Tuesday, Sept 27, 2022 // (IG): BB // Sponsor: Buy me a whiskey
US bans two more Chinese telecommunications providers
FROM THE MEDIA: In a statement issued last week, Federal Communications Commission chairwoman Jessica Rosenworcel said: “Today we take another critical step to protect our communications networks from foreign national security threats. “Earlier this year the FCC revoked China Unicom America’s and PacNet/ComNet’s authorities to provide service in the United States because of the national security risks they posed to communications in the US. "Now, working with our national security partners, we are taking additional action to close the door to these companies by adding them to the FCC’s Covered List.
READ THE STORY: iTWire
China-linked cyberespionage group TA413 exploits employ a never-before-undetected backdoor called LOWZERO in attacks aimed at Tibetan entities
FROM THE MEDIA: A China-linked cyberespionage group, tracked as TA413 (aka LuckyCat), is exploiting recently disclosed flaws in Sophos Firewall (CVE-2022-1040) and Microsoft Office (CVE-2022-30190) to deploy a never-before-detected backdoor called LOWZERO in attacks aimed at Tibetan entities. The TA413 APT group is known to be focused on Tibetan organizations across the world, in past attacks threat actors used a malicious Firefox add-on, dubbed FriarFox, to steal Gmail and Firefox browser data and deliver malware on infected systems.
READ THE STORY: Security Affairs
Hackers use PowerPoint files for 'mouseover' malware delivery
FROM THE MEDIA: Hackers believed to work for Russia have started using a new code execution technique that relies on mouse movement in Microsoft PowerPoint presentations to trigger a malicious PowerShell script. No malicious macro is necessary for the malicious code to execute and download the payload, for a more insidious attack. A report from threat intelligence company Cluster25 says that APT28 (a.k.a. ‘Fancy Bear’), a threat group attributed to the Russian GRU (Main Intelligence Directorate of the Russian General Staff), have used the new technique to deliver the Graphite malware as recently as September 9.
READ THE STORY: Bleeping Computer
Thinking Like a Hacker: Commanding a Bot Army of Leaked Twitter Accounts
FROM THE MEDIA: Last time, a malicious hacker got access to Poor Corp’s internal git repositories and used an open-source secret scanner to find and steal AWS keys. Using the stolen keys, the hacker gained deep access to Poor Corp’s major SaaS services and stole all their customer data. In this series, we will dissect not just what an attacker can do to get access to credentials, but also what they would do after getting that initial access. We will walk through a different threat scenario in each part of the series and tell stories of malicious hackers that are either true, based on a true incident, or reasonably theoretical.
READ THE STORY: Security Boulevard
Hackers are testing a destructive new way to make ransomware attacks more effective
FROM THE MEDIA: Ransomware hackers are experimenting with a new kind of attack that, instead of encrypting data, outright destroys it. The aim is to make it impossible for victims to retrieve their data if they don't pay the ransom. Ransomware is one of the biggest cybersecurity issues facing the world today, and while many victims refuse to give in to the extortion, many feel they have no choice but to pay up for a decryption key. But according to cybersecurity researchers at Cyderes and Stairwell, at least one ransomware group is testing 'data destruction' attacks.
READ THE STORY: ZDnet
Does AI-powered malware exist in the wild? Not yet
FROM THE MEDIA: AI is making its mark on the cybersecurity world. For defenders, AI can help security teams detect and mitigate threats more quickly. For attackers, weaponized AI can assist with a number of attacks, such as deepfakes, data poisoning and reverse-engineering. But, lately, it's AI-powered malware that has come into the spotlight -- and had its existence questioned. AI-enabled attacks occur when a threat actor uses AI to assist in an attack.
READ THE STORY: TechTarget
How Russian intelligence hacked the encrypted emails of former MI6 boss Richard Dearlove
FROM THE MEDIA: A Russian cyber attack group has been targeting politicians, journalists, and military and intelligence officials across Britain and Europe for at least seven years, and may have stockpiled access to and data from target computers and phones for future operations, according to data analyzed by Computer Weekly. The group’s greatest success to date has been to publicly compromise emails and documents from Richard Dearlove, a top British spy chief and former head of MI6, as well as over 60 others in a secretive network of right-wing activists set up in 1988 to campaign for extreme separation of Britain from the European Union.
READ THE STORY: Computer Weekly
Ukraine Predicts "Massive" Russian Cyber Assault
FROM THE MEDIA: The Russian government is planning a major new cyber-attack campaign on the critical infrastructure of Ukraine and its allies as winter approaches, Kyiv has warned. A brief statement from the Ukrainian Ministry of Defense’s Main Directorate of Intelligence explained that the energy industry would be a key target as the weather gets colder. “With this, the enemy will try to increase the effect of missile strikes on electricity supply facilities, primarily in the eastern and southern regions of Ukraine,” it said.
READ THE STORY: InfoSecMag
US arm of Israeli defense giant Elbit Systems says it was hacked
FROM THE MEDIA: Elbit Systems of America, the U.S. arm of Israeli defense contractor Elbit, says its network was compromised in early June and personal information of employees was stolen. In a breach notification filed with the Maine attorney general’s office, Elbit Systems of America said 369 employees were affected by the data breach, which included employee names, addresses, dates of birth, direct deposit information, ethnicity and Social Security numbers.
READ THE STORY: TC
Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto
FROM THE MEDIA: Back in August, researchers at ESET spotted an instance of Operation In(ter)ception using lures for job vacancies at cryptocurrency exchange platform Coinbase to infect macOS users with malware. In recent days, SentinelOne has seen a further variant in the same campaign using lures for open positions at rival exchange Crypto.com. In this post, we review the details of this ongoing campaign and publish the latest indicators of compromise.
READ THE STORY: SentinelOne
Hacker Behind Optus Breach Releases 10,200 Customer Records in Extortion Scheme
FROM THE MEDIA: The Australian Federal Police (AFP) on Monday disclosed it's working to gather "crucial evidence" and that it's collaborating with overseas law enforcement authorities following the hack of telecom provider Optus. "Operation Hurricane has been launched to identify the criminals behind the alleged breach and to help shield Australians from identity fraud," the AFP said in a statement. The development comes after Optus, Australia's second-largest wireless carrier, disclosed on September 22, 2022, that it was a victim of a cyberattack. It claimed it "immediately shut down the attack" as soon as it came to light.
READ THE STORY: THN
Hackers Use NullMixer and SEO to Spread Malware More Efficiently
FROM THE MEDIA: Security researchers from Kaspersky have spotted a new series of campaigns focusing on the malware tool they named NullMixer. According to an advisory published by the firm earlier today, NullMixer spreads malware via malicious websites that can be easily found via popular search engines, including Google. “These websites are often related to crack, keygen and activators for downloading software illegally, and while they may pretend to be legitimate software, they actually contain a malware dropper,” reads the advisory.
READ THE STORY: InfoSecMag
LockBit 3.0’s ransomware surge highlights that the cybercrime epidemic is far from over
FROM THE MEDIA: Cybercrime is running rampant. Yet, while the latest exploits of the Lapsus$ group have gotten a lot of attention, particularly in the aftermath of the Uber and GTA VI breaches, LockBit 3.0 has largely slid under the radar, despite gathering dozens of victims. In fact, according to research released today by NCC Group’s Global Threat Intelligence Team, Lockbit 3.0 accounted for 40% of all ransomware incidents in August, making it the most threatening ransomware threat that month, involved in a total of 64 incidents.
READ THE STORY: VentureBeat
NetSupport RAT Uses Social Engineering Toolkits to Deploy Malware on Victim’s System
FROM THE MEDIA: Cyble Research & Intelligence Labs noticed threat actors using Fake Browser Update, SocGholish to deliver the NetSupport RAT. SocGholish is active since 2017. It is a JavaScript malware framework where “Soc” refers to the use of social engineering toolkits masquerading as software updates to deploy malware on a victim’s system. Researchers pointed out that this malware campaign uses various ‘Social Engineering’ themes that imitate browser and program updates which include Chrome/Firefox, Flash Player, and Microsoft Teams.
READ THE STORY: Cyber Security News
Chinese Hacking Group Undeterred by Indictment
FROM THE MEDIA: Two federal indictments against a Chinese-state sponsored hacking group haven't slowed down its operations, the U.S. government acknowledges in a warning telling the healthcare sector to be vigilant about the threat actor. A federal grand jury returned indictments in 2019 and 2020 against five Chinese nationals accused of hacking for a threat group dubbed APT41 and also known as Barium, Winnti, Wicked Panda and Wicked Spider. The hackers are believed to be at large, likely in China, and are unlikely to face arrest (see: 5 Chinese Suspects Charged in Connection with 100 Breaches).
READ THE STORY: BankINFOSec
Ukraine Busts Pro-Russia Hackers Who Stole 30M Accounts of EU Citizens
FROM THE MEDIA: Ukraine Security Service (SSU) has confirmed the dismantling of a cyber criminal gang that stole the personal accounts of nearly 30 million individuals in Ukraine and across Europe. According to SSU, its cyber unit has taken down a gang of cybercriminals responsible for stealing 30 million accounts and offering the data on the dark web for sale. The department stated that the hacking group earned around UAH 14 million ($375,000) from selling these accounts. During the search operations at the suspects’ residences, police seized several hard-magnetic disks that stored the personal data of the victims.
READ THE STORY: HackRead
New WhatsApp Zero-Day Bug Let Hackers Control The App Remotely
FROM THE MEDIA: Two critical zero-day vulnerability that WhatsApp had been known to exploit was silently fixed by WhatsApp. As a result of these security flaws, attackers would be able to remotely execute arbitrary code on both Android and iOS devices. With over a billion users around the world using both Android and iPhone handsets, WhatsApp is one of the world’s most popular messenger apps thanks to its privacy-focused nature.
READ THE STORY: CyberSecurityNews
API Security is More than Protecting B2C APIs from Bots
FROM THE MEDIA: Most security teams now realize that APIs are one of their biggest security blind spots. Many have responded by zeroing in on their most obvious area of API risk: the business-to-consumer (B2C) APIs that external-facing mobile and web applications rely on. This makes perfect sense. After all, the fact that B2C APIs serve the outside world makes them particularly vulnerable to attack using bots and other automated methods. So in response, many organizations have deployed specialized bot mitigation tools or use first-generation API products or web application firewalls (WAFs) to tightly manage how these APIs are accessed.
READ THE STORY: Security Boulevard
How 'China coup' tweets went viral, and what it says about the rapid spread of disinformation
FROM THE MEDIA: One of the biggest news stories over the weekend wasn’t even news. But that didn’t stop erroneous reports about a coup in China from dominating Twitter and ultimately getting airtime on one of India’s most-watched news channels. It’s a textbook case of just how far — and fast — disinformation spreads online. Beyond that, it also reinforces that fact that political turmoil, wild speculation and unchecked social media posts can be an extremely potent combination.
READ THE STORY: CyberScoop
Police in C.China’s Hunan crack money laundering case via cryptocurrency, 40 billion yuan involved
FROM THE MEDIA: The public security department of Hengyang county under Hengyang city, Central China's Hunan Province announced recently that a 40-billion-yuan (($5.58 billion) money laundering case involving cryptocurrency had been cracked, which was linked to over 300 telecom fraud schemes, the National Business Daily reported on Tuesday. The operation was one of nine successes during a public security campaign initiated by local authorities, capturing 93 criminals across five provinces since the middle of September, 2021.
READ THE STORY: GT
Patrick Gower On Cyber Crime: GCSB boss, privacy expert's warning over social media companies' data gathering
FROM THE MEDIA: New Zealand's top spy boss has issued a stark warning to Kiwis about how they're using the internet, while another expert has labeled social media data gathering as the "greatest scam of all time". Government Communications and Security Bureau (GCSB) Director-General Andrew Hampton appeared in Patrick Gower's new documentary On Cyber Crime on Tuesday, where he spoke about how privacy was becoming out of New Zealanders' control through the use of social media.
READ THE STORY: Newshub
Why the Internet of Things Needs PKI
FROM THE MEDIA: Securing machine identities is a rising concern for enterprises and cybersecurity leaders venturing into the relatively new terrain of the Internet of Things. Security-conscious IT leaders have put a great deal of time and resources into securing user identities by restricting access to sensitive assets and controlling privileges based on users’ roles in the organization. But many otherwise forward-thinking companies lack a strategy for locking down machine identities.
READ THE STORY: Security Boulevard
What's with the UFO on a U.S. intelligence agency seal
FROM THE MEDIA: When the U.S. intelligence community’s main aviation component updated its seal recently to include images of a flying saucer and what appears to be a Russian fighter jet many wondered if it was a joke. Turns out it may have been, but the leadership of the Office of the Director of National Intelligence does not appear to be amused. A spokesperson there told CyberScoop in an emailed statement that its National Intelligence Manager for the Air Domain, also known as NIM-Aviation, “erroneously posted an unofficial and incorrect logo.”
READ THE STORY: CyberScoop
What is Starlink and how could it work in Iran
FROM THE MEDIA: When the US eased internet sanctions on Iran to ensure Iranians would continue to have access to information during the mass protest movement currently engulfing the country, Elon Musk tweeted that he was “activating Starlink”. Mr Musk had said previously that SpaceX, the satellite company he founded in 2002 that operates Starlink, would seek an exemption from the US government to provide the broadband service to Iran. As of Sunday, Starlink was activated in the country, Karim Sadjadpour, a senior fellow at the Carnegie Endowment, quoted Mr Musk as saying.
READ THE STORY: The National News
Iranian State Actors Conduct Cyber Operations Against the Government of Albania
FROM THE MEDIA: The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timeline of activity observed, from initial access to execution of encryption and wiper attacks. Additional information concerning files used by the actors during their exploitation of and cyber attack against the victim organization is provided in Appendices A and B.
READ THE STORY: HSTODAY
As War Rages on, Cyber Insurers' 'War Exclusion Clauses' Face Reckoning
FROM THE MEDIA: Russia’s invasion of Ukraine is a reminder that modern conflicts can spur cyberthreats well beyond a war’s frontlines. The Eastern European conflict is already adding stress to already strained domestic relationships in the U.S.—between businesses and cyber insurance companies. As businesses face more cyberthreats than ever before, many are seeing higher premiums. Meanwhile, insurance companies are looking for ways to skirt coverage obligations that end up proving far too expensive.
READ THE STORY: LAW
Uniwise Offshore Boosts OSV Fleet Cyber-Security with Inmarsat's Fleet Secure UTM
FROM THE MEDIA: Uniwise Offshore, a Thailand-based offshore support vessel (OSV) company, has boosted cyber-security standards across its OSV fleet by adopting technology from Inmarsat, a mobile satellite communications specialist. "With reliable connectivity delivered by Inmarsat’s Fleet Xpress, Fleet Secure Unified Threat Management (UTM) provides Uniwise with end-to-end functionality to protect its network from cyber-attacks and intrusion via infected devices," Inmarsat said.
READ THE STORY: OE Offshore Engineer
SQL Server admins warned about Fargo ransomware
FROM THE MEDIA: Organizations are being warned about a wave of attacks targeting Microsoft SQL Server with ransomware known as Fargo, which encrypts files and threatens victims that their data may be published online if they do not pay up. The warning comes in a blog posting from analysts at the AhnLab Security Emergency Response Center (ASEC), which says that Fargo is one of the most prominent ransomware strains targeting vulnerable SQL Server instances, and was previously also known as Mallox because it used the file extension .mallox for encrypted files in an earlier wave of attacks.
READ THE STORY: The Register
The coming fight over Russian asylum-seekers
FROM THE MEDIA: Stepping off the plane from Riga to Helsinki last week, your host was greeted by an unlikely sight: Finnish border guards. That was odd, as Latvia and Finland are both members of the European Union. While member states have the right to enforce their borders during intra-EU travel, it’s a rarity. And then transferring through Frankfurt on the way back to Washington, a German customs official looked back and forth at your host’s face and passport.
READ THE STORY: Politico
Elevating Our Edge: A Path to Integrating Emerging and Disruptive Technologies
FROM THE MEDIA: The twenty-first-century race for technological supremacy is contested across multiple domains and moving at breakneck speed. Today’s innovators will own tomorrow’s future. As it stands, the North Atlantic Treaty Organization (NATO), the European Union (EU), and like-minded nations risk falling permanently behind. To win this race, the West must develop a common approach to integrating emerging and disruptive technologies (EDTs).
READ THE STORY: CEPA
Managing the risks of US-China war: Implementing a strategy of integrated deterrence
FROM THE MEDIA: Ongoing disagreement between China and Taiwan about the desirability of unification and intensified competition between the United States and China are pressurizing the three-way relationship. If the United States is to maintain a constructive role in preventing the outbreak of a cross-Strait war, it will need to implement a strategy to deter Chinese aggression against Taiwan that is consistent with U.S. interests and capabilities, and that provides clarity around the existentially important matter of preventing nuclear escalation, in the event a conflict does occur.
READ THE STORY: Brookings
Items of interest
National data privacy proposal may shape health data not covered by HIPAA
FROM THE MEDIA: Healthcare stakeholders have long warned of the need for better privacy protection for health data that falls outside the purview of the Health Insurance Portability and Accountability Act. If it passes Congress, the American Data Privacy and Protection Act may narrow some of those existing gaps. The ADPA advanced the House Energy and Commerce Committee in July by a vote of 53-2 by and was lauded as a “major step forward” for national data privacy protections. The legislation was advanced aside two other bills seeking stronger federal ransomware reporting and requirements for IoT vendors on surveillance used in consumers’ connected devices.
READ THE STORY: SCMAG
Inside Cybercrime Markets: Buying & Selling Malware (Video)
FROM THE MEDIA: Inside Cybercrime Markets: Buying & Selling Malware.
Best WiFi Hacking tools: Airgeddon, Kismet, Raspberry Pi and Kody's favorite wifi tools (Video)
FROM THE MEDIA: Kody shares his favourite wifi hacking tools with us. Kody covers a range of tools from the cheap esp8266 to using Panda WiFi adapters with a Raspberry Pi and hacking Wifi using tools as Airgeddon and Kismet.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com