Tuesday, Sept 20, 2022 // (IG): BB // Sponsor: Shadow News
Anonymous Lays Waste To Russian Message Board, Releases Entire Database Online
FROM THE MEDIA: Even as Russia brings suffering and sorrow to the people of Ukraine, hacker-activists are trying to bring some pain to Russians inside Russia. In that battle which is waged away from the public eye, no attack is too small. So Anonymous, a decentralized international activist and hacktivist collective, which has carried out several cyber attacks inside Russia, attacked a Russian message board, or internet forum, acquired user information and leaked the entire database online.
READ THE STORY: IBT
Hackers publish sensitive data on political assassination plots in Albania, Kosovo
FROM THE MEDIA: Iranian cybercriminals published on Monday sensitive information from the authorities, including documents on alleged plots to kill Albanian and Kosovo politicians, while the prosecutor in Tirana has banned media from publishing any of the data. Albania has been subject to a string of cyberattacks since 15 July that brought digital government systems to a standstill and saw a site called ‘Homeland Security’ offer to sell reams of sensitive citizen and government data while threatening to publish more.
READ THE STORY: EURACTIV
Uber details how it got hacked, claims limited damage
FROM THE MEDIA: Uber asserts the threat actor behind last week’s cyberattack did not access the company’s production environment, any user accounts or databases it uses to store sensitive information. The rideshare and food delivery company, in a Monday security update, said it found no evidence its codebase was altered nor was any customer or user data stored by its cloud providers accessed. The attacker did, however, gain access and exfiltrate Slack messages, data for a tool Uber’s finance team uses to manage invoices, and the company’s dashboard at HackerOne, where it stores vulnerability reports.
READ THE STORY: Cyber Security Dive // Forbes // The Statesman
TeamTNT Deploys Kangaroo Malware Attack On Bitcoin Targeted At Breaking Encryption
FROM THE MEDIA: Researchers at Aqua Security have discovered cyberattacks that appear to have been conducted by TeamTNT, a threat actor previously thought to be defunct. The researchers encountered three different attacks, each of which looks to be new. One of these attacks, which the researchers have dubbed the “Kangaroo attack,” is notable for leveraging distributed computing power in an attempt to break the encryption that underlies bitcoin. TeamTNT was a threat actor highly skilled at compromising cloud environments.
READ THE STORY: Hot Hardware
Uber Blames Lapsus$ for Breach
FROM THE MEDIA: The threat actor responsible for hacking Uber last week is likely connected to the prolific Lapsus$ group, the firm has claimed. The ride-hailing giant admitted last Thursday that it was investigating a security incident after reports revealed a malicious actor claiming to be 18 years old had managed to access email and cloud systems, code repositories, an internal Slack account and HackerOne tickets. In an update yesterday, Uber explained that the attacker targeted an Uber EXT contractor, most likely obtaining their corporate password on the dark web after the credential had been stolen via malware installed on their personal device.
READ THE STORY: InfoSecMag
LastPass: Hacker Had Access to Development System for 4 Days
FROM THE MEDIA: The hacker who infiltrated LastPass last month had access for four days, according to the company’s investigation. However, LastPass has found no evidence the culprit ever tampered with the company’s software code or accessed user information, such as encrypted passwords. The company completed its investigation into the breach with the help of cybersecurity firm Mandiant. The results confirm the hacker only managed to gain access to LastPass’s internal IT systems devoted to software development. “Our investigation revealed that the threat actor’s activity was limited to a four-day period in August 2022,” LastPass said in an update(Opens in a new window) on the breach.
READ THE STORY: PC MAG
VMware and Microsoft are warning of a widespread Chromeloader malware campaign that distributes several malware families
FROM THE MEDIA: The malware is able to redirect the user’s traffic and hijacking user search queries to popular search engines, including Google, Yahoo, and Bing. The malicious code is also able to use PowerShell to inject itself into the browser and added the extension to the browser. In May, researchers from Red Canary observed a malvertising campaign spreading the ChromeLoader malware that hijacks the victims’ browsers. This week, VMware and Microsoft warned of an ongoing, widespread Chromeloader malware campaign that is dropping malicious browser extensions, node-WebKit malware, and ransomware.
READ THE STORY: Security Affairs // Bleeping Computer
Is Uber’s ‘Security Incident’ Just A Smoke Screen? Experts Weigh In
FROM THE MEDIA: Uber’s computer systems were breached and the company has alerted authorities, the ride-hailing giant said Thursday. The ride-hailing company said in a tweet that it was “responding to a cybersecurity incident.” The hacker surfaced in a message posted in Slack, according to two people familiar with the matter, who spoke on the condition of anonymity because of the sensitive nature of the incident.
READ THE STORY: InfosSec Buzz
Microsoft warns public of ongoing click fraud campaign seen in ads, YouTube comments
FROM THE MEDIA: Microsoft warned the public of a wide-ranging click fraud campaign, which it attributes to a threat actor tracked as DEV-0796. According to the company, the attackers can monetize the clicks generated by a browser node-webkit or malicious browser extension installed on devices without the users’ knowledge. The tech giant explained in a tweet that the campaign victimizes unknowing users when they click malicious ads or YouTube comments.
READ THE STORY: MSPOWER USER
Starbucks Singapore loses PII of 330,000 customers in a cyber attack
FROM THE MEDIA: The data breach came to light on September 10 when a threat actor offered for sale a database containing 553,198 records of sensitive details of Starbucks customers on a hacking forum. Pompompurin, the forum’s owner, validated the database and confirmed that the database has enough proof of authenticity.
According to The Straits Times, around 330,000 Starbucks Singapore customers were affected by the data breach. According to the post on the hacking forum, the threat actor has quoted $3,500 for the stolen data. One copy of the stolen database has already been purchased and the threat actor is willing to sell four more copies of the same.
READ THE STORY: TEISS
Countering the Future Growth of Ransomware
FROM THE MEDIA: In the past two years, ransomware has emerged in the public consciousness as a major threat. The United States faced several highly disruptive ransomware attacks in 2021, including an attack against Colonial Pipeline, which paralyzed fuel distribution across the U.S. eastern seaboard for almost a week, and an attack against the meat processor JBS, which led the company to pay an $11 million ransom. While these attacks have largely emanated from ransomware gangs in Russia and other Eastern European states, with North Korea, Iran, and, to a lesser extent, China also contributing to the problem, there is a risk that ransomware could become attractive to cybercriminals in other parts of the world.
READ THE STORY: Council on Foreign Relations
ChromeLoader can overload systems with malware and lead to ransomware attack
FROM THE MEDIA: While initially thought of as a credential-stealing browser hijacker, researchers have found that ChromeLoader has been seen in its newest variants to deliver more malicious malware and used for other nefarious purposes. In a Monday blog post, VMware researchers reported that as recent as late August, ZipBombs have been seen being dropped onto infected systems. A ZipBomb gets dropped with the initial infection in the archive the user downloads and the user must double-click for the ZipBomb to run. The researchers said once run, the malware destroys the user’s system by overloading it with data.
READ THE STORY: SCMAG
How the Hotel Group Hackers Benefited From Weak Passwords
FROM THE MEDIA: One of the biggest hotel groups in the world recently suffered a cyberattack, losing vast swathes of data. Now, we know more details: The hackers say they are a couple from Vietnam, and that they were able to access the group's databases with the particularly weak password “Qwerty1234.” The hackers had tried and failed to pull off a ransomware attack that would have locked away the hotel group's data. If they'd been successful, it would have been a huge coup, given the 6,000 hotels owned by Intercontinental Hotels Group (IHG), which include familar names like Holiday Inn, Crowne Plaza, and Regent.
READ THE STORY: Tech.co
Russian Sandworm hackers pose as Ukrainian telcos to drop malware
FROM THE MEDIA: The Russian state-sponsored hacking group known as Sandworm has been observed masquerading as telecommunication providers to target Ukrainian entities with malware. Sandworm is a state-backed threat actor attributed by the US government as part of the Russian GRU foreign military intelligence service. The APT hacking group is believed to have been behind numerous attacks this year, including an attack on Ukrainian energy infrastructure and the deployment of a persistent botnet called "Cyclops Blink."
READ THE STORY: Bleeping Computer
INTERPOL Working Group highlights cyber threats across the Americas
FROM THE MEDIA: Buenos Aires, Argentina - The evolving digital landscape in the Americas has increased the challenges and vulnerabilities regarding cybersecurity. Countries across the region now face cybercrime attacks ranging from Business Email Compromise and online scams to ransomware and money laundering. Financially motivated groups have not only targeted organizations across Latin America, primarily with ransomware, but they have also broadened the scope of their operations.
READ THE STORY: Bleeping Computer
This ultra dangerous malware is automatically spread on gaming videos
FROM THE MEDIA: A few months ago, we told you about these YouTube videos whose description actually hides malware. The strategy is as simple as it is formidable: post videos promoting alleged cheat software for Valorant and trick inattentive gamers into downloading the malware. Terribly effective then, but a problem remains: pirates must manually take control of a YouTube channel and post the video there.
READ THE STORY: Gear Rice
Ransomware hackers target supply chain companies
FROM THE MEDIA: Logistics companies and supply chains around the world are suffering from recurring hacker attacks – mainly those involving ransomware. They are particularly frightening, as bringing down one company in the chain affects its contractors and generates billions of dollars in losses. The post-pandemic reality is especially difficult for chain supply companies, which are under pressure to return to smooth operations as quickly as possible. At the same time, they have become an attractive target of cyber threats. During the pandemic, transportation costs reached their all-time high, making logistics companies wealthier and therefore more vulnerable to cyberattacks.
READ THE STORY: FS
State Department watchdog gives failing grade to new counter-disinformation center
FROM THE MEDIA: The State Department unit devoted to countering disinformation and propaganda is failing to take the lead on government-wide efforts to expose foreign lies and deception, according to a new survey by the department’s internal inspector general. The Global Engagement Center (GEC) still lacks the authority to carry out its mission and has not been led by presidentially-appointed officials for nearly half its existence, the IG stated following an eight-month probe that ended in March — despite having a staff of 167 people, mostly non-government contractors, and an annual budget of over $74 million.
READ THE STORY: The Washington Times
Russian units in south of Ukraine trying to surrender – Ukraine’s Operational Command South
FROM THE MEDIA: The units of Russian occupiers in the Kherson Oblast are trying to surrender because they are “wedged between the [Ukrainian] defense forces and the right bank,” the head of the joint press center of Operational Command South. Nataliia Humeniuk, reported on the air of the telethon. Ukraine offered the Russian occupiers a way out either to transition under the auspices of international humanitarian law or returning to Russia.
READ THE STORY: EUROMAIDAN PRESS
Russia Cries Censorship After YouTube Takes Down Official Disinfo on Ukraine
FROM THE MEDIA: On September 15, Russia’s Foreign Ministry accused Google of censorship for removing ministry videos from YouTube. Ministry spokeswoman Maria Zakharova said Google “without any warning or explanation” blocked videos of the ministry’s “two latest press briefings.” A month earlier, Google took down several videos from the Russian U.K. Embassy’s YouTube channel, she said. “These American companies,” Zakharova said, “are at the top of the digital Russophobes’ rating.” She continued: “There are crude attempts to restrict the information work of foreign institutions, to deprive the global audience of reliable sources. Such a policy of American corporations violates all those principles – and these are freedom of speech, freedom of information dissemination.” That is false.
READ THE STORY: Polygraph
Facebook and Government: Working Together for Thought Management
FROM THE MEDIA: In recent years, motivated perhaps by a sense of public duty, Facebook (rebranded as Meta) has turned its attention to fine-grained political reeducation and censorship of the nearly 3 billion monthly active users of its platform. All the instances listed below (plus, doubtless, many others we don’t know of at press time) add up to quite the program of thought management. Significantly, subsequent FBI investigations turned up little or nothing of interest. One FBI source dubbed it “A waste of our time.” But, of course, such campaigns may not waste the time of governments and compliant corporations who seek to identify persons who would question statements from authorities, however peacefully or constructively.
READ THE STORY: Mindmatters
China’s spying in America also comes in the form of drones
FROM THE MEDIA: Known mostly as the Drone Law of 2022, the proposed law urges the government to ban the use of that Chinese company’s products, not only because of the information that its drones collect themselves, but also those collected by mobile applications. Also because of the data carried. Users who control their devices, including contacts, photos, GPS location and online activities. If you’ve never heard of DJI, know that this Chinese company controls almost 90% of the global market for commercial drones and 70% of the demand for business and industrial drones.
READ THE STORY: World Nation News
Nvidia Reportedly Asks TSMC to Rush Lucrative GPU Orders Before US-China Sanctions Bite
FROM THE MEDIA: According to a report published by a Taiwanese business journal, Nvidia is seeking to fast-track some high-end GPU orders. The reasoning behind the need for speed is that Nvidia wishes to fulfill some lucrative Ampere A100 and Hopper H100 GPU orders to China before the US-imposed sanctions kick in. If the rumors published by UDN are true, these ‘super hot runs’ will create a welcome lump of revenue for Nvidia and propel TSMC’s Q4 revenues to new highs.
READ THE STORY: Toms Hardware
How Do you Protect an API from Scraping
FROM THE MEDIA: Screen scraping is a common challenge for businesses with a significant online presence, such as financial services and e-commerce firms. It may be referred to under many different names, such as web data extraction, web scraping, web harvesting, etc. While screen scraping was once thought of primarily as a front-end web application security challenge, the changing nature of business applications is extending the issue of scraping into the API security domain.
READ THE STORY: Security Boulevard
Items of interest
Musk says Starlink will seek exemption from Iranian sanctions
FROM THE MEDIA: SpaceX CEO Elon Musk said on Monday that the company will ask for an exemption from sanctions against Iran to provide the firm’s Starlink satellite broadband service in the country. Musk made the statement on Twitter at a time of widespread protests in Iran over the death of a woman in police custody. Some people on Twitter asked Musk to provide the satellite-based internet stations.
Access to social media and some content is tightly restricted in Iran and internet monitoring group NetBlocks reported “near-total” disruption to internet connectivity in the capital of the Kurdish region on Monday, linking it to the protests. (https://bit.ly/3qR2OCE). Iran’s Ministry of Communications and Information Technology could not be immediately reached for comment. The foreign ministry, Iran’s mission to the United Nations and the United States Bureau of Industry and Security did not immediately respond to Reuters requests for comment.
Musk did not specify from which country Starlink would seek exemptions, but Iran faces broad based sanctions. SpaceX is aiming to rapidly expand Starlink, and it is racing rival satellite communications companies including OneWeb and Amazon.com Inc’s yet to launch Project Kuiper.
READ THE STORY: WTVBAM
OSINT & AI: The Good, The Bad, and The Fake (Video)
FROM THE MEDIA: The magnitude of information available for OSINT investigators throughout the collection stage of the intelligence cycle is something not to be undermined. Now add deepfakes, fake news, and other forms of manipulated media into the mix.
Traveling? Drinking? Exercising? If you do, be VERY careful what you share online OSINT tools! (Video)
FROM THE MEDIA: It's scary what you can find out about people based on their social media posts - including their drinking and exercise habits. With just a few tools and techniques you can use Open Source Intelligence (OSINT) to find all kinds of information about people.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com