Daily Drop (306)
11-7-22
Monday, November 07, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Cyber experts warn of Twitter misinformation risk on eve of US election
FROM THE MEDIA: Critics had already raised concerns about Musk’s plans to loosen content moderation at his newly acquired social media site when he began implementing a plan to sack half of Twitter’s 7,500-strong workforce, including members of the “trust and safety” team. Then on Saturday, Twitter said in updates to its app on the Apple App Store that it was launching a new subscription service in some jurisdictions including the US and UK, charging users $7.99 a month for a product that would include “Blue Tick” verifications. “Trash me all day, but it’ll cost $8,” Musk posted on Twitter from his own verified account.
READ THE STORY: FT
Ukraine's 'IT army' has conducted 8,000 cyberattacks against Russia
FROM THE MEDIA: Ukraine's so-called IT army has executed cyberattacks on around 8,000 Russian resources, successfully targeting the defense industry and countering disinformation campaigns by state-sponsored outlets, according to Ukraine's deputy minister of digital transformation. Stressing the importance of strengthening joint efforts to stop fake news, Georgii Dubynskyi told Kyodo News in a recent online interview that "Information war, specifically in cyberspace, is a new dimension of this warfare and very, very dangerous."
READ THE STORY: The Mainichi
Russia Reactivates Its Trolls and Bots Ahead of Tuesday's Midterms
FROM THE MEDIA: The user on Gab who identifies as Nora Berka resurfaced in August after a yearlong silence on the social media platform, reposting a handful of messages with sharply conservative political themes before writing a stream of original vitriol. The posts mostly denigrated President Joe Biden and other prominent Democrats, sometimes obscenely. They also lamented the use of taxpayer dollars to support Ukraine in its war against invading Russian forces, depicting Ukraine’s president as a caricature straight out of Russian propaganda. The fusion of political concerns was no coincidence.
READ THE STORY: Yahoo News
War is worsening the spy threat from Russia
FROM THE MEDIA: Westminster is abuzz with stories of hacked phones. Liz Truss as foreign secretary was one victim, the then-chancellor Philip Hammond another. But a much bigger drama is playing out in the world of human intelligence, with three spectacular spy busts in five months. The most recent is in Norway, where the authorities have arrested a researcher at the University of Tromso. He boasted Canadian academic credentials and a Brazilian passport in the name of José Assis Giammaria. Colleagues found him shy. Prosecutors say he was a spy, which he denies.
READ THE STORY: The Times
Ukraine Called the First 'Broadband War'
FROM THE MEDIA: One of the Ukrainian government’s first actions as Russian forces gathered on its borders was to do away with bureaucratic rules on what could be stored in the cloud. Servers are targets, and if the country was overrun, essential data could have been lost. Next, Elon Musk assured connectivity to the outside world by donating thousands of terminals connecting to SpaceX’s Starlink space-based broadband system, ensuring Russia couldn’t cut Ukraine’s internet off from the world.
“He’s a real hero in all this,” Schmidt said, although he noted there were other U.S. and U.K. companies that stepped in to assure Ukraine kept its connectivity.
READ THE STORY: National Defense
Israel water sector not ready for Iran cyberattack - ex-IDF intel official
FROM THE MEDIA: If Iran succeeds in hacking either the US or Israel’s water sector, then the writing was on the wall, an ex-IDF intelligence official warned in an interview. Ariel Stern, a former Israeli Air Force captain and the CEO and co-founder of Ayyeka, a global IoT solutions provider for critical infrastructure, issued his warning following a hack of England’s water sector exposing around 1.6 million people to danger in August, and as Russia continues to hack Ukraine’s infrastructure.
READ THE STORY: JPOST
Geo-politics plays major role in cyber attacks
FROM THE MEDIA: The ongoing Russia-Ukraine conflict has resulted in an increase in hacktivist activity in the past year, with state-sponsored threat actors targeting 128 governmental organizations in 42 countries that support Ukraine, according to the European Union Agency for Cybersecurity (ENISA). In addition, some threat actors targeted Ukrainian and Russian entities during the early days of the conflict, likely for the collection of intelligence, according to the 10th edition of the ENISA threat landscape report.
READ THE STORY: Reseller News
Time to rethink how to fix software supply chain vulnerabilities
FROM THE MEDIA: As 2021 drew to a close, many IT teams were in for a rude surprise just before they headed into their year-end holidays. The Log4Shell vulnerability that hit countless servers across the globe would need urgent remediation, so the experts had their leave frozen and returned to find where to place the band aid. A year later now, many are still trying to make sure the vulnerability, which affects Java enterprise applications used in so much of today’s modern IT infrastructure, is not lurking somewhere in their systems, ready to spring another surprise this holiday season.
READ THE STORY: Security Brief Asia
Lockbit Ransomware Attacks German MNC, Threatens to Leak All Data
FROM THE MEDIA: The LockBit ransomware gang has taken responsibility for a cyberattack against the German MNC automotive group continental. LockBit also stole some data from Continental’s systems, and they are blackmailing to leak it on their data leak site if the company doesn’t agree with their demands within the next 22 hours. The gang hadn’t disclosed any info on what info was extracted from Continental’s network or when the compromise happened. Ransomware gangs usually post data on their leak websites as a strategy to frighten their targets into settling a deal or into getting back to the negotiation table.
READ THE STORY: IT Security News
APT-36 Hackers Using New Hacking Tools & TTPs To Attack Indian Government Orgs
FROM THE MEDIA: The cybersecurity analysts at Zscaler ThreatLabz have recently detected a new malicious version of a multi-factor-authentication (MFA) solution, known as Kavach, which has been exploited by the threat actors of Transparent Tribe (aka APT-36, C-Major, and Mythic Leopard) actively to target the Indian government agencies. To distribute the malicious versions of Kavach MFA apps, the threat actors at Transparent Tribe ran multiple malvertising campaigns by exploiting Google advertisements.
READ THE STORY: GBHACKERS
Robin Banks Phishing Service for Cybercriminals Returns with Russian Server
FROM THE MEDIA: A phishing-as-a-service (PhaaS) platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations," according to a report from cybersecurity company IronNet. Robin Banks was first documented in July 2022 when the platform's abilities to offer ready-made phishing kits to criminal actors were revealed, making it possible to steal the financial information of customers of popular banks and other online services.
READ THE STORY: THN
Ukraine looks to technology to help rebuild its economy amid Russia’s onslaught
FROM THE MEDIA: As the war in Ukraine rages on, the country’s technology entrepreneurs are trying to stay positive. “I don’t think there’s something in the world that could kill our ability to win and ability to do work or anything,” Valery Krasovsky, CEO and co-founder of Sigma Software, told CNBC on the sidelines of the Web Summit tech conference in Lisbon. Sigma, which has 2,000 employees based in Ukraine, equipped its offices with diesel generators and Starlink internet terminals to allow employees to continue working amid Russian shelling of critical energy infrastructure.
READ THE STORY: CNBC
China is likely stockpiling and deploying vulnerabilities, says Microsoft
FROM THE MEDIA: Microsoft has asserted that China's offensive cyber capabilities have improved, thanks to a law that has allowed Beijing to create an arsenal of unreported software vulnerabilities. China's 2021 law required organizations to report security vulnerabilities to local authorities before disclosing them to any other entity. The rules mean Beijing can use local research to hoard vulnerability information. A year later, researchers from the Atlantic Council found there was a decrease in reported vulnerabilities coming from China – and an increase in anonymous reports.
READ THE STORY: The Register
Abusing Microsoft Dynamics 365 Customer Voice in phishing attacks
FROM THE MEDIA: Researchers from cybersecurity firm Avanan, uncovered a campaign abusing Microsoft Dynamics 365 customer voice to steal credentials from the victims. The experts reported hundreds of these attacks in the last few weeks. The emails comes from the survey feature in Dynamics 365, the senders’ address includes “Forms Pro,” which is the old name of the survey feature. The message informs the recipient that a new voicemail has been received. Upon clicking on the Play Voicemail button, the recipient is redirected to a phishing link that points to a page that clones the Microsoft login page.
READ THE STORY: Security Affairs
Russian Cyberwar targeted 42 countries that support Ukraine
FROM THE MEDIA: Russian war with Ukraine seems to be never ending and news is now out that state sponsored threat actors have targeted about 42 countries and 128 government agencies so far that were supporting Kyiv with essentials, ammunition and finances. United States along with the UK are urging Zelensky to conduct a dialog with Putin for peace, as they seem to be vexed with the threatening demands of the Volodymyr Zelenskyy to support his nation with $1 billion funding all throughout this year, at any cost.
READ THE STORY: CyberSecurityInsider
NIST on tap to improve cybersecurity of water systems
FROM THE MEDIA: The National Institute of Standards and Technology is seeking public input on a new project aiming to develop a cybersecurity reference architecture for the water and wastewater systems sector. The National Cybersecurity Center of Excellence is leading the effort in collaboration with technology providers, the water and wastewater sectors and other stakeholders, and plans to publish a NIST SP 1800 series practice guide as a result of the project, according to an announcement published last week. The announcement comes as the federal government ramps up efforts to secure the nation's complex water systems infrastructure, which contains an estimated 152,000 publicly owned water systems and nearly 16,000 publicly owned treatment systems.
READ THE STORY: FCW
Kaspersky finds types of Trojans targeting employee devices in PH
FROM THE MEDIA: Cybersecurity solutions company Kaspersky found that there are at least five types of malicious software (malware), in the form of a Trojan, targeting devices of employees in Southeast Asia (SEA), including the Philippines. Trojan, as the name implies, disguises itself as legitimate files and then infects the devices and networks when it successfully penetrates the devices. Remote and hybrid work setup made mobile devices more vulnerable to attacks because of unsecured home networks and public Wi-Fi employees used.
READ THE STORY: Backend News
Greek PM Mitsotakis used intelligence services to spy on dozens of people
FROM THE MEDIA: Greek Prime Minister Kyriakos Mitsotakis used intelligence agencies to spy on dozens of people, including potential political opponents, ministers, journalists and prominent businessmen, the Documento newspaper reported. According to the newspaper, Mitsotakis list includes the names of 33 people who were wiretapped under the pretext of national security. No one would believe that some private individuals would decide to wiretap the former prime minister, government ministers and the Minister of Citizens' Protection himself, violating all notions of state security, the newspaper writes and holds Mitsotakis fully responsible.
READ THE STORY: News.AM
Breached health insurer won't pay ransom to protect customers, warns of more attacks
FROM THE MEDIA: Australian health insurer Medibank – which spent October discovering a security incident was worse than it first thought – has announced it will not pay a ransom to attackers that made off with personal info describing nearly ten million customers. "Based on the extensive advice we have received from cyber crime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers' data and prevent it from being published," CEO David Koczkar stated in a stock market filing published on Monday.
READ THE STORY: The Register
Russian-occupied Kherson loses power after alleged ‘sabotage’
FROM THE MEDIA: The Russian-installed administration in Ukraine’s Kherson region has said that Kherson city lost water and power supplies after what it called an act of “sabotage”. In a statement on Telegram, the Russian-installed administration of Kherson said a “terrorist attack” damaged three power lines in the region. It said that the attack had been carried out by Ukraine, though it provided no evidence. The outages are a “result of an attack organized by the Ukrainian side on the Berislav-Kakhovka highway that saw three concrete poles of high-voltage power lines damaged,” it said.
READ THE STORY: Aljazeera // The Korea Times // Lithgow Mercury
Elon Musk bans impersonation without parody label on Twitter raising questions about free speech commitment
FROM THE MEDIA: After several celebrity and blue-check verified Twitter users changed their accounts to mimic the social network’s new owner Elon Musk, he called for a swift change to policy enforcement. Musk wrote on Sunday that, moving forward, Twitter will now permanently suspend impersonators’ accounts without warning if they are not clearly labeled as parody. In a series of tweets on Sunday, the Tesla, SpaceX and now Twitter CEO seemed to change his mind on permanent bans.
READ THE STORY: CNBC
Hacking gang targeted Qatar World Cup critics
FROM THE MEDIA: An India-based computer hacking gang targeted critics of the Qatar World Cup, an investigation by British journalists said on Sunday, as the Qatari government furiously denied it had played any part in commissioning the eavesdropping. A database leaked to Britain's Sunday Times and the Bureau of Investigative Journalism revealed the hacking of a dozen lawyers, journalists and famous people from 2019 "commissioned by one particular client", the newspaper and the bureau said in a statement.
READ THE STORY: Yahoo News
Hacking gang targeted Qatar World Cup critics
FROM THE MEDIA: An India-based computer hacking gang targeted critics of the Qatar World Cup, an investigation by British journalists said on Sunday, as the Qatari government furiously denied it had played any part in commissioning the eavesdropping. A database leaked to Britain's Sunday Times and the Bureau of Investigative Journalism revealed the hacking of a dozen lawyers, journalists and famous people from 2019 "commissioned by one particular client", the newspaper and the bureau said in a statement.
READ THE STORY: Yahoo News
Apple warns of slow iPhone 14 Pro shipments as COVID hurts production in China
FROM THE MEDIA: Apple has warned that a COVID outbreak in Zhengzhou, China, has impacted production of the iPhone 14 and will mean customers wait longer than anticipated to get their hands on the device. "COVID-19 restrictions have temporarily impacted the primary iPhone 14 Pro and iPhone 14 Pro Max assembly facility located in Zhengzhou, China," reads a statement issued on Sunday November 6. "The facility is currently operating at significantly reduced capacity." The facility Apple mentioned is operated by Taiwanese company Foxconn, which last week encouraged staff to remain on-site with assurances of regular COVID testing and three meals a day.
READ THE STORY: The Register
Red Cross seeks digital equivalent of its emblems to mark some tech as off-limits in war
FROM THE MEDIA: The International Committee of the Red Cross (ICRC) wants to devise a digital equivalent of its emblems (the red cross and red crescent), to signify that certain digital resources are protected and must not be targeted during cyberwarfare. "For more than 150 years, protective emblems like the red cross have been used to convey a simple message: In times of armed conflict, those who wear the red cross or facilities and objects marked with [it] must be protected from harm," the organization wrote last week, adding "The obligation of all warring parties to respect and protect medical and humanitarian actors applies online as well."
READ THE STORY: The Register
Items of interest
The Have I Been Pwned API Now Has Different Rate Limits and Annual Billing
FROM THE MEDIA: A couple of weeks ago I wrote about some big changes afoot for Have I Been Pwned (HIBP), namely the introduction of annual billing and new rate limits. Today, it's finally here! These are two of the most eagerly awaited, most requested features on HIBP's UserVoice so it's great to see them finally knocked off after years of waiting. In implementing all this, there are changes to the existing "one size fits all" model so if you're using the HIBP API, please make sure you read this carefully and understand the impact (if any) on you.
READ THE STORY: Troy Hunt
Trafficking Data (Video)
FROM THE MEDIA: What is China’s role in the vast technology space and how does it affect U.S.-China relations? Law and policy experts gather to discuss Miller Center Professor Aynne Kokas’s new book, Trafficking Data: How China Is Winning the Battle for Digital Sovereignty.
Data Challenges Impacting Human Trafficking Research and Development (Video)
FROM THE MEDIA: The purpose of this hearing is to discuss scientific research and technology development to counter human trafficking in the United States, including trafficking for forced labor and sexual exploitation.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com