Tuesday, July 12, 2022 // (IG): BB //Weekly Sponsor: The Fintel Brief
Two data brokers to stop selling location data of abortion clinic visits
FROM THE MEDIA: U.S. Sen. Elizabeth Warren, D-Mass., announced data brokers SafeGraph and Placer.ai made a permanent commitment to not sell location data of individuals visiting abortion clinics. Warren and other lawmakers have introduced the Health and Location Data Protection Act, which Warren said bans data brokers from selling the data and establishes “serious privacy protections for consumers.”
READ THE STORY: IAPP
Hackers Get Ready for Amazon Prime Days Shoppers with Thousands of Live Phishing Sites
FROM THE MEDIA: The start of Amazon Prime Days on July 12 has prompted an increase in phishing attacks. These attacks target shoppers anxiously awaiting the amazing offers and discounts revealed during the two-day sale, and bad actors are ready to take advantage of the excitement.
Right now, SlashNext has tens of thousands of live malicious Amazon phishing URLs in our database, which has increased over the last 72 hours. Most are scams designed to take advantage of Amazon Prime Day shoppers looking for deals. There are also more dangerous phishing attacks, including credential stealing and rogue software, which can lead to ransomware and account takeovers.
READ THE STORY: Security Boulevard
US military contractor moves to buy Israeli spy-tech company NSO Group
FROM THE MEDIA: US security technology provider L3Harris has courted controversial Israeli spyware firm NSO with an aim to buy it, according to reports. The New York Times claims L3Harris in recent months sent a team to Israel to try to smooth passage of the deal, which was made challenging by US president Joe Biden's decision to blacklist NSO following the use of its Pegasus software to crack phones of politicians and campaigners. The L3Harris executives delivered a message that the US government offers tacit support of its acquisition bid, although public statements were unlikely, according to five separate sources.
READ THE STORY: The Register
Defense contractor pays $9m to settle whistleblower's cybersecurity allegations
FROM THE MEDIA: Aerojet Rocketdyne, which makes propulsion and power systems for launch vehicles, missiles and satellites for NASA and the US military, has agreed to pay $9 million to settle charges it misrepresented its products' compliance with cybersecurity requirements in federal government contracts. The El Segundo, California-based company has a deep history in American space and military contracting, including on long-term development efforts such as a hypersonic cruise missile design, recently tested by DARPA and manufactured by Aerojet Rocketdyne and Lockheed Martin.
READ THE STORY: The Register
Ransomware Hits Flood Monitoring System In Goa, India – Perspective From Industry Leaders
FROM THE MEDIA: A Ransomware attack hit Goa’s flood monitoring system according to the Hindustan Times, which reports that the state government’s water resources department that maintains the data said that all its files have been encrypted and can no longer be accessed. The data center server in Panaji stores the data of 15 flood monitoring systems on major rivers in the Goa region, as part of disaster management and flood control. Access is unavailable to data relating to batteries and to real time monsoon activity.
READ THE STORY: Information Security Buzz
Bandai Namco allegedly hacked by ransomware group
FROM THE MEDIA: It would appear that Bandai Namco has succumbed to ransomware. The company responsible for publishing some of gaming’s largest titles has allegedly been ransomed by ALPHV, a group known for ransomware-as-a-service and data breach attacks. Initially reported on by VentureBeat on July 11, 2022, a ransomware group known as ALPHV is claiming to have successfully ransomed Bandai Namco. The company is responsible for publishing a wealth of video game franchises, including the critically acclaimed Dark Souls series, Soulcaliber, and Ace Combat.
READ THE STORY: Shacknews
‘Nobody is holding them back’ — North Korean cyber-attack threat rises
FROM THE MEDIA: North Korea-backed cyberattacks on cryptocurrency and tech firms will only become more sophisticated over time as the country battles prolonged economic sanctions and resource shortages. Former CIA analyst Soo Kim told CNN on Sunday that the process of generating overseas crypto income for the regime has now become a “way of life” for the North Koreans: “In light of the challenges that the regime is facing — food shortages, fewer countries willing to engage with North Korea [...] this is just going to be something that they will continue to use because nobody is holding them back, essentially.”
READ THE STORY: CoinTelegraph
French MVNO left crippled by ransomware attack
FROM THE MEDIA: On July 4th, MVNO LPA was hit with a major ransomware attack, severely limiting the company’s administrative and management capabilities. Today, one week later, the company’s website is still down, instead replaced with an explanation of the cyber-attack. “As soon as we became aware of this incident, we took the necessary protective measures by immediately suspending the computer systems concerned. This protective action has led us to temporarily close our website and our customer area,” explained the company in a statement.
READ THE STORY: Total Tele
Cloud-based Cryptocurrency Miners Targeting GitHub Actions and Azure VMs
FROM THE MEDIA: GitHub Actions and Azure virtual machines (VMs) are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes. "Attackers can abuse the runners or servers provided by GitHub to run an organization's pipelines and automation by maliciously downloading and installing their own cryptocurrency miners to gain profit easily," Trend Micro researcher Magno Logan said in a report last week.
READ THE STORY: THN
Fake Google Software Updates Spread New Ransomware
FROM THE MEDIA: Threat actors are increasingly using fake Microsoft and Google software updates to try to sneak malware on target systems. The latest example is "HavanaCrypt," a new ransomware tool that researchers from Trend Micro recently discovered in the wild disguised as a Google Software Update application. The malware's command and-control (C2) server is hosted on a Microsoft Web hosting IP address, which is somewhat uncommon for ransomware, according to Trend Micro.
READ THE STORY: DarkReading
Free Decryptors Released for AstraLocker Ransomware
FROM THE MEDIA: Initially spotted in 2021, AstraLocker is a fork of Babuk ransomware, which had its source code leaked online in September 2021. A second major version of AstraLocker made an appearance in March 2022. What made this ransomware stand out in the crowd was the use of a "smash-and-grab" attack technique, where the malicious payload was dropped directly from email attachments, without the typical intermediate steps and without any pre-attack reconnaissance. The attackers used Microsoft Word documents as lures, with the ransomware embedded as an OLE object, and asked potential victims to make multiple additional clicks to activate the malware.
READ THE STORY: Security Week
Rogers internet outage in Canada occurs on same day Cyber Polygon was originally supposed to take place
FROM THE MEDIA: A massive internet outage in Canada occurs on the same day the Russian-based, WEF-backed annual cybersecurity training exercise Cyber Polygon was originally supposed to take place. Cyber Polygon 2022 was originally slated for July 8, but was postponed on May 25, and a new date still hasn’t been set. uly 8, 2022 was also the date that Canadian telecoms giant Rogers experienced a major network outage that “disrupted nearly every aspect of daily life, cutting banking, transport and government access for millions, and hitting the country’s cashless payments system and Air Canada’s call center,” according to Reuters.
READ THE STORY: Sociable
A poorly protected Elasticsearch database
FROM THE MEDIA: Allegedly led to the theft in May of data on 23 million users of the Mangatoon comic reading platform. The Bleeping Computer news service said a well-known hacker who uses the name pompompurin claims they were able to copy that database because the password was the word …. password. Who created that database isn’t known. It had the usernames — which may not be the real names — of subscribers, plus their email addresses, auth tokens for social media accounts and hashed passwords. Those tokens might allow an attacker to take over a social media account. So Mangatoon subscribers should consider changing their social media passwords as well as their Mangatoon passwords.
READ THE STORY: IT World Cananda
FBI Warns of New Cyber Threat To Clients
FROM THE MEDIA: While the Internet offers a convenient means of communication, it also exposes every individual and business organization to an alarming variety of potential criminal activity. The confidential data and financial security of every substantial business, private organization, and government entity is under a persistent and relentless attack by cyber criminals searching for vulnerabilities in their most essential business systems. These criminals use sophisticated tools to find technical flaws in an organization’s computer system. They also test every employee with access to a computer with ingenious deceptions seeking passwords or other entry points to business computer systems. On June 1, 2022, the FBI and other federal agencies issued a Cybersecurity Advisory regarding the most recent threat, organized by a criminal group known at the Karakurt Data Extortion Group (Karakurt).
READ THE STORY: Law
China assigns APT actors to initiate revenge attacks for the Shanghai police data leak
FROM THE MEDIA: As per a series of conversations intercepted by Sectrio’s threat research team from various forums, China is learned to have identified Beijing-based APT 41 and Haikou, Hainan-based APT 40 as nodal cyber offense teams to initiate revenge attacks against many countries. Through these attacks, China may try to gain control over the narrative that has emerged in wake of the recent revelation of a large data breach that has impacted over a billion Chinese citizens. These attacks may primarily be aimed against countries with whom China has had an uneasy relationship in the past. It could also include a few other countries to enhance the magnitude of the breach and to bring in an element of plausible deniability.
READ THE STORY: Security Boulevard
U.S. Authorities Brace for Russian Interference in Midterms
FROM THE MEDIA: While millions have been captivated by the dramatic testimony in the congressional hearings into the Jan. 6, 2021, insurrection in Washington, D.C., Western officials are looking ahead to how threats to democratic processes, particularly elections, may unfold in advance of the 2022 midterm elections.
In particular, officials from the Department of Homeland Security (DHS) have issued warnings that Russia is seeking to exploit real or perceived election irregularities to sow doubts about the legitimacy of democratic systems. According to media reports, such efforts may include small-scale hacks of local election authorities, designed to draw notice, and then the exploitation of the discovery of those cyber intrusions to raise doubts about the legitimacy of election results. Such tactics will complement and amplify conspiracy theories, promoted by former President Donald Trump and his followers, that "the system is rigged" and unfair.
READ THE STORY: Newsweek
The US Plan to Turn Israel’s Tech Industry Against China Is Working
FROM THE MEDIA: On July 13, Joe Biden makes his first presidential visit to Israel. The country doesn’t see eye to eye with the US on a number of crucial foreign policy issues, such as the Biden administration’s attempts to revive the Iran nuclear deal or its tough stance on Russia over the war in Ukraine. But the trip could give Biden a chance to highlight real progress in another geopolitical arena: the US rivalry with China over advanced technologies.
A long-running US effort to steer Israel’s tech industry away from China had yielded only patchy results, but now it seems to be working. Ties between Israel’s tech sector and China have eroded in recent years, threatening to cut off a key remaining option for Beijing to access strategically important technology.
READ THE STORY: Bloomberg
China’s deep space radar may have military uses
FROM THE MEDIA: China has started building what it calls “the world's most far-reaching radar” in the country’s southwest - a facility that could also have a military purpose, an analyst warned. Chinese broadcaster CGTN said the new high-definition deep-space active observation facility code-named "China Fuyan," or “Facetted Eye” for its resemblance to an insect’s eye, is being built in Chongqing Municipality. The radar system would help “better safeguard Earth” by boosting “the country's defense capabilities against near-Earth asteroids as well as its sensing capability for the Earth-Moon system,” the state-run broadcaster said.
READ THE STORY: Radio Free Asia
India keeps Chinese firms away from telecom equipment market
FROM THE MEDIA: The Indian government on Monday ordered telecom businesses to only purchase devices from "trusted sources" for network expansion or upgrades, dealing a severe blow to Chinese telecom equipment manufacturers. A statement tightening the rules for telecom licences was released on Monday by the Department of Telecommunications (DoT). The action is intended to stop Chinese suppliers like Huawei and ZTE from giving Indian telecom carriers equipment for the impending 5G services.
READ THE STORY: WION
AI-powered tech for soldiers to keep Chinese at bay along the LAC
FROM THE MEDIA: Aimed at tackling the language barrier while dealing with China's People's Liberation Army, the Indian Army will have an Artificial Intelligence device to decipher Mandarin into English to be deployed along the Line of Control. The device has been tested along the Northern borders. As per the company, work is underway to develop the technology that will enable Mandarin translation to Hindi. Experts are of the view that the technology would help in avoiding misunderstandings that are witnessed near border outposts. It will also lead to better resolution of confrontations arising from ground zero developments. CogKnit, a startup founded by technocrat Anuroop Iyengar, has been developing the device that recognizes the Mandarin voice and translates it into English. "The device can recognize voices at a distance of 5 feet. It will assist during border personnel meetings and in times of any standoffs for better communication," Iyengar said.
READ THE STORY: NewsAble
Cyber attacks from across border on the rise: Here’s how India aims to protect key infrastructure
FROM THE MEDIA: India faced over 2.12 lakh cybersecurity incidents in January-February 2022 alone. In the year 2021, there were more than 14.02 lakh incidents recorded by Indian Computer Emergency Response Team (CERT-In). Here are some more numbers to understand the problem. In the first 3 months of 2022, the country saw over 1.8 crore cyber attacks and threats, as per a report from cybersecurity firm Norton. This comes down to around 200,000 attacks every day. As per IBM`s X-Force Threat Intelligence team, India is among the top 3 countries in Asia to experience most server access and ransomware attacks in 2021.
READ THE STORY: DNA INDIA
Marriott Confirms Data Breach at Maryland Hotel
FROM THE MEDIA: Marriott International recently confirmed a data breach involving a single hotel property near Baltimore/Washington International Airport in Maryland. The breach, which is the third in four years for the hotel giant, occurred last month. "Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate's computer," Marriott spokesperson Melissa Froehlich Flood said in a statement to TechCrunch. "The threat actor did not gain access to Marriott’s core network."
READ THE STORY: Travel Pulse
'Luna Moth' Group Ransoms Data Without the Ransomware
FROM THE MEDIA: A little social engineering and commercially available remote administration tools (RATs) and other software are all the new Luna Moth ransom group has needed to infiltrate victims' systems and extort payments. The threat group is essentially pulling off ransom attacks without the ransomware, according to researchers at Sygnia, who today published their findings on Luna Moth.
READ THE STORY: DarkReading
Microsoft confirms VBA macro backtrack is only "temporary"
FROM THE MEDIA: Microsoft has said its reported unblocking of VBA macros for Office documents is only a temporary measure and they will be blocked again soon by default. Security experts were quick to criticize Microsoft after the news broke last week that it would be reversing the change it announced in February, one that was greeted overwhelmingly positively at the time. In a Friday update to the company’s original announcement blog post, Microsoft explained that the rollback of the default VBA macro block was a temporary measure taken while it makes changes to increase usability.
READ THE STORY: ITpro
Hackers can unlock Honda cars remotely in Rolling-PWN attacks
FROM THE MEDIA: A team of security researchers found that several modern Honda car models have a vulnerable rolling code mechanism that allows unlocking the cars or even starting the engine remotely. Called Rolling-PWN, the weakness enables replay attacks where a threat actor intercepts the codes from the keyfob to the car and uses them to unlock or start the vehicle.
READ THE STORY: Bleeping Computer
‘Dirty dancing’ in OAuth: Researcher discloses how cyber-attacks can lead to account hijacking
FROM THE MEDIA: It is possible to perform single-click account hijacking by abusing the OAuth process flow, a security researcher has found. OAuth, also known as Open Authentication, is a framework for managing identities and securing online areas across third-party services. Rather than leverage an account username and password combination, for example, service providers can utilize OAuth to provide temporary and secure access tokens. However, in some scenarios, attackers can abuse OAuth implementations to steal these tokens and perform one-click account hijacking.
READ THE STORY: PortSwigger
Items of interest
Twitter sues Musk for terminating $64 billion acquisition deal
FROM THE MEDIA: Twitter co-CEO Bret Taylor has responded on the social media platform and said Twitter will pursue legal action to ensure the deal goes ahead, according to ABC Australia.
"The Twitter Board is committed to closing the transaction on the price and terms agreed upon with Mr. Musk and plans to pursue legal action to enforce the merger agreement. We are confident we will prevail in the Delaware Court of Chancery."
Musk is known for his polarizing online persona, and his tweets often generated controversies. His reputation precedes him, boasting more than 100 million followers, and engages with his followers on politics, talks business openly, and embraces the internet's meme culture.
However, there are dire consequences terminating the deal. For example, ABC Australia reported on Friday, shares of Twitter fell 5% to $US36.81, below the US$54.20 that Musk had offered to share.
Shares of Tesla climbed 2.5% to US$752.29.
What happens next
According to a filing with the SEC on 25 April, the deal requires Musk to pay Twitter a US$1 billion fee if he decides to cancel the buyout.
Of course, given Musk's estimated net worth, US$1 billion is just a walk in the park. Cancelling the deal won't be as easy as pouring large amounts of money. According to USA Today, Twitter may force Musk to complete the deal, citing analysis of legal observers.
Musk's lawyers have argued that the prevalence of bots on the social media platform is "fundamental to Twitter's business and financial performance."
Last 9 June, CommsWire reported that Musk questioned the number of bots and demanded to do his own verification, saying that he refuses to believe in Twitter's lax methodologies.
READ THE STORY: ITwire
Weaponizing Corporate Intel (Video)
FROM THE MEDIA: Strategically targeting a corporation requires deep knowledge of their technologies and employees. Successfully compromising an organization can depend on the quality of reconnaissance a tester performs up front. Often times testers only resort to using publicly available tools which can overlook critical assets.
A Surprise Encounter With A Telco APT(Video)
FROM THE MEDIA: In 2005 an incredible story called the ‘Athens Affair’ exposed an advanced telco hack obviously carried out by a state actor. The sophistication of the attack came as a huge surprise in a pre-Snowden world. To this day the case was never solved, even though it involved phone tapping of government officials and resulted in the suspicious death of a key witness. Whoever did this was never heard from again. Until now.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com