Saturday, Sept 10, 2022 // (IG): BB //Sponsor: VetSec
I'm reminded of 'The Early Bird", 'cept your posts are seemingly on semantically-enhanced steroids. - 2600hz
Iranian Actors Targeted SHAREPOINT flaw in Attack on Albania
FROM THE MEDIA: The initial intrusion into the Albanian government’s networks that eventually led to ransomware deployment and the theft and destruction of data was accomplished by exploiting an old, known vulnerability in a SharePoint server, researchers at Microsoft who helped investigate the incident said in a new analysis of the attack. While the disruptive portion of the attack didn’t happen until July 15, one of the four Iranian-affiliated attack groups involved in the operation gained access to the Albanian government’s systems as early as May 2021.
READ THE STORY: DUO
Worok cyberespionage group active in Central Asia and the Middle East
FROM THE MEDIA: ESET has released research into a threat group it's calling "Worok." They characterize it as sophisticated, and while "sophisticated" is thrown around a lot, in this case ESET uses it with some justice. "Worok is a cyberespionage group that develops its own tools, as well as leveraging existing tools, to compromise its targets." The motive is espionage. "Stealing information from their victims is what we believe the operators are after because they focus on high-profile entities in Asia and Africa, targeting various sectors, both private and public, but with a specific emphasis on government entities."
READ THE STORY: The CyberWire
National Critical Infrastructure Under Attack: Clop Ransomware
FROM THE MEDIA: The recent criminal cyber activity on the IT infrastructure on Monday caused a U.K. water supplier to experience a disturbance in its corporate IT systems. The company insists that its water delivery was unaffected. The UK water company confirmed they activated their continuity of operations plan and cybersecurity response plan, along with notifying the United Kingdom’s legal authorities. According to a report on Bleepingcomputer, the Clop ransomware gang claimed responsibility for an attack on a U.K. water company. The cybercriminals claim the Thames Water and not South Staffordshire was the target. The fallout from the cyber attack against the UK water system.
READ THE STORY: Security Boulevard
Monti, the New Conti: Ransomware Gang Uses Recycled Code
FROM THE MEDIA: Analysts have discovered a ransomware campaign from a new group called "Monti," which relies almost entirely on leaked Conti code to launch attacks. The Monti group emerged with a round of ransomware attacks over the Independence Day weekend, and was able to successfully exploit the Log4Shell vulnerability to encrypt 20 BlackBerry user hosts and 20 servers, BlackBerry's Research and Intelligence Team reported.
READ THE STORY: Dark Reading
Ransomware attack knocked a Kentucky city-operated ISP offline before holiday
FROM THE MEDIA: As tourists descended on Bardstown, Kentucky — the “Bourbon Capital of the World” — for Labor Day weekend, the town had a problem: A ransomware attack hit the local government, knocking municipal internet service provider (ISP) Bardstown Connect offline. The initial outage struck last Friday and lasted 18 hours, the Nelson County Gazette reported. Bardstown is a small city of roughly 13,000 people — and Bardstown Connect is the high speed ISP for a large portion of the city’s residents and local businesses.
READ THE STORY: The Record
US imposes new sanctions on Iran over Albanian cyberattack
FROM THE MEDIA: The Biden administration has imposed new sanctions on Iran’s Ministry of Intelligence and Security over what it called “malign cyber activities” as the two countries struggle to find a way back into the 2015 nuclear deal. The United States Treasury Department said on Friday that the sanctions were in response to a July cyberattack that disrupted government websites in Albania, which Washington and Tirana blamed on Tehran.
READ THE STORY: Aljazeera
Facebook’s Influence Diminishes Further As the App’s Login Button Disappears From Websites
FROM THE MEDIA: So many different websites used to resort to social media logins and one of the most popular ones had to be logging in through your Facebook credentials. However, that’s no longer the case. A number of famous companies like Dell have removed the option and simply cite the reason to be privacy concerns. Yes, according to them and many experts too, social logins are not safe and if you wish to ward off security threats, this is the best way forward. It was just a month back when shoppers on various websites could purchase their dream laptop and then log in using the app’s credentials. They didn’t wish to enter into the hassle of another new login ID and a password. As it is, we have plenty. But now, that convenience has been eliminated.
READ THE STORY: Digital Information World
Hacker Moves $500K in DAI Through Tornado Cash From DAO Maker Exploit
FROM THE MEDIA: PeckShield and CertiK said an Ethereum address associated with an exploit last year of DAO Maker has laundered 500,000 DAI stablecoins through Tornado Cash, using fake browser plugins to gain control of the funds they robbed. “We are seeing a movement of $500,000 DAI to @TornadoCash from EOA 0x0B789. The address is directly connected to the DAOMaker exploiter who stole funds from @TheDaoMaker” Peckshield said in a tweet.
READ THE STORY: Be In Crypto
Sensitive NATO Data Stolen in Cyberattack on Portugal’s Armed Forces
FROM THE MEDIA: Portugal’s leading news outlet Diário de Notícias reported that the country’s central military unit EMGFA was targeted in a cyberattack. The attack resulted in the exfiltration of hundreds of confidential NATO documents sent to Portugal. Reportedly it was a prolonged and unprecedented cyberattack. The stolen files are currently up for sale on the Dark Web. Portugal was also a victim of a security breach in 2018 involving leaking sensitive NATO and EU documents. Portuguese intelligence officer Frederico Carvalho Gil was found guilty of spying for Russia and was convicted for selling classified documents to a Russian agent.
READ THE STORY: Hack Read
Hack Microsoft Teams with a GIF? It’s possible, the proof
FROM THE MEDIA: The popularity and ubiquity of Microsoft software make it a prime target for hackers of all stripes. Security researchers have unveiled a phishing technique which, due to its appeal and if used on a large scale, could cause damage. This attack named GIFShell would allow hackers to use Microsoft Teams to steal user data. They exploit no less than seven vulnerabilities in the collaborative communication application to not only steal personal data, but also to execute commands. Nothing out of the ordinary so far.
READ THE STORY: Gear Rice
US sanctions Iranian spy agency for alleged hacking campaigns against US and allies
FROM THE MEDIA: The US Treasury Department on Friday sanctioned Iran’s Ministry of Intelligence and Security and its leader for allegedly conducting various hacking campaigns against the US government and its allies, including a July cyberattack that disrupted Albanian government services. The Treasury accused the Iranian spy agency and Esmail Khatib of overseeing “several networks” of hackers involved in cyber espionage and ransomware attacks in “support of Iran’s political goals.”
READ THE STORY: CNN
It's Been a Minute. Guess How Much Crypto's Been Stolen Lately
FROM THE MEDIA: Cryptocurrencies haven’t been doing so hot lately. The last three or four months have seen prices plummet, and the general outlook for crypto bros (and gals) has been grim. But crypto’s cruel summer and the instability that’s come with it haven’t changed the fact that fraud, theft, and financial mayhem are still going strong in the web3 world! Approximately four months ago, we did a roundup of the biggest crypto heists of the year. At that point, in early May, a little over a billion dollars had already been stolen in various hacking incidents.
READ THE STORY: GIZMODO
Qnap Warns Of Zero-day Vulnerability In Latest Deadbolt Ransomware Campaign
FROM THE MEDIA: QNAP, a manufacturer of data storage devices, sent a warning to its clients over the weekend, stating that the DeadBolt ransomware organization was exploiting a zero-day vulnerability that had just been patched. The security team at QNAP informed The Record on September 3 that they had uncovered a new DeadBolt campaign. The spokesman warned that there is a “high risk” if an internet-connected NAS installs the program Photo Station.
READ THE STORY: Tech Ballad
Ukraine Invasion Growing “A Tsunami of Cyberattacks”
FROM THE MEDIA: Cyberattacks thrive on confusion, a lack of knowledge about systems and assets, and any, usually quite common, points of weakness. Any major period of turbulence in a country will likely make a whole raft of businesses more vulnerable to cyberattack than they have previously been. That means that in pure principle, it should be no surprise that in recent months, cyberattacks on Ukraine’s government and military sector have more than doubled, increasing by 112% overall, according to new findings from Check Point Research (CPR).
READ THE STORY: T_HQ
US sanctions Iranian company that shipped drones to Russia
FROM THE MEDIA: The United States on Thursday placed sanctions on an Iranian company that helped to ship drones to Russia for use in Ukraine, and warned non-Iranian firms against becoming involved in the trade. The US Treasury said it had placed Tehran-based Safiran Airport Services on its sanctions blacklist, two months after the White House divulged intelligence that Russia was seeking Iranian unmanned aerial vehicles (UAVs) for its war on Ukraine. The Treasury said Safiran has coordinated Russian military flights between Iran and Russia, including those that carried the UAVs, personnel and related equipment.
READ THE STORY: The New Arab
Data tracking poses a 'national security risk' FTC told
FROM THE MEDIA: The massive amounts of digital data being bought and sold — or sometimes freely shared — poses a grave national security risk, according to a former US policymaker and diplomat. During a Federal Trade Commission (FTC) hearing on commercial surveillance this week, Karen Kornbluh, the former US OECD ambassador and FCC exec who now leads the Digital Innovation and Democracy Initiative at the German Marshall Fund, urged the watchdog agency to enact stricter data privacy rules to protect consumers.
READ THE STORY: The Register
Elon Musk confirms talks with Apple about enabling Starlink for iPhone
FROM THE MEDIA: Apple has recently revealed the new iPhone 14, and according to Apple's "Far Out" event presentation, the new device supports satellite connectivity for the first time. The iPhone 14 is the very first Apple product to support satellite connectivity, and the company is marketing the connectivity as an emergency feature that is only meant to be used in dire situations. Apple says the feature isn't designed to replace cellular connectivity, but that hasn't stopped speculative questions such as a possible partnership between SpaceX and its Starlink satellite internet service and Apple.
READ THE STORY: Tweak Town
Weaponization of Commercial Drones is a Global Threat
FROM THE MEDIA: Nation-state military operations in Ukraine, Syria, and Nagorno Karabakh underline how drones are integral to modern military operations. One of the lessons Russians took from the 2020 Nagorno-Karabakh war was how mass use of loitering munitions is key to military success. Lessons from these conflicts are now becoming incorporated by nonstate actors in low-intensity operations. Military operations from the first Gulf war to the conflict in Ukraine today, have migrated technologies and methods into the hands of insurgents, terrorists, criminal actors, industrial spies, conventional forces and more.
READ THE STORY: Security InfoWatch
Offensive cyber operations vs China, Russia justified
FROM THE MEDIA: Offensive cyber operations conducted by the U.S. have been touted by FBI and Justice Department officials as crucial in disrupting Chinese threat operation Hafnium and Russia's Cyclops Blink botnet over the past two years, reports The Record, a news site by cybersecurity firm Recorded Future. "The Bureau and DOJ [have] been criticized publicly about those actions because its an overstep of privacy, but I think its important to understand what's behind them. In all these scenarios, we published multiple cybersecurity advisories in tandem with the mitigation and remediation guidance from the affected vendor," said FBI Cyber Division Assistant Director Bryan Vorndran.
READ THE STORY: SCMAG
North Korea will ‘automatically’ launch nukes if Kim killed
FROM THE MEDIA: North Korea will launch a nuclear retaliation “automatically and immediately” if KIM JONG UN is incapacitated in an attack, according to a new law, codifying for the first time that the leader has delegated his strike authority under that severe condition. The legislation, passed by Kim’s rubber-stamp parliament, also allows for preemptive nuclear strikes if North Korea judges that foreign weapons will soon streak toward its strategic targets or state leadership.
READ THE STORY: Politico
Feds freeze $30m in cryptocurrency stolen from Axie Infinity
FROM THE MEDIA: Federal investigators and private companies seized $30 million in cryptocurrency stolen in March by North Korean-linked APT gang Lazarus Group from a video game developer, the latest example of the growing skills of government and cybersecurity experts to track and recover such ill-gotten gains. News of the seizure was announced this week at AxieCon, the user conference for Axie Infinity, the video game developed by Sky Mavis that allows players to win Ethereum. In March Sky Mavis saw the Lazarus Group steal $620 million from a decentralized finance (DeFi) platform used by the game and launder the bulk of it.
READ THE STORY: The Register
Fat Leonard left ankle monitor in water cooler before making his escape
FROM THE MEDIA: Investigators have few leads into the disappearance of military contractor Leonard Francis, known as "Fat Leonard," who pleaded guilty to corruption and was days away from being sentenced when he cut off his home GPS ankle monitoring bracelet and fled. On Sunday, U.S. Marshals received a call reporting a problem with Francis' tracking bracelet. When they arrived at his home, it had been completely cleared out, with the exception of a cooler that held Francis' bracelet inside — covered by water — the Marshals Service said.
READ THE STORY: CBS NEWS // The Hill
Ukraine Warns Russian Cyber Onslaught Is Coming
FROM THE MEDIA: Ukraine is bracing for a new wave of Russian cyberattacks likely aimed at freezing its citizens in coming months and crippling its spending power. The attacks, according to an assessment shared Friday by a top Ukrainian cyber official, are expected to include precision cyber strikes, combining virtual efforts against key systems with physical action targeting critical infrastructure as winter approaches.
READ THE STORY: VOA News
GRU-backed cyberattacks: What they are, how to defend against them
FROM THE MEDIA: The most notorious cyber-attack groups are those backed by the Russian GRU. For those who are unfamiliar, the GRU is the Main Directorate of the General Staff of the Armed Forces of the Russian Federation. These threat actors have been active for some time, including the attacks against the Democratic National Committee, the 2016 presidential campaign, a U.S. nuclear facility, an international chemical weapons non-proliferation organization, and many others.
READ THE STORY: SCMAG
How this phishing platform is helping amateur hackers to bypass multi-factor authentication
FROM THE MEDIA: A reverse-proxy Phishing-as-a-Service (PaaS) platform, named -- EvilProxy is reportedly assisting novice hackers to steal authentication tokens that will help them to bypass multi-factor authentication (MFA) on major websites like Apple, Google, Facebook, Microsoft, Twitter and more. According to a report by US-based cybersecurity firm Resecurity, the EvilProxy platform is also helping “low-skilled” cyber attackers that don't even know how to set up reverse proxies to compromise online accounts that are otherwise secure.
READ THE STORY: Times of India
U.S. accuses Russia of war crime by forcibly deporting Ukrainians
FROM THE MEDIA: The United States accused Moscow of committing a war crime on Wednesday by forcibly deporting Ukrainians to Russia and said it has information that Russian officials are overseeing so-called filtration operations. "These operations aim to identify individuals Russia deems insufficiently compliant or compatible to its control," U.S. Ambassador to the United Nations, Linda Thomas-Greenfield, told the U.N. Security Council.
READ THE STORY: Reuters
US citizenship systems vulnerable to ‘major’ malicious cyberattacks, Homeland Security watchdog finds
FROM THE MEDIA: The Department of Homeland Security inspector general said sensitive data held by United States Citizenship and Immigration Services systems could be vulnerable to cyberattacks by malicious actors, saying deficiencies in the agency’s IT security could "limit" DHS’s capability to "overcome a major cybersecurity incident." Fox News Digital exclusively obtained the report by DHS Inspector General Joseph Cuffari. The Office of Inspector General notified USCIS of the findings and recommendations to improve controls to restrict unauthorized access to its systems and information.
READ THE STORY: Fox News
Syria, Iran opens an intelligence center in Palmyra
FROM THE MEDIA: ran seeks to improve security for its interests in eastern Syria under the guise of fighting the Islamic State. The Revolutionary Guards (IRGC) have opened an intelligence center, Tehran’s first in the Middle Eastern nation, in Palmyra. Objective: to collect information on the enemies in the area. Officially, the focus is on the militiamen of the Islamic State, very active in the Badia al-Sham desert despite periodic operations on the ground by the Damascus army (SAA) and allied militias, as well as Russian air raids.
READ THE STORY: Difesa & Sicurezza
NATO ‘in no position’ to accuse Iran of cyber-attack: Embassy
FROM THE MEDIA: In a Friday statement a copy of which was published on its Twitter account, the Iranian diplomatic mission "categorically" rejected the "baseless accusations." "NATO and its Members not only kept silent on cyber-attacks against Iran's infrastructural and nuclear facilities but also directly or indirectly had aided and abetted these acts of cyber sabotage," said the mission. "They have no standing to level such accusations against Iran."
READ THE STORY: PressTV
Your APIs Have No Clothes
FROM THE MEDIA: The rapid move to a distributed workforce during the pandemic turbocharged cloud adoption and, as a result, exponentially expanded the attack surface. Today’s digital economy mostly consists of online applications in public or private clouds. They are all connected via APIs, increasing the number of access points attackers can use to gain unauthorized access to systems and networks. In fact, 83% of internet traffic is API-based, according to Akamai. And earlier this year, Gartner cited APIs as the most significant attack vector in 2022.
READ THE STORY: Security Boulevard
Former Conti Ransomware Members Join Initial Access Broker Group Targeting Ukraine
FROM THE MEDIA: Former members of the Russia-linked Conti ransomware gang are repurposing their tactics to join in with an initial access broker (IAB) that's been targeting Ukraine in a series of phishing campaigns that occurred over a recent four-month span. Google Threat Analysis Group (TAG) has been tracking recent activity of a group it identifies as UAC-0098, which researchers think now includes former members of the notorious ransomware actor.
READ THE STORY: Dark Reading
Indictment of 11 Reveals How Suspects Allegedly Supplied Cartel Scouts in Arizona
FROM THE MEDIA: Roxy Acosta-Quintana drove to her mother's house one day in October 2015 — to pick up camping supplies for drug-cartel scouts, federal officials say. With the help of someone she didn't know was an informant, records state, Acosta-Quintana transported the supplies to men whose job entails hiding in the desert for weeks on end. She's part of a group of 10 U.S. citizens and one Mexican national accused by the feds of running a sophisticated resupply operation for some of the "vast network" of cartel scouts.
READ THE STORY: Phoenix New Times
49ers sued by Atlanta Falcons employee over Super Bowl week data breach
FROM THE MEDIA: An employee of the NFL’s Atlanta Falcons sued the San Francisco 49ers on Friday in federal court, saying the team exposed her social security number and other personal information in a data breach and then failed to adequately notify her and more than 20,000 other potential victims for months. The plaintiff, Samantha Donelson, said in her lawsuit that she got caught up in the breach — the result of an attack by a ransomware gang — because the 49ers store personal information on “employees, vendors, and other business partners.
READ THE STORY: SF Chronicle
8 Online Best Dark Web Search Engines for Tor Browser (2022)
FROM THE MEDIA: The Dark Web, also known as the Dark Net, is a part of the Internet that is not accessible through standard web browsers. It can only be accessed through specialized software such as the Tor browser. The Dark Web is often associated with illegal activity such as cybercrime including drug dealing, child abuse, and terrorism. However, there are also many legitimate uses for the Dark Web, such as anonymity for whistleblowers and journalists. Facebook and Twitter also have their dark web domains. (If you didn’t know now you know). Despite its reputation, the Dark Web is a relatively small part of the overall Internet. It is estimated that only around 4% of all websites are accessible through the Tor browser.
READ THE STORY: HackRead
Items of interest
Russia, China to fight together against NATO expansion
FROM THE MEDIA: Li Zhanshu made the remarks speaking at a meeting with the leaders of State Duma factions on Friday, Tass reported.
"They (NATO countries) hammer together narrow-bloc structures as well as implement Indo-Pacific strategy precisely in order to contain our development through two oceans - the Pacific Ocean and the Indian Ocean. From this standpoint, the pertinence of bolstering our strategic interaction will only grow and we will battle together their hegemony and the policy of force," he noted.
The official noted that the joint counteraction to American hegemony, harassment and the policy of force is an important direction in strategic interaction of both countries. "We see how nowadays, the Americans view Russia and China as their strategic rivals in order to maintain its domination worldwide. And they implement the double containment against us. This is about unchecked NATO expansion eastward and profound meddling in the affairs of the Asia-Pacific region. As well as about their attempt to reduce our strategic space on the Eurasian continent," he added.
READ THE STORY: MEHR
Whispers Among the Stars (Video)
FROM THE MEDIA: Space is changing. The number of satellites in orbit will increase from around 2,000 today to more than 15,000 by 2030. This briefing provides a practical look at the considerations an attacker may take when targeting satellite broadband communications networks. Using $300 of widely available home television equipment I show that it is possible to intercept deeply sensitive data transmitted on satellite links by some of the world's largest organizations.
What Makes Israel So Good at Hacking?(Video)
FROM THE MEDIA: Ever wonder what makes Israel so good at hacking? How does a small country like Israel consistently produce some of the world’s best hackers and cybersecurity practitioners? What does it take to make it to elite military cyber units like Unit 8200 and Unit 81?
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com