Sunday, Aug 07, 2022 // (IG): BB //Sponsor: Zanes Hand Made
US strategic advantage depends upon addressing cybersecurity vulnerabilities of weapon systems
FROM THE MEDIA: Russia’s war with Ukraine is an act of ruthless ambition exemplifying the commitment of President Vladimir Putin to achieve “victory” at all costs. The motions of a hybrid war are in swing, as we witness the fusion of conventional and unconventional tools of conflict on the battlefield. Russian state-backed actors have employed cyber operations to disrupt, degrade, and deny Ukrainian infrastructure, including its power grid, transportation networks, and satellite communications. Encoded in Russian cyber doctrine is the reliance on asymmetric tactics to create parity with, or gain advantage over, adversaries.
READ THE STORY: The Hill
China's Flag Placed On Taiwan Govt Websites By Hackers Amid Tensions Post Pelosi's Visit
FROM THE MEDIA: A new study carried out by cyber threat defense solutions provider Mandiant Inc. has found that North Korean hackers have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed in an elaborate jobs scam targeted at digital asset firms. Mandiant found that the objective of the hackers is to gather intelligence about these firms’ upcoming trends and gain access to their internal operations, according to a Bloomberg report. The hackers reportedly plagiarize details they find on legitimate profiles on LinkedIn and Indeed.
READ THE STORY: Republic World
DuckDuckGo says Hell, Hell, No to those Microsoft trackers after web revolt
FROM THE MEDIA: DuckDuckGo has finally mostly cracked down on the third-party Microsoft tracking scripts that got the alternative search engine into hot water earlier this year. In May, DDG admitted its supposedly pro-privacy mobile browser wasn't blocking certain Microsoft trackers, while actively blocking other types of third-party trackers by Microsoft and other organizations, confirming findings by data-usage researcher Zach Edwards. This special exception for the Windows giant was due to "contractual commitments with Microsoft," DuckDuckGo CEO Gabriel Weinberg said at the time.
READ THE STORY: The Register
Cyber Attack Hits NHS 111 Emergency Line in UK: Telegraph
FROM THE MEDIA: A major cyber attack is delaying response times on the NHS 111 telephone service in the UK that’s used for medical emergencies, the Telegraph reported. The target of the breach was Advanced, which is owned by private equity companies. It supplies software for about 85% of the hotline’s services, according to the paper. The hackers were part of an organized criminal ground, according to an updated version of the report. he company’s Adastra system allows call handlers to dispatch ambulances, book urgent appointments or fulfil emergency prescriptions.
READ THE STORY: Bloomberg // Latestly
Debridge Finance Suspects North Korean Hacking Syndicate Lazarus Group Attacked the Protocol's Team
FROM THE MEDIA: There’s been a great number of attacks against decentralized finance (defi) protocols like cross-chain bridges in 2022. While most of the hackers are unknown, it’s been suspected that the North Korean hacking collective Lazarus Group has been behind a number of defi exploits. In mid-April 2022, the Federal Bureau of Investigation (FBI), the U.S. Treasury Department, and the Cybersecurity and Infrastructure Security Agency (CISA) said Lazarus Group was a threat to the crypto industry and participants.
READ THE STORY: Bitcoin
This is how cybercriminals hide malware: These are the apps most impersonating
FROM THE MEDIA: Cybercriminals take every opportunity to steal money from their victims by adopting all kinds of tricks. Some use malware that tries to infiltrate various devices through trickery abuse of users’ trust. VirusTotal, a malware analysis platform related to Google Cloud and headquartered in Malaga, has published a study on the methods most commonly used by attackers. To check, VirusTotal has analyzed millions of samples of suspected fraudulent software its service detected between 2021 and now 2022.
READ THE STORY: WorldNationNews
Google’s update to replace third party cookies will be pushed back until 2024
FROM THE MEDIA: Google had previously stated that they would get rid of this system of digital advertising by 2022, however the date has been pushed back. Google has decided to hold back on this plan because they need to reevaluate their new privacy testing before getting rid of the existing system. Digital advertising has already taken a major hit from Apple and Facebook’s new privacy features which hiked the prices on digital advertisements. Google feels extremely confident that their alternatives will quench privacy concerns from many users.
READ THE STORY: Forbes
New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack
FROM THE MEDIA: A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022. "This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai," Fortinet FortiGuard Labs said in a report. The malware, which gets its name from an embedded URL to a YouTube rap music video in an earlier version, is said to have amassed a growing collection of compromised SSH servers, with over 3,500 unique IP addresses used to scan and brute-force their way into the servers.
READ THE STORY: THN
India: Army conducts 5-day exercise to test satellites
FROM THE MEDIA: In a five-day-long satellite communication exercise, the Indian Army has tested all of its space-based assets to ensure their operational readiness, sources in the defense establishment said on Friday. The Army has also completed a study on the communication, cyber and electromagnetic effects reported during the ongoing Russia-Ukraine war, they added. The exercise named “Skylight” was conducted from July 25 to July 29, the sources said. The Army is utilizing the services of a number of satellites belonging to the Indian Space Research Organization (ISRO), they noted.
READ THE STORY: Kashmir Reader
Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes
FROM THE MEDIA: Slack announced that it is resetting passwords for about 0.5% of its users after a bug exposed salted password hashes when creating or revoking shared invitation links for workspaces. This issue was reported by an independent security researcher and disclosed to Slack on 17 July 2022. The company states that the bug affected all users who created or revoked shared invitation links between 17 April 2017 and 17 July 2022.
“When a user performed either of these actions, Slack transmitted a hashed version of their password to other workspace members. This hashed password was not visible to any Slack clients; discovering it required actively monitoring encrypted network traffic coming from Slack’s servers.” reads the advisory published by Slack.
READ THE STORY: Security Affairs
Greek intelligence service used surveillance malware to spy on a journalist
FROM THE MEDIA: The revelation comes while media and journalists are making pressure on the government to reveal the use of surveillance software. The committee was called after the leader of the socialist opposition PASOK party, Nikos Androulakis, claimed authorities attempted to install surveillance software on his mobile device. The practice of using surveillance malware to spy on journalists and politicians emerged in several European countries.
“At the July 29 hearing, Panagiotis Kontoleon, chief of the EYP intelligence service, told parliament’s institutions and transparency committee that his service had spied on Thanasis Koukakis, a financial journalist who works for CNN Greece, two lawmakers present at the hearing told Reuters.” reported Reuters.
READ THE STORY: Security Affairs
Israel: Websites of Islamic Jihad, Hamas reportedly hacked among latest round of violence with Israel
FROM THE MEDIA: On Friday afternoon, Israel launched operation “Breaking Dawn” against the Palestinian Islamic Jihad (PIJ), one of the main Palestinian terrorist groups which rejects the notion of the State of Israel and is responsible for countless bloody attacks within its borders. On Thursday, the Islamic Jihad’s website was hacked. While this happened before the operation had officially begun, the situation in the Israeli areas bordering the Gaza strip was already very tense, following the arrest of West Bank PIJ leader by Israeli security forces on Monday. The PIJ website’s homepage was replaced by the world “hacked”. The Jerusalem Post’s Tzvi Joffre reported that shortly after, the site was taken down for maintenance.
READ THE STORY: Israel Defense
Russian ruble now useless as Putin's propaganda torn apart: 'The shelves are empty!' (Poss. propaganda)
FROM THE MEDIA: After President Vladimir Putin sent Russian troops into Ukraine in February, the West hit back with diverse sanctions. Russian banks were barred from SWIFT – the service which facilitates the world's bank transfers and has been described as the arteries for the movement of money around the world. Putin and those close to him were also sanctioned, seeing their assets frozen in the US, UK and Europe among others. But one aspect of the Russian economy had experts questioning whether the sanctions were really working – the ruble.
READ THE STORY: Express
Alex Jones’ $49.3M verdict and the future of misinformation
FROM THE MEDIA: Alex Jones is facing a hefty price tag for his lies about the Sandy Hook Elementary School massacre — $49.3 million in damages, and counting, for claiming the nation’s deadliest school shooting was a hoax — a punishing salvo in a fledgling war on harmful misinformation. But what does this week’s verdict, the first of three Sandy Hook-related cases against Jones to be decided, mean for the larger misinformation ecosystem, a social media-fueled world of election denial, COVID-19 skepticism and other dubious claims that the Infowars conspiracy theorist helped build?
READ THE STORY: ABCNEWS
Kenya Campaign Ends But Disinformation Battle Drags On
FROM THE MEDIA: The campaign for Kenya's presidential election has officially closed but the relentless -- and dangerous -- flow of disinformation continues online, as keyboard warriors battle to discredit rivals by sharing fake rigging claims, experts say. Campaigners for the frontrunners, Deputy President William Ruto and veteran politician Raila Odinga, are circulating dozens of posts claiming that their opponent is engaged in "vote rigging plots", said Benedict Manzin, a sub-Saharan Africa analyst at UK-based intelligence firm Sibylline.
READ THE STORY: Barrons
Taiwan official leading missile production found dead
FROM THE MEDIA: Ou Yang Li-hsing, deputy head of the military-owned National Chung-Shan Institute of Science and Technology, was found dead in a hotel room in southern Taiwan on Saturday morning, CNA reported. It said authorities were looking into the cause of death. Ou Yang was on a business trip to the southern county of Pingtung, CNA said, adding that he had assumed the post early this year to supervise various missile production projects. The military-owned body is working to more than double its yearly missile production capacity to close to 500 this year, as the island boosts its combat power amid what it sees as China’s growing military threat.
READ THE STORY: Dawn
Sri Lanka: Alarm bells in SL over China's surveillance ship en route Hambantota Port
FROM THE MEDIA: Yuan Wang 5, the Chinese research and Survey vessel, en route to the Hambantota Port in Sri Lanka has sent alarm bells to Colombo as country's Sri Lanka's Defense Ministry said that China has informed of "sending ship for surveillance". Sri Lanka's Defense Ministry media spokesman Colonel Nalin Herath also expressed similar sentiments saying that the country will allow the vessel to dock since it is a non-nuclear platform. However, he said that they are aware of India's concerns, Daily Mirror reported. "China informed us that they are sending their ship for surveillance and navigation in the Indian Ocean," he said.
READ THE STORY: Business Standard
India: The CSIC is offline: X-ray of a ‘ransomware’, the cyberattack that everyone fears
FROM THE MEDIA: The alarms went off this week. Two researchers from the Higher Center for Scientific Research (CSIC) complained on social networks that they had been without internet access for days. One of them requested in a letter to the director of EL PAÍS published this Tuesday the immediate restoration of the systems so that the projects in progress are not delayed. That same day, the Ministry of Science and Innovation released a statement acknowledging that the body suffered a cyberattack of the type ransomware on July 16 and 17, similar to the one that has also affected the Max Planck Institute or NASA this month.
READ THE STORY: Morning Express
Ukraine war and European energy insecurity: a benefit for Mozambique's gas exports to the EU?
FROM THE MEDIA: With Russia's energy supply to the EU increasingly at risk of being cut off, Brussels is looking at all possibilities for sourcing energy resources from around the world. In Africa, Mozambique is attracting EU attention. In fact, in 2012, liquefied natural gas (LNG) resources were discovered off Mozambique's northern coast in the Cabo Delgado region, prompting the government to invest almost $20 million to exploit this resource. Project planning is already underway and LNG supply is expected in early 2024. This large resource is a boon for the EU, as Europe has stopped receiving Russian gas and has committed to finding cheaper alternatives to US gas. Mozambique is now a credible alternative for the EU to consider as part of its strategy to diversify its energy suppliers.
READ THE STORY: Atalayar
Ukraine: OPSEC
FROM THE MEDIA: From early May 1944 through early June 1944 the words Gold, Sword, Juno, Utah, Omaha, Overlord, Mulberry, and Neptune appeared in The Daily Telegram’s crossword puzzles. On June 6th the allied invasion of Normandy (D-Day), codenamed Operation Neptune, attacked the beaches codenamed Gold, Juno, Sword, Utah and Omaha as part of the overall invasion called operation Overlord. The operation used portable harbors named Mulberry harbors. Needless to say the creators of this crossword puzzle series got a visit from MI5.
It turned out that the creator of the crossword puzzle was a headmaster for a school next to an army base housing soldiers preparing for D-Day. The soldiers were apparently using these words in front of their kids, which is against OPSEC. The headmaster would occasionally have these kids in his office while creating the crossword and ask them for word suggestions. It never occurred to him where these kids might be hearing these words. Oops.
READ THE STORY: Daily Kos
Items of interest
Russia Having 'More and More Difficulties Conducting War in Ukraine'
FROM THE MEDIA: Russia is having "more and more difficulties" conducting its invasion of Ukraine, said Dan Rice, a special adviser to the Ukrainian Armed Forces Commander-in-Chief Valeriy Zaluzzhnyi.
Russian President Vladimir Putin launched the invasion of Ukraine on February 24, 2022, citing a need to "liberate" the separatist Donbas region and rid the Ukrainian government of Nazis, even though Ukrainian President Volodymyr Zelensky is Jewish.
While Putin hoped for a quick invasion, he was met with a stronger-than-expected response from the Ukrainian military. After five months of fighting, Russian gains have stalled and fighting remains concentrated in eastern Ukraine as the military has run into several issues.
In an interview with Ukrinform published on Friday, Rice said Russia's invasion will likely remain difficult for them, predicting they will have "more and more difficulties conducting war in Ukraine."
READ THE STORY: NewsWeek
The truth about AI and why you should learn it - Computerphile explains (Video)
FROM THE MEDIA: If you are into cybersecurity or any other field, you probably want to learn about AI and ML. They can really help your resume and help you increase the $$$ you earn. AI just become Sentient? And will it take your job? Or is AI just a fantastic opportunity for you to get a better job? In this interview with Dr Michael Pound we discuss hype vs reality and get a quick start guide on how to learn AI.
Best Hacking Python Book? (Video)
FROM THE MEDIA: The difference between script kiddies and professionals is the difference between merely using other people's tools and writing your own. Charle Miller, from the foreword (1st edition). This is a great book if you want to learn Python for hacking and penetration testing. Sometimes the tools you want to use are not available on target systems and the only option is to use Python - so learn the tools and techniques you can use with Python in a pentest or ethical hacking situations.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com