Friday, October 07, 2022 // (IG): BB // INTSUM // Coffee for Bob
US govt shares top flaws exploited by Chinese hackers since 2020
FROM THE MEDIA: NSA, CISA, and the FBI revealed today the top security vulnerabilities most exploited by hackers backed by the People's Republic of China (PRC) to target government and critical infrastructure networks. The three federal agencies said in a joint advisory that Chinese-sponsored hackers are targeting U.S. and allied networks and tech companies to gain access to sensitive networks and steal intellectual property.
READ THE STORY: Bleeping Computer // CISA // NSA // HS
How does NATO’s Article Five apply to cyber defense
FROM THE MEDIA: Prime Minister Edi Rama says that Albania was hit with cyberattacks from Iran so severe that he considered invoking Article Five, a NATO declaration that calls all members to act in collective defense, treating an attack against one member as “an attack against them all.” Though Rama decided against it – “I have too much respect for our friends and our allies to tell them what they should do.
READ THE STORY: The Cyberwire
FBI warns of disinformation threats before 2022 midterm elections
FROM THE MEDIA: The Federal Bureau of Investigation (FBI) warned today of foreign influence operations that might spread disinformation to affect the results of this year's midterm elections. The federal law enforcement agency warned that foreign actors are actively spreading election infrastructure disinformation to manipulate public opinion, discredit the electoral process, sow discord, and encourage a lack of trust in democratic processes and institutions.
READ THE STORY: Bleeping Computer
Taiwan, looking to Ukraine, pursues internet backup
FROM THE MEDIA: Taiwan, taking its cue from Ukraine, is set to begin accepting proposals to build a backup satellite internet network as soon as this month, the island’s digital minister, Audrey Tang, told The Washington Post. Ukraine has used Starlink, a satellite broadband service created by Elon Musk’s company SpaceX, to ensure internet connectivity in the face of Russian shelling and cyberattacks.
READ THE STORY: The Washington Post
The Black Market to Avoid Putin’s Mobilization Order Is Booming
FROM THE MEDIA: Since Putin’s mobilization order was announced, Flashpoint has observed a growing number of chatter and advertisements on Russian illicit communities and social media platforms, offering methods or access to avoid the draft. Vladimir Putin’s military mobilization order has led to a significant uproar in Russia, from protests in several regions to an estimated 700,000 Russians leaving the country in a little over two weeks.
READ THE STORY: Security Boulevard
Lloyd's of London Detects Suspicious Network Activity
FROM THE MEDIA: A spokesperson for the massive U.K. insurance and reinsurance market said unusual network activity provoked an overnight scramble to secure systems. "We are currently evaluating the best options for reconnecting these systems as we continue to investigate the issue," the spokesperson told Information Security Media Group. “We are working with specialist partners and a dedicated team and we continue to keep market participants and relevant parties updated,” the spokesperson added.
READ THE STORY: GovInfoSec
Free Hades ransomware decryptor issued
FROM THE MEDIA: BleepingComputer reports that Avast has issued a free decryption tool for various Hades ransomware variants including BrutusptCrypt, Jcrypt, MafiaWare666, and RIP Lmao. Such a decryptor has been developed following Avast researchers' discovery of a vulnerability in Hades' encryption scheme but the efficacy of the tool in decrypting newer or unknown Hades samples with a different encryption scheme is uncertain. Moreover, only files with the .brutusptCrypt, .bmcrypt, .cyberone, .jcrypt, .l33ch, and .MafiaWare666 extensions could be decrypted with the free tool.
READ THE STORY: SCMAG
BNB Chain Resumes After 'Potential Exploit' Drained Estimated $100M in Crypto
FROM THE MEDIA: BNB Chain is back in operation as of 07:00 Coordinated Universal Time (UTC) after it was forced to hit the brakes on Thursday after the blockchain with ties to the world's largest crypto exchange suffered what it called a "potential exploit" that on-chain evidence suggested could have targeted hundreds of millions of dollars in crypto. BNB Chain is composed of BNB Beacon Chain and BNB Smart Chain (BSC).
READ THE STORY: Coindesk
Microsoft SQL servers worldwide targeted by novel malware
FROM THE MEDIA: Hundreds of Microsoft SQL servers around the world have already been infected by the novel backdoor dubbed "Maggie," with the malware infections being most prevalent in South Korea, India, Vietnam, China, Russia, Germany, Thailand, and the U.S., reports BleepingComputer. DCSO CyTec researchers discovered that Maggie impersonates a DEEPSoft Co. Ltd-signed Extended Storage Procedure DLL to facilitate remote backdoor access.
READ THE STORY: SCMAG
Solarwinds-related Cyberattack led USDA to seek $4.4M from TMF for threat monitoring
FROM THE MEDIA: The U.S. Department of Agriculture discovered a gap in its cybersecurity operations during the SolarWinds breach, which led it to apply for the $4.4 million it received in May from the federal Technology Modernization Fund, according to its chief information security officer. Speaking during an ACT-IAC webinar Thursday, USDA CISO Ja’Nelle DeVore said the department wasn’t directly affected by the SolarWinds vulnerability but did experience an ancillary attack prompting it to seek funding for threat monitoring, detection and response capabilities.
READ THE STORY: FEDSCOOP
VPN use skyrockets in Iran as citizens navigate internet censorship under Tehran’s crackdown
FROM THE MEDIA: Iranians are turning to virtual private networks to bypass widespread internet disruptions as the government tries to conceal its crackdown on mass protests. Outages first started hitting Iran’s telecommunications networks on Sept 19., according to data from internet monitoring companies Cloudflare and NetBlocks, and have been ongoing for the last two and a half weeks.
READ THE STORY: CNBC
Phishing scam targets Capital One customers; Cybercriminals leak stolen school district data
FROM THE MEDIA: Cybercriminals continue to refine their phishing campaigns as they try to convince unsuspecting targets to turn over sensitive personal information. As the world is getting wiser to their schemes, cybercriminals are evolving — they create phony emails and websites that look almost identical to the legitimate organizations they impersonate. And according to Vade, 34% of all phishing URLs in the first half of 2022 were impersonating financial institutions.
READ THE STORY: Security Boulevard
New MSSQL Backdoor ‘Maggie’ Infects Hundreds of Servers Worldwide
FROM THE MEDIA: DCSO CyTec researchers Johann Aydinbas and Axel Wauer are warning of new backdoor malware they’re calling “Maggie,” which targets Microsoft SQL servers. Maggie, the researchers say, has already affected at least 285 servers in 42 countries, with a particular focus on South Korea, India, Vietnam, China, and Taiwan. The malware offers a wide range of functionality, including the ability to change file permissions, run commands, and act as a network bridge into the infected server.
READ THE STORY: eSecurity Planet
Higher Education is a Growing Target for Threat Actors
FROM THE MEDIA: According to Fierce Education, there were 1,851 data breaches in educational institutions between 2005 and 2021. Higher Education is a growing target for threat actors because universities develop and collect a wide variety of information that is highly desirable by threat actors. Students, faculty, alumni, donors, and administration all provide a lot of sensitive information that includes personal information (DOB, SS#s, etc.,), financial data, and even healthcare records.
READ THE STORY: Security Boulevard
Cyberattack on Colorado state website follows Russian hacktivist threat
FROM THE MEDIA: Colorado state officials said the government’s website was taken offline Wednesday, the result of an apparent cyberattack that came shortly after a known Russia-based hacker group posted on Telegram that it would be targeting U.S. state websites. Colorado’s website was rendered inaccessible for much of the day Wednesday, and its portal page remained offline Thursday.
China’s cognitive warfare aims to influence views in Taiwan
FROM THE MEDIA: China’s military conducted one of the largest drills in its history in August as a rebuke to U.S. Speaker of the House Nancy Pelosi’s visit to Taiwan. In the midst of these drills on the seas, in the air and on the land around Taiwan, China’s military was also steadily conducting special exercises that went unnoticed by most people. While Taipei serves as a physical front line for tensions between Washington and Beijing, China continues to foment situations favorable to itself through methods to manipulate and disrupt the minds of Taiwan residents.
READ THE STORY: ANN
Watch out, a bug in Linux Kernel 5.19.12 can damage displays on Intel laptops
FROM THE MEDIA: Linux users reported the displays of their Intel laptops rapidly blinking, flickering, and showing white flashes after upgrading to Linux kernel version 5.19.12. Linux expert Ville Syrjäl pointed out that the anomalous issue may damage displays. “After looking at some logs we do end up with potentially bogus panel power sequencing delays, which may harm the LCD panel.” wrote Syrjäl. “Greg, I recommend immediate revert of this stuff, and new stable release ASAP. Plus a recommendation that no one using laptops with Intel GPUs run 5.19.12.”
READ THE STORY: Security Affairs
Bad Actors Penetrate Bitcoin Backed DeFi Protocol And Steal $1 Million
FROM THE MEDIA: Recently, Sovryn, a Bitcoin-based DeFi protocol, lost $1 million in digital assets through a hack. The hacker executed the attack through price manipulation and carted away $1 million in crypto, including 44.93 RBTC and 211,045 USDT. The incessant hack attacks on crypto platforms have become a plague in the crypto industry, leaving questions of who would be next. The series of hacks has left the crypto ecosystem on edge.
READ THE STORY: Bitcoinist
US candidate beats Russian to secure top UN telecommunications job
FROM THE MEDIA: On 29 September, member states of the International Telecommunications Union voted to elect Doreen Bogdan-Martin as the organisation’s next secretary-general. Bogdan-Martin—a US national who’s served in the ITU since 1994—was in contention for the top job with Rashid Ismailov, a former Russian deputy minister and executive at Huawei, Nokia and Ericsson. The election was overshadowed by Russia’s ongoing collision course with the international rules-based system.
READ THE STORY: ASPI
Scammers Are Targeting Cryptocurrency Scam Sites to Hijack Their Targeted Audience
FROM THE MEDIA: The rise of the cryptocurrency ecosystem has brought interest in targeting investors through scam sites using different resources that include Youtube streams to do so, as a recent report showed. Now, scammers are taking advantage of other scammers through sophisticated script tools. A new kind of threat actor, called Water Labbu, is targeting third-party crypto scam sites to use their attracted users also as targets for its attack.
READ THE STORY: Bitcoin.com
‘Stay away from WhatsApp,’ warns Telegram founder
FROM THE MEDIA: The founder of the messaging app Telegram has urged people to use “any messaging app” except WhatsApp to avoid their phone being hacked. Pavel Durov cited a security issue disclosed by WhatsApp last week that allowed a hacker to hijack a person’s phone by sending a malicious video to their number. “Hackers could have full access (!) to everything on the phones of WhatsApp users,” he claimed on Telegram.
READ THE STORY: Independent
2K warns users their info has been stolen following breach of its help desk
FROM THE MEDIA: Game company 2K on Thursday warned users to remain on the lookout for suspicious activity across their accounts following a breach last month that allowed a threat actor to obtain email addresses, names, and other sensitive information provided to 2K's support team. The breach occurred on September 19, when the threat actor illegally obtained system credentials belonging to a vendor 2K uses to run its help desk platform.
READ THE STORY: arsTECHNICA
Australia to amend telecoms regulations following Optus breach
FROM THE MEDIA: The Australian government is planning to amend its telecommunications regulations in the light of the recent data breach that compromised the personal data of some 10 million customers at Optus, the country’s number two telco. The data included passport, driver license and Medicare numbers, opening the door for identity fraud.
READ THE STORY: ComputerWeekly
Microsoft, now more determined to mitigate data breaches in Nigeria
FROM THE MEDIA: After a new survey revealed that data breaches were top of the list of security concerns for Nigerian Chief Information Officers, CIOs, Microsoft Nigeria said Wednesday it now had greater responsibility to help the country stem the tide. In an online meeting with journalists across Africa, Microsoft said part of its responsibilities was to provide not only awareness but also solutions which would help countries and corporate organisations mitigate vulnerabilities and stem the tide of cyber threats.
READ THE STORY: Vanguard
Ro says it ‘inadvertently’ exposed employees’ personal information
FROM THE MEDIA: Healthcare unicorn Ro is notifying employees of a data exposure involving their personal information after a security contractor “inadvertently” uploaded a spreadsheet of employee data to the internet. In a data breach notice obtained by TechCrunch from an affected employee who received the notice this week, Ro said it discovered that the contractor uploaded the spreadsheet containing employee’s personal information to an unspecified malware detection platform on July 6.
READ THE STORY: TC
US port, terminal cybersecurity remains concern for leaders
FROM THE MEDIA: SecurityWeek reports that while more than 90% U.S. ports and terminals industry executives, directors, security and compliance officers, and general counsel noted being very confident about their organizations' overall cybersecurity posture and preparedness against attacks, 55% said that breach attempts were detected in their environment, while 45% reported experiencing breaches during the past 12 months.
READ THE STORY: SCMAG
Social Media Account Takeovers up 1,000% As 40% Of Personal Data Theft Victims Saw Their Information Misused
FROM THE MEDIA: The Identity Theft Resource Center (ITRC), a San Diego-based nonprofit that has been providing assistance to victims of identity theft since 1999, is sounding a warning of major increases in certain types of personal data theft along with more complex attacks and scams. The most eye-popping item from the group’s annual 2022 Consumer Impact Report is a 1,000% increase in social media account takeover attacks in 2021.
READ THE STORY: CPO
Saskatoon gynecology clinic hit with ransomware attack
FROM THE MEDIA: A ransomware attack on a Saskatoon obstetrics and gynecology clinic left the personal health information of up to 20,000 patients in the hands of malicious hackers, according to the province's privacy watchdog. In a report issued in September, Privacy Commissioner Ronald Kruzeniski said the attack targeting Saskatoon Obstetric and Gynecologic Consultants resulted from a staff member opening a malicious email attachment at their workstation in late December 2020.
READ THE STORY: Saskatoon CTV News
Musk pushing to avert Twitter trial
FROM THE MEDIA: Elon Musk is seeking a stay in his trial with Twitter as he looks to close his deal to buy the company for $54.20 per share. We’ll also dive into the conviction of a former Uber executive over charges that he obstructed a Federal Trade Commission (FTC) investigation involving two hacks of the company. Elon Musk’s attorneys asked a court for a stay Thursday in the trial between the billionaire and Twitter, the social media company he is seeking to buy.
READ THE STORY: The Hill
U.S. sanctions Iranian officials over protest crackdown
FROM THE MEDIA: The United States on Thursday imposed sanctions on seven Iranian officials over the shutdown of internet access and the crackdown on peaceful protesters following the death of 22-year-old Mahsa Amini in the custody of morality police. The nationwide unrest sparked by Amini's death has spiraled into the biggest challenge to Iran's clerical leaders in years, with protesters calling for the downfall of the Islamic Republic founded in 1979.
READ THE STORY: Reuters
State-sponsored hackers target Ukraine
FROM THE MEDIA: Hacking groups with suspected ties to the Russian or Chinese government have engaged in more than 50 major cyberattacks so far in 2022, according to a U.S. think tank. Hacking groups linked to the Russian government have conducted 27 cyberattacks so far this year, and hacking groups linked to China have conducted 24, according to data from the Council on Foreign Relations. Virtual private network, or VPN, provider Atlas VPN broke the numbers down recently.
READ THE STORY: The Gazette
Items of interest
China, Russia Believe Themselves at War With the West, Says Canada’s Military Chief
FROM THE MEDIA: China and Russia consider themselves to be at war with Canada and Western democracies, and are showing a willingness to launch large-scale violent conflicts, which Canada must prepare for, the head of the Canadian Armed Forces (CAF) told parliamentarians. Chief of Defense Staff Gen. Wayne Eyre made the remark during a House of Commons standing committee on national security on Oct. 6, where he testified about the threat posed to Canada by the authoritarian regimes of China and Russia.
READ THE STORY: The Epoch Times
Ransomware Is An Epidemic And It's Getting Worse | Cryptoland (Video)
FROM THE MEDIA: All over the world, criminals are locking up important computer systems and demanding crypto as a ransom. So-called ransomware is officially an epidemic, and cryptocurrencies sit at the nexus of the crisis.
The First Private Space Mission to Venus | The Space Show (Video)
FROM THE MEDIA: Rocket Lab, the private space company best known for launching small payloads into orbit, is poised to become the first private company to ever explore another planet. Founder Peter Beck shares his plans to put a probe into the atmosphere of the hottest planet in the solar system.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com