Wednesday, Aug 24, 2022 // (IG): BB //Sponsor: ShadowNews
US CISA Warns of Bug in Palo Alto's Firewall Software
FROM THE MEDIA: A warning from Palo Alto that a vulnerability in its products was used to launch an attempted distributed denial of service attack is prompting the U.S. government to give federal agencies until Sept. 12 to ensure they've applied a fix. The company says a threat actor attempted to launch a DDoS attack on an unidentified target by taking advantage of a misconfiguration allowing attackers to bounce internet traffic off a Palo Alto firewall and onto a third party.
READ THE STORY: Bank InfoSec
FBI Warns Cybercriminals Hijacking Home IP Addresses For Credential Stuffing
FROM THE MEDIA: Cyber-criminals are increasingly hijacking home IP addresses to hide credential stuffing activity and increase their chances of success, the FBI has warned. Credential stuffing is a popular method of account takeover whereby attackers use large lists of breached username/password 'combos' and try them across numerous sites and apps simultaneously to see if they work. As many individuals reuse their credentials, they often do.
READ THE STORY: InfoSec Mag
Greece's largest natural gas distributor suffers a Ragnar Locker ransomware attack
FROM THE MEDIA: On Saturday, DESFA confirmed that the cyber attack involved threat actors attempting to infiltrate its internal IT infrastructure. However, the attackers were not able to compromise internal systems completely thanks to the quick response from the company’s IT teams. The critical infrastructure company has, however, confirmed that the hackers were able to take over some internal systems and access a limited amount of files and data. DESFA has also confirmed that it will gradually resume daily operations as experts are working carefully to restore normal operations.
READ THE STORY: TEISS
China - Operation Qinglang: Nationwide campaign to crack down on cyber violence
Possible CCP Propaganda
FROM THE MEDIA: More than 65.41 million pieces of harmful information have been deleted and more than 78,000 illegal accounts have been shut down for cyber violence in an annual special campaign to regulate internet activities, said Sheng Ronghua, deputy director of the Cyberspace Administration of China (CAC), at a press conference on Tuesday. The special campaign, named Operation Qinglang, was launched by the CAC in 2021, aiming at tackling disorder on the internet and creating a better online ecosystem in China.
READ THE STORY: GT
Chinese tech firms under wider scrutiny in India
FROM THE MEDIA: Having experienced income tax searches, exclusion from 5G telecom trials and increasing restriction on research collaborations, The Hindu learnt from sources that Chinese telecom major Huawei may downsize its research and development (R&D) facilities in India — indicative of an endgame for its Indian operations. Other than Huawei, sector peers ZTE, Vivo, Xiaomi and Oppo too have had their offices searched in the past few months. This is believed to be part of a series of government measures aimed at checking Chinese corporate influence in the country.
READ THE STORY: HT
Australia - Telstra Found Malware In Digicel’s Systems
FROM THE MEDIA: Outgoing Telstra CEO Andrew Penn has revealed that a security sweep of its recently-acquired telco Digicel found “multiple instances of malware resident in its systems”. Digicel is the largest telco in the Pacific, with 2.5 million subscribers. It runs 3G and 4G networks across PNG, Fiji, Samoa, Vanuatu and Tahiti. Telstra completed its A$2.4 billion takeover of Digicel Pacific in June, a purchase widely seen as a political move to counter China’s creeping influence in the region.
READ THE STORY: Channel News
Musk Welcomes a Whistleblower
FROM THE MEDIA: Of the many things that can be said about Elon Musk, one that I often return to is that he is really a CEO for the people. By that, I mean he’s an executive whose image is perpetually shaped and bolstered by the masses who adore him, look up to him or are in other ways obsessed by him. And so it is somewhat fitting that he appeared to receive some legal help not from the courts but from the people, specifically a former Twitter executive who decided in this moment to go public with a whistleblower complaint that included, among other things, the allegation that Twitter has no idea how many bots are on its platform.
READ THE STORY: The Information
Meta reaches $37.5 mln settlement of Facebook location tracking lawsuit
FROM THE MEDIA: Meta Platforms Inc (META.O) reached a $37.5 million settlement of a lawsuit accusing the parent of Facebook of violating users' privacy by tracking their movements through their smartphones without permission. A preliminary settlement of the proposed class action was filed on Monday in San Francisco federal court, and requires a judge's approval. It resolved claims that Facebook violated California law and its own privacy policy by gathering data from users who turned off Location Services on their mobile devices.
READ THE STORY: Reuters
China's tech juggernauts form metaverse research institute
FROM THE MEDIA: While Meta has been hemorrhaging billions trying to bring CEO Mark Zuckerberg's metaverse to life with little to show for it, China has decided it too will take a crack at the virtual-reality concept. This week reports emerged in China's state-owned Shanghai Securities Journal that some of the nation's most powerful tech companies have joined forces to form the "Joint Research Institute of Metaverse and Virtual-Real Interaction" in Shanghai.
READ THE STORY: The Register
Initiative aims to tackle cyber threats as self-driving cars gain traction
FROM THE MEDIA: Two tech entities are teaming up to develop an industry-wide cybersecurity framework for autonomous vehicles in an effort to address cyber-related risks as companies look to take self-driving vehicles into the mainstream. The Association for Uncrewed Vehicle Systems International (AUVSI), a nonprofit organization that promotes the advancement of autonomous systems and robotics, said the framework will be based on cyber standards Fortress Information Security helped develop for the utilities industry. Fortress is a security service firm that protects critical industries from cybersecurity threats.
READ THE STORY: The Hill
China warns against monopolies, hoarding in photovoltaic industry
FROM THE MEDIA: China's industry ministry issued a notice on Wednesday to promote and optimize the development of the country's photovoltaic industry, warning against market monopolies and encouraging development of power and storage projects. Due to supply and demand mismatches, severe price fluctuations, and hoarding in the supply chain of the photovoltaic industry, there is an "urgent need to deepen industry management," the ministry said.
READ THE STORY: News Yahoo
China’s Belt and Road Initiative to Set Future Global Tech Standards
FROM THE MEDIA: China’s growing technological expertise along its digital silk road is expected to set benchmarks for the rest of the world to follow, according to analysts. President of China’s ambitious Belt and Road Initiative (BRI) started down the digital silk road long before the rest of the world began talking about connected smart cities and technology-driven solutions. As China continues to expand its digital footprint in sectors as diverse as cloud computing, 5G, surveillance technology and virtual currency, observers see movement in some areas toward Chinese technological dominance.
READ THE STORY: Open GOV ASIA
China bans nationalist blogger who rallied against tech giant
FROM THE MEDIA: China has blocked the social media accounts of a nationalistic blogger who waged a campaign against a major Chinese tech firm, in the latest censorship of an outspoken patriotic voice. Sima Nan’s Twitter-like Weibo account, where he has more than 3.1 million followers and regularly posts anti-American commentary, was marked restricted for “violating relevant laws and regulations” over the weekend, meaning he temporarily cannot post on the site.
READ THE STORY: The Star
Huawei CEO reportedly puts company in survival mode
FROM THE MEDIA: Huawei CEO Ren Zhengfei has reportedly told staff that tough economic times represent a real threat to the company. Reports in Chinese outlets Yucai and NetEase allege that Ren posted a missive on Huawei’s internal networks in which the CEO called for the company to prioritize cash flow and profit instead of growth and scale. Ren’s reasoning is that the global economy is in for up to a decade of depressed demand, with very tough years expected from 2023 to 2025 – a period during which a focus on survival will be necessary.
READ THE STORY: The Register
US, Israel sign deal to combat ransomware, protect critical financial infrastructure
FROM THE MEDIA: The Israeli Ministry of Finance and the U.S. Department of the Treasury signed a Memorandum of Understanding on Tuesday to establish a bilateral partnership to protect critical financial infrastructure and emerging technologies and expand international cooperation to counter the threat ransomware poses to countries and the global economy. This expanded cooperation, initially announced last November following a meeting between Deputy Secretary of the Treasury Wally Adeyemo, Finance Minister Avigdor Lieberman, and Director General of the National Cyber Directorate Yigal Unna, will occur under the auspices of a broader U.S.-Israeli Task Force on Fintech Innovation and Cybersecurity.
READ THE STORY: CTECH
New Black Basta Ransomware Attack Brings Down 50 Organizations Globally
FROM THE MEDIA: As hackers found more and more ways to exploit information security loopholes, they started using a new strain of ransomware called “Black Basta” ransomware virus. While the linkages are yet to gain momentum as regular patterns, it’d be worth observing to see how a new threat as Black Basta could become a huge problem for your enterprise. The Black Basta is a program that steals confidential data, encrypts the data before exfiltration, and then threatens victims with the public release of decrypted stolen data.
READ THE STORY: Security Boulevard
Ransomware-hit Greek natural gas provider nixes negotiations with attackers
FROM THE MEDIA: Despite confirming being hit by a ransomware attack, Greek natural gas operator and distributor DESFA rejected entering negotiations with its attackers, with the Ragnar Locker ransomware group, which admitted responsibility for the attack, including the organization to its leak site on Friday, reports The Record, a news site by cybersecurity firm Recorded Future. DESFA announced on Saturday that some of its systems have been disrupted by the ransomware attack against its IT infrastructure, with some files and directories possibly exposed. However, it emphasized that the operation of the National Natural Gas System has remained normal.
READ THE STORY: SCMAG
Microsoft Cyber Signals tracks ransomware’s new business model
FROM THE MEDIA: SRansomware-as-a-service (RaaS) has become the dominant business model followed by a wider range of criminals regardless of technical expertise. This is one of the key findings in Microsoft’s latest cyberthreat intelligence brief, Cyber Signals, which focused on security trends and insights gathered from its global security signals and experts. The RaaS economy allows cybercriminals to purchase access to ransomware payloads and data leakage as well as payment infrastructure.
READ THE STORY: Back End News
Microsoft Defender stomps even harder against ransomware in AV-TEST's latest ranking
FROM THE MEDIA: Antivirus assessment firm AV-TEST recently released its latest malware protection test for the month of April. In its test, AV-TEST found that Microsoft Defender's performance was back again at the levels expected after a slightly poorer showing in the previous rankings. The improvement has also been carried over to the ransomware protection too as Defender has now scored the full points in not only the corporate edition test but also in the consumer edition test.
READ THE STORY: NEOWIN
Why Data Fragmentation is a Top Concern for Cloud-Focused Enterprises?
FROM THE MEDIA: The ubiquity of ransomware attacks has become such a scary scenario for enterprises that the issue has escalated to a board-level one. Every year, data rises exponentially, making it increasingly difficult to manage. There are numerous cloud alternatives available due to the fact that different vendors offer distinct clouds. There are both on-premises and edge infrastructure. The number one issue that occurs is that data becomes scattered everywhere.
READ THE STORY: EnterpriseTalk
AWS Streamlines Data Protection by Simplifying Snapshot Creation
FROM THE MEDIA: Amazon Web Services (AWS) has made it simpler to capture snapshots of multiple volumes residing on the Amazon Elastic Block Storage (EBS) service. Nancy Wang, general manager for AWS data protection and governance, said the goal is to make it easier for cybersecurity and IT teams to protect data residing on the EBS cloud service. The Amazon EBS service enables IT teams to back up volumes at any time using EBS Snapshots that retain the data from all completed I/O operations to facilitate backup and recovery. AWS is now making it possible to create crash-consistent snapshots for a subset of EBS volumes.
READ THE STORY: Security Boulevard
North Korea Cyber Threat Group ‘Lazarus’ Targets M1 Mac with Signed Executables
FROM THE MEDIA: The malware, Interception.dll, is designed to execute by loading three files: a decoy PDF document and two executables FinderFontsUpdater.app and safarifontagent, according to a series of tweets by ESET Research. Compiled for M1 processor-based Macs and Intel silicon, the malware was uploaded to VirusTotal from Brazil, ESET said. To get to their targets, the attackers used social engineering via LinkedIn “hiding behind the ruse of attractive, but bogus, job offers,” ESET said, adding that it was likely part of the Lazarus campaign for Mac and is similar to research done by ESET in May.
READ THE STORY: Security Boulevard
John Deere tractor hack reveals food supply vulnerable to cyber attacks
FROM THE MEDIA: Hacking a tractor to install a video game may seem like a funny prank, but it has confirmed security experts' fears about the vulnerability of our food supply to cyber attacks. Australian security researcher Sick Codes hacked a John Deere 4240 display and installed the vintage 1990s video game DOOM, demonstrating his control of the system, to encourage agricultural technology developers to take security more seriously.
READ THE STORY: ABC AU
Fu Manchu Strikes Again, Targets Apps, Cellphones, Needy Countries, Poor People
FROM THE MEDIA: Dr Fu Manchu, or Fu Manzhou in Chinese, is an immortal arch-villain. He dwells in the adventure stories written by English author Sax Rohmer from before World War I and for the next 40 years as the age of Western imperialism faded. Fu Manchu was a big hit for his sheer malevolence. He graduated onto celluloid from the silent movie days — the first appearance being The Zayat Kiss in 1912 and later, The Face Of Fu Manchu, The Brides Of, The Blood Of, The Mask Of, The Castle Of, The Vengeance of the Mysterious Dr Fu Manchu.
READ THE STORY: News 18
An anatomy of crypto-enabled cyber crime
FROM THE MEDIA: That is from the synopsis of an interesting new paper by Lin William Cong, Campbell Harvey, Daniel Rabetti and Zong-Yu Wu. It is a fairly comprehensive look at the criminal ecosystem built on top of the cryptocurrency boom, ranging from hacking, money laundering, scams, ransomware, sextortion and illegal commerce. Obviously, the data on these crimes are pretty murky, but when it comes to organized ransomware, Chainalysis reckons that the biggest gangs — primarily Conti, DarkSide, and Phoenix Cryptolocker — extorted at least $180mn from victims in 2021.
READ THE STORY: FT
How Criminals Are Weaponizing Leaked Ransomware Data
FROM THE MEDIA: Accenture's cyber threat intelligence team has analyzed the top 20 most active dedicated ransomware leak sites to learn how threat actors are posting sensitive corporate information and making the data easier to search and exploit. Robert Boyce, Accenture's Global Cyber Response Lead, explains how cybercriminals are weaponizing stolen ransomware data for follow-up attacks. Boyce says criminals are indexing the data, making it more searchable and "doing their own analytics on that data to be able to identify really interesting business processes and identities of people within organizations."
READ THE STORY: GOV INFOSEC
Items of interest
What role will the UK play in the South China Sea under its new maritime strategy?
FROM THE MEDIA: Recently, the UK government released the new version of the National Strategy for Maritime Security (hereinafter referred to as the "Strategy"). The UK believes the move will demonstrate its "critical role in supporting a rule and principle-based international order" at a time rife with global tensions. The new version of the "Strategy" explains the connotation and extension of maritime security and its significance to the UK and sets strategic goals and implementation paths in the field of national maritime security. It can be seen as a window to observe the UK's maritime policy over the next five years or even longer, and it may also have a certain impact on the global ocean governance pattern.
READ THE STORY: China Daily
The Wiper Virus That Nearly "Erased" the World's Biggest Casino Darknet Diaries Ep. 37: LVS(Video)
FROM THE MEDIA: When the billionaire CEO of the world's largest casino company casually suggested that we should nuke Iran, hackers were pissed. Their ensuing cyber destruction is one for the history books.
This is how cars are hacked. Just like in Mr Robot. (Video)
FROM THE MEDIA: The Mr Robot series with OTW (Occupy the Web) continues. OTW explains how hacks shown in the Mr Robot TV Series actually work (and if they are actually realistic). He compares real world car hacking vs what is shown in the TV series.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com