Tuesday, Aug 23, 2022 // (IG): BB //Sponsor: Zanes Hand Made
APT29’s new Microsoft 365 hacking techniques examined
FROM THE MEDIA: Russian state-sponsored hacking group APT29, also known as Cozy Bear and Nobelium, has been leveraging new tactics, techniques, and procedures in cyberespionage operations targeted at compromising Microsoft 365 accounts, BleepingComputer reports. Mandiant researchers discovered that APT29 has been working on deactivating the Purview Audit feature available to Microsoft 365 users with the E5 license in an effort to prevent compromised account audits. "[Purview Audit] is a critical log source to determine if a threat actor is accessing a particular mailbox, as well as to determine the scope of exposure. It is the only way to effectively determine access to a particular mailbox when the threat actor is using techniques like Application Impersonation or the Graph API," said Mandiant.
READ THE STORY: SCMAG
CISA is warning of high-severity PAN-OS DDoS flaw used in attacks
FROM THE MEDIA: A recent vulnerability found in Palo Alto Networks' PAN-OS has been added to the catalog of Known Exploitable Vulnerabilities from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The security issue is a high-severity risk identified as CVE-2022-0028 that allows a remote threat actor to deploy reflected and amplified denial-of-service (DoS) attacks without having to authenticate. Several PAN-OS versions powering PA-Series, VM-Series, and CN-Series devices are vulnerable to CVE-2022-0028 and Palo Alto Networks has released patches for all of them.
READ THE STORY: Bleeping Computer
Ambiguous 'cybersecurity event' shuts offices in Colorado county
FROM THE MEDIA: Government offices and several public services in Fremont County, Colorado, have been closed since last Wednesday, as officials there attempt to recover from what’s only been described as a “cybersecurity event.” The county, about 75 miles southwest of Colorado Springs, learned of the incident early Wednesday, but was not publicly disclosed until Friday. While county workers were able to report for duty Monday, they’ve lost access to their business email accounts and the county’s regular website. Officials have been posting updates to a temporary page.
READ THE STORY: State Scoop
Greek natural gas operator suffers ransomware-related data breach
FROM THE MEDIA: Greece's largest natural gas distributor DESFA confirmed on Saturday that they suffered a limited scope data breach and IT system outage following a cyberattack. In a public statement shared with local news outlets on Saturday, DESFA explained that hackers attempted to infiltrate its network but were thwarted by the quick response of its IT team. However, some files and data were accessed and possibly "leaked," so there was a network intrusion, even if limited. DESFA deactivated many of its online services to protect client data. However, these services will gradually return to normal operations as experts work towards a careful restoration.
READ THE STORY: Bleeping Computer // Greek Reporter
Cookie theft threat: When Multi-Factor authentication is not enough
FROM THE MEDIA: Multi-factor authentication (MFA) is a good security measure, most of the time. It enables a company to add a layer of security to its corporate VPN, for example. The user, in addition to a (hopefully) strong password, needs to enter another code, which can be accessed from another device. It might be a smartphone via SMS or authentication applications such as Duo or Google Authenticator, or even hardware devices such as a Yubikey. A lot of online services on the web also use this technology nowadays, and more and more will adopt MFA, which is good of course.
READ THE STORY: Tech Republic
China-backed hackers targetted MeitY's NIC, other entities
FROM THE MEDIA: The National Informatics Centre (NIC), which manages IT infrastructure and services for the central government, was targeted by China-sponsored hackers' group RedAlpha, shows a latest cybersecurity report. NIC, which operates under the Ministry of Electronics and Information Technology (MeitY), is the tech partner of the central government. The China-backed hackers’ group has consistently spoofed login pages of the NIC, says the report. Apart from India, Red Dev 3, aka DeepCliff, RedAlpha conducted a multi-year credential theft campaign, targeting global humanitarian, think tanks, and government organizations, says the report by cybersecurity company Recorded Future.
READ THE STORY: Fortune India
Roskomnadzor's Internet panopticon
FROM THE MEDIA: Citing Kommersant, BleepingComputer reports that Roskomnadzor, the Russian Internet "watchdog," has contracted for the development of a tool that will automate Internet scanning to identify objectionable material. The projected tool, "Oculus," is described as a neural network that will use artificial intelligence to scan websites for prohibited information.... The automatic scanner will analyze URLs, images, videos, and chats on websites, forums, social media, and even chat/messenger channels to locate material that should be redacted or taken down." Rozkomnador wants Oculus to be ready on December 12th of this year. The agency has lowballed the contract at 57.7 million rubles, or about $965,000, which observers think grossly inadequate to fund such an ambitious project.
READ THE STORY: The Cyber Wire
Ransomware target Apex Capital declares systems ‘back up and running’
FROM THE MEDIA: A week after Apex Capital Corp. and its subsidiary, TCS Fuel, were targeted in a ransomware attack that knocked its computer systems offline, a company executive said Monday that it’s business as usual. “Our networks for Apex and TCS are back up and running,” Sherry Leigh, chief product and marketing officer at Apex, told FreightWaves. Ransomware gang BlackByte claimed responsibility for infecting the operating systems of Apex Capital, headquartered in Fort Worth, Texas, which, in turn, shut down TCS Fuel’s network. Leigh declined to comment about what data may have been stolen by the hackers who accessed Apex’s system.
READ THE STORY: Freight Waves
New 'BianLian' Ransomware Variant on the Rise
FROM THE MEDIA: Cybercriminals are swarming to deploy an emerging ransomware variant called BianLian that was written in Go, the Google-created open source programming language. BianLian has been rising popularity since it was first outed in mid-July, according to researchers at Cyble Research Labs, which published details on their study of the ransomware in a blog post last week. Threat actors so far have cast a wide net with the novel BianLian malware, which counts organizations in media and entertainment; manufacturing; education; healthcare; and banking, financial services, and insurance (BFSI) among its victims so far.
READ THE STORY: Dark Reading
Alleged Russian ransomware attacker indicted, faces extradition from the Netherlands
FROM THE MEDIA: The U.S. Department of Justice (DOJ) has secured the extradition of Denis Mihaqlovic Dubnikov, a Russian citizen from the Netherlands. He will face trial in the United States on allegations of participating in money laundering for a ransomware group. In a press release, the DOJ accused the 29-year-old of laundering as much as $400,000 that was proceeds from the victims of ransomware attacks. Overall, Dubnikov and his co-conspirators, who are yet to be identified, laundered as much as $70 million extracted using the Ryuk malware variant.
READ THE STORY: Coin Geek
Fake DDoS Protection Alerts Distribute Dangerous RAT
FROM THE MEDIA: Threat actors are spoofing Cloudflare DDoS bot-checks in an attempt to drop a remote-access Trojan (RAT) on systems belonging to visitors to some previously compromised WordPress websites. Researchers from Sucuri recently spotted the new attack vector while investigating a surge in JavaScript injection attacks targeting WordPress sites. They observed the attackers injecting a script into the WordPress websites that triggered a fake prompt claiming to be the website verifying if a site visitor is human or a DDoS bot. Many Web application firewalls (WAFs) and content distribution network services routinely serve up such alerts as part of their DDoS protection service. Sucuri observed this new JavaScript on WordPress sites triggering a fake Cloudflare DDoS protection pop-up.
READ THE STORY: Dark Reading
Russian Spies Allegedly Stealing HIMARS Plans Caught Behind Ukrainian Lines
FROM THE MEDIA: Ukraine captured two Russian spies who were allegedly collecting HIMARS plans as the war between the two countries continues, Ukrainian media reported. Russian President Vladimir Putin launched the invasion of Ukraine on February 24, anticipating a quick victory. However, the Kremlin's military was met with a stronger-than-expected defense from Ukrainian forces. Russia has failed to achieve any major objectives in the war, and fighting has become largely concentrated in eastern Ukraine. Ukraine's defense efforts, in recent months, have been bolstered by M142 High Mobility Artillery Rocket Systems (HIMARS), which have been supplied by Western countries including the United States.
READ THE STORY: Newsweek
TikTok’s In-App Browser Can Monitor Your Activity on External Websites
FROM THE MEDIA: Security researcher and software engineer Felix Krause has revealed startling details about popular applications and explained how these apps track and collect user data through in-app browsers. In his research, Krause examined the codes injected into a website to monitor user activity, including the links clicked or ads checked when the site is opened through an app. The Vienna-based Krause is the founder of Fastlane- an app-testing company acquired by Google in 2017. The researcher is known for his research work highlighting privacy flaws in smartphone devices.
READ THE STORY: HackRead
Black Hat Fireside Chat: Deploying ‘AI’ as a weapon to win the ‘attack surface management’ war
FROM THE MEDIA: In an intensely complex, highly dynamic operating environment, they must proactively mitigate myriad vulnerabilities and at the same time curtail the harm wrought by a relentless adversary: criminal hacking collectives. In short, attack surface management has become the main tent pole of cybersecurity. A rock-solid, comprehensive battle plan has been painstakingly laid out, in the form of the NIST Cybersecurity Framework. And now advanced weaponry is arriving that leverages data analytics to tighten up systems and smother attacks.
READ THE STORY: Security Boulevard
Kaspersky sees increase in vulnerability exploits on old version of Microsoft Office
FROM THE MEDIA: In the second quarter of 2022 (Q2 2022), the number of exploits for vulnerabilities in the Microsoft Office suite increased, accounting for 82% of the total number of exploits across different platforms, according to the latest Kaspersky quarterly malware report. Old versions of applications remain the main targets for attackers, with almost 547,000 users in total being affected through corresponding vulnerabilities in the last quarter. Moreover, the number of users affected by the Microsoft MSHTML Remote Code Execution vulnerability, which was previously spotted in targeted attacks, skyrocketed eight times.
READ THE STORY: Back End News
US Announces Export Bans on Modern Semiconductor Technologies
FROM THE MEDIA: Recently, the US government announced a wave of new export bans that prevent foreign nations (i.e. China) from developing state-of-the-art semiconductors. What exactly does the ban include, how will these hinder China's attempts, and is there any real benefit to the export bans? Since the COVID pandemic of 2020, countries around the world have come to recognize the importance of semiconductors in everyday life and the horrifying truth that the most important semiconductors are made in a few countries that are in close proximity to China.
READ THE STORY: ElectroPages
Over 80,000 exploitable Hikvision cameras exposed online
FROM THE MEDIA: Security researchers have discovered over 80,000 Hikvision cameras vulnerable to a critical command injection flaw that's easily exploitable via specially crafted messages sent to the vulnerable web server. The flaw is tracked as CVE-2021-36260 and was addressed by Hikvision via a firmware update in September 2021. However, according to a whitepaper published by CYFIRMA, tens of thousands of systems used by 2,300 organizations across 100 countries have still not applied the security update.
READ THE STORY: Bleeping Computer
Former Apple Employee Xiaolang Zhang Pleads Guilty
FROM THE MEDIA: Xiaolang Zhang, a former Apple employee who was accused of stealing computer files with trade secrets about Apple’s secretive car division, pleaded guilty in federal court in San Jose on Monday. Zhang’s plea agreement with the U.S. government is under seal, according to court filings on Monday. Zhang faces as much as 10 years in prison and a $250,000 fine after pleading guilty to a felony charge of theft of trade secrets. Sentencing is scheduled for November.
READ THE STORY: Vigour Times
U.S.-Mexico Cyber Talks Begin With Focus On Critical Infrastructure
FROM THE MEDIA: Last week, the U.S.-Mexico Working Group on Cyber Issues announced it held its first dialogue on Aug. 10, with a focus on advancing the two nations’ cooperation on cyberspace and Internet security issues. While cybersecurity dominated, the group’s first formal discussions also covered cybercrime prevention efforts and preventative measures taken via cyber hygiene and best practice adherence. “Both governments committed to continue strengthening cooperation to build a more secure, resilient region and expand collaboration to address shared threats in cyberspace,” the press announcement read. “These efforts will bolster the ability of the two countries’ societies and economies to benefit from the opportunities that new digital and information technologies offer.”
READ THE STORY: Nextgov
Ukraine’s agricultural sector set to attract cyber attacks, experts warn
FROM THE MEDIA: The invasion, which began on 24 February, has had dramatic consequences regarding food security. Given the major role both Ukraine and Russia have in agri-food world trade, the war has resulted in a hike in food prices, with the risk of famine looming large in the Global South. Control over the passage of cargo ships through Ukraine’s ports has quickly become a source of political leverage for the Russians. However: more disruption of Ukraine’s agricultural output may be yet to come. Due to the ongoing conflict exposing the magnitude of the ripple effects of these disruptions, the sector is catching the attention of cyber threat actors, Cisco’s Talos Intelligence Group warned.
READ THE STORY: EURACTIV
Hackers demand $10m to end cyber attack on Paris regional hospital
FROM THE MEDIA: A hospital southeast of Paris has been the victim of an ongoing cyber attack since the weekend, with disruption to emergency services and surgeries as hackers demand a ransom of $10 million to call off the digital assault. The CHSF Hospital Centre in Corbeil-Essonnes, southeast of the French capital, has been the victim of a computer attack that began late Saturday night. Hackers have reportedly issued a demand of $10 million dollars – in English – for the ransomware attack to be stopped.
READ THE STORY: Yahoo Sports
Laptop denial-of-service via music: the 1980s R&B song with a CVE!
FROM THE MEDIA: You’ve probably heard the old joke: “Humour in the public service? It’s no laughing matter!” But the thing with downbeat, blanket judgements of this sort is that it only takes a single counter-example to disprove them. Something cannot universally be true if it is ever false, even for a single moment. So, wouldn’t it be nice if the public service could be upbeat once in a while…
READ THE STORY: Naked Security
FBI Warns of ‘Zeppelin’ Ransomware Attacks Targeting Bay Area Companies
FROM THE MEDIA: A new threat has emerged, putting health care facilities and other firms on the defensive, according to federal authorities. It isn’t the next strain of the Covid virus, which mercifully seems to be on the downswing after an extended summer surge. Instead, law enforcement is warning of a spike in ransomware attacks targeting the health care sector, tech companies and even school districts. A cybersecurity alert published earlier this month by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) detailed new trends in the attacks, common techniques used to breach systems and indicators of compromised cybersecurity.
READ THE STORY: San Francisco Standard
Phishing campaign preying on hotels and travel firms
FROM THE MEDIA: A cybercrime group tracked as TA558 is behind a recent phishing campaign targeting hotels and other entities operating in the hospitality and travel sector. Proofpoint researchers say they are keeping an eye on a malware campaign run by TA558, which uses a collection of 15 different malware families, typically remote access trojans (RATs), to infiltrate target systems, steal crucial data, and ultimately siphon money from customers.
READ THE STORY: Computing
Bug Hunters Wanted: Bounty Programs Prove Fruitful for DHS, DOD
FROM THE MEDIA: After a variety of successful bug-hunting pilot programs, the Department of Defense and the Department of Homeland Security are boosting efforts to find and fix bugs throughout their digital infrastructure. Launched in December 2021, the first phase of the Hack DHS program found more than 122 vulnerabilities, 27 that were critical. DHS awarded $125,000 to participants who found the bugs. “The enthusiastic participation by the security researcher community during the first phase of Hack DHS enabled us to find and remediate critical vulnerabilities before they could be exploited,” DHS CIO Eric Hysen said in a release announcing the completion of phase one.
READ THE STORY: Fed Tech
Disinformation Messaging Shifting to Food Shortages
FROM THE MEDIA: New research conducted in partnership by Rutgers University’s Miller Center for Community Protection and Resilience and the Network Contagion Research Institute found that Russian disinformation actors and online conspiracy communities like QAnon are shifting their focus from anti-COVID vaccines to the looming food crisis. “The efforts of hostile state actors and extremist groups to destabilize our institutions have exploited each new crisis, from the 2020 election to the Covid pandemic, to undermine confidence in our institutions,” explained Miller Center Director John J. Farmer, Jr. “
READ THE STORY: Govtech
‘Data broker’ Oracle misleads billions of consumers, lawsuit alleges, enables privacy end-arounds
FROM THE MEDIA: At least one Big Tech firm has glided mostly under the radar during the recent techlash — Oracle — but that relative obscurity might be coming to an end. A class-action lawsuit filed against the data giant by some heavy-hitters in the privacy world alleges that Oracle combines some of the worst qualities of Google and Facebook, at a scale even those firms have trouble matching. Oracle has incredibly intimate information on 5 billion people around the planet — and the lawsuit alleges that the firm trades on that information largely without anyone’s consent.
READ THE STORY: Bob Sullivan
Items of interest
European Cybersecurity in Context: A Policy-Oriented Comparative Analysis
FROM THE MEDIA: Worldwide connectivity has unleashed global digitalization, creating cross-border social networks for communicating and spreading information. The use of digital identity for democratic procedures is becoming a reality and public services are shifting towards using digital tools to implement simplified procedures. Businesses worldwide have benefitted from implementing information technologies’ tools, and industry 4.0 increasingly relies on cloud services and the internet. Likewise, the e-commerce and platforms economy has developed in a way that was unthinkable only 30 years ago.
READ THE STORY: Security Affairs
Hacking Flight Sims at DEF CON 30 (Video)
FROM THE MEDIA: Hacking Flight Sims at DEF CON 30.
DEF CON 30 - Rogues Village Interview (Video)
FROM THE MEDIA: DEF CON 30 - Rogues Village Interview.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com