Saturday, November 26, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Maple Leaf Foods confirms it was hit by ransomware, won’t pay attackers
Analyst Notes: UPDATE - This was first mentioned in Daily Drop 307. Black Basta Ransomware group is poss. formed of the former CONTI group and has ties with the Russian government.
FROM THE MEDIA: Maple Leaf Foods has confirmed it was hit by ransomware, and that it won’t pay for the return of stolen data. The Black Basta ransomware gang now lists Canadian meat processor Maple Leaf Foods as one of its victims. It isn’t clear but this could be related to the cyber incident the company acknowledged earlier this month. At the time of the incident, a Maple Leaf Foods spokesperson said an IT outage was creating some operational and service disruptions that varied by business unit, plant, and site. In reply to a request for comment by IT World Canada on the listing of its company by Black Basta, the company issued a statement saying, “We won’t dignify criminals by naming them.”
READ THE STORY: CDN
ICEYE Satellite Leased By Ukrainians Helped To Identify About 2,600 Pieces Of Equipment Of Russian Troops
FROM THE MEDIA: This is stated in the message that the Defense Intelligence of the Ministry of Defense of Ukraine published on its Telegram channel. In general, since gaining access to the satellite and database of other ICEYE devices, the Defense Intelligence has carried out radar reconnaissance of 150 areas of the Russian troops. The observation was carried out both in the temporarily occupied territories of Ukraine and in Russia and Belarus. The observation made it possible to identify and confirm about 2,600 units of enemy equipment. We are talking about land, air and sea equipment, as well as pontoon crossings, radar stations and tents in the locations of the occupiers.
READ THE STORY: Ukrainian News
U.S. Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk
FROM THE MEDIA: The U.S. Federal Communications Commission (FCC) formally announced it will no longer authorize electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, deeming them an "unacceptable" national security threat. All these Chinese telecom and video surveillance companies were previously included in the Covered List as of March 12, 2021. "The FCC is committed to protecting our national security by ensuring that untrustworthy communications equipment is not authorized for use within our borders, and we are continuing that work here," FCC Chairwoman Jessica Rosenworcel said in a Friday order.
READ THE STORY: THN
Elon Musk says Twitter will re-launch its verification program next week
FROM THE MEDIA: Elon Musk says he has a tentative timeframe to once again roll out his new paid verification system for Twitter. "Sorry for the delay, we're tentatively launching Verified on Friday next week," the embattled new CEO wrote in a tweet early Friday. This will be his second attempt at launching a paid verification system. His first attempt earlier this month failed after users successfully impersonated companies and celebrities, including Lebron James, Former President George W. Bush and Musk himself.
READ THE STORY: NPR
Russian Hackers Target Dutch LNG Terminal
FROM THE MEDIA: Russian hackers have been doing “exploratory research” into the systems of the Dutch LNG terminals, trying to find ways into the systems, American cyber security company Dragos has reported. According to Dragos’ Casey Brooks, hacker groups Xenotime and Kamacite have been poking at the digital systems of Gasunie’s LNG terminal in Eemshaven in Rotterdam. The FBI has revealed that Xenotime and Kamacite have ties to the Russian secret service. Dutch company ElectricIQ has also reported increased activity around vital infrastructure in Europe and the Netherlands.
READ THE STORY: Yahoo Finance
China intensifies disinformation, cyberattacks on Taiwan
FROM THE MEDIA: China's armed forces are increasingly engaging in nonmilitary warfare on Taiwan that weaponizes disinformation and psychological manipulation, according to a report released Friday by a Japanese Defense Ministry think tank. The annual China Security Report, published by the National Institute for Defense Studies (NIDS), focuses on the cognitive warfare being adopted by the Chinese Communist Party. That approach propagates information useful to the party through social media platforms and cyberspace.
READ THE STORY: NikkeiAsia
Android users in Middle East, South Asia targeted with spyware posing as fake VPN apps
FROM THE MEDIA: Android users in the Middle East and South Asia are being targeted by a government-linked group with spyware posing as VPN websites, according to a new report from ESET. Researchers determined the campaign has been running since January, and attributed it to the notorious Bahamut advanced persistent threat (APT) group. The organization did not respond to requests for comment about which country the APT is believed to be affiliated with. The spyware is being distributed through a fake SecureVPN website with apps for Android.
READ THE STORY: The Record
Russia Runs Out Of ‘Cheap & Chirring’ Iranian Drones
FROM THE MEDIA: The UK Military Intelligence update said Russia has likely “exhausted” the “One Way Attack (OWA) aircraft” and can procure more from abroad faster than it can “manufacture new cruise missiles domestically.” Earlier this month, on November 6, Iranian Foreign Minister Hossein Amirabdollahian admitted that Iran had supplied the drones to Russia but clarified that it was several months before the war. But the British and Iranian claims have tremendous implications and hints about the magnitude of planning Russia undertook for a possible military intervention, presumably a year in the making.
READ THE STORY: Eurasian Times
The US Chip Blockade Against China Is Creating Unplanned Consequences
FROM THE MEDIA: The US trade and tech wars against China continued under President Joe Biden, who escalated export controls related to technology. The US wants to cut China’s access to advanced semiconductors and the equipment used to manufacture them in order to prevent their use for military purposes. The restrictions follow the CHIPS and Science Act, passed in August 2022 which showers $52 billion in subsidies on the US chip industry and grants over $200 billion in additional research and development (R&D) and science funding.
READ THE STORY: Eurasia Review
ConnectWise closes XSS vector for remote hijack scams
FROM THE MEDIA: A cross-site scripting (XSS) vulnerability in ConnectWise Control, the remote monitoring and management (RMM) platform, offered attackers a powerful attack vector for abusing remote access tools. Now patched, the stored XSS flaw was disclosed by Guardio Labs, which in July published an analysis of tech support scams, a widespread phenomenon whereby scammers abuse RMM platforms in order to create fake technical support portals and dupe victims into inadvertently installing malware.
READ THE STORY: Portswigger
New ransomware attacks in Ukraine linked to Russian Sandworm hackers
FROM THE MEDIA: New ransomware attacks targeting organizations in Ukraine first detected this Monday have been linked to the notorious Russian military threat group Sandworm. Slovak software company ESET who first spotted this wave of attacks, says the ransomware they named RansomBoggs has been found on the networks of multiple Ukrainian organizations. "While the malware written in .NET is new, its deployment is similar to previous attacks attributed to Sandworm," ESET's Research Labs said.
READ THE STORY: Bleeping Computer
Putin’s Chef Sends ‘Bloody’ Sledgehammer to EU Parliament
FROM THE MEDIA: A sledgehammer smeared with fake blood, packed in a violin case – that was Russian tycoon Yevgeny Prigozhin’s macabre message to the European Parliament after EU legislators demanded that his notorious mercenary group be placed on the EU’s terrorist list. The European Parliament had passed a resolution on the latest developments in Russia’s war against Ukraine on Wednesday, identifying Russia as a “state sponsor of terrorism” that employs “means of terrorism”. The non-binding symbolic document urged the EU’s decision maker.
READ THE STORY: OCCRP
Remote Code Execution Vulnerability Found in Windows Internet Key Exchange
FROM THE MEDIA: A series of exploits have been found in the wild targeting Windows Internet Key Exchange (IKE) Protocol Extensions. According to a new advisory recently shared by security company Cyfirma with Infosecurity, the discovered vulnerabilities could have been exploited to target almost 1000 systems. The attacks observed by the company would be part of a campaign that roughly translates to “bleed you" by a Mandarin-speaking threat actor. The Cyfirma Research team has also observed unknown hackers sharing an exploit link on underground forums, which could be used to target vulnerable systems.
READ THE STORY: InfoSecMag
Drones over Ukraine are reinventing war
FROM THE MEDIA: From HG Wells’s War of the Worlds to the Terminator film franchise, the future of war has been fertile territory for the sci-fi genre. The technology imagined by writers and popularized by Hollywood has become an inspiration for forward-looking military boffins: a world of laser rays, robots and artificial intelligence. But for science fact rather than science fiction it is enough to study the nine months of combat between Russia and Ukraine. Vladimir Putin’s invasion is revolutionizing war fighting, pitting drone against drone, weaponizing consumer tech, and creating start-up companies that adapt arms and kit for the changing battlefield.
READ THE STORY: The Times
Chinese trollers insult Islam, unleash blasphemy on Prophet
FROM THE MEDIA: China's genocidal policy against Uyghurs, an ethnic Turkish group that inhabits Xinjiang Uyghur Autonomous Region, has reached a new phase as the Wumao army or the "50 Cent Army" insults Islam and unleashes blasphemy on the Prophet, Theodoros Benakis writes in European Interest. In the social media space, the Wumao army, which is a group of state-backed internet commentators, is often seen hurting the Uyghur religious sentiments. Social media often described Muslims as extremists and terrorists, even though PRC nurtures close relationships with conservative Muslim states such as Pakistan, Indonesia, or the Arab Peninsula.
READ THE STORY: Devdiscourse
Why the public and private sectors must join forces to address cyber risk for national security
FROM THE MEDIA: In the wake of high-visibility cybersecurity incidents over the past few years, including SolarWinds, Log4j, and the 2021 Colonial Pipeline ransomware attack, the U.S. government has issued directives and guidance to address cybersecurity across the digital ecosystem and lifecycle. The White House and federal agencies have leaned forward to advance the cybersecurity posture of government and industry alike, while keeping our most critical infrastructure secure, resilient, and operational.
READ THE STORY: The Hill
Sharkbot malware infects thousands of Android users with file manager apps
FROM THE MEDIA: Google has made significant attempts to restrict harmful apps by partnering with known security firms such as ESET, but hackers are devising new ways to dodge them and slip malware-filled apps onto Android smartphones. Attackers recently developed fake Android file managers called "X-File Manager" and tricked users into downloading them. The Android file managers offer to assist users in managing and transferring data between the storage on their smartphone and a computer. However, it is infected with the harmful SharkBot malware, according to Bitdefender, a cyber security outfit.
READ THE STORY: News 9
Canadian menswear chain Harry Rosen confirms cyber attack
FROM THE MEDIA: Canadian menswear retailer Harry Rosen has acknowledged being hit by a cyber attack last month. This comes after the BianLian group listed the company as a victim on the gang’s site. The page lists “File server data. Projects, Marketing, HR, Public Relations,” which suggests these are files that have been copied and will potentially be released. According to Brett Callow, a British Columbia-based threat analyst with Emsisoft, BianLian has released a 1GB file as proof of its attack. It claims the file is a list of Harry Rosen’s Gold+ clients, sales information, and various other types of documents.
READ THE STORY: itWorld Canada
Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations
FROM THE MEDIA: Ukraine has come under a fresh onslaught of ransomware attacks that mirror previous intrusions attributed to the Russia-based Sandworm nation-state group. Slovak cybersecurity company ESET, which dubbed the new ransomware strain RansomBoggs, said the attacks against several Ukrainian entities were first detected on November 21, 2022. "While the malware written in .NET is new, its deployment is similar to previous attacks attributed to Sandworm," the company said in a series of tweets Friday.
READ THE STORY: THN
Hackers Rewritten The RansomExx Ransomware in Rust Language To Evade Detection
FROM THE MEDIA: There has recently been a discovery made by IBM Security X-Force Threat Researchers regarding a new variant of ransomware known as RansomExx that is dubbed RansomExx2 which was written in Rust language. While threat actor behind this malware is known as Hive0091 (aka DefrayX). Apart from this, the RansomExx is also known by following these names: Defray777 and Ransom X. With the release of this new variant, a growing trend has been noticed in which ransomware developers are switching to the Rust programming language, which has become a common programming language for threat actors.
READ THE STORY: GBhackers
Vice Society ransomware claims attack on Cincinnati State college
FROM THE MEDIA: The Vice Society ransomware operation has claimed responsibility for a cyberattack on Cincinnati State Technical and Community College, with the threat actors now leaking data allegedly stolen during the attack. The hackers posted a long list of documents on their Tor data leak site they claim was stolen from the college, indicating that a ransom was never paid. The documents date from several years ago until November 24, 2022, possibly indicating that the threat actors maintain access to the breached systems, but this has not been verified.
READ THE STORY: Bleeping Computer
Leaked EU Anti-Money Laundering Regulations Indicate Bloc Plans to Ban Privacy Coins
FROM THE MEDIA: Privacy coins may soon disappear from EU exchanges, if leaked plans from ongoing talks among member nations are to be believed. New anti-money laundering regulations currently under discussion would include a ban on tokens such as Dash, Monero and Zcash that add further layers of anonymity to the standard blockchain transaction. The privacy coins have a number of legitimate uses for those that do not want wallet activity made available to the general public, but the highly anonymous nature also makes them naturally popular with cyber criminals.
READ THE STORY: CPO MAG
Active Threat of Black Basta Ransomware on US Companies by QakBot Malware
FROM THE MEDIA: Recently Joakim Kandefelt and Danielle Frankel, researchers at Cybereason, a cybersecurity organization, announced that the Black Basta ransomware is operating a new campaign targeting U.S. companies with QakBoat malware. The malicious actors are trying to enter and later capture the organization’s network through this campaign. The threat actors use dangerous ransomware known as Black Basta Ransomware as a tool to capture the data of the victim’s network or system.
READ THE STORY: Cysecurity
The new iPhone 14 and iOS upgrade include some big cybersecurity changes
FROM THE MEDIA: It’s Black Friday and the official start of the holiday shopping season, and there’s a new iPhone 14 for consumers in the market looking to upgrade their Apple device. From better cameras and longer battery life to faster chips, there are plenty of features consumers will consider when buying a new iPhone — that is, if you can find one amid what’s looking like a season short on supply of some of Cupertino’s newest models. One new safety feature that has been getting a lot of attention is emergency satellite connectivity. Cybersecurity may not be among the top selling points, but the new iPhone and iOS16 do have some significant security upgrades, too.
READ THE STORY: CNBC
Iran: Fars News Agency Website Hacked
FROM THE MEDIA: Website of Iran's Fars News Agency has been hacked on Friday. The news agency is managed by the Islamic Revolutionary Guard Corps. The Islamic Revolutionary Guard Corps is an armed wing which is loyal to the Supreme leader of Iran Sayyid Ali Hosseini Khamenei. The country is currently facing protests over death of Mahsa Amini. Further details are awaited.
READ THE STORY: Latestly
Stealing Secrets With a Malicious GitHub Action
FROM THE MEDIA: Last time, a cryptocurrency scammer scanned Android APKs on the Internet Archive and found thousands of leaked Twitter API keys. After that, the scammer invested money into an altcoin and used the leaked API keys to promote the altcoin with hijacked Twitter accounts. The story ended with a classic pump-and-dump that made the crypto scammer millions of dollars at the expense of duped investors. In this series, we will dissect not just what an attacker can do to get access to credentials, but also what they would do after getting that initial access.
READ THE STORY: DZONE
Stealing Secrets With a Malicious GitHub Action
FROM THE MEDIA: Last time, a cryptocurrency scammer scanned Android APKs on the Internet Archive and found thousands of leaked Twitter API keys. After that, the scammer invested money into an altcoin and used the leaked API keys to promote the altcoin with hijacked Twitter accounts. The story ended with a classic pump-and-dump that made the crypto scammer millions of dollars at the expense of duped investors. In this series, we will dissect not just what an attacker can do to get access to credentials, but also what they would do after getting that initial access.
READ THE STORY: DZONE
Former members call out OSSTF for handling of personal information stolen in cyberattack
FROM THE MEDIA: On Wednesday, Global News learned that the Ontario Secondary School Teachers Federation (OSSTF) had sent letters to current and past members that a cyberattack had impacted their information in May of 2022. That has left many past members questioning why their information was still on file with the union in the first place. When she first received a letter earlier this week stating her social insurance number (SIN) and their information had been breached in a cyberattack, Susan Skelton was “shocked and surprised,” since she had only worked as a teacher for one year and left the profession in 1994.
READ THE STORY: Global News
Items of interest
How to Build Your Own Decentralized Twitter
FROM THE MEDIA: Within the written conventions of a novel, you can understand that two people are talking to each other when you come across these two lines. There may also have been a narrator, and there had to be an author. With social media, the lines are not reported speech, but posts from live protagonists in real time. The narrator becomes the social media platform. So, holding the conversation together when a platform does not have a controlling position is challenging.
READ THE STORY: The New Stack
The Evolution of Cybercrime with Alex Tilley (Video)
FROM THE MEDIA: From eBay scams to information theft, cybercrime has escalated in the past few decades as criminals have become more creative in their techniques in stealing money, identities, and assets.
How is the Ukraine-Russia Conflict Shaping Cybercrime (Video)
FROM THE MEDIA: Nozomi Network's security evangelists Roya Gordon and Vincent D’Agostino, Head of Cyber Forensics and Incident Response at BlueVoyant, discuss how the Russia-Ukraine conflict is shaping cyber crime and what organizations across sectors need to prepare for.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com