Friday, November 18, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Iranians use new tool to fight surveillance of women: Sanitary pads
FROM THE MEDIA: After security forces opened fire on commuters at a Tehran metro station, Iranians have responded with a new tool to stop authorities from monitoring them and enforcing dress codes on women: sanitary pads. Several images have emerged on social media showing layered sanitary pads stuck on CCTV cameras in metro stations and trains, obstructing their views. Social media users are hailing the move as a statement against the control and surveillance of women, who have been at the forefront of a series of protests that have rocked the country since September, when 22-year-old Kurdish woman Mahsa Amini died while in police custody.
READ THE STORY: Middle East Eye
China’s Tech Outreach in the Middle East and North Africa
FROM THE MEDIA: The Middle East and North Africa region has become a hub for Chinese technological outreach. Over the years, Chinese entities have invested heavily in MENA’s railways, ports, and the energy sector. However, absent an internet connection, software, and cybersecurity, much of this architecture would not be able to operate effectively. Enter Chinese Big Tech. Huawei provides communication technology for Morocco’s national railway system (ONCF), has constructed a logistics center at Tangier Med Port, and was involved in building and launching the Marrakesh Safe City project.
READ THE STORY: The Diplomat
New military tech is the surprise twist in Ukraine’s gutsy defense
FROM THE MEDIA: The collapse of Sam Bankman-Fried’s FTX empire this month has visibly damaged other crypto players. But it has also had another, less obvious, impact: on a network of Ukraine-linked technologists. The philanthropic FTX Future Fund had recently been providing discreet support to entrepreneurs developing innovative military tools for Ukraine. These technologists are now, they tell me, scrambling to find alternative donors after the “painful” shock of the exchange’s downfall.
READ THE STORY: FT
China launches mysterious Earth observation satellites
FROM THE MEDIA: China sent yet another clutch of Gaofen Earth observation satellites to space on Wednesday (Nov. 16). A Ceres-1 rocket carrying four Gaofen 03D satellites launched Wednesday at 2:20 a.m. EST (0720 GMT; 2:20 p.m. local time) from the Jiuquan Satellite Launch Center in northwest China. Xinhua, a state-run media outlet, confirmed that the satellites deployed successfully. "The payloads lifted by the rocket will be used to provide commercial remote sensing services," Xinhua reported(opens in new tab), adding that this is the fourth flight of Ceres-1, which is built by the state-supported Beijing company Galactic Energy.
READ THE STORY: SPACE
Here’s How Bad a Twitter Mega-Breach Would Be
FROM THE MEDIA: Since Elon Musk was forced to complete his acquisition of Twitter for $44 billion, the social network has been in a state of dramatic upheaval. Musk laid off more than half its workforce and fired more via public tweets. Digital infrastructure went on the fritz. And today, a reported 75 percent of staff refused to sign a pledge to work “long hours at high intensity," ostensibly triggering their resignations. It's now unclear who still works at Twitter. In short, all hell is breaking loose at the bird site. As the chaos mounts, one consequence inside the company could be less attention on digital security monitoring and fewer dedicated staffers working to defend Twitter from cyberattacks.
READ THE STORY: Wired
Spacecraft Vulnerable to Failure, Thanks to Aerospace Networking Bug
FROM THE MEDIA: A mission to redirect an asteroid using a team of astronauts goes wrong, when a malicious device onboard the spacecraft interferes with its ability to dock with a robotic spacecraft — causing the crewed capsule to veer off course, spinning into space. Such a mission is still in the planning stages, but the simulated attack demonstrates the danger of a recently discovered vulnerability in the networking protocol used for securely sharing critical messages in software for spacecraft, airplanes, and critical infrastructure.
READ THE STORY: DarkREADING
W4SP Stealer Constantly Targeting Python Developers in Ongoing Supply Chain Attack
FROM THE MEDIA: An ongoing supply chain attack has been leveraging malicious Python packages to distribute malware called W4SP Stealer, with over hundreds of victims ensnared to date. "The threat actor is still active and is releasing more malicious packages," Checkmarx researcher Jossef Harush said in a technical write-up, calling the adversary WASP. "The attack seems related to cybercrime as the attacker claims that these tools are undetectable to increase sales."
READ THE STORY: THN
LodaRAT MALWARE Evolves with new functionalities
FROM THE MEDIA: The LodaRAT malware - a known remote access trojan with extensive data collection and exfiltration capabilities - has steadily evolved over the years with new functionalities, and the malware is being increasingly deployed alongside other malware families, indicating that the RAT has garnered interest from various threat actors, according to new research. First discovered in September 2016, the remote access trojan comes with a number of capabilities for spying on victims, such as recording the microphones and webcams of victims’ devices.
READ THE STORY: DUO
China-based Fangxiao group behind a long-running phishing campaign
FROM THE MEDIA: Researchers from Cyjax reported that a China-based financially motivated group, dubbed Fangxiao, orchestrated a large-scale phishing campaign since 2017. The sophisticated phishing campaign exploits the reputation of international brands and targets businesses in multiple industries, including retail, banking, travel, and energy. Attackers imitated over 400 organizations, including Emirates, Singapore’s Shopee, Unilever, Indonesia’s Indomie, Coca-Cola, McDonald’s and Knorr.
READ THE STORY: Security Affairs
QBot phishing abuses Windows Control Panel EXE to infect devices
FROM THE MEDIA: Phishing emails distributing the QBot malware are using a DLL hijacking flaw in the Windows 10 Control Panel to infect computers, likely as an attempt to evade detection by security software. DLL hijacking is a common attack method that takes advantage of how Dynamic Link Libraries (DLLs) are loaded in Windows. When a Windows executable is launched, it will search for any DLL dependencies in the Windows search path. However, if a threat actor creates a malicious DLL using the same name as one of the program's required DLLs and stores it in the same folder as the executable, the program would load that malicious DLL instead and infect the computer.
READ THE STORY: Bleeping Computer
Europol Arrested a “High Value” Russian-Canadian LockBit Ransomware Operator for Extradition to the US
FROM THE MEDIA: Europol announced the arrest of a Russian-Canadian national linked to the LockBit ransomware attacks against critical infrastructure and large industrial groups. The October 26 arrest followed months of investigation by the European Cybercrime Centre (EC3) led by the French National Gendarmerie assisted by the Canadian Royal Canadian Mounted Police (RCMP) and the United States Federal Bureau of Investigation (FBI).
READ THE STORY: CPO MAG
U.S.-ROK Joint Symposium on Countering DPRK Cyber Threats to Cryptocurrency Exchanges
FROM THE MEDIA: Today, the United States and the Republic of Korea convened a symposium in Seoul, Republic of Korea (ROK) to discuss steps partner governments and private sector stakeholders can take to defend against the Democratic People’s Republic of Korea’s (DPRK) malicious cyber operations that steal funds from cryptocurrency exchanges and other virtual asset service providers to support its unlawful weapons of mass destruction programs.
READ THE STORY: STATE // SCMAG
Wray tells lawmakers that FBI conducts cyber offensive operations
FROM THE MEDIA: FBI Director Christopher Wray told Senate lawmakers on Thursday that his agency has been conducting offensive cyber operations against state and non-state cyber actors. Wray said offensive operations are one of many tactics the agency employs to counter various cyber threats. “Offense is a critical part of our overall effort to push back against cyber adversaries,” Wray said during a Senate Homeland Security Committee hearing in which he was testifying. Wray was responding to a question from Sen. Mitt Romney (R-Utah), who wanted to know whether the agency has sufficient offensive measures to push back against cyber threats and whether it should do more of it.
READ THE STORY: The Hill
A glimpse into the world of railway cybersecurity
FROM THE MEDIA: The type of cyber attacks are diversifying with the looming threat of increased cybercrime and innovative threats being introduced in the cyber world. With the realm of harmful cyber activity embodying itself into all industries, the railway, transportation, and metro industry is increasingly being eyed as a hotspot for increasing cyber attacks and threat activity. The public transit industry withholds grave signaling traction systems, geographical information, train control systems, passenger information and data, and station infrastructure details, all of which require intrinsic protection.
READ THE STORY: CIO
TSA administrator says new cyber requirements in the works for aviation industry
FROM THE MEDIA: The administrator of the Transportation Security Administration, said Wednesday that the agency would deliver new cybersecurity requirements for the aviation industry "in the not-too-distant future." Speaking at the Aspen Cyber Summit, TSA chief David Pekoske said that the administration is following a similar method of developing the forthcoming cybersecurity rules as it did for the oil and gas pipeline sector, when it released a series of security guidelines in 2021 following the Colonial Pipeline ransomware attack.
READ THE STORY: FCW
Biden set to approve expansive authorities for Pentagon to carry out cyber operations
FROM THE MEDIA: The Defense Department has largely won out in a long-running bureaucratic battle with the State Department over retaining its broad powers to launch cyber operations, according to two sources familiar with the matter. While the exact details of which authorities the Pentagon retains to carry out cyber operations are classified, sources familiar with the matter said it succeeded in holding onto key parts of broad authorities the Trump administration granted DOD in 2018.
READ THE STORY: Cyberscoop
Vanuatu: Hackers strand Pacific island government for over a week
FROM THE MEDIA: Vanuatu's government has been knocked offline for more than 11 days after a suspected cyber-attack on servers in the country. The hack has disabled the websites of the Pacific island's parliament, police and prime minister's office. It has also taken down the email system, intranet and online databases of schools, hospitals and other emergency services as well as all government services and departments. The shutdown has left the nation's population - about 315,000 people living across several islands - scrambling to carry out basic tasks like paying tax, invoicing bills and getting licenses and travel visas.
READ THE STORY: BBC
Nemesis Kitten found in US Government network
FROM THE MEDIA: The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint cybersecurity advisory yesterday on Iranian government-sponsored APT actors compromising a federal network. The threat actor, Iran's Nemesis Kitten, exploited the well-known Log4Shell vulnerability to infiltrate a VMware Horizon server in February and move across the network. Bleeping Computer reports that the attackers deployed a cryptocurrency miner, as well as reverse proxies on compromised servers to remain within the network.
READ THE STORY: The Cyberwire // TechMONITOR
Russian cyberattacks against Ukraine fell flat
FROM THE MEDIA: The U.S. Department of Defense has been found by the Government Accountability Office to be at risk of having inadequate visibility of cyber threats due to incomplete information on most of its cyber incident reports, reports The Record, a news site by cybersecurity firm Recorded Future. Despite the decline of cyber incidents reported to the Defense Department's Joint Incident Management System from 3,880 in 2015 to 948 in 2021, 91% of submitted reports during the six-year period did not detail the incidents' discovery date, while 68% of the reports lacked information on delivery vectors behind the incident, the GAO report showed.
READ THE STORY: SCMAG
Beijing trolls unleash Blasphemy on Prophet in China
FROM THE MEDIA: The Uyghurs are an ethnic Turkish group that inhabits the region – now named by the Chinese state the Xinjiang Uyghur Autonomous Region – for centuries. This region is rich in oil and natural resources and a critical component of the New Silk Road. The Chinese authorities consider Uyghurs – a 12 million population – a “cultural” and “national” threat. Uyghurs believe in a moderate form of Islam. Nevertheless, the Beijing government applies a policy of discrimination and forced assimilation, promoting Han cultural values. This policy became harder under the rule of Xi Jinping.
READ THE STORY: European Interest
US targets Chinese firms over Iran sanctions evasion
FROM THE MEDIA: According to Al-Arabiya news, the US Treasury Department has announced the imposition of sanctions against 13 companies from various countries accused of facilitating the sale of Iranian petrochemicals and petroleum products to buyers in East Asia. Companies based in China, the United Arab Emirates, and Hong Kong, were added to the “blacklist” on 17 November after being accused of facilitating the sale of hundreds of millions of dollars of Iranian petrochemicals and oil products to buyers in East Asia, including the National Iranian Oil Company and Triliance Petrochemical Co. Ltd. already under sanctions.
READ THE STORY: The Cradle
Researchers Quietly Cracked Zeppelin Ransomware Keys
FROM THE MEDIA: Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “Zeppelin” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin. After two weeks of stalling their extortionists, Peter’s bosses were ready to capitulate and pay the ransom demand. Then came the unlikely call from an FBI agent. “Don’t pay,” the agent said. “We’ve found someone who can crack the encryption.”
READ THE STORY: Krebson Security
Previously unidentified ARCrypter ransomware expands worldwide
FROM THE MEDIA: A previously unknown ‘ARCrypter’ ransomware that compromised key organizations in Latin America is now expanding its attacks worldwide. Threat actors behind the new ransomware family attacked a government agency in Chile last August, targeting both Linux and Windows systems and appending the “.crypt” extension on encrypted files. Back then, Chilean threat analyst Germán Fernández told Bleeping Computer that the strain appeared entirely new, not connected to any known ransomware families.
READ THE STORY: Bleeping Computer
ESET rolls out new consumer offerings to improve home security
FROM THE MEDIA: It’s definitely no secret that antivirus software is an essential part of your computer. However, these threats don’t stop at your devices. For example, criminals that try to steal your data can attack your Wi-Fi router, and phishing attempts can target your email. ESET’s newest consumer product release has taken a comprehensive approach to security to guard against a full range of threats. Every solution comes with ESET’s signature light footprint for gaming, browsing, shopping and socializing without slowdowns or interruptions.
READ THE STORY: Bleeping Computer
Agency overseeing cybersecurity for offshore energy falling short
FROM THE MEDIA: The federal enforcement office that oversees more than 1,600 offshore oil and gas facilities has done little to address growing cybersecurity risks, according to a watchdog report released on Thursday. The Government Accountability Office said that the Department of Interior’s Bureau of Safety and Environmental Enforcement has taken “few actions” to address cybersecurity risks since the agency first planned to address the issue in 2015, noting that an attack on an offshore oil and gas rig could be catastrophic.
READ THE STORY: Cyberscoop
Koch-funded group sues US state agency for installing 'spyware' on 1m Android devices
FROM THE MEDIA: The Massachusetts Department of Public Health conspired with Google to secretly install a COVID-19 tracing app onto more than 1 million Android users' devices without their knowledge and without obtaining warrants, according to a class-action lawsuit filed this week by the New Civil Liberties Alliance. The New Civil Liberties Alliance claims to be a "nonpartisan, nonprofit civil rights group." Its biggest donors include right-wing backers such as the Charles G. Koch Foundation and the Charles Koch Institute. In September 2020, the group represented a Virginian landlord who sued the Centers for Disease Control to allow him to evict tenants during the pandemic.
READ THE STORY: The Register
Magecart malware menaces Magento merchants
FROM THE MEDIA: An outbreak of Magecart attacks has experts warning administrators to patch their Magento and Adobe Commerce installations immediately. Researchers with ecommerce security vendor Sansec report that as many as 38% of all retail websites running the two vendor platforms are already infected with TrojanOrders, which generates malicious orders that deliver a remote access Trojan into vulnerable Magento instances. Magecart, a loose collective of cybercriminal groups that specializes in "skimming" attacks and payment card theft, is behind the attacks.
READ THE STORY: TechTarget
Zeus Botnet Suspected Leader Arrested in Geneva
FROM THE MEDIA: Swiss authorities have apprehended a Ukrainian national wanted by the Federal Bureau of Investigation (FBI) for 12 years for connections with a cyber-criminal group that stole millions of dollars from bank accounts using malware called Zeus. Vyacheslav Igorevich Penchukov was arrested in Geneva on October 23, 2022, and is now pending extradition to the US, reported independent security journalist Brian Krebs. Penchukov was first named in a 2012 indictment by the US Department of Justice, alongside Ivan Viktorvich Klepikov and Alexey Dmitrievich Bron, as one of the leaders in the JabberZeus Crew, a small cyber-criminal gang from Ukraine and Russia that attacked victims with a customized version of the Zeus banking Trojan.
READ THE STORY: InfoSec Mag // Barron’s
Ukrainians endure power outages amid Russian strikes on infrastructure
FROM THE MEDIA: As darkness descends on the Ukrainian capital, the consequences of the waves of Russian missile strikes against critical energy infrastructure become apparent. There's no street lighting in many places around Kyiv, with people carrying flashlights or just their mobile phones with lights on to navigate around. Even traffic lights go off from time to time -- all part of the new reality that residents are getting used to. After the first massive Russian strike on Oct. 10 on energy facilities in various regions, Ukrainians have been warned of expected blackouts and outages and urged to save as much electricity as possible.
READ THE STORY: abcNEWS
Items of interest
Google Wins Lawsuit Against Glupteba Botnet Operators
FROM THE MEDIA: Google announced in December 2021 that it had taken action to disrupt the botnet’s C&C infrastructure. The company said at the time that even if its actions may not completely stop the botnet, they should still affect its operators’ ability to conduct future operations. It’s unclear if the botnet is currently active. Glupteba had been powered by one million compromised Windows devices. The Glupteba malware could steal user credentials and other data, mine cryptocurrencies, and turn compromised devices into proxies.
When it announced disrupting the botnet, Google also said it had filed a lawsuit against its alleged operators, claiming violations of the Racketeer Influenced and Corrupt Organizations (RICO) Act, the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act, and the Lanham Act, as well as tortious interference of business relationships and unjust enrichment.
READ THE STORY: SecurityWeek
American LNG exports are surging, on the back of European demand (Video)
FROM THE MEDIA: Exports have skyrocketed for America’s LNG producers as demand soars, particularly from Europe. Last December, the US became the world’s biggest exporter of this super chilled fuel for the first time. But as the FT’s Justin Jacobs explains, not everyone’s happy about the expansion in output, and the effect it may have on the environment.
Weaponizing the American Dollar w/ Byron King (Video)
FROM THE MEDIA: Byron King is our go-to expert on foreign affairs... military history… legal matters… natural resources… and more. Among other things, we talk about Russia’s motives for invading Ukraine and what the ongoing sanctions will mean for your wallet.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com