Monday, Aug 15, 2022 // (IG): BB //Sponsor: Zanes Hand Made
Iron Tiger APT is behind a supply chain attack that employed messaging app MiMi
FROM THE MEDIA: The Iron Tiger APT (aka Panda Emissary, APT27, Bronze Union, Lucky Mouse, and TG-3390) is active at least since 2010 and targeted organizations in APAC, but since 2013 it is attacking high-technology targets in the US. Trend Micro experts discovered a server hosting both a HyperBro sample and a malicious Mach-O executable named “rshell.” While HyperBro is a malware family that is associated with APT27 operations, the Mach-O sample appears to be a new malware family targeting the Mac OS platform. The researchers also found samples compiled to infect Linux systems.
READ THE STORY: Security Affairs
Realtek SDK exposes systems to SIP bug
FROM THE MEDIA: A bug in a Realtek software development kit (SDK) means any third party devices with software that uses the SDK could inherit a vulnerability in their Session Initiation Protocol (SIP) implementations. While patched by Realtek back in March, third parties may not yet have rolled out their own patches. Disclosed on Friday in a Defcon talk [pdf] by Faraday Security’s Octavio Galland and Octavio Gianatiempo, the bug could affect any equipment that uses Realtek's RTL819x SoCs.
READ THE STORY: iTnews
A new PyPI Package was found delivering fileless Linux Malware
FROM THE MEDIA: The package describes itself as “secrets matching and verification made easy,” it has a total of 93 downloads since August 6, 2020. “Sonatype has identified a ‘secretslib’ PyPI package that describes itself as “secrets matching and verification made easy.”” reads the post published by the experts. “On a closer inspection though, the package covertly runs cryptominers on your Linux machine in-memory (directly from your RAM), a technique largely employed by fileless malware and crypters.” The package fetches a Linux executable from a remote server and execute it to drop an ELF file (“memfd“) directly in memory. It is a Monero crypto miner likely created via the ‘memfd_create‘ system call.
READ THE STORY: Security Affairs
A flaw in Xiaomi phones using MediaTek Chips could allow to forge transactions
FROM THE MEDIA: Trusted execution environment (TEE) is an important component of mobile devices designed to process and store sensitive security information such as cryptographic keys and fingerprints. TEE protection leverages hardware extensions (such as ARM TrustZone) to secure data in this enclave, even on rooted devices or systems compromised by malware. The most popular implementations of the TEE are Qualcomm’s Secure Execution Environment (QSEE) and Trustronic’s Kinibi, but most of the devices in the wider Asian market are powered by MediaTek chips, which is less explored by security experts.
READ THE STORY: Security Affairs
“Star De-Linked”: SpaceX Offers Job To ‘Badass Engineer’ Who Hacked Starlink Satellite Network With A Homemade Device
FROM THE MEDIA: Lennert Wouters gave a presentation titled “Glitched on Earth by humans” at the annual Black Hat Security Conference on August 10, where he described the vulnerabilities that enabled him to break into Starlink satellite terminals and write his custom code. “The widespread availability of Starlink User Terminals (UT) exposes them to hardware hackers and opens the door for an attacker to freely explore the network,” Wouters said in a press release. During the Conference, he demonstrated a modchip, also known as a homemade circuit board, to attendees, according to Wired. The modchip would directly connect to a Starlink dish and was built using components that could easily be purchased off-the-shelf for about $25.
READ THE STORY: EurAsian Times
Text Based MFA Shown to have Numerous Security Issues
FROM THE MEDIA: Password protection used to be the gold standard for keeping yourself safe and secure online, but it has recently fallen out of favor due to brute force attacks making passwords difficult to protect. Multi factor authentication creates a new layer of security which is useful because of the fact that this is the sort of thing that could potentially end up complicating matters for potential malicious actors. In spite of the fact that this is the case, the use of SMS based MFA codes might not be as secure as many assumed.
READ THE STORY: Digital Information World
Russia unplugs foes, rewards friends in latest market reboot
FROM THE MEDIA: Nearly six months after Russia was evicted from much of global finance over the invasion of Ukraine, it’s going it alone by devising a two-tier system severed from adversaries. The plan emerging from central bank proposals and a gradual unwinding of local restrictions will focus on mobilizing capital at home while catering to jurisdictions it considers friendly. From Monday, the Moscow exchange will allow trading in debt securities for investors from countries that haven’t joined the sanctions imposed by the U.S. and its allies. The decision ends a hiatus in place since Russia sealed off its markets to restrict the flow of money out of the country when the war began in late February.
READ THE STORY: JapanTimes
Network and token freeze after Acala exploit raises questions
FROM THE MEDIA: The Acala Network’s aUSD stablecoin depegged by over 99% over the weekend and forced the Acala team to pause a hacker’s wallet, raising concerns about its claim of being decentralized. On Sunday, a hacker took advantage of a bug on the iBTC/aUSD liquidity pool which resulted in 1.2 billion aUSD being minted without collateral. This event crashed the United States dollar-pegged stablecoin to a cent, and in response, the Acala team froze the erroneously minted tokens by placing the network in maintenance mode. The move also halted other features such as swaps, xcm (cross-chain communications on Polkadot), and the oracle pallet price feeds until “further notice.”
READ THE STORY: CoinTelegraph
Australia needs a long-term strategy to combat IP theft
FROM THE MEDIA: In their first-ever joint speech in London last month, the heads of MI5 and the FBI warned business leaders that one of the biggest threats facing advanced economies is a ‘coordinated campaign on a grand scale’ of economic espionage, particularly over intellectual property, by the Chinese Communist Party. This fresh warning is a reminder that the threat of IP theft to organizations remains alive and that there’s a serious need for states to prepare for it. The state-led practice of stealing commercially valuable assets like IP has a long history dating back to antiquity. But the growing ubiquity of digital technology has made this practice more widespread.
READ THE STORY: ASPI
72Nd Mechanized Brigade Gets State-Of-The-Art Reconnaissance Drone
FROM THE MEDIA: The 72nd Mechanized Brigade named after the Black Zaporozhians has received a state-of-the-art DJI Matrice 300 reconnaissance drone as part of the Army of Drones project. According to Ukrinform, Ukraine's Deputy Prime Minister and Minister of Digital Transformation Mykhailo Fedorov said this in a Telegram post. 'We handed over a state-of-the-art DJI Matrice 300 drone to the legendary 72nd Brigade named after the Black Zaporozhians. These soldiers defended the capital and drove the invaders out of the Kyiv and Chernihiv regions. And now they are defending the country in Donbas,' Fedorov wrote.
READ THE STORY: MENAFN
Cisco discloses cyber-attack on corporate network
FROM THE MEDIA: Cisco disclosed last week that it was breached by a cyber threat actor who has previously worked as an Initial access broker (IAB) with ties to cybercrime gangs Lapsus$, UNC2447 and Yanluowang. In addition, the Yanluowang ransomware group published a partial list of files it says were stolen from Cisco. Cisco says that there was no ransomware deployment during the attack that it could find. Cisco became aware of a potential compromise on 24 May 2022 and has since been working to remediate. During its investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
READ THE STORY: TechMarketView
OneTouchPoint hit by ransomware attack
FROM THE MEDIA: The, mailing and printing services vendor OneTouchPoint has disclosed a data breach. This cyber-incident has impacted at least 34 healthcare organizations. OneTouchPoint is headquartered in Hartland, Wisconsin, and is known for providing various kinds of services related to printing, marketing execution, and supply chain management, especially to the healthcare sector. According to Security Week, at least two other firms – Arkansas Blue Cross and Blue Shield and Blue Shield of California Promise Health Plan – have sent data breach notifications after learning that their subcontractor, Matrix Medical Network, was impacted by the OneTouchPoint ransomware attack.
READ THE STORY: DigitalJournal
Kaspersky warns PH a potential target of Yanluowang ransomware gang
FROM THE MEDIA: The Philippines could be a potential target of the Yanluowang ransomware gang, which has managed to attack large companies from countries like Brazil, Germany, China, and the US, warns cybersecurity firm Kaspersky. Kaspersky’s warning, released on August 12, comes amid networking giant Cisco’s recent confirmation that it suffered a security breach in May. The Yanluowang gang claimed responsibility, publishing online a partial list of files it claims were stolen from Cisco’s networks. Cisco, however, said that it’s already working with law enforcement on the matter, noting that sensitive information was not stolen and its operations were not impacted.
READ THE STORY: Rappler
Kaspersky uncovers new attacks by advanced persistent threat group
FROM THE MEDIA: Kaspersky experts have uncovered new attacks by Andariel, an advanced persistent threat (APT) subgroup of Lazarus. The attacks involved modifications of the well-known malware, DTrack, as well as the use of a brand-new Maui ransomware. They targeted high-profile organizations around the world. Andariel has operated for more than a decade within infamous Lazarus group, and Kaspersky researchers identified an interesting incident in Japan involving a never-before-seen Maui ransomware. However, in 2022, the group continued expanding its malware arsenal and the geography of its attacks. As CISA reported in July 2022, Andariel affected public and healthcare organizations with the Maui ransomware.
READ THE STORY: ITBrief
Senior Care Giant Avamere Suffers Cybersecurity Breach
FROM THE MEDIA: Avamere Health Services LLC has told clients that hackers breached the senior care company’s computer system earlier this year, potentially obtaining Social Security numbers and financial and medical information about clients. “We recently determined that intermittent unauthorized access to a third-party hosted network utilized by Avamere occurred between Jan. 19, 2022, and March 17, 2022,” the company said in a statement. A health care industry publication, HIPAA Journal, reported additional details.
READ THE STORY: WWEEK
Why Twitter anons are sending crypto to celebrities
FROM THE MEDIA: Tornado Cash has been the talk of the town this week in crypto circles. The U.S. government’s Office of Foreign Asset Control (OFAC), a watchdog within the Treasury, leveled sanctions against the cryptocurrency mixer for its role in helping facilitate money laundering. North Korean-backed hackers, among others, have used the Tornado Cash platform to mask stolen crypto associated with some of the highest-profile hacks in web3 to date, including last week’s Nomad heist and the hack of play-to-earn video game Axie Infinity earlier this year.
READ THE STORY: TechCrunch
IT Specialist and Crypto Exchange BTC-e Operator Vinnik Denied Bail by U.S Authorities
FROM THE MEDIA: The US authorities have refused to grant bail for IT specialist Alexander Vinnik. The Russian media cited his record on the website of the Santa Rita Jail in California (where Vinnik is imprisoned). More than a week ago, Vinnik was shifted to the U.S from Greece, which his international defense team didn’t like. Vinnilk was on a family vacation in the Greek city of Thessaloniki when he was arrested by the authorities. In late 2019, Greece sent him to France where he was incarcerated for five years over the money laundering allegations. Then in July, the U.S authorities took their request to send him to France, back. As a consequence, it made his transfer through Greece rapid.
READ THE STORY: The CoinRepublic
What’s That Scope Trace Saying? UPD and WireShark
FROM THE MEDIA: [Matt Keeter], like many of us, has a lot of network-connected devices and an oscilloscope. He decided he wanted to look into what was on the network. While most of us might reach for Wireshark, he started at the PCB level. In particular, he had — or, rather, had someone — solder an active differential probe soldered into an Ethernet switch. The scope attached is a Textronix, but it didn’t have the analyzer to read network data. However, he was able to capture 190+ MB of data and wrote a simple parser to analyze the network data pulled from the switch. The point of probing is between a network switch and the PHY that expands one encoded channel into four physical connections using QSGMII (quad serial gigabit media-independent interface). As the name implies, this jams four SGMII channels onto one pair.
READ THE STORY: HackaDay
'China threat' emerges in elections from UK to Australia
FROM THE MEDIA: It's not just the economy. While inflation and recession fears weigh heavily on the minds of voters, another issue is popping up in political campaigns from the UK and Australia to the US and beyond, the “China threat." The two finalists vying to become Britain's next prime minister, Liz Truss and Rishi Sunak, clashed in a televised debate last month over who would be toughest on China. It's a stark departure from outgoing Prime Minister Boris Johnson’s business-focused “Sinophile” approach and part of the hardening of anti-China rhetoric in many Western countries and other democracies, like Japan, that is coming out in election campaigns.
READ THE STORY: New Indian Express
Cloud communication firm Twilio hacked, customers’ data exposed
FROM THE MEDIA: US-based Cloud communications company Twilio has admitted data breach as hackers entered its internal systems after stealing employee credentials in an SMS phishing attack. Twilio said it identified 125 customers who had their data accessed during a security breach. "We have identified approximately 125 Twilio customers whose data was accessed by malicious actors for a limited period of time, and we have notified all of them," Twilio said in a statement.
READ THE STORY: Social News
Items of interest
New maritime security strategy to target latest physical and cyber threats
FROM THE MEDIA: The UK’s position as a world-leading maritime nation is secured by a new strategy that will enhance capabilities in technology, innovation and cyber security.
Unveiling the 5-year strategy, the Secretary of State for Transport has today (Monday 15 August 2022) set out the guiding principles for the UK government’s approach to managing threats and risks at home and around the world, including leveraging the UK’s world-leading seabed mapping community and tackling illegal fishing and polluting activities at sea.
The new strategy redefines maritime security as upholding laws, regulations and norms to deliver a free, fair and open maritime domain. With this new approach, the government rightly recognizes any illegal, unreported and unregulated (IUU) fishing and environmental damage to our seas as a maritime security concern.
In addition, to enhance the UK’s maritime security knowledge, the government has established the UK Centre for Seabed Mapping (UK CSM), which seeks to enable the UK’s world-leading seabed mapping sector to collaborate to collect more and better data.
READ THE STORY: GOV.UK
Hacking a Car at DEF CON 30 (Video)
FROM THE MEDIA: Silk gets the lowdown on the Truck portion of Car Hacking Village.
Confessions of an Nespresso Money Mule (Video)
FROM THE MEDIA: “In 2018 I somewhat innocently bought very expensive coffee (Nespresso capsules) online from Ebay. What followed was a series of unexpected additional packages from the manufacturer Nespresso and a lurking suspicion that something had gone terribly--if not criminally--wrong as a result of my purchase. This talk chronicles the obnoxious amounts of obsessive research and tracking that became my new hobby--stalking Nespresso fraudsters and my decidedly non-technical attempts at developing a generic search profile and reporting the fraudsters to anyone who would listen, to include : the persons whose identities had been stolen, Nespresso, Ebay, and the FBI. Ultimately I just ended up with a LOT of coffee; a lingering sense that I had committed several crimes; and no faith left in humanity.”
-Nina Kollars
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com