Monday, Aug 22, 2022 // (IG): BB //Sponsor: Zanes Hand Made
Ring App Vulnerability Could Expose User’s Phone Data
FROM THE MEDIA: According to a recent report from CheckMarx, their researchers discovered a significant security vulnerability Affecting the Ring mobile app that could risk users’ privacy. Briefly, the researchers noticed multiple security issues with the app that an adversary could exploit in a chained manner. First, they observed the ease of accessibility to the app’s activity for other applications. Hence, a malicious app installed on the same device as the Ring Android app could launch the activity and trick the user into installing other apps.
READ THE STORY: LHN
Hijacking Satellites Is Easier Than You'd Think
FROM THE MEDIA: Hacking a satellite and using it to send out a nationwide broadcast sounds like a plan ripped straight from a spy thriller — but it's actually something you can do in your spare time. You may also think the equipment involved is locked in a vault beneath the Pentagon, but you only need around $300 and access to an uplink station. So for less than the price of a Meta Quest 2, you can hijack one of the many disused satellites whizzing around the rock we live on and relay your demands to the world's governments.
READ THE STORY: SlashGear
Bitcoin ATM General Bytes Hacked Due to Zero Day Bug
FROM THE MEDIA: On August 18th, the world’s largest Bitcoin ATM manufacturer, General Bytes discovered a security flaw. Hackers used a zero-day vulnerability to create an admin user account through the CAS admin panel. This resulted in Bitcoins being siphoned off by the hackers. The attacks used a zero-day vulnerability in the company’s Crypto Application Server (CAS). The CAS manages how the ATM operates, which cryptos are supported, and how cryptocurrency purchases and sales are carried out on exchanges.
READ THE STORY: The Crypto Times
N. Korea launches cyberattack using stolen S. Korean police officer’s ID
FROM THE MEDIA: North Korea has launched a cyberattack using an ID stolen from an actual South Korean police officer who investigates cybercrime. In a press release Wednesday, South Korean cybersecurity firm ESTsecurity said the attack was launched by a hacker who posed as an investigating officer from the advanced security investigation team of a specific South Korean police department. The company said the hacker used a PDF with an official ID card, including a photo and real name. The PDF the hacker used included the official ID card’s QR code, photo, name, department, rank, birthday and contact number.
READ THE STORY: DailyNK
Donot Team cyberespionage group updates its Windows malware framework
FROM THE MEDIA: The Donot Team has been active since 2016, it focuses on government and military organizations, ministries of foreign affairs, and embassies in India, Pakistan, Sri Lanka, Bangladesh, and other South Asian countries. In October 2021, a report released by the Amnesty International revealed that the Donot Team group employed Android applications posing as secure chat application and malicious emails in attacks aimed at a prominent Togolese human rights defender. In the past, the Donot Team spyware was found in attacks outside of South Asia. The investigation also discovered links between the spyware and infrastructure used in these attacks, and Innefu Labs, a cybersecurity company based in India.
READ THE STORY: Security Affairs
Hotels and Travel Companies Targeted by Hacker named TA558, know more
FROM THE MEDIA: This year, a hacker identified as TA558 has increased its activities, launching phishing attempts against numerous hotels and businesses in the hospitality and leisure industries. The threat actor gains access to the target systems, conducts surveillance, steals crucial data, and ultimately embezzles money from clients using a series of 15 different malware families, mostly remote access trojans (RATs). Proofpoint has noticed an increase in TA558 activity recently, which may be related to the tourism industry’s recovery after two years of COVID-19 limitations. TA558 has been active at least since 2018.
READ THE STORY: The Tech Outlook
Russian hacking group Cosy Bear targets Microsoft 365 users in US and NATO countries
FROM THE MEDIA: Cybersecurity firm Mandiant has waned that Russian hacking group APT29, also known as Cozy Bear or Nobelium, has targeted several Microsoft 365 accounts in the US and NATO countries. The firm says that it has been tracking the cyberespionage group since at least 2014. Microsoft 365 uses a variety of licensing models to control a user’s access to the suite of products. The licenses are also used for security purposes and compliance settings such as log retention and Mail Items Accessed logging Purview Audit. The most common licenses are E1, E3 and E5. Users on the E5 license could use Purview Audit to enable the Mail Items Access audit. Mail Items Accessed records the user-agent string, timestamp, IP address, and username each time a mail item is accessed.
READ THE STORY: CNBC TV18
A 'nightmare scenario': Data-tampering attacks are hard to detect, with devastating consequences
FROM THE MEDIA: Imagine a cybersecurity catastrophe like this one: A pharmaceuticals maker suffers a data breach, but no data is stolen and no ransomware is deployed. Instead the attacker simply makes a change to some of the data in a clinical trial — ultimately leading the company to release the wrong drug. It's a hypothetical scenario, for now. Ransomware and the theft of sensitive data remain massive top-of-mind security concerns, of course, but at least there are tools and procedures available to mitigate those issues.
READ THE STORY: Protocol
Malware floods npm and PyPi registries in supply-chain attacks
FROM THE MEDIA: Researchers at security vendor Sonatype say they have found 186 malicious packages in the npm Javascript library registry, which infect Linux hosts with crypto currency mining applications. Sonatype said many of the packages, published by the same pseudonymous npm account, typo-squat to trick users of well-known software like React, using names like r2act. The malicious packages download a malicious Bash shell script to fetch the Monero crypto mining code from the threat actor's server, Sonatype said.
READ THE STORY: ITnews
Alleged Crypto Money Launderer Handed Over to The United States
FROM THE MEDIA: United States Department of Justice (DOJ) reported that an alleged crypto asset launderer Denis Mihaqlovic Dubnikov is getting extradited to the US. The Russian citizen was arrested in the Netherlands and is subjected to face charges in District Court of Oregon. According to the Justice Department, a federal grand jury charged Dubnikov in Portland citing his possible role in the money laundering case. In August, 2021, an international crypto money laundering scheme was planned in which Russian citizens allegedly took part. The statements in an official press release suggests that Dubnikov along with his companions were aware of laundering the money raised after the ransomware attacks. These attacks were said to be carried out on different individuals and institutions all across the country and even in foreign lands.
READ THE STORY: The Coin Republic
Cybersecurity crisis planning: An essential tactic for resilience.
FROM THE MEDIA: First things first: the senior cybersecurity practitioner for most organizations is probably not in charge of the overall, general-purpose crisis management plan. It turns out that there are many kinds of potential crises that a commercial company, a government agency, or academic institution might encounter that don’t involve some kind of ransomware attack by the likes of BlackByte or Pandora, or some kind of cyberespionage operation from nation state operators like Hurricane Panda or Helix Kitten. That means that to prepare the organization for a cyber crisis, security leaders have to plug themselves into the existing crisis management apparatus as one of its key players.
READ THE STORY: The CyberWire
China Wants to Control the World’s Internet—Can It?
FROM THE MEDIA: The Chinese Communist Party (CCP) is actively attempting to control the internet. This might sound like hyperbolic fearmongering—but it’s not. Each year, the Cyber Administration of China hosts the World Internet Conference. In the words of Xi Jinping, the conference was designed to focus on “global internet development and governance.” This year’s conference took place last month. olitico’s Phelim Kine recently wrote the Chinese leader desperately “wants an internet that aligns with the ruling Chinese Communist Party’s concept of cyber sovereignty.” Xi and his colleagues prioritize “absolute government control of online activity—complete with censorship and surveillance—at the expense of privacy and freedom of expression.” This should surprise no one in particular. After all, this is communist China we are talking about.
READ THE STORY: The Epoch Times
Chinese Ambassador To Aotearoa Denies Uyghur Atrocities With Disinformation
FROM THE MEDIA: “In an interview with Jack Tame on Sunday's Q+A program, China’s ambassador to Aotearoa, Wang Xiaolong, deflected enquiry into his government's forced labor atrocities against the Uyghur people with disinformation and blatant propaganda,” said Sam Vincent, spokesperson for Uyghur Solidarity Aotearoa. “The widespread state-sponsored forced labor faced by China’s minority Uyghur population has been documented by the United Nations, the International Labor Organization, and numerous academic experts and non-governmental organizations,” said Vincent.
READ THE STORY: Scoop
Estonia's Battle Against a Deluge of DDoS Attacks
FROM THE MEDIA: The number and frequency of large-scale distributed denial-of-service (DDoS) attacks against Estonian public authorities and businesses has significantly increased in the month of August, Infosecurity Magazine has learned. Infosecurity Magazine spoke to Tõnu Tammer, head of the incident response (CERT-EE) department, Estonian Information System Authority (RIA), to discuss the attacks and what the Estonian government is doing in response. The peak of these attacks, so far, were recorded on August 16 and 17, Tõnu Tammer, head of Incident Response (CERT-EE) department, Estonian Information System Authority (RIA) told Infosecurity.
READ THE STORY: InfoSecurity
Russian Dissidents Aren't In France for the Food
FROM THE MEDIA: “Unbearable.” That’s how a member of Finland’s parliament describes the sight of Russian tourists pouring across the border, stocking up on souvenirs while Vladimir Putin’s army bombs Ukraine. Worse, the fact that some of the tourists travel on into the European Union’s visa-free Schengen zone seems to undermine a sanctions net that’s closed in on oligarch superyachts, golden passports and flights from Russia. Data from insurer Rosgosstrakh PJSC show EU destinations accounted for 25% of their online travel insurance contracts in June and July, with Spain and Italy in the top three, according to Russian Travel Digest.
READ THE STORY: Bloomberg
Chinese espionage group APT41 hacked at least 13 victims in 2021
FROM THE MEDIA: As part of four distinct campaigns in 2021, prolific Chinese state-sponsored espionage group APT41—also known as Barium, Bronze Atlas, Double Dragon, and Wicked Panda—targeted at least 13 organizations in the US, Taiwan, India, Vietnam, and China. Most of the attacks observed as part of these campaigns primarily relied on SQL injections on targeted domains as initial access vectors to infiltrate victim networks, according to a new advisory by Group-IB Security researchers outlining APT41 activities from the start of 2021 to the present. The endpoints would then receive a unique Cobalt Strike beacon from APT41.
READ THE STORY: TEISS
UK - Car Dealership Hit by Major Ransomware Attack
FROM THE MEDIA: One of the UK’s largest family-run car dealerships has admitted suffering a serious ransomware attack last month, which resulted in data theft and the damage “beyond repair” of some core systems. Stoke-on-Trent-based Holdcroft Motor Group was hit with a ransom demand after hackers stole two years’ worth of data including staff information. “On Thursday July 28 2022 the company was the victim of a serious cyber-attack which has caused significant damage to the company's IT infrastructure and has also resulted in the loss of data from our internal storage areas,” read an internal email seen by StokeonTrentLive. “Following internal investigations it has been confirmed that some of the data that has been compromised may contain employee personal data."
READ THE STORY: InfoSecurity
UK Drinking Water Supplier Falls Victim to Clop Ransomware Gang
FROM THE MEDIA: Another critical infrastructure is under attack from hackers. South Staffordshire Water, a drinking water supplier that provides for over 1.6 million people in the UK, falls victim to cyberattack of the Clop ransomware gang, as per ZD Net. In a statement that the company issued, it stated that it was hit by "a criminal cyberattack" causing disruption to corporate IT networks. Clop ransomware group claimed that they were able to obtain access to industrial systems, which control chemicals in the water. However, South Staffordshire Water stated that the case was far from what the gang claimed. According to a statement released by the government, the attack of Clop ransomware group has no impact on water company's ability to safely supply drinking water.
READ THE STORY: iTechPost
Lloyd’s to end insurance coverage for state cyber attacks
FROM THE MEDIA: Insurance market Lloyd’s of London has indicated that it will move to require its insurance groups to exclude “catastrophic” nation state cyber attacks from cyber insurance policies from 31 March 2023. According to the Wall Street Journal, which was first to report the story, the change will supposedly ensure that the scope of cyber insurance policies is made clear to buyers, and is being made because Lloyd’s believes the impact of state-backed attacks is a “systemic risk”. The newspaper cited a 16 August notice written by underwriting director Tony Chaudhry. Chaudhry said Lloyd’s remained strongly supportive of cyber insurance, but that such policies needed to be appropriately managed given the fast-evolving nature of the threat landscape.
READ THE STORY: ComputerWeekly
SSB in Your Pocket
FROM THE MEDIA: In the old days, a shortwave radio was a major desk fixture. These days, you can get truly diminutive radios. However, most of them only have AM capability (that is, no simple way to receive single-sideband or SSB signals) and — maybe — the ability to pick up FM broadcast. Small radios also often have no provision for an external antenna which can be crucial for shortwave radios. [Farpoint Farms] shows off the Raddy RF7860 which is a palm-sided radio, but it has the elusive sideband modes and an external antenna port and wire antenna. It even has a rechargeable battery. Reading the comments, it appears this is a rebadged version of a HanRongDa HRD 747 radio.
READ THE STORY: Hackaday
Crypto Immutability Only Works If All Layers Are Secure
FROM THE MEDIA: With rising institutional interest and adoption of various cryptoassets, including bitcoin but also many other crypto related applications, it seems worthwhile to revisit an often-stated, but potentially misunderstood aspect of blockchain-based assets. In any conversation, presentation, or casual discussion around blockchain or cryptoassets one of the most often cited traits of crypto is the immutability (unhackable) nature of blockchain transactions. As has been proven time and again, via the hacks and other breaches that have cost investors billions of dollars on an annual basis, the protocols, exchanges, and applications that investors leverage are not – as it turns out – immutable.
READ THE STORY: Forbes
DDoS Protection Weaponized to Deliver RATs
FROM THE MEDIA: Security researchers have discovered a new threat campaign designed to trick users into downloading malware capable of hijacking their machine. Discovered by Sucuri, the attacks begin with a malicious JavaScript injection designed to target WordPress sites, resulting in a fake Cloudflare DDoS protection pop-up. These have become increasingly popular over recent years as website owners struggle to detect legitimate users from pervasive bot traffic. “Since these types of browser checks are so common on the web many users wouldn’t think twice before clicking this prompt to access the website they’re trying to visit. However, the prompt actually downloads a malicious .iso file onto the victim’s computer,” Sucuri said in a blog post.
READ THE STORY: InfoSecurity
Zoom patches make-me-root security flaw, patches patch
FROM THE MEDIA: Zoom fixed a pair of privilege escalation vulnerabilities, which were detailed at the Black Hat conference this month, but that patch was bypassed, necessitating yet another fix. Patrick Wardle, cybersecurity researcher and founder of Objective-See, talked about the two macOS Zoom client vulnerabilities at Black Hat, both of which could be exploited a local unprivileged miscreant or rogue application to reliably escalate to root privileges. The two holes could be exploited together to, simply put, feed a malicious update to Zoom to install and run, which shouldn't normally be allowed to happen.
READ THE STORY: The Register
Items of interest
‘Legally Copied’ By Lockheed Martin – Was US Navy’s F-35B, China’s J-20 Derived From Soviet-Russian Aircraft?
FROM THE MEDIA: As the F-35 stealth jets could confront Russian fighters at some point in Europe, the plane and its design were a direct derivative of a former Soviet Union project that could not be completed when the Communist superpower collapsed – the Yakovlev Yak-141.
The Short/Vertical Take-Off and Landing (SVTOL) F-35B naval variant could be called a direct derivative of the Yak-141.
The Russian company had turned to Lockheed Martin in 1991 following the USSR’s dissolution to fund around $350 million when a weakened Russia was trying to normalize ties with Washington.
It is reflected in the single vectoring nozzle located behind the center of gravity and dedicated vertically positioned thrust jets just behind the engine of the Yak-141 that is shared by the F-35B.
READ THE STORY: Eurasiantimes
Becoming an Expert at Locking Picking Village | DEF CON 30 (Video)
FROM THE MEDIA: Becoming an Expert at Locking Picking Village | DEF CON 30.
the DEF CON 30 CTF with CypherTex (Jordan Wiens) | DEF CON 30 (Video)
FROM THE MEDIA: the DEF CON 30 CTF with CypherTex (Jordan Wiens) | DEF CON 30.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com