Saturday, November 19, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products
FROM THE MEDIA: Australian software company Atlassian has rolled out security updates to address two critical flaws affecting Bitbucket Server, Data Center, and Crowd products. The issues, tracked as CVE-2022-43781 and CVE-2022-43782, are both rated 9 out of 10 on the CVSS vulnerability scoring system. CVE-2022-43781, which Atlassian said was introduced in version 7.0.0 of Bitbucket Server and Data Center, affects versions 7.0 to 7.21 and 8.0 to 8.4 (only if mesh.enabled is set to false in bitbucket.properties). The weakness has been described as a case of command injection using environment variables in the software, which could allow an adversary with permission to control their username to gain code execution on the affected system.
READ THE STORY: THN
Chinese 'Mustang Panda' Hackers Actively Targeting Governments Worldwide
FROM THE MEDIA: A notorious advanced persistent threat actor known as Mustang Panda has been linked to a spate of spear-phishing attacks targeting government, education, and research sectors across the world. The primary targets of the intrusions from May to October 2022 included counties in the Asia Pacific region such as Myanmar, Australia, the Philippines, Japan, and Taiwan, cybersecurity firm Trend Micro said in a Friday report. Mustang Panda, also called Bronze President, Earth Preta, HoneyMyte, and Red Lich, is a China-based espionage actor believed to be active since at least July 2018.
READ THE STORY: THN
High-Severity RCE Bug in F5 Products Let Attackers Hack the Complete Systems
FROM THE MEDIA: Experts from Rapid7 observed a customized CentOS installation operating on F5 BIG-IP and BIG-IQ devices found to have various vulnerabilities. While the other flaws are security bypass methods that F5 does not consider vulnerabilities, two of the vulnerabilities have been categorized as high-severity remote code execution vulnerabilities and given CVE IDs. The first high-severity flaw is tracked as (CVE-2022-41622) is an unauthenticated remote code execution via cross-site request forgery (CSRF) that impacts BIG-IP and BIG-IQ products.
READ THE STORY: GBhackers
SecureWV Lucky13: Malware, Ransomware, and Maturity Models
FROM THE MEDIA: When most people think about West Virginia, the John Dever song likely springs to mind, with the timeless words "Take me home, country road." Cybersecurity was certainly not at the top of the list of topics I associated with the "Mountain State," but that has changed now that I have met the local security community at SecureWV 2022. This year's theme was Lucky Th1rt3en, as this was the thirteenth get-together of the region's top security experts, working diligently to keep us all safe on the internet. Anyone lucky enough to attend in person saw two full days of sessions covering multiple aspects of cybersecurity, from deep dives into ransomware, to very technical talks on how malware is built, to becoming an incident responder superstar. If you didn't get the chance to attend in person, you are still in luck, as all the sessions were recorded and will be added to the SecureWV youtube channel.
READ THE STORY: DZone
North Korea’s Internet Knocked Offline
FROM THE MEDIA: North Korea’s Internet was temporarily been knocked offline, according to a British cybersecurity researcher. Junade Ali monitors a range of different North Korean web and email servers, and he told Reuters on Thursday that the Asian nation’s Internet experienced its largest outages in months, after similar service interruptions in January were blamed on suspected cyber attacks. Like the suspected attacks in January, Thursday’s outages reportedly comes amid increased missile launches and other military activities by North Korea, which was condemned by the United States and its allies.
READ THE STORY: Silicon
Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware
FROM THE MEDIA: A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware. Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group under the name DEV-0569. "Observed DEV-0569 attacks show a pattern of continuous innovation, with regular incorporation of new discovery techniques, defense evasion, and various post-compromise payloads, alongside increasing ransomware facilitation," the Microsoft Security Threat Intelligence team said in an analysis.
READ THE STORY: THN
New improved versions of LodaRAT spotted in the wild
FROM THE MEDIA: Researchers from Cisco Talos have monitored the LodaRAT malware over the course of 2022 and recently discovered multiple updated versions that have been deployed alongside other malware families, including RedLine and Neshta. The versions include new functionality to spread to attached removable storage, a new string encoding algorithm and the removal of “dead” functions LodaRAT is written in AutoIt, the researchers pointed out that it is easy to obtain its original source code from the compiled binaries by using an AutoIt decompiler.
READ THE STORY: Security Affairs
China Uses All Tactics to Gain Access to Defense Technologies
FROM THE MEDIA: China's president and People's Liberation Army head Xi Jinping is going all out to increase the military's might and the country has not spared any effort to gain access to defense technologies from across the world by any means, Policy Research Group reported. China has built its military strength on stolen and copied technologies from various countries, not only the United States and other European countries. It has not even hesitated to copy technologies from Russia.
READ THE STORY: Latesly
Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester
FROM THE MEDIA: From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch (FCEB) organization where CISA observed suspected advanced persistent threat (APT) activity. In the course of incident response activities, CISA determined that cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence.
READ THE STORY: HSTODAY
The World Cup could become a hot bed for espionage
FROM THE MEDIA: This year's FIFA World Cup in Qatar is gearing up to be a hot spot for governments spying on their adversaries, researchers and officials cautioned this week. Cybersecurity firm Recorded Future released a report Thursday warning that state-sponsored hacking groups are likely to see the World Cup as "target-rich environment" for spying on foreign dignitaries and businesspeople. European data protection regulators have been advising their constituents against downloading Qatar's World Cup apps due to surveillance and national security concerns. German authorities said one of the apps "collects data on whether and with which number a telephone call is made," Politico reports.
READ THE STORY: AXIOS
China and the TikTok threat: How the White House cybersecurity team is thinking about it
FROM THE MEDIA: After Federal Bureau of Investigation Director Christopher Wray told lawmakers this week that he has national security concerns about TikTok’s operations in the U.S., a key member of the White House’s Office of the National Cyber Director expressed support for the FBI and “any measure that will raise security,” but stopped short of voicing support for a ban on TikTok that some government officials think is necessary. The Biden White House hasn’t made any determination yet on a TikTok ban, Kemba Walden, Principal Deputy National Cyber Director, said at the CNBC Technology Executive Council Summit on Tuesday.
READ THE STORY: CNBC
Offensive cyber operations from DoD and DOJ
FROM THE MEDIA: The US Departments of Defense (DoD) and State have been engaged in a tug-of-war over which branch has the authority to conduct cyber operations, and sources say the DoD has won. According to CyberScoop, sources familiar with the matter say the DoD will be retaining the majority of the authorities it was granted by the Trump administration in 2018. An anonymous senior administration official says the State Department won some concessions as part of the revised policy document, and that the final version of the policy memorandum will require the DoD to share cyber operation details with the White House well in advance.
READ THE STORY: The Cyberscoop
Satellite Wars: Dragon and Elephant Fighting in Space
FROM THE MEDIA: Recently, China decided to give Pakistan its SLC-18 space surveillance radar, which can find Low Earth Orbit satellites under nearly any set of circumstances. China’s state-owned, China Electronics Technology Group Corporation, is said to be the one producing the 10-metre SLC-18 radar. India is widely deemed as the driving factor behind Pakistan’s interest in such technology and their purchase of this radar. Of India’s 53 active satellites in orbit, 21 are essentially Earth observation satellites, while the remaining 8 satellites are navigation satellites.
READ THE STORY: AIM
Close the Confucius Institutes
FROM THE MEDIA: Walk down the streets of Firenze in search of an osteria, and you might be surprised — not by the presence of a Greek Orthodox Church, but a Confucius Institute. In Bologna, interspersed between the vermilion roofs and Extinction Rebellion insignias (it is home to a university after all) is another Confucius Institute, affiliated to the age-old university. Nestled in the dreaming spires of Oxford lies yet another such establishment, part of Oxford Brookes University. In Chinese culture, the number four foreshadows calamity. Succeeding the forty-four-day government of Liz Truss, the government of Rishi Sunak has a mammoth agenda of tackling crises at home and abroad.
READ THE STORY: The Critic
India's largest depository detects malware in systems
FROM THE MEDIA: India's largest depository in terms of dematerialized accounts has detected malware in some of its systems, the Central Depository Services (India) Ltd said in a statement late Friday. Admitting that malware was detected in its internal machines, the statement said, "As a matter of abundant caution, the company immediately isolated the machines and disconnected itself from other constituents of the capital market." As per initial findings, there is no confidential information or investor data has been compromised. The depository team has reported the incident to relevant authorities and is working with its cyber security advisors to analyze the impact, the statement said.
READ THE STORY: China.org.cn
ARCrypter ransomware strain detailed by BlackBerry
FROM THE MEDIA: A new ransomware strain has been detected by researchers at BlackBerry, who say it has been seen hitting organizations in Canada, China, Chile, and Columbia. Dubbed ARCrypter, because the unique strings “ARC” were found in all the samples the researchers analyzed, it first appeared in August. Unlike other ransomware variants, BlackBerry said, where a ransom note is dropped after the file encryption stage, ARCrypter drops the ransom note before the files are encrypted. Upon ransom note delivery, the dropper then proceeds to drop two batch scripts and the main payload encrypter.
READ THE STORY: ITworldcanada
SEC Seeks to Stop the Registration of Misleading Crypto Asset Offerings
FROM THE MEDIA: The Securities and Exchange Commission today instituted administrative proceedings against American CryptoFed DAO LLC (American CryptoFed), a Wyoming-based organization, to determine whether a stop order should be issued to suspend the registration of the offer and sale of two crypto assets, the Ducat token and the Locke token. The SEC’s Enforcement Division alleges that a Form S-1 registration statement filed by American CryptoFed on September 17, 2021 failed to contain required information about American CryptoFed’s business, management, and financial condition, such as audited financial statements, and contained materially misleading statements and omissions, including inconsistent statements about whether the tokens are securities.
READ THE STORY: SEC
NSA Urged Software Developers and Operators to Shift to Memory-Safe Languages
FROM THE MEDIA: The National Security Agency (NSA) urged software developers and operators to shift to memory-safe languages and prevent software memory safety issues responsible for most exploitable vulnerabilities. According to the “Software Memory Safety” Cybersecurity Information Sheet, malicious cyber actors can exploit poor memory management issues to access sensitive data and perform illegal code execution, among others. NSA’s cybersecurity technical director, Neal Ziring, stated that memory management issues have been exploited for decades and are still common today.
READ THE STORY: CPO MAG
Canadian customers of paramedic data service still offline after cyber incident
FROM THE MEDIA: A cyber attack on a Texas-based cloud provider of emergency responder applications has impacted around 100 Canadian paramedic ambulance services, most of them in Ontario. Haldimand County’s Paramedic Services is one of them. Today it issued a statement saying it has been told the platform it uses to record patient data, made by ESO Solutions, has been taken offline in response to a potential cybersecurity incident. “This situation is currently impacting many paramedic services across Ontario,” the statement says.
READ THE STORY: ITworldcanada
Psychologists Explain How Your Anxiety May Be Creating False Memories In Your Head
Analyst Comment: Social Engineering is the practice of pressuring the weakest link - the human mind.
FROM THE MEDIA: A new study published in the Journal of Personality and Social Psychology uncovers an uncomfortable fact about the anxiously attached individual: their minds falsify memories far more than the average person. In fact, people with anxious attachment styles are more likely to get facts wrong about everyday social situations, like when a person is relaying information to them in-person or on a video call.
READ THE STORY: FORBES
DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions
FROM THE MEDIA: It generally starts with malvertising and ends with the deployment of Royal ransomware, but a new threat group has distinguished itself by its ability to innovate the malicious steps in between to lure in new targets. The cyberattack group, tracked by Microsoft Security Threat Intelligence as DEV-0569, is notable for its ability to continuously improve its discovery, detection evasion, and post-compromise payloads, according to a report this week from the computing giant.
READ THE STORY: DarkREADING
CISA: Hive ransomware has netted more than $100 million from over 1,300 victims
FROM THE MEDIA: The Hive ransomware group has brought in more than $100 million from attacks on more than 1,300 companies worldwide from June 2021 to November 2022, according to a new joint report from several U.S. agencies. The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services released an advisory Thursday on the ransomware-as-a-service (RaaS) group, which has made a point of going after healthcare organizations. The group forced a California healthcare facility to shut down in March and attacked Romania’s largest oil refinery proprietor in February.
READ THE STORY: The Record
Previously unidentified ARCrypter ransomware expands worldwide
FROM THE MEDIA: A previously unknown ‘ARCrypter’ ransomware that compromised key organizations in Latin America is now expanding its attacks worldwide. Threat actors behind the new ransomware family attacked a government agency in Chile last August, targeting both Linux and Windows systems and appending the “.crypt” extension on encrypted files. Back then, Chilean threat analyst Germán Fernández told Bleeping Computer that the strain appeared entirely new, not connected to any known ransomware families.
READ THE STORY: Bleeping Computer
Another Chinese Rocket Mishap Threatens Elon Musk's Starlink Satellites
FROM THE MEDIA: China has made few friends lately with the serial, uncontrolled reentries of the spent first stages of its Long March 5B spacecraft, which have posed potential threats to populations on the ground. Now, as the South China Morning Post reports, a Chinese rocket has created yet another mess—this time in orbit 500 km (310 mi.) above Earth, at an altitude that could imperil SpaceX’s Starlink satellite constellation. At a media briefing on Monday in Beijing, a foreign ministry spokeswoman acknowledged that the first stage of a Chinese Long March 6A rocket had broken up in orbit after delivering an ocean observation satellite to space. The first stage typically reenters the atmosphere and burns up on its way down.
READ THE STORY: TIME
Booz Allen says former staffer downloaded employees’ personal data
FROM THE MEDIA: U.S. government contractor Booz Allen Hamilton has disclosed that a former staffer downloaded potentially tens of thousands of employees’ personal information from the company’s internal network. The government and defense contractor said that one of its staffers, while still employed by the company, downloaded a report containing the personal information of “active employees as of March 29, 2021.” A copy of Booz Allen’s website archived in March 2021 said the company had 27,600 employees, many of whom are contracted to U.S. government, military and intelligence agencies and hold high-level security clearances.
READ THE STORY: Techcrunch
Chinese Hackers Disguise Malware using Google Drive to Target Organizations
FROM THE MEDIA: Hackers based in China are conducting a spearphishing campaign, by delivering custom malware to government, research, and academic organizations all over the world. The cyberattacks have been led by a group called Mustang Panda, and they deliver the malware via Google Drive, according to Bleeping Computer.
READ THE STORY: iTechpost
Russian Soldiers Are Surrendering To Ukrainian Drones. This Has Happened Before
FROM THE MEDIA: Firing missiles, dropping tiny bombs and spotting targets for artillery, the Ukrainian army’s drones undoubtedly are responsible for hundreds, if not thousands, of Russian casualties as Russia’s wider war on Ukraine grinds into its tenth month. Ukrainian drones also are capturing live Russians. In the latest example of a flesh-and-blood soldier surrendering to a plastic-and-metal robot, a Russian soldier apparently somewhere in eastern Ukraine’s Donbas region dropped his weapon and raised his hands when a quadcopter-style drone belonging to the Ukrainian army’s 54th Mechanized Brigade appeared overhead.
READ THE STORY: Forbes
India’s 1st Ever Chip Manufacturing Factory
FROM THE MEDIA: The construction of the fab will reportedly begin by February 2023, as per reports. The ISMC will produce 40-65 nanometer analog chips for “the defence and auto sectors” as well as other industries. As per CN Ashwath Narayan, Karnataka Minister for Information Technology, Electronics, and Skills Development, “We will probably become the first state in India to have a semiconductor fab. ISMC has the technology and the capability. Subject to the central government’s approval, we hope to see work starting on this plant from February.”
READ THE STORY: TRAK.IN
China's Nexperia Forced To Sell Newport Chip Fab
FROM THE MEDIA: A Netherlands-based Chinese firm was ordered by the United Kingdom government to sell its majority stake in the country's largest semiconductor foundry for national security reasons. Nexperia B V, a wholly-owned subsidiary of the Shanghai-listed Wingtech Technology, said it was informed by the UK Department for Business, Energy and Industrial Strategy that it had to dispose of at least an 86% stake in the Newport Wafer Fab in Welsh. Wingtech said Nexperia only contributed less than 1% of its revenue so the incident would not have a significant impact on its business results.
READ THE STORY: MENAFN
Items of interest
Attack Of The Supply Chain
FROM THE MEDIA: Paul Asadoorian: “Like many in our field, I am a Star Wars nerd. I could quickly fill this post with several thoughts and opinions on Star Wars such as the treacherous waters of comparing the 3 trilogies and little-known Star Wars facts (e.g. Willrow Hood). You can find plenty of that information on the Internet. Instead, I want to relate three Star Wars examples to supply chain risk. You need only be familiar with Episode IV: A New Hope (and to an extent Star Wars: Rogue One), Episode III: Revenge of the Sith, and the latest series called “Andor” (I promise there will be no Andor spoilers in this post).”
READ THE STORY: Security Boulevard
Space warfare: Applying international humanitarian law to the final frontier (Video)
FROM THE MEDIA: The session 'Space warfare: Applying international humanitarian law to the final frontier' was organized by SIPRI at the 2021 Stockholm Security Conference 'Battlefields of the Future'.
The human mind as a battlefield (Video)
FROM THE MEDIA: The session 'The human mind as a battlefield' was organized by SIPRI at the 2021 Stockholm Security Conference 'Battlefields of the Future'.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com