Sunday, October 02, 2022 // (IG): BB // INTSUM // Coffee for Bob
How to Spot and Avoid Malicious Attachments
FROM THE MEDIA: When it comes to email, there are a number of ways through which a cyberattacker can target a victim. Malicious links, persuasive language, and dangerous attachments are all used to swindle unknowing individuals out of their sensitive data and money. So how can you avoid falling victim to this? What actually is a malicious attachment? And how can you spot a suspicious attachment in an email?
READ THE STORY: MUO
Shangri-La Hacked & Guest Information At Select Hotels Exposed
FROM THE MEDIA: Shangri-La on Friday informed select guests that their information may have been exposed to an unauthorized third party on a “data security incident.” This third party had vacuumed files and information from their internal network in May, June, and July 2022. You can access Shangri-La’s page for the IT hack here. The email, the frequently asked questions on Shangri-La’s website, and the fact that the Hong Kong hotelier has not released any press releases about this “incident” leave many questions unanswered.
READ THE STORY: Loyalty Lobby
BlackCat malware lashes out at US defense IT contractor
FROM THE MEDIA: The BlackCat ransomware gang, also known as ALPHV, has allegedly broken into IT firm NJVC, a provider of services to civilian US government agencies and the Department of Defense. DarkFeed, which monitors the dark web for ransomware intelligence, tweeted this week that BlackCat had added NJVC to its victims' list, along with sharing a screenshot allegedly of ALPHV's blog notifying NJVC that it had stolen data during its intrusion.
READ THE STORY: The Register
Cybercriminals behind ransomware attack plan to release hacked data, Los Angeles Unified School District says
FROM THE MEDIA: The Los Angeles Unified School District, the second largest in the nation, said Friday that cybercriminals who targeted it with a ransomware attack plan to release some of the hacked data online. The supposed leak comes as federal officials warn that ransomware attacks on US schools may increase as children return to school and cybercriminals see more extortion opportunities.
READ THE STORY: KRDO
Wintermute hack recreated; learn what went wrong on 20 Sept.
FROM THE MEDIA: Hong Kong-based digital asset company Amber Group decoded the Wintermute hack that took place last month. The hack that occurred on 20 September caused the trading platform to lose approximately $160 million to the exploit. As reported by AMBCrypto earlier, the hacker made away with more than $61 million in USD Coin [USDC], $29.4 million in Tether [USDT], and 671 wrapped Bitcoin [wBTC] worth more than $13 million.
READ THE STORY: AMB Crypto
Guacamaya hacktivists stole sensitive data from Mexico and Latin American countries
FROM THE MEDIA: Among the data stolen by a group of hackers called Guacamaya (macaw in Spanish) there was a huge trove of emails from Mexico’s Defense Department, which shed the light on the poor resilience of the country’s infrastructure to cyberattacks due to poor investment and awareness. The Guacamaya group claimed to have stolen six terabytes of data, including data related to the kidnap of 43 students by local police and allegedly handed over to be killed by a drug gang in 2014.
READ THE STORY: Security Affairs
Hiring Data Recycling Security Engineers Smart
FROM THE MEDIA: Once we have done away with paper currency and moved 100% to digital, blockchain will protect our transactions with its global ledger design. Our money will remain safe inside our digital wallets. Even the corner ATMs will be dishing out bitcoin. Too good to be true? That depends on how many people will become Blockchain and quantum computing experts. Are we going to face a quantum threat in the future, yes?
READ THE STORY: Security Boulevard
All Turkish Banks Halt Russia’s Mir Payment System
FROM THE MEDIA: Three Turkish state banks plan to exit Russia’s Mir payments system over U.S. warnings of sanctions, Bloomberg reported Tuesday, citing an unnamed senior Turkish official. On Wednesday, Turkish broadcaster NTV reported there were no banks left in Turkey that accept Mir, which translates as “World” from Russian.
READ THE STORY: SN
US sanctions on Indian firm may abort Delhi’s plans too
FROM THE MEDIA: Washington’s decision to impose sanctions on Mumbai-based petrochemical trading company Tibalaji Petrochem Pvt Ltd for dealing with Iran may pull the plug on a reported plan by Delhi to resume purchase of Iranian crude, after a four year gap. Ever since the US announced the sanctions on Iran in 2018-19 for walking out of a nuclear pact, India hasn’t been purchasing sweet crude from the Western Asian country, which used to account for over 10% its crude imports.
READ THE STORY: SN
New DDoS Malware ‘Chaos’ Hits Linux and Windows Devices
FROM THE MEDIA: Researchers at Black Lotus Labs, security firm Lumen Technologies’ research unit, have identified a novel cross-platform malware. Dubbed Chaos by researchers, this malware has infected numerous Windows and Linux devices, including enterprise servers, FreeBSD boxes, and small office routers.
READ THE STORY: HackRead
Iran's Intelligence Ministry says U.S., UK “directly” complicit in recent riots
FROM THE MEDIA: In a statement released on Friday, the ministry said that during the recent disturbances, dozens of terrorists connected to the Zionist regime and anti-revolutionary organizations had been apprehended. The ministry emphasized the conditions that led to the foreign-backed riots following the tragic death of Mahsa Amini, a 22-year-old Kurdish woman, protests turned violent in the country, security personnel were assaulted, police cars, ambulances, and other public property were smashed.
READ THE STORY: Tehran Times
Chinese diplomat mocks the US after the destruction of Nord Stream Pipelines
FROM THE MEDIA: Days after the unprecedented gas leak from three underwater pipelines of the Nord Stream system, a Chinese diplomat took to Twitter on Saturday (October 1) to insinuate an American hand behind the incident. Cao Yi, the former Chinese ambassador to Iraq and Lebanon, mocked the US administration for allegedly sabotaging the natural gas pipeline and pretending to not know about it. The archived version of the tweet can be accessed here.
READ THE STORY: OpIndia
Rockstar Hacker Sold Grand Theft Auto V Source Code
FROM THE MEDIA: The teenage hacker who infiltrated Rockstar Games’ servers earlier in September reportedly sold the source code for Grand Theft Auto Vbefore his arrest. According to a Reddit post, 17-year-old hacker Teapot sold the stolen source code for Rockstar’s best-selling video game on a Telegram group. The administrator of the unnamed group posted a screenshot showing the buyer of the code trying to resell it. The buyer’s message said they purchased the code from Teapot hours after the hacker breached Rockstar’s servers and attached an image showing a section of the source code to prove their authenticity.
READ THE STORY: SN
Microsoft Has Blocked Russians From Accessing Windows Updates
FROM THE MEDIA: The American corporation Microsoft limited the possibility of upgrading from Windows 10 to Windows 11 for Russians. If you try to download and install the update through Windows Update, the operating system suggests going to the company’s official website. On the website, when trying to download a special downloader program of the latest version of Windows, an empty browser window opens, the download does not take place.
READ THE STORY: Sundries
Transit Swap loses over $21M due to code bug exploit, issues apology
FROM THE MEDIA: Transit Swap, a multi-chain decentralized exchange (DEX) aggregator, lost roughly $21 million after a hacker exploited an internal bug on a swap contract. Following the revelation, Transit Swap issued an apology to the users while efforts to track down and recover the stolen funds are underway. “We are deeply sorry,” stated Transit Swap while revealing that a bug in the code allowed a hacker to make away with an estimated $21 million.
READ THE STORY: CoinTelegraph
TotalEnergies Spots Drone Near North Sea Oil Field
FROM THE MEDIA: TotalEnergies SE said it spotted an aerial drone close to an oil field in the Danish North Sea, intensifying concerns of an energy conflict erupting in Europe. Unusual drone activity was seen near its Halfdan B oil and gas field on September 28, the French company said by email on Thursday. The incident was first reported by Danish newspaper Ekstra Bladet.
READ THE STORY: Rigzone
Supersonic cyber threat response
FROM THE MEDIA: AUTOMATION and digitalization are major enablers for small businesses in Asia Pacific. Small businesses employ the majority of Asia Pacific populations, and also contribute significantly to the gross domestic product (GDP) in countries in this region. For example, Singapore’s small and medium enterprises (SME) contribute 48% of the GDP. In Japan, SME contribute 70% of national employment and 50% of GDP, according to the Organization for Economic Cooperation and Development. In Australia, national employment is a primarily small business, upwards of 97%, while contributing to 32% of the Australian GDP.
READ THE STORY: The Sun Daily
DeSantis says Elon Musk to help Southwest Florida regain internet connectivity after Hurricane Ian
FROM THE MEDIA: Florida Gov. Ron DeSantis on Saturday said that SpaceX Chief Executive Elon Musk was helping Southwest Florida regain internet connectivity through his Starlink satellite service. DeSantis said Musk was positioning the satellite to improve coverage in the region and also providing 120 Starlink ground station units to help people nearby to gain internet connection. “Hopefully, that will assist with some of the connectivity issues,” DeSantis said. Hurricane Ian pummeled the state on Wednesday with crushing storm surge, obliterating wind speeds and torrential rainfall, leaving a swath of devastation from the southwestern coast across the I-4 corridor.
READ THE STORY: Herald-Tribune
Tech companies are gaming out responses to the Texas social media law
FROM THE MEDIA: At some point in the future, Texans who visit social media sites might be greeted with a pop-up screen saying something like: “The content you are about to see contains graphic violence, white supremacist imagery and other objectionable material. If you don’t want to be exposed, click here.” The pop-up is among a slew of options companies are weighing in response to a Texas social media law that was upheld by the U.S. Court of Appeals for the Fifth Circuit last month. Most of the options being floated would alter tech company services so dramatically that some experts have concluded they would be virtually impossible to execute, say lobbyists that work with the companies.
READ THE STORY: Washington Post
Zero-Day Microsoft Exchange Server Vulnerabilities Exposed Early Due to Limited Targeted Attacks
FROM THE MEDIA: On September 29, 2022, a Vietnamese cybersecurity firm GTSC, published a blog to expose two zero-day vulnerabilities with Microsoft Exchange Server. These vulnerabilities were actually discovered in early August 2022 by GTSC, who submitted them to the Zero Day Initiative to work with Microsoft to develop necessary patches and mitigation guidance. Typically, these zero-day vulnerabilities are kept under wraps to allow the targeted organization, in this case Microsoft, time to address them and publish patches.
READ THE STORY: Security Boulevard
Google Blurring Out Satellite Images of Israel - Again
FROM THE MEDIA: Google is once again displaying pixelated satellite images of large parts of Israel on its Maps and Earth services. Two years ago, the U.S. legislation banning commercial firms from publishing high resolution satellite images of Israel expired – and since then Google Maps have been updated with much better imagery. But recently, this change was reversed and now areas that had previously been shown much clearer are once again blurred.
READ THE STORY: Haaretz
CISA adds Atlassian Bitbucket Server flaw to its Known Exploited Vulnerabilities Catalog
FROM THE MEDIA: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added a recently disclosed critical vulnerability in Atlassian’s Bitbucket Server and Data Center to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
READ THE STORY: Security Affairs
Twitter army and terror squads: Iran’s latest ‘revolution’
FROM THE MEDIA: The latest riots in – and more significantly outside – Iran were triggered by the tragic death of 22-year-old Mahsa Amini in police custody about two weeks ago. Since then, the riots on the streets of Tehran and other major Iranian cities have fizzled out. However, as the smoke and debris from the chaos clears, the truth of events and their circumstances remain unclear. The unruly protests that followed the death of Amini were fueled by unsubstantiated claims that she died from brutal beatings in police custody.
READ THE STORY: SN
IceFire ransomware gang ramping up attacks
FROM THE MEDIA: The significant change was highlighted in NCC Group’s “Monthly Threat Pulse” report Tuesday, where the threat intelligence team tracks ransomware activity including top threat groups and targeted sectors. Despite a reported 19% decrease in total ransomware attacks in August, IceFire was busy. Not only did the ransomware group make its debut on NCC Group’s top 10 list of reported threat actors, but it came in third, amassing 10 victims. The report noted that IceFire ransomware attacks had been deployed against English-speaking victims.
READ THE STORY: SN
We monitored wild elephants, leopards in villages with thermal drones
FROM THE MEDIA: In August 2022, a large herd of wild elephants entered Maharashtra’s Gadchiroli from Chhattisgarh. Then followed regular news of the elephants raiding agriculture fields and damaging homes in the villages they passed through. For more reasons than one, Gadchiroli is a challenging landscape to monitor wildlife on foot, and thus, the composition, behaviour, and movement patterns of this elephant herd remained largely unknown. “This is the second year that wild elephants entered Maharashtra from Chhattisgarh.
READ THE STORY: SN
Items of interest
Competition in 5G Communication Network and the Future of Warfare
FROM THE MEDIA: The present era is experiencing a shift from 4G (4th Generation) to 5G (5th Generation) networked communication. This shift will radically change all civil and defense communications. In future warfare, it is expected to develop an atmosphere of information or ‘info sphere’ for sharing real-time intelligence characterized by high-speed, low latency and increased bandwidth networks. This potential of 5G is believed to significantly impact the character and future of war. It will enable an agile and fast data communication service that will support the entire battlefield network in integrated and all-domain warfare.
READ THE STORY: Modern Diplomacy
Dark Web Search | Practical OSINT and SOCMINT Techniques (Video)
FROM THE MEDIA: This video tutorial shows the introduction to Dark Web searching. It is a part of our online course Practical OSINT and SOCMINT Techniques by Saeed Dehqan.
OSINT and the Dark Web: Using OSINT to gather threat intelligence (Video)
FROM THE MEDIA: At the CTIPs Online Conference, Bethany Keele (Senior Threat Intelligence Security Consultant, VerSprite) gave a presentation on using OSINT to gather threat intelligence.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com