Daily Drop (211)
Australian Hacker Charged with Creating, Selling Spyware to Cyber Criminals
FROM THE MEDIA: A 24-year-old Australian national has been charged for his purported role in the creation and sale of spyware for use by domestic violence perpetrators and child sex offenders. Jacob Wayne John Keen, who currently resides at Frankston, Melbourne, is said to have created the remote access trojan (RAT) when he was 15, in addition to working as the administrator for the tool from 2013 until its shutdown in 2019 by the authorities. "The Frankston man engaged with a network of individuals and sold the spyware, named Imminent Monitor (IM), to more than 14,500 individuals across 128 countries," the Australian Federal Police (AFP) alleged in a press release over the weekend.
READ THE STORY: THN
A flaw in Dahua IP Cameras allows full take over of the devices
FROM THE MEDIA: The CVE-2022-30563 vulnerability impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The issue affects Dahua’s implementation of the Open Network Video Interface Forum (ONVIF). ONVIF provides and promotes standardized interfaces for effective interoperability of IP-based physical security products. The vulnerability was discovered by researchers from Nozomi Networks and received a CVSS score of 7.4.
“We’re publishing the details of a new vulnerability (tracked under CVE-2022-30563) affecting the implementation of the Open Network Video Interface Forum (ONVIF) WS-UsernameToken authentication mechanism in some IP cameras developed by Dahua, a very popular manufacturer of IP-based surveillance solutions.” reads the advisory published by Nozomi Networks. “This vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying the credentials in a new request towards the camera.”
READ THE STORY: SecurityAffairs
Gootkit Loader Resurfaces with Updated Tactic to Compromise Targeted Computers
FROM THE MEDIA: The operators of the Gootkit access-as-a-service (AaaS) malware have resurfaced with updated techniques to compromise unsuspecting victims. "In the past, Gootkit used freeware installers to mask malicious files; now it uses legal documents to trick users into downloading these files," Trend Micro researchers Buddy Tancio and Jed Valderama said in a write-up last week. The findings build on a previous report from eSentire, which disclosed in January of widespread attacks aimed at employees of accounting and law firms to deploy malware on infected systems.
READ THE STORY: THN
India: Digital loan sharks turn to VPNs to evade police
Analyst Notes: Remember VPN’s have logs - and not all VPN’s are the same. Don’t get relaxed with a false sense of security.
FROM THE MEDIA: Digital loan sharks are masking their identity behind virtual private networks (VPN) to evade police crackdown after several clients committed suicide after being pushed to the brink by their horrific blackmail and harassment tactics to cough up dues. In several cases, police hit a dead end while putting loan app recovery agents under call surveillance even as victims claimed the callers would threaten them in Hindi or broken English. While tracking IP addresses, cyber cell cops found the calls originating from obscure places overseas.
READ THE STORY: Times Of India
China's tech giants Huawei, ZTE face global setback due to security threats
FROM THE MEDIA: China's telecommunication titan Huawei Technologies has seen the toughest times in its international business in the last few years after the company's alleged involvement with the Chinese government sparked protests in many countries due to security threats.
Huawei's controversial involvement with the People's Liberation Army (PLA) and security agencies sparked protests, especially in those countries which are either capable of independently upgrading their telecommunication infrastructure, or are close allies of the former, the European Times reported.
READ THE STORY: ET India Times
North Korean hackers stole more than $1 billion in cryptocurrencies
FROM THE MEDIA: North Korean hacker group Lazarus is one of the most successful thieves in the world. An analysis of their activities now shows that they are very likely to loot more than $1 billion for the regime this year. That comes from a CryptoMonday Report. The cryptocurrency platform CryptoMonday has analyzed the recently known cyber attacks associated with the theft of cryptocurrencies. It turned out that the group of North Korean hackers alone will be responsible for the theft of more than $1 billion this year – although the damage could end up being much higher. According to experts, the Lazarus group is commanded by the Reconnaissance General Bureau, which is part of North Korea’s military intelligence.
READ THE STORY: RS
War Over Food, Energy, not Nuclear Proliferation, Is ‘the Greatest Possibility,’ Security Expert Norman Roule Tells TML
FROM THE MEDIA: Norman T. Roule, the CEO of Pharos Strategic Consulting, works as a business consultant on Middle East political, security, economic, and energy issues with an emphasis on the Gulf Cooperation Council states and Iran. He served for 34 years in the US Central Intelligence Agency, managing significant programs relating to the Middle East. His service in the CIA’s Directorate of Operations included roles as division chief and chief of station.
READ THE STORY: The Media Line
US Federal Communications Commission (FCC) warns of the rise of smishing attacks
FROM THE MEDIA: The Federal Communications Commission (FCC) issued an alert to warn Americans of the rising threat of smishing (robotexts) attacks aimed at stealing their personal information or for financial scams. “The FCC’s Robocall Response Team is alerting consumers to the rising threat of robotexts. Substantial increases in consumer complaints to the FCC, reports by non-government robocall and robotext blocking services, and anecdotal and news reporting make it clear that text messages are increasingly being used by scammers to target American consumers.” reads the alert published by FCC.
READ THE STORY: SecurityAffairs
India: ‘Technology becoming hotbed for human trafficking’
FROM THE MEDIA: Technology has become a hotbed for human trafficking as artificial intelligence is being used to push products and use emotions of people, observed Hasina Kharbhih, a human trafficking crusader. She said that “World Day against Trafficking in Persons” is observed every year in a bid to raise awareness about the ordeal of human trafficking victims but overlooks the new challenges and dimensions of trends and technology. Kharbhih was speaking at a webinar on “use and abuse of technology” organized by Centre for Social Research in collaboration with Impulse NGO network on July 30 evening.
READ THE STORY: Eastern Mirror
Thai entities continue to fall prey to cyberattacks and leaks
FROM THE MEDIA: For over one year, DataBreaches.net has highlighted some breaches of ASEAN victims by groups such as ALTDOS and DESORDEN. In addition to those two groups, there are also numerous other leaks and breaches, as DataBreaches noted in our recent post about leaks and breaches in Indonesia. But even while DataBreaches was researching and preparing the post on Indonesia, DESORDEN threat actors continued to announce new victims in Thailand and further headaches for earlier Thai victims who had not paid their demands. And then it appeared things might get even worse.
READ THE STORY: DataBreaches
FBI teaches local contractors about cyber security
FROM THE MEDIA: The FBI met with a group of contractors Saturday at Sandia Resort to teach them about cyber security and how to keep their businesses safe. New Mexico organizations have been the target of a number of attacks, including Albuquerque Public Schools and Bernalillo county earlier this year. The FBI says one of the first things businesses should do is contact them if they’ve been attacked. “If a threat happens, if a cybersecurity threat happens at your business, you need to contact the FBI,” says Special Agent Raul Bujanda. “I’m not saying we should be your first call but we should b your second call.”
READ THE STORY: KRQE
US forges cybersecurity partnership with Ukraine
FROM THE MEDIA: United Press International reports that the U.S. and Ukraine have agreed to strengthen their partnership in combating cybersecurity threats. Under a memorandum of cooperation signed by the U.S. Cybersecurity and Infrastructure Security Agency and the State Service of Special Communications and Information Protection of Ukraine, both countries will engage in cyber incident, critical infrastructure security, and best practices information sharing, as well as joint cybersecurity training sessions, amid the ongoing war between Russia and Ukraine.
READ THE STORY: SCMAG
Jokers in the pack: Supply snarls and climate change
FROM THE MEDIA: A deck of playing cards usually has 52 cards, plus two cards with jokers illustrated on them. If we assume that the current state of the economy is like a deck of cards, as its post-pandemic recovery shuffles and reshuffles the status quo, then the broken supply chain and climate change imperatives resemble the two jokers in the pack. Both issues will force a hard re-evaluation of economic structures and processes that the world has taken for granted over the past three decades.
READ THE STORY: MINT
China's Alibaba strives to keep New York listing amid audit dispute
FROM THE MEDIA: Alibaba Group Holding Ltd on Monday said it would work to maintain its New York Stock Exchange listing alongside its Hong Kong listing after the Chinese e-commerce giant was placed on a delisting watchlist by US authorities.
Alibaba stock was down 4.5% in a near-flat Hong Kong market in early trade, following its 11.1% decline in New York on Friday. The company on Friday became the latest of more than 270 firms to be added to the US Securities and Exchange Commission's list of Chinese companies that might be delisted for not meeting auditing requirements.
READ THE STORY: ET India Times
The China Link: How An Intel Agency's Report, Letter from MHA Triggered Ban on Popular Game BGMI
FROM THE MEDIA: It was a report by a central intelligence agency and communication from the Ministry of Home Affairs (MHA) to the Ministry of Electronics and Information Technology (Meity) that triggered a ban on popular battle royale game Battlegrounds Mobile India (BGMI). The report talked about violations that can create cyber threats by harvesting user data for profiling to carry out targeted cyber-attacks on Indian users. According to a senior government official, the app has various issues but most importantly, it is communicating with servers directly or indirectly located in China. Sources also confirmed that other apps which have “rebranded" are also communicating with servers in China and are under scrutiny.
READ THE STORY: News 18
US Senator ask Google and Apple CEO about their app stores’ safeguards against fake crypto app
FROM THE MEDIA: A U.S. Senator has sent letters to the chief executive officers of Apple and Google demanding to know what measures the companies have against fake crypto apps. The inquiry came after the Federal Bureau of Investigation released a report stating that American investors lost more than $40 million due to fake apps downloaded from the app stores of both firms.
Senator Sherrod Brown sent letters to Alphabet and Google CEO Sundar Pichai and Apple CEO Tim Cook asking about their measure against fake crypto apps. Brown, who is also the chairman of the Senate Committee on Banking, Housing, and Urban Affairs, wrote that it is imperative for app stores to have safeguards to prevent “fraudulent mobile application activity.”
READ THE STORY: TokenPost
Who is APT41?
FROM THE MEDIA: Cyber attacks from China have become a major problem for U.S. institutions and companies. One recent incident — an attack in March on six U.S. state governments carried out by a group of organized civilians — shows how the threat is coming not just from state-backed operatives from the People’s Liberation Army or Ministry of State Security (MSS). Hackers targeted the six states through a vulnerability in a livestock disease-tracking application called USAHEARDS. Analysts have since attributed the attack to Advanced Persistent Threat 41 (APT41), a Chengdu-based criminal hacking syndicate.
READ THE STORY: The Wire China
Items of interest
Researchers Identify a Resilient Trait of Deepfakes That Could Aid Long-Term Detection
FROM THE MEDIA: Since the earliest deepfake detection solutions began to emerge in 2018, the computer vision and security research sector has been seeking to define an essential characteristic of deepfake videos – signals that could prove resistant to improvements in popular facial synthesis technologies (such as autoencoder-based deepfake packages like DeepFaceLab and FaceSwap, and the use of Generative Adversarial Networks to recreate, simulate or alter human faces).
Many of the ‘tells’, such as lack of blinking, were made redundant by improvements in deepfakes, whereas the potential use of digital provenance techniques (such as the Adobe-led Content Authenticity Initiative) – including blockchain approaches and digital watermarking of potential source photos – either require sweeping and expensive changes to the existing body of available source images on the internet, or else would need a notable cooperative effort among nations and governments to create systems of invigilation and authentication.
Therefore it would be very useful if a truly fundamental and resilient trait could be discerned in image and video content that features altered, invented, or identity-swapped human faces; a characteristic that could be inferred directly from falsified videos, without large-scale verification, cryptographic asset hashing, context-checking, plausibility evaluation, artifact-centric detection routines, or other burdensome approaches to deepfake detection.
READ THE STORY: UNITE
China's Race for AI Supremacy (Video)
FROM THE MEDIA: Artificial intelligence is set to revolutionize the world, empowering those nations that fully harness its potential. The U.S. is still seen as the world AI leader, but China is catching up. The race is central to the U.S.-China rivalry and a critical facet of the economic and military competition that will define the decade.
The Digital Threat To Nations (Video)
FROM THE MEDIA: Singapore aims to be a “Smart Nation” but the more it depends on I.T., the more it opens itself to cyber threats. This is the cybersecurity dilemma. Explore global incidents of cyber espionage, disinformation, disruption and pandemics and how they endanger nations.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at firstname.lastname@example.org