Thursday, October 13, 2022 // (IG): BB // INTSUM // Coffee for Bob
The Ukraine War Is Teaching the US How to Move Intelligence Faster
FROM THE MEDIA: Ukraine’s swift counter-offensive owes much to U.S. weapons, planning, and intelligence help. But the U.S. Army is benefitting as well: by learning how to move intelligence much faster from satellites to ground units. Part of the answer is planning: making sure satellites are available to gather data when and where commanders need it. That means “trying to locate where the targets are now in the targeting board, you know, making sure that the effect that the commander wants on the battlefield is there and it's right there in the stack,” said Lt. Gen. Daniel Karbler, the commanding general of U.S. Army Space and Missile Defense Command.
READ THE STORY: Defense One
Starlink helped restore energy, communications infrastructure in parts of Ukraine
FROM THE MEDIA: SpaceX's Starlink services helped restore energy and communications infrastructure in Ukraine's critical areas, the country's Vice Prime Minister Mykhailo Fedorov said on Wednesday. "Over 100 cruise missiles attacked (Ukraine's) energy and communications infrastructure. But with Starlink we quickly restored the connection in critical areas," Fedorov tweeted. Some of the Starlink internet devices that had suffered outages have come back online in the past few days, restoring crucial lines of communications in territory recently liberated from Russian occupation, the Financial Times reported on Wednesday, citing Ukrainian soldiers and officials.
READ THE STORY: Reuters
US critical infrastructure, airports targeted by pro-Russia hackers
FROM THE MEDIA: Hackers affiliated with pro-Russia groups Killnet, Anonymous Russia and NoName057(16) have executed distributed denial of service (DDoS) attacks on multiple websites associated with the U.S. airline industry, causing temporary website outages. A cybersecurity alert from Radware detailed the attacks, citing an interview from Killnet founder and hacker KillMilk wherein the founder announced the coordinated targeting of U.S. critical infrastructure over the coming days. The founder claimed that the U.S. private sector is "100% vulnerable" to cyberattacks and promoted a conspiracy theory claiming the U.S. created COVID-19.
READ THE STORY: SECMAG
New npm timing attack could lead to supply chain attacks
FROM THE MEDIA: Security researchers have discovered an npm timing attack that reveals the names of private packages so threat actors can release malicious clones publicly to trick developers into using them instead. The attack relies on a small time difference in the return of a "404 Not Found" error when searching for a private compared to a non-existent package in the repository. While the response time difference is only a few hundred milliseconds, it is enough to determine whether a private package exists to perform package impersonation attacks.
READ THE STORY: Bleeping Computer
DPRK hackers sneak US$52 mln in crypto into S.Korean exchanges
FROM THE MEDIA: Hackers from North Korea have sent around US$52.46 million worth of cryptocurrencies to digital asset exchanges in South Korea since 2019 in an effort to evade sanctions or to launder the money, said Yoon Han-hong, a South Korean lawmaker, on Wednesday. Yoon, a member of the ruling People Power Party, cited an investigation by New York-based blockchain data firm Chainalysis and had requested this report.
READ THE STORY: OODALOOP
Airborne Drones Are Dropping Cyber-Spy Exploits in the Wild
FROM THE MEDIA: Once limited to abstract academic conversation among cybersecurity enthusiasts, drones loaded with cyber-spying equipment are now being used in the real world to breach networks and steal information. Cybersecurity researcher Greg Linares shared a Twitter thread on Oct. 10 providing an overview of a drone-based cyberattack he was privy to over the summer. He explained it started when an unnamed financial company picked up unusual traffic on its network.
READ THE STORY: DARKReading
Malwarebytes pairs new MDR and EDR for 'overwhelmed' cyber security teams
FROM THE MEDIA: Addressing the shortage of skilled cyber security professionals, Malwarebytes has launched Malwarebytes MDR (managed detection and response), pairing EDR (end point detection and response) technology with a dedicated team of security analysts, providing both automated and human lines of defense. In doing so, the vendor says, the new MDR service helps reduce the need for security teams to dedicate a large staff to prioritize, triage and respond to threats.
READ THE STORY: Channel Asia
Polonium Uses Seven Backdoor Variants to Spy on Israeli Organizations
FROM THE MEDIA: European cybersecurity firm ESET has discovered previously unknown custom backdoors and tools it believes are being leveraged by an APT group called Polonium. The group is relatively new and was discovered in June 2022 by Microsoft. The group is highly sophisticated and currently active. It appears to be exclusively targeting Israeli organizations with the goal of cyber espionage, since the group does not use sabotage tools such as wipers or ransomware. Microsoft previously linked Polonium to Lebanon and believes that the group could have ties with Iran’s Ministry of Intelligence and Security.
READ THE STORY: OODALOOP
Ransomware-impersonating data wipers distributed through adult sites
FROM THE MEDIA: Data wipers posing as ransomware are being distributed through malicious adult websites, BleepingComputer reports. Threat actors have leveraged websites with host names suggesting that they were offering nude photos, which seek users to download the SexyPhotos.JPG.exe executable, a report from Cyble revealed. Double-clicking the JPG-impersonating executable prompts the deployment and execution of four other executables and a batch file, which then copies the executables to the Windows Startup folder to build persistence.
READ THE STORY: SCMAG
CBC breached journalistic standards by linking Russia to Freedom Convoy
FROM THE MEDIA: The CBC Ombudsman ruled that he was “disappointed that programmers” linked Russia to the Freedom Convoy during a Power & Politics segment with Liberal Public Safety Minister Marco Mendicino in January. The Oct. 6 review by Ombudsman Jack Nagler followed a complaint against CBC news anchor Nil Koksal by viewer James Sali. During that episode, Koksal asked without any substantiating evidence whether “Russian actors” were involved in organizing the convoy.
READ THE STORY: TNC
Russian Hackers Shut Down Dozens of State Government Websites in DDoS Attacks
FROM THE MEDIA: Russian hackers took responsibility for a wave of cyber attacks that knocked dozens of state government websites offline. Several states, including Colorado, Connecticut, Kentucky, and Mississippi, were impacted by the politically-motivated cyber attacks that began on Wednesday, October 6th. The cybercrime gang that claimed responsibility is a Russian-speaking hacktivist group Killnet which uses distributed denial of service (DDoS) attacks to knock its targets offline.
READ THE STORY: CPO
Crypto Hacks Fuel Memes of North Korea: Blockchain’s Biggest Baddie
FROM THE MEDIA: Seemingly every week in crypto yields another multimillion-dollar hack or exploit – and with it, reams of memes about North Korea, the supposed culprit. The Hermit Kingdom’s alleged proficiency in pilfering billions of dollars from crypto protocols has spawned a new category of Kim Jong-Un-focused comedy on Crypto Twitter, the industry’s sometimes moldy water cooler. These memes cast North Korean hackers as master strategists dutifully draining decentralized finance (DeFi) in their race to nuke the world.
READ THE STORY: Yahoo Finance
Singtel's Australian IT Firm Dialog Suffers Data Breach
FROM THE MEDIA: Telecommunication giant Singtel has confirmed that another of its Australian subsidiaries, consulting unit Dialog, was the victim of a hack just weeks after the Optus breach was revealed. Writing a statement to the Singapore stock exchange on Monday, Singtel said Dialog, which was acquired by Singtel's subsidiary NCS in April, confirmed the cybersecurity incident in which "an unauthorized third party may have accessed company data" on Saturday, September 10, 2022. The breach potentially affected fewer than 20 clients and 1000 current Dialog employees as well as former employees.
READ THE STORY: INFOSEC MAG
Secrets in code combined with code leaks exposed data for 300,000 Toyota customers
FROM THE MEDIA: There has been a surge in the number of organizations who have reported theft of source code, exposure of secrets in code as well as exposure of proprietary code into external repositories due to unauthorized access or code leaks. This is exactly what happened at Toyota. It was reported in an article dated October 10, 2022 published in Bleeping Computer that states, “Toyota discovered recently that a portion of the T-Connect site source code was mistakenly published on GitHub and contained an access key to the data server that stored customer email addresses and management numbers”.
READ THE STORY: Security Boulevard
Exploitation of Siemens global private keys likely to prompt PLC compromise
FROM THE MEDIA: SecurityWeek reports that threat actors could exploit a critical security vulnerability in Siemens programmable logic controllers involving the acquisition of global private keys that could then be leveraged for PLC hacking. The flaw, tracked as CVE-2022-38465, has been identified by Claroty researchers who were able to secure a private key following exploitation of another bug, tracked as CVE-2020-15872, to obtain direct memory access, as well as enable total PLC control and man-in-the-middle attack capabilities.
READ THE STORY: SCMAG
Time For A Hard Fork: Following $100M Exploit, Binance Aims To Enhance Blockchain
FROM THE MEDIA: Binance's smart contract-enabled blockchain, BNB Smart Chain, will undergo a hard fork as a fix for the vulnerability that drained the platform of an estimated $100 million on Oct. 6. In order to reenable the cross-chain, a GitHub article described the release for the mainnet and testnet as a "temporary urgent patch to mitigate the cross-chain infrastructure between Beacon Chain and Smart Chain." The Moran hard fork, which is scheduled to happen on Oct. 12 at 8:00 am UTC, will take place at block height 22,107,423.
READ THE STORY: Benzinga
TempleDAO, STAX Finance Hacked in $2,300,000 Exploit
FROM THE MEDIA: Decentralized finance (DeFi) protocol TempleDAO and its affiliated application STAX Finance were compromised in a presumed hack early this week. In a statement, STAX advised users to refrain from making deposits into STAX contracts while confirming that crypto assets worth about $2.3 million were stolen. “Earlier today on Tuesday Oct. 11, a series of txs routed through STAX led to a total of 321,154 xLP tokens being taken from the xLP Staking contract at 13:08 UTC time. These tokens were swapped for precisely 1,418,303 TEMPLE and 1,262,438 FRAX; 1,418,303 TEMPLE were sold for FRAX.”
READ THE STORY: Daily Hodl
Fortinet authentication bypass flaw exploited in the wild; security experts call patching critical
FROM THE MEDIA: The Fortinet authentication bypass vulnerability that was discovered last week and has been confirmed in the wild was the subject of at least two recent research blogs and on Tuesday was entered into the CISA Known Exploited Vulnerabilities (KEV) Catalog. Fortinet released an update on Monday that detailed how security teams can check their logs for indicators of compromise, a topic that was also covered in a blog yesterday by Horizon3.ai.
READ THE STORY: SCMAG
General Electric data breach class action settlement
FROM THE MEDIA: General Electric (GE) agreed to a class action settlement to resolve claims it failed to prevent a 2020 data breach. The settlement benefits consumers who received a notification from General Electric warning them their information may have been compromised in a February 2020 data breach. In March 2020, General Electric announced its current and former employees may have had their information stolen through a data breach of one of GE’s third-party providers — Canon Business Process Services.
READ THE STORY: TCA
What Is the Man-in-the-Disk Attack
FROM THE MEDIA: If you are an Android user, you should know about the Man-in-the-Disk attack and the dangers it brings. This flaw lets intruders take control of legitimate apps on your Android device and use them to introduce malicious ones. So, what exactly is the Man-in-the-Disk? How does it work? And how can you protect your device from it? The Man-in-the-Disk is a type of cyberattack on Android OS devices in which malware installed on a smartphone or tablet targets an app through files located in external storage.
READ THE STORY: MUO
Fake Solana wallet update steals users’ digital holdings via NFT airdrops
FROM THE MEDIA: Bad actors are wreaking havoc on Solana’s community through malware to steal users’ virtual currency holdings. Bleeping Computer reported that the hackers are hiding behind a fake security update to install malware on victims’ devices as the final puzzle in the heist. According to the report, the scammers operate by airdropping Non-Fungible Tokens (NFTs) to users of the Phantom wallet. After opening the NFTs, users are met with a message urging them to install a new security update by clicking a link in the attachment.
READ THE STORY: Coingeek
US election workers slammed with phishing, malware-stuffed emails
FROM THE MEDIA: Election workers in US battleground states have been hit by a surge in phishing and malware-laced emails in the run up to their primaries and the upcoming 2022 midterm elections. That's according to Trellix security researchers, who said malicious emails sent to Arizona county election workers rose 78 percent, from 617 to 1,101, between the first and second quarter of the year, ahead of the state's August 2 primary. Those emails continued ramping, jumping 104 percent to 2,246 messages, by the third quarter of 2022.
READ THE STORY: The Register
FormBook Tops Check Point's Most Wanted Malware List For September
FROM THE MEDIA: FormBook is the most prevalent malware in the wild worldwide, and Vidar, an infostealer, has entered the top 10 list in eighth place for the first time following a fake Zoom campaign. The new data comes from Check Point Research (CPR), which shared with Infosecurity its September 2022's Most Wanted Malware report earlier today. According to the new figures, XMRig, an open-source CPU software used to mine Monero cryptocurrency, is currently in second place, while the advanced AgentTesla RAT is third.
READ THE STORY: InfoSec Mag
Android Leaks Wi-Fi Traffic Even When VPN Protection Features Are On
FROM THE MEDIA: Android devices are leaking certain traffic when a mobile device is connected to a Wi-Fi network, even when features aimed to protect data being sent over the public Internet by using virtual private networks (VPNs) are enabled. The issue could poke a hole in a user's ability to remain anonymous when using a VPN to encrypt data being sent from an Android device over a public Wi-Fi network, allowing a would-be attacker to monitor a user's traffic and even pinpoint someone's location, researchers noted.
READ THE STORY: DARKReading
Hackers Using Vishing to Trick Victims into Installing Android Banking Malware
FROM THE MEDIA: Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. The Dutch mobile security company said it identified a network of phishing websites targeting Italian online-banking users that are designed to get hold of their contact details. Telephone-oriented attack delivery (TOAD), as the social engineering technique is called, involves calling the victims using previously collected information from the fraudulent websites.
READ THE STORY: THN
Financial data of over 9 mn cardholders leaked, including from SBI
FROM THE MEDIA: New Delhi: Cyber-security researchers on Wednesday said they have discovered a massive leak involving over nine million cardholders’ financial data that includes customers of the State Bank of India (SBI). The threat intelligence team of AI-driven Singapore-headquartered CloudSEK discovered a threat actor advertising a database of 1.2 million cards for free on a Russian-speaking Dark Web cybercrime forum. This followed another incident of 7.9 million cardholder data advertised on the BidenCash website.
READ THE STORY: Siasat
WhatsApp Users Beware: Dangerous Mobile Trojan Being Distributed via Malicious Mod
FROM THE MEDIA: Security researchers have detected a threat actor distributing a data-stealing mobile Trojan via a spoofed version of YoWhatsApp, a relatively widely used, modified version of the WhatsApp messaging application. Users who download the app are at risk of having their WhatsApp account details stolen and being signed up for paid subscriptions they did not want or were even aware of.
READ THE STORY: DARKReading
Russian stablecoin usage surged after Ukraine invasion
FROM THE MEDIA: According to Chainalysis data, Russia's stablecoin usage has increased since the onset of the war, due partly to ordinary Russian citizens seeking to protect their assets. A new report from blockchain analytics firm Chainalysis has shown a surge in stablecoin usage in Russia following the Russian invasion of Ukraine, which has since seen sanctions and inflation impacting the country. Released on Oct. 12, the report revealed that the share of stablecoin’s transaction volume on primarily Russian services increased from 42% in January to 67% in March following the invasion, and has continued to increase since.
READ THE STORY: CoinTelegraph
The FBI Told Me: Analyzing the FBI’s Cyber Crime Report
FROM THE MEDIA: When you are a vendor who provides a valuable service, you look for opportunities to help companies. Sometimes, a vendor’s claims can be exaggerated or even contrived. For that reason, we refer to trusted third-party data to make our point. This month we will use the FBI’s annual Internet Crime Report to show the continued rise of social engineering attacks in the US, especially through voice phishing, or as its commonly referred, vishing.
READ THE STORY: Security Boulevard
Data of 380K patients compromised in hack of 13 anesthesia practices
FROM THE MEDIA: The Department of Health and Human Services breach reporting tool recently added 13 separate filings from anesthesia practices across the U.S., stemming from a “data security incident” at the covered entities’ management company. In total, the compromise involved the protected health information of 380,104 patients. The HHS tool appears to center on entities tied to New York-based Resource Anesthesiology Associates and Anesthesia Associates, including sites in El Paso, California, Washington, Palm Springs, Lynbrook, Hazleton, Fredericksburg, Bronx, San Joaquin, and Maryland. Upstate Anesthesia Services is also listed.
READ THE STORY: SCMAG
Let’s Not Downplay the Threat of Cyber Attacks in Commercial Real Estate
FROM THE MEDIA: In July 2021, a ransomware gang named BlackMatter emerged from the internet’s dark corners. A threat intelligence software company, Flashpoint, said the cyber criminals had similarities with other notorious ransomware gangs, ones with names like REvil and DarkSide, and that they could’ve been successors to those groups. BlackMatter posted a notice on online forums in July that they were looking to buy access to infected corporate networks in the U.S., Canada, Australia, and the U.K. The criminals targeted large corporate networks with more than $100 million in revenues.
READ THE STORY: Promodo
Items of interest
The tactic Russians are using to avoid sanctions
FROM THE MEDIA: Russians are selling rubles (RUBUSD=X) for crypto in an effort to evade sanctions and settle cross-border payments, a money laundering expert has claimed. Due the sanctions that prohibit Russian businesses from making international settlements in US dollars, companies and individuals are now turning to crypto as an alternative. Cryptocurrency activity in both Russia and Ukraine has spiked since Russian forces invaded on 24 February. In March, Ukrainian hryvnia-denominated (UAH=X) crypto trade volume rose 121% to $307m (£278.6m), while Russian ruble-denominated crypto trade volume rose 35% to $805, according to a new report from blockchain analysis company Chainalysis.
READ THE STORY: Yahoo News
The Most Epic Xbox Hacker Story You'll Ever Hear Darknet Diaries Ep: 45 Xbox Underground (Part 1)(Video)
FROM THE MEDIA: It started as a desire to play Xbox as a developer. And then wanting to play unreleased video games. But the more access these hackers got, the more dangerous things got. This is part one of a two part series.
Data Brokers: How they make money with your information (Video)
FROM THE MEDIA: Data brokers - how they make money, 1 year after GDPR part 2 & The Equifax breach - final cost and what we know.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com