bug bounty program.
The program will offer financial rewards for ethical hackers and security researchers who can identify critical and high severity vulnerabilities in the scope of the DoD’s vulnerability disclosure program.
To encourage researchers to participate, the DoD will offer a total of $110,000 for vulnerability disclosures. Payouts range between $1,000 for critical severity reports, $500 for high severity reports, and $3,000 for those in additional special categories.
READ THE STORY: VentureBeat
Rising threats spark US scramble for cyber workers
FROM THE MEDIA: The federal government and private sector are facing increasing pressure to fill key cyber roles as high-profile attacks and international threats rattle various U.S. sectors.
Workforce shortages have been a long-running issue in cyber, but they have taken on renewed importance amid rising Russian threats stemming from the war in Ukraine.
“It’s an issue that the government faces as well as the private sector, state and local communities,” Iranga Kahangama, a cyber official at the Department of Homeland Security (DHS), said at a House hearing this week.
READ THE STORY: The Hill
The Worst Hacks and Breaches of 2022 So Far
FROM THE MEDIA: For years, Russia has aggressively and recklessly mounted digital attacks against Ukraine, causing blackouts, attempting to skew elections, stealing data, and releasing destructive malware to rampage across the country—and the world. After invading Ukraine in February, though, the digital dynamic between the two countries has changed as Russia struggles to support a massive and costly kinetic war and Ukraine mounts resistance on every front it can think of. This has meant that while Russia has continued to pummel Ukrainian institutions and infrastructure with cyberattacks, Ukraine has also been hacking back with surprising success. Ukraine formed a volunteer “IT Army” at the beginning of the war, which has focused on mounting DDoS attacks and disruptive hacks against Russian institutions and services to cause as much chaos as possible. Hacktivists from around the world have also turned their attention—and digital firepower—toward the conflict. And as Ukraine launches other types of hacks against Russia, including attacks utilizing custom malware, Russia has suffered data breaches and service disruptions at an unprecedented scale.
READ THE STORY: Wired
U.S. elections require a permanent structure for fighting foreign interference
FROM THE MEDIA: The National Security Agency and U.S. Cyber Command recently reestablished their election security team to help secure the 2022 midterm elections. In light of Independent Sen. Angus King’s push for Cybercom to produce unclassified reports connected with each biennial election, which comes on the heels of increased alarm about foreign election interference and diminishing faith in the integrity of U.S. elections, this is the last time the team should be reassembled. U.S. democracy would be more secure with a permanent, not periodic, presence in preventing and mitigating foreign interference attacks.
First, foreign interference is a strategy, not a tactic – and that means attacks are executed over a continuous time period, and are not episodic in nature. So must be our defenses. While discussion of nation-state influence operations may often focus on efforts to interfere with major U.S. elections, adversaries, such as Russia, have repeatedly demonstrated that they seek to undermine democracies and their institutions on an ongoing basis through any number of means, including disinformation, emerging technologies, malign finance and cyber-attacks.
READ THE STORY: The Fulcrum
What good is intelligence in Ukraine?
FROM THE MEDIA: One of the pure joys of being a college professor in my D.C. dotage is having former students and their friends — now mostly in government — reach out for advice. As I have been in the intelligence game for four decades, most of them these days ask about Ukraine and what we intelligence guys did in the “old days” that helped win the Cold War.
So, I tell them. Some things worked. Some things didn’t. It took a long time. And victory was not achieved by intelligence alone. It’s often not the response they want to hear — but it is the truth. Intelligence has its fine uses and its distinct limits. Ukraine is no exception.
READ THE STORY: The Hill
$185m anti-malware patent dispute: Norton and Columbia University fight on
FROM THE MEDIA: NortonLifeLock and Columbia University's legal tussle over anti-malware patents continued last week, with attorney fees and a new trial in dispute two months after a jury awarded the uni $185 million.
In 2013, Columbia sued Norton and accused the company of infringing 167 claims over six patents. Although the May award went Columbia's way, it has since asked for additional attorneys' fees.
The security company has countered this [PDF] by saying that the "purpose of an award of attorneys' fees under the Patent Act is to compensate a prevailing party that was forced to litigate a case that was 'exceptional,' either because the party's case was remarkably weak or baseless, or because the other party engaged in vexatious litigation misconduct. Neither applies here."
READ THE STORY: The Register
The Download: China’s livestreaming crackdown, and a huge police data hack
FROM THE MEDIA: For Zeng, a young Chinese woman, an hour scrolling Douyin, the domestic version of TikTok, has become a daily ritual. Livestreaming took off in China in 2016 and has since become one of the nation’s favorite pastimes. Zeng particularly likes one creator: “Lawyer Longfei.” Every day, Longfei answers her 9 million followers’ legal inquiries live. Many deal with how women should approach tricky divorce cases.
But in May, Longfei’s account went dark for 15 days, most likely because her content doesn’t match the state’s view on marriage. While Longfei’s account was eventually reinstated last month, her case reflects how many streamers are grappling with the Chinese government’s increasing willingness to weigh in on what’s acceptable.
China is doubling down on Linux in a bid to leave Windows behind
FROM THE MEDIA: China is now one step closer to eliminating Windows from its government endpoints, an effort it has been pursuing for more than two decades now.
As reported by The Register, the country has been laser-focused on switching to Linux(opens in new tab) entirely amid conflict with the US, but has thus far lacked the support of developers. But now, all of that might change with the launch of the openKylin project(opens in new tab).
The project’s goal is to speed up the development of the Kylin Linux distro, an OS distribution that’s entirely China-made. The project’s participants will include developers, but also colleges and universities.
READ THE STORY: TechRadar
TikTok defends its data regulation in letter to US senators, amid Chinese influence concerns
FROM THE MEDIA: TikTok has written to US Senators to reassure them about the steps it has taken to secure American users' data on the site, after concerns that Chinese TikTok engineers accessed US account data.
In the letter to nine senators, the Chinese-based social media giant admitted that some Chinese engineers had breached US users' information. The company also set out its steps for preventing such an incident from happening again.
TikTok CEO Shou Zi Chew wrote in the 30th June letter: "Employees outside the US, including China-based employees, can have access to TikTok US user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our US-based security team."
READ THE STORY: Computing
Chinese tech giants Tencent and Ant Group pledge to ban NFTs, cryptocurrency marketplaces
FROM THE MEDIA: Chinese internet and tech giants on Monday signed an initiative to ban cryptocurrency and digital collectibles (NFTs), along with a promise not to establish secondary marketplaces. According to the South China Morning Post, Tencent and Ant Group joined a self-driven industry initiative to ban cryptocurrency and fight speculation. Platforms that sell digital collectibles "shall require real-name authentication of those who issue, sell and buy" the assets and "only support legal tender as the denomination and settlement currency", according to the document signed by China's biggest tech firms.
READ THE STORY: Economic Times
SpaceX launches SES-22 satellite to provide better communications in the US
FROM THE MEDIA: A two-stage Falcon 9 rocket lifted off from Cape Canaveral Space Force Station in Florida at 5:04pm. The SES-22 satellite was onboard and was launched toward orbit, reported Space. About 8.5 minutes after the launch, the Falcon 9 went back and landed on SpaceX droneship A Shortfall of Gravitas, which was stationed in the Atlantic Ocean. The first of SES’s C-band satellites dedicated to freeing up the lower 300MHz of C-band spectrum is built by Thales Alenia Space, and will operate in the 135 degrees West orbital slot, according to SES.
It will deliver TV and radio to millions of American homes and provide other critical data transmission services. SES-22 is expected to start operations by early August 2022. The launch of SES-22 is part of a broader Federal Communications Commission (FCC) program to clear a portion of C-band spectrum to enable wireless operators to deploy 5G services across the contiguous US (Conus).
READ THE STORY: ITwire
Defending Ukraine: Early lessons from the cyber war
FROM THE MEDIA: Microsoft released a new report on Russia’s continued cyber operations in the war on Ukraine, based on research conducted by Microsoft’s threat intelligence and data science teams with the goal of sharpening understanding of the threat landscape in the ongoing war. The report offers a series of lessons and conclusions resulting from the data gathered and analyzed. You’ll read new information about Russian efforts including an increase in network penetration and espionage activities amongst allied governments, non-profits and other organizations outside Ukraine. This report also unveils details about sophisticated and widespread Russian cyber foreign influence operations being used among other things to bolster their war efforts. To read the report, visit Microsoft On the Issues.
READ THE STORY: GZERO
AstraLocker ransomware shuts down and releases decryptors
FROM THE MEDIA: The threat actor behind the lesser-known AstraLocker ransomware told BleepingComputer they're shutting down the operation and plan to switch to cryptojacking. The ransomware's developer submitted a ZIP archive with AstraLocker decryptors to the VirusTotal malware analysis platform. BleepingComputer downloaded the archive and confirmed that the decryptors are legitimate and working after testing one of them against files encrypted in a recent AstroLocker campaign.
READ THE STORY: Bleeping Computer
Items of interest
Tackling Worrying Rise in Cyber Crimes and Warfare
FROM THE MEDIA: Israel’s 12th Annual Cyber Week Conference was attended last week by 300 speakers, 7000 in person and 2000 online attendees from 80 countries. The speakers included top Israeli government figures such as then Prime Minister Naftali Bennett and Defense Minister Benny Gantz; leading American and British cyber figures, including Chris Inglis, the National Cyber Director at the Executive Office of the President at the White House and Lindy Cameron CEO of the British National Cyber Security Centre, and security executives from large companies, such as Walmart, SolarWinds,Apple and Netflix.
READ THE STORY: Mirage News
Hackers Claim Theft of Police Info in China's Largest Data Leak (Video)
FROM THE MEDIA: Unknown hackers claimed to have stolen data on as many as a billion Chinese residents after breaching a Shanghai police database. Industry experts are saying this may be the largest cybersecurity breach in the country's history. Edwin Chan reports on Bloomberg Television.
China's Step by Step Plan for World Domination (Video)
FROM THE MEDIA: Is China secretly plotting to take over the entire world? Check out today's epic new video to discover how China has been carefully planning to take over key countries in the Pacific Ocean to set up a stronghold that could be impossible to stop.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at firstname.lastname@example.org