Sunday, October 23, 2022 // (IG): BB // INTSUM // Coffee for Bob
Iran Hackers Behind Attempt on US Election Are Still Active
FROM THE MEDIA: The Iranian cyber threat actor behind an attempt to disrupt the U.S. presidential election in 2020 remains an active threat, warns the FBI. The hacking group, Iranian cybersecurity firm Emennet Pasargad, conducted a "destructive cyberattack" against a U.S. organization within the last year. It is behind ongoing network penetrations it later publicizes in order to embarrass organizations with leaked data, the agency alert states. Israeli organizations are the group's main targets, but the FBI says it remains a cyber threat to the United States.
READ THE STORY: GovInfoSec
Australia flags increased penalties for data breaches following major cyberattacks
FROM THE MEDIA: Australia will introduce laws to parliament to increase penalties for companies subject to major data breaches, Attorney-General Mark Dreyfus said, after high-profile cyberattacks hit millions of Australians in recent weeks. Australia's telco, financial and government sectors have been on high alert since Singtel-owned Optus, the country's second-largest telco, disclosed on Sept. 22 a hack that saw the theft of personal data from up to 10 million accounts.
READ THE STORY: Reuters
Mystery of severed Shetland undersea cables as Russian ‘research’ ship sails close to Brit islands after comms blackout
FROM THE MEDIA: The mystery over severed undersea power cables off Shetland has deepened after it emerged a Russian "research ship" was clocked in the area. Engineers battled to restore internet and phone communications after islanders were completely cut off from the mainland on Thursday. New data now shows the research ship Akademik Boris Petrov travelled through the Shetland-Orkney Gap hours later. The Dutch warship HNLMS Tromp later moved to a position North East of the Isle of Lewis to intercept and escort it away from UK waters.
Plans for ‘deeper collaboration’ and a touchless border for Five Eyes citizens
FROM THE MEDIA: Theft of knowledge and know-how from universities and research institutes by foreign nationals is a growing concern, security experts warn. The warning came at an annual meeting of security and immigration ministers from the Five Eyes countries - the US, New Zealand, Australia, Canada and the UK - at a meeting in Washington DC last month. And a technology plan from the M5 alliance showed it was aiming for a “touchless border” for its citizens by 2030.
READ THE STORY: NZherald
Iran's Atomic Energy Organization Says E-Mail Was Hacked, State Media Says
FROM THE MEDIA: Iran's atomic energy organization said that an e-mail server belonging to one of its subsidiaries was hacked from a foreign country, leading to some information being published online, state media reported on Sunday. An Iranian hacking group, Black Reward, said in a statement published on Twitter that it had released hacked information relating to Iranian nuclear activities. The statement released on Saturday declared support for protesters in Iran, concluding "in the name of Mahsa Amini and for women, life, freedom,"
READ THE STORY: USNEWS // The Hindu // EuroNews
Russia wages disinformation war. Ukraine's cyber chief calls for global anti-fake news fight
FROM THE MEDIA: As a hybrid offline and online war wages on in Ukraine, Viktor Zhora, who leads the country's cybersecurity agency, has had a front-row seat of it all. Zhora is the deputy chairman and chief digital transformation officer at Ukraine's state service of special communication and information protection. Cyber aggression from neighboring Russia is nothing new, he said during a video keynote at Mandiant's mWISE event this week.
READ THE STORY: The Register
Ukraine war cuts ransomware as Kremlin co-opts hackers
FROM THE MEDIA: The Ukraine war has helped reduce global ransomware attacks by 10pc in the last few months, a British cybersecurity company has said. Criminal hacking gangs, usually engaged in corporate ransomware activities, are increasingly being co-opted by the Russian military to launch cyberattacks on Ukraine, according to Digital Shadows. “[The war] is likely to continue to motivate ransomware actors to target government and critical infrastructure entities,” said Riam Kim-McLeod, a threat intelligence analyst at Digital Shadows.
READ THE STORY: Telegraph
Advocate Aurora Health reports data breach that may have exposed personal data of 3 million patients
FROM THE MEDIA: Advocate Aurora Health, which operates hospitals in Libertyville, Barrington and throughout the Chicago area, reported a data breach that may have affected three million patients. The health system released a statement and said that pieces of code called pixels, which gather user information on some of the health system’s websites or applications, shared certain patient information to third-party vendors that provided the health system with the pixel technology.
READ THE STORY: Lake & Mchenry County Scanner
Illinois benefits web portal breached, state to provide assistance to those affected
FROM THE MEDIA: Two state agencies will provide credit monitoring and a hotline for people to register complaints after the Application for Benefits Eligibility platform was breached in August. The Illinois Department of Healthcare and Family Services and the Illinois Department of Human Services announced Friday that they had to shut down the ABE system after it was revealed that people could view customer applications before the state approved them.
READ THE STORY: The State Journal-Register
Iran boasts of arms sales, but denies it supplied Russia’s kamikaze drones
FROM THE MEDIA: Hard-line Iranian President Ebrahim Raisi boasted about his regime’s international arms sales Saturday — even as his foreign ministry condemned calls to investigate the Iranian “kamikaze drones” that have been wreaking havoc in Ukraine. Raisi said that multiple countries had clamored for Iranian-made weaponry when he attended the United Nations General Assembly in New York last month.
READ THE STORY: NYPOST
Election disruptions loom as social media giants likely to resist Turkey’s new law
FROM THE MEDIA: Social media companies are unlikely to fully abide by Turkey’s new law requiring them to remove “disinformation” content and share user data with authorities, analysts say, raising the spectre of possible platform disruptions before elections next year. Facebook, Twitter, Google and others are required to fully comply with the law by next April or face possible advertising bans and eventually cuts to their bandwidth, posing a dilemma for the companies before elections set for June.
READ THE STORY: The Fiji Times
Medibank confirms stolen data from ransomware attack
FROM THE MEDIA: Major Australian health insurance provider Medibank has announced customer data has been compromised as a result of a ransomware attack it experienced last week, as indicated by the sample of 100 stolen records shared by attackers to the insurer, reports The Record, a news site by cybersecurity firm Recorded Future. After initially reporting that its systems have not been encrypted by threat actors, Medibank disclosed that the shared data sample had been retrieved from its "ahm and international student systems," with the stolen data including names, birthdates, addresses, phone numbers, Medicare numbers, and policy numbers, as well as other claims information.
READ THE STORY: SCMAG
Russian organizations attacked by OldGremlin ransomware gang
FROM THE MEDIA: Numerous Russian entities in the banking, logistics, insurance, industry, real estate, retail, and software development sectors have been targeted by Russian ransomware group OldGremlin, also known as TinyScouts, in 16 phishing campaigns between 2020 and 2022, according to The Hacker News. OldGremlin, which was first identified in September 2020, has been impersonating tax and legal companies in its phishing emails that contain links to malicious files, a Group-IB report found.
READ THE STORY: SCMAG
Israel to install spy systems at Uganda borders
FROM THE MEDIA: A memorandum of understanding (MoU) on defence cooperation signed on September 19 between Uganda’s Ministry of Defence and the Israel Ministry of Defense includes a component on border management system security, Sunday Monitor has learnt. Ms Rosemary Byengoma, the Ministry of Defence’s Permanent Secretary, and Mr Asaf Dvir, the head of the International Defense Cooperation Directorate (SIBAT) of the Israel Ministry of Defense, signed the MoU at the military headquarters in Mbuya.
READ THE STORY: Monitor
Updated Furball Android spyware leveraged in new attacks
FROM THE MEDIA: Iranian state-sponsored threat group Domestic Kitten, also known as APT-C-50, has deployed the updated FurBall Android spyware in mobile surveillance campaigns targeted at Iranian citizens, BleepingComputer reports. Despite having many similarities with prior versions, the new FurBall malware includes obfuscation and command-and-control updates, according to an ESET report.
READ THE STORY: SCMAG
Apache Commons Text Library Flaw Is Worrisome, But Not Like Log4Shell
FROM THE MEDIA: Recently, a remote code execution flaw in the Apache Common Text library stirred up the news world as people thought of it as the next Log4Shell. However, researchers confirm this isn’t the case, though users should still patch their systems to avoid exploit. The Apache Commons Text Library RCE flaw gained attention when a developer highlighted the in an Apache mailing list. Apache Commons Text is a dedicated open-source Java library focused on algorithms working on strings. Describing the vulnerability, CVE-2022-42889, the developer stated that with Apache Commons Text version 1.5 and above, a set of default Lookup instances included interpolators that allowed arbitrary code execution and remote server connections.
READ THE STORY: LHN
Ukraine faces power outages after ‘massive’ Russian strikes target energy facilities
FROM THE MEDIA: Ukraine president Volodymyr Zelenskiy said Russia had launched a “massive attack” on Ukraine, with some strikes reported on energy infrastructure that resulted in power outages across the country. More than a dozen Russian missiles pounded energy facilities and other infrastructure across Ukraine on Saturday, the Ukrainian air force said, with strikes causing blackouts in parts of different regions.
READ THE STORY: The Guardian // MSN // The Spokesman
Google: US midterms less likely to be targeted by Chinese, Iranian hackers
FROM THE MEDIA: Chinese and Iranian state-sponsored hacking groups are not expected to engage in election hacking efforts as rigorous as those conducted in the 2020 elections for this year's midterms, ABC News reports. Hacking activity has been "relatively quiet" as the midterm polls near, as opposed to the extensive operations targeted at email accounts involved in the campaigns of President Joe Biden and former President Donald Trump two years ago, according to Google Threat Analysis Group Senior Director Shane Huntley.
READ THE STORY: SCMAG
Trick or retreat: Is Putin planning a Halloween surprise
FROM THE MEDIA: Vladimir Putin needs his Harry Houdini moment in Ukraine. Russian forces are retreating under full-court pressure in the Donbass, facing defeat in the Kherson Oblast by an ongoing Ukrainian counteroffensive, and the Kremlin is being openly criticized by Russian state-controlled media and Telegram milbloggers. Putin and his regime of elites also are feeling the pressure from growing internal dissent — and, notably, from Yevgeny Prigozhin, founder of the Wagner Group, who is blatantly gunning for Russian Minister of Defense Sergei Shoigu.
READ THE STORY: The Hill
Hackers Compromise the Twitter Account of GateIO to Promote a Phishing Scam
FROM THE MEDIA: Hackers are once again taking advantage of social networks to do their thing. This time, they compromised the official Twitter account of a popular crypto exchange to promote a phishing scam. Around midnight on October 21, PeckShieldAlert reported that the official Twitter account of Gate.io was hacked to promote a scam simulating a Giveaway of up to 500,000 USDT in rewards. The tweet posted by the hackers offered a prize of 500 USDT to the first 1,000 winners who claimed the reward by connecting their wallet to a fake phishing page, pretending to be the platform’s official site.
READ THE STORY: Crypto Potato
White hat hacker returns $300,000 gained from OlympusDAO
FROM THE MEDIA: A hacker who stole 30,437 OHM tokens (worth about $300,000) from an Olympus DAO’s smart contract earlier today has returned the money to the DAO in two transactions, according to blockchain security company Peckshield, Cryptoslate informed. Cryptoslate further informed that Peckshield claimed that the hacker took advantage of the contract’s “BondFixedExpiryTeller’s” incapacity to properly authenticate the transfer request.
READ THE STORY: Financial Express
Bypassing web application firewalls using HTTP headers
FROM THE MEDIA: Web application firewalls (WAF’s) are part of the defense in depth model for web applications. While not a substitute for secure code, they offer great options for filtering malicious input. Below is a story from a real assessment where an enterprise deployment of such a device was vulnerable to being bypassed. The vulnerability is one of a bad design and/or configuration and as an attacker it was very useful.
READ THE STORY: Security Boulevard
Advanced Penetration Testing (APT) – Pentesting High Security Environments by LSO
FROM THE MEDIA: You think you’ve come, you’ve seen, and you’ve conquered all the training in the pentest field? Think again. J0e McCray, Learn Security Online creator, has brewed up a new course to address the needs of the upper echelon of pentest monkeys out there. If you don’t know j0e from from his various speaking engagements at the hacker cons (Defcon, BruCon, ToorCon, LayerOne, etc), check out our quick Q&A with him at EthicalHacker.net. J0e has seen it all, and has put together a class that focuses on the advanced topics in penetration testing aka the things that will save your a** in a pentest.
READ THE STORY: Security Boulevard
Items of interest
When Elon says no, just reverse engineer the STARLINK signal
FROM THE MEDIA: We all know that it’s sometimes better to beg forgiveness than ask permission to do something, and we’ll venture a guess that more than a few of us have taken that advice to heart on occasion. But [Todd Humphreys] got the order of operations a bit mixed up with his attempt to leverage the Starlink network as a backup to the Global Positioning System, and ended up doing some interesting reverse engineering work as a result.
READ THE STORY: Hackaday
Act of Vandalism' Major Cable Cut in Freance Sparking Power Outage in Europe, Asia and USA (Video)
FROM THE MEDIA: Act of Vandalism' Major Cable Cut in France Sparking Power Outage in Europe, Asia and USA
How The Internet Travels Across Oceans (Video)
FROM THE MEDIA: 99% of all internet traffic – from this video to your Pokemon Go account to your family WhatsApp group – runs on a hidden network of undersea cables. Why should you care? Because modern life is increasingly dependent on those slinky subaquatic wires. And they get attacked by sharks from time to time.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com