Tuesday, November 22, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
DraftKings accounts hacked for $300,000 as sportsbooks get targeted
FROM THE MEDIA: DraftKings Sportsbook was hit with some withdrawal requests this weekend, the Action Network‘s Darren Rovell first reported. The company said in a statement it believes that the hack compromised around $300,000 in customer funds. “DraftKings is aware that some customers are experiencing irregular activity with their accounts. We currently believe that the login information of these customers was compromised on other websites and then used to access their DraftKings accounts where they used the same login information,” Paul Liberman, DraftKings’ co-founder and president for global technology and product said in a statement.
READ THE STORY: NYPOST // CNBC // InfoSecMag
Luna Moth's Novel, Malware-Free Extortion Campaign Takes Flight
FROM THE MEDIA: Researchers have spotted a threat actor that has managed to extort hundreds of thousands of dollars over the last few months from mostly small and midsize businesses — without using any encryption tools or malware. Instead, the attacker — dubbed Luna Moth (aka the "Silent" ransomware group) has been using an array of legitimate tools and a technique dubbed "call-back phishing." The tactic is to steal sensitive data from victim organizations and use it as leverage to extort money from them.
READ THE STORY: DarkReading
Ukraine power companies warn of continuing electricity outages
FROM THE MEDIA: Ukraine’s state energy utility has said rolling blackouts will continue, with President Volodymyr Zelenskyy telling citizens they are consuming more electricity than is available and the director of one domestic power company warning that outages will probably last until March. “Ukraine’s power system still has not fully recovered from the six waves of [Russian] missile strikes and cannot operate at full capacity,” electricity group Ukrenergo wrote on Telegram late on Monday, adding there would be further blackouts on Tuesday.
READ THE STORY: FT
Iran close to discovering a ‘zero-day’ exploit that could paralyze Israeli infrastructure
FROM THE MEDIA: In an interview at the Institute for National Security Studies (INSS) conference on 21 November, ClearSky cybersecurity CEO, Boaz Dolev, revealed that Iran is close to acquiring a ‘zero-day’ exploit, capable of paralyzing Israel’s infrastructure. A zero-day exploit is a flaw that exposes a vulnerability in software or hardware and can create complicated problems well before anyone realizes something is wrong, like the vendor of the target software. Until the vulnerability is discovered and fixed, hackers can exploit it to adversely affect programs, data, networks, or entire systems.
READ THE STORY: The Cradle
Estonia’s Former Spy Chief: Too Soon to Count Russia Out
FROM THE MEDIA: Since Russia invaded Ukraine in February, Estonia has been one of the most steadfast supporters of Kyiv—and one of the most uncompromising when it comes to Russia. Having been at the sharp end of Russian disinformation and cyberattacks in recent years as well as Soviet occupation and deportation before that, Estonians have few illusions about the capabilities of their neighbor to the east.
READ THE STORY: FP
Google Wins Legal Battle Against Glupteba Botnet
FROM THE MEDIA: Google has announced a legal victory against two Russian nationals connected with the Glupteba botnet. In a blog post last Friday, the tech giant said the court's ruling against the botnet operators set a crucial legal precedent and sends a warning to cyber-criminals and their accomplices. "Last December, Google's Threat Analysis Group (TAG) shared the actions it took to disrupt the operations of the Glupteba botnet," wrote Google's vice president of engineering for privacy, safety and security Royal Hansen and the company's general counsel Halimah DeLaine Prado.
READ THE STORY: InfoSecMag
US Semiconductor ban to China triggers AI Concerns
FROM THE MEDIA: United States has stopped semiconductor exports to China as it wanted to halt the development of AI projects in the Xi Jinping led nation. But trade analysts suggest the move could trigger major concerns and could backfire by putting a permanent dent to the GDP of America. Speaking the same at the Bloomberg’s New Economy Forum in Singapore, Ken Griffin, the CEO of Citadel, added that a hit between 5% and 10% could be observed, if this continues, pushing the entire economic activity into great depression.
READ THE STORY: Cyber Security Insiders
Sinister AXLocker Ransomware Adds Insult To Injury By Stealing Your Discord Account
FROM THE MEDIA: Researchers at the cybersecurity company Cyble have published a technical analysis of a new ransomware known as “AXLocker.” Aside from the regular data encryption performed by ransomware, AXLocker also searches victims’ systems for Discord login tokens, then hands these tokens over to the threat actor behind the ransomware. While victims are busy attempting to recover their encrypted data, the threat actor can use these stolen credentials to access victims’ Discord accounts, which the threat actor may use to further distribute the ransomware.
Ransomware is a growing cause for concern in the information security field.
READ THE STORY: Hothardware // SCMAG
Chinese APT Using Google Drive, Dropbox to Drop Malware
FROM THE MEDIA: China-based advanced persistent threat actor Mustang Panda has launched a new wave of spear-phishing attacks on global government, educational and scientific sectors. Cybersecurity firm Trend Micro observed the group - as Earth Preta, also known as Mustang Panda and Bronze President - using fake Google accounts to distribute malware stored in archive files and distributed through links to Google Drive. The main targets hit so far are organizations in Myanmar, Australia, the Philippines, Japan and Taiwan.
READ THE STORY: GovInfoSec // Techradar.pro
Microsoft Warns of Surge in Token Theft, Bypassing MFA
FROM THE MEDIA: The Microsoft Detection and Response Team (DART) recently warned that attackers are increasingly using token theft to circumvent multi-factor authentication (MFA). “By compromising and replaying a token issued to an identity that has already completed multifactor authentication, the threat actor satisfies the validation of MFA and access is granted to organizational resources accordingly,” the team wrote in a blog post. That’s particularly concerning, they noted, because the attack technique doesn’t require significant expertise, it’s difficult to detect, and few organizations are watching out for it.
READ THE STORY: eSecurityPlanet
Emotet is back and delivers payloads like IcedID and Bumblebee
FROM THE MEDIA: Proofpoint researchers warn of the return of the Emotet malware, in early November the experts observed a high-volume malspam campaign delivering payloads like IcedID and Bumblebee. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. The infamous banking trojan was also used to deliver other malicious code, such as Trickbot and QBot trojans, or ransomware such as Conti, ProLock, Ryuk, and Egregor.
READ THE STORY: Security Affairs
Google Chrome extension used to steal cryptocurrency, passwords
FROM THE MEDIA: An information-stealing Google Chrome browser extension named 'VenomSoftX' is being deployed by Windows malware to steal cryptocurrency and clipboard contents as users browse the web. This Chrome extension is being installed by the ViperSoftX Windows malware, which acts as a JavaScript-based RAT (remote access trojan) and cryptocurrency hijacker. ViperSoftX has been around since 2020, previously disclosed by security researchers Cerberus and Colin Cowie, and in a report by Fortinet.
READ THE STORY: Bleeping Computer
For ransomware, feds need more rigorous comms, GAO says
FROM THE MEDIA: The closer collaboration with federal agencies that state and local governments depend on after incidents like a ransomware attack would be more achievable if those federal agencies played better with each other, according to a report last week by the U.S. Government Accountability Office. The two-pager, published Nov. 16, points out that while the Cybersecurity and Infrastructure Security Agency, the Secret Service and the FBI all play vital roles in helping state.
READ THE STORY: Statescoop
Octocrypt, Alice, and AXLocker Ransomware, new threats in the wild
FROM THE MEDIA: The AXLocker ransomware encrypts victims’ files and steals Discord tokens from the infected machine. The analysis of the code revealed that the startencryption() function implements the capability to search files by enumerating the available directories on the C:\ drive. The malware only targets specific file extensions and excludes a list of directories from the encryption process. The AXLocker ransomware uses the AES encryption algorithm to encrypt files, unlike other ransomware it does not change the name or extension of the encrypted files.
READ THE STORY: Security Affairs
Novel methods leveraged for Royal ransomware distribution
FROM THE MEDIA: Updated techniques are being used by DEV-0569 to distribute Royal ransomware and other malicious payloads, according to SecurityWeek. While DEV-0569 continues to leverage malvertising for malware delivery, it has since expanded its arsenal to include using contact forms for phishing link delivery, utilizing legitimate-looking software download sites or repositories for fake installer hosting, and exploiting Google Ads, a report from Microsoft showed. DEV-0569 was observed to have impersonated a national financial authority in September to send fraudulent contact forms, from which it would reply with Batloader-laced messages.
READ THE STORY: SCMAG
Google releases 165 YARA rules to detect Cobalt Strike attacks
FROM THE MEDIA: The Google Cloud Threat Intelligence team has open-sourced YARA Rules and a VirusTotal Collection of indicators of compromise (IOCs) to help defenders detect Cobalt Strike components in their networks. Security teams will also be able to identify Cobalt Strike versions deployed in their environment using these detection signatures. "We are releasing to the community a set of open-source YARA Rules and their integration as a VirusTotal Collection to help the community flag and identify Cobalt Strike's components and its respective versions," said Google Cloud Threat Intelligence security engineer Greg Sinclair.
READ THE STORY: Bleeping Computer
The lame-duck hunt: Closing Big Tech open season
FROM THE MEDIA: Lame-duck sessions in Congress usually bring on a flurry of last-ditch efforts to accomplish pet legislation that otherwise would be sidelined by party leadership. This time is no different, with a rush to push anti-tech bills. Multiple progressive advocacy groups are sending panic letters to leadership along with a multi-prong advertising campaign to push for new regulations, for fear the next Congress will not share the same urgency.
READ THE STORY: Washington Examiner
Torrent sites are infiltrating Google Search with some crafty SEO hacks
FROM THE MEDIA: Cybercriminals are hacking Google Looker Studio to place their malicious websites high on the search engine’s results pages, promoting spam, pirated content, and torrents. The campaign uses a technique known as SEO poisoning. This method uses legitimate website copy and fills it with links leading to these malicious sites. In the eyes of Google’s search engine algorithm, the links give the spam sites enough credibility for the tool to rank them high for specific keywords. This specific attack uses Google’s datastudio.google.com subdomain.
READ THE STORY: TechRadar
Aurora infostealer malware increasingly adopted by cybergangs
FROM THE MEDIA: Cybercriminals are increasingly turning to a new Go-based information stealer named ‘Aurora’ to steal sensitive information from browsers and cryptocurrency apps, exfiltrate data directly from disks, and load additional payloads. According to cybersecurity firm SEKOIA, at least seven notable cybergangs with significant activity have adopted Aurora exclusively, or along with Redline and Raccoon, two other established information-stealing malware families.
READ THE STORY: Bleeping Computer
Threat actors leveraging FIFA to target organizations
FROM THE MEDIA: Email security researchers from the Trellix Advanced Research Centre have found attackers to be leveraging FIFA and football-based campaigns to target organizations in Arab countries and consequently, the volume of malicious emails in Arab Countries was observed to have increased by 100 per cent in the month of October. “It is common practice for attackers to utilize important or popular events as a part of social engineering tactics and particularly target organizations which are related to the event as they are far more promising victims for an attack,” commented Daksh Kapur, Research Scientist at Trellix.
READ THE STORY: ITP.net
Technology as an Arbiter in US–China Great Power Competition
FROM THE MEDIA: Technology has assumed critical importance in the ongoing ‘strategic competition’ between the United States and China. The technology-infused great-power competition is likely to reshape the current structure of international relations. There is a likelihood of the emergence of two opposing techno-political systems led by China and the US, with the rest of the world faced with a choice: side with one at the expense of the other. India’s strategic autonomy may be strained to the maximum in navigating this scenario.
READ THE STORY: IDSA
A Global Americans Review of Managing New Security Threats in the Caribbean
FROM THE MEDIA: One of the more difficult international relations concepts to define is “security.” In the older Westphalian sense, it is implied the idea of the nation-state defending its borders from invaders. Over the past decade, however, security as an international relations term has radically shifted—casting its definitional net over not only traditional nation-state concerns, but also climate change, energy, migration, health, terrorism, drug trafficking, and cyberwarfare.
READ THE STORY: Global Americans
Ukraine, Irregular-War Changes Are Reshaping Pentagon’s Info-Ops Strategy
FROM THE MEDIA: Lessons from Ukraine and changes in irregular warfare will be reflected in the upcoming revision of the Pentagon’s information-operations strategy, defense policy leaders said. “Everyone has a cell phone; that’s what we’re seeing in the Ukraine. Not just soldiers having cell phones and watching the Javelin strike. Civilians are reporting the movement of Russian forces,” said Maj. Gen. Matthew Easley, a top information-ops advisor to the assistant defense secretary for special operations.
READ THE STORY: Defense One
Iranian Army Ground Force takes delivery of smart air defense system: Commander
FROM THE MEDIA: Commander of the Iranian Army's Ground Force Brigadier General Kioumars Heydari says his force has taken delivery of a sophisticated and smart air defense system developed and manufactured by the country’s military experts and technicians. Heydari made the remarks in an exclusive interview with Fars news agency on Monday, stressing that it is absolutely essential that the Ground Force units acquire state-of-the-art armaments in order to enhance their efficiency and be capable of responding to present-day operational needs.
READ THE STORY: PressTV
Using cloud to harness satellite imagery and sensor data for public sector use
FROM THE MEDIA: Government and public sector organizations face unique challenges to accomplish complex missions with limited resources. One of those challenges is how to harness the rapidly growing amount of modern satellite imagery and sensor data for public sector uses. In a recent FedScoop panel discussion, Jon Love, vice president of strategic growth at Maxar — a major provider of commercial satellite imagery to the U.S. government — discusses how modern cloud capabilities are improving not just the amount of data satellites collect, the quality of images they provide as well.
READ THE STORY: Fedscoop
Prince William Hacked by Pro-Russian Group
FROM THE MEDIA: Pro-Russian hackers targeted Prince William's new Prince of Wales website before he had even had a chance to update it, according to posts online. The Killnet group shared a Telegram post suggesting the website princeofwales.gov.uk had been taken offline due to the war in Ukraine. Online tool check-host, which monitors websites, reported error messages when trying to access princeofwales.gov.uk, however, Newsweek was able to access the site on November 22.
READ THE STORY: Newsweek
China’s evolving economic footprint in Latin America
FROM THE MEDIA: For more than a century, the United States has been the undisputed economic hegemon in Latin America. However, over the past two decades, China has displaced the U.S. as the region’s top trading partner in many Latin American nations. Additionally, Beijing has become a major source of foreign direct investment and lending. Increasingly, Latin American governments of all ideological stripes view China as a viable economic alternative.
READ THE STORY: GIS
NDAA Section 889: Can Lawmakers Withstand Semiconductor Lobby Onslaught Against National Security
FROM THE MEDIA: It’s that time of the year again – the congressional haggling over the annual National Defense Authorization Act (NDAA) is in full swing. Usually, lawmakers are preoccupied with allocating funding for big-ticket items like ships, planes, and other conventional military tools. But this year a crucial provision is on the table for defending America’s defense infrastructure against Chinese tech threats. Lawmakers seeking to strike a blow against both Chinese malign cyber activity and its weaponization of economic power would be wise to expand Section 889 of the NDAA.
READ THE STORY: Forbes
California County Says Personal Information Compromised in Data Breach
FROM THE MEDIA: The incident, Tehama County says, was identified on April 9, but the investigation into the matter stretched to August 19, when it was determined that personally identifiable information (PII) was compromised. The investigation revealed that an unauthorized third-party had access to the county’s systems between November 18, 2021, and April 9, 2022, and that files on the county’s department of social services systems were accessed. “The County of Tehama determined that information pertaining to certain current and former County of Tehama employees, recipients of services from the County of Tehama Department of Social Services, and other affiliated individuals was contained in one or more of those files,” the county says.
READ THE STORY: SecurityWeek
Items of interest
European lawmakers want Russian channels off satellites
FROM THE MEDIA: More than three dozen members of the European Parliament have written a letter to the top official at the European Union demanding the removal of Russian-backed television channels from two satellite systems. The letter, which was signed by 39 European Union members, said two Russia-linked channels — RT and Sputnik — are being broadcast on satellites owned by SES and Eutelsat, even though the organizing body placed sanctions on Russian-owned media agencies over the country’s invasion of Ukraine. “Despite the sanctions, the satellite companies Eutelsat and SES have continued providing services for the broadcasting of Russian war propaganda in the European Union, in Ukraine, in Russia and beyond, including in Africa,” the letter said.
READ THE STORY: The Desk
The rise and fall of RT America, a Russia-backed TV network (Video)
FROM THE MEDIA: RT America sold conspiracy theories and alternative facts under the slogan "Question More." Now it's a casualty of Russia's invasion of Ukraine. Reality Check's John Avlon talks with CNN media correspondent Oliver Darcy about how RT America pushed misinformation to the far right and far left - and what can be done to stop propaganda from spreading.
Goebbels: Master of Propaganda Documentary (Video)
FROM THE MEDIA: Paul Joseph Goebbels (pronounced [ˈpaʊ̯l ˈjoːzɛf ˈɡœbl̩s] ( listen); 29 October 1897 – 1 May 1945) was a German Nazi politician who was the Gauleiter (district leader) of Berlin, chief propagandist for the Nazi Party, and then Reich Minister of Propaganda from 1933 to 1945.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com