Monday, October 31, 2022 // (IG): BB // INTSUM // Coffee for Bob
New Azov data wiper tries to frame researchers and BleepingComputer
FROM THE MEDIA: A new and destructive 'Azov Ransomware' data wiper is being heavily distributed through pirated software, key generators, and adware bundles, trying to frame well-known security researchers by claiming they are behind the attack. The Azov Ransomware falsely claims to have been created by a well-known security researcher named Hasherazade and lists other researchers, myself, and BleepingComputer, as involved in the operation. The ransom note, named RESTORE_FILES.txt, says that devices are encrypted in protest of the seizure of Crimea and because Western countries are not doing enough to help Ukraine in their war against Russia.
READ THE STORY: Bleeping Computer
Cybersecurity Measures Can Protect Windows Devices From Venus Ransomware
FROM THE MEDIA: Since August 2022, the Venus ransomware has been compromising Remote Desktop (RDP) Services. The main targets of the malware are unprotected Windows devices with publicly available RDP. Successful Venus ransomware has been locking users out of essential files and requesting payment in crypto. What should every organization know about the Venus ransomware, and what are some of the top cybersecurity practices to prevent and fight this type of malware?
READ THE STORY: Data Science Central
Time for the United States to extend SpaceX’s Starlink to Russia
FROM THE MEDIA: SpaceX CEO Elon Musk has won some fame for providing Starlink internet services to Ukraine. Plans are underway to give the same access to the orbiting communications constellation to dissidents currently protesting the theocratic regime in Iran. Despite Musk starting a dustup over who should ultimately pay for those services, the point is that a space-based telecommunication service, like Starlink, is a crucial weapon in the war against tyranny. It’s time for the United States to use the power of Starlink to deliver space-based information to anywhere on Earth to extend its reach to Russia.
READ THE STORY: The Hill
BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider
FROM THE MEDIA: Asahi Group Holdings, Ltd. is a precision metal manufacturing and metal solution provider, for more than 40 years, the company has been delivering end-to-end services in the industries of precision metals and thin-film coatings with different teams of experts. The BlackByte ransomware group claims to have stolen gigabytes of documents from Asahi Group Holdings, including financial and sales reports. The ransomware gang is demanding 500k$ to buy data and 600k$ to delete the stolen data.
READ THE STORY: Security Affairs
Actively exploited Windows MoTW zero-day gets unofficial patch
FROM THE MEDIA: A free unofficial patch has been released for an actively exploited zero-day that allows files signed with malformed signatures to bypass Mark-of-the-Web security warnings in Windows 10 and Windows 11. Last weekend, BleepingComputer reported that threat actors were using stand-alone JavaScript files to install the Magniber ransomware on victims' devices. When a user downloads a file from the Internet, Microsoft adds a Mark-of-the-Web flag to the file, causing the operating system to display security warnings when the file is launched, as shown below.
READ THE STORY: Bleeping Computer
Former British Prime Minister Liz Truss ‘s phone was allegedly hacked by Russian spies
FROM THE MEDIA: The personal mobile phone of British Prime Minister Liz Truss was hacked by cyber spies suspected of working for the Kremlin, the Daily Mail reported. According to the British tabloid, the cyber-spies are believed to have gained access to top-secret exchanges with key international partners as well as private conversations with his friend, the British Conservative Party politician Kwasi Kwarteng.
READ THE STORY: Security Affairs
Infrastructure Security Incidents Continue, What will Happen next to the Europe
FROM THE MEDIA: After the Nord Stream pipelines were sabotaged in a series of explosions, it triggered worldwide concerns about the security of critical infrastructure in Europe. People are concerned that pipeline sabotage could open a Pandora’s box, putting key global infrastructure such as oil and gas pipelines, and underwater communications cables in great danger. Such concerns have been confirmed by what happened recently. In less than a month, a barrage of mysterious attacks have taken place across Europe.
READ THE STORY: Modern Diplomacy
Analysis-In Australia, a hacking frenzy spurred by an undersized cybersecurity workforce
FROM THE MEDIA: A swathe of hacks on some of Australia’s biggest companies has made the country a target for copycat attacks just as a skills shortage leaves an understaffed, overworked cybersecurity workforce ill-equipped to stop it, technology experts said. As Monday saw the disclosure of another potential breach of sensitive data – a ransomware attack on a communication platform for military personnel – cybersecurity experts put a wave of high-profile breaches down to a common factor: human error.
READ THE STORY: KFGO
Varonis discovers Windows event log exploits
FROM THE MEDIA: Data security and analytics company Varonis has discovered two new vulnerabilities in the Windows event log left behind from the legacy of the now-discontinued Internet Explorer. The company has provided details of two proof-of-concept exploits including LogCrusher, which allows any domain user to remotely crash the Event Log application of any Windows machine on the domain. Meanwhile, the OverLog exploit can be used to cause a remote denial-of-service attack by filling the hard drive space of any Windows machine on the domain, Varonis said.
READ THE STORY: Technology Decisions
Active Raspberry Robin Worm Launch a ‘Hands-on-Keyboard’ Attacks To Hack Entire Networks
FROM THE MEDIA: During recent research, Microsoft has discovered evidence of a complex interconnected malware ecosystem that is associated with the Raspberry Robin worm. With other malware families, there are several root links to the Raspberry Robin worm were identified. Even security experts have detected that it uses alternate infection tactics as well.
READ THE STORY: GBHackers
Intelligence Community Help Wanted: Open Source Ninjas
FROM THE MEDIA: For those who have been privileged enough to read, write for, or brief the Intelligence Community’s President’s Daily Brief (PDB), the following quote looks like the topic paragraph of one of the 4-5 articles that would run “in the book,” and one that likely would garner a significant amount of senior policymaker feedback. “A joint investigation…has discovered voluminous telecom and travel data that implicates Russia’s Federal Security Service (FSB) in the poisoning of the prominent Russian opposition politician Alexey Navalny.”
READ THE STORY: The Cipher Brief
Air New Zealand warns of an ongoing credential stuffing attack
FROM THE MEDIA: “Credential stuffing is a type of attack in which hackers use automation and lists of compromised usernames and passwords to defeat authentication and authorization mechanisms, with the end goal of account takeover (ATO) and/or data exfiltration.” In other words, attackers glean lists of breached usernames and passwords and run them against desired logins until they find some that work. Then, they enter those accounts for the purpose of abusing permissions, siphoning out data, or both.
READ THE STORY: Security Affairs
Russia has declared hybrid war on Britain
FROM THE MEDIA: The reported hacking of Liz Truss’s mobile phone over the summer, suspected to have been conducted by people working on behalf of the Kremlin, should raise alarm bells across Whitehall. Britain is under fierce attack in this new era of hybrid warfare. While we may not be exchanging fire on the battlefield, our critical national infrastructure will be severely undermined and potentially destroyed if we fail to get a grip.
READ THE STORY: Telegraph
Bayraktar Dream Ends For Ukraine; ‘Angry’ Ankara Backs Out Of Setting Up TB2 Factory In War Zone
FROM THE MEDIA: Baykar has reportedly conveyed to the Ukrainian government its inability to set up a factory in partnership with a Ukrainian state-run defense firm. Two primary reasons are believed to be behind the move. One, the decreasing utility and increasing vulnerability of the drones to Russian air defense and electronic warfare reported by the mainstream Western press since June. Secondly, a deal struck between Presidents Vladimir Putin and Recep Tayyip Erdogan to make Turkey into a “gas hub,” helping the latter realize its dreams of a regional powerhouse, has played a significant part in declining active Turkish support.f malicious content,” which represents a bit more than 10% of all PoCs analyzed.
READ THE STORY: The EurAsian Times
The dangers of Iran’s drones in Ukraine
FROM THE MEDIA: The Russian military has attacked multiple Ukrainian cities with Iranian drones in recent weeks. The White House confirmed that Iran supplied Russia with dozens of drones and has more shipments on the way — 2,400, according to Ukrainian President Volodymyr Zelensky — and has operators deployed with the Russian military in Crimea. The use of Iranian drones in Ukraine has sparked concern over the deepening Iranian-Russo ties and the maturity of Iran’s drone program. But for Iran, Ukraine serves as another battlefield to live-test its drone fleet against U.S.- and NATO-provided defensive systems.
READ THE STORY: The Hill
Beware China’s telecom tech: US official
FROM THE MEDIA: US Undersecretary of Homeland Security for Strategy, Policy and Plans Robert Silvers on Friday warned of the risks that using Chinese telecommunications equipment could have on global infrastructure. At an event hosted by the Washington-based Center for Strategic and International Studies think tank on the topic of cybersecurity, Silvers said he and other US officials were urging other countries to avoid using Chinese telecommunications equipment, to prevent introducing information security risks.
READ THE STORY: Taipei Times
‘Swarm’ of drones spotted flying above UK nuclear plant
FROM THE MEDIA: The unidentified aerial vehicles (UAVs) spotted above the Capenhurst facility in Cheshire were reported to the Civil Nuclear Constabulary (CNC). The sighting – logged as a ‘report of 5 – 6 drones flying over and around the site’ – was one of two in the space of four days in 2019. A note on the second incident simply states: ‘Report of a drone overflying the site.’ A log previously released by the government suggested that there had been a ‘swarm’ incident – where interlinked drones take part in the same operation or attack – at an unnamed nuclear facility.
READ THE STORY: Metro
Hackers show naval drone attack on Russian warships on Crimean TV channels
FROM THE MEDIA: On Oct. 29, the Crimean authorities said that Russian Black Sea warships repelled a drone attack in Sevastopol Bay. But a source from the Security Service of Ukraine informed a Ukrainian media outlet that at least three Kalibr cruise missile carriers were damaged in explosions. After the attack, unknown hackers breached key Russian propagandistic channels in Crimea and showed footage of hits that had damaged the ships, journalist Andriy Tsaplienko reported.
READ THE STORY: Euromaidan Press
Terrorists are funding their horrible deeds with crypto: UN officials
FROM THE MEDIA: Terrorist groups who have been excluded from the “formal financial system” have turned to crypto to fund their heinous activities, according to Svetlana Martynova, the Countering Financing of Terrorism Coordinator at the United Nations (UN). The UN official made the comments during a speech at a “Special Meeting” run by the UN’s Counter-Terrorism Committee (CTC) in New Delhi and Mumbai on Oct. 28-29 — which was focused on combating the use of “new and emerging technologies” for terrorist purposes.
READ THE STORY: CoinTelegraph
Australian Defense Force confirm data breach hack
FROM THE MEDIA: Hackers have attacked an external IT provider used by military personnel and Defence department public servants. A spokeswoman for Defence Minister Richard Marles confirmed to NCA NewsWire a breach had taken place on the ForceNet service. She said no personal data had been compromised. Assistant Minister for Defence Matt Thistlethwaite told the ABC on Monday the attack was being taken “very seriously”. “They’re suggesting considering changing passwords and moving to two-factor authentication and the like, but importantly, the aim will be to support ADF personnel,” Mr Thistlethwaite said.
READ THE STORY: News AU // ABC (AU)
Researchers hack SpaceX Starlink satellite signal for GPS alternative
FROM THE MEDIA: A non-peer-reviewed paper published by The University of Texas at Austin provides a complete characterization of Starlink’s signals claiming to have taken the first step toward creating a brand-new global navigation technology. The University of Texas at Austin researchers hacked SpaceX’s Starlink Satellite’s Signal to use it as a GPS alternative without help or support from Elon Musk’s company. For your information, GPS (global positioning system) is a group of 31 satellites monitored by the US government. These satellites transmit radio signals from an altitude of 12,500 miles. The signals are picked up by GPS receivers installed in phones, vehicles, etc.
READ THE STORY: HackRead
German BKA arrested the alleged operator of Deutschland im Deep Web darknet market
FROM THE MEDIA: Germany’s Federal Criminal Police Office (BKA) has arrested a student (22) in Bavaria, who is suspected of being the administrator of ‘Deutschland im Deep Web’ (DiDW) darknet marketplace. The darknet marketplace has gone off early this year, with more than 16,000 registered users, 72 of whom were active traders. The Darknet marketplace was a crucial service for drug trafficking in the cybercrime underground for several years.
READ THE STORY: Security Affairs
Russia accuses Britain of blowing up Nord Stream pipelines
FROM THE MEDIA: The Russian government has accused Britain of playing a major role in the September 26 blowing up of the Nord Stream 1 and Nord Stream 2 gas pipelines. Powerful underwater explosions blew gaping holes in the Nord Stream 1 and 2 pipelines, which carry Russian natural gas 760-miles under the Baltic Sea to Germany. The pipelines have a joint annual capacity to provide 110 billion cubic metres of gas, more than 50 percent of Russia’s normal gas export volumes.
READ THE STORY: WSWS
The head of PMC Wagner demands to block YouTube in Russia
FROM THE MEDIA: The leader of PMC “Wagner” Yevgeny Prigozhin, asks to block YouTube in Russia. According to his press service, Prigozhin appealed to Prosecutor General Igor Krasnov with a corresponding appeal. The leader of Wagner PMC claims that after the start of the war in Ukraine, which in the Russian Federation is called a “special operation”, a “full-scale information war” has unfolded on the network, in which disinformation and negative attitudes “introduced with the help of YouTube” are actively used.
READ THE STORY: The Odessa Journal
Russia’s Black Sea flagship damaged in Crimea drone attack, video suggests
FROM THE MEDIA: Russia’s Black Sea flagship vessel, the Admiral Makarov, was damaged and possibly disabled during an audacious Ukrainian drone attack over the weekend on the Crimean port of Sevastopol, according to an examination of video footage. Open-source investigators said the frigate was one of three Russian ships to have been hit on Saturday. A swarm of drones – some flying in the air, others skimming rapidly along the water – struck Russia’s navy at 4.20 am. Video from one of the sea drones shows the unmanned vehicle weaving between enemy boats.
READ THE STORY: The Guardian // The Nation // The Maritime Executive
Items of interest
Elon Musk Takeover Sparks Rise in N-Word Being Used on Twitter
FROM THE MEDIA: Elon Musk's takeover of Twitter faced controversy immediately as the number of racist comments spiked exponentially, including the use of the N-word. Racists and trolls flooded Twitter, the social media company, since the company was taken private by Musk on Friday, testing whether the CEO of Tesla would stand by his claim of being a "free speech absolutist." The number of trolls using the N-word on Twitter rose by 500% within 12 hours after the $44 billion deal was finalized, according to a report by the Network Contagion Research Institute, a group which researches social media content to determine threats that could materialize.
READ THE STORY: The Street
Target Rich Cyber Poor (Video)
FROM THE MEDIA: BSidesLV 2022 Lucky13 I Am The Cavalry (IATC) – Don Benack’s, Tom Millar’s ‘Target Rich Cyber Poor’.
The Exclave Experience: Relocating To 'Almost Canada' (Video)
FROM THE MEDIA: The Exclave Experience: Relocating To 'Almost Canada'.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com