Wednesday, October 12, 2022 // (IG): BB // INTSUM // Coffee for Bob
Amid reports of JP Morgan cyberattack, experts call Killnet unsophisticated nuisance-level threats, ‘media hungry’
FROM THE MEDIA: Russian hacktivist group Killnet, well-known for its flair for publicity, made more news today when it reportedly blocked J.P. Morgan’s infrastructure, but failed to impact the bank’s operations. These reports came one day after Killnet attacked airport websites in 24 states, disrupting service, but causing no real business damage or serious data exfiltration. Security researchers said Killnet’s attacks remain relatively unsophisticated and unchanged, but the group is nonetheless persistent with its DDoS attacks.
READ THE STORY: SCMAG // DailyMail // InfoTechlead // Reuters // The Cyberwire
Russia invites US states to secede and join country
FROM THE MEDIA: A senior Russian lawmaker has seemingly invited American states to secede and instead join the Russian Federation, amid polling showing support amongst Americans for their states to break away. Alexander Tomalchev, a senior member of Russia’s parliament (the Duma) told Russian news website Podmoskovye Segodnya that any US state wanting to secede from the US would be welcome to apply to join his country, Newsweek reported on Monday.
READ THE STORY: Yahoo News
What the Ukraine conflict reveals about crypto
FROM THE MEDIA: Since Russia launched its unprovoked attack on Ukraine in February, crypto has been part of the story. The conflict has shown the world the potential and the limits of blockchain technology, and also posed hard moral questions for the crypto community and its critics. The latest example comes via Wired’s renowned cybersecurity reporter, Andy Greenberg, whose latest dispatch recounts the challenge of shutting down crypto donations to Russia’s war machine.
READ THE STORY: Fortune
BazarCall Call Back Phishing Attacks Constantly Evolving Its Social Engineering Tactics
FROM THE MEDIA: The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage payloads such as ransomware, cybersecurity company Trellix said in a report published last week. Primary targets of the latest attack waves include the U.S., Canada, China, India, Japan, Taiwan, the Philippines, and the U.K.
READ THE STORY: THN
Microsoft Warns of New Zero-Day; No Fix Yet for Exploited Exchange Server Flaws
FROM THE MEDIA: The exploited vulnerability – documented as CVE-2022-41033 – affects the Windows COM+ event system service and has been exploited in elevation of privilege attacks, suggesting it was used as part of an exploit chain detected in the wild. The latest zero-day was reported anonymously to Microsoft. The new warning comes less than a month after Microsoft’s security response team scrambled to issue mitigations for a pair of Exchange Server flaws targeted by a nation state-level threat actor.
READ THE STORY: SecurityWeek // TechTarget
Russians running out of arms in Ukraine, says UK spy chief
FROM THE MEDIA: Vladimir Putin’s forces in Ukraine are running out of weapons and ordinary Russians can now see that his invasion is badly misjudged, a senior British spy chief has said. Sir Jeremy Fleming, head of British cyber intelligence unit GCHQ, called the decision to invade Ukraine a “high-stakes strategy” where “the costs to Russia — in people and equipment — are staggering” and the “Russian population has started to understand that”.
READ THE STORY: FT
Iran Weaponizes Information to Control Narratives
FROM THE MEDIA: The recent social protests in Iran have largely taken a back seat to the ongoing Ukraine crisis though they have fomented global support in the form of civil activism to show solidarity with women in Iran after the brutal detainment of Mahsa Amini by Iran’s “morality” police. Equally alarming for Tehran are the themes underlying the chants supporting Iranians’ freedom from tyrannical governmental policies. The current situation bears striking similarities to the 2017 “White Wednesdays” movement where Iranian women took to the streets waving white hijabs to protest the country’s hijab laws.
READ THE STORY: OODALOOP
High-Value Targets: String of Aussie Telco Breaches Continues
FROM THE MEDIA: First it was Optus, followed by Telstra. Now, a third Australian telecom company has disclosed it was breached — this time it's Dialog, an information technology services provider with a sizable market share of Aussie customers in both the public and private sectors. Dialog, a subsidiary of SingTel, said its servers were compromised on Sept. 10, and although initial investigations showed no signs of exfiltrated data, on Oct. 7, a sample of the company's employee personal data was available on the Dark Web
READ THE STORY: DARKReading
All Windows versions can now block admin brute-force attacks
FROM THE MEDIA: Microsoft announced today that IT admins can now configure any Windows system still receiving security updates to automatically block brute force attacks targeting local administrator accounts via a group policy. This comes after David Weston, Microsoft's VP for Enterprise and OS Security, said in July that the same Windows group policy is now enabled by default on the latest Windows 11 builds. As a result, Windows 11 systems where the policy is toggled on automatically lock user accounts (including Administrator accounts) for 10 minutes after 10 failed sign-in attempts within 10 minutes.
READ THE STORY: Bleeping Computer
Siemens Not Ruling Out Future Attacks Exploiting Global Private Keys for PLC Hacking
FROM THE MEDIA: Researchers have demonstrated that threat actors could obtain global private keys that protect some of Siemens’ industrial devices, and the vendor says it cannot rule out malicious exploitation in the future. Details were disclosed on Tuesday by industrial cybersecurity firm Claroty, whose researchers have been looking into ways to achieve native code execution on programmable logic controllers (PLCs). The vulnerability is tracked as CVE-2022-38465 and it has been rated ‘critical’. Siemens has announced the availability of fixes for affected PLCs and the TIA Portal in one of its Patch Tuesday advisories.
READ THE STORY: SecurityWeek
LofyGang Cybercrime Group Used 200 Malicious NPM Packages for Supply Chain Attacks
FROM THE MEDIA: A cybercrime group named LofyGang has distributed roughly 200 malicious NPM packages that have been downloaded thousands of times over the past year, according to Checkmarx. Likely operating out of Brazil, LofyGang appears to be an organized crime group focused on multiple hacking activities, including credit card data theft and Discord premium upgrades, as well as the hacking of games and streaming service accounts.
READ THE STORY: SecurityWeek
Critical Open Source vm2 Sandbox Escape Bug Affects Millions
FROM THE MEDIA: A remote code execution (RCE) vulnerability in a widely used JavaScript sandbox has earned a top rating of 10 on the CVSS vulnerability risk scale; it allows threat actors to execute a sandbox escape and run shell commands on the hosting machine. Researchers from cloud security firm Oxeye discovered the dangerous flaw, which they dubbed "Sandbreak" in vm2, a JavaScript sandbox that has more than 16 million monthly downloads, according to its NPM package manager.
READ THE STORY: DARKReading
BlackByte ransomware uses new EDR evasion technique
FROM THE MEDIA: Operators behind BlackByte ransomware developed an advanced technique to bypass security products, according to new research. In a blog post last week, Sophos threat researcher Andreas Klopsch detailed the new evasion tactic that disables endpoint detection and response (EDR) tools by exploiting a known privilege escalation and code execution vulnerability in a driver called RTCore64.sys. The video driver is used by Micro-Star's MSI AfterBurner 4.6.2.15658, an overclocking tool that gives users extended control over graphic cards.
READ THE STORY: TechTarget
Automotive Security Threats Are More Critical Than Ever
FROM THE MEDIA: We’ve all marveled at the latest innovations from Tesla, the skill of Google’s self-driving cars, or, at the very least, enjoyed playing a podcast on our phone through our car’s speakers. The automotive industry continues to innovate, bringing connectivity to vehicles in new ways from the cockpit to the engine. These new tools change the way people drive and view their cars. An automobile is no longer just for transportation from point A to point B, but cars are rolling data centers that transmit a wealth of actionable intelligence to the networks and systems around them. However, that same information is also a valuable commodity to hackers – who are looking to steal it at any cost.
READ THE STORY: SecurityWeek
Six Months of Finding Secrets with Nosey Parker
FROM THE MEDIA: Earlier this year we announced Nosey Parker, a new scanner that uses machine learning techniques to detect hardcoded secrets in source code with few false positives. Since then we’ve continued its development and expanded its use in security engagements at Praetorian. In a few cases Nosey Parker has contributed to critical-severity findings, such as complete infrastructure takeover. In this post I’ll discuss some of the enhancements we’ve made, summarize the things we’ve learned about secret scanning, and hint at what’s next for Nosey Parker.
READ THE STORY: Security Boulevard
Critical Fortinet vulnerability under active exploitation
FROM THE MEDIA: A critical authentication bypass vulnerability affecting multiple Fortinet services has been exploited at least once in the wild, according to a security advisory published Monday. The Fortinet vulnerability, CVE-2022-40684, became public on Oct. 7 when the network security vendor sent an alert to customers warning of the flaw, according to a report from Bleeping Computer. This was followed by a public security advisory published Monday by Fortinet.
READ THE STORY: TechTarget
Microsoft Exchange servers hacked to deploy LockBit ransomware
FROM THE MEDIA: Microsoft is investigating reports of a new zero-day bug abused to hack Exchange servers which were later used to launch Lockbit ransomware attacks. In at least one such incident from July 2022, the attackers used a previously deployed web shell on a compromised Exchange server to escalate privileges to Active Directory admin, steal roughly 1.3 TB of data, and encrypt network systems. As described by South Korean cybersecurity firm AhnLab, whose forensic analysis experts were hired to help with the investigation, it took the threat actors only a week to hijack the AD admin account from when the web shell was uploaded.
READ THE STORY: Bleeping Computer
Lessons from DOJ’s First Prosecution of a Company Executive Covering Up a Data Breach
FROM THE MEDIA: Our Privacy, Cyber & Data Strategy and White Collar, Government & Internal Investigations teams offer key takeaways that companies should consider in the wake of the Justice Department’s first prosecution of a corporate executive for his response to a data security incident. Uber’s former chief security officer (CSO), Joe Sullivan, was found guilty on October 5, 2022 by a jury in federal court on charges of obstruction of justice (18 U.S.C. Section 1505) and misprision of a felony (18 U.S.C. Section 4) based on what the Justice Department called his “attempted cover-up of a 2016 hack of Uber.”
READ THE STORY: JDSUPRA
US airports are being hit by DDoS attacks from Russia
FROM THE MEDIA: The websites of a number of airports across the United States have been hit with distributed denial of service (DDoS(opens in new tab)) attacks, rendering them unavailable for users. While the attacks did not disrupt flights, they did affect other airline services, it was said. According to a BleepingComputer report, a pro-Russian hacktivist group called KillNet took responsibility for the attacks, as websites(opens in new tab) belonging to Hartsfield-Jackson Atlanta International Airport (ATL) and the Los Angeles International Airport (LAX) went under. The former is still unavailable at press time, while LAX’s website is now up and running.
READ THE STORY: TechRadar // FOX11
Toyota Reveals Data Leak of 300,000 Customers
FROM THE MEDIA: Japanese car giant Toyota has warned that nearly 300,000 customers may have had their personal data leaked after an access key was publicly available on GitHub for almost five years. In a statement on its website, Toyota said that the email addresses and customer control numbers of 296,019 people who have used T-Connect, a telematics service that connects vehicles via a network, since July 2017, were exposed.
READ THE STORY: InfoSec Mag
The Ethics Of Crypto: Sorting Out Good Intentions And Bad Actors
FROM THE MEDIA: This column focuses on the first category: the questions that engage ethicists (who claim to be in some sense like scientists, neutral and objective, interested in “theory”) and moralizers (who don’t, and aren’t). Ethical or moralistic analyses divide between those who see crypto as a positive good – and those who see it as no-good. This sets up a highly polarized debate about the essential (unavoidable) versus the incidental (avoidable) consequences implied by the spread of this new technology.
READ THE STORY: Forbes
Hackers are exploiting the very security tools providers use to protect themselves, HHS warns
FROM THE MEDIA: Cybercriminals are weaponizing the same tools that healthcare providers use to operate and maintain secure IT systems, HHS warned in a recent report. Providers can protect themselves by having a firm grasp of what their IT environment looks like, as this may help them spot any suspicious security tool commands. The same tools that healthcare providers use to operate and maintain secure IT systems can also be weaponized by hackers. In fact, that happens fairly often, according to a cybersecurity report recently released by the Department of Health and Human Services.
READ THE STORY: MedCityNews
Treasury fines virtual currency exchange Bittrex for failing to catch ransomware payments
FROM THE MEDIA: The Treasury Department announced on Tuesday parallel settlements with Bittrex, a virtual currency exchange based in Washington state, for allegations the company violated U.S. sanctions and anti-money laundering laws. The agencies brought $24 and $29 million dollar fines respectively, resulting in a total of $29 million in fines after remittance. An investigation by Treasury’s Office of Foreign Assets Control and Financial Crimes Enforcement Network, or FinCEN, found that Bittrex repeatedly failed to identify thousands of prohibited transactions.
READ THE STORY: Cyberscoop
Iran’s protests pose a challenge for Washington and Silicon Valley
FROM THE MEDIA: Demonstrators in Iran are struggling to gain access to the online tools that would help them organize and stay safe. As protesters continue to swell the ranks of Iran’s jails and morgues, some Iranians are asking why Washington and Silicon Valley are not doing more to stop the repression. Calls for action have stirred up long-standing debates over the impact of the vast raft of U.S. sanctions on Iran, including those targeting tech companies offering services to Iranians online, as well as over the global responsibilities of Big Tech.
READ THE STORY: WashingtonPost
How the US Government is Fighting Back Against Ransomware
FROM THE MEDIA: As ransomware-related payments surged toward $600 million in the first half of 2021, the U.S. government knew it needed to do more to fight back against cyber criminals. For many years, the Treasury’s Office of Foreign Assets Control (OFAC) had a Specially Designated Nationals and Blocked Persons List (SDN List for people or organizations acting against the national security, foreign policy and sanctions policy objectives of the United States).
READ THE STORY: Security Intelligence
Army Officials Detail Information, Cyber, Space Importance In Ukraine War, Counter-Drone Help
FROM THE MEDIA: Army officials on Tuesday told reporters they have seen more interest from allies and partner countries to learn techniques to resist occupation and use information warfare if invaded in the wake of Ukraine’s resistance to its invasion by Russia. “I think one of the greatest lessons from the Ukraine wars has been the power of information ops, and influencing relevant populations in the world – has certainly rallied around Ukraine,” Lt. Gen. Jonathan Braga, U.S. Army Special Operations Forces commander, told reporters during a media roundtable at the AUSA 2022 conference on Oct. 11.
READ THE STORY: Defense Daily
Strengthening cyber resilience with threat intelligence
FROM THE MEDIA: Cyber threats are inevitable, but cyber resilience is a choice. Martin Riley, Director of Managed Security Services at Bridewell, explains why businesses must utilize threat intelligence to mount a more effective response to escalating security risks. The immediate threat of cyber warfare is dominant in the minds of today’s cyber security decision makers – and with good reason. Recent Bridewell research found that more than seven-in-10 critical national infrastructure (CNI) organizations have seen cyber attacks increase since the outbreak of the Russia-Ukraine war.
READ THE STORY: TEISS
Patrol Ship Launched After 'International Terrorism' Against Nord Stream
FROM THE MEDIA: A"new era" has begun following the launch of a Russian patrol ship, weeks after an attack on the Nord Stream pipelines caused global speculation. Naval News reported on the launch of an ice-class patrol ship named "Purga" that is part of the Russian Federation's Federal Security Service. Georgy Poltavchenko, chairman of the board of directors of United Shipbuilding Corporation, said "a lot has happened" between the introduction of the Purga about two years ago and its launch on October 7.
READ THE STORY: Newsweek
White House executive order on EU-US data sharing.
FROM THE MEDIA: On Friday US President Joe Biden issued an executive order codifying Privacy Shield 2.0, an agreement established earlier this year regarding how the EU and the US share individuals’ private data. “Transatlantic data flows are critical to enabling the $7.1 trillion EU-US economic relationship,” the White House stated. Indeed, this transfer of data is essential, but the EU has expressed concerns that the US has too much access to European data, and the Schrems II case highlighted the fact that EU citizens had no rights to petition the US government over issues concerning data collection.
READ THE STORY: The Cyberwire
Items of interest
International spyware abuse inquiries
FROM THE MEDIA: A European Parliament committee is in the midst of investigating the prevalence of Pegasus spyware and other surveillance software in the EU, but with members spanning bloc member states, politics leanings appear to be complicating the inquiry. Lawmakers supporting the independence of Spain's Catalonia region were allegedly targeted with spyware, and when they testified on Thursday about their experiences, things got heated as some Spanish members of the committee criticized the Catalan independence movement. The committee’s membership also includes members of Hungarian and Polish ruling parties, which have been accused of spying on their citizens.
READ THE STORY: The Cyberwire
Russian Hackers on RT News Discuss Hacking US Websites with KillNet (Video)
FROM THE MEDIA: Russian Hackers on RT News Discuss Hacking US Websites with KillNet.
Russia 'fighting blind' as satellites have been hacked and taken offline (Video)
FROM THE MEDIA: OneFist, a Pro-Ukrainian hacker group, has confirmed that they’ve hacked a Russian low Earth orbit satellite communications network called - GoNets.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com