Daily Drop (216)
Ukrainian SSU Shut Down Russian Bot Farm Spreading Disinformation
FROM THE MEDIA: The Ukrainian Cyber Police (SSU) recently shut down one of several massive Pro-Russian operated bot farms within the country. Stating the obvious, the farm was set up to spread disinformation, propaganda, and fake news about the ongoing war. According to the SSU and more specifically, the bot farm was created by Pro-Russian supporters to “discredit Ukraine’s leadership”, as well as to destabilise its social and political situation. As to the farm’s whereabouts, it was discovered to have been operating in secret within the capital of Kyiv, Kharkiv, and Vinnytsia.
READ THE STORY: LOWYAT
North Korean hackers plagiarizing LinkedIn and Indeed resumes to seek jobs at digital assets firms: report
FROM THE MEDIA: A new study carried out by cyber threat defense solutions provider Mandiant Inc. has found that North Korean hackers have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed in an elaborate jobs scam targeted at digital asset firms. Mandiant found that the objective of the hackers is to gather intelligence about these firms’ upcoming trends and gain access to their internal operations, according to a Bloomberg report. The hackers reportedly plagiarize details they find on legitimate profiles on LinkedIn and Indeed.
READ THE STORY: Coingeek
Twitter breach exposes anonymous accounts to nation state hackers
FROM THE MEDIA: Twitter confirmed Friday that a bad actor used a vulnerability to match private information with potentially anonymous Twitter accounts, posing risks to users privacy. The vulnerability allowed someone to match an email or phone number to any Twitter accounts tied to that information and the name of the accounts, Twitter wrote in a press blog. “We can confirm the impact was global,” a Twitter spokesperson said in an email. “We cannot determine exactly how many accounts were impacted or the location of the account holders.”
READ THE STORY: CyberScoop
Alleged Russian Cryptocurrency Money Launderer Extradited to United States
FROM THE MEDIA: The alleged operator of the illicit cryptocurrency exchange BTC-e was extradited yesterday from Greece to the United States to face charges in the Northern District of California. “After more than five years of litigation, Russian national Alexander Vinnik was extradited to the United States yesterday to be held accountable for operating BTC-e, a criminal cryptocurrency exchange, which laundered more than $4 billion of criminal proceeds,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division.
READ THE STORY: DoJ
Russian Global Info Warfare Carries Out Mass Attack on Ukraine’s Interests
FROM THE MEDIA: U.S. and European officials are now talking publicly about Russia’s election meddling in Western countries, as well as Russia’s penetration of the media through assorted tactics that promote the Kremlin’s narrative on the war in Ukraine. There is, however, another side to Russia’s active measures that must be confronted. We need to learn the lessons of both Putin’s invasion of Ukraine in 2014 and intervention in the Gulf Crisis of 2017 as, while the connection is poorly understood, they demonstrate the power of disinformation to advance the regime’s geopolitical objectives.
READ THE STORY: KyivPost
Water And Wastewater Systems Should Take Action Against Cyber Attacks
FROM THE MEDIA: The National Rural Water Association is encouraging water and wastewater utilities of all sizes to tighten cyber security. Both water and wastewater systems are considered National Critical Functions or a lifeline and therefore a necessity to all. A security breach could cause issues ranging from economic to public health. The Cybersecurity and Infrastructure Security Agency (WaterISAC) is focused on the effect of large water system outages but the association warns that a cyber-attack at a smaller system can be just as damaging to the people and economy in those communities.
READ THE STORY: WVPUBLIC
Anonymous Source Leaks 4TB of Cellebrite Data After Cyberattack
FROM THE MEDIA: An anonymous source has leaked around 4TB of proprietary data belonging to Israeli digital intelligence firm, Cellebrite. The affected products are the company’s flagship product, Cellebrite Mobilogy, and the Cellebrite Team Foundation server. It is worth noting that as of now, the leaked data is only available to researchers and journalists by requesting Distributed Denial of Secrets (DDoSecrets), a non-profit whistleblower organization. The trove of data comes in two parts including Cellebrite Mobilogy and Cellebrite Team Foundation Server.
READ THE STORY: HackRead
Here’s How The Precursor Protects your Privacy
FROM THE MEDIA: At some point, you will find yourself asking – is my device actually running the code I expect it to? [bunnie] aka [Andrew Huang] is passionate about making devices you can fundamentally, deeply trust, and his latest passion project is the Precursor communicator. At the heart of it is an FPGA, and Precursor’s CPU is created out of the gates of that FPGA. This and a myriad of other design decisions make the Precursor fundamentally hard to backdoor, and you don’t have to take [bunnie]’s word for it — he’s made an entire video going through the architecture, boot protections and guarantees of the Precursor, teaching us what goes into a secure device that’s also practical to use.
READ THE STORY: HackaDay
Hackers are actively exploiting password-stealing flaw in Zimbra
FROM THE MEDIA: The Cybersecurity and Infrastructure Security Agency (CISA) has added the Zimbra CVE-2022-27824 flaw to its 'Known Exploited Vulnerabilities Catalog,' indicating that it is actively exploited in attacks by hackers. This high-severity vulnerability allows an unauthenticated attacker to steal email account credentials in cleartext form from Zimbra Collaboration instances without user interaction. In short, a hacker can perform Memcache poisoning via CRLF injection and trick the software into forwarding all IMAP traffic to the attacker when legitimate users attempt to log in.
READ THE STORY: BleepingComputer
Twitter confirms a bug was exploited
FROM THE MEDIA: Twitter confirmed on Friday that a bad actor gained access to personal information through a vulnerability discovered by the social media giant earlier this year. Meanwhile, Meta said it took down a Russian troll farm that tried to prop up support for the country’s invasion into Ukraine. Twitter announced on Friday that a hacker exploited a bug in its system and was offering to sell personal data they had obtained. The bug in question allowed an individual to submit an email address or a phone number and learn which specific account was associated with the information entered.
READ THE STORY: The Hill
Chinese malware hides in App Store apps for macOS
FROM THE MEDIA: A Chinese publisher has managed to deceive the vigilance of Apple, which has accepted malicious applications on the App Store for macOS. Apple puts a lot of its communication on the security of the App Store, its application store, thus justifying more closed ecosystems than Android or Windows. But even the apple brand is not infallible and can overlook threats. This is according to a report by Alex Kleber, a cybersecurity researcher, who identified several malicious Chinese apps on the macOS App Store.
READ THE STORY: Gear Rice
Chinese Adult Site Leaking 14 Million User Details – and It’s Increasing!
FROM THE MEDIA: Hjedd, an infamous Chinese adult content and NSFW platform has been exposing a treasure trove of user data online since at least July 2022. This was discovered by independent security researcher Anurag Sen who confirmed to Hackread.com that the server is still exposed and publicly accessible without any security authentication or password. For your information, a database or server exposed without security authentication means anyone with a slight bit of knowledge about finding unsecured databases on Shodan and other such platforms can have complete access to Hjedd’s user data.
READ THE STORY: HackRead
Cyberattack on Albanian government suggests new Iranian aggression
FROM THE MEDIA: In mid-July, a cyberattack on the Albanian government knocked out state websites and public services for hours. With Russia’s war raging in Ukraine, the Kremlin might seem like the likeliest suspect. But research published on Thursday by the threat intelligence firm Mandiant attributes the attack to Iran. And while Tehran’s espionage operations and digital meddling have shown up all over the world, Mandiant researchers say that a disruptive attack from Iran on a NATO member is a noteworthy escalation.
READ THE STORY: ArsTechnica
ESP32 Powers Covert PENTESTING Device
FROM THE MEDIA: Looking to expand their hardware design experience, [mentalburden] recently put together a low-cost handheld gadget that can be used for various security-related tasks such as logging WiFi traffic, operating as a dead drop, and performing deauthentication attacks. The custom PCB plays host to the essentials — an ESP32-S microcontroller, AMS1117 3.3 V regulator, a SSD1306 OLED, and a couple of buttons. This lets the user navigate through a simple menu system and select whatever function they wish to enable. During testing, a pair of 18650 cells kept the electronics running for an impressive 22 hours.
READ THE STORY: Hack a Day
326K Aetna members involved in mailing vendor ransomware fallout
FROM THE MEDIA: Connecticut-based Aetna ACE recently notified 326,278 plan members that their data was possibly accessed during a ransomware attack against their printing and mailing vendor OneTouchPoint. OTP previously informed 30 health plans of the impact to their patient data, but Aetna was not included on that list. Reported to the Maine Attorney General in late July, the OTP notice shows 1.07 million patients were notified of a ransomware-related incident first detected on April 28. An investigation into the scope of the incident determined a threat actor first accessed certain servers a day before deploying the ransomware.
READ THE STORY: SCMAG
Microsoft Adds Threat Intelligence, Proactive Hunting to Defender
FROM THE MEDIA: Microsoft is expanding its threat protection capabilities with the launch of three additions to its Defender portfolio. The new threat intelligence tools, launched this week, come as Microsoft is persuading partners to provide more security services. During last month’s Microsoft Inspire conference, officials emphasized that partners should offer Microsoft’s various security offerings for all their cybersecurity requirements. The company has stated that security products have become a $15 billion business and growing at a 40% rate.
READ THE STORY: Channel Futures
“Hi, I'll be your ransomware negotiator today – but don't tell the crooks that”
FROM THE MEDIA: The first rule of being a ransomware negotiator is that you don't admit you're a ransomware negotiator — at least not to LockBit or another cybercrime gang. Instead, these negotiators portray themselves as simply company representatives, said Drew Schmitt, a professional ransomware negotiator and principal threat analyst at cybersecurity firm GuidePoint Security. "The biggest reason is because most ransomware groups specifically and explicitly say: 'We don't want to work with a negotiator. If you do bring a negotiator to the table, we're just going to post your stuff anyway,'" Schmitt told The Register. Hence the need to masquerade as a regular employee.
READ THE STORY: The Register
Semikron Announces Potential Data Breach Following Ransomware Attack
FROM THE MEDIA: On August 1, 2022, Semikron reported a possible data breach stemming from what appears to be a ransomware attack. While the company’s investigation is still ongoing and the exact information that was leaked as a result of the incident has not yet been determined, the German Federal Office for Information Security reports that the ransomware attackers are threatening to leak up to 2 TB of data to the dark web. On August 4, 2022, Semikron posted an update on the company’s website, promising to notify all affected parties when its investigation concludes.
READ THE STORY: JDSUPRA
‘They completely ignored us’: More doctors claim stonewalling by Eye Care Leaders during breach
FROM THE MEDIA: Unresponsive. Completely ignored. Misleading. Breached contracts. In a highly regulated industry like healthcare, these are not words one would expect to hear about a vendor tasked with hosting the electronic medical records of small providers and their related patient data. But in the wake of the coverage detailing a number of cited violations against Eye Care Leaders stemming from multiple, allegedly concealed ransomware attacks in 2021, numerous providers reached out to SC Media eager to share their own experiences with ECL, hoping to get help dealing with what they said feels like an inescapable situation.
READ THE STORY: SCMAG
A Descendant of the Mirai botnet malware
FROM THE MEDIA: Fortinet's FortiGuard Labs has been tracking RapperBot, which it describes as a "rapidly evolving IoT malware family" since mid-June. The researchers published an update on the current state of the malware, which makes heavy use of old Mirai botnet source code. RapperBot departs from its ancestor in its "built-in capability to brute force credentials and gain access to SSH servers." (Mirai had exploited Telnet.) Indeed, the brute-force capability seems to be RapperBot's core functionality, as it has only limited potential as a distributed denial-of-service (DDoS) tool.
READ THE STORY: The CyberWire
Hackers Exploit Messaging Apps To Distribute Malware and Store Stolen Data
FROM THE MEDIA: Intel 417 researchers discovered cybercriminals exploiting popular messaging apps to distribute malware and steal and store data. Messaging platforms such as Discord and Telegram can interact with active content, allowing users to create programs. These programs allow users to automate tasks such as moderating a messaging channel and sending messages using bots or providing additional functionality such as games. However, cybercriminals have discovered methods to exploit these features to execute actions allowing them to steal data from users and spread malware.
READ THE STORY: CPOMAG
Linux BOTNET Targets Weak SSH Server Credentials
FROM THE MEDIA: A new botnet has been observed targeting Linux devices by launching brute-forcing attacks on weak or default credentials in order to gain access to SSH servers. Researchers said the botnet’s persistence features and limited distributed denial-of-service (DDoS) capabilities both set it apart from other IoT malware families and also make its primary motivations a mystery. The malware, named “RapperBot” by researchers due to a URL to YouTube rap music video found embedded in older samples, has rapidly evolved in its capabilities since it was first discovered in mid-June.
READ THE STORY: DUO
Punk Subcultures Used the Internet for Collective Good. Now, an NFT Project Called ‘CryptoPunk’ Undermines This Legacy
FROM THE MEDIA: At some point during the recent rise of “Web3’s” biggest protagonists – cryptocurrency and NFT – a project hailed as the most important one in the NFT landscape yet begun to make the rounds. It goes by the name “CryptoPunk,” which sounds like an underground movement that seems to beckon the subversive among us who can afford to take part. But the surface appeal of CryptoPunk borrows all of its aesthetic from the traditions of cyberpunk but none of their ethos.
READ THE STORY: The Swaddle
Meta Quieter On Election Misinformation As Midterms Loom
FROM THE MEDIA: Facebook owner Meta is quietly curtailing some of the safeguards designed to thwart voting misinformation or foreign interference in U.S. elections as the November midterm vote approaches. It's a sharp departure from the social media giant's multibillion-dollar efforts to enhance the accuracy of posts about U.S. elections and regain trust from lawmakers and the public after their outrage over learning the company had exploited people’s data and allowed falsehoods to overrun its site during the 2016 campaign.
READ THE STORY: Newsy
Meta shuts Pak hackers targeting Indian officials via honey trapping, malware
FROM THE MEDIA: Meta (formerly Facebook) has cracked down on a cyber espionage operation linked to state-sponsored bad actors in Pakistan that targeted people in India, including military personnel and government officials, with various methods like honey trapping and infiltrating their devices with malware.
Apart from India, the group of hackers in Pakistan -- known in the security industry as APT36 -- targeted people in Afghanistan, Pakistan, the UAE and Saudi Arabia, according to Meta's quarterly 'Adversarial Threat Report'.
READ THE STORY: OdishaTV
Items of interest
Solana-hacked crypto could be claimed as a tax loss
FROM THE MEDIA: For unlucky crypto investors looking to turn lemons into lemonade — it turns out that digital assets lost during an exploit or hack can potentially be claimed as a tax loss, provided you live in the right country, experts told Cointelegraph.
Following the news that more than 8,000 Solana wallets had been compromised and that an estimated $8 million dollars in crypto had been stolen due to a security breach in Web3 wallet provider Slope’s network, this may be some much-needed consolation.
In correspondence with Cointelegraph, Shane Brunette, the CEO of Australia-based CryptoTaxCalculator confirmed that crypto lost via a hack or an exploit could be declared as a loss for tax purposes in certain jurisdictions.
“This means the original amount you paid for the asset(s) can be used to offset other capital gains.”
When asked whether there are similar provisions in other tax jurisdictions other than Australia, the country in which the tax software provider is based, Brunette, replied:
“Many countries have a provision to allow for these types of tax deductions […] however, you should work closely with a local tax professional and make sure you keep adequate proof of the loss.”
Danny Talwar, head of tax at Koinly confirmed the same with Cointelegraph, stressing however that in Australia, one must demonstrate evidence that the crypto lost was under their control at the time it was stolen.
READ THE STORY: CoinTelegraph
Britney Spears - Toxic (on Devices feat. Epilator) (Video)
FROM THE MEDIA: Britney Spears' Toxic, played by eight electric devices: an epilator, 2 toothbrushes, 3 credit card machines, and 2 typewriters. For this video, I used my new macro lens. The lens allows me to shoot better close-ups.
WE WORK. The Rise & Fall. A True Cybercrime Story(Video)
FROM THE MEDIA: This is the True Cybercrime Story of the Rise & Fall of WEWORK in this episode of Cybercrime Junkies.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at email@example.com