Saturday, November 12, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Sandworm is back in Russia's hybrid war
FROM THE MEDIA: As Russian forces complete their withdrawal from the southern Ukrainian city of Kherson (a major strategic defeat for Moscow), a familiar GRU cyber unit makes its presence felt in the war. Researchers at Microsoft report that Sandworm, the GRU threat actor the company tracks as Iridium, has deployed a new strain of ransomware, "Prestige," against targets in Poland and Ukraine. Prestige announced itself in a series of coordinated attacks against targets in the transportation and related logistics sectors.
READ THE STORY: The Cyberwire
How civilian satellites could decide the future of war and peace
FROM THE MEDIA: Of the 7,000 active satellites circling the globe, only a few hundred are military installations whose secret information is closely guarded. The vast majority are civilian and the argument is growing that they will be increasingly relevant in winning wars as broadband becomes critical to future conflicts. The adaptation of commercial satellites by Ukraine has not only been pivotal in fighting Russia, but has also demonstrated to a broader audience that domination in space is as important as it is on Earth.
READ THE STORY: WEEKEND
Computer chip ban signals new era as Biden and Xi meet
FROM THE MEDIA: The Biden administration’s move to block exports of advanced computer chips to China is signaling a new phase in relations between the globe’s two largest economies — one in which trade matters less than an increasingly heated competition to be the world’s leading technological and military power. The aggressive move, announced last month, will help set the tone for President Joe Biden’s upcoming meeting with Chinese President Xi Jinping on Monday on the sidelines of the Group of 20 summit in Asia. It’s evidence of Biden’s determination to “manage” the U.S. competition with China, whose officials were quick to condemn the export ban.
READ THE STORY: WDIO
Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware
FROM THE MEDIA: Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information. The campaigns involved a new piece of malware called BadBazaar and new variants of the MOONSHINE surveillance software discovered by Citizen Lab in 2019 and employed in attacks against Tibetan activists.
READ THE STORY: Security Affairs
An initial access broker claims to have hacked Deutsche Bank and is offering access to its systems for sale on Telegram
FROM THE MEDIA: A threat actor (0x_dump) claims to have hacked the multinational investment bank Deutsche Bank and is offering access to its network for sale online. The security researcher Dominic Alvieri was one of the first experts to report the announcement published by the initial access broker on Telegram. The IAB claims to have access to around 21000 machines in the bank’s network, most of which are Windows systems. It also claims that the compromised machines were protected with a Symantec EDR solution.
READ THE STORY: Security Affairs
World Cup apps pose a data security and privacy nightmare
FROM THE MEDIA: With mandated spyware downloads to tens of thousands of surveillance cameras equipped with facial-recognition technology, the World Cup in Qatar next month is looking more like a data security and privacy nightmare than a celebration of the beautiful game. Football fans and others visiting Qatar must download two apps: Ehteraz, a Covid-19 tracker, and Hayya, which allows ticket holders entry into the stadiums and access to free metro and bus transportation services.
READ THE STORY: The Register
Cybergangs likely to scale up attacks as AFP names home country of attacks
FROM THE MEDIA: A joint partnership between the AFP and foreign signals intelligence agency will work to bring down Russian cybercriminals responsible for the Medibank hack. Home Affairs Minister Clare O’Neill addressed reporters on Saturday to warn the “Russian thugs” behind the Medibank attack that they should “watch out”. “The smartest and toughest people in our country are going to hack the hackers,” she said. A group of cyber criminals based in Russia were identified as the likely culprits behind the Medibank hack this week, according to newly released intelligence from AFP Commissioner Reece Kershaw.
READ THE STORY: news.com.au
GitHub Adds New Security Features for Open Source Community
FROM THE MEDIA: GitHub has announced new features that could improve both developers’ experience and supply chain security. The “private vulnerability” reports announced at GitHub Universe 2022 will allow open-source maintainers to receive private issues from the community. Maintainers will be able to receive reports and collaborate with security professionals and all other issuers to patch vulnerabilities.
READ THE STORY: eSecurityPlanet
Ransomware Gangs Shift Tactics, Making Crimes Harder to Track
FROM THE MEDIA: Ransomware gangs increasingly use their own or stolen computer code, moving away from a leasing model that made their activities easier to monitor, new research shows. Numerous prominent hacking groups in recent years have functioned by leasing their malicious software and computing infrastructure to other bad actors, in what’s known as ransomware-as-a-service. That model, which experts say turbocharged the number of ransomware attacks, was offered by infamous groups such as Conti, which shuttered Irish health systems, and REvil, deemed responsible for a 2021 intrusion at the IT management firm Kaseya Ltd.
READ THE STORY: Bloomberg
Canadian food retail giant Sobeys hit by Black Basta ransomware
FROM THE MEDIA: Grocery stores and pharmacies belonging to Canadian food retail giant Sobeys have been experiencing IT systems issues since last weekend. Sobeys is one of two national grocery retailers in Canada, with 134,000 employees servicing a network of 1,500 stores in all ten provinces under multiple retail banners, including Sobeys, Safeway, IGA, Foodland, FreshCo, Thrifty Foods, and Lawtons Drugs.
READ THE STORY: Bleeping Computer
Twitter CISO flies the coop
FROM THE MEDIA: Troubled social media giant Twitter has lost the services of its chief information security officer to cap off another chaotic week following its acquisition by Elon Musk. Lea Kissner used their former employer’s platform to post: “I've made the hard decision to leave Twitter. I've had the opportunity to work with amazing people and I'm so proud of the privacy, security, and IT teams and the work we've done.” They later posted, “I've loved this job and we got *so* much done, but here we are.”
READ THE STORY: The Register
DDoS attack disrupts Mississippi election websites
FROM THE MEDIA: Numerous Mississippi election websites have been disrupted by a distributed denial-of-service attack claimed by a pro-Russian hacktivist group during Tuesday's midterm polls, reports The Record, a news site by cybersecurity firm Recorded Future. Mitigations are already being worked on by state officials, noted a Cybersecurity and Information Security Agency official. Despite being aware of the claims of the hacktivist group on the intrusion, the DDoS attack has not been attributed to a specific threat actor.
READ THE STORY: SCMAG
Knock, Knock: Aiphone Bug Allows Cyberattackers to Literally Open (Physical) Doors
FROM THE MEDIA: A vulnerability in a series of popular digital door-entry systems offered by Aiphone can enable hackers to breach the entry systems — simply by utilizing a mobile device and a near-field communication, or NFC, tag. The devices in question (GT-DMB-N, GT-DMB-LVN, and GT-DB-VN) are used by high-profile customers, including the White House and the United Kingdom's Houses of Parliament. The vulnerability was discovered by a researcher with the Norwegian security firm Promon, who also found there is no limit to the number of times an incorrect password can be entered on some Aiphone door-lock systems.
READ THE STORY: DarkReading
Multiple High-Severity Flaws Affect Widely Used OpenLiteSpeed Web Server Software
FROM THE MEDIA: Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. "By chaining and exploiting the vulnerabilities, adversaries could compromise the web server and gain fully privileged remote code execution," Palo Alto Networks Unit 42 said in a Thursday report. OpenLiteSpeed, the open source edition of LiteSpeed Web Server, is the sixth most popular web server, accounting for 1.9 million unique servers across the world.
READ THE STORY: THN
Dangerous SIM-swap lockscreen bypass – update Android now
FROM THE MEDIA: A bug bounty hunter called David Schütz has just published a detailed report describing how he crossed swords with Google for several months over what he considered a dangerous Android security hole. According to Schütz, he stumbled on a total Android lockscreen bypass bug entirely by accident in June 2022, under real-life conditions that could easily have happened to anyone. In other words, it was reasonable to assume that other people might find out about the flaw without deliberately setting out to look for bugs, making its discovery and public disclosure (or private abuse) as a zero-day hole much more likely than usual.
READ THE STORY: Naked Security
SES, Hughes demonstrate satellite internet on General Atomics surveillance drone
FROM THE MEDIA: SES and Hughes in a demonstration last month installed satellite internet service on a General Atomics surveillance drone that the company sells to the U.S. military and allies. The companies announced Nov. 10 that the MQ-9B SkyGuardian remotely piloted aircraft successfully communicated with SES satellites in medium and geostationary Earth orbits. The drone stayed on the ground and did not fly, but the companies said the demonstration showed how the military could use high-throughput satellite connectivity to transmit live-video streams faster and more reliably than traditional single-orbit networks.
READ THE STORY: SN
Thales confirms hackers have released its data on the dark web
FROM THE MEDIA: French defense and technology group Thales (TCFP.PA) said on Friday data relating to the group has been released on the "publication platform" of the hacker group LockBit 3.0, confirming media reports. The data was released on Nov. 10, Thales, which provides advanced technologies in defense, aeronautics, space, transport and digital security, said. "At this stage, Thales is able to confirm that there has been no intrusion of its IT systems," it added.
READ THE STORY: Reuters
Uyghurs Targeted With Spyware, Courtesy of PRC
FROM THE MEDIA: As part of its widely documented, brutal suppression of Muslim Uyghur populations, the Chinese government has been deploying spyware to hunt down what it deems to be "religious extremists" and detain them. Researchers at Lookout Threat Labs reported People's Republic of China-backed threat groups have widely distributed spyware called BadBazaar and Moonshine across Uyghur-language sites and social media. The spyware is trying to catch what Lookout's report ominously called "pre-crimes," like using a VPN, Muslim religious apps, or even WhatsApp.
READ THE STORY: DarkReading
Google Blows Cover On Commercial Spyware Targeting Millions Of Samsung Phones
FROM THE MEDIA: Google’s Project Zero team, which finds and analyzes zero-day security vulnerabilities, has revealed that an unnamed commercial surveillance company developed spyware that exploited three vulnerabilities specific to Samsung phones equipped with Exynos SoCs. Project Zero managed to obtain a sample of the exploit chain back in 2020 and reported the three vulnerabilities to Samsung. The phone maker then published patches for these vulnerabilities in March 2021. Samsung users should make sure their mobile devices are running SMR-(Samsung Mobile Security)-MAR-2021 or later to prevent a possibly disastrous run-in with spyware leveraging this exploit chain.
READ THE STORY: hothardware
‘Serious risk of breach’ at Musk’s Twitter
FROM THE MEDIA: Elon Musk’s turbulent Twitter takeover is undercutting the platform’s defenses while introducing new security risks, and cyber security experts fear users and the public will soon suffer the consequences. Between the now canceled rollout of its controversial new check-mark policy and the exodus of top security staff, Twitter is quickly exposing itself to a deluge of new security risks that could soon ramify into the public sphere, according to top cyber experts and those who’ve overseen cybersecurity at other companies.
READ THE STORY: Politico
Ransomware gangs shift tactics, making crimes harder to track
FROM THE MEDIA: Ransomware gangs increasingly use their own or stolen computer code, moving away from a leasing model that made their activities easier to monitor, new research shows. Numerous prominent hacking groups in recent years have functioned by leasing their malicious software and computing infrastructure to other bad actors, in what’s known as ransomware-as-a-service. That model, which experts say turbocharged the number of ransomware attacks, was offered by infamous groups such as Conti, which shuttered Irish health systems, and REvil, deemed responsible for a 2021 intrusion at the IT management firm Kaseya.
READ THE STORY: AFR
Deutsche Bank hacked? ‘Access to systems’ for sale on Telegram
FROM THE MEDIA: Access to the internal network at Deutsche Bank is apparently being sold on Telegram by an initial access broker (IAB). The broker claims to have access to 21,000 machines and 16 terabytes of data. They are selling it for 7.5 Bitcoin, worth approximately £110,000. Based in Frankfurt, the bank manages assets worth more than $1.3trn. The broker, going by the username Ox_dump, announced on Telegram that they possess access to internal networks and machines at Deutsche Bank.
READ THE STORY: Techmonitor
Ukraine’s lawfare against Russia
FROM THE MEDIA: It has been almost 10 months since Russia, a nuclear power, illegally invaded Ukraine, a non-nuclear state. Since then, the Russia–Ukraine war continues to rage and seems to have taken an ugly turn after the burning of the bridge that linked the Russian-control Crimean Peninsula with Russia earlier in October. Subsequently, Russia has stepped up military hostilities in Ukraine including drone attacks on civilian infrastructure in Kyiv. Ukraine is resolutely responding to Russia’s attacks.
READ THE STORY: ORF
The FCC Must Do Its Job To Protect Americans From Chinese Government Intrusion
FROM THE MEDIA: Brendan Carr met with Taiwanese authorities for foreign, digital and telecom policy last week, the first Federal Communications Commission (FCC) Commissioner to do so in Taiwan. As the country accounts for 90 percent of the global capacity for semiconductor production, he made no overstatement saying, “A free and democratic Taiwan is vital to America’s prosperity.” Carr also reiterated calls for complete bans on TikTok (an undertaking likely requiring action by the Committee on Foreign Investment in the United States) and the telecom equipment providers Huawei Technologies Company and ZTE Corporation. Separately Senator Mark Warner (D-VA) observed, "This is not something you would normally hear me say, but Donald Trump was right on TikTok years ago.
READ THE STORY: Forbes
What the Midterms Mean for U.S.-China Tech Competition
FROM THE MEDIA: The Republican Party is currently estimated by NBC to capture a slim majority of 221 seats in the House of Representatives, with seven races undecided. The Senate race in Georgia is heading to a runoff, which may decide control of the chamber as it did in early 2021. These results are unexpected against the backdrop of a “red wave.” But, with a GOP-led House likely, a divided Congress effectively means that President Joe Biden’s legislative agenda has ended, at least for his current term, barring unforeseen breakthroughs in partisan dynamics.
READ THE STORY: The National Interest
The Successful Public/Private Policy Research Collaboration Behind “The Satellite Dashboard”
FROM THE MEDIA: In light of our recent recommendations regarding the CSET China AI Watchboard and the potential of public/private policy research collaborations within the policy research community in general, we found this recent successful public-private partnership in the space policy domain really interesting and worth a look: The Satellite Dashboard is a collaboration between the Secure World Foundation (SWF), the Center for Strategic and International Studies (CSIS), and the Department of Aerospace Engineering and Engineering Mechanics at the University of Texas at Austin.
READ THE STORY: OODALOOP
United States and Spain Announce the Development of a New Capacity Building Tool to Combat Ransomware
FROM THE MEDIA: The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the U.S. Department of State and the Spanish Ministry of the Interior, announced a joint project last week to develop a capacity-building tool to help countries utilize public-private partnerships (PPPs) to combat ransomware. This project was developed as part of the Second International Counter Ransomware Initiative (CRI) Summit, which was convened in Washington, D.C. The CRI is a global coalition of 36 partner nations and the European Union dedicated to confronting the scourge of ransomware.
READ THE STORY: HSTODAY
The Transition To The Quantum-Cryptography Era
FROM THE MEDIA: On one side, we have symmetric encryption, which uses a single private key (or secret) to encrypt and decrypt data. The secret needs to be shared among the parties that need to communicate securely, this is in fact a security risk and its weakness. Together with other measures to ensure a secure key transfer, it can be a good option, as it is cryptographically safer than other methods. The most used algorithm is Advanced Encryption Standard (AES), which until now has not been cracked, and there are multiple versions of it like AES-128, AES-196, and AES-256 (being the numbers in the version the length of the key in bits).
READ THE STORY: DZONE
From opium to cryptocurrency, North Korea maneuvers to earn hard cash for nuclear program
FROM THE MEDIA: North Korea has launched various missiles, including intercontinental ballistic missiles, 35 times this year alone, which analysts say could have cost the nation as much as $10 million each. The North's escalation of tensions has raised a burning question among observers: How can the cash-strapped nation finance and sustain its weapons of mass destruction (WMD) program?
Such a question arises as a number of United Nations sanctions have cut North Korea off from conventional revenue sources and forbidden it from exporting coal, iron, lead and seafood ― and consequently, the "rogue state" has set its sights on stealing cryptocurrencies, which are used to fund the development of its WMD.
READ THE STORY: Korea Times
Items of interest
The secret flights suspected of taking Iranian drones to Russia for Putin to use against Ukraine
FROM THE MEDIA: When an ageing Ilyushin cargo jet operated by Iranian airline Pouya Air touched down at Moscow’s Vnukovo airport a little over a week ago, seven pallets of large boxes were rapidly disgorged from its hold and concealed in a nearby hangar. The contents of the consignment, which had been loaded into the 30-year-old Russian-built plane hours earlier in Tehran, went undeclared. But the flight is emblematic of what is rapidly emerging as a key alliance in Vladimir Putin’s war with Ukraine as Moscow leans heavily on Iran to bolster its ruinous invasion.
READ THE STORY: INEWS
Sandworm - Russia's Secret Elite Hacking Team EXPOSED (Video)
FROM THE MEDIA: Sandworm, a name given to what is likely a cell within the cyber arm of the Russian military intelligence (GRU)'s cyber arm, is one of the most infamous Advanced Persistent Threats (APTs) on the internet today. This group is responsible for some of the most destructive cyber attacks to date. We dive into the group as well as their most recent attack on Ukraine's electrical grid.
SANDWORM: Putin's secret weapon against the West (Video)
FROM THE MEDIA: Recently, a former MI6 security chief said that Putin seemed likely to be planning to launch cyber attacks on the West when the time was right. A few weeks ago, the US Government’s Cyber Security and Infrastructure Security Agency launched an advisory that warned that hostile actors had gained the capacity to hit industrial control systems.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com