Thursday, November 24, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Retired Software Exploited To Target Power Grids, Microsoft
FROM THE MEDIA: A recent alarming report by Microsoft reveals the risks attached to common Internet of Things (IoT) devices using the discontinued Boa web server. Hackers are exploiting vulnerabilities in the software to target organizations in the energy sector. On Tuesday, Microsoft researchers revealed in an analysis their discovery of a vulnerable open-source component in the Boa web server, used widely in a range of routers and security cameras as well as popular software development kits (SDKs).
READ THE STORY: HackRead
Water companies face fresh accusations over sewage breaches
FROM THE MEDIA: Water companies in England and Wales have been accused of breaching environmental permits by dumping raw sewage into rivers and the sea even during dry periods, according to a charity that compiles data from the utilities. Sewage releases from storm overflow pipes are only permitted by the Environment Agency during “unusually heavy rainfall”. But research by the environmental charity Surfers Against Sewage found that water companies have been tipping untreated effluent into popular bathing spots even during dry spells.
READ THE STORY: FT
U.S. Navy Forced to Pay Software Company for Piracy
FROM THE MEDIA: The U.S. Navy was found guilty of piracy and is ordered to pay a software company $154,400 for a lawsuit filed back in 2016. The company, Bitmanagement Software GmbH, filed a complaint against the Navy, accusing the military branch of copyright infringement. GmbH claimed they had issued 38 copies of their 3D virtual reality software, BS Contact Geo, but while they were still in negotiations for additional licenses, the Navy installed the software onto at least 558,466 machines between 2013 and 2015.
READ THE STORY: Gizmodo
The spies in our pockets
FROM THE MEDIA: In the almost 10 years since the Edward Snowden revelations, we have all been more-or-less aware that if the USA’s National Security Agency or the UK’s GCHQ wants to listen to our communications, they’re going to manage to do so. Many of us might not be too happy about that, but many are also somewhat reassured that both countries are more-or-less functional democracies, with various safeguards and constitutional norms restricting how they use these functions.
READ THE STORY: The New European
European Parliament Putin things back together after cyber attack
FROM THE MEDIA: The European Parliament has experienced a cyber attack that started not long after it declared Russia to be a state sponsor of terrorism. The Parliament on Wednesday passed a resolution that details Russia's illegal invasion of Ukraine, weighs international definitions of terrorism, and – over nine pages and 4250 words – concludes that Russia is a state sponsor of terrorism. The attack appears to have made part of the Parliament's website inoperable and made access impossible for a few hours.
READ THE STORY: The Register // Security Affairs
The FBI Is Investigating a Cyberattack on Continental Tire
FROM THE MEDIA: Earlier this month, tire manufacturer Continental revealed that it was the target of a cyberattack in August. The German company also announced that it was investigating the data breach. However, Continental has refused to comment on reports that the data is being sold online after it refused to pay a ransom. Now, American authorities are helping in the search for answers. Reuters has reported that the U.S. FBI is now involved in the inquiry. The federal law enforcement agency was brought into the investigation by Germany’s security authorities.
READ THE STORY: Yahoo life
Hidden Russian Software in Thousands of Apps Sparks Fears of Online Activity Tracking, Prompts Ban by US Army
FROM THE MEDIA: A piece of Russian software buried in thousands of apps has raised concerns in some government agencies, and the US Army and CDC have banned several of these apps over concerns about tracking of online activity. A firm called “Pushwoosh” has code in numerous apps available via the Google and Apple official app stores, and had presented itself as being based in the United States. However, a Reuters investigation discovered that the company appears to be based in Siberia, something that it did not report to US regulars.
READ THE STORY: CPO MAG
Cyber Warfare in Eastern Europe
FROM THE MEDIA: More than eight months into the Russia-Ukraine war, Europe is sailing on full speed towards a dangerous iceberg, that is now only showing its peak: the increasing concerns regarding energy supplies. A deeper dive into European affairs would reflect a challenging crisis encompassing different dimensions that are as complex as they are interrelated. While some of them were triggered by the ongoing Russia-Ukraine war, others were pre-existing, and the evolution of the recent events had only served to amplify them.
READ THE STORY: EFP
How Washington chased Huawei out of Europe
FROM THE MEDIA: Huawei is giving up on Europe. The Chinese telecoms giant is pushing out its pedigreed Western lobbyists, retrenching its European operations and putting its ambitions for global leadership on ice. The reasons for doing this have little to do with the company’s commercial potential — Huawei is still able to offer cutting-edge technology at lower costs than its competitors — and everything to do with politics, according to interviews with more than 20 current and former staff and strategic advisers to the company.
READ THE STORY: Politico
The rush to buy and build weapons
FROM THE MEDIA: While VLADIMIR PUTIN isn’t in much better shape with only Iran and North Korea to lean on, the artillery and armor-heavy war align with how the Kremlin has prepared to fight. But the West is looking for ways to surge production of anti-armor weapons and new air defenses, and is dipping deep into reserves of artillery ammunition as the Ukrainians pop off 5,000 to 6,000 rounds a day at entrenched Russian positions in the south.
READ THE STORY: Politico
North Korea’s crypto-heists show vulnerabilities in Western security
FROM THE MEDIA: North Korea’s tireless cryptocurrency theft operations have highlighted vulnerabilities in the U.S. security ecosystem, raising questions of safety in the face of more effective cyberthreats from Russia and China. “They’ve gotten into U.S. government websites,” Bruce Klingner, senior research fellow for northeast Asia at the Heritage Foundation, told Fox News Digital. “They’ve gotten into the U.S. financial systems, companies, systems, [and] they were even going after COVID vaccine companies like Pfizer and others to try to get information on the vaccine.”
READ THE STORY: WFIN
Iranian hackers released footage of Jerusalem attack from security cameras
FROM THE MEDIA: Iranian hacker group "Moses Staff" published on Thursday a series of video clips taken from security cameras of Wednesday's attack in Jerusalem, according to reports from Hebrew media. The group published the video clips on Telegram, which captured the moment of the bomb explosion on Wednesday on the bus at the city's entrance. One of the published videos was accompanied by a caption in Hebrew, saying: "For a long time we have control over all your activities, step by step and moment by moment."
READ THE STORY: JP
Iranian-made drones recovered in Ukraine contain US components
FROM THE MEDIA: A UK research company that investigates illicit arms trafficking says Russian forces recently employed Iranian-sourced drones containing US-made components during attacks against Ukraine. Conflict Armament Research (CAR) says in a 23 November report that an investigation team operating in Ukraine from 2-5 November identified the wreckage of Shahed-131, Shahed-136 and Mohajer-6 unmanned aerial vehicles (UAVs) – all of which the group says were made in Iran.
READ THE STORY: Flight Global
‘Hunters’ On Prowl! Russia’s Futuristic Stealth Drones
FROM THE MEDIA: The latest Google Earth satellite image has revealed that two prototypes of Russia’s S-70 Hunter drones were spotted together at the 929th State Flight Test Center located in the Astrakhan Oblast of the Russian Federation. The two drones were rolled out of the hangar at the Airfield of State Flight Test Center sometime in October 2022. The image is significant as the newest stealthy prototype of the S-70 Hunter-B drone stands next to the prototype.
READ THE STORY: Eurasian times
Threat actors extend attack techniques to new enterprise apps and services
FROM THE MEDIA: Perception Point announced the publication of a report, “The Rise of Cyber Threats Against Email, Browsers and Emerging Cloud-Based Channels“, which evaluates the responses of security and IT decision-makers at large enterprises and reveals numerous significant findings about today’s enterprise threat landscape. One key takeaway is that organizations are paying a hefty $1,197 per employee each year to address successful cyber incidents across email services, cloud collaboration apps or services, and web browsers, meaning that a 500-employee company spends on average $600,000 on an annual basis.
READ THE STORY: HelpNetSecurity
GitHub repojacking attack: 10 lessons for software teams
FROM THE MEDIA: Hijacking code repositories, or repojacking, wasn’t new when security researchers discovered a serious vulnerability in the mechanism GitHub uses to retire namespaces, but the flaw in the development hub made the software community painfully aware of how defenseless it could be in the face of such software supply chain attacks. Repojacking targets a legitimate namespace in GitHub. The architecture of the hub allows user names to be changed through a renaming feature. After a change, traffic to the old name is redirected to the new name.
READ THE STORY: Security Boulevard
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back
FROM THE MEDIA: A group of attackers, likely based in Vietnam, that specializes in targeting employees with potential access to Facebook business and ads management accounts, has re-emerged with changes to its infrastructure, malware, and modus operandi after being initially outed a few months ago. Dubbed DUCKTAIL by researchers from WithSecure, the group uses spear phishing to target individuals on LinkedIn who have job descriptions that could suggest they have access to manage Facebook business accounts.
READ THE STORY: CSO
Black Basta Ransomware Gang Actively Infiltrating U.S. Companies with Qakbot Malware
FROM THE MEDIA: Companies based in the U.S. have been at the receiving end of an "aggressive" Qakbot malware campaign that leads to Black Basta ransomware infections on compromised networks. "In this latest campaign, the Black Basta ransomware gang is using QakBot malware to create an initial point of entry and move laterally within an organization's network," Cybereason researchers Joakim Kandefelt and Danielle Frankel said in a report shared with The Hacker News.
READ THE STORY: THN
This Android File Manager App Infected Thousands of Devices with SharkBot Malware
FROM THE MEDIA: The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store, posing as file managers to bypass the app marketplace's restrictions. A majority of the users who downloaded the rogue apps are located in the U.K. and Italy, Romanian cybersecurity company Bitdefender said in an analysis published this week. SharkBot, first discovered towards the end of 2021 by Cleafy, is a recurring mobile threat distributed both on the Google Play Store and other third-party app stores.
READ THE STORY: THN
Tata Power Attack Linked to Bug in Nearly 20-Year-Old Server
FROM THE MEDIA: Nearly 20-year-old, outdated web servers were responsible for last month's intrusion on India's largest integrated power company, Tata Power, Microsoft says. Discontinued in 2005, Boa servers have been used to target and compromise several other critical infrastructure organizations globally, Microsoft said in its security blog. Online digital threat analysis firm Recorded Future first reported in 2021 that Chinese state-sponsored groups were responsible for infecting India's power supply companies with malware (see: India Fights Against Malware Targeting Power Supply).
READ THE STORY: BankInfoSec
US military goes zero-trust on software and government gets busy
FROM THE MEDIA: Federal agencies are continuing to put in place their cybersecurity strategies 18 months after the Biden Administration issued its executive order to strengthen the government's defenses. Most recently, the Pentagon this week outlined its zero-trust strategy [PDF] roadmap while the Cybersecurity and Infrastructure Security Agency (CISA) updated its infrastructure resilience framework for guiding state, local, and tribal entities as they plan their cybersecurity efforts.
READ THE STORY: The Register
A deep dive into Automotive Hacking and Mobility Cybersecurity
FROM THE MEDIA: Undoubtedly, the rise of mobility and Internet of Things (IoT) have significantly contributed to digital optimization, transformation and the Industrial Revolution 4.0. The popularity of Mobile Computing, Bring-Your-Own-Device (BYOD), mobile commerce, and the transformation of automotive, healthcare, utilities and other verticals to interconnected hybrid systems leveraging IoT.
READ THE STORY: ET
Microsoft gives it latest data on hacks
FROM THE MEDIA: Password hacks are getting quite common and according to the statistics, 921 passwords get hacked every second of the day. According to Microsoft Digital Defense Report, password hacking has increased by 74% in 2022 as compared to last year. Microsoft and other big technologies are working on making their security system strong so their users can have a safe experience on the platform. The future doesn't look too good if all the information is getting constantly hacked by different hackers.
READ THE STORY: Digital Information World
Bifurcation of chip industry will hit China harder
FROM THE MEDIA: A bifurcation of the global semiconductor industry will be expensive and risky, and pose threats to quality and reliability as well, the rating agency S&P Global Ratings says in a research note issued earlier this month, adding that China and other Asia-Pacific producers are likely to suffer more. The agency issued its note in the wake of the imposition of new restrictions by the US on chip exports to China on 7 October.
READ THE STORY: itWire
Cyber-mercenary group targets Android users with fake Trojan VPN apps
FROM THE MEDIA: A malicious spyware campaign has been discovered by cybersecurity software firm ESET, where trojan VPN apps are used to steal data from messaging apps like WhatsApp, Messenger, Signal, Viber, and Telegram. The campaign is targeting Android users. These spyware apps are distributed through a fake SecureVPN website that provides only trojan Android apps to download. Trojans apps are essentially deceptive programs that appear to perform a particular function but actually perform another.
READ THE STORY: The Indian Express
Russian Hackers Now Offering Stealer as a Service
FROM THE MEDIA: Hacking groups are using a stealer-as-a-service business model to spread infostealer malware and steal credentials from online gaming and payment accounts. Threat intelligence firm Group-IB detected 34 new Russian-speaking groups that are spreading multiple infostealer variants. The researchers say the groups are stealing user credentials from individuals on online gaming platforms such as Steam and Roblox, as well as payment details from Amazon and PayPal accounts. The malware is also compromising cryptocurrency wallets using victims' browsers.
READ THE STORY: BankInfoSec
Fake MSI Afterburner Sites Inject Coin-Miner Into Software installer
FROM THE MEDIA: We post this information so clearly on our download pages; the only two official places to download MSI AfterBurner from are Guru3D.com and MSI.com. As it seems there are fake builds of MSI AfterBurner available on the web. As many as 50 fake websites are now delivering an infected version. It installs MSI afterburner and also injects extra code. Cyble Intelligence and Research Lab (CRIL) recently discovered a phishing campaign using phoney MSI Afterburner software to infect gamers with bitcoin miners and information stealers.
READ THE STORY: Guru3D
The Ukraine conflict is exposing the limits of cyber warfare — and Russian hackers
FROM THE MEDIA: It’s safe to say that Putin’s invasion of Ukraine hasn’t gone to plan. Russian forces are suffering mounting setbacks, after underestimating the resistance of his adversaries — and that’s just in cyberspace. The Kremlin’s hacker army – like its conventional military – hasn’t lived up to its fearsome reputation. At least, not yet. Analysts have offered an array of explanations for Russia’s cyber limitations. They range from upgrades to Ukraine’s defenses to changes in the Kremlin’s tactics.
READ THE STORY: TNW
Ukraine races to restore power knocked out by Russian air strikes
FROM THE MEDIA: Power was gradually being restored to Ukrainian cities including the capital Kyiv on Thursday, a day after Russian missile strikes caused Kyiv's biggest outages in nine months of war. Regional authorities said 25% of homes in Kyiv were still without electricity but the water supply had been restored in some areas and would start working in other areas later on Thursday. In a big improvement from Wednesday, when authorities said power was lost across the entire Kyiv region, public transport was operating in the capital, with buses replacing trams to save power.
READ THE STORY: Reuters
Power supply outages cripple RioZim operations
FROM THE MEDIA: MINING house RioZim Limited (RioZim) says power supply challenges remain a key risk to the sustainability of its operations. Despite the company putting in place diesel generators to lessen production stoppages, in its trading update for the third quarter (Q3) 2022, the group said it remained reliant on the power utility Zesa for consistent power supply to run optimally. “Power supply challenges worsened during the quarter due to acute load shedding as the country battled with erratic local power generation coupled with inadequate supplementary power imports.
READ THE STORY: News Day
If Twitter Dies, Democracy Won’t Go With It
FROM THE MEDIA: A feral panic broke out last weekend on Twitter as user after user posted forwarding addressees on Mastodon, Post and other digital destinations based on their intuition the social media site was about to fall off the edge of the world. As frantic as survivalists trying to outrun zombies, they cursed new owner Elon Musk and bid their followers and followees adieu as they keyboarded their way to their own virtual Idahos.
READ THE STORY: Politico
Items of interest
Why Twitter Won’t Crash And Die Despite Losing 70% Of Staff: Former GitHub CTO
FROM THE MEDIA: Former GitHub CTO Jason Warner says the core Twitter service will most likely remain functional and operational despite Twitter shedding more than half of its employees and the majority of its contractors in a matter of weeks. The biggest reason: the very nature of Twitter itself. “Twitter — the service — can suffer lots and lots and lots of issues and it will still be a useful/amusing service for many,” he tweeted in a long thread on the topic. “It is not the same as a mission critical product.”
READ THE STORY: Forbes
Chinese Spy Sentenced to 20 Years in the US; China's Xi Accuses Canada's Trudeau of Leaking Talks (Video)
FROM THE MEDIA: Chinese Spy Sentenced to 20 Years in the US; China's Xi Accuses Canada's Trudeau of Leaking Talks.
Spy Chat with Chris Costa (Video)
FROM THE MEDIA: Join us for an online discussion of the latest intelligence, national security, and terrorism issues in the news. Spy Museum Executive Director Chris Costa will lead the briefing. Costa, a former intelligence officer of 34 years with 25 of those in active duty in hot spots such as Panama, Bosnia, Afghanistan, and Iraq is also a past Special Assistant to the President and Senior Director for Counterterrorism on the National Security Council. He will be joined by LTG (R) Michael K. Nagata, former Director of Strategic Operational Planning for the National Counterterrorism Center.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com