Friday, Sept 23, 2022 // (IG): BB // Sponsor: Shadow News
Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs
FROM THE MEDIA: A new wave of a mobile surveillance campaign has been observed targeting the Uyghur community as part of a long-standing spyware operation active since at least 2015, cybersecurity researchers disclosed Thursday. The intrusions, originally attributed to a threat actor named Scarlet Mimic back in January 2016, is said to have encompassed 20 different variants of the Android malware, which were disguised as book, pictures, and an audio version of the Quran.
READ THE STORY: THN
Threat analysis: Malicious npm package mimics Material Tailwind CSS tool
FROM THE MEDIA: Highlighting the rise in risk from open source software repositories, ReversingLabs researchers discovered a new technique that threat actors are using to sow open source repositories with malicious code: a malicious NPM package masquerading as Material Tailwind, which is described on their website as “an easy to use components library for Tailwind CSS and Material Design.”
READ THE STORY: Security Boulevard
Microsoft Exchange servers hacked via OAuth apps for phishing
FROM THE MEDIA: Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending phishing emails. "The investigation revealed that the threat actor launched credential stuffing attacks against high-risk accounts that didn't have multi-factor authentication (MFA) enabled and leveraged the unsecured administrator accounts to gain initial access," the Microsoft 365 Defender Research Team revealed.
READ THE STORY: Bleeping Computer
New APT targets telcos, ISPs and universities in the Middle East and Africa
FROM THE MEDIA: Security researchers today said they’ve discovered a never-before-seen advanced threat actor primarily targeting telecommunications, internet service providers and universities in several countries in the Middle East and Africa. Dubbed “Metador” by researchers at SentinelOne Inc.’s SentinelLabs, the advanced persistent threat group is described as highly sophisticated and acutely aware of operations security, deploying intricate countermeasures to bypass security solutions and deploy malware platforms directly into memory.
READ THE STORY: SiliconANGLE
Russia-Based Hackers FIN11 Impersonate Zoom to Conduct Phishing Campaigns
FROM THE MEDIA: The threat actors known as FIN11 (and Clop) may have impersonated web download pages of the Zoom Application to conduct phishing campaigns against targets worldwide. The news comes from cybersecurity company Cyfirma, which published a new advisory about the threat on Wednesday. “This threat actor is known for conducting a large–scale campaign using impersonated web applications,” reads the technical blog post.
READ THE STORY: InfoSec Mag
Senators propose open source software risk framework in new bill
FROM THE MEDIA: Lawmakers introduced a bill Thursday that would have the Cybersecurity and Infrastructure Security Agency develop a risk framework to strengthen the security of open-source software. Agencies would use the framework to mitigate risks in systems reliant on open source code, and CISA would determine if critical infrastructure owners and operators could use it voluntarily as well.
READ THE STORY: FEDSCOOP
Facebook whistleblower launches nonprofit to make social media ‘healthier’
FROM THE MEDIA: Facebook whistleblower Frances Haugen is launching a nonprofit that aims to improve social media and make a healthier online environment, the new group announced Thursday. Haugen said her Beyond the Screen organization will focus on “tangible solutions to help users gain control” of their experience on social media. “We can have social media that brings out the best in us, and that’s what Beyond the Screen is working toward.
READ THE STORY: The Hill
Russian Embassy in Dublin should perhaps be "seized" to house Ukrainians, TD says
FROM THE MEDIA: TD Neale Richmond and Ireland's Minister for Foreign Affairs Simon Coveney have both responded after Russian President Vladimir Putin issued a rare, live address on September 21 regarding the conflict in Ukraine. “The Russian Ambassador continues to work here [in Ireland] as a tool of the brutal Putin regime, launching verbal attacks on our own Government and spreading tragic disinformation about this war," Richmond, who is Fine Gael's spokesperson on European Affairs, told the Irish Mirror on Thursday.
READ THE STORY: Irish Central
How Do You Kill A Conspiracy Theory? With Media Literacy And Better Critical Thinking
FROM THE MEDIA: The way society consumes news media has changed. Gone are the days when newspapers and network anchors were widely esteemed and trusted sources of information on current events. Today, social media has an outsized impact on shaping people’s views, and partisan platforms allow viewers to pick and choose what is “reliable” based on their own preconceived ideas rather than facts, analysis and objective research.
READ THE STORY: Forbes
Why the Pentagon’s Disinformation Campaigns Crashed and Burned
FROM THE MEDIA: The Pentagon announced this week that it will conduct a full-scale evaluation of its psychological operations capabilities, following revelations that it has been conducting covert online disinformation campaigns. Alongside analyzing the legality of such operations, the review should seek to answer a more fundamental question: do these operations actually work?
READ THE STORY: National Interest
U.S. China cyber-warfare
FROM THE MEDIA: U.S. and China are the world's top most potent cyber nations, according to the experts at the Belfer Center for Science and International Affairs at Harvard's Kennedy School. However, China continues strengthening its cyber capabilities even though the U.S. is rated first. It currently holds global leadership in critical cyber power categories.
READ THE STORY: Interesting Engineering
Governor Ron DeSantis Counteracts Malign Influence by China and Other Hostile Nations in Florida through New Action
FROM THE MEDIA: Today, Governor Ron DeSantis announced executive action and legislative proposals to address threats posed by the Communist Party of China and other hostile foreign powers in cyberspace, real estate, and academia. These measures will curtail the nefarious intentions of all seven countries on Florida’s list of countries of concern, making it more difficult for China, Cuba, Russia, Iran, North Korea, Syria, or Venezuela to engage in espionage or influence operations within Florida’s borders and preventing purchases of agricultural land and lands surrounding military bases by those governments or their agents. Details on today’s announcement can be found here.
READ THE STORY: FLGOV
Cambodian authorities crack down on cyber slavery amid international pressure
FROM THE MEDIA: Authorities in Sihanoukville, Cambodia announced on Sunday that a raid last week uncovered evidence of forced labor cybercrime syndicates that participated in human trafficking and torture. The five-day operation led to the discovery of 130 Chinese immigrants and 11 from Vietnam, mostly all male, who had entered the country illegally, with 262 more foreigners working without permits. More alarming were the other items found in the raid: four guns, 804 desktops, 16 laptops, 36 passports, 12 data storage devices, four pairs of handcuffs, eight electric batons, two "electric shock torches," and 8,776 phones.
READ THE STORY: The Register
Researchers Uncover Mysterious 'Metador' Cyber-Espionage Group
FROM THE MEDIA: A new threat actor that has infected a telecommunications company in the Middle East and multiple Internet service providers and universities in the Middle East and Africa is responsible for two "extremely complex" malware platforms — but a lot about the group that remains shrouded in mystery, according to new research revealed here today. Researchers from SentintelLabs, who shared their findings at the first-ever LabsCon security conference, named the group Metador, based on the phrase "I am meta" that appears in the malicious code and the fact that the server messages are typically in Spanish.
READ THE STORY: DARKReading
Recent Space Force Training Exercise Included ‘Live Fire’ Jamming of Actual Satellites
FROM THE MEDIA: The United States Space Force is gearing up for hostile skies, training its Guardians this week on the use of satellite jammers to shut down enemy communications. Known as “Black Skies,” the satellite jamming exercise is the first in a series of training exercises designed to equip the U.S. Space Force with electronic warfare tactics, according to Breaking Defence. The Black Skies training transpired earlier this week, with a focus on real-world “live fire” satellite jamming.
READ THE STORY: GIZMODO
Russian-speaking hacking group Shathak targeting healthcare and manufacturing
FROM THE MEDIA: Russian-language hacking group Shathak has been actively targeting healthcare, manufacturing, finance and energy sectors in the US, Europe and Japan. Analysis by Outpost24 also found the group has been heavily engaged in phishing and malware campaigns using an attached password-protected zip file. This file contains a Microsoft Word document with a malware-installing macro.
READ THE STORY: TechMonitor
These are the groups behind some of the biggest cybercrimes
FROM THE MEDIA: A number of major cyberattacks have entered the public consciousness in the past decade, with several major consumer data breaches since 2015 leaving millions of victims—high-profile financial companies, retail chains, social media sites and even the Democratic National Convention—in their wake. But who or what actors are behind these cyber attacks? Twingate collected information from official and expert industry sources about the groups responsible for major cyberattacks.
READ THE STORY: Culpeper Star Exponent
NSA shares guidance to help secure OT/ICS critical infrastructure
FROM THE MEDIA: The National Security Agency (NSA) and CISA have issued guidance on how to secure operational technology (OT) and industrial control systems (ICSs) part of U.S. critical infrastructure. The joint advisory shares info on all the steps used by malicious actors to compromise IT-enabled OT and ICS assets which provide a larger attack surface and highlights measures security professionals can take to defend against them.
READ THE STORY: Bleeping Computer
Putin's self-sanctioning of Russian energy supplies will be absorbed by Europe, but Moscow will never be able to replace those customers, Kremlin critic Bill Browder says
FROM THE MEDIA: That's because Europe will be be able to absorb the pain of the energy crisis, but Russia can't easily replace those customers."He's done himself an amazing self-sacrifice, which will serve our purposes," Browder said of the halt in gas supplies. Europe will eventually overcome Russia's natural gas supply cuts, and Moscow will never be able to replace those customers, according to the Russian-American financier Bill Browder.
READ THE STORY: Business Insider Africa
How the Ukraine drone war is changing the game on the battlefield
FROM THE MEDIA: The recent turnabout in Ukraine that saw the Ukrainian forces unexpectedly recapturing a claimed 6,000 km² (2,317 miles²) of territory as the Russian lines collapsed shows that this is a war full of surprises. Not the least of these is that the conflict is shaping up as the first true drone war, giving new insights into the battlefield of the future. Though they may seem like something quintessentially 21st century, UAVs or drones have been around for well over a hundred years.
READ THE STORY: New Atlas
Iran's cyber attacks against Israel increased 'noticeably', says army
FROM THE MEDIA: Israel's official Army Radio yesterday said there was a "noticeable" increase in Iranian cyber attacks targeting Israel's infrastructure. The radio station quoted military officials as saying that the attacks had increased by "70 per cent." The Israeli occupation witnessed several cyber attacks in recent months on their airports, civilian and military resources, for which they hold Tehran accountable for. Earlier this year Israel's cybersecurity chief admitted that Iran – along with Hezbollah and Hamas – is its most dominant rival in regards to cyberwarfare.
READ THE STORY: MEMO
Statement on Iran’s malicious cyber activity affecting Albania
FROM THE MEDIA: The Honorable Mélanie Joly, Minister of Foreign Affairs, the Honorable Anita Anand, Minister of National Defence, and the Honorable Marco Mendicino, Minister of Public Safety, today issued the following statement: “Canada strongly condemns the malicious cyber activity that targeted Albania in July 2022. Canada joins its allies Albania, the United Kingdom and the United States in attributing this activity to Iran.
READ THE STORY: Mirage News
Developer Leaks LockBit 3.0 Ransomware-Builder Code
FROM THE MEDIA: One problem with running a ransomware operation along the lines of a regular business is that disgruntled employees may want to sabotage the operation over some perceived injustice. That appears to have been the case with the operators of the prolific LockBit ransomware-as-a-service operation this week when an apparently peeved developer publicly released the encryptor code for the latest version of the malware — LockBit 3.0 aka LockBit Black — to GitHub. The development has both negative and potentially positive implications for security defenders.
READ THE STORY: DARKReading
Ransomware operators might be dropping file encryption in favor of corrupting files
FROM THE MEDIA: Ransomware started out many years as scams where users were being tricked into paying fictitious fines for allegedly engaging in illegal online behavior or, in more serious cases, were blackmailed with compromising videos taken through their webcams by malware. The threat has since come a long way, moving from consumers to enterprises, adding data leak threats on the side and sometimes distributed denial-of-service (DDoS) blackmail. The attacks have become so widespread that they now impact all types of organizations and even entire national governments. The cybercriminal groups behind them are well organized, sophisticated, and even innovative, always coming up with new extortion techniques that could earn them more money.
READ THE STORY: CSO
Financial firms increasingly held hostage by advanced ransomware attacks
FROM THE MEDIA: Ransomware is nothing new to financial industry cybersecurity professionals, who have seen these attacks wreak havoc on institutions big and small for more than half a dozen years. And in recent months, ransomware attacks have stepped up, putting them front and center for the industry. Indeed, financial IT security professionals and researchers alike have pointed out how ransomware attacks are not only becoming more pervasive, but more sophisticated — creating a wave of new threats that even the most security-conscious banks and investment firms are hard-pressed to stop.
READ THE STORY: SCMAG
From Data Breach to Dependable Alert
FROM THE MEDIA: Every internet user has filled out a web form where they’ve provided some personally identifiable information (PII) to an organization they’re working with; data that these organizations promise to safeguard–but it doesn’t always go as planned. The truth is, your PII is very valuable to malicious actors, and despite considerable efforts to keep your personal information private, organizations of all sizes are frequently targeted and infiltrated by hackers. And unfortunately, some organizations have less-than-mature security and privacy practices, and inadvertently expose your data either via misconfigured software or careless security practice, or distribution to an unintended recipient.
READ THE STORY: Security Boulevard
Facebook users sue Meta for bypassing beefy Apple security to spy on millions
FROM THE MEDIA: After Apple updated its privacy rules in 2021 to easily allow iOS users to opt out of all tracking by third-party apps, so many people opted out that the Electronic Frontier Foundation reported that Meta lost $10 billion in revenue over the next year. Meta's business model depends on selling user data to advertisers, and it seems that the owner of Facebook and Instagram sought new paths to continue widely gathering data and to recover from the suddenly lost revenue. Last month, a privacy researcher and former Google engineer, Felix Krause, alleged that one way Meta sought to recover its losses was by directing any link a user clicks in the app to open in-browser, where Krause reported that Meta was able to inject a code, alter the external websites, and track "anything you do on any website," including tracking passwords, without user consent.
READ THE STORY: arsTECHNICA
A GRU campaign masquerades as Ukrainian telecommunications providers
FROM THE MEDIA: Recorded Future's Insikt Group reports that the GRU has established new infrastructure for cyberespionage against Ukrainian targets. The threat actor UAC-0113 (which CERT-UA thinks is probably associated with the GRU's Sandworm operation) is using dynamic DNS domains as it masquerades as telecommunications providers. It uses HTML smuggling to distribute Colibri Loader and the Warzone remote access Trojan (RAT). The objectives of the campaign remain unclear, but Recorded Future thinks it's a Russian combat support effort.
READ THE STORY: The Cyberwire
The tools and strategies schools need for ransomware defense
FROM THE MEDIA: Schools across the country struggle to prioritize cybersecurity, as budget constraints hinder action. At the root of the problem lies a mismatch between finite resources, the demands of today’s threat landscape and the primary goal of educating children. The Los Angeles Unified School District is the most recent and high-profile example of the threat schools face from ransomware. The Sept. 3 attack prompted the district to initiate a systemwide reset of more than 600,000 passwords and a ransom demand remains outstanding.
READ THE STORY: Cyber Security Dive
Netflix-style Ransomware Makes Your Organisation’s Data The Prize In A Dark Subscription Economy
FROM THE MEDIA: Today’s subscription economy makes accessing nearly any service as easy as hitting enter. The same model has now entered the dark web. The same Netflix-style instant-access menu is now part and parcel of the online criminal’s lifestyle. Ransomware-as-a-Service (Raas) is opening up the hacking talent pool, giving amateurs access to sophisticated ransomware toolkits – a plug and play option that has seen hackers run rampant.
READ THE STORY: Information Security Buzz
Crypto Exchange Huobi to Delist 7 Privacy Coins, Citing New Financial Regulations
FROM THE MEDIA: Seychelles-based crypto exchange Huobi has announced that it will delist seven privacy coins, citing new financial regulations. The company says that it must consider the laws and compliance policies of over 100 countries that it serves, but some analysts believe the primary motivation for this move is a planned entry to the United States market. In addition to dropping the popular Monero, Huobi is completely doing away with six other privacy coins: Dash, Decred, Firo, Horizen, Verge and ZCash.
READ THE STORY: CPO
Identifying a ‘Material Cyber Event’
FROM THE MEDIA: Today we continue our series of posts examining the Securities and Exchange Commission’s proposed rules for expanded disclosure of cybersecurity issues, with a look at the one idea perhaps most relevant to CISOs’ daily lives. The SEC wants publicly traded companies to disclose “material cybersecurity incidents” within four days of determining that an incident would indeed be material to investors. After all, any number of cybersecurity incidents could qualify as material. The answer depends on details such as how the attack happened, what damage was done, and what regulatory consequences might befall the company next. CISOs need to evaluate all those factors (and more) to understand how the company should proceed.
READ THE STORY: Security Boulevard
Crypto is a ‘decentralized Ponzi scheme’- This CEO has bitter stance
FROM THE MEDIA: Jamie Dimon, the man at the helm of United States’ largest bank J.P Morgan Chase, made some rather controversial statements at 21 September’s congressional hearing called “Holding Megabanks Accountable: Oversight of America’s Largest Consumer Facing Banks.” The United States House Committee on Financial Services heard the testimonies of CEOs of U.S. top banks including Charles Scharf from Wells Fargo, Brian Moynihan of Bank of America, and Citigroup’s Jane Fraser.
READ THE STORY: AMBCRYPTO
Items of interest
Fake News Isn’t New — It’s Throughout History
FROM THE MEDIA: Our sister publication European Seed is diving into a series on Myths, Fake News, Misinformation and Disinformation. Today, we dive deeper into the matter and put the spotlight on various aspects. In this article, we take a look at history, as there are many well-documented examples of myths and fake news throughout the centuries.
1693: a printer named William Anderton was tried at the Central Criminal Court of England and Wales for High Treason because he had published two tracts designed to incite the population towards rebellion against the King. He also called for the restoration of the Late King James. The jury found Anderton guilty, and he was executed the next day.
Mid-1700s: during the height of the Jacobite rebellion in Great Britain, seditious printers printed fake news, even going so far as to report that King George II was ill, in an attempt to destabilize the establishment. Such fake news was picked up by more reputable printers and republished, making it difficult to tell fact from fiction.
READ THE STORY: Seed World
I Hunt Down Internet Trolls (Video)
FROM THE MEDIA: Meet TikTok’s Masked Vigilante, who has made it his mission to track down and expose online bullies, scammers and trolls. If you’re racist, sexist, or generally abusive he may have you in his sights.
How Social Media Likes & Trolls Effects Your Brain (Video)
FROM THE MEDIA: The origin of this personality disorder isn't clear. There seems to be a genetic component that could manifest or not depending on how much affection an individual receives as a child. Experts also consider the hypothesis that the root cause could be found in damage to the frontal lobe due to malformation, illness, or brain injury.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com