Thursday, November 10, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Russia Vows To Defend 'Traditional Values' Against US And 'Gay Propaganda'
FROM THE MEDIA: Russia on Wednesday vowed to defend its "traditional" values against threats from the United States and "gay propaganda" in a document signed by President Vladimir Putin. The presidential decree, setting out official policy and entering force immediately, stresses the importance of "traditional values as the basis of Russian society". It warns that Moscow must take "urgent measures" to ward off threats including terror groups, "certain mass media" and "the United States and other unfriendly foreign countries". It also lists internal threats from "the activities of certain organizations and people on Russian soil".
READ THE STORY: Barrons
High-Severity Flaw Reported in Critical System Used in Oil and Gas Companies
FROM THE MEDIA: Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The vulnerability, tracked as CVE-2022-0902 (CVSS score: 8.1), is a path-traversal vulnerability in ABB Totalflow flow computers and remote controllers. "Attackers can exploit this flaw to gain root access on an ABB flow computer, read and write files, and remotely execute code," industrial security company Claroty said in a report shared with The Hacker News.
READ THE STORY: THN
15,000 sites hacked for massive Google SEO poisoning campaign
FROM THE MEDIA: Hackers are conducting a massive black hat search engine optimization (SEO) campaign by compromising almost 15,000 websites to redirect visitors to fake Q&A discussion forums. The attacks were first spotted by Sucuri, who says that each compromised site contains approximately 20,000 files used as part of the search engine spam campaign, with most of the sites being WordPress. The researchers believe the threat actors' goal is to generate enough indexed pages to increase the fake Q&A sites' authority and thus rank better in search engines.
READ THE STORY: Bleeping Computer
Iranian regime “doubling down” on media manipulation in response to recent protests, analysis shows
FROM THE MEDIA: The Iranian regime is “doubling down” on the manipulation of media in response to recent protests to create armed conflict between different ethnic groups, an expert has warned. Officials are using fake news and misinformation to portray the uprising as a separatist revolt, preying on the already-fragile tensions between Persian and non-Persian communities. The death of Jina “Mahsa” Amini on September 16 has sparked a sense of solidarity among the Iranian people against the regime and the Iranian Ministry of Intelligence and intelligence has ramped up its disinformation and fake news strategies in response, according to Dr Allan Hassaniyan, from the University of Exeter’s Institute of Arab and Islamic Studies.
READ THE STORY: Mirage News
North Korea attempted to hack, siphon funds from an Israeli company
FROM THE MEDIA: North Korea tried earlier this week to hack into the systems of an Israeli company that deals in the field of cryptocurrency and to siphon money that Pyongyang planned to use for its nuclear program, N12 reported on Monday. The hacking attempt was carried out by North Koreans posing as the company’s Japanese supplier. The intrusion attempt was quickly detected by personnel of the cyber-security company “Konfidas,” which managed to stop the hack. Authorities said that the attempt was professional and sophisticated and that unfamiliar cyber tools were used – something that caught the attention of relevant authorities in Israel. “These attacks don’t happen overnight.
READ THE STORY: OODALOOP
InterPlanetary File System Increasingly Weaponized for Phishing, Malware Delivery
FROM THE MEDIA: As has happened with other Web technologies designed for legitimate use, the InterPlanetary File System (IPFS) peer-to-peer network for storing and accessing content in a decentralized fashion has become a potent new weapon for cyberattacks. Researchers from Cisco Talos this week reported observing multiple malicious campaigns leveraging the IPFS to host phishing kits and malware payloads. For many attackers, the IPFS has become the equivalent of a bulletproof hosting provider that is mostly impervious to takedown efforts, Talos said.
READ THE STORY: DarkReading
Windows breaks under upgraded IceXLoader malware
FROM THE MEDIA: A malware loader deemed in June to be a "work in progress" is now fully functional and infecting thousands of Windows corporate and home PCs. IceXLoader version 3 was discovered in the summer by Fortinet's FortiGuard Labs, which wrote that the malware's features were incomplete and it appeared to have been ported to the Nim programming language. However, researchers with Minerva Labs on Tuesday reported that they had detected a newer iteration of IceXLoader – version 3.3.3 – complete with a multi-stage delivery chain for nasty code.
READ THE STORY: The Register
Maple Leaf employs “workaround” plans to “comprehensive” cyberattack
FROM THE MEDIA: Maple Leaf Foods has described the weekend cyberattack as “comprehensive” as the Canadian protein business enacts “workaround” contingencies. Following the system outages the company reported on Sunday (6 November) “linked to a cybersecurity incident”, executives were pressed on a third-quarter results call with analysts on Tuesday for more information on the impact on the business. “There are some functions affected more than others of which I won’t get into the granularity of that, but it is comprehensive,” CEO Michael McCain responded when asked if payrolls and accounts systems, for example, were also hit.
READ THE STORY: JF
Naughty Twitter fingers
FROM THE MEDIA: The BBC’s recent three-part show on Elon Musk, tirelessly narrated in the sultry style of an M&S advert for a facetious, cannabis-seasoned gammon joint, veers into puff-piece territory way too often to be taken seriously, with ex-wife Talulah Riley quaintly describing the destructive social media output of the purported genius as a product of “naughty Twitter fingers”. A fourth part to that series might have depicted how the oversized tyke’s bloviation on free speech led to his legal obligation to buy the platform, where he now wants to charge all verified users £7 a month to retain blue-tick status: no doubt a contingency plan to supplant the sponsors ahead of Twitter’s putrefaction into a spammy Milo Yiannopoulos house of mirrors.
READ THE STORY: ComputerWeekly
50K Bitcoin from the Silk Road Hack Found and Seized by U.S. Authorities
FROM THE MEDIA: The U.S. Department of Justice (DoJ) announced on Monday, October 7, 2022, the seizure of 50,676 Bitcoin stolen in the hack of the no-longer-existent Silk Road dark web marketplace. The cryptocurrency stolen in 2012 was valued at $3.36 billion at the moment of discovery and now is worth $1.04 billion. This seizure was then the largest in the history of the DoJ at that date, and it still remains the Department’s second-largest financial seizure ever, after $3.6 billion worth of bitcoin was confiscated this February related to the 2016 Bitfinex breach.
READ THE STORY: Heimdal
“All Quiet on The Western Front”…
FROM THE MEDIA: Erich Maria Remarque(opens in a new tab)’s 1929 anti-war novel Im Westen nichts Neues(opens in a new tab) – translated ‘Nothing new in the West’ and known to English-language audiences under the title, ‘All quiet on the Western Front’ – is a symbol of the endless and meaningless suffering associated with World War I. Several film versions have been made over decades, including a new 2022 interpretation(opens in a new tab). The title also expresses stagnation with no solution in sight. War continues every day. Attrition grinds away lives and resources.
READ THE STORY: EU vs DiSiNFO
North Korea slams US cyber drills as ploy for ‘hegemony’ through cybersecurity
FROM THE MEDIA: North Korea has slammed recent U.S.-led cyber exercises that featured South Korean operators, accusing Washington of seeking “world hegemony” through the drills. The statement against the Cyber Flag 23 exercises published by the DPRK’s foreign ministry on Wednesday comes as the country’s hackers have reportedly stolen hundreds of millions of dollars through cyber crime this year. “The reality clearly proves that cyberspace, the common asset of mankind, is being reduced to a site of acute confrontation due to the U.S. policy of seeking hegemony and bloc-forming,” according to the statement attributed to Kim Kuk Myong, a member of North Korea’s Association for Countermeasures against International Cybercrimes.
READ THE STORY: NKNEWS
Medibank warns customers their data was leaked by ransomware gang
FROM THE MEDIA: Australian health insurance giant Medibank has warned customers that the ransomware group behind last month's breach has started to leak data stolen from its systems. The attackers, linked to the REvil cybercrime gang, have leaked a wide range of information so far, including Medibank customers' private and health data and, according to WhatsApp screenshots, negotiation chats with the health insurer's security operations team and CEO David Koczar.
READ THE STORY: Bleeping Computer
A new FOIA search tool is under development, while forthcoming shared business standards aim to streamline case management systems
FROM THE MEDIA: The project is meant to help people locate any information that is already public, and in the case that a FOIA request is still needed, help them make better requests, said Bobak Talebian, director of the DOJ’s Office of Information Policy, during the Chief FOIA Officers Council meeting on Nov. 3. “The overall goal here will be that it will provide a much more cohesive, user-friendly experience to the public on the front end of FOIA.gov by helping them find information that's already out there,” said Talebian, who added that the hope is for less misdirected requests sent to the wrong agency and more targeted requests.
READ THE STORY: FCW
New hacking group uses custom 'Symatic' Cobalt Strike loaders
FROM THE MEDIA: A previously unknown Chinese APT (advanced persistent threat) hacking group dubbed 'Earth Longzhi' targets organizations in East Asia, Southeast Asia, and Ukraine. The threat actors have been active since at least 2020, using custom versions of Cobalt Strike loaders to plant persistent backdoors on victims' systems.e.”
READ THE STORY: Bleeping Computer
The Force Multiplier of Correlating Your Security Telemetry
FROM THE MEDIA: Consider this situation: A man talks on the phone with a known bank robber. He then rents a building next to a bank. Next, he buys duct tape and ski masks. Any one of these actions could be a red flag alerting police to a potential robbery. But together, they tell a more complete story of a crime in the making. Similarly, in cybersecurity, any single suspicious activity is worth investigating. But the ability to correlate seemingly unrelated activities across multiple sources can make the difference between finding a suspicious activity and uncovering a full-scale breach.
READ THE STORY: Crowdstrike
Why Telegram Is Essential to Open Source Investigations
FROM THE MEDIA: While most Telegram data is benign in nature, some of it is not. Various groups—from mercenaries fighting in the war in Ukraine to fraudsters attempting to cash out a check—use the platform to communicate, transact, organize, and disseminate information, some of which may be relevant to an organization’s risk profile. As a result, the instant messaging, voice, and video messaging service has become an increasingly popular—and often essential—source of information that can be used for open-source investigations that uncover a variety of cyber and physical threats that organizations in the public and private sectors should be actively monitoring in order to protect their assets.
READ THE STORY: Security Boulevard
New StrelaStealer malware steals your Outlook, Thunderbird accounts
FROM THE MEDIA: A new information-stealing malware named 'StrelaStealer' is actively stealing email account credentials from Outlook and Thunderbird, two widely used email clients. This behavior deviates from most info-stealers, which attempt to steal data from various data sources, including browsers, cryptocurrency wallet apps, cloud gaming apps, the clipboard, etc. The previously unknown malware was discovered by analysts at DCSO CyTec, who report that they first saw it in the wild in early November 2022, targeting Spanish-speaking users.
READ THE STORY: Bleeping Computer
Paving the Way for Satellite Quantum Communications
FROM THE MEDIA: Few things have captured the scientific imagination quite like the vastness of space and the promise of quantum technology. Micius—the Chinese Academy of Science’s quantum communications satellite launched in 2016—has connected these two inspiring domains, producing a string of exciting first demonstrations in quantum space communications. Reviewing the efforts leading up to the satellite launch and the major outcomes of the mission, Jian-Wei Pan and colleagues at the University of Science and Technology of China provide a perspective on what the future of quantum space communications may look like.
READ THE STORY: Physics
Risks that third-party vendors pose to outsourcing banks
FROM THE MEDIA: The banking and financial sector is known for its dependence on third-party vendors that help provide customers with quality financial products and services. It is one of the most interconnected sectors, making it one of the most vulnerable to cyberattacks. And because third parties operate through the banks they are contracted with, any losses are the bank's responsibility. The interconnectivity and shared data of embedded finance enable banks to provide more effective solutions and better financial products. But because numerous systems and processes are intertwined across networks and organizations, there are many avenues for attackers to wreak havoc on banks and their customers.
READ THE STORY: Cyber Security Insiders
Microsoft Patches ProxyNotShell Exchange Vulnerabilities
FROM THE MEDIA: Microsoft patched a pair of Exchange zero-days publicly disclosed in late September and known to have been exploited in the wild by a threat actor with indicators of Chinese origin. The first flaw is a server-side request forgery vulnerability that allows attackers access to back-end servers that they would not have otherwise. The second flaw allows remote code execution when Remote PowerShell is activated. Attackers can exploit the first flaw to trigger the second. They are, respectively, CVE-2022-41040 and CVE-2022-41082 and together are known as ProxyNotShell for their similarity to a trio of 2021 Exchange vulnerabilities together known as ProxyShell.
READ THE STORY: GovInfoSec
Cloud9 Malware Offers a Paradise of Cyberattack Methods
FROM THE MEDIA: A malicious browser extension that works on both Google Chrome and Microsoft Edge allows attackers to remotely take over someone's browser session and carry out a full range of attacks. It's built to steal cookies and other info, mine cryptocurrency, install malware, or take over the entire device for use in a distributed denial-of-service (DDoS) attack — among other things.
READ THE STORY: DarkReading
Malicious Package on PyPI Hides Behind Image Files, Spreads Via GitHub
FROM THE MEDIA: A new malicious package has been found on the Python Package Index (PyPI) repository that could hide code in images with a steganographic technique and infect users through open-source projects on Github. The discovery has been made by Check Point Research (CPR), who shared it with Infosecurity earlier today. “The malicious package we detected is named ‘apicolor.’ At first glance, it seemed like one of the many in-development packages on PyPI,” reads the advisory. “After taking a deeper look into the package installation script, researchers noticed a strange, non-trivial code section at the beginning.”
READ THE STORY: InfoSecMag
Researchers show techniques for malware persistence on F5 and Citrix load balancers
FROM THE MEDIA: Over the past several years, hackers have targeted public-facing network devices such as routers, VPN concentrators, and load balancers to gain a foothold into corporate networks. While finding remote code execution vulnerabilities in such devices is not uncommon, incidents where attackers were able to deploy malware on them that can survive restarts or firmware upgrades have been rare and generally attributed with sophisticated APT groups.
READ THE STORY: CSO
TransUnion LLC Confirms Recent Data Breach with State Attorney General’s Office
FROM THE MEDIA: On November 7, 2022, TransUnion LLC reported a data breach with the Massachusetts Attorney General after information in the company’s possession was subject to unauthorized access. According to TransUnion, the breach resulted in the names, Social Security numbers, financial account numbers and driver’s license numbers being compromised.
READ THE STORY: JDSUPRA
FTX Website Experiences Temporary Outage, Warns Users Not to Make Deposits
FROM THE MEDIA: Cash-strapped crypto exchange FTX has added a new warning to customers in the form of a bright red banner on its FTX.com website Wednesday, warning customers the exchange has halted withdrawals. "FTX is currently unable to process withdrawals. We strongly advise against depositing," the message reads. The message appeared after a temporary website outage on Wednesday afternoon. The website resumed functioning within several minutes, but was back down again at the time of publishing.
READ THE STORY: CoinDesk
(UK) Failing IT infrastructure is undermining safe health care in the National Health Service
FROM THE MEDIA: In an article published in The BMJ, Joe Zhang at Imperial College London and colleagues point to a recent 10 day IT system outage at one of the largest hospital trusts in the UK's National Health Service (NHS) and warn that increasing digital transformation "means such failures are no longer mere inconvenience but fundamentally affect our ability to deliver safe and effective care."
READ THE STORY: Medical Xpress
Joe Biden says Elon Musk security concerns ‘worthy of being looked at’
FROM THE MEDIA: Joe Biden said Elon Musk’s links to foreign countries are “worthy of being looked at”, in response to a question about whether Washington had national security concerns around the world’s richest man. “I think that Elon Musk’s co-operation and/or technical relationships with other countries is worthy of being looked at,” Biden told reporters on Wednesday, without elaborating on further details. The US president added he was not “suggesting . . . whether or not [Musk] is doing anything
READ THE STORY: FT
Could a Digital Red Cross Protect Hospitals From Ransomware?
FROM THE MEDIA: The internationally recognized Red Cross symbol has marked people and facilities off limits to attack across a century of wars, but security experts are skeptical about a recent proposal to create a digital Red Cross marker to protect healthcare and humanitarian groups from cyberattacks. The reason? You can't trust cybercriminals. In a report released Thursday. the International Committee of the Red Cross proposed applying a digital Red Cross marker to websites, systems and endpoints used for medical and humanitarian purposes.
READ THE STORY: BankInfoSec
Spyware Scandals Prompt Calls for Further Bans in Europe
FROM THE MEDIA: A Europe-wide moratorium on surveillance software such as NSO Group’s Pegasus and similar products is needed to clamp down on abuses, according to a draft report from European Union lawmakers published Tuesday. The report was authored by Sophie in ‘t Veld, a Dutch member of the European Parliament, who chairs a special committee that has been investigating the use of spyware in the 27 EU countries.
READ THE STORY: WSJ
Google Project Zero researchers reported that a surveillance vendor is using three Samsung phone zero-day exploits
FROM THE MEDIA: Google Project Zero disclosed three Samsung phone vulnerabilities, tracked as CVE-2021-25337, CVE-2021-25369 and CVE-2021-25370, that have been exploited by a surveillance company. This in-the-wild exploit chain is a great example of different attack surfaces and “shape” than many of the Android exploits we’ve seen in the past. All three vulnerabilities in this chain were in the manufacturer’s custom components rather than in the AOSP platform or the Linux kernel.” reads the advisory published by Google Project Zero. “It’s also interesting to note that 2 out of the 3 vulnerabilities were logic and design vulnerabilities rather than memory safety.”
READ THE STORY: SecurityAffairs
Russia Carrying Out Cyber Attacks On Ukraine's Energy Facilities For Maximum Blackout - SSU
FROM THE MEDIA: Russia carries out numerous cyber attacks on Ukraine's energy facilities to cause a maximum "blackout." This was told by the head of the Cybersecurity Department of the SSU Illia Vitiuk. So, the SSU constantly blocks Russian cyber attacks on energy facilities. "The latest shelling of TPPs and CHPPs was also accompanied by cyber attacks. The SSU expected such a scenario, so none of them was effective," Vitiuk said. According to the Security Service, on average, Russia carries out 10 cyber attacks on Ukraine per day. Its main goals are energy, infrastructure and logistics.
READ THE STORY: UKRANEWS
Lenovo fixes flaws that can be used to disable UEFI Secure Boot
FROM THE MEDIA: Lenovo has fixed two high-severity vulnerabilities impacting various ThinkBook, IdeaPad, and Yoga laptop models that could allow an attacker to deactivate UEFI Secure Boot. UEFI Secure Boot is a verification system that ensures no malicious code can be loaded and executed during the computer boot process. The consequences of running unsigned, malicious code before OS boot are significant, as threat actors can bypass all security protections to plant malware that persists between OS reinstallations.
READ THE STORY: Bleeping Computer
Russia’s Aggression Justifies Western Cyber Intervention
FROM THE MEDIA: Russia’s hostile and genocidal acts are so serious that it can no longer claim to possess cyber sovereignty. It is now open to intrusive covert evidence-gathering. This is a fast-changing security environment and nothing is changing faster than cyber. That has a domino effect across our traditional understanding of how and when to intervene if a country or entity behaves with such reckless disregard for international norms that it opens itself to remedial action by states upholding the global legal order.
READ THE STORY: CEPA
Items of interest
The Hacker Mind Podcast: Hacking High-Tech Cars
FROM THE MEDIA: Sometimes complex technology doesn’t necessarily raise the barrier for entry for cyber criminals. Sometimes, as with our cars, it does the exact opposite. One of the unintended consequences of convenience is complexity. In order to make things easier to connect to more things, we must introduce complexity. There is no easy way around it. For example, a simple system that has only an on off switch. That’s not too convenient, right? Think of a mobile phone with just an on and off switch. If there were no volume control all the mobile phones today would ring at the same tone at the same decimal level. And there’d be no way to set the phone to vibrate during a meeting except by powering it off.
READ THE STORY: Security Boulevard
Tracking stolen cars: How they could end up in West Africa (Video)
FROM THE MEDIA: The original broadcast of this story on April 28, 2022 showed a brief visual of Banix Motors, a car dealership in Lagos, Nigeria. The visual was inadvertently used in a segment that discusses how some stolen vehicles from Canada are being resold overseas.
Where Do All The Stolen Cars Go? (Video)
FROM THE MEDIA: Where Do All The Stolen Cars Go?
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com