Saturday, Sept 03, 2022 // (IG): BB //Sponsor: ShadowNews
A hacker attacked Yandex Taxi and sent dozens of cars to the same location
FROM THE MEDIA: Twitter users reported on social media that a traffic jam occurred on Moscow's Kutuzovsky Prospekt avenue. This known road leads to a major hotel in the area called Hotel Ukrania. The reports claim that an unknown assailant hacked Yandex Taxi, one of Russia's major taxi services, and booked many cabs sent to the said location. All booked rides went to Hotel Ukrania as per the dispatch sent to them, and a massive volume of taxis stayed at the location as requested by the company's systems. According to another tweet, the hack ordered all of the company's cabs to come to Hotel Ukrania and created a massive traffic jam in central Moscow, all staying in the said location.
READ THE STORY: Interesting Engineering // Tech Times
Okta CEO pushes for passwordless future in wake of phishing attacks
FROM THE MEDIA: The security onus remains on Okta customers, according to McKinnon. The level of control and security measures imposed on employees that use Okta to access corporate accounts are determined by each customer’s configuration. Baseline controls aren’t enough to thwart adversaries. Threat actors initiate phishing attacks against Okta often due to its scale, and customers that opt for less secure configurations are more susceptible to attack.
READ THE STORY: CyberSecurityDive
Greenwashing influence operations
FROM THE MEDIA: Bloomberg reports that a bot-driven Chinese influence campaign has been running against Lynas Rare Earths Ltd., an Australian mining company engaged in the extraction and processing of rare earth metals in Australia and Malaysia. Bogus social media accounts circulate accusations of environmental irresponsibility on the part of Lynas with a view to influencing Australian and US public opinion. Rare earths are essential to the electronic and green energy sectors; dominance of both sectors is a key, longstanding objective of Chinese policy.
READ THE STORY: The Cyber Wire
FBI to investigate Montenegro cyber-attacks
FROM THE MEDIA: The US Federal Bureau of Investigation (FBI) has said it will deploy Cyber Action Teams (CAT) to Montenegro in the wake of a series of “persistent and ongoing” cyber-attacks against the country’s infrastructure. The country has been suffering a series of cyber-attacks targeted at critical infrastructure including transportation services, electricity and water supply systems and online portals that citizens use to access various state services. Among those are 150 work stations in 10 state institutions that became infected with malware.
READ THE STORY: CSHUB
Russian War Report: Ukraine counterattacks in Kherson as Russia prepares new deployments
FROM THE MEDIA: As Russia continues its assault on Ukraine, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) is keeping a close eye on Russia’s movements across the military, cyber, and information domains. With more than seven years of experience monitoring the situation in Ukraine—as well as Russia’s use of propaganda and disinformation to undermine the United States, NATO, and the European Union—the DFRLab’s global team presents the latest installment of the Russian War Report.
READ THE STORY: Atlantic Council
Russia is greatest threat to US, but Biden administration adopted China-first defense policy
FROM THE MEDIA: For years, military analysts and policymakers have debated whether Russia or China, both of which the Pentagon has designated as near peer competitors, presents a bigger threat to the homeland. While the Trump administration’s defense policy prioritized both Russia and China as top threats, the Biden administration has designated China as its top priority, though it acknowledges that Russia poses "acute threats." The newly updated classified National Defense Strategy, which was briefed to Congress in March, placed China first and Russia second as key U.S. defense priorities. "
READ THE STORY: Fox news
Over 80,000 Hikvision Cameras With an Critical Exploited Vulnerability Exposed Online
FROM THE MEDIA: CYFIRMA researchers discovered over 80,000 Hikvision cameras online exposed with a previously exploited vulnerability. The security cameras belonging to over 2,300 organizations in 100 countries contained a flaw tracked as CVE-2021-36260 that HikVision had provided firmware updates in September 2021. The vulnerability discovered by security experts identified as “Watchful IP” affects various Hikvision camera products. The easily-exploitable critical vulnerability with a CVSS v3 score of 9.8 had been exploited twice by various threat actors in October 2021 and February 2022.
READ THE STORY: CPOMAG
Hackers Offer to Sell Belarus President Lukashenko’s Passport as NFT
FROM THE MEDIA: A hacking group known as ‘Belarusian Cyber Partisans’ have bragged about gaining access to a government database storing the passport details of every citizen of Belarus, including high-ranking officials like the country’s long-term head of state, Alexander Lukashenko. The hackers have released a collection of non-fungible tokens (NFTs) called “Passports of Belarusians,” which also is said to contain the passport data of the country’s president and his close associates. The group further tried to list the collection on leading NFT marketplace Opensea, but the platform removed it as a violation of its terms.
READ THE STORY: bitcoin
China Targets Online ‘Rumors’ Ahead of Xi’s Leadership Bid
FROM THE MEDIA: China’s cyberspace watchdog has vowed to crackdown on fake news before a key summit where President Xi Jinping is set to take a precedent-defying third term in power. The Cyberspace Administration of China launched a three-month campaign targeting “online rumors and fake information about major meetings, important events and policies,” starting Friday, it said in a statement. Offenders should be handled “strictly, quickly and severely,” the agency added, without specifying punishments.
READ THE STORY: Bloomberg Law
Taiwan chip magnate pledges cash for defense against China: 'I'm telling everyone to oppose the CCP'
FROM THE MEDIA: A Taiwanese semiconductor magnate is to provide the money to prime several million "civilian warriors" and marksmen to help defend the island nation in the event of an invasion by China. Robert Tsao, founder of Taiwan's first semiconductor company, United Microelectronics Corp (UMC), said at a press conference yesterday he intends to use $32 million of his own cash to provide funds to the Kuma Academy, which trains Taiwan's civilian defense corps.
READ THE STORY: The Register
Sale of Top AI Chips to be Halted with China Per U.S. Decree
FROM THE MEDIA: Multinational American technology company NVIDIA said in a Securities and Exchange Commission filing August 26 that U.S. Government officials are enforcing the restriction of sales for its top AI chips with China. The move comes as tension continues to grow between the two countries and rising fears of China using the technology for military applications and surveillance applications domestic and abroad. On the chopping block of note are the company’s A100, H100, and A100X integrated circuits.
READ THE STORY: Security Systems News
Cyberscam Victim Says CCP Belt and Road Developers Are International Human Trafficking Syndicates Based in Cambodia
FROM THE MEDIA: After the recent exposure of international fraud and human trafficking that victimized thousands of Chinese-speaking nationals from China, Taiwan, and Hong Kong, details about the fraud syndicates are surfacing as more rescued victims speak up. Much information has pointed to the Communist regime’s Belt and Road Initiative (BRI) developers based in Cambodia as the main culprits of the international crimes.
READ THE STORY: The Epoch Times
Fire of the Dragon: Are Scottish universities ‘dangerously dependent’ on income from Chinese students
FROM THE MEDIA: China has been making global headlines recently whether that be its increasingly hostile actions towards Taiwan, or allegations of genocide against the Uyghur population in the north-western region of Xinjiang. But a former China correspondent has warned that the West must open its eyes to the reality of China’s bid for global domination which threatens the Arctic, cyberspace and even our own borders here in Scotland.
READ THE STORY: The Courier
RagnarLocker Ransomware Gang Claims TAP Air Portugal as Its Second Victim in Two Weeks
FROM THE MEDIA: This week, the RagnarLocker ransomware gang said it successfully laid bare the systems of TAP Air Portugal, the country’s state-owned air carrier. The cybercriminal syndicate posted a screenshot of a spreadsheet on its leak site, suggesting that it managed to exfiltrate hundreds of gigabytes of data before being cut off.
READ THE STORY: Spiceworks
Former SpaceX Engineers Join Forces to Disrupt Cyber Security Industry
FROM THE MEDIA: According to Soteri CEO, Mohammed Davoodi, “It was a difficult but exciting decision.” His previous company, Mohami, had become a dynamic leader in the developer tools space, “So, when I was initially approached by Appfire about selling, I really wasn’t interested. I was very proud of Mohami, the team I had built and our growth. But I was curious. Unfortunately, a global crisis in cybersecurity had become increasingly evident. “Microsoft’s exchange servers were hacked by China, T-Mobile’s data breach exposed the personal info of more than 47 million people and even the U.S. government has been falling to large-scale attacks, among many others.”
READ THE STORY: EIN News
UN Uyghur report leaves no room for denial and no excuse for inaction
FROM THE MEDIA: On 31 August, minutes before the end of her four-year term, UN human rights chief Michelle Bachelet released a much-anticipated report on abuses in the Xinjiang Uyghur Autonomous Region in northwestern China. While the report was long overdue and lacked strength in certain areas, its release following a four-year investigation is a positive development celebrated by victims of Xinjiang’s human rights crisis, as well as scholars, journalists and advocates around the world who have for years sought to pour sunlight on the issue.
READ THE STORY: ASPI
A Three Part Plan To Enhance President Yoon’s North Korea Strategy: Toward A Free And Unified Korea
FROM THE MEDIA: On August 15th, in his Liberation Day speech, President Yoon described his “audacious initiative” for North Korea. In summary, it is an economic engagement proposal that is intended to be a first step to begin negotiations. The plan has been coordinated with and has the full support of the U.S. Unfortunately the Kim family regime responded first with two cruise missiles fired into the West Sea and then Kim Yo Jong offered invective and personal insults to the President while rejecting his plan.
READ THE STORY: 1945
Putin cuts off gas to Europe as energy war escalates
FROM THE MEDIA: Vladimir Putin has imposed an indefinite shutdown of the Nord Stream pipeline supplying gas to Europe, as a proxy energy war between the Kremlin and the West escalates. State gas giant Gazprom said late on Friday that the Nord Stream 1 gas pipeline to Germany would not reopen following maintenance as planned, despite market data earlier suggesting flows would restart on Saturday. Gazprom blamed an oil leak for the delay but gave no timeline for reopening. Russia has been accused of weaponizing gas supplies in retaliation over sanctions, pushing Europe into a cost-of-living crisis and raising rationing fears.
READ THE STORY: Telegraph
CISA warns of possible DDoS risk in Contec patient monitor medical devices
FROM THE MEDIA: One of five newly disclosed vulnerabilities found in certain Contec Health patient monitor medical devices could cause a “mass DDoS attack on all CME8000 devices connected to the same network,” according to a Cybersecurity and Infrastructure Security Agency alert. The security firm Level Nine reported the vulnerabilities to CISA. However, “Contec Health has not responded to requests to work with CISA to mitigate these vulnerabilities.” The flaws are found in Contec CMS8000 ICU Vital Signs, two of which pose serious risk to the device and the healthcare network.
READ THE STORY: SCMAG
Ragnar Locker Ransomware Targets Energy Sector, Cybereason Suggests
FROM THE MEDIA: Security researchers at Cybereason have released a Threat Analysis Report to highlight the details of an attack that occurred last month against Greece’s largest natural gas supplier, DESFA. The organization stated that it was hit by a cyberattack that impacted some of its systems. Threat actor group Ragnar Locker claimed responsibility for the ransomware attack and claimed to have published roughly 30 GB of data it purported to have been stolen from DESFA.
READ THE STORY: OODALOOP
Evil Corp affiliate member suspected to have used Cisco attack infrastructure
FROM THE MEDIA: Threat actor mx1r, which is believed to be a member of Evil Corp affiliate UNC2165, has been suspected to have targeted an unnamed workforce management corporation in April with the attack infrastructure leveraged in the ransomware attack against Cisco the following month, reports The Hacker News. Stolen VPN credentials have been leveraged by mx1r to obtain initial access to the targeted firm's network before using off-the-shelf tools to achieve lateral movement and more extensive network access, according to an eSentire report.
READ THE STORY: SCMAG
Buzzing in the Background: BumbleBee, a New Modular Backdoor Evolved From BookWorm
FROM THE MEDIA: In March 2021, we investigated a backdoor with a unique modular architecture and called it BumbleBee due to a string embedded in the malware. Its type of modular framework has made our static analysis more challenging because it required us to first rebuild its structure or use dynamic analysis to understand its functionality and behavior. Our analysis found that BumbleBee only had little malicious code in its payload, and what it does on the surface is track keys and clipboard content. However, further investigation revealed a controller application that expands the malware’s capabilities.
READ THE STORY: TrendMicro
Ransomware group BlackCat behind Italy's GSE hacking, researchers say
FROM THE MEDIA: Hacking group BlackCat was behind a recent attack on Italy's state-owned energy services firm GSE, stole a massive amount of data and threatened to publish if their demands were not met, according to security researchers and documents seen by Reuters. In a ransomware attack, hackers steal data and threaten their victims with data leaks, often extorting them for a crypto currency payment. BlackCat, also known as ALPHV, emerged in mid-November last year and is known for launching sophisticated attacks on scores of companies across the U.S. and Europe.
READ THE STORY: Reuters
Damart clothing store hit by Hive ransomware, $2 million demanded
FROM THE MEDIA: Damart, a French clothing company with over 130 stores across the world, is being extorted for $2 million after a cyberattack from the Hive ransomware gang. Some of the company's systems have been encrypted and operations have been disrupted since August 15. A report from Valéry Marchive, who was able to retrieve a leaked ransom note and published details on LeMagIT, notes that the hackers are not willing to negotiate and expect parent company Damartex to pay the full ransom.
READ THE STORY: Bleeping Computer
Newest ransomware gang on the block
FROM THE MEDIA: A new ransomware gang is starting to ramp up its operations — and its exploits focus on a programming language that makes it harder for researchers to crack. Ransomware hackers have had to get creative to avoid detection as companies have become increasingly aware of the threat and cost these file-encrypting cyberattacks pose. Researchers at cybersecurity firm Redacted said in a report Thursday that the BianLian ransomware gang tripled its known operational infrastructure in August, indicating that more attacks from the gang could be coming soon.
READ THE STORY: AXIOS
Domain spoofing on the rise as cybercriminals see some crypto sites as a ‘perfect target’
FROM THE MEDIA: The crypto industry has become synonymous with hacks. The blockchain intelligence firm Chainalysis found that criminal hackers stole approximately $3.2 billion in 2021—a 516% increase from 2020. With governments tackling ransomware attacks, hackers are turning to different techniques. A new report from the cybersecurity company Bitdefender found that website spoofing—or attacks where cybercriminals create international domain names that imitate a target’s domain name—has become one of the most prevalent new strategies.
READ THE STORY: OODALOOP
Removing the cyber backdoor
FROM THE MEDIA: Here, Paul Holding, Founder of IT integration provider Ripley Solutions, discusses how SMEs can remove backdoors in their IT systems and increase awareness of cybersecurity throughout the workforce. Cyberattacks are commonly launched without a specific target and look for vulnerabilities in IT and OT systems that can be exploited, irrespective of the business size. Smaller businesses normally don’t have a dedicated IT or cybersecurity team, so might not realise they are vulnerable until it is too late. As a result, SMEs might be even more susceptible to attacks than their larger competitors.
READ THE STORY: Design Products and Applications
FBI and French officials arrive in Montenegro to investigate ransomware attack
FROM THE MEDIA: Officials from the FBI and French government are in Montenegro to help the country as it recovers from a wide-ranging ransomware attack perpetrated last week. The attacks, which were carried out Friday and Saturday, crippled government-run transportation services and online platforms for information, as well as water and electricity systems. According to Public Administration Minister Maras Dukaj, 150 devices within 10 government agencies were infected, and many government websites are still down.
READ THE STORY: The Record
Raspberry Robin Malware Connected to Russian Evil Corp Gang
FROM THE MEDIA: Raspberry Robin, a widespread USB-based worm that acts as a loader for other malware, has significant similarities to the Dridex malware loader, meaning that it can be traced back to the sanctioned Russian ransomware group Evil Corp. Researchers from IBM Security reversed engineered two dynamic link libraries (DLLs) dropped during a Raspberry Robin infection and compared them to the Dridex malware loader, which is a tool that has been definitively linked to Evil Corp. in the past — in fact, the US Department of the Treasury sanctioned the Russia-based Evil Corp for developing Dridex in 2019.
READ THE STORY: DarkReading
Cyberattack simulations get real
FROM THE MEDIA: Cyber defense training for businesses is evolving to create immersive scenarios putting board members and C-level executives in the crosshairs of simulated attacks. As ransomware attacks and nation-state cyber espionage campaigns ramp up, more executives and board members find themselves making key decisions about how their companies respond to cybersecurity incidents. Israeli cybersecurity company Cyberbit released a new training module last month that allows security teams and C-level executives to operate a full-scale simulation together against some of the most popular cyberthreats.
READ THE STORY: AXIOS
Cyberattack on Samsung compromises personal information of US users
FROM THE MEDIA: If you’re a Samsung customer in the United States, then you may have been impacted by a recent security breach of the company. Today, Samsung has announced on its support page that its US-based systems have experienced a cybersecurity incident. It appears that in late July, an unauthorized third party managed to acquire certain personal information of some of the company’s customers according to Samsung. Although the tech giant says no Social Security numbers, credit card numbers, or debit card numbers were compromised, it seems a few other details may have been exposed. While the information affected could vary by customer, Samsung says the third party may have stolen data on customer names, contact and demographic information, date of birth, and product registration information.
READ THE STORY: Android Authority
Items of interest
The Jackson water crisis is an environmental justice story. National TV news missed an opportunity to cover it that way
FROM THE MEDIA: The escalating water crisis in Jackson, Mississippi, is a clear example of environmental injustice and environmental racism, but national TV news largely failed to contextualize it this way. As the crisis in Jackson was coming to the nation’s attention, from August 29 through August 31, corporate broadcast morning and nightly news shows on ABC, CBS, and NBC, and all original programming on CNN, MSNBC, and Fox News covered the story for approximately 4 and 1/2 hours. However, only 1 hour and 8 minutes of that coverage discussed how the current crisis fits into a larger pattern in which low income communities and communities of color, such as Jackson's large Black community, are disproportionately affected by environmental issues.
In short, the impacts were reported, but the injustices largely were not.
The unfolding water crisis in Jackson is a complicated humanitarian disaster buttressed by “decades of failure” driven by environmental racism, economic decline, and political mismanagement. Now that Jackson has the national media’s attention, national TV news shows must do a much better job of applying an environmental justice lens to the story and demand accountability from those responsible for the degraded air, land, and water that disproportionately harms vulnerable communities across the country.
READ THE STORY: Media Matters
DEF CON 30 - Physical Security Village Interview (Video)
FROM THE MEDIA: Physical Security Village (formerly Lock Bypass Village) gets the explainer treatment.
DEF CON 30: The Wireless Sh*t Show With El Kentaro and D4rkM4tter (Video)
FROM THE MEDIA: The Wireless Sh*t Show With El Kentaro and D4rkM4tter.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com