Thursday, Aug 18, 2022 // (IG): BB //Sponsor: Zanes Hand Made
The US plans to block sales of older chipmaking tech to China
FROM THE MEDIA: The Biden administration has for several months been working to tighten its grip on U.S. exports of technology that China needs to make advanced chips, with the goals of both hurting China’s current manufacturing ability and also blocking its future access to next-generation capabilities. According to two people familiar with the administration’s plans, President Joe Biden’s approach is based around choking off access to the tools, software and support mechanisms necessary to manufacture a specific type of technology that is one of the fundamental building blocks of modern microchips: the transistor.
READ THE STORY: Protocol
How Unmoderated Platforms Became the Frontline for Russian Propaganda
FROM THE MEDIA: The Russian invasion of Ukraine has highlighted the evolving complexities of platform governance challenges in an increasingly decentralized information environment. Russia’s war in Ukraine has killed, injured, and displaced thousands of civilians. Russia, leading up to and throughout the conflict, brought the full scope of its propaganda apparatus to bear, leveraging overt and covert capabilities on both broadcast and social media to justify the invasion, downplay the death and destruction of families and homes, and deny human rights abuses. Social media companies have been called to make difficult, real-time decisions about content moderation with life-or-death stakes.
READ THE STORY: Stanford
'DarkTortilla' Malware Wraps in Sophistication for High-Volume RAT Infections
FROM THE MEDIA: Researchers this week warned of a sophisticated, evasive crypter that several threat actors are using to distribute a range of information stealers and remote-access Trojans (RATs). The crypter, dubbed "DarkTortilla," is pervasive and persistent, and it packs multiple features designed to help it avoid anti-malware and forensics tools. The .NET-based crypter can be configured to deliver numerous malicious payloads, and can potentially be used to plant illegal content on a victim's system. It's also capable of tricking both users and sandboxes into believing it is benign.
READ THE STORY: DarkReading
Microsoft takes actions to ‘disrupt’ Russian hacking group
FROM THE MEDIA: The Russian hacking group, which is being called SEABORGIUM, reportedly has been “highly persistent” in attempts to trick employees into clicking on malicious files, according to a Microsoft blog post on Monday. “SEABORGIUM is a threat actor that originates from Russia with objectives and victimology that align closely with Russian state interests,” the company writes. Microsoft claims SEABORGIUM targeted more than 20 organizations with most originating in the United States, UK and other NATO countries in attacks since the beginning of the year alone.
READ THE STORY: Top Class Actions
CISA: Threat actors exploiting multiple Zimbra flaws
FROM THE MEDIA: Multiple flaws in Zimbra Collaboration Suite are being exploited in the wild by threat actors, according to a Cybersecurity and Infrastructure Security Agency advisory released Tuesday. Zimbra Collaboration Suite (ZCS) is an enterprise cloud collaboration and email platform originally released in 2005 and currently sold by Synacor. The joint advisory by CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) reported that five vulnerabilities tied to the platform are being actively exploited and "may be targeting unpatched ZCS instances in both government and private sector networks."
READ THE STORY: TechTarget
Google patches yet another Chrome zero-day vulnerability
FROM THE MEDIA: Google issued a fresh set of Chrome security updates Wednesday headlined by a zero-day flaw that is actively being targeted in the wild. The tech giant said that its August security update includes a total of 11 fixes, including patches for 10 CVE-listed vulnerabilities. One Chrome vulnerability, CVE-2022-2852, is classified as a critical risk, six are categorized as high risk, and the remaining three are all considered medium risks. Included in the update was a patch for CVE-2022-2856, a zero-day vulnerability in the way the Intents component handles input validation. Google noted that the vulnerability is currently under exploitation in the wild.
READ THE STORY: TechTarget
APT41 group: 4 malicious campaigns, 13 victims, new tools and techniques
FROM THE MEDIA: Group-IB has released new research on the state-sponsored hacker group APT41. The Group-IB Threat Intelligence team estimates that in 2021 the threat actors gained access to at least 13 organizations worldwide. While analyzing the group’s malicious campaigns, experts uncovered adversary techniques and artifacts left by the attackers that point to their origin. The state-sponsored attacker group APT41 (aka ARIUM, Winnti, LEAD, WICKED SPIDER, WICKED PANDA, Blackfly, Suckfly, Winnti Umbrella, Double Dragon), whose goals are cyber espionage and financial gain, has been active since at least 2007.
READ THE STORY: Helpnet Security
BlackByte ransomware gang is back with new extortion tactics
FROM THE MEDIA: The BlackByte ransomware is back with version 2.0 of their operation, including a new data leak site utilizing new extortion techniques borrowed from LockBit. After a brief disappearance, the ransomware operation is now promoting a new data leak site on hacker forums and through Twitter accounts the threat actor controls. The threat actors are calling this new iteration of their operation BlackByte version 2.0, and while it is not clear if the ransomware encryptor has changed as well, the gang has launched a brand new Tor data leak site.
READ THE STORY: Bleeping Computer
Open source bug leaves hundreds of thousands of sites open to attack
FROM THE MEDIA: Hundreds of thousands of websites, including thousands using the .gov domain, are at risk of data loss(opens in new tab), experts have warned. Cybersecurity researchers from Defense.com have discovered a vulnerability in the open source development tool Git which, if not addressed, allows threat actors the keys to the kingdom. Apparently, there is a number of .git folders that need to be hidden, but in many cases, are not. While a serious flaw, it’s not directly Git’s fault, the researchers are saying, but rather Git users failing to follow best practice. With the help of a specially crafted Google dork, a threat actor would be able to find these folders, and download their contents.
READ THE STORY: TechRadar
Bugdrop dropper includes features to circumvent Google’s security Controls
FROM THE MEDIA: Recently, researchers from ThreatFabric discovered a previously undetected Android dropper, dubbed BugDrop, which is under active development and was designed to bypass security features that will be implemented in the next release of the Google OS. The experts noticed something unusual in the latest sample of the malware family Xenomorph, it was an improved version of the threat that included RAT capabilities by using “Runtime modules”. The Runtime modules allow the malware to perform gestures, touches, and other operations. The new version of Xenomorph was dropped by the BugDrop malware which is able to defeat security measures that Google will introduce to prevent malware requesting Accessibility Services privileges from victims.
READ THE STORY: Security Affairs
India-GoI’s VLC ban is a security and privacy risk
FROM THE MEDIA: The Indian government has been blocking apps left and right in the name of protecting its internet space and data security from China for quite some time. The latest victim of this active precaution against Chinese state-backed hackers seems to be the massively popular VLC media player. VLC’s website has reportedly been inaccessible on the Indian internet since February 13. Six months later, there’s still no word from VLC or the Indian government over why the ban was issued in the first place. The media player itself hasn’t been blocked completely and will continue to function if you’ve already downloaded it, but the government has restricted access to VideoLAN’s website, the creator behind the project. The Android and iOS apps for the player are also still available for download from the respective app stores.
READ THE STORY: CANDID
Long Term Analysis Illustrates How Risk Posed by a Vulnerability Changes as Exploits Develop Over Time
FROM THE MEDIA: Vulnerability management is a popular cybersecurity strategy prioritizing known weaknesses. Much cybersecurity analysis focuses on a particular threat at a specific point in time, covering a narrow window of activity as a result of constantly changing tactics, techniques, and procedures (TTPs). This type of focus, while important, is not well aligned with a long-term vulnerability management strategy. Data from intelligence analysis of a single incident still has a small half-life because TTPs employed by the next cyberattack are likely to have changed from those used in previous attacks.
READ THE STORY: SecurityBoulevard
Member of Russian Ransomware Gang Responsible for Laundering $70 Million Is Jailed in Portland
FROM THE MEDIA: A Russian member of a cryptocurrency laundering ring is now in jail in downtown Portland. The money was collected from ransomware victims in Oregon and around the globe, federal prosecutors say. Denis Mihaqlovic Dubnikov, 29, was arrested by the FBI after being extradited from the Netherlands earlier this week. He appeared in court for the first time this morning. Dubnikov allegedly laundered $400,000 in proceeds from ransomware attacks, according to an indictment filed by the United States Attorney’s Office. The case was filed over two years ago but unsealed today following Dubnikov’s arrest.
READ THE STORY: WWEEK
Ransomware attack on UK water company clouded by confusion
FROM THE MEDIA: A water company in the drought-hit UK was recently compromised by a ransomware gang, though initially it was unclear exactly which water company was the victim. Clop, a prolific Russian-speaking gang known for extorting industrial organizations, claimed on its website that it had broken into and stolen data from Thames Water – which supplies water to about 15 million people, including those in the capital, London. The cybercriminals said that after negotiations with the water company broke down, they published a raft of stolen documents, from passport scans and driver's licenses to screenshots of software user interfaces. They claimed to have more than 5TB of data taken from the victim organization, as well as access to some SCADA systems.
READ THE STORY: The Register
UPDATE 1-Hacker tournament brings together world's best in Las Vegas
FROM THE MEDIA: A team of hackers from two North American universities won the "Capture the Flag" championship, a contest seen as the "Olympics of hacking," which draws together some of the world's best in the field. In the carpeted ballroom of one of the largest casinos in Las Vegas, the few dozen hackers competing in the challenge sat hunched over laptops from Friday through Sunday during the DEF CON security conference that hosts the event. The winning team, called Maple Mallard Magistrates, included participants from Carnegie Mellon University, its alumni, and the University of British Columbia.
READ THE STORY: Yahoo Finance
Lawmakers push for improved cybersecurity in health sector amid growing cyber threats
FROM THE MEDIA: Lawmakers are urging the Biden administration to strengthen the federal government’s cyber defenses in the health care sector amid a spike in cyberattacks, a push industry leaders see as a way to help protect a critical sector that stores sensitive information. In a letter addressed to the Department of Health and Human Services (HHS), Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.) urged the agency to better protect the health care and public health sector from the growing number of cyber threats. “With cyber threats growing exponentially, we must prioritize addressing the [health care and public health] sector’s cybersecurity gaps,” wrote King and Gallagher, who both co-chair the Cyberspace Solarium Commission.
READ THE STORY: The Hill
Are Chinese-made smartphones spying on me?
FROM THE MEDIA: There is a lot of FUD – fear, uncertainty, and deception – about Chinese-made smartphones spying. It is liberally spread by some media on the payroll of non-Chinese companies wanting to cash in on the rising anti-China sentiment. It is all bovine-excrement. CyberShack is not a political publication. Any China sentiment you may have, or not, is based on your take on Chinese attitudes to Australia’s exports, potential annexation of Taiwan, alleged repression of Uyghurs, and the increasing presence in the South Pacific. This is a detailed article, so if you want the spoiler: Chinese-made smartphones are not spying on you.
READ THE STORY: CyberShack
US intelligence is going big on countering China. Will it succeed?
FROM THE MEDIA: As the US-China competition for influence and markets heats up, Washington appears to be gearing up to contain Beijing on a crucial front: spying. For many American government officials and security analysts, the move has been long overdue. The US intelligence community including retired CIA officers pushed Washington to channel more resources toward countering the perceived Chinese threat in what some officials call the “third epoch of intelligence” competition. Last week, it was reported that the CIA, America’s top spy outfit, is prioritizing China over the agency’s counterterrorism efforts against terrorist groups, which have been its main area of focus for the past two decades.
READ THE STORY: TRTWorld
China Can Walk and Chew Gum at the Same Time in Cyberspace
FROM THE MEDIA: FBI Director Christopher Wray has testified several times that China is the most prominent cyber threat facing the United States, which he reiterated before Congress in August 2022, further stating that China is its most significant geopolitical foe. This conclusion is the product of several years of Beijing’s nonstop global campaigns stealing intellectual propertyand sensitive healthcare information, targeting journalists and dissident groups, gaining footholds into critical infrastructure assets, engaging in disinformation and influence campaigns, and trying to set technical standards, dominate Internet governance, and influence how nation states responsibly operate in cyberspace.
READ THE STORY: OODALOOP
Why high-tech tractors are the latest front in the battle for right-to-repair
FROM THE MEDIA: A new “jailbreak” targeting John Deere tractors has farmers and security experts pondering the merits of open access to the machine’s computer brain, versus the need to keep the farm vehicle secure. Right-to-repair has become a battle cry for consumer advocates who want greater access to the inner workings of devices they buy, like phones and computers – and tractors, too. These days, the tractors that till the fields are computer-driven, and companies like John Deere keep a tight lid on access to what’s behind the touch screens used to control them. Now, a security researcher’s hack for Deere tractors is drawing attention to a conflict between the right-to-repair ideal, and the need to maintain security for machines that are integral to food production. Lily Hay Newman, a senior writer at Wired who has written about the new jailbreak, shared what this means for tractor owners. Listen to the interview above or read the transcript below.
READ THE STORY: Texas Standard
Fortinet: Use of wipers expanding beyond Ukraine to 24 countries
FROM THE MEDIA: The use of wiper malware is increasingly expanding beyond the Ukraine conflict, according to research released today by cybersecurity giant Fortinet, with new variants popping up at an unprecedented rate. Wiper malware has been used heavily by hacking groups supporting Russia’s invasion of Ukraine. Recorded Future’s Insikt Group has tracked nine different wipers used in Ukraine, including WhisperKill, WhisperGate, HermeticWiper, IsaacWiper, CaddyWiper, and DoubleZero. Microsoft researchers said in April that they had observed nearly 40 destructive cyberattacks targeting hundreds of systems in Ukraine.
READ THE STORY: The Record
Half of Russian Flight Dispatchers On Forced Leave As Sanctions Clobber Travel
FROM THE MEDIA: Half of Russia's flight dispatchers have been put on forced leave as Western sanctions batter the country's travel industry, a labor union official says. Sergei Kovalyov, the president of Russia's Federal Trade Union of Air Traffic Controllers, made the statement in a complaint sent to the Prosecutor-General's Office earlier this week, Russian media reported. Russia has about 30,000 flight dispatchers, suggesting 15,000 have been put on leave. Russia's aviation industry -- highly dependent on Western technology and Western routes -- has been among the hardest hit by sweeping sanctions triggered by Moscow's invasion of Ukraine.
READ THE STORY: RFERL
Infamous cybercriminal organizations like Cozy Bear have been involved in a string of cyberattacks targeting Ukrainian government agencies, according to new research.
FROM THE MEDIA: Russian-linked threat actors harnessed a commercial security tool to launch cyberattacks on Ukrainian government organizations and a series of phishing attacks designed to infiltrate key systems amid Russia’s invasion of Ukraine, according to new research published today by Trustwave. The research reveals how cybercriminals, ransomware operators and other threat actors can manipulate legitimate penetration tools to conduct espionage and other destructive attacks on connected systems. Cybercriminal groups reportedly associated with Russia's Foreign Intelligence Service and Federal Security Service used a commercial penetration tool called Cobalt Strike in at least six cyber and phishing attacks against the Ukrainian government between March and July.
READ THE STORY: FCW
Apex Capital blames malware attack for ‘unplanned system outage’
FROM THE MEDIA: After initially blaming an “unplanned system outage” for its computer networks being knocked offline since early Monday, Apex Capital Corp. and its subsidiary, TCS Fuel, confirmed that both companies’ systems were targeted in a malware attack. Ransomware gang BlackByte is claiming responsibility for infecting the operating systems of one of the largest factoring companies in the U.S., Apex Capital, headquartered in Fort Worth, Texas, which, in turn, shut down TCS Fuel’s network. In February, the FBI and the U.S. Secret Service (USSS) released a joint Cybersecurity Advisory (CSA) about BlackByte. The report described the gang as “a Ransomware-as-a-Service group that encrypts files on compromised Windows host systems, including physical and virtual servers.”
READ THE STORY: FreightWaves
Cybersecurity Advisory: Zeppelin Ransomware Targets Healthcare Orgs
FROM THE MEDIA: On Aug. 11, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are released a joint Cybersecurity Advisory (CSA) to broadcast the known Zeppelin ransomware indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with ransomware variants identified through FBI investigations as recently as June 21. The advisory states that “Zeppelin ransomware is a derivative of the Delphi-based Vega malware family and functions as a Ransomware as a Service (RaaS).
READ THE STORY: Healthcare Innovation
DOE invests $45 million in cyber technology that protects power sector
FROM THE MEDIA: The Department of Energy announced on Wednesday that it is investing $45 million in cyber technology that will protect the power grid sector from cyberattacks. The investment will fund up to 15 research projects that will focus on developing new cybersecurity technologies designed to reduce cyber risks in the energy sector.
READ THE STORY: The Hill
Items of interest
An Alliance Division of Labor in East Asia
FROM THE MEDIA: Leaders in Washington understand that a strategy for the Indo-Pacific rooted in alliances is critical to meet the challenge presented by China. But such a strategy seems slow in coming together in East Asia. Why is this the case? Two years ago, we argued that the fundamental reason for the lack of security cooperation between Japan and Korea is their diverging geopolitical orientations. Yet the situation has changed in recent years. President Joe Biden met with the leaders of Japan and South Korea on the sidelines of the NATO Summit in Madrid to discuss greater security cooperation.
READ THE STORY: War on The Rocks
The Role of Cryptocurrency in Ransomware Negotiations and Other Cybercrimes (Video)
FROM THE MEDIA: SANS Ransomware Summit 2022.
Deep Web VS Dark Web - the use of Cryptocurrency for Crime Explained (Video)
FROM THE MEDIA: The dark web, making up almost half of the entire internet, is a part of the web that is used for selling illicit products and services. Differentiating the Deep web from the Dark web is crucial if you want to understand how they both work.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com