Thursday, Sept 15, 2022 // (IG): BB // Sponsor: Shadow News
The Ethereum Merge: What It Is and Why It Is Important
FROM THE MEDIA: There is a lot of buzz around "The Merge" for the Ethereum blockchain, and it is finally here. But what is The Merge, and why is it important? The Ethereum Foundation describes it as "the most significant upgrade in the history of Ethereum." This is hardly hyperbole. This much-discussed and widely publicized event, which is happening sometime this week (most likely sometime on Sept. 15), represents a fundamental shift in the way the Ethereum blockchain works and is one of the most significant events in the history of blockchain technology. This post will address what The Merge is, why it is so important and what will likely happen next.
READ THE STORY: Holland & Knight
Webworm Hackers Using Modified RATs in Latest Cyber Espionage Attacks
FROM THE MEDIA: A threat actor tracked under the moniker Webworm has been linked to bespoke Windows-based remote access trojans, some of which are said to be in pre-deployment or testing phases. "The group has developed customized versions of three older remote access trojans (RATs), including Trochilus RAT, Gh0st RAT, and 9002 RAT," the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News. The cybersecurity firm said at least one of the indicators of compromise (IOCs) was used in an attack against an IT service provider operating in multiple Asian countries.
READ THE STORY: THN
US Intensifies Reaction To Iran's Cyber Threats Amid Nuclear Talks
FROM THE MEDIA: The United States Wednesday slapped new sanctions on individuals and entities linked to Iran's Revolutionary Guards for Tehran's "malicious" cyber activities. The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned ten individuals and two companies, Najee Technology and Afkar System, over their roles in conducting malicious cyber acts including ransomware activity, the Treasury said in a press release.The Treasury Department had also sanctioned Iran’s intelligence ministry for “cyber operations” against the US and its allies on Friday.
READ THE STORY: Iran International
FBI Warns Hackers Are Targeting Healthcare Payment Systems And Making Off With Millions
FROM THE MEDIA: The Cyber Division of the US Federal Bureau of Investigation (FBI) has published a notice warning the healthcare industry of cyberattacks targeting healthcare payment processors. The attacks generally come in the form of phishing attacks that leverage employees’ publicly available Personally Identifiable Information (PII) and social engineering tactics to gain unauthorized access to confidential files, healthcare portals, payment information, and related websites. According to the notice, these attacks are costing victims millions of dollars in losses.
READ THE STORY: HOTHARDWARE
Sanctions as a Surgical Tool Against Online Foreign Influence
FROM THE MEDIA: Russia’s expanded invasion of Ukraine has once again brought to the fore the role of online influence—both overt and covert—in modern warfare. Much has been said about the United States and allied governments’ strategy of tailored exposure to get ahead of Russia’s false-pretext narratives. While strategic exposure remains one of the most critical tools for warfare in the information space, the United States has wielded another major tool to fight against adversaries in the information sphere: sanctions.
READ THE STORY: Lawfare Blog
Notepad++ Plugins Allow Attackers to Infiltrate Systems, Achieve Persistence
FROM THE MEDIA: Threat actors may abuse Notepad++ plugins to circumvent security mechanisms and achieve persistence on their victim machine, new research from security company Cybereason suggests. “Using an open–source project, Notepad++ Plugin Pack, a security researcher that goes by the name RastaMouse was able to demonstrate how to build a malicious plugin that can be used as a persistence mechanism,” the company wrote in an advisory on Wednesday.
READ THE STORY: InfoSecurity
Unflagging Iranian Threat Activity Spurs Warnings, Indictments From US Government
FROM THE MEDIA: Iranian threat actors have been on the radar and in the crosshairs of the US government and security researchers alike this month with what appears to be a ramp-up in and subsequent crackdown on threat activity from advanced persistent threat (APT) groups associated with the Iran's Islamic Revolutionary Guard Corps (IRGC). The US government on Wednesday simultaneously revealed an elaborate hacking scheme by and indictments against several Iranian nationals thanks to recently unsealed court documents, and warned US organizations of Iranian APT activity to exploit known vulnerabilities — including the widely attacked ProxyShell and Log4Shell flaws — for the purpose of ransomware attacks.
READ THE STORY: DarkReading
Akamai stopped new record-breaking DDoS attack in Europe
FROM THE MEDIA: A new distributed denial-of-service (DDoS) attack that took place on Monday, September 12, has broken the previous record that Akamai recorded recently in July. DDoS attacks are cyberattacks that flood servers with fake requests and garbage traffic, rendering them unavailable to legitimate visitors and customers. The cybersecurity and cloud services company Akamai reports that the recent attack appears to originate from the same threat actor, meaning that the operators are in the process of empowering their swarm further.
READ THE STORY: Bleeping Computer
Fortanix: Confidential computing can secure data-in-use
FROM THE MEDIA: In a world filled with on-demand connectivity, encryption at rest isn’t enough. With more than 4,145 publicly disclosed data breaches occurring last year alone — classical approaches to network security are failing to keep up, and confidential computing could offer a potential solution. Confidential computing enables organizations to separate and encrypt their data in a hardware-based Trusted Execution Environment (TEE) so that it’s not exposed to the infrastructure processing it. This means even if a threat actor manages to compromise the infrastructure, they won’t be able to access the underlying data in use.
READ THE STORY: Venture Beat
SparklingGoblin APT Targeted Hong Kong University With New Linux Backdoor
FROM THE MEDIA: The SideWalk backdoor has been leveraged by a threat actor group seeking to target a Hong Kong university. The attack reportedly occurred in February 2021 and was perpetrated by the SparklingGoblin advanced persistent threat group. The attackers sough out the Linux variant of the backdoor to hack into the university’s systems during student protests that occurred around that time. Security researchers at Eset published a cybersecurity advisory confirming that the same university was targeted by the same threat group again in May 2020 amid protests.
READ THE STORY: OODALOOP
Russian hackers use new info stealer malware against Ukrainian orgs
FROM THE MEDIA: Russian hackers have been targeting Ukrainian entities with previously unseen info-stealing malware during a new espionage campaign that is still active. Security researchers at Cisco Talos attribute the campaign to Gamaredon, a Russian state-backed threat group with a long history of targeting mainly organizations in the Ukrainian government, critical infrastructure, defense, security, and law enforcement. Also known as Primitive Bear, Shuckworm, IronTiden, and Callisto, Gamaredon relies on social engineering and spear phishing to establish long-term access to victim systems.
READ THE STORY: Bleeping Computer
Bugs Found in Contec Airplane WiFi Devices Expose Passengers to Cyberattack
FROM THE MEDIA: The vulnerable wireless LAN devices by the Japanese company can also be used in offices, factories, and other areas where high-speed communication is necessary and/or the requirement is integration with embedded devices. It is unlikely that flight control systems could be impacted by the two flaws in the FLEXLAN FX2000 and FX3000 series of devices. However, a threat exists to other passengers or anyone connected to the WiFi network created on the vulnerable Contec devices.
READ THE STORY: Spiceworks
New mobile banking virus SOVA prowling in Indian cyberspace
FROM THE MEDIA: A new mobile banking ‘Trojan’ virus — SOVA — which can stealthily encrypt an Android phone for ransom and is hard to uninstall is targeting Indian customers, the country’s federal cyber security agency said in its latest advisory. The virus has upgraded to its fifth version after it was first detected in the Indian cyberspace in July, it said. “It has been reported to CERT-In that Indian banking customers are being targeted by a new type of mobile banking malware campaign using SOVA Android Trojan.
READ THE STORY: The Hindu
Hive ransomware claims cyberattack on Bell Canada subsidiary
FROM THE MEDIA: The Hive ransomware gang claimed responsibility for an attack that hit the systems of Bell Canada subsidiary Bell Technical Solutions (BTS). BTS is an independent subsidiary with more than 4,500 employees, specializing in installing Bell services for residential and small business customers across the Ontario and Québec provinces. While the Canadian telecommunications company didn't reveal when its network was breached or the attack happened, Hive claims in a new entry added to its data leak blog that it encrypted BTS' systems almost a month ago, on August 20, 2022.
READ THE STORY: Bleeping Computer
The Effects of Ransomware on Science & Its Researchers
FROM THE MEDIA: Life sciences companies are particularly attractive targets for cyberattacks–an unwelcome attempt to steal or destroy information through unauthorized access to computer systems–because of the valuable intellectual property they frequently store and manage. Recent research into the top 20 global Fortune 500 pharma companies revealed that total breaches and records exposed since 2020 are escalating at an alarming rate.
READ THE STORY: PharmExec
CONTI Ransomware Gang Hit With Data Leak
FROM THE MEDIA: The data leak was made available via email to various security researchers and reporters. The message also read that there would be additional leaks soon. For a detailed view of all leaks, check out @ContiLeaks on Twitter. The person behind this account is likely the leaker himself. The leaker gained access to the gang’s XMPP chat server. This will surely be a blow to Conti’s reputation. It’s not yet known who’s responsible for the attack. The media calls the person responsible for the data leak a ‘Ukrainian researcher.’
READ THE STORY: Analytic Insight
Vulnerable airliner Wi-Fi
FROM THE MEDIA: SecurityWeek reports that two potentially serious vulnerabilities were identified in wireless LAN devices often used for Wi-Fi on airplanes. The vulnerabilities affect the Flexlan FX3000 and FX2000 series made by Contec, Necrum Security Labs researchers Thomas Knudsen and Samy Younsi discovered. “One of the security holes, CVE-2022-36158, is related to a hidden webpage that can be used to execute Linux commands on the device with root privileges. The device’s web-based management interface does not provide a link to this hidden page,” SecurityWeek says. “The second vulnerability, CVE-2022-36159, is related to a backdoor account and the use of a weak hardcoded password.
READ THE STORY: The Cyberwire
A closer look at how Florida is rebuilding IT operations
FROM THE MEDIA: On the Priorities Podcast, Florida Chief Information Officer James Grant says the state’s IT department is looking to move beyond a “sordid past” and toward a future that includes excellent cybersecurity services and strong support to agencies. Speaking at StateScoop and EdScoop’s IT Modernization Summit last month, Grant said the Florida Digital Service plans to be different. In a recent interview with StateScoop’s Colin Wood, he said the service will start by focusing on providing services internally with the hope of someday scaling them out to the public.
READ THE STORY: State Scoop
Ethereum Successfully Executes Highly-Anticipated Merge Event, Ushering in Proof-of-Stake Era
FROM THE MEDIA: At long last, the Ethereum merge has arrived. At 2:45 am EST, the Ethereum network successfully began its transition—with no hiccups—from proof of work to proof of stake, a historic feat anticipated by the crypto community for over five years. The upgrade has forever changed both how ETH is created and how transactions on the Ethereum network are validated. Up until the moment of the merge, ETH was generated by “mining,” an energy-intensive process by which individuals directed huge amounts of computer power at difficult-to-solve puzzles.
READ THE STORY: Decrypt
Iran Says Crew of Seized Greek Oil Tanker Replaced
FROM THE MEDIA: The crew of one of two Greek oil tankers seized by Iranian armed forces in May have been replaced by their company, Iran’s foreign ministry said Wednesday. The Revolutionary Guard Corps seized the ships in the Gulf days after Greece said it would deliver Iranian oil it had taken from a Russian tanker to the United States. The Russian ship, the Pegas, had been detained by Greece at the request of the United States, which has imposed crippling sanctions on Iran, particularly on its oil exports.
READ THE STORY: AAWSAT
Israeli Defense Minister: Iran Nuclear Deal 'in ER Room'
FROM THE MEDIA: Iran's 2015 nuclear deal with world powers is "in the ER room" and is unlikely to be renewed soon, if at all, Israeli Defense Minister Benny Gantz said on Thursday after European leaders voiced doubt about Tehran's willingness to revive the pact. Israel, Iran's arch-foe, supported the US withdrawal from the accord in 2018 under then-President Donald Trump, who deemed it too limited, and has been advocating against a re-entry into the pact sought by President Joe Biden's administration.
READ THE STORY: AAWSAT
Putin acted 'irrationally' in invading Ukraine, expert says
FROM THE MEDIA: The war in Ukraine, the Taliban’s rule in Afghanistan and the future of cybersecurity were among the topics discussed at Tuesday’s Future Security Forum, presented by New America and the McCain Institute at Arizona State University. The forum is an annual event of the Future Security Project, a research, education and policy partnership aimed at understanding and addressing global challenges. “What we basically do is boldly advance democracy, human dignity and security,” said Evelyn Farkas, the executive director of the McCain Institute. “We are committed to serving causes greater than ourselves and a vision of the world that is free, safe and just for all people.”
READ THE STORY: ASU
Items of interest
A Chinese Spy Wanted GE’s Secrets, But the US Got China’s Instead
FROM THE MEDIA: In January 2014, Arthur Gau, an aerospace engineer who was nearing retirement age, received an unexpected email from a long-lost acquaintance in China. Years before, Gau had made a series of trips from his home in Phoenix to speak at the Nanjing University of Aeronautics and Astronautics, or NUAA, one of China’s most prestigious research institutions. The original invitation had come from the head of a lab there studying helicopter design. Increasingly, however, Gau had heard from someone else, a man who worked at the university in a vague administrative capacity. Little Zha, as the man called himself, was the one who made sure Gau never had to pay his own airfare when he came to give talks. When Gau brought his mother on a 2003 visit, Zha arranged and paid for them to take a Yangtze cruise to see the river’s dramatically sculpted middle reaches before they were flooded by the Three Gorges Dam.
READ THE STORY: Bloomberg
Exploiting Google Translate For Crypto Mining (Video)
FROM THE MEDIA: Exploiting Google Translate For Crypto Mining.
Sometimes the Best Hacking Tool Is Confidence Darknet Diaries Ep. 41: Just Visiting (Video)
FROM THE MEDIA: A break-in expert and a network cracker team up to infiltrate an international manufacturing business. Even though they're the good guys, they can't help but feel guilty.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com