Daily Drop (277)
10-8-22
Saturday, October 08, 2022 // (IG): BB // INTSUM // Coffee for Bob
Defending Ukraine: SecTor session probes a complex cyber war
FROM THE MEDIA: It was a quick, but for a packed room of delegates attending a SecTor 2022 session in Toronto, an eye-opening 20-minute tutorial that explored the litany of Russian cyberattacks in Ukraine and what has been done to prevent them since the war broke out on Feb. 23. The presentation on Wednesday from John Hewie, national security officer with Microsoft Canada, centered on a report issued in late June entitled Defending Ukraine: Early Lessons from the Cyber War, that was covered in IT World Canada the day it was released.
READ THE STORY: IT WORLD CANADA
Criminals turn to malicious HTML file attachments
FROM THE MEDIA: Researchers at Trustwave SpiderLabs have observed a rise in malicious HTML attachments in phishing emails over the past month. Most of these attachments open a phishing page that impersonates a login portal to steal users’ credentials. The researchers note that some of these files will plug the user’s email address into the login field of the phishing page, to trick the user into thinking they had previously logged in. Attackers are also using HTML smuggling to avoid being detected by email security filters.
READ THE STORY: The Cyberwire
VMware fixed a high-severity bug in vCenter Server
FROM THE MEDIA: VMware on Thursday released security patches to address a code execution vulnerability, tracked as CVE-2022-31680 (CVSS score of 7.2), in vCenter Server. The security issue is an unsafe deserialization vulnerability that resides in the platform services controller (PSC). This vulnerability impacts only vCenter Server 6.5 with an external PSC, it was addressed with the release of VMware vCenter Server 6.5 U3u.
READ THE STORY: Security Affairs
Microsoft Exchange Server Zero-Day Mitigation Proves Insufficient
FROM THE MEDIA: In early August 2022, Vietnamese cybersecurity research group GTSC discovered two unpatched zero-day vulnerabilities that remotely compromise on-premises Microsoft Exchange servers. Microsoft confirmed these vulnerabilities were being exploited in a limited and targeted manner. The Common Vulnerabilities and Exposures Program (CVE) is now tracking these Microsoft vulnerabilities as CVE-2022-41040 and CVE-2022-41082.
READ THE STORY: Blackberry
Nord Stream Explosions Show the Deep Sea Is Now a Battleground
FROM THE MEDIA: Recent attacks against the Nord Stream 1 and 2 pipelines in the Baltic Sea have underscored the importance of the seabed as a zone of conflict in modern warfare. Unfortunately, the US and its Western allies are ill-prepared to protect their vulnerable networks far beneath the waves. The series of pipeline explosions have yet to be definitively proved as sabotage or attributed to any nation, but most analysts believe that the likely culprit is Russia.
READ THE STORY: The Washington Post
How LofyGang Is Using Discord, YouTube And GitHub In A Massive Credential Stealing Attack
FROM THE MEDIA: Researchers at the cybersecurity firm Checkmarx have managed to map out a complex web of criminal activity that all ties back to a threat actor known as LofyGang. This group of cybercriminals caters to other nefarious actors and Discord users by offering hacking tools, Discord-related npm packages, and other services for free. However, these tools, packages, and services come with a hidden cost, which is the theft of users’ account and credit card credentials.
READ THE STORY: Hot Hardware
China steps up social media censorship, 'upgrades' Great Firewall ahead of congress
FROM THE MEDIA: The ruling Chinese Communist Party (CCP) has stepped up its censorship of social media ahead of its five-yearly congress, with users complaining that it was no longer possible to "speak normally" using Douyin, Weibo and WeChat. "I'm unable to have a normal conversation in any of my group chats with friends, relatives or classmates," the Twitter account @observerincn tweeted on Oct. 4.
READ THE STORY: RFA
Eutelsat accuses Iran of jamming 2 Persian-language broadcast satellites
FROM THE MEDIA: French satellite giant Eutelsat has claimed that two of its satellites are being jammed from within the Islamic Republic of Iran. Eutelsat is among the world's largest satellite operators and broadcasts thousands of television and radio stations throughout Europe, the Middle East, Africa and Asia. In a statement published on Friday(opens in new tab) (Oct. 7), Eutelsat claims it has "been experiencing jamming on two of its satellites" and that this interference "originated in Iran."
READ THE STORY: SPACE
Insider threat is just as dangerous as external hackers
FROM THE MEDIA: As more critical data and company information are stored on an organization’s network, we face increasing risk from cyber breaches and attacks. Any device that connects to the internet, including a seemingly harmless mobile app or a massive company’s computer system, leaves vulnerabilities that hackers can exploit to gain access and steal sensitive data. Cybercrimes are rising at an alarming rate, thrusting cybersecurity into the forefront for governments and businesses all over the world.
READ THE STORY: SECURITY INFOWATCH
Fake News Thrives on 'Alternative' Social Media Sites
FROM THE MEDIA: For the past several years, a spate of alternative social media sites—Truth Social, Telegram and Gab, among others—have cropped up to great fanfare among a small but loyal community of news consumers seeking refuge from established social sites such as Facebook, Twitter and YouTube. According to a new Pew Research Center study, most consumers who turn to these sites do so to find a sense of community and to stay informed on current events.
READ THE STORY: O'Dwyer's
China gains when democracies target press freedoms
FROM THE MEDIA: This June, authorities in the Philippines ordered the boldly independent news website Rappler to shut down. In February 2021, a powerful Senegalese government minister won a defamation case against the daily Le Témoin. That same month in Malaysia, a court found digital news outlet Malaysiakini guilty of contempt of court for reader comments on its website that criticized the judiciary. The news media increasingly face restrictions around the globe.
READ THE STORY: CNBC
Ukrainian recaptures territory as Russia uses Iranian drone near Kyiv
FROM THE MEDIA: The Ukrainian offensive continues to pressure Russian forces in southern and eastern Ukraine. On October 5, Ukrainian forces captured Hrekivka and Makiivka in Luhansk Oblast, approximately twenty kilometers southwest of Svatove. Fighting also continues in Kharkiv Oblast, where the Ukrainian military recently recaptured Hlushkivka. Ukraine’s Southern Operational Command confirmed on October 4 that it had liberated Lyubimivka, Khreshchenivka, Zolta Balka, Bilyaivka, Ukrainka, Velyka Oleksandrivka, Mala Oleksandrivka, and Davydiv Brid.
READ THE STORY: Atlantic Council
Quantum Computing Attacks Still Years Off, but “Hack Now Decrypt Later” Presents Immediate Cyber Risk
FROM THE MEDIA: Quantum computing attacks, which are feared to utterly break modern encryption on the internet, are still about a decade from being viable. They are widely seen as an inevitability, however, and that has not stopped attackers from preparing well in advance. A new poll from Deloitte finds there is an immediate and significant cyber risk from “harvest now decrypt later” (HNDL) attacks, in which attackers steal encrypted information and simply sit on it until quantum computing advances make it trivial to crack.
READ THE STORY: CPO
Data ASaaSsins: Threats That Can Cause Data Loss and Hurt Your Business
FROM THE MEDIA: Over the last couple of decades, Software-as-a-Service (SaaS) has emerged as a way of life for many organizations. What initially started as a cost-effective solution for small and midsize businesses (SMBs) is now creating a lasting impact on the digital transformation journey of both SMBs and large enterprises. The technological advancements — in terms of infrastructure and tools — have also contributed to its gradual rise.
READ THE STORY: Security Boulevard
Full scope of ransomware attack on hospital system still unknown
FROM THE MEDIA: Details of an apparent cyberattack on one of the largest health systems in the U.S. were slow to emerge as security experts on Friday warned that it often takes time to assess the full impact on patients and hospitals. Earlier this week, CommonSpirit Health confirmed it experienced an “IT security issue” but it has yet to answer detailed questions about the incident, including how many of its 1,000 care sites that serve 20 million Americans may have been affected.
READ THE STORY: WGRZ
The Uber Data Breach Conviction Shows Security Execs What Not to Do
FROM THE MEDIA: UBER'S FORMER CHIEF security officer, Joe Sullivan, was found guilty this week of actively hiding a data breach from the US Federal Trade Commission (FTC) and concealing a felony. The case has reverberated through the security and tech worlds because it is seemingly the first time that an individual executive has faced criminal prosecution for charges related to a data breach against the executive's company. As alarming as Sullivan's conviction may be to some, gauging the fallout for security executives is anything but straightforward.
READ THE STORY: Wired
Watch out, a bug in Linux Kernel 5.19.12 can damage displays on Intel laptops
FROM THE MEDIA: Linux users reported the displays of their Intel laptops rapidly blinking, flickering, and showing white flashes after upgrading to Linux kernel version 5.19.12. Linux expert Ville Syrjäl pointed out that the anomalous issue may damage displays. “After looking at some logs we do end up with potentially bogus panel power sequencing delays, which may harm the LCD panel.” wrote Syrjäl. “Greg, I recommend immediate revert of this stuff, and new stable release ASAP. Plus a recommendation that no one using laptops with Intel GPUs run 5.19.12.”
READ THE STORY: Security Affairs
Eternity group behind new LilithBot malware-as-a-service
FROM THE MEDIA: Malware-as-a-service threat group Eternity Project has included the new LilithBot malware in its arsenal, according to The Hacker News. LilithBot "has advanced capabilities to be used as a miner, stealer, and a clipper along with its persistence mechanisms," a report from Zscaler ThreatLabz found, adding that the malware has been continuously improved by the Eternity Project to include anti-debug and anti-VM checks.
READ THE STORY: SCMAG
Reputed Indian hackers target Pakistani embassies
FROM THE MEDIA: An Indian hacking group is targeting Pakistani embassies in various countries, it is learned reliably here. The Pakistan Telecommunication Authority’s (PTA) Computer Emergency Readiness Team (CERT) has issued an advisory after receiving threat intelligence from Avast CERT that an APT group from India was involved in targeting Pakistani embassies in multiple countries including Brunei, Nepal, Argentina, and Azerbaijan during March-June 2022.
READ THE STORY: Global village Space
Toyota Apologizes For Breach of User Info
FROM THE MEDIA: The world’s biggest carmaker on Friday (Oct. 7) apologized for a breach apparently caused by a third-party vendor that is thought to have leaked close to 300,000 email addresses and associated customer management numbers. Toyota Motor announced on its website that email addresses and associated customer management numbers for 296,019 subscribers to the Japanese carmaker’s Toyota Connect (T-Connect) mobile app were “mistakenly” leaked through a subcontractor, according to a statement issued by the company.
READ THE STORY: PYMNTS
Several state websites disrupted by Killnet DDoS attacks
FROM THE MEDIA: Colorado, Connecticut, Mississippi, and Kentucky had their state government websites impacted by outages on Wednesday following a distributed denial-of-service attack by Russian hacking group Killnet, reports StateScoop. While most of the affected websites have been restored by Thursday, Colorado is still using a temporary site amid recovery efforts. "The Governors Office of Information Technology and State Emergency Operations Center are actively working with state and federal partners to restore access to the Colorado.gov Portal homepage.
READ THE STORY: SCMAG
Software Supply Chains Require Immutable Databases
FROM THE MEDIA: The positive outcome of attacks on software supply chain is that more IT organizations are aware of the need for an immutable datastore that ensures the integrity of the software development life cycle. The bad news is that more cybercriminals are now aware of how vulnerable the platforms relied on to build applications are, largely because the platforms are not using a reliable, tamper-proof data store. The probability that more software supply chains will be compromised in the weeks and months ahead has never been higher.
READ THE STORY: The New Stack
How Ukrainians, targeting by drone, attacked Russian artillery in Kherson
FROM THE MEDIA: The discovery was made by two Ukrainian soldiers staring wide-eyed at their laptop screens, set up in the trunk of their SUV. They sat on a makeshift bench, the large plastic case for their drone. What they were looking at was some 25 miles away, deep into Russian-occupied Ukrainian territory. It was a Russian artillery battery positioned in a thin slice of tree line. The drone operator, Leonid Slobodian, started counting out loud as he zoomed in and took screenshots of the findings.
READ THE STORY: The Washington Post
What's a supercomputer? How the U.S. will decide who to punish with China tech curbs
FROM THE MEDIA: Deciding who gets hurt by sweeping new U.S. curbs on selling technology to China will come down in part to what constitutes a "supercomputer," experts told Reuters. Around the world, the semiconductor industry on Friday began to wrestle with wide-ranging U.S. restrictions on selling chips and chip manufacturing equipment to China. Shares of chip equipment makers drooped, but industry experts said a new U.S. definition of a supercomputer could be pivotal to the new rules' impact on China.
READ THE STORY: Yahoo Finance
Starlink Outages Hamper Ukraine Troops in Russian-controlled Territories
FROM THE MEDIA: Starlink outages reportedly hamper Ukrainian troops in retaking Russian-occupied territories causing "catastrophic" loss of communication. These outages, an official in Ukraine told The Financial Times, happen at times when the troops are battling the Russian forces and breaking into areas seized by Russia in recent months. Ukraine troops reported that the Starlink terminals had stopped working when they broke into the frontlines in at least four regions annexed by Russia after referendums were held last month. Ukrainian forces have massive counteroffensives in these areas where the outages occurred.
READ THE STORY: iTECHPOST
Pro-Russian group claims responsibility for hacks into Kentucky government websites
FROM THE MEDIA: A reported pro-Russian hacking group says it was behind a cyber attack that took down several Kentucky state government websites earlier this week. Carlos Luna, general manager of Kentucky Interactive, a contractor which manages the state’s government websites, said some state websites began receiving alerts of potential DDoS (distributed denial of service) activity Wednesday. “Our security team took action to limit the impact and restore services,” Luna said in a statement to the media. “At this time, Kentucky.gov websites hosted by Kentucky Interactive are online.”
READ THE STORY: Lexington Herald Leader
Addressing the New Era of Deterrence and Warfare: Visualizing the Information Domain
FROM THE MEDIA: The second event in the three-part series convened global leaders from the military, government, academia, and technology sectors to consider how to visualize the information domain, drawing on the context of competing information operations between Russia and the West. Building on the May roundtable in Washington DC, the September Brussels discussion considered a modification to the core definition of the information domain: The information domain is the sum of the wills and decision capabilities of each actor, where the will is the composite of convictions, perceptions, and influences that drive toward action.
READ THE STORY: Newswires
Musk pushing to avert Twitter trial
FROM THE MEDIA: The European Union and U.S. moved a step closer to securing the privacy of transatlantic data flows as President Joe Biden moved to end years of uncertainty and allow thousands of companies to legally move customer data across the Atlantic. Biden signed an executive order Friday that’ll create an independent court system in the US for EU citizens who think their data was unlawfully accessed or used by intelligence agencies.
READ THE STORY: Bloomberg Law
Musk knocks Trump’s app
FROM THE MEDIA: Elon Musk knocked former President Trump’s app Truth Social as part of a wide-ranging interview that was published as Musk’s bid to buy Twitter forges ahead. Tesla founder and CEO Elon Musk took a swipe at former President Trump’s social media platform Truth Social, calling it a “rightwing echo chamber.” During an in-depth interview with the Financial Times published Friday, the tech mogul talked about his reasoning behind making a bid to purchase Twitter, a transaction that, thus far, has been fraught with legal drama.
READ THE STORY: The Hill
What You Need to Know About the Security of IoT Devices
FROM THE MEDIA: As more and more devices are connected to the internet, the risk of cyber attacks on these systems has become a real concern. In this article, we will take a look at some best practices for securing your IoT systems, from monitoring and logging activity to building security into your devices from the ground up. Cyberattacks are becoming more common and dangerous. IoT devices are particularly vulnerable to many types of cyberattacks because devices and systems can be accessed from anywhere in the world. Hackers can use this access to steal information or disrupt or damage the device.
READ THE STORY: readwrite
Items of interest
‘More dangerous than the Cuban missile crisis’
FROM THE MEDIA: Most nuclear experts and former officials NatSec Daily spoke to don’t think President JOE BIDEN’s comparison of today’s dangers to the Cuban missile crisis and the impending threat of nuclear “Armageddon” is overblown. Some actually say it’s spot on, and arguably not alarmist enough. “This crisis is more dangerous than the Cuban missile crisis,” ANDY WEBER, a former assistant secretary of defense for nuclear, chemical and biological programs, told NatSec Daily. There wasn’t a “hot war” in 1962 like there is now, he said, and Russia’s military doctrine allows for the use of nuclear weapons when faced with an existential threat, “which is how he has defined Ukraine.”
READ THE STORY: Politico
You need to learn Virtual Machines RIGHT NOW!! (Kali Linux VM, Ubuntu, Windows) (Video)
FROM THE MEDIA: What is a Virtual Machine? Magic...that's what it is!! In this video, NetworkChuck explains what a Virtual Machine is, when you might need one, and how to setup a Kali Linux and Ubuntu VM on Windows 10 with Virtual Box.
Your passwords are not safe. OSINT investigations. (Video)
FROM THE MEDIA: Hacks seem to happen every day. Data is stolen and posted online. Your usernames, your passwords, your e-mail address and other confidential information may be easily available. This is a nightmare. It's also surprisingly easy to find usernames and passwords online. Make sure you are not reusing passwords.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com