Wednesday, November 02, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Anonymous claims hack of Chinese ministry site
FROM THE MEDIA: Hacktivist collective Anonymous yesterday claimed to have hacked the Chinese Ministry of Emergency Management and a Beijing-based private satellite operator in retaliation for a Wikipedia edit war the hackers said was part of a Chinese influence operation. The cyberattacks on Saturday compromised the menu page of the content management system for the ministry’s Web site, enabling the hackers to vandalize 19 pages and deface seven forums with images, the Taiwan News Web site yesterday quoted Anonymous representative “Allez-opi_omi” as saying.
READ THE STORY: Taipei Times
Russian Hacker Behind Massive Data Breach Released From U.S. Prison
FROM THE MEDIA: A Russian hacker who was convicted for his leading role in one of the largest data thefts in U.S. history has been released from prison after serving most of his 12-year sentence. Vladimir Drinkman was released from a Pennsylvania jail on October 28, the U.S. Bureau of Prisons told RFE/RL. U.S. Immigration and Customs Enforcement (ICE) did not respond to an RFE/RL request for comment on whether Drinkman had been turned over for deportation, a process that can take up to several months. Drinkman's lawyer, Igor Litvak, declined to comment. RFE/RL could not immediately reach Drinkman.
READ THE STORY: RFERL
Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware
FROM THE MEDIA: The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities. Targets include media, diplomatic, governmental and public sector organizations and think-tanks in Japan, according to twin reports published by Kaspersky. Stone Panda, also called APT10, Bronze Riverside, Cicada, and Potassium, is a cyber espionage group known for its intrusions against organizations identified as strategically significant to China. The threat actor is believed to have been active since at least 2009.
READ THE STORY: THN
Dropbox reveals it was victim of a phishing attack, says no passwords were stolen
FROM THE MEDIA: The file hosting platform Dropbox has revealed that they were recently the target of a phishing attack that saw hackers successfully steal some of the code that they stored on Github. However, they were also quick to state that no content, passwords or payment information were compromised, and that the issue they encountered was resolved quickly. According to Dropbox, they were alerted by Github on 14 October that they noticed some suspicious behavior happening. They then checked it out for themselves and saw that a threat actor that was also pretending to be CircleCI, another software company, had gained access to one of their Github accounts.
READ THE STORY: Soyacincau // Security Newspaper // Bleeping Computer
France's Thales says hackers claim to have stolen data
FROM THE MEDIA: Thales said the extortion and ransomware group has announced plans to release the data on 7 November. It added that so far it had not received any direct ransom notification. Thales has launched an internal investigation and has informed the ANSSI national cyber security agency, but so far has not filed a complaint with the police, a company official said. The hackers have not provided proof they have obtained any Thales data, the official added.
READ THE STORY: RFI
Reach Out and Scam Someone: China is exporting scams and disinformation around the world
FROM THE MEDIA: With regard to China, we usually maintain our focus on those clever Chinese hoaxsters who invented the climate crisis to make American climatologists filthy rich and make oil billionaires cry. But as the Washington Post reports, there are other shenanigans afoot there, this time on social media. The operations spanned nearly 2,000 [Twitter] user accounts, some of which purported to be located in the United States, and weighed in on a wide variety of hot-button issues, including election-rigging claims about the 2020 presidential election and criticism of members of the transgender community.
READ THE STORY: Esquire
UK spy chief warns of growing threat from ‘hackers for hire’
FROM THE MEDIA: “Hackers for hire” and the proliferation of sophisticated software that can be bought off the shelf are a growing threat to government and business cyber security, a top British spy has warned. Sir Jeremy Fleming, who heads the signals intelligence agency GCHQ, said the growing grey market was allowing countries and criminals with no capabilities to wield sophisticated cyber tools, increasing the risk and unpredictability of hacking attacks on governments, businesses and individuals.
READ THE STORY: FT
Norway’s Russian spy scandal should be a warning to all universities
FROM THE MEDIA: Until last month, not many people were aware of the political warfare program at Norway’s Arctic University in the northern city of Tromsø. But then, officers at the Norwegian Police Security Service arrested one of the researchers, claiming he was a Russian spy. There is a striking irony in the fact that Moscow may have successfully infiltrated the very program that investigates so-called “greyzone” activity — subversive actions by hostile states that fall below the threshold of formal conflict.
READ THE STORY: FT
Assistance for Ukraine's cyber defense
FROM THE MEDIA: The BBC reports that the British government has revealed the extent of cyber assistance it's rendered Ukraine. Aid amounting to some £6m has been delivered. In the course of discussing the assistance, the Government offered a brief appreciation of the state of cyber conflict in Russia's hybrid war. In brief, cyberspace remains "heavily contested," even as waves of Russian cyberattacks have not achieved the disruption widely expected at the beginning of the war. The SVR, FSB, and GRU have all been active against Ukraine in cyberspace, British sources say, and of the three Russian intelligence agencies, the GRU has been the most active.
READ THE STORY: The Cyberwire
Russia’s Wagner Group ‘have as much power in Kremlin as ministers’
FROM THE MEDIA: The leaders of the Wagner Group, the Russian mercenary group answerable to Vladimir Putin, now have as much political influence in the Kremlin as the foreign minister, Sergei Lavrov, and the defense minister, Sergei Shoigu, a prominent Russian dissident and former political prisoner has told a British parliamentary group. Mikhail Khodorkovsky told the foreign affairs committee that Yevgeny Prigozhin, a businessman who finally admitted in September 2022 that he had founded the group, had as much access to Putin as the formal government officials.
READ THE STORY: The Guardian
Qualcomm: Arm threatens to end CPU licensing, charge device makers instead
FROM THE MEDIA: Qualcomm has hit back at Arm with explosive allegations that the British chip designer has threatened to phase out CPU design licenses for semiconductor companies and instead charge device makers royalties for using Arm-compliant processors. These claims were made in Qualcomm's amended response to Arm's lawsuit against the US chip giant. Arm is right now trying to stop Qualcomm from developing custom Arm-compatible processors using CPU core designs Qualcomm obtained via its acquisition of Nuvia.
READ THE STORY: The Register
Energy crisis chips away at Europe's industrial might
FROM THE MEDIA: Europe needs its industrial companies to save energy amid soaring costs and shrinking supplies, and they are delivering - demand for natural gas and electricity both fell in the past quarter. It is far too early to rejoice, though. The drop is not just because industrial companies are turning down thermostats, they are also shutting down plants that may never reopen. And while lower energy use helps Europe weather the crisis sparked by Russia's war in Ukraine and Moscow's supply cuts, executives, economists and industry groups warn its industrial base may end up severely weakened if high energy costs persist.
READ THE STORY: Reuters
The Battle Is On to Control the World’s Chip Supply
FROM THE MEDIA: Chips are becoming as indispensable to the modern global economy as oil was to the twentieth century global economy. At one time, America dominated chip production, but now, the biggest company is in Taiwan, TSMC — and China is starting to catch up. Chris Miller is a professor of international history at Tufts University and the author of the just published Chip Wars: The Fight for the World’s Most Critical Technology. He explains that the geopolitical implications of who wins this war are immense.
READ THE STORY: Brink
How Russia’s war in Ukraine helped the FBI crack one of the biggest cybercrime cases in years
FROM THE MEDIA: Three weeks after Russia started dropping bombs on Ukraine in late February, a talented young computer programmer named Mark Sokolovsky climbed into a Porsche Cayenne with his girlfriend to get away from the fighting. The pair made their way through Poland and then Germany before stopping in the Netherlands, where they thought they were safe. Little did they know that the U.S. Federal Bureau of Investigation and investigators in Europe had been watching them all along.
READ THE STORY: MarketWatch
Thomson Reuters Database Leak Exposed 3TB of Sensitive Platform and Customer Data
FROM THE MEDIA: Thomson Reuters acknowledged a database leak that exposed at least 3TB of customer data, although the multinational media conglomerate attempted to downplay the gravity of the issue. According to the Cybernews research team, Thomson Reuters left three databases unsecured for anybody to access without authentication. The information news website reported that one of the databases contained “sensitive, up-to-date information from across the company’s platforms.”
READ THE STORY: CPO
Osaka Hospital Halts Services After Ransomware Attack
FROM THE MEDIA: A major hospital in Osaka, Japan, has suspended routine medical services following a ransomware cyber-attack that disrupted its electronic medical record systems. Emergency operations are continuing, but Osaka General Medical Center officials told reporters on Monday that the hospital system failed earlier today and could not be accessed. They have also reported that a contractor who examined the issue concluded the system had been attacked by a ransomware computer virus, with the threat actor allegedly sending an email in English to the hospital's server and demanding a ransom in Bitcoin.
READ THE STORY: InfoSecMag
OpenSSL Releases Security Update
FROM THE MEDIA: OpenSSL has released a security advisory to address two vulnerabilities, CVE-2022-3602 and CVE-2022-3786, affecting OpenSSL versions 3.0.0 through 3.0.6. Both CVE-2022-3602 and CVE-2022-3786 can cause a denial of service. According to OpenSSL, a cyber threat actor leveraging CVE-2022-3786, "can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution," allowing them to take control of an affected system.
READ THE STORY: CISA
How Elon Musk’s Twitter Buy Raises Cybersecurity Risks For The Rest Of Us
Analyst Notes: There has been a uptick in the narrative that Elon Musk is dependent and or poss. influenced by the CCP due to Tesla dealings. These claims of CCP control have yet to be substantiated. Twitters ecosystem has long been exploited by foreign influence and the idea that it will be worse due to Musk maybe based on a bias.
FROM THE MEDIA: For all the worries that Elon Musk’s purchase of Twitter will roll back limits on hate speech and misinformation, the acquisition also presents major cybersecurity concerns. Now that a critical public communications network has become private property, there are five major cyber risks that have to be accounted for, both within the network and beyond. Twitter was once a "wild west," where threat actors who ranged from ISIS to Neo-Nazis to Russian info-warriors ran wild, easily pushing hate, calls for violence, and disinformation on topics ranging from elections to the pandemic.
READ THE STORY: Defense One
Google Ad for GIMP.org Was Sending Users to a Malware Site
FROM THE MEDIA: GIMP is a very popular open source graphics editor that probably gets thousands of searches on Google each day. However, up until a week ago searching for GIMP would see Google surface an ad that seemed to head to the official GIMP.org website. All good, but it seems that the ad was actually sending users to a lookalike website to deliver malware.
READ THE STORY: WinBuzzer
Azov Ransomware Tries to Set Up Cybersecurity Specialists
FROM THE MEDIA: Azov ransomware, a newcomer to the encryption malware market, appears in view with a rather unusual strategy. This malware seems to be a simple vandal that shifts responsibility to honorable malware analysts. It gives users no chance to decrypt the files, as analysts can’t decrypt nor find the threat actor. This ransomware took the name of a famous Ukrainian battle squadron – Azov. They are known far away from battlefields of the Russo-Ukrainian war, but mostly in a positive case.
READ THE STORY: GrindinSoft
Treasury Department Breached By Russian State Hackers In October
FROM THE MEDIA: The U.S. Treasury last month repelled cyber attacks by a pro-Russian hacker group, but the incident caused little to no disruption and confirmed that the department's stronger approach to financial system cybersecurity was working, a U.S. Treasury official said on Tuesday. The Treasury has attributed the distributed denial of service (DDoS) attacks to Killnet, the Russian hacker group that claimed responsibility for disrupting the websites of several U.S. states and airports in October, said Todd Conklin, cybersecurity counselor to Deputy Treasury Secretary Wally Adeyemo.
READ THE STORY: NDTV
Hackers could see Australia as weak target after Optus, Medibank data breaches, insider says
FROM THE MEDIA: International computer-hacking syndicates will be eyeing off more Australian targets after a string of recent data breaches, a cybersecurity expert says. Companies — including Optus and Medibank — recently revealed that millions of customer records have been exposed. Ben Walker worked in cybersecurity in the private health insurance industry for six years, and says hackers will now "see Australia as a soft target". "I think [hackers] will be emboldened by this … they'll probably come again looking for another organization to exploit as well," he said.
READ THE STORY: ABC AU
Bed Bath & Beyond investigating possible data breach
FROM THE MEDIA: Bed Bath & Beyond is investigating a possible data breach after an outside party improperly accessed the hard drive and certain shared drives of one of its employees via a phishing scam in October. "The Company is reviewing the accessed data to determine whether these drives contain any sensitive and/or personally identifiable information," the home goods retailer said in an Oct. 28 filing with the Securities and Exchange Commission. "At this time the Company has no reason to believe that any such sensitive or personally identifiable information was accessed or that this event would be likely to have a material impact on the Company."
READ THE STORY: Fox Business
Australian Defense Force Communications Service Hit by Ransomware Attack
FROM THE MEDIA: ForceNet, a communications platform used by Australian military personnel and defense employees, is the latest victim of a data breach possibly leading to a ransomware attack. The Australian defense sector is often targeted by hackers. However, the news of the cyberattack on ForceNet surfaced just weeks after Australia’s largest telecommunications company, Optus, and the country’s biggest health insurer, Medibank, suffered data breaches impacting millions.
READ THE STORY: HackRead
Can internet outages really disrupt crypto networks
FROM THE MEDIA: In the wee hours of Oct. 18, several parts of Europe, America and Asia were left without any internet due to several undersea internet cables being “cut,” causing a chain reaction of connectivity problems across the globe. France, Italy and Spain, in particular, were faced with significant outages, with many experts claiming that vandals were to be blamed for the same. According to Jay Chaudhary, CEO of Zscaler — an American cloud security company — there is no doubt that nefarious third-party agents were to be blamed for the cut cables that resulted in packet data losses.
READ THE STORY: Investing
Putin humiliated by high skilled engineers' exodus – Russia's ability 'significantly hit'
FROM THE MEDIA: According to Mikhail Khodorkovsky, roughly 30,000 Russian programmers have fled the country to reach neighboring states, "mainly Cyprus", to escape Putin's mobilization decree. The former political prisoner and pro-democracy activist told the UK Foreign Affairs Committee that the Russian President's quest to conquer Ukraine has been "significantly hit" by an exodus of highly-educated and rich Russian citizens.
READ THE STORY: Express
For tech war win, US must tackle Chinese spies
FROM THE MEDIA: It’s gradually sinking in that the Biden administration has launched perhaps the greatest industrial policy experiment in history – stopping China from assuming technological leadership over the United States and the rest of the world. The two major thrusts are (1) sweeping, coordinated restrictions on the sale of semiconductors and chip-making equipment to China and (2) massive investments in semiconductors and other advanced technologies in the United States.
READ THE STORY: Asian Times
Exploited Windows MotW flaw gains unofficial fix
FROM THE MEDIA: 0patch has issued an unofficial fix for an actively exploited Microsoft Windows zero-day vulnerability that could enable malformed signature-approved files to evade Mark-of-the-Web security measures, according to The Hacker News. Such a patch follows HP Wolf Security's discovery of a Magniber ransomware campaign leveraging phony security updates that include a JavaScript file that has the MotW tag, which facilitates arbitrary execution without the SmartScreen warning. Exceptions returned by SmartScreen during malformed signature parsing cause the zero-day, said 0patch co-founder Mitja Kolsek.
READ THE STORY: SCMAG
Google Chrome zero-day vulnerability
FROM THE MEDIA: Google released an emergency update for the Chrome desktop web browser last week. It was the seventh zero-day exploit patched by Google this year, as against 58 zero days for the whole of 2021. A 'zero-day' includes security vulnerability, exploit and attack and is a method hackers use to attack systems with a previously unidentified vulnerability. It refers to the fact that the vendor or developer has only just learned of the flaw – which means they have “zero days” to fix it.
READ THE STORY: TechCircle
Ritz cracker giant settles bust-up with insurer over $100m+ NotPetya cleanup
FROM THE MEDIA: Mondelez International has settled its lawsuit against Zurich American Insurance Company, which it brought because the insurer refused to cover the snack giant's $100-million-plus cleanup bill following the 2017 NotPetya outbreak. The years-long legal battle over the claim has been closely watched by cyber-insurance and legal experts. It has helped fuel an ongoing debate over what constitutes an act of war — which even in cyberspace could invalidate an insurance claim – and whether insurance companies should pay damages caused by network intrusions supported or organized by nation states.
READ THE STORY: The Register
Russian Forces Unprepared to Protect Against Drones, Lack Adequate Command and Control, Panel Says
FROM THE MEDIA: Attacks on Russia’s Black Sea fleet over the weekend are showing Moscow the vulnerability of its ships in port to new types of unmanned weapons, a Kremlin analyst at the CNA said Tuesday. Samuel Bendett said recent sea drone and unmanned aerial system swarm attacks have the potential to seize “the show going forward.” He added that buying commercial drones – particularly quadcopters for intelligence, surveillance and reconnaissance targeting for artillery and information operations – has been particularly useful in the war in Ukraine.
READ THE STORY: USNI
Items of interest
Candlelit dinners and grocery shopping in the dark: Life goes on for Ukrainians amid Russian-triggered power outages
FROM THE MEDIA: About 80% of people in Kyiv were left without water on Monday following a devastating barrage of Russian missile and drone strikes on Ukraine's energy infrastructure that left scores of people across the country without power as well. Government officials on Tuesday said water had been fully restored, but some 20,000 apartments in the Kyiv region remained in the dark — an increasingly common reality for many Ukrainians as Russia targets the country's energy and power sources in an effort to freeze the country out as autumn turns to winter.
READ THE STORY: INSIDER
Google, Facebook, Amazon - The rise of the mega-corporations (Video)
FROM THE MEDIA: Mega-corporations like Amazon and Facebook are becoming more powerful. And their growth shows no signs of slowing down. They are in the public eye -- but are they also above the law?
How ASML, TSMC And Intel Dominate The Chip Market (Video)
FROM THE MEDIA: CNBC Marathon got an exclusive look at how the world makes the now all important processing chips at ASML, TSMC and Intel.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com