Saturday, Aug 27, 2022 // (IG): BB //Sponsor: ShadowNews
Iran shows off homemade drones in large-scale exercise
FROM THE MEDIA: The Army of the Islamic Republic of Iran wrapped up a two-day nationwide drill in which as many as 150 drones were tested in combat, reconnaissance and electronic warfare operations. The wide range of the unmanned aircraft included Kaman, Mohajer, Ababil and Arash drones, which Iran says were fully developed domestically. The exercise was held in multiple land locations as well as in the Persian Gulf waters and the Sea of Oman. According to the drill's spokesperson, Vice Adm. Mahmoud Mousavi, the drones successfully struck mock enemy positions using precision missiles and other weapons.
READ THE STORY: Al Monitor
Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus
FROM THE MEDIA: Threat actors abused a vulnerable anti-cheat driver, named mhyprot2.sys, for the Genshin Impact video game to disable antivirus software. According to Trend Micro, a cybercrime gang abused the driver to deploy ransomware. The driver provides anti-cheat functions, but threat actors have found a way to use it to escalate privileges and kill the processes and services associated with endpoint protection applications.
READ THE STORY: Security Affairs
The number of companies caught up in the Twilio hack keeps growing
FROM THE MEDIA: The fallout from this month's breach of security provider Twilio keeps coming. Three new companies—authentication service Authy, password manager LastPass, and food delivery service DoorDash—said in recent days that the Twilio compromise led to them being hacked.The three companies join authentication service Okta and secure messenger provider Signal in the dubious club of Twilio customers known to be breached in follow-on attacks that leveraged the data obtained by the intruders. In all, security firm Group-IB said on Thursday, at least 136 companies were similarly hacked, so it's likely many more victims will be announced in the coming days and weeks.
READ THE STORY: ArsTechnica
Hackers Steal Portions Of LastPass Source Code But Don't Panic Says Company
FROM THE MEDIA: The password manager LastPass has published a blog post notifying users of a recent data breach. According to the CEO, Karim Toubba, the breach affected parts of the company’s development environment but did not touch any databases containing user data or passwords. Rather than stealing user information, it seems that the threat actor behind this breach instead stole portions of LastPass source code, as well as some proprietary technical information. We’ll have to see whether the thief comes forward to publish this stolen information, either for sale or as part of an extortion scheme.
READ THE STORY: Hothardware // The Teal Mango
DoorDash discloses new data breach tied to Twilio hackers
FROM THE MEDIA: Food delivery firm DoorDash has disclosed a data breach exposing customer and employee data that is linked to the recent cyberattack on Twilio. In a security advisory released Thursday afternoon, DoorDash says that a threat actor gained access to the company's internal tools using stolen credentials from a third-party vendor that had access to their systems. "DoorDash recently detected unusual and suspicious activity from a third-party vendor's computer network. In response, we swiftly disabled the vendor's access to our system and contained the incident," explains the DoorDash security notice.
READ THE STORY: Bleeping Computer
Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access
FROM THE MEDIA: The Log4Shell flaw (CVE-2021-44228) made the headlines in December after Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for the critical remote code execution zero-day vulnerability (aka Log4Shell) that affects the Apache Log4j Java-based logging library. The flaw can be exploited for remote code execution and it has been leveraged by both profit-driven cybercriminals and state-sponsored cyberspies. Log4Shell impacts the products of several major companies that use Log4j, but in many attacks, the vulnerability has been exploited against affected VMware software.
READ THE STORY: Security Affairs
Ukraine's New Black Hornet Drones Can Spy on Russian Military Undetected
FROM THE MEDIA: Norway and Great Britain are jointly providing Ukraine with "Black Hornet" military micro-drones that can be used to spy on Russian forces due to their minute size. The drones can fit in the palm of one's hand and are described by The Debrief news site as the "smallest operational military micro-drone in the world," measuring about 4 inches by 1 inch from tip to tail with a 4-inch rotor span, and weighing 16 grams. They are manufactured by U.S.-based Teledyne FLIR but built at a facility in Norway.
READ THE STORY: Newsweek
What Is VAMPIRE? U.S. Gives Ukraine Weapons System for Shooting Down Drones
FROM THE MEDIA: The United States revealed it will be sending a counter-unmanned aerial system known as the VAMPIRE to Ukraine as part of its latest military aid package. On August 24, Ukraine's Independence Day, the Pentagon announced that it will be supplying the country with nearly $3 billion in equipment and ammunition as it fights the Russian invasion. Among the biggest tranche of security assistance for Ukraine that the U.S has sent to date includes an unspecified number of counter-drone systems called Vehicle-Agnostic Modular Palletized ISR Rocket Equipment, or VAMPIRE, a spokesperson for L3 Harris, a technology company and defense contractor, confirmed to Newsweek.
READ THE STORY: Newsweek
Iranian drone sales to Russia underline worries for nuke deal critics
FROM THE MEDIA: Russia has obtained hundreds of Iranian drones capable of being used in its war against Ukraine, despite US warnings to Tehran not to ship them, according to Western intelligence officials. It’s unclear whether Russia has begun flying the drones against Ukrainian targets, but the drones appear to be operational and ready to use, said the officials, who spoke on condition of anonymity to discuss sensitive intelligence. The reported shipment marks the latest sign of what appears to be closer military cooperation between the longtime allies.
READ THE STORY: Times of Israel
Mailchimp Security Breach Compromises DigitalOcean Customer Email Addresses Causing Friction
FROM THE MEDIA: Cloud infrastructure company DigitalOcean disclosed that a Mailchimp security breach exposed its customer email addresses. The marketing automation platform unexpectedly disabled DigitalOcean’s Mailchimp account preventing email confirmations, password resets, alerts, and transaction emails from reaching its customers. Similarly, a customer complained on the same day that their email password was reset without their consent. However, DigitalOcean received an email from Mailchimp saying its account was disabled for violating terms of service.
READ THE STORY: CPO
Bogus DDoS protection pages distribute malware
FROM THE MEDIA: Researchers at Sucuri warn that fake DDoS protection pages, the sort that ask visitors to perform a browser check before proceeding, are distributing malware in drive-by attacks. "Unfortunately, attackers have begun leveraging these familiar security assets in their own malware campaigns. We recently discovered a malicious JavaScript injection affecting WordPress websites which results in a fake CloudFlare DDoS protection popup," Sucuri writes. "Since these types of browser checks are so common on the web many users wouldn’t think twice before clicking this prompt to access the website they’re trying to visit.
READ THE STORY: The Cyberwire
Twitter Has Bigger Problems Than The Whistleblower – But Now The Spotlight Is On The Company
FROM THE MEDIA: There is a common misconception among criminals that it isn't a crime if you don't get caught. Yet, most law abiding citizens would contend that getting caught is not what makes it a crime, it was a crime before it was committed. Likewise, many companies may not have considered the seriousness of internal problems until a whistleblower brings them to the world's attention. That could certainly be the case with Twitter, after the social media company's former security chief warned lawmakers and regulators last month that the platform apparently had neither the incentive nor the resources to properly measure the full scope of bots on its platform, according to a 200-page whistleblower disclosure.
READ THE STORY: Forbes
Ransomware Groups Can Adapt Malware Code to Different Operating Syetems Simultaneously, Kaspersky Research Finds
FROM THE MEDIA: New ransomware gangs have adapted their malware to different computer operating systems, potentially causing even more damage to organizations, reports cybersecurity company Kaspersky. Kaspersky researchers reveal that the RedAlert and Monster cyberattack groups have struck different operating systems without resorting to multiplatform languages. Kaspersky notes the discovery of “one-day exploits that may be executed by ransomware groups in order to achieve their financial ambitions.”
READ THE STORY: MSSP Alert
Prevent DDoS Attacks with Proper Cybersecurity
FROM THE MEDIA: You may have heard the term “DDoS attack” mentioned in online circles, especially when talking about website security, but what is it exactly? A DDoS, or distributed denial-of-service, attack is an attempt by a cybercriminal to flood a server with traffic to overwhelm its infrastructure. This causes a site to slow to a crawl or even crash so legitimate traffic won’t be able to reach the site. This type of attack can do a lot of damage to your online business. These cyberattacks can run a wide range of purposes, from annoyance and “hacktivism” to massive loss of business. What makes these unique compared to other forms of hacking is the motivation. While other forms of malware, like ransomware and scareware, are attempts to siphon money from a victim, DDoS attacks are purely designed for chaos and disruption.
READ THE STORY: Security Boulevard
China-Linked Bots Attacking Rare Earths Producer ‘Every Day’
FROM THE MEDIA: Fake social media accounts linked to the Chinese Communist Party are posting daily attacks on Lynas Rare Earths Ltd., according to the Australian company. Cyber-protection experts say the campaign is targeting US and Australian collaboration on critical mineral supply chains. First made public in June, the attacks are focusing on Lynas’ environmental record in Malaysia in an attempt to turn public opinion against a new plant it’s building in Texas with US government funding.
READ THE STORY: Bloomberg // WION
Taiwan to utilize Web 3.0 technology in its battle against Chinese cyberattacks
FROM THE MEDIA: Officials in Taiwan are preparing for the official launch of its new Ministry of Digital Affairs (MODA) office on August 27 amid escalating tensions between China and the island country located at the western edge of the Pacific Ocean. Its launch is part of a multi-pronged approach designed to protect against Chinese cyberattacks, which have been on the rise in recent months amid visits from high-level U.S. diplomats, including Congresswoman Nancy Pelosi. The new ministry will be in charge of policies related to information, telecommunications, communications, information security and the internet when it launches, with information security coming in as the most pressing concern currently.
READ THE STORY: Kitco
How U.S. Could Stop Potential Midterm Election Meddling from China, Russia
FROM THE MEDIA: The U.S. government will defend the midterm elections from potential interference by China and Russia through co-operation between government agencies and with a focus on potential cyberattacks. The Department of Defense (DOD) published a statement on its website on Thursday from the Cyber National Mission Force and National Security Agency (NSA) warning of potential interference by foreign actors with less than three months to the midterms. The joint Cybercom-NSA Election Security Group (ESG) was activated again in early 2022 in advance of the elections, and the DOD outlined some of the possible threats facing the U.S. this year.
READ THE STORY: Newsweek
China Will Ultimately Overtake the U.S. in Outer Space, a New Study Warns
FROM THE MEDIA: The U.S. might be celebrating the impending launch of the Space Launch System (SLS) moon rocket and the serial successes of the James Webb Space Telescope, but according to at least some experts, there’s a potential skunk at the cosmic picnic: China. As Defense One reports, a new analysis conducted by experts from the Space Force, Air Force, Defense Innovation Unit, and more have concluded that, when it comes to playing the long game in space, Beijing may have the U.S. beat.
READ THE STORY: WANDTV
DHS shuts down disinformation board months after its efforts were paused
FROM THE MEDIA: The Department of Homeland Security has officially disbanded its controversial disinformation board, months after it was put on pause amid intense Republican-led backlash. In May, the department's "Disinformation Governance Board" initiative was halted after weeks of attacks, including those aimed at the disinformation expert appointed to lead the effort. The board was intended to coordinate department activities related to disinformation aimed at the US population and infrastructure. On Wednesday, it was formally terminated.users to access, then demands a ransom payment in bitcoin in order to decrypt them.
READ THE STORY: Time
Using old-school honey trap tactics to spy on NATO made perfect sense for Russia
FROM THE MEDIA: After invading Ukraine in 2014 it made sense, from a Russian point of view, to keep a close eye on Nato movements. Perhaps that’s why the mysterious Maria Adela, socialite and jewellery designer, set up shop in Naples, home to one of NATO’s two major military headquarters. Southern Italy also hosts the Sigonella air base from which US Global Hawk drones are currently monitoring events in Ukraine. The region therefore boasts a target-rich environment, a Russian sleeper agent might say.
READ THE STORY: Dunya
Russian Hackers Attacked Ukraine More Than 1,000 Times Since Start Of Invasion
FROM THE MEDIA: Since the start of the full-scale invasion, 1,123 cyberattacks have been launched against Ukraine. The press service of the State Special Communications Service of Ukraine said in a Telegram post, Ukrinform reports. 'During the six months of the war, the national Computer Emergency Response Team of Ukraine CERT-UA, which operates under the State Special Communications Service, recorded 1,123 cyberattacks,' the report says.
READ THE STORY: MENAFN
Montenegro Suspects Russia for an Unprecedented Cyber Attack
FROM THE MEDIA: The National Security Agency of Montenegro stated that several Russian agencies were behind the unprecedented cyber attack against Montenegrin institutions, BTA reported. Montenegro's intelligence agency also said it feared the attack had not yet reached its peak and that all "key infrastructure", such as the electricity system or water supply, could be targeted. The announcement said that such an attack had not been carried out anywhere else and that the methodology of the attack was specific to Russian agencies.
READ THE STORY: NOVINITE
Update to the Joint Alert on Zimbra exploitation
FROM THE MEDIA: The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) Monday updated Alert AA22-228A, "Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite," to include two new detection signatures. Exploitation of Zimbra remains a threat, so the alert is worth a look. CISA especially urges organizations that may not have checked their systems for vulnerability to look for evidence of the five vulnerabilities. Patches are available for all of them.
READ THE STORY: The Cyberwire
Why Okta Could Soon Be the Last Man Standing in Identity
FROM THE MEDIA: Before it revealed a surprising but brief data breach earlier this year, Okta (OKTA -5.16%) was the 800-pound gorilla of identity as a service (IDaaS). In the wake of that bad news, Okta did not miss a step. Its own technology stack quickly contained the event and made the company a bigger player. And in the past two years, private equity has removed Okta's significant competition from the stock market, just as demand for identity protection services is picking up.
READ THE STORY: Fool
FBI Dallas Encourages Businesses to Stay Vigilant for Cyber Threats, Partner with the FBI
FROM THE MEDIA: Companies and business entities, including government, private sector, and non-profit organizations, of all sizes throughout North Texas should remain informed about and vigilant of persistent malicious cyber intrusions and sustained cyber-related threats. The FBI continues to see a significant number of cyber-attacks against private sector companies, critical infrastructure, and government agencies. The schemes are typically perpetrated by sophisticated criminal organizations and their methods vary from basic phishing campaigns to supply chain attacks, intellectual property theft, and ransomware attacks. The goals include disruption to a single business or an entire industry with global implications—the stakes could not be higher.
READ THE STORY: FBI
Judge declines to require hand count of Arizona ballots
FROM THE MEDIA: A federal judge refused Friday to require that Arizona officials count ballots by hand in November, dismissing a lawsuit filed by the Republican nominees for governor and secretary of state based on false claims of problems with vote-counting machines. Kari Lake, who is running for governor, and Mark Finchem, a secretary of state candidate, won their GOP primaries after aggressively promoting the narrative that the 2020 election was marred by fraud or widespread irregularities.
READ THE STORY: CTINSIDER
Items of interest
Blake Dowling: CIA & UF’s supercomputer — fighting the war on cybercrime
FROM THE MEDIA: Right now, the cyber war rages on, so prepare for battle every time you turn on your computer or phone.
Last weekend I gave a cybersecurity presentation at the Tallahassee Chamber of Commerce Community Conference.
Eddie Gonzalez Loumiet (CEO-Ruvos) and I walked the audience through common threats, with real-life stories of hacking and the defenses for your business available now.
The most frequent attacks I see are BEC (business email compromise). These could range from gift card schemes (a request to buy gift cards that appear to be from your boss), extortion (pay the hacker or they expose your browsing history), ransomware attacks, and wire fraud attacks.
Most of these use social engineering techniques to gather real information on you to make email attacks seem more authentic.
I shared one true story about a client who received a “gift card” email request; after getting the email request, they bought a dozen $100 gift cards. The hacker then instructed them to scratch the back of the cards and send them pictures of the codes (which is as good as cash).
READ THE STORY: Florida Politics
Trusted CI Webinar: CARE: Cybersecurity in Application, Research and Education with Aunshul Rege (Video)
FROM THE MEDIA: In an era where big data, machine learning algorithms, and simulations are used to understand cyberattacks and cybersecurity, is there room for qualitative or 'thick' data? This talk shares a social scientist’s perspective on the relevance of thick data in understanding the ‘how’ and ‘why’ of adversarial behavior, movement, decision-making, adaptation to disruptions, and group dynamics.
=,mnHacking people (the weakest link) (Video)
FROM THE MEDIA: Social engineering, phishing, vishing, people hacking - these result in 70 - 90% of cyber attacks.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com