Tuesday, Aug 30, 2022 // (IG): BB //Sponsor: ShadowNews
Massive GPS Jamming Observed Around Israel. Are Anti-drone Weapons to Blame
FROM THE MEDIA: The skies over the eastern Mediterranean region, including Israel, are a hotspot of GPS jamming, new publicly available data shows. The GPS interference is felt mostly along Turkey’s southern coast, Syria, Lebanon, Cyprus and Israel. In past occurrences, it was thought that Russian military systems in Syria were the cause of the disruptions, but it is also possible that Israeli systems have contributed to the effect too.
READ THE STORY: Haaretz
Russian and Chinese cyber activity in Latin America
FROM THE MEDIA: Dialogo Americas reports increased Russian and Chinese efforts to establish a cyber beachhead in Latin America. Those efforts have been marked by Spanish-language disinformation campaigns and, in the case of Russia, a stepped-up tempo of privateering activity, for the most part by well-known ransomware gangs. Chinese efforts have been marked by an attempt at developing influence through technology exports: ZTE has been used to induce a dependence on Chinese tech in Venezuela, where it finds a welcome audience in the Maduro regime.
READ THE STORY: The CyberWire
Bumblebee Loader
FROM THE MEDIA: The Bumblebee loader malware was first identified by the Google Threat Analysis Group in March of 2022 and has been discovered to be linked to a number of ransomware groups during their attacks – examples from the Symantec Threat Hunter team links it to Conti, Quantum and Mountlocker (and potentially as a replacement for Trickbot or BazarLoader). The loader has been seen utilized by a handful of threat groups (such as TA578, TA579) , but Exotic Lily is directly named in the DFIR report detailing the malware – who have ties to the cybercrime group FIN12 (or Wizard Spider/DEV-0193). Due to the utilization of the Bumblebee loader with various threat actors in order to replace older loader variants, intent and targeting can/will vary depending on the threat actor.
READ THE STORY: Security Boulevard
The LastPass breach could have been worse — what CISOs can learn
FROM THE MEDIA: Last week, LastPass confirmed it had been a victim of a data breach that occurred two weeks prior when a threat actor gained access to its internal development environment. Even though the intruder did not access any customer data or passwords, the incident did result in the theft of its source code. “We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source and some proprietary LastPass technical information,” Karim Toubba, CEO of LastPass, wrote in a blog post.
READ THE STORY: VentureBeat
Security Researchers Discover Over 9,000 Exposed VNC Servers, Including Critical Infrastructure
FROM THE MEDIA: Threat actors can access over 9,000 VNC servers exposed online without authorization, according to researchers at Cyble Global Sensor Intelligence (CGSI). Virtual Network Computing (VNC) is a platform-independent technology that allows users to control a remote computer via the Remote Frame Buffer (RFB) protocol. Users can send mouse and keyboard commands to remote devices via the platform-independent systems. An uptick in attacks on port 5900, the default port for VNC, prompted Cyble researchers to discover the exposed internet-facing exposed VNC instances.
READ THE STORY: CPO
Facebook Pixel Healthcare Data Leak: Understanding Third-Party Risk for Sensitive Data
FROM THE MEDIA: A recent report by The Markup, validated by research published in Patterns, highlights the risk of including third-party JavaScript in an organization’s website. The studies discovered that the Meta/Facebook “pixel” that was included on a large number of hospital and health organization websites was sending sensitive medical data to Meta, possibly in violation of HIPAA regulations. Given the way the modern web is constructed, with pages assembled in real-time in the customer’s browser, there is an increasing risk across all sectors that some third-party JavaScript does more than you think. This could be due to many reasons, including a misunderstanding of a script’s capabilities, a developer error, or malicious tampering by a threat actor.
READ THE STORY: HIT
AlphaBay Turns 1—Again: Analyzing the Impact of AlphaBay Market
FROM THE MEDIA: On August 6, 2021, former AlphaBay security administrator “DeSnake” announced that AlphaBay Market had relaunched. The original AlphaBay, founded by Alexandre Cazes (aka “Alpha02”) in September 2014, was taken down by law enforcement’s Operation Bayonet in July 2017. At the time, AlphaBay was considered to be one of the most popular and comprehensive darknet marketplaces, selling a wide array of illicit and illegal products and services. About a year since its reemergence, AlphaBay has quickly, once again, become one of the largest darknet marketplaces. As of this publishing, AlphaBay has managed to amass over 37,000 listings (about 90 percent of which are drugs) from nearly 12,000 vendors, and attracted 885,000 buyers, according to our intelligence.
READ THE STORY: Security Boulevard
Attacks Involving Data tampering are difficult to Identify
FROM THE MEDIA: A data breach occurs at a manufacturer of pharmaceuticals, but no information is stolen, and no ransomware is used. Instead, the attacker merely alters some trial data, which ultimately causes the company to release the incorrect medicine. For now, it’s only a speculative possibility. Of course, ransomware and the stealing of sensitive data remain two of the biggest and most pressing security concerns, but at least solutions exist. Data tampering is a different kind of hazard, and depending on the circumstance, it can even be more serious for some firms. However, experts told Protocol that in light of the fact that so few of these attacks have happened and came to light, it is not something that many firms are concerned about.
READ THE STORY: Analytics Insight
Genshin Impact’s Anti-Cheat Leaving Players Exposed To Ransomware
FROM THE MEDIA: Genshin Impact players (and everyone else) on PC have been exposed to potential ransomware attacks, following the discovery of a vulnerability in the game’s anti-cheat software. According to a post on Trend Micro’s research blog, mhyprot2.sys, a driver within the game’s anti-cheat system, is ‘being abused by a ransomware actor to kill antivirus processes” and create “services for mass-deploying ransomware.’
READ THE STORY: Kotaku
Leading library services firm Baker & Taylor hit by ransomware
FROM THE MEDIA: Baker & Taylor, which describes itself as the world's largest distributor of books to libraries worldwide, today confirmed it's still working on restoring systems after being hit by ransomware more than a week ago. As Baker & Taylor said on August 23, its servers were down after an outage that impacted the company's phone systems, offices, and service centers. One day later, the library services provider revealed that disruptions to its business-critical systems stemming from the incident would persist through the week while technical teams work on restoring impacted servers.
READ THE STORY: Bleeping Computer
New Golang-based 'Agenda Ransomware' Can Be Customized For Each Victim
FROM THE MEDIA: A new ransomware strain written in Golang dubbed "Agenda" has been spotted in the wild, targeting healthcare and education entities in Indonesia, Saudi Arabia, South Africa, and Thailand. "Agenda can reboot systems in safe mode, attempts to stop many server-specific processes and services, and has multiple modes to run," Trend Micro researchers said in an analysis last week. Qilin, the threat actor advertising the ransomware on the dark web, is said to provide affiliates with options to tailor the binary payloads for each victim, enabling the operators to decide the ransom note, encryption extension, as well as the list of processes and services to terminate before commencing the encryption process.
READ THE STORY: THN
Outdated infrastructure not up to today’s ransomware challenges
FROM THE MEDIA: A global research commissioned by Cohesity reveals that nearly half of respondents say their company depends on outdated, legacy backup and recovery infrastructure to manage and protect their data. In some cases, this technology is more than 20 years old and was designed long before today’s multicloud era and onslaught of sophisticated cyberattacks plaguing enterprises globally. Challenges pertaining to outdated infrastructure could easily be compounded by the fact that many IT and security teams don’t seem to have a plan in place to mobilize if and when a cyber attack occurs.
READ THE STORY: HelpNetSecurity
LockBit ransomware gang adding DDoS attacks to its threats
FROM THE MEDIA: The LockBit ransomware gang is adding a third weapon to its arsenal of threats: Denial of service attacks. According to the Bleeping Computer news service, the aggressive gang is looking to hire distributed denial of service (DDoS) experts to help launch denial of service attacks on victim organizations that refuse to pay either for the return of stolen or encrypted data or for keys to decrypt scrambled data.
READ THE STORY: IT World Canada
Cyberattackers are exploiting SPoF to cast a wider net of chaos
FROM THE MEDIA: Cyberattackers are learning to work smarter, not harder, and are increasingly focusing on infiltrating targets by utilizing Single Points of Failure (SPoF). SPoF are hot targets for hackers because once they have gained access to these points, they are then able to gain access to interconnected entities. Bad actors have found ways to exploit these points to create a large network of compromised infrastructure that allows them to commit cyberattacks, including espionage.
READ THE STORY: Property Casualty 360
Turkish malware used to infect machines in 11 countries through fake Google Translate links
FROM THE MEDIA: Turkish-speaking hackers are spreading crypto-mining malware through free software download sites, including one offering a fake Google Translate desktop app, according to new research. Cybersecurity firm Check Point on Monday said it discovered the campaign at the end of July and named it Nitrokod. The researchers said it may have infected thousands of devices with malware across 11 countries. Maya Horowitz, vice president of research at Check Point, said her team found a popular website offering imitations of PC applications, including Google Desktop, which include a cryptocurrency miner. The malware hijacks a device’s processor and forces it to verify transactions of currency like Bitcoin.
READ THE STORY: The Record
NATO Investigates Dark Web Leak of Data Stolen From Missile Vendor
FROM THE MEDIA: NATO is investigating the leak of data reportedly stolen from a European missile systems firm, which hackers have put up for sale on the Dark Web, according to a published report. The leaked data includes blueprints of weapons used by Ukraine in its current war with Russia. Integrated defense company MBDA Missile Systems, headquartered in France, has acknowledged that data from its systems is a part of the cache being sold by threat actors on hacker forums after what appears to be a ransomware attack.
READ THE STORY: DarkReading
Researchers discover way to impersonate Okta users in popular cloud environments
FROM THE MEDIA: Researchers on Monday reported discovering an impersonation technique in Okta that can cause an Okta Administrator to have themselves or someone else have elevated rights as an impersonated user in another application or environment such as Azure, the Google Cloud Platform, or AWS. In a blog post, Permiso Security and ACV Auctions said, based on “in the wild” detections they reviewed, the impersonation technique is also an effective method of bypassing multi-factor authentication (MFA). While the impersonator may have had to pass their own MFA check, they are not forced to provide an MFA verification again under the context of the impersonated user.
READ THE STORY: SCMAG
Chinese censors hail country’s ‘internet civilization’ as Beijing secures its grip on online content controls and information flows
FROM THE MEDIA: China has hosted a two-day “internet civilisation” conference in the northern city of Tianjin, where the country’s top ideological cadres and cyberspace administrators hailed Beijing’s progress in controlling online information and content. Through the “Great Firewall” that blocks non-sanctioned online information from overseas, a vast army of online police that censors domestic internet content, and a raft of hefty fines than punish businesses and individuals for violations of content rules, the Chinese authorities have built a powerful information control system that protects the primacy of Beijing’s messages.
READ THE STORY: SCMP
Ukraine Gets 800 Taiwan-Made ‘Carpet Bomber’ Revolver 860 Combat Drones To Thwart Russian Aggression — Reports
FROM THE MEDIA: On August 18, the Polish tech media outlet WP Tech reported that the Ukrainian military had acquired 800 Taiwan-made Revolver 860 Armed VTOL UAVs as a “donation.” The report referred to the large quadcopter as a “flying mortar” due to its rotating drum-like bomb bay containing eight 60-millimeter mortar shells. The spokesperson of the drone manufacturer, DronesVision, told Taiwan News that the company provides military equipment to Poland-based companies and that it cannot comment on where these firms transfer the drones next, citing “non-disclosure agreements” with its clients.
READ THE STORY: ET
Russia sent a disinformation letter to the IAEA
FROM THE MEDIA: Russia created a disinformation letter for representatives of the IAEA and is collecting signatures from the population of Energodar. The enemy continues to develop a disinformation campaign regarding the shelling of the ZNPP by the Ukrainian military. Now Putin’s minions are collecting signatures of the population of Energodar under a statement demanding an end to the shelling of the nuclear plant allegedly by the forces of the Armed Forces.
READ THE STORY: Cyber Shafarat
The FBI advises investors to be careful before investing in decentralized finance platforms
FROM THE MEDIA: According to the Federal Bureau of Investigation, cybercriminals are increasingly using security holes in smart contracts to steal cryptocurrency. The agency alerted investors to a significant increase in attacks on decentralized finance platforms in an advisory it released on Monday (via Bleeping Computer). These kind of assaults include several of the most frequent hacks in recent months. For instance, the Lazarus Group, a state-sponsored hacking group from North Korea, chose to attack Axie Infinity in the biggest crypto robbery yet.
READ THE STORY: Bollyinside
SHARPEXT RAT: Reads emails from infected users’
FROM THE MEDIA: The malware, dubbed SHARPEXT by researchers, uses clever means to install a browser extension for Chrome and Edge browsers, Volexity reported. Email services cannot detect the extension, and since the browser has already been authenticated using existing multi-factor authentication protections, this increasingly popular security measure plays no role in curbing account compromise. The extension is not available from Google’s Chrome Web Store, Microsoft’s Add-ons page, or any other known third-party sources, and does not rely on GMail or AOL Mail failures to install.
READ THE STORY: INFO SEC NEWSPAPER
Attackers changing targets from large hospitals to specialty clinics
FROM THE MEDIA: Critical Insight announced the release of the firm’s H1 2022 Healthcare Data Breach Report, which analyzes breach data reported to the United States Department of Health and Human Services by healthcare organizations. With the healthcare industry continuing to be a top attack vector for cybercriminals and ransomware threat groups, H1 2022 saw an interesting change in targets as attackers moved from large hospital systems and payers, big targets that would likely yield the most data but also have more sophisticated defenses, to smaller hospital systems and specialty clinics that lack the same level of security preparedness, staff size, or budget.
READ THE STORY: HelpNetSecurity
Montenegro says Russian cyberattacks threaten key state functions
FROM THE MEDIA: Members of the government in Montenegro are stating that the country is being hit with sophisticated and persistent cyberattacks that threaten the country’s essential infrastructure. Targets include electricity and water supply systems, transportation services, online portals that citizens use to access various state services, and more. Already, several power plants have switched to manual operations, while the state-managed IT infrastructure has been taken offline to contain the effect of the attacks.
READ THE STORY: Bleeping Computer
Have third-party hacking groups lost interest in Russia-Ukraine conflict
FROM THE MEDIA: Theories that the war between Russia and Ukraine is rewriting modern warfare with the involvement of third-party cybercriminal groups and hacktivists may be overblown, a new research paper claims. In a study released this month, six academic researchers from the universities of Cambridge, Strathclyde and Edinburgh argue that while the onset of the war saw notable involvement from groups like the IT Army of Ukraine and others defacing websites or conducting denial-of-service attacks against Russian websites, as well as threats from ransomware groups and other cybercriminals groups on behalf of Russia, that activity has tailed off significantly in the months after the start of the invasion as many participants got “bored” and moved on.
READ THE STORY: SCMAG
Deepfake Newsnight politician interview depicted in BBC drama is a ‘real threat’, experts warn
FROM THE MEDIA: It’s every politician’s worst nightmare. A Newsnight interview is hacked, replacing the minister with an exact deepfake replica voicing the words of a hostile power. But the shocking scenario depicted in BBC One’s new drama The Capture on Sunday night is a genuine threat, intelligence experts warn. The conspiracy drama, set in a Britain at the mercy of hacked news feeds, manipulated media and political interference, stars Paapa Essiedu as MP Isaac Turner, whose role as security minister is undermined when he is targeted in a major cyber-security breach.
READ THE STORY: inews
Items of interest
THE UNITED STATES IS BEHIND THE CURVE ON BLOCKCHAIN
FROM THE MEDIA: The price implosion of digital images of cartoon gorillas and the collapse of the cryptocurrency market led to head-scratching and finger-wagging. The headlines generated by these crashes belie the significance of their technological infrastructure — blockchain. (Blockchain is distinct from the popular Bitcoin cryptocurrency: Blockchain is the broad, foundational technology while Bitcoin is a single application of the technology.) Blockchain is an enhancer and accelerator of technologies like additive manufacturing, artificial intelligence, loyal wingman autonomous aircraft, or space architecture. Those who misunderstand blockchain risk putting themselves behind the competition in today’s internet and tomorrow’s information environment.
The U.S. government views blockchain as a “technology of tomorrow” while competitors aggressively pursue efforts today to integrate blockchain, data, and the information environment. China is well ahead of the United States in blockchain policy, innovation, and implementation across society. To compete across all elements of national power, the United States requires a coherent, coordinated blockchain strategy and supporting policy. The Department of Defense should explore blockchain technology with the same earnestness as other emerging technology research to jumpstart that discussion. Blockchain is not a weapon system by itself — it is a critical enabling technology of the information environment. The challenge is not only educating more people inside the U.S. government about blockchain technology but also mastering blockchain and its applications as a nation first. Miscomprehending blockchain undermines U.S. competitive efforts across all instruments of national power and allows China the ability to shape tomorrow’s information environment.
READ THE STORY: War on The Rocks
Build a meme Python website (Flask Tutorial for Beginners) (Video)
FROM THE MEDIA: Yes, you can build websites with Python and....it's pretty easy!! In this video, NetworkChuck will walk you through how to build a website using Python and the web application framework Flask. Using Flask Python, we will build a meme website that interfaces with Reddit via an API.
Ex-Twitter Exec Exposes Awful Privacy Practices! - SR101 (Video)
FROM THE MEDIA: Twitter is in Hot water, Apple and Facebook are more private than Google?!, lots of data breaches – including some breached Authy accounts, and a lot more. (Sorry for Henry's clipping this week!)
hese open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com