Saturday, October 15, 2022 // (IG): BB // INTSUM // Coffee for Bob
Tata Power Company Limited, India’s largest power generation company, announced it was hit by a cyberattack
FROM THE MEDIA: Tata Power on Friday announced that was hit by a cyber attack. Threat actors hit the Information Technology (IT) infrastructure of the company. The company confirmed that the security breach impacted “some of its IT systems.” “The Tata Power Company Limited had a cyber attack on its IT infrastructure impacting some of its IT systems. The Company has taken steps to retrieve and restore the systems.” the company wrote in a filing with the National Stock Exchange (NSE) of India.
READ THE STORY: Security Affairs // The Record
New ‘Prestige’ ransomware campaign targets Ukraine and Poland
FROM THE MEDIA: A coordinated ransomware campaign targeted the transportation and logistics sectors in Ukraine and Poland this week with a previously unknown payload, researchers from Microsoft said Friday. The company’s Threat Intelligence Center said it observed the malware — which calls itself the “Prestige ranusomeware” in its note left on victim devices — deployed Tuesday in “attacks occurring within an hour of each other across all victims.”
READ THE STORY: The Record
Minecraft Was In The Crosshairs Of The Largest DDoS Attack Cloudflare Has Ever Seen
FROM THE MEDIA: This week, Cloudflare released a threat report detailing the state of distributed-denial-of-service (DDoS) attacks in the third quarter of 2022. Cloudflare is a major provider of DDoS mitigation services, giving the company insight into the frequency, strength, and nature of DDoS attacks. The largest attack Cloudflare saw in Q3 2022 was targeted at a popular Minecraft server called Wynncraft. The server provides players with a complete massively multiplayer online role-playing game (MMORPG) experience.
READ THE STORY: Hot Hardware
WIP19, a new Chinese cyberespionage group, targets telcos, IT companies
FROM THE MEDIA: A newly identified Chinese cyberespionage group tracked as WIP19 by leading security firm SentinelOne, has been observed to be targeting IT services providers and telecommunications companies mainly in the Middle East and Asia, using stolen certificates to sign several malicious components and malware families such as ScreenCap, SQLMaggie, and a credential dumper. According to SentinelOne, the activities of this advanced persistent threat (APT) overlap with Operation Shadow Force. It is still unclear if this is a fresh iteration of the campaign or the work of a new, more experienced adversary employing fresh malware and methods.
READ THE STORY: TEISS
Linux, Windows and macOS Hit By New “Alchemist” Attack Framework
FROM THE MEDIA: Security researchers at Cisco Talos have shared startling details of a newly discovered, feature-rich attack framework that targets Windows, macOS, and Linux systems with a remote access trojan (RAT). It has been dubbed the Alchemist attack framework, and researchers are moderately confident that this framework is used in the wild. According to a Cisco Talos report authored by Chetan Raghuprasad, Asheer Malhotra, Vitor Ventura, and Matt Thaxton, Alchemist is a single-file C2 framework discovered on a server hosting an active file listing on the root directory and a set of post-exploitation tools. It is implemented in GoLang and implants the Insekt RAT on the compromised systems.
READ THE STORY: HackRead
Apple's Constant Battles Against Zero-Day Exploits
FROM THE MEDIA: Over the past few years, there's been an increase in the number of attackers targeting Apple, especially with zero-day exploits. One major reason is that a zero-day exploit might just be the most valuable asset in a hacker's portfolio — and hackers know it. In 2022 alone, Apple has discovered seven zero-days and has followed up these discoveries with the required remedial updates. But it doesn't seem like the cat-and-mouse game will die anytime soon. In 2021, the number of recorded zero-days overall was more than double the figures recorded in 2020, showing the highest level since tracking began in 2014, according to a repository maintained by Project Zero.
READ THE STORY: DARKReading
Hacking revelations put Mexico military on defensive
FROM THE MEDIA: A trove of sensitive information was stolen from the Mexican defense ministry by the collective called Guacamaya, which has also claimed cyberattacks in Chile, Colombia and Peru. "Their objectives are more political than economic," said Diego Macor, a cyber-security expert at US technology giant IBM in Chile, who describes members of the network as "hacker-activists." The leaks revealed that the Mexican army continued to use Pegasus spyware developed by Israeli firm NSO Group after President Andres Manuel Lopez Obrador took office in 2018, according to an investigation by the Network in Defense of Digital Rights and its partners.
READ THE STORY: France 24
How web data is leading US cybersecurity to unreached possibilities
FROM THE MEDIA: Businesses across the United States are using web scraping, or web data collection, infrastructure as a first line of defense against potential cybersecurity threats and fraud. Security teams use web data to achieve real-time visibility over the public domain, where digital fraud and risks mainly occur, and test their networks against vulnerabilities that may appear online. At the forefront, web data helps security teams understand online risks by providing them an early indication and, with that, the ability to monitor and assess threats in real-time.
READ THE STORY: HackRead
Mango Markets DAO platform set to take $47M settlement from hacker
FROM THE MEDIA: The Mango Markets community plans to settle a deal with its hacker after losing $117 million because of an exploit. Mango Markets is a decentralized finance (DeFi) governance protocol. The proposed terms of this deal show that the attacker will return $67 million of the stolen funds. The hacker will also maintain $47 million of the stolen amount. The community has already approved the deal. 98% of the voters on the governance protocol, with 291 million tokens, have voted in favor of this deal. As part of the deal, the DeFi protocol will also not pursue criminal charges on the matter.
READ THE STORY: Inside Bitcoins
Wi-Fi drones were used by hackers to penetrate a financial firm's network remotely
FROM THE MEDIA: Hackers have a new attack vector they have been toying with over the last couple of years — drone penetration kits. Drones have become much more capable in the last several years, making them a viable option for covertly placing intrusion equipment near a network. Once just a field of theoretical security research, now hacking drones are being found in the wild. Network administrators discovered the company's internal Confluence page was exhibiting strange behavior within the local area network. Confluence is a web-based remote collaboration software developed by Atlassian.
READ THE STORY: TechSpot
Police tricks DeadBolt ransomware out of 155 decryption keys
FROM THE MEDIA: The Dutch National Police, in collaboration with cybersecurity firm Responders.NU, tricked the DeadBolt ransomware gang into handing over 155 decryption keys by faking ransom payments. DeadBolt is a ransomware operation active since January and known for demanding 0.03 bitcoin ransoms after encrypting thousands of QNAP and Asustor Network Attached Storage (NAS) devices (20,000 worldwide and at least 1,000 in the Netherlands per the Dutch police.) After the ransom is paid, DeadBolt creates a bitcoin transaction to the same bitcoin ransom address containing a decryption key for the victim (the decryption key can be found under the transaction's OP_RETURN output).
READ THE STORY: Bleeping Computer
New Mexican government cyber incident under investigation
FROM THE MEDIA: The Regulation and Licensing Department (RLD) of the US state of New Mexico suffered a security incident which is currently being investigated by the state’s Department of Information Technology’s (DoIT) Cybersecurity office. The Los Alamos Daily Post explains that an intruder gained unauthorized access to the department’s network, but the state says it has enlisted the help of cybersecurity experts to ensure that personal identifiable information of employees and RLD customers are not compromised.
READ THE STORY: The Cyberwire
What Happens When Hackers Exfiltrate Data From Your Business
FROM THE MEDIA: Data breaches are among the most harmful cybersecurity issues any business faces, with the potential for long-term financial and reputational damage. But while there can be many causes of such incidents, from careless employees to an insider threat, the deliberate targeting of firms in order to exfiltrate data as part of ransomware attacks can be the most costly, as well as the hardest to stop. Attempts to exfiltrate data have become a major part of ransomware threats, as they can enable criminals to repeatedly extort businesses with the threat of exposure of their data. And with ransomware on the rise, it will likely only be a matter of time before they come for your company – assuming you haven’t already been breached.
READ THE STORY: Security Boulevard
Ransomware campaign targeting users via fake Windows 10, antivirus update
FROM THE MEDIA: A ransomware campaign is targeting home users by masquerading as software updates via fake Windows 10 and antivirus installs, cyber-security researchers have revealed. The ransomware campaign called Magniber is then demanding $2,500 from victims for unlocking their data, reveals HP threat research team. “Notably, the attackers used clever techniques to evade detection, such as running the ransomware in memory, bypassing User Account Control (UAC) in Windows, and bypassing detection techniques that monitor user-mode hooks by using syscalls instead of standard Windows API libraries,” the team explained.
READ THE STORY: Nagalandpost
Black Basta uses QAKBOT, Brute Ratel in Ransomware attacks
FROM THE MEDIA: The threat actors behind the Black Basta ransomware were observed using the Qakbot malware in order to deploy the Brute Ratel framework as a second-stage payload in recent attacks. Brute Ratel, commercial adversary emulation software, is a relatively new player similar to the Sliver and Cobalt Strike platforms, which are marketed to red teams but also utilized by a wide range of threat actors. The recent Qakbot campaign is “a noteworthy development because it is the first time we have observed Brute Ratel as a second-stage payload via a QAKBOT infection,” said Ian Kenefick, Lucas Silva and Nicole Hernandez, researchers with Trend Micro, in an analysis this week.
READ THE STORY: DUO
Microsoft says Ukraine, Poland targeted with novel ransomware attack
FROM THE MEDIA: A newly discovered hacking group has attacked transportation and logistics companies in Ukraine and Poland with a novel kind of ransomware, Microsoft said in a blog post on Friday. The attackers targeted a wide range of systems within an hour on Tuesday, Microsoft said, adding that it hadn't been able to link the attacks to any known group yet. Notably, however, researchers found that the hacks closely mirrored earlier attacks by a Russian government-linked cyber team that had disrupted Ukraine government agencies.
READ THE STORY: Reuters
The billboards have eyes
FROM THE MEDIA: London-based civil liberties group Big Brother Watch says digital billboards are using high definition cameras to harvest information from passers-by without consent. Working like physical ad trackers, the cameras have the ability to identify an individual’s gender, age, and even mood and outfit, while also gathering data from any mobile devices they might be carrying. Advertisers can then use the data to create customized profiles of pedestrians based on their GPS position, demographic info, and their engagement with various apps on their phones.
READ THE STORY: The Cyberwire
Prepare for stricter privacy laws in the wake of the Optus data breach
FROM THE MEDIA: General Mark Dreyfus has already indicated that an overhaul of the Privacy Act is on the horizon. If revisions are passed, within the next few months companies will have to limit the amount of customer data stored on their databases. This is both a logical and overdue measure. While the industry code of practice requires telcos to retain customers' names, addresses and account reference numbers for up to six years, mainly for potential debt recovery, the Optus breach detailed how the telco also stored the passports, licenses and Medicare details of millions of past and current customers.
READ THE STORY: Bega District News
China's Vertical Nuclear Expansion is Real
FROM THE MEDIA: As the People’s Republic of China (PRC) continues to flout international norms, the world is falling behind in terms of any meaningful effort to confront their calculated aggression. Some positive, yet incremental events have occurred recently: namely, the Biden Administration issuing two new rules limiting American companies from exporting chips and chipmaking equipment to China; providing anti-ship and air-to-air missiles in the recent arms sale to Taiwan; Congressional movement on the Taiwan Policy Act; Speaker Nancy Pelosi’s perfectly acceptable summer visit to Taiwan; and reports showing a deep decline in projected Chinese GDP for 2022.
READ THE STORY: Real Cleared Defense
Space Force commander cannot ‘forgive’ Russia for ‘reckless’ ASAT test
FROM THE MEDIA: A senior Space Force commander said today that “in no way” can the US “forgive” Russia for what he called its “reckless” anti-satellite (ASAT) test that blasted thousands of pieces of debris into orbit last fall. Lt. Gen. Stephen Whiting, commander of Space Operations Command, said he was willing to give China a little leeway for its destructive 2007 ASAT test, as the country was a “relatively nascent space power” at the time. “But you absolutely, in no way, can forgive the Russians for doing that less than a year ago as this historic and sophisticated space power,” Whiting said during a CSIS event. “They knew what they were doing, and they were sending us a message.”
READ THE STORY: Breaking Defense
How platforms amplify misinformation
FROM THE MEDIA: A new report sheds light on how misinformation spreads online across different platforms, concluding that false narratives have the greatest chance of being amplified on Twitter and TikTok. Meanwhile, SpaceX is reportedly threatening to pull its Starlink internet service in Ukraine unless the Pentagon increases the amount it pays for it. Posts spreading misinformation are most amplified on Twitter and TikTok, according to a new report that looked at the spread of false narratives online. The Integrity Institute, an advocacy group, found that Twitter and TikTok have the highest “Misinformation Amplification Factor,” a figure the report’s authors used to track the spread of misinformation
READ THE STORY: The Hill
Musk seeks U.S. funds for Ukraine satellite network
FROM THE MEDIA: The Defense Department has gotten a request from SpaceX and Tesla founder Elon Musk to take over funding for his satellite network that has provided crucial battlefield communications for Ukrainian military forces during the war with Russia, U.S. official said Friday. The officials, who spoke on condition of anonymity to discuss a sensitive matter not yet made public, said the issue has been discussed in meetings and senior leaders are weighing the matter. There have been no decisions. A Pentagon spokesperson said the department has been “in touch with SpaceX” regarding the Starlink system, but declined to answer whether a letter was received or provide any details about the communication and whether it involved the pay issue.
READ THE STORY: Arkansas Online
China Has a Drone Army to Fight Off Wildfires. So Why Doesn’t America
FROM THE MEDIA: t was a scene reminiscent of the orange haze that doused the ruins of Las Vegas in Blade Runner 2049: Menacing wildfires ripped through the mountainous forests surrounding the 31 million residents of Chongqing, threatening to torch the towering office buildings and high-rise apartments of southwest China’s largest city. The fast-moving fire, which was triggered by a record heatwave and drought, also presented a serious challenge for firefighters forced to work in rugged terrain to push the blaze away from residential areas.
READ THE STORY: Yahoo News
The Future of South Korea-US Cyber Cooperation
FROM THE MEDIA: Despite the COVID-19 pandemic’s economic disruptions and U.N. sanctions, North Korea has found new, and illegal, ways to support the regime: cyberattacks garnering nearly $400 million in cryptocurrency last year and nearly $1 billion in 2022 thus far. While the United States has evidently made attempts to prevent these cyberattacks – such as sanctioning virtual currency mixer Tornado Cash for supporting North Korean hackers – additional measures are needed to better prevent future cyberattacks, including increased cybersecurity cooperation between the U.S. and South Korea.
READ THE STORY: The Diplomat
Where AI and disinformation meet
FROM THE MEDIA: With the midterm elections just weeks away, the political vitriol and rhetoric are about to heat up. One Arizona State University professor thinks most of the hyperbolic chatter will come from malicious bots spreading racism and hate on social media and in the comments section on news sites. Victor Benjamin, assistant professor of information systems at the W. P. Carey School of Business, has been researching this phenomenon for years. He says the next generation of AI is a reflection of what's going on in society. So far, it’s not looking good.
READ THE STORY: ASU
Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS)
FROM THE MEDIA: The CVE-2022-37969 (CVSS score: 7.8) flaw is a Windows Common Log File System Driver Elevation of Privilege Vulnerability. The Common Log File System (CLFS) is a general-purpose logging subsystem that can be used by applications running in both kernel mode and user mode for building high-performance transaction logs, and is implemented in the driver CLFS.sys. Microsoft fixed it with the release of September 2022 Patch Tuesday security updates, the company also states it has been actively exploited in the wild.
READ THE STORY: Security Affairs
Musk tweets complicate U.S. diplomacy From Ukraine to Taiwan
FROM THE MEDIA: Elon Musk often wields his Twitter account as a weapon — threatening to back out of his deal to buy Twitter or insulting President Joe Biden as a damp sock puppet “in human form.” More recently, the world’s richest person veered into more treacherous geopolitical territory by offering head-scratching proposals to end Russia’s invasion of Ukraine and settle questions about Taiwan’s sovereignty. His tweets and other public comments have angered presidents and foreign ministers across Europe and, awkwardly, won praise from America’s rivals.
READ THE STORY: Japan Times
Competition watchdog launches full-blown probe of takeover of Britain's leading satellite firm Inmarsat
FROM THE MEDIA: The foreign takeover of one of Britain's leading satellite businesses faced a fresh setback as the competition watchdog launched a full-blown probe. US giant Viasat was hoping to complete the £5.6billion purchase of rival Inmarsat before the end of the year. It had been through a 'phase one' investigation by the Competition and Markets Authority (CMA) over fears it could lead to a hit for consumers.
READ THE STORY: This is Money
Store credit card numbers in a debug log, lose millions of accounts.
FROM THE MEDIA: Online retailer Zoetop will fork out $1.9 million after account data belonging to 46 million customers was stolen in 2018. In announcing the settlement this week, New York Attorney General Letitia James said Hong Kong's Zoetop, which owns fast-fashion brands Shein and Romwe, also tried to downplay the scale of the cyberattack and was pretty bad at securing people's personal information.
READ THE STORY: The Register
Items of interest
Financing Entertainment Of The Future: Should Hollywood Have Its Own Blockchain
FROM THE MEDIA: Blockchain heralded the coming of Web 3.0, a follow-on to the intricacies of the World Wide Web. As it grew in popularity and adoption, there have been records of substantial investments in blockchain and its consequent asset classes like cryptocurrencies and NFTs. This surge of investments has not eluded big names in Hollywood. The likes of Shawn Mendes, Snoop Dogg, Floyd Mayweather, Jim Carrey, Paris Hilton, and Eminem are heavily invested in blockchain-powered asset classes.
READ THE STORY: Forbes
AI and Disinformation in the Russia-Ukraine War (Video)
FROM THE MEDIA: Government entities and individuals are using AI technology to create malicious bots and deepfakes to spread disinformation about the Russia-Ukraine war. Watch as TechTarget news director Shaun Sutner and news writer Esther Ajao discuss why and how disinformation is being spread.
The Hacking Empire Built on Discord (Video)
FROM THE MEDIA: The Hacking Empire Built on Discord.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com