Tuesday, Sept 13, 2022 // (IG): BB //Sponsor: VetSec
I'm reminded of 'The Early Bird", 'cept your posts are seemingly on semantically-enhanced steroids. - 2600hz
Iranian military using spoofed personas to target nuclear security researchers
FROM THE MEDIA: Hackers connected to Iran’s Islamic Revolutionary Guard Corps are allegedly using multiple personas in phishing emails to target organizations and people with information on Israel and several Gulf States, the Abraham Accords, and nuclear arms control, according to new research. A report published Tuesday from cybersecurity firm Proofpoint tied the campaign to Iranian state-sponsored threat actor TA45
READ THE STORY: The Record
Misinformation and propaganda in the authoritarian internet
FROM THE MEDIA: On my sixth birthday, my father gifted me a globe of the world. It is the best birthday present I have ever received. You see, I grew up in a cramped apartment in Baku, Azerbaijan. But even in our small corner of this world on the edge of the Soviet Empire behind the Iron Curtain, when my father and I read Stefan Zweig’s book on Magellan together, I could dream of the vast world beyond. Night by night, we traced our fingers along the boundless oceans of that globe and I marveled at all there was to see beyond the confines of the Soviet world.
READ THE STORY: Security Boulevard
Cybercriminals Use Cloud for DDoS Attacks
FROM THE MEDIA: Over the past couple of years there has been a significant focus on phishing, ransomware and other threats that attack online users. While this focus is certainly prudent given the rise in those types of activities, it’s important to not take your eye off more “traditional” type attacks, such as distributed denial of service (DDoS). DDoS attacks have created havoc for security professionals for decades and show no sign of abating.
READ THE STORY: Eweek
What Is De-Anonymization and How Can You Prevent It
FROM THE MEDIA: It's no secret that applications, search engines, websites, even operating systems collect our data, and sell it to the highest bidder. Giving up some privacy in order to use a piece of software is an acceptable compromise for most, especially if that software is free. After all, this data cannot be used to identify you personally, right? Unfortunately, this is not really the case. If not careful enough, each and every one of us can be identified through a process called de-anonymization.
READ THE STORY: MUO
Ransomware attackers are abusing VoIP software to breach organizations
FROM THE MEDIA: Ransomware attackers are abusing flaws in VoIP software to breach organizations and achieve initial access, researchers are warning. Cybersecurity experts from Arctic Wolf Labs are warning about CVE-2022-29499, a remote code execution vulnerability found in Mitel MiVoice VOIP(opens in new tab) appliances, being used by the Lorenz threat actor to attack certain companies.
READ THE STORY: TechRadar
China’s next Taiwan targets are lifelines of the US economy
FROM THE MEDIA: U.S. firms are increasingly second-guessing their exposure in China and Taiwan for various reasons. Tensions over Taiwan remain elevated after House Speaker Nancy Pelosi’s recent visit, with military exercises on both sides of the Taiwan Strait inching toward live-fire shooting. Meanwhile, Chinese President Xi Jinping’s zero COVID policy continues to cause unexpected and disruptive factory shutdowns, and new U.S. restrictions on imports made with Chinese Uyghur forced labor threatens billions of dollars of U.S. companies’ revenues.
READ THE STORY: The Hill
The US over the Horizon Counterterrorism War from Pakistan
FROM THE MEDIA: In the face of the growing political and security crisis caused by China in East Asia, the US is trying to expand its military presence in South Asian countries and use Pakistan’s air space geo-political and counterterrorism objectives. When the Afghan Taliban came to power in Afghanistan for the second time on August 15, 2021, and on August 30, the 20-year military presence of the United States in Afghanistan came to end completely, while undermining the military and political presence of the United States not only in South Asia but also in the Middle East.
READ THE STORY: Modern Diplomacy
Expect ‘Fluidity’ From Threat Actors Ahead of The Midterm Elections
FROM THE MEDIA: With the U.S. midterm elections approaching in two months, security researchers are warning election organizations and administrators, political parties and government officials to stay vigilant against imminent espionage campaigns and other threats. As previous U.S. election cycles have proved, the security challenges facing elections are multi-pronged and include disinformation campaigns aimed at swaying voter opinions, disruptive cybercriminal activity like ransomware or distributed denial-of-service (DDoS) attacks targeting election-related infrastructure and espionage attacks.
READ THE STORY: DUO
RaidForums' Successor
FROM THE MEDIA: KELA released a report today describing BreachForums (also known as Breached), a cybercrime forum that’s risen in response to the closure and seizure of RaidForums. The site, launched by the threat actor whose nom-de-hack is “pompompurin,” offers database leaks, login credentials, adult content, and hacking tools. Breached launched only a few weeks after RaidForums was closed, and has quickly risen to become the new platform for database exchange, with 82,000 registered users, which continues to increase. Besides that, the forum is active with monthly posts, and with participation by known actors from RaidForums.
READ THE STORY: The Cyber Wire
Beijing rebukes U.S. over alleged cyberattack on Chinese university
FROM THE MEDIA: China denounced the U.S. Embassy in Beijing following a joint report from two of the country’s most prominent cyber authorities accusing the National Security Agency of stealing “sensitive information” from Chinese institutions. In a statement published Sunday, Yang Tao, the director-general of American affairs at China’s Ministry of Foreign Affairs, said: “The actions of the U.S. side have seriously violated the technical secrets of relevant Chinese institutions and seriously endangered the security of China’s critical infrastructure, institutions and personal information, and must be stopped immediately.”
READ THE STORY: The Record
Ex-Google CEO Says Ukraine Proves Value Of IT In War
FROM THE MEDIA: Ukraine has been a very effective proving ground for the use of contemporary information technology in war, from satellite dishes to smartphone apps, Eric Schmidt, the former Google chief executive, said Monday. Schmidt, now a US government consultant on artificial intelligence, told reporters after a 36-hour visit to the country that the civilian tech sector has been crucial to Kyiv's defense.
READ THE STORY: Barrons
Starlink appeals FCC rejection of $886M grant, calls reversal “grossly unfair”
FROM THE MEDIA: SpaceX's Starlink division has appealed the Federal Communications Commission decision to block it from receiving $885.51 million in broadband funding. Starlink called the funding reversal "grossly unfair" and "flawed as a matter of both law and policy." The appeal submitted Friday asks the commission to undo the FCC's Wireline Competition Bureau ruling from last month. The FCC isn't likely to reverse the decision, as it had the public support of Chairwoman Jessica Rosenworcel. But SpaceX's action could be a precursor to filing a lawsuit against the FCC.
READ THE STORY: Arstechnica
Kaspersky uncovers details about active cyber-espionage campaign
FROM THE MEDIA: Nearly 10 years since Kaspersky experts unmasked an active cyber-espionage campaign primarily targeting South Korean think-tanks, the state-sponsored group known as Kimsuky continues to show prolific updating of tools and tactics. Kaspersky's senior expert revealed more of his findings, including the possibility of this Advanced Persistent Threat (APT) threat actor expanding its operations with its abundant capabilities.
READ THE STORY: Security Brief
High Severity Vulnerabilities Found in HP Enterprise Devices
FROM THE MEDIA: The Binarly security research team has disclosed six high–severity firmware vulnerabilities the company found over the course of the year. First discussed at the Black Hat 2022 conference, the flaws affect HP EliteBook devices and have Common Vulnerability Scoring System (CVSS) scores between 7.5 and 8.2. “A firmware implant is the final goal for an attacker to maintain persistence," Binarly wrote in an advisory last Thursday. “The attacker can install the malicious implant on different levels of the firmware, either as a modified legitimate module or a standalone driver.”
READ THE STORY: InfoSecMag
Information warfare against India - the China angle
FROM THE MEDIA: The Internet has brought a paradigm shift in information warfare (IW) that considers information not only as a target but also as a tool to conduct overt and covert operations. Having taken a giant leap in cyber technology over other global players, including from US and West, Chinese companies like Huawei and ZTE, amongst others, pose a big cyber threat to the world, including the Indo-Pacific region.
READ THE STORY: WION
Cisco Data Breach Attributed to Lapsus$ Ransomware Group
FROM THE MEDIA: A month after confirming its systems were breached, networking giant Cisco reported that the attack was a failed ransomware attempt conducted on behalf of the Lapsus$ group. The cybercriminals obtained access to Cisco's systems with a social engineering attack that began with an attacker taking control of an employee's personal Google account, where credentials saved in the victim’s browser were being synchronized. Then, in a series of sophisticated voice phishing attacks, the gang convinced the victim to accept multifactor authentication (MFA) push notifications, giving crooks the ability to log in to the corporate VPN as if they were the victim.
READ THE STORY: DarkReading
Lorenz ransomware breaches corporate network via phone systems
FROM THE MEDIA: The Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises, using their phone systems for initial access to their corporate networks. Arctic Wolf Labs security researchers spotted this new tactic after observing a significant overlap with Tactics, Techniques, and Procedures (TTPs) tied to ransomware attacks exploiting the CVE-2022-29499 bug for initial access, as Crowdstrike reported in June.
READ THE STORY: Bleeping Computer
Ransomware attack against LAUSD claimed by Vice Society operation
FROM THE MEDIA: BleepingComputer reports that the Vice Society ransomware gang has admitted responsibility for the ransomware attack against Los Angeles Unified School District over the Labor Day weekend. Despite confirming its hand in the attack against the second-largest school district in the U.S., Vice Society has not yet published any proof of the intrusion although it said that files have been stolen prior to ransomware encryption, which a representative later claimed to be 500GB of data.
READ THE STORY: SCMAG
Novel Monti ransomware’s association with Conti examined
FROM THE MEDIA: Recently discovered Monti ransomware, which emerged following the demise of the Conti ransomware operation, is having its origins investigated by security firms, reports PCMag. Intel471 researchers were unsure whether Monti is a rebranded iteration of Conti or merely a new variant based on leaked Conti ransomware source code. However, a report from BlackBerry has assessed Monti as more of a Conti copycat that emulated Conti's tactics based on the leaks in February.
READ THE STORY: SCMAG
IKOULA and ESET join forces to block ransomware and zero-day threats
FROM THE MEDIA: With the resurgence of cyber-attacks, which are ever more violent and paralyzing for companies, IKOULA has joined forces with ESET to offer companies a professional endpoint protection solution against ransomware and zero-day threats. At a time when cyber-risks must be approached in the same way as all other business risks, IKOULA is strengthening its range of cyber-protection solutions, and now offers to its customers the ESET solution: a solution created to protect all company’s workstations from a single interface, whether they are desktop computers, laptops, or mobile devices.
READ THE STORY: HelpNetSecurity
US Treasury sanctions Iran intelligence agency following Albanian government attack
FROM THE MEDIA: The designation comes at a time of heightened tension between Iran and the U.S. and its allies. President Joe Biden recently took military action against Iran-linked groups in Syria and talks have intensified in recent weeks in an attempt to renegotiate the Iran nuclear deal. “MOIS carries out cyber espionage and disruptive ransomware attacks on behalf of the Iranian government in parallel with the other Iranian security services the Islamic Revolutionary Guard Corps,” John Hultquist, VP at Mandiant Threat Intelligence, said in a statement.
READ THE STORY: Cyber Security Dive
VMware launches innovations for multi-cloud networking, security
FROM THE MEDIA: Multi-cloud services provider VMware recently announced new innovations across its expanding networking and security portfolio that will help customers embrace the cloud operating model. These new innovations include Project Northstar for multi-cloud networking, security and end-to-end visibility; expansion of network detection and visibility to the Carbon Black Cloud endpoint protection platform, with early access available now; Project Trinidad that extends and advances VMware’s API security and analytics; and Project Watch, a new approach to multi-cloud networking and security that provides advanced app to app policy controls.
READ THE STORY: Back End News
Cybersecurity and Infrastructure Security Agency Exposed for ‘Ministry of Truth’ Dirty Work
FROM THE MEDIA: The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is supposed to be a government entity that “works with partners to defend against today’s threats and collaborates to build a more secure and resilient infrastructure for the future.” Lately, however, it has instead been in the business of censoring information on private social media platforms, at universities, and more. This is strikingly similar to other disinformation efforts at the DHS, the White House, and other parts of the Biden administration that have come to light recently.
READ THE STORY: Daily Signal
US Federal Agencies Want Information Of BTC Wallets Of Ransomware Attackers
FROM THE MEDIA: Three federal institutions based in the US, taking into account the Multi-State Information Sharing and Analysis Center, the Cybersecurity and Infrastructure Security Agency, and the Federal Bureau of Investigation (FBI), mutually released an advisory pursuing the information to catch the ransomware attackers.
READ THE STORY: Herald Sheets
This fearsome new Linux malware will send a shudder down the spines of IT professionals
FROM THE MEDIA: A brand new Linux malware(opens in new tab) strain capable of different kinds of nasties has been detected, capable of abusing legitimate cloud services to stay hidden in plain sight. Cybersecurity researchers from AT&T Alien Labs recently discovered(opens in new tab) the malware and named it Shikitega. It comes with a super tiny dropper (376 bytes), using a polymorphic encoder that gradually drops the payload. That means that the malware will download and execute one module at a time, making sure it stays hidden and persistent.
READ THE STORY: TechRadar
Investors, analysts question Biden's plan to limit U.S. investments in Chinese tech
FROM THE MEDIA: The Biden administration is working feverishly to finalize an executive order that is expected to monitor and possibly curtail American investment in Chinese technologies, the latest in a series of White House efforts to counter what it sees as the growing digital threat posed by China. The executive order effort is an outgrowth of Congressional debate on recently passed legislation to strengthen domestic semiconductor manufacturing and research capabilities.
READ THE STORY: CyberScoop
Musk says SpaceX discussed iPhone satellite service With Apple
FROM THE MEDIA: According to Elon Musk, SpaceX held talks with Apple Inc. about using Starlink connectivity for the iPhone's new satellite features. Elon said the companies have had “promising conversations,” adding that Apple’s iPhone team is “super smart.” This tweet came the day after Apple's iPhone 14 unveiling event where Apple announced the Emergency SOS via satellite. This new feature will allow iPhone 14 users to reach emergency services using satellite communication in remote areas.
READ THE STORY: Not a Tesla App
The hacktivist collective GhostSec claimed to have compromised 55 Berghof PLCs used by Israeli organizations.
FROM THE MEDIA: On September, 4th, 2022, GhostSec announced on social media and its Telegram channel that it has compromised 55 Berghof PLCs used by organizations in Israel. GhostSec also published a video demonstrating a successful log-in to the PLC’s admin panel along with screenshots of an HMI screen showing some phases of the attack, including the block of the PLC.
READ THE STORY: Security Affairs
When DevOps and cyber security collide
FROM THE MEDIA: Security bugs in code are a bit like reality shows and Instagram influencers: an irritant we were once willing to tolerate which has subsequently grown to become a much more serious problem. The National Vulnerability Database (NVD) classified fewer than 2,000 common vulnerabilities and exposures (CVEs) in 2001. Last year, that number hit 20,000 for the first time. That's partly because we're better at detecting them than we used to be, but it's also due to a proliferation of software. It brings the problem of application security home. So how can we stop the rot and get those bug numbers down?
READ THE STORY: The Register
U.S., China in Artificial Intelligence Arms Race
FROM THE MEDIA: The United States could be at a technological disadvantage if China meets its artificial intelligence development goals by 2030, according to a new report. The Special Competitive Studies Project released a new study called “Mid-Decade Challenges to National Competitiveness” on Sept. 12. China has and continues to invest heavily in the three “battlegrounds” for technological superiority: semiconductors, artificial intelligence and 5G, CEO Ylli Bajraktari said at a Defense Writers Group event.
READ THE STORY: National Defense Magazine
Chinese-linked cyber crimes nab $529 million from Indian nationals
FROM THE MEDIA: Chinese scammers have reportedly stolen a whopping $529 million dollars from Indian residents using instant lending apps, lures of part-time jobs, and bogus cryptocurrency trading schemes, according to the cyber crime unit in the state of Uttar Pradesh. As of last April, the coppers had busted a network of criminals worth around $378 million, but that total did not include the cryptocurrency-related frauds. According to local media reports, the scammers promoted their fraud through bulk TXT messages that the police tracked to the Middle Kingdom, with some operators located in Nepal and working under direction by Chinese threat actors. Fake websites and crypto apps were set up to lure in investors.
READ THE STORY: The Register
Items of interest
How AI and ML are Impacting DOD and CIA’s Future
FROM THE MEDIA: Two reports released last Wednesday raise separate questions about the ability of the Defense Department (DoD) and Intelligence Community (IC) to meet the challenges of future computerized warfare.
One report, from the Government Accountability Office (GAO), is more traditional in nature. It deals with the DoD and IC not having developed an effective common approach to acquiring commercial satellite imagery, nor have they provided guidance to their various agencies on use of commercial analytic services that use remote sensor data.
GAO suggested, for example, “Defined roles could include the Army buying GEOINT (geospatial intelligence) analytics relevant to ground warfare, or the Navy buying GEOINT analytics on sea lanes which use remote sensing data. Such formal roles have not been defined.”
READ THE STORY: The Cipher Brief
Profiling Hackers - The Psychology of Cybercrime (Video)
FROM THE MEDIA: What motivates hackers? What are their psychological manipulation techniques? How can we become a "human firewall'"? More than 90% of cyberattacks are due to human error. Humans are the weakest link in Cybersecurity. But something can be done.
The Cycle of Cyber Threat Intelligence (Video)
FROM THE MEDIA: Too often, our community thinks of cyber threat intelligence (CTI) as just a finished product (or even just an indicator feed). But behind the scenes of that finished intelligence, there's an entire process that analysts should know to ensure their CTI is effective in helping drive better decision-making.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com