Monday, Sept 05, 2022 // (IG): BB //Sponsor: ShadowNews
China orders tech companies to 'improve traceability' of users to control 'rumours and false information’
FROM THE MEDIA: China will conduct a three month blitz to cleanse the local internet of "rumors and false information". The nation's Cyberspace Administration last Friday announced the plan, which calls for local tech companies to improve their ability to identify the source of rumors and fake news, then punish account-holders who share it with warnings, bans, and permanent suspensions. If a platform can’t get its act together, Beijing will ban it from accepting new users and the platform can expect to be publicly named and shamed.
READ THE STORY: The Register
Microsoft mistakenly rated Chromium, Electron, as malware
FROM THE MEDIA: Microsoft appears to have fixed a problem that saw its Defender antivirus program identify apps based on the Chromium browser engine and/or Electron JavaScript framework as malware, and suggest users remove them. Numerous social media and forum posts made over the weekend detail how Windows has produced a warning of “Behavior:Win32/Hive.ZY” when users run everyday applications like Google’s Chrome browser or the Spotify music streamer.
READ THE STORY: The Register
Clear laws, 'threat actor' consequences needed on ransomware
FROM THE MEDIA: Clearer Australian laws and international co-operation to act against criminals are among measures needed in response to the rising threat from ransomware, Kennedys Partner and cyber insurance law specialist Nicholas Blackmore says. Mr Blackmore says it’s necessary to identify and sanction threat actors so they face consequences for crimes and don’t profit from ransomware payments received. “We have to do that through some level of international co-operation and pressure,” he told the Australasian Professional Indemnity Group (APIG) conference. “There have been some successes and there needs to be more.”
READ THE STORY: Insurance News
Kimsuky APT continues to build attack infra, targets more countries in APAC
FROM THE MEDIA: Nearly 10 years since Kaspersky experts unmasked an active cyberespionage campaign primarily targeting South Korean think-tanks, the state-sponsored group dubbed as “Kimsuky” continues to show prolific updating of tools and tactics to victimize North Korea-related entities. Kaspersky’s senior expert revealed more of his findings about Kimsuky during the global cybersecurity company’s 8th Cyber Security Weekend where he answered the question: “What if we can have another dimension of cyberattacks?” Among his latest discoveries is the possibility of this Advanced Persistent Threat (APT) threat actor expanding its operations with its abundant capabilities.
READ THE STORY: Manila Standard // Backend News
BlackByte ransomware attack on San Francisco 49ers claimed over 20K victims
FROM THE MEDIA: In February this year, San Francisco 49ers revealed that it suffered a ransomware attack that temporarily disrupted its corporate IT network systems. This confirmation came after the notorious BlackByte ransomware gang listed San Francisco 49ers on a dark web forum as one of its victims.
“Upon learning of the incident, we immediately initiated an investigation and took steps to contain the incident. While the investigation is ongoing, we believe the incident is limited to our corporate IT network; to date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders,” the team said at the time of the attack.
READ THE STORY: TEISS
The Renaissance Of Nation-State Cybercrime
FROM THE MEDIA: After several years in which commercially motivated cybercrime has ranked highest in eCrime league tables, the last year has seen a resurgence in targeted, state-sponsored intrusion activity aimed at disrupting political enemies and/or generating currency to support various regimes. Understanding these events gives visibility into the shifting dynamics of adversary tactics and provides crucial insights into what security teams need to know about an increasingly ominous threat landscape. CrowdStrike’s latest Global Threat Report dives deep into the international web of cyberthreats. These are some of the highlights.
READ THE STORY: Minute Hack
A new malware has been mimicking Google Translate
FROM THE MEDIA: A report by Check Point Research (CPR) - the research team of American-Israeli cybersecurity provider Check Point Software Technologies - found that a mining malware, Monero, has been infecting computers across 11 countries since 2019. The malware has come to be known as 'Nitrokod'. According to the study team, this ransomware frequently pretended to be desktop versions of well-known programmes like Google Translate, YouTube Music, and Microsoft Translator. Numerous free software download portals, such as Softpedia and Uptodown, offer these spoof versions.
READ THE STORY: Mint Lounge
How Okta is regaining customer trust after a cyber attack
FROM THE MEDIA: To have created the position of vice-president of customer trust yourself just weeks before your organization becomes the focus of a major cyber security incident demonstrates the kind of prescience that an end-of-the-pier fortune teller can only dream of. But that is exactly what happened to Ben King, who after a two-year stint running regional security for authentication specialist Okta in EMEA and APAC, established a customer trust function within the business as a means of elevating the outward-facing bits of its security team.
READ THE STORY: Computer Weekly
Crypto app targeting SharkBot malware resurfaces on Google app store
FROM THE MEDIA: A newly upgraded version of a banking and crypto app targeting malware has recently resurfaced on the Google Play store, now with the capability to steal cookies from account logins and bypass fingerprint or authentication requirements. A warning about the new version of the malware was shared by malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel on Twitter accounts on Friday, sharing their co-authored article on the Fox IT blog.
READ THE STORY: Coin Telegraph // Security Affairs
How to address IoT security challenges
FROM THE MEDIA: My first association with IoT was way back in 2016. We were then working on developing an IoT-based solution for monitoring blood banks. Security was on the table but it was not a big priority for many businesses back then as I found out from my interactions with many IoT experts. Many DDoS attacks and generations of IoT devices later, enterprises are still struggling to address IoT security concerns. Let us examine why IoT security continues to pose a huge challenge to enterprises and what needs to be done to address this.
READ THE STORY: Security Boulevard
China Says US Hacked Aeronautics, Space Research University
FROM THE MEDIA: China accused a US spy agency of hacking a government-funded university with aeronautics and space research programs, in Beijing’s latest effort to hit back at Washington’s complaints of cybersnooping. The National Security Agency’s Office of Tailored Access Operations carried out the attacks on Northwestern Polytechnical University in Xi’an, China’s National Computer Virus Emergency Response Center said in a statement. A team from the center and 360 Security Technology Inc. analyzed the university’s information systems after an attack from overseas was reported in June, the center added.
READ THE STORY: Bloomberg
Has TikTok U.S. Been Hacked And 2 Billion Database Records Stolen
FROM THE MEDIA: Earlier this month, I reported how security researchers had uncovered a serious TikTok vulnerability that could have exposed users to a 1-click account takeover exploit. That issue, impacting Android app users, has long since been patched by TikTok. However, just as TikTok users breathe a sigh of relief, reports that TikTok U.S. has been hacked have started circulating, first on an online data breach marketplace forum and then Twitter over the holiday weekend. The first reports of an alleged hack appeared on the Breach Forums message board September 3. A user with the handle of AgainstTheWest posted what was claimed to be screenshots from a TikTok and WeChat breach. In that posting, the user said, referring to the alleged stolen data, that they had "yet to decide if we want to sell it or release it to the public."
READ THE STORY: Forbes
Hacking Group Anonymous Claim They Were Responsible for Moscow Traffic Chaos
FROM THE MEDIA: Although I presume most of you probably know who Anonymous is, for those of you who don’t, they undoubtedly represent one of the biggest hacking organisations on the planet. While their actions mostly tend to generally err in the somewhat grey area of morality, when they do create an incident, there’s usually a reason behind it. – Put simply though, I wouldn’t personally fancy ever making their ‘enemy’ list. Why are we even mentioning them though? – Well, following a report via Engadget, Anonymous has just claimed responsibility for a hacking incident that basically saw traffic standstill in Moscow (Russia) for nearly an hour. – How? Well, in a nutshell, it wasn’t so much as one person calling for an Uber, but hundreds, all at the exact same time, and all for the exact same pick-up location!
READ THE STORY: ETEKNIX // MYBROADBAND
Google Fix Another Chrome Zero-Day With An Emergency Update
FROM THE MEDIA: According to the latest advisory from Google, a serious zero-day vulnerability existed in its Chrome browser, demanding immediate attention. Google has credited an anonymous researcher for reporting the flaw, following which the tech giant worked on developing a fix. Maintaining its cautious practice of not revealing vulnerability details early to prevent unwanted exploitation, the tech giant has once again not elaborated on the flaw. Nor does it confirm how and when the vulnerability came under attack. However, it did confirm detecting active exploits of the bug in the wild.
READ THE STORY: LHN
China’s ‘Quasi Satellite’: AVIC Announces Success With Solar-Powered Drone That Flies In Near Space & Also Doubles Up As A Satellite
FROM THE MEDIA: The state-run Global Times reported, citing AVIC, that the Qimingxing 50, also known as the Morning Star 50, ascended to the skies at 5:50 pm on September 3 from an airport in Yulin, Shaanxi Province. The drone was in the air for 26 minutes before landing on the same runway. The aircraft conducted its maiden flight smoothly, with all systems functioning normally. The Qimingxing-50 is the first major unmanned aerial vehicle platform that is all-electric and solely powered by solar energy.
READ THE STORY: Eurasian Times
Critical infrastructure cyberattacks: What are the implications of their increasing prevalence
FROM THE MEDIA: Over the past couple of years, there have been a growing number of cyber attacks on critical infrastructure around the world. Most recently, Estonia was subjected to its most extensive cyberattack since 2007, apparently in retaliation to the country removing Soviet-era monuments from public places. Earlier this year, Costa Rica had to declare a state of emergency after a Russian-speaking ransomware gang threatened to overthrow the government in the wake of two cyberattacks. In July last year, South Africa’s ports were almost totally shut down after a ransomware attack.
READ THE STORY: BETA NEWS
China Accuses Washington of Cyber-Spying on University
FROM THE MEDIA: China on Monday accused Washington of breaking into computers at a university that U.S. officials say does military research, adding to complaints by both governments of rampant online spying against each other. Northwestern Polytechnical University reported computer break-ins in June, the National Computer Virus Emergency Response Center announced. It said the center, working with a commercial security provider, Qihoo 360 Technology Co., traced the attacks to the National Security Agency but didn't say how that was done.
READ THE STORY: USNEWS
How the West is racing to stop Ukraine’s guns falling silent
FROM THE MEDIA: In the weeks after Russia’s invasion of Ukraine, a parody image began doing the rounds on the internet featuring ‘Saint Javelin’. Depicted in the style of an orthodox Christian saint, a stern-faced female figure clad in the blue and gold of the Ukraine flag cradles an FGM-148 Javelin anti-tank missile launcher, nestling it against her cheek. The image, it turned out, was devised by a Canadian marketer. But it nonetheless captures the essence of Ukraine’s dependence on the West for the influx of weapons, military vehicles and ammunition that has kept its military able to confront the Russian invaders.
READ THE STORY: Telegraph UK
Altice confirms to have been affected, but not its French branch, which includes SFR
FROM THE MEDIA: Earlier this Friday, we informed you that the Altice group had been the victim, at the beginning of August, of Hive ransomware, with a possible compromise of sensitive data and a large-scale cyberattack. This evening, the company wanted to take stock of the situation, after our solicitation at the start of the day. In a response communicated to Clubic, Altice France tells us in the preamble that “ the scope of Altice France and SFR is not concerned by Hive ransomware. This therefore excludes all SFR, RED by SFR and other subscribers. For its part, the Altice group, whose silence was worrying after revelations about the attack made by RedPacket Security several days ago now, confirms having been a victim of the Hive ransomware. ” Altice confirms that it was the victim of a ransomware cyberattack in early August targeting an internal network at the level of the financial holding.
READ THE STORY: Get To Text
Items of interest
Magnetic Maniac Manages Mangled Memory
FROM THE MEDIA: Ahh, floppy disks. Few things carry nostalgia quite like a floppy — either 3 1⁄2 or 5 1⁄4, depending on which generation of hacker you happen to be. (And yes, we hear you grey-beards, 8-inch floppies were definitely a thing.) The real goodies aren’t the floppies themselves, but what they carried, like Wolfenstein 3d, Commander Keen, DOS, or any number of other classics from the past. Unfortunately a bunch of floppy disks these aren’t carrying anything anymore, as bit rot eventually catches up with them. Even worse, on some trashed floppies, a format operation fails, too. Surely, these floppies are destined for the trash, right?
Well, hold on. [AnotherMaker] discovered something that might breathe a little more life into those dead disks — magnets! To be specific, he’s using a Degausser, namely the Realistic Bulk Tape Eraser, though enough time with a strong magnet would probably work, too. Thoroughly treat the disk, pop it back into the vintage machine, and there’s a decent chance it happily formats. Now all that’s left is to figure out why.
Is this an alignment problem, where multiple drives have written in slightly different places, and the read heads are picking up these errant areas even after the write head starts to format? Or maybe there’s a spot in the disk that is going bad, and the stronger magnetic field is required to reset the floppy’s field. Let us know your guess, or if you know the answer, fill us in!
READ THE STORY: HackaDay
Physical Security Village DEFCON30 (Video)
FROM THE MEDIA: Cochise visits the Physical Security Village.
Setting Up Whonix for ANONYMOUS Tor Browsing (Video)
FROM THE MEDIA: Setting Up Whonix for ANONYMOUS Tor Browsing.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com