Wednesday, November 23, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Drones over D.C.: Senators alarmed over potential Chinese spy threat
FROM THE MEDIA: Hundreds of Chinese-manufactured drones have been detected in restricted airspace over Washington, D.C., in recent months, a trend that national security agencies fear could become a new means for foreign espionage. The recreational drones made by Chinese company DJI, which are designed with “geofencing” restrictions to keep them out of sensitive locations, are being manipulated by users with simple workarounds to fly over no-go zones around the nation’s capital.
READ THE STORY: Politico
Donut extortion group also targets victims with ransomware
FROM THE MEDIA: The Donut (D0nut) extortion group has been confirmed to deploy ransomware in double-extortion attacks on the enterprise. BleepingComputer first reported on the Donut extortion group in August, linking them to attacks on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando. Strangely, the data for Sando and DESFA was also posted to several ransomware operations’ sites, with the Sando attack claimed by Hive ransomware and DESFA claimed by Ragnar Locker.
READ THE STORY: Bleeping Computer
Reimagining the mining industry with Industrial Internet
FROM THE MEDIA: Sometimes referred to as "black gold", coal has been one of the main energy sources for almost every industry worldwide since the 18th century. That's particularly true in China, which has little oil and gas but plenty of coal, making it an essential energy source. At the same time, to push forward sustainable development, the Chinese government announced that the country's carbon dioxide emissions would peak before 2030 and carbon neutrality would be achieved by 2060.
READ THE STORY: The Register
Why Ukraine Is Stuck With Elon
FROM THE MEDIA: As is often the case with Elon Musk, it started with a tweet. On Feb. 26, two days after Russia launched its full-scale invasion of Ukraine, Ukrainian Vice Prime Minister Mykhailo Fedorov tweeted at the world’s wealthiest man. “While your rockets successfully land from space—Russian rockets attack Ukrainian civil people!” Fedorov wrote. “We ask you to provide Ukraine with Starlink stations,” he added.
READ THE STORY: FP
Cyber Protection as Important as Missile Defense Systems: Retired NATO General
FROM THE MEDIA: A cyber attack on the German ports of Bremerhaven or Hamburg would severely impede NATO efforts to send military reinforcements to allies, retired U.S. General Ben Hodges told Reuters. The European Commission proposed an action plan to bolster cyber defense earlier this month; Hodges, who commanded U.S. Army forces in Europe from 2014 until 2017 and has long argued that civilian infrastructure is an essential pillar of military strategy, said cyber protection is just as important as missile defense systems to guard the German North Sea ports.
READ THE STORY: Insurance Journal
Hackers breach energy orgs via bugs in discontinued web server
FROM THE MEDIA: Microsoft said today that security vulnerabilities found to impact a web server discontinued since 2005 have been used to target and compromise organizations in the energy sector. As cybersecurity company Recorded Future revealed in a report published in April, state-backed Chinese hacking groups (including one traced as RedEcho) targeted multiple Indian electrical grid operators, compromising an Indian national emergency response system and the subsidiary of a multinational logistics company.
READ THE STORY: Bleeping Computer
Idaho now has a vulnerability disclosure policy for election websites
FROM THE MEDIA: The Idaho secretary of state’s office last week became the fourth in the country to launch a vulnerability disclosure policy, giving white-hat hackers legal permission to poke and prod the office’s election-related websites for weaknesses. Under the new policy, security researchers will be allowed to inspect a set of five websites for potential or real security flaws, such as exposures of sensitive data, and report them to be remedied without fear of reprisal or threat of prosecution.
READ THE STORY: Statescoop
The Yanluowang ransomware group in their own words
FROM THE MEDIA: On Halloween, a message appeared on the Yanluowang ransomware group’s extortion site: “Check and mate! Yanluowang Matrix chat hacked,” it began. “Time’s up;) you screwed!!” It announced that the contents of one of the group’s discussion channels – some 2,700 messages sent between January and September 2022– had been breached and was now uploaded to a leak site that allowed researchers, law enforcement, and even competitors to understand how the group was organized, how it interacted with other ransomware actors, and who might be in charge.
READ THE STORY: The Record
Hackers Exploiting Abandoned Boa Web Servers to Target Critical Industries
FROM THE MEDIA: Microsoft on Tuesday disclosed the intrusion activity aimed at Indian power grid entities earlier this year likely involved the exploitation of security flaws in a now-discontinued web server called Boa. The tech behemoth's cybersecurity division said the vulnerable component poses a "supply chain risk that may affect millions of organizations and devices."
READ THE STORY: THN
Russian speaking groups infect thousands of computers in Saudi Arabia, Gulf region
FROM THE MEDIA: Thousands of computers in Saudi Arabia and across the Gulf have been hacked by Russian-speaking scammers in the first seven months of the year, cybersecurity company Group-IB said in a report on Wednesday. Group-IB identified the groups using malware to obtain passwords for accounts including Amazon and PayPal, as well as to gain access to their payment records and crypto wallets.
READ THE STORY: Alarabiya News
For two years security experts have been secretly decrypting systems for Zeppelin ransomware victims
FROM THE MEDIA: When there’s so much bad news in the world of cybersecurity, it’s always good to share a positive story. Researchers at cybersecurity firm Unit 221B have revealed that they have been secretly helping victims of the Zeppelin ransomware decrypt their computer systems since 2020. Victims of the Zeppelin ransomware since its emergence in 2019 have included businesses, critical infrastructure organizations, defense contractors, educational institutions, and the healthcare and medical industries.
READ THE STORY: Graham Cluley
Ducktail Cyberattackers Add WhatsApp to Facebook Business Attack Chain
FROM THE MEDIA: A financially motivated threat actor targeting individuals and organizations on Facebook's Ads and Business platform has resumed operations after a brief hiatus, with a new bag of tricks for hijacking accounts and profiting from them. The Vietnam-based threat campaign, dubbed Ducktail, has been active since at least May 2021 and has affected users with Facebook business accounts in the United States and more than three dozen other countries.
READ THE STORY: DarkReading
Cybereason warns of fast-moving Black Basta campaign
FROM THE MEDIA: Black Basta ransomware actors are utilizing extreme speed and a new tactic that makes it increasingly difficult for enterprises to respond to an attack, according to new research by Cybereason. In the latest campaign observed by the Cybereason Managed Services team, threat actors obtained administrative access in less than two hours and deployed Black Basta ransomware in less than 12 hours.
READ THE STORY: DarkReading
Fake subscription invoices lead to corporate data theft and extortion
FROM THE MEDIA: A threat actor dubbed Luna Moth has been leveraging social engineering and legitimate software to steal sensitive data and extort money from small and medium-size businesses. The group is eschewing the use of ransomware and instead relies on targeted employees calling a phone number manned by the attackers and convincing them to install a remote access tool.
READ THE STORY: HelpNetSecurity
Black Basta Using QBot Malware to Target US-Based Companies
FROM THE MEDIA: Researchers say Black Basta is dropping QBot malware - also called QakBot - in a widespread ransomware campaign targeting mostly U.S.-based companies. In the group's latest campaign, attackers are again using QBot to install a backdoor and then drop in encryption malware and other malicious code, according to Cybereason.
READ THE STORY: GovInfoSec // siliconANGLE
China-based hackers target Asia-Pacific gov’ts, including PH, in spear-phishing campaign
FROM THE MEDIA: Cybersecurity firm Trend Micro on Friday, November 18, announced that they have uncovered a global spear-phishing campaign by a China-based threat actor, with a higher focus on Asia Pacific countries including to Myanmar, Australia, the Philippines, Japan, and Taiwan. Spear-phishing is a more targeted form of phishing.
READ THE STORY: Rappler
Apps leak Algolia API Keys
FROM THE MEDIA: Using their mobile app search engine BeVigil, researchers at AI tech firm CloudSEK have identified over fifteen hundred apps that are leaking Algolia API Keys. CloudSEK explains that more than 11 thousand companies – including big names like Lacoste, Medium, and Slack – use Algolia’s API to incorporate search, discovery, and recommendations into their voice, mobile, and website applications.
READ THE STORY: The Cyberwire
Quantum Locker lands in the Cloud
FROM THE MEDIA: During the latest weeks, the Belgian company Computerland shared insights with the European threat intelligence community about Quantum TTPs adopted in recent attacks. The shared information revealed Quantum gang used a particular modus operandi to target large enterprises relying on cloud services in the NACE region.
READ THE STORY: Security Affairs
Opportunistic scammers targeting users of Steam, Roblox, and Amazon in 111 countries
FROM THE MEDIA: Group-IB, one of the global leaders in cybersecurity, has identified 34 Russian-speaking groups that are distributing info-stealing malware under the stealer-as-a-service model. The cybercriminals use mainly Racoon and Redline stealers to obtain passwords for gaming accounts on Steam and Roblox, credentials for Amazon and PayPal, as well as users’ payment records and crypto wallet information. In the first seven months of 2022, the gangs collectively infected over 890,000 user devices and stole over 50 mln passwords.
READ THE STORY: ZAWYA
New hacking campaign swaps malware for phone calls
FROM THE MEDIA: Palo Alto Networks has investigated several incidents involving a data extortion gang using a growing social engineering tactic to extort retailers and other businesses out of hundreds of thousands of dollars, according to a report Monday. The report highlights the range of threats retailers, other businesses and consumers are up against heading into the hectic holiday season — and the depths hackers will go to make sure they find success.
READ THE STORY: Axios
Hackers are locking out Mars Stealer operators from their own servers
FROM THE MEDIA: A security research and hacking startup says it has found a coding flaw that allows it to lock out operators of the Mars Stealer malware from their own servers and release their victims. Mars Stealer is data-stealing malware as a service, allowing cybercriminals to rent access to the infrastructure to launch their own attacks. The malware itself is often distributed as email attachments, malicious ads and bundled with torrented files on file-sharing sites.
READ THE STORY: TechCrunch
Hornetsecurity expands APAC and EMEA growth through new distribution agreements
FROM THE MEDIA: Hornetsecurity announced a major push into several different regions across the world, with the signing of new distributors and partnerships. This further expands Hornetsecurity’s established presence in Europe, the US and LATAM. In the Philippines and Saudi Arabia, the signing of distributors WSI and S2 will see Hornetsecurity’s capabilities support even more businesses in limiting cybersecurity issues. EMT have been appointed as distributors of Hornetsecurity solutions in the Middle East.
READ THE STORY: HelpNetSecurity
Surge of Fake FIFA World Cup Streaming Sites Targets Virtual Fans
FROM THE MEDIA: Zscaler ThreatLabz is always on the lookout for threat actors trying to take advantage of major world news and events. The FIFA World Cup 2022 has brought with it a spike in cyber attacks targeting football fans through fake streaming sites and lottery scams, leveraging the rush and excitement around these uncommon events to infect users with malware.
READ THE STORY: Security Boulevard
New Warning Issued Against Google Chrome Browser Extension That’s Stealing Cryptocurrency Passwords
FROM THE MEDIA: A new report by security experts is shedding light on the malware called VenomeSoftX that may appear as an extension for Google Chrome at first but can do so much worse. The extension has the ability to be set out by another Windows malware and can go as far as stealing users’ crypto passwords. Any other related clipboard contents may also be taken away while a user goes on a search exploration across the web.
READ THE STORY: Digital Information World
Dozens of Russian Groups Steal 50 Million User Passwords
FROM THE MEDIA: Security researchers have warned of a password-theft epidemic after revealing that Russian groups are using off-the-shelf info-stealing malware to devastating effect. Group-IB said its analysis revealed 34 Telegram groups used by threat actors to organize their efforts, and that they’d infected over 890,000 user devices and stolen over 50 million passwords in the first seven months of 2022 alone.
READ THE STORY: InfoSecMag
Researcher warns that Cisco Secure Email Gateways can easily be circumvented
FROM THE MEDIA: An anonymous researcher publicly disclosed a series of techniques to bypass some of the filters in Cisco Secure Email Gateway appliance and deliver malware using specially crafted emails. The researcher pointed out that the attack complexity is low, it also added that working exploits have already been published by a third party. The expert disclosed the technique within a coordinated disclosure procedure.
READ THE STORY: Security Affairs
Cyber Due Diligence in M&As Uncovers Threats, Improves Valuations
FROM THE MEDIA: Imagine getting ready to spend billions of dollars on an acquisition, only to find out that the target of the acquisition was the victim of multiple cyberattacks affecting billions of accounts. One would think such a scenario would be a huge red flag that no corporate board or general counsel would ever forget, regardless of the size of the acquisition, but that clarion call does not seem to be heard universally.
READ THE STORY: DarkReading
Microsoft Wages Nation-State Cyberwar, Deleting 600 Domains
FROM THE MEDIA: Microsoft has been busy removing internet domains identified as being criminally used by bad actors, including those sponsored by nations. That's one takeaway from the company's sprawling Microsoft Digital Defense Report 2022, which devotes one of its sections to nation-state threats that reached a new level with the advent of the war in Ukraine.
READ THE STORY: Virtualization Review
China massively outguns U.S. in increasingly bellicose cyber shootout
FROM THE MEDIA: China’s cyberspace operations were once considered “sloppy,” but its online capabilities have grown rapidly over the past decade into a dangerous threat regarded as equal to U.S. military digital skills, a congressional report warns. Under Chinese President Xi Jinping, China’s military and government-reorganized agencies now boast sophisticated cyberwarfare tools and powerful espionage that the U.S. says have been used to steal trillions of dollars in proprietary and secret information.
READ THE STORY: Washington Times
Saudi Arabia And Israel’s NSO Face Fresh Spyware Challenge From Khashoggi Ally
FROM THE MEDIA: Saudi Arabia and Israeli technology company NSO are facing another legal challenge in the UK, after British-Jordanian human rights activist Dr Azzam Tamimi launched legal proceedings against them. Tamimi was a friend of murdered Saudi journalist Jamal Khashoggi, who was killed in the Saudi consulate in Istanbul in 2018.
READ THE STORY: Forbes
China set to fine Ant Group over $1bn, signaling revamp nears end
FROM THE MEDIA: Chinese authorities are poised to impose a fine of more than $1 billion on Jack Ma’s Ant Group, said six sources with direct knowledge of the matter, setting the stage for ending the fintech company’s two-year long regulatory overhaul. The People’s Bank of China (PBOC), which has been driving the revamp at Ant after the Chinese firm’s $37 billion IPO was scuttled at the last minute in 2020, is the regulator that is readying the fine, said five of the sources.
READ THE STORY: Business Recorder
The secret history of encrypted DMs on Twitter
FROM THE MEDIA: Last we broke the news that Twitter is developing encrypted direct messages as one of Elon Musk’s top five product priorities. Today The Verge’s Alex Heath reported that Musk shared further details on his plans on Monday in a meeting with employees, saying that he had asked Signal creator Moxie Marlinspike for help and planned to eventually offer encrypted voice and video calling as well.
READ THE STORY: Platformer
SSU Stops Funding of the Russian Federation through Illegal Online Casino
FROM THE MEDIA: An unprecedented special operation has been conducted in Ukraine. SSU’s cyber specialists caught the group of criminals that transferred the funds from the gambling site to Russia. According to SSU, the criminals that have been caught are the citizens of both Ukraine and Russia. The operation has been documented and blocked by the authorities, which enabled the liquidation of the illegal online casino. During the operation, about 3 billion in hryvnia equivalent has been served to fund the Russian Federation.
READ THE STORY: World Casino Directory
Ukraine Energy Provider Details 'Colossal' Damage to Nearly All Facilities
FROM THE MEDIA: The damage inflicted to the Ukrainian power grid from recent Russian missile attacks has been "colossal," according to a top energy official. Volodymyr Kudrytskyi, CEO of Ukrainian energy company Ukrenegro, said during a press briefing Tuesday that recent Russian attacks damaged essentially all thermal and hydraulic power plants across Ukraine. The sixth such missile attack on the Ukrainian power grid was the biggest since Russia invaded Ukraine on February 24, he said. About 100 Russian missiles were launched toward mainly Ukrengro substations, in addition to power plants, causing various levels of damage at 15 facilities.
READ THE STORY: Newsweek
'Welcome to Twitter': Elon Musk hires an intern who hacked iPhones as a teen
FROM THE MEDIA: Elon Musk has hired a new intern for Twitter. This new intern is known for his prior dealings with Tesla and also for hacking iPhones in his teenage years. The intern, named George Hotz, made a pitch to Elon Musk on Twitter, publicly. Musk responded with a 'Let's talk'. The former iPhone hacker has now earned an 'internship' at Twitter and he has a specific set of tasks carved out for him at the social media company.
READ THE STORY: BT
ESET launches report highlighting activities of Russia, North Korea, Iran and China-aligned threat actors
FROM THE MEDIA: Accompanying the successful ESET Threat Report, ESET Research launches the ESET APT Activity Report, aiming to provide a periodic overview of ESET’s findings on the activities of advanced persistent threat (APT) groups. In the first instalment, covering T2 2022 (May-August 2022), ESET Research saw no decline in the APT activity of Russia-, China-, Iran-, and North Korea-aligned threat actors.
READ THE STORY: Tahawultech
Despite Chip Ban, U.S. Trails China in Published Research Papers
FROM THE MEDIA: The U.S. can no longer claim the top spot in published and accepted research papers on chip design and leading-edge technologies. Following the latest entries for the International Solid State Circuits Conference (ISSCC 2023), one of the world's most renowned events on semiconductor circuits, it has become clear that particular accolade now belongs to China(opens in new tab) - despite a prolonged climate of heavy technological sanctions being levied against the country.
READ THE STORY: TomsHardware
Items of interest
Evaluation of Germany’s Reaction to The European Energy Crisis
FROM THE MEDIA: The Russo-Ukrainian crisis, which started on 24 February 2022, brought war back to Europe. This war has visibly impacted the energy nerve of Europe as Russia is the primary exporter of energy, for – Liquified Natural Gas (LNG), oil and solid fossil fuel. Germany, in particular, had maintained a pro-longed diplomatic front in a bid to continue its energy trade which is largely dependent on Russia. Europe’s dependence on LNG and oil imports from Russia has highlighted the need for Europe to diversify its energy trade.
READ THE STORY: Modern Diplomacy
Jailbreaking Tractors (Video)
FROM THE MEDIA: John Deere, an American agricultural machinery manufacturer, has recently enraged many farmers and digital rights activists due to the restrictive fixing policy of its tractors. Now, an Australian white hat hacker named Sick Codes has demonstrated not only how he was able to jailbreak the company’s tractors and run Doom on them (because why not) – but also hack into its global operations center, demonstrating how hackers can easily take over a huge number of farming machines all over the world.
What Would Happen if CBS Got Hacked (Video)
FROM THE MEDIA: Media companies probably get hacked no more than other, non-media oriented organizations such as hospitals, banks, etc. But these hacks are often more visible and more memorable because… well, media companies are more public facing by their very nature. How can these organizations be hacked, and why should we care about such attacks? Nate Nelson spoke with Joel Molinoff, former chief information risk officer for CBS Corporation, and Dan Vasile, former vice president of information security at Paramount.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com