Sunday, Aug 21, 2022 // (IG): BB //Sponsor: Zanes Hand Made
China-Backed Hackers Spying On Govts, India's NIC Among Victims
FROM THE MEDIA: The group known as 'RedAlpha' has consistently spoofed login pages for NIC, which manages wider IT infrastructure and services for the Indian government. The hacking group weaponized some least 350 domains last year alone. The China-sponsored hacking group spoofed organizations such as the International Federation for Human Rights (FIDH), Amnesty International, the Mercator Institute for China Studies (MERICS), Radio Free Asia (RFA), the American Institute in Taiwan (AIT), and other global government, think tank, and humanitarian organizations that "fall within the strategic interests of the Chinese government".
READ THE STORY: Ahmedabad Mirror
White hat hackers broadcasted talks and hacker movies through a decommissioned satellite
FROM THE MEDIA: During the latest edition of the DEF CON hacking conference held in Las Vegas, the group of white hat hackers Shadytel demonstrated how to take control of a satellite in geostationary orbit. The group used a satellite called Anik F1R, which was dismissed in 2020. The group was authorized to perform the hack and the satellite they hacked had been decommissioned, which means that it is going to send to a graveyard orbit. The graveyard, also called a junk orbit, is an orbit that lies away from common operational orbits, some satellites are moved into such orbits at the end of their operational life to avoid colliding with operational spacecraft and satellites.
READ THE STORY: Security Affairs
India's cyber agency warns about bugs in Google Chrome for desktop
FROM THE MEDIA: The Indian Computer Emergency Response Team (CERT-In) has warned users about multiple vulnerabilities in Google Chrome for desktop that can let hackers gain access to their computers. The multiple vulnerabilities could allow a remote attacker to execute arbitrary code and Security restriction bypass on the targeted system, according to an advisory by CERT-In, that comes under IT Ministry. "These vulnerabilities exist in Google Chrome due to use after free in FedCM, SwiftShader, ANGLE, Blink, Sign-In Flow, Chrome OS Shell; Heap buffer overflow in Downloads, Insufficient validation of untrusted input in Intents, Insufficient policy enforcement in Cookies and Inappropriate implementation in Extensions API," the cyber agency said.
READ THE STORY: ET India
We can make our phones harder to hack but complete security is a pipe dream
FROM THE MEDIA: Apple caused a stir a few weeks ago when it announced that the forthcoming update of its mobile and laptop operating systems would contain an optional high-security mode that would provide users with an unprecedented level of protection against powerful “spyware” software that surreptitiously obtains control of their devices. It’s called Lockdown Mode and, according to Apple, “offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware”.
READ THE STORY: The Guardian
Musk tries to sell Tesla's Optimus robot butler to China
FROM THE MEDIA: Elon Musk wants Tesla's robot butler to be able to cook, mow laws, and care for the elderly, he wrote in an essay published in a magazine backed by the official Cyberspace Administration of China. The billionaire has previously hinted a prototype of the model, named Optimus, may debut at the end of next month at the company's annual AI day. Plans to develop a humanoid robot were announced last year, when Tesla hilariously hired a man dressed in a skin-tight suit to dance around and act like a robot on stage. You can watch the farce below.
READ THE STORY: The Register
The New Cold War brings a new nuclear dystopia (poss. propaganda)
FROM THE MEDIA: Right now, as the Ukrainian army, according to president Zelensky, has launched an offensive in the south, one of the biggest challenges they will face is recapturing the Zaporizhzhia nuclear power plant, the largest in Europe. It has six nuclear reactors that require careful monitoring, and six highly radioactive pools alongside a reservoir that eventually empties into the Black Sea. While neither side has an interest in triggering an all out nuclear disaster, the danger is inherent in the situation. In March, the world held its breath as videos emerged showing a pitched battle being fought in the courtyard of the plant, causing damage to the building. It has since been occupied by Russian forces, who have set up artillery on the site.
READ THE STORY: ChinaWorker
India - Locking biometrics protects the information on Aadhar cards, here is how
FROM THE MEDIA: The Aadhaar card is one of the most important documents one owns. It shows proof of one’s residency and it can be acquired by the citizens of India and resident foreign nationals who have spent over 182 days to 12 months immediately preceding the date of application for enrolment. It contains one’s details like name, date of birth, address, mobile number and email ID, which has led to fraud. Thus it becomes more pertinent to protect and secure your Aadhaar Card. In recent tweets by the UIDAI, there has been a mention of a simple solution for people to check of their data is not being misused.
READ THE STORY: Business Up Turn
Javelin ATGMs On Sale! Western Weapons Delivered To Ukraine By US & NATO Are Up For Sale On Dark Web – Reports
FROM THE MEDIA: Military experts have regularly cautioned that some of the military support provided to Ukrainian forces could slip into the wrong hands as the West increased shipments of firearms and ammo to Ukraine. It appears that their worry has materialized this time. According to ABS News, a pro-Russian news outlet, some of the transferred western weapons have now found their way to the dark web, a section of the internet that can only be accessed using the TOR browser. The report claims that the Ukrainian Armed Forces are selling Javelins, military hardware, and other weapons obtained from the US and its NATO allies to customers in the Middle East and North Africa on the darknet. Anyone with a TOR browser can purchase the ATGM Javelin from the online shop, the report added.
READ THE STORY: Eurasian Times
Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug
FROM THE MEDIA: Hackers have exploited a zero-day vulnerability in General Bytes Bitcoin ATM servers to steal cryptocurrency from customers. When customers would deposit or purchase cryptocurrency via the ATM, the funds would instead be siphoned off by the hackers. General Bytes is the manufacturer of Bitcoin ATMs that, depending on the product, allow people to purchase or sell over 40 different cryptocurrencies. The Bitcoin ATMs are controlled by a remote Crypto Application Server (CAS), which manages the ATM's operation, what cryptocurrencies are supported, and executes the purchases and sales of cryptocurrency on exchanges.
READ THE STORY: Bleeping Computer
Blog Title Optimizer Uses AI, but How Well Does that Work?
FROM THE MEDIA: [Max Woolf] sometimes struggles to create ideal headlines for his blog posts, and decided to apply his experience with machine learning to the problem. He asked: could an AI be trained to optimize his blog titles? It is a fascinating application of natural language processing, and [Max] explains all about what it does and how it works. The machine learning framework [Max] uses is GPT-3, a language model that works with natural-seeming human language that is capable of being tweaked in different ways.
READ THE STORY: Hackaday
Can Web3 be hacked? Is the decentralized internet safer?
FROM THE MEDIA: Web3 came into existence posed as a blockchain-powered disruption to the current state of the internet. Yet, as a nascent technology, a fog of assumptions plagues discussions about the real capabilities of Web3 and its role in our day-to-day lives. Considering the promise of a decentralized internet using public blockchains, a complete transition to Web3 would require scrutiny across several factors. Out of the lot, security stands as one of the most crucial features as, in a Web3-powered world, tools and applications hosted over the blockchains go mainstream.
READ THE STORY: Coin Telegraph
LockBit is being DDoS’d because of the Entrust hack
FROM THE MEDIA: LockBit is one of the most active ransomware operations right now thanks to its open communication with threat actors and cybersecurity professionals through its public-facing operation, “LockBitSupp.” Because the operation is always adopting new techniques, technologies, and payment methods, it is essential for security and network specialists to stay up to date on the operation’s development and TTP. The LockBit ransomware organization has been held responsible for the attack against Entrust, a prominent provider of digital security, in June. Entrust experienced a ransomware attack in June 2022. Entrust had already begun alerting customers to a breach when information was stolen from internal systems.
READ THE STORY: The Tech Outlook
Apple discloses serious vulnerabilities
FROM THE MEDIA: While computers and phones on other platforms have widely been susceptible to malware and hackers over the last several years, often compromising a person’s identity and other personal information, those who use Apple products have been largely confident that they won’t fall victim to those types of issues. Until now. Two security reports were released, Wednesday, by Apple, that disclosed serious security vulnerabilities for iPads, Macs and iPhones, that could potentially allow attackers to take complete control of the devices.
READ THE STORY: AVPRESS
Trinidad - Illegal copper, metal trade linked to South American and Chinese crime operation
FROM THE MEDIA: The illegal copper and metal export trade in Trinidad and Tobago is a US multi-million dollar business that is part of an international crime operation with links to Venezuela and China. Criminologist Dr Daurius Figueira, who has a vast network of local and Latin American crime sources, as well as sources close to the trade revealed that the local trade is driven by crime bosses in Trinidad. One of the prominent bosses of the trade is a notorious criminal figure that was recently released from jail on a murder charge and has the final say in most of the illicit transactions, one underworld source revealed.
READ THE STORY: Guardian
U.S. OFAC Sanctions on Tornado Cash For $7 Billion Funds Laundering
FROM THE MEDIA: Tornado cash is used to launder approximately more than 7 Billion USD since its existence in 2019. This includes three major names from different geographies: Lazarus Group, South Korea, Harmony Bridge Heist, and the Nomad Heist. Lazarus Group stole about 455 Million USD in 2019, 96 Million USD funds derived from Harmony Bridge Heist, and &.8 Million USD from Nomad Heist. Now, the U.S Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the virtual mixer Tornado Cash for laundering 7 Billion USD worth of virtual currency.
READ THE STORY: The CoinRepublic
CISA adds more 7 vulnerabilities to ‘Known Exploited Vulnerabilities Catalog’ list
FROM THE MEDIA: The CISA has added around seven vulnerabilities to its ‘Known Exploited Vulnerabilities Catalog’ list which has been breached by the cyber attackers, with a newly defect revealed by Apple Inc. Consequently, adding these seven vulnerabilities in the catalog, the list now contains around 801 CVEs in total. The CISA now requires all of the seven vulnerabilities to be patched by September 8th, 2022. However, no details have been given yet on how the malicious actors used them in the cyberattacks. One of he newly added vulnerability is the critical SAP CVE-2022-22536 vulnerability was revealed by Onapsis in February. CISA immediately alerted the admins to patch the bug as it could lead to data theft fraud risks, ransomware attacks and many other serious security problems.
READ THE STORY: The Tech Outlook
Ransomware is the biggest malware threat — avoid hackers holding your data hostage
FROM THE MEDIA: Ransomware is an ongoing scourge, with the nasty malware impacting users and large-scale organizations alike. We’ve seen AMD and Intel suffer from data leak in an active Gigabyte ransomware attack, Microsoft dealing with a massive email hack, and Cyberpunk 2077 developers CD Projekt Red under fire with a nasty security breach — and that’s just in 2021. As Check Point Research (CPR) has discovered, the surge of ransomware attacks kicked off in the third quarter of 2020, with a 50% increase in daily average attacks compared to the first half of that year. Have these attacks subsided? Not a chance. In fact, ransomware skyrocketed to 93% in 2021, and attacks — like Foxconn production being disrupted — continue to this day. Yikes.
READ THE STORY: LaptopMag
Items of interest
Google Cloud blocks largest HTTPS DDoS attack ever
FROM THE MEDIA: Google Cloud has claimed to have blocked the largest Layer 7 (HTTPS) DDoS attack to date after a Cloud Armor customer was targeted by a series of attacks that peaked at 46 million requests per second (rps). Google stated the attack, which occurred on June 1, was at least 76% larger than the previously reported HTTPS DDoS record and showed characteristics that link it to the Mēris attack family.
The tech giant said Cloud Armor Adaptive Protection was able to detect and analyze the traffic early in the customer’s attack lifecycle, blocking the attack while ensuring the customer’s service stayed online. The attack comes amid increasing DDoS activity targeting organizations as attackers employ ever more infrastructure and diversity in campaigns.
HTTPS DDoS attack peaked at 46 million requests per second
In a blog post, Google wrote that, at around 9.45 a.m. PT on June 1, 2022, an attack of more than 10,000 rps began targeting a customer’s HTTPS load balancer. “Eight minutes later, the attack grew to 100,000 requests per second,” the firm added. Cloud Armor generated an alert containing the attack signature by assessing the traffic and a recommended rule to block on the malicious signature, Google stated.
The customer’s network security team deployed the recommended rule into its security policy, and it started blocking the attack traffic. “They chose the ‘throttle’ action over a ‘deny’ action to reduce the chance of impact on legitimate traffic while severely limiting the attack capability by dropping most of the attack volume at Google’s network edge,” Google wrote.
“In the two minutes that followed, the attack began to ramp up, growing from 100,000 rps to a peak of 46 million rps. Since Cloud Armor was already blocking the attack traffic, the target workload continued to operate normally.” The attack then began decreasing in size, ultimately ending 69 minutes later at 10:54 a.m. “Presumably the attacker likely determined they were not having the desired impact while incurring significant expenses to execute the attack,” Google stated.
READ THE STORY: CSO ONLINE
Meet the People Behind HackerBox | DEF CON 30 (Video)
FROM THE MEDIA: Meet the People Behind HackerBox | DEF CON 30.
Payment Hacking Challenge DEF CON 2022 (Video)
FROM THE MEDIA: Payment Hacking Challenge DEF CON 2022.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com