Sunday, November 27, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Cybersecurity Threats Require More Hands-On Investment by US Oil and Gas Companies
FROM THE MEDIA: The US oil and gas industry is going through an exciting period of change, with a noticeable trend towards integrating new technologies into their operations that improve their environmental impact, streamline services and enhance their customer experience. Much of this transformation has been driven by the demand for data and leveraging IoT, AI and automation, and has helped to modernise how many US oil and gas companies operate. While these technologies are rightly attracting significant investment in the sector, it’s an opportune moment for these businesses to also review how they’re investing in cyber security.
READ THE STORY: Cyber Defense Magazine
EU gets serious on privacy, but too many companies ignore the risk
FROM THE MEDIA: To start, let’s look at Twitter’s announcement this summer that a hacker had been in its system for more than six months, and was offering to sell user data from 5.4 million accounts. (In 2020 a Florida teen was also charged with taking over accounts). Hackers breaching Twitter’s system pose a security problem. But since these hackers may have had access to millions or billions of records, that’s also a privacy problem. This summer, Meta was fined $403 million by Ireland’s GDPR (General Data Protection Regulation) authority. Last year, European regulators fined Amazon $888 million.
READ THE STORY: Venturebeat
A Leak Details Apple’s Secret Dirt on a Trusted Security Startup
FROM THE MEDIA: Corellium, a cybersecurity startup that sells phone-virtualization software for catching security bugs, offered or sold its tools to controversial government spyware and hacking-tool makers in Israel, the United Arab Emirates, and Russia, and to a cybersecurity firm with potential ties to the Chinese government, according to a leaked document reviewed by WIRED that contains internal company communications. The 507-page document, apparently prepared by Apple with the goal of using it in the company’s 2019 copyright lawsuit against Corellium.
READ THE STORY: HITB
Google and other OEMs have yet to patch a critical Android security flaw
FROM THE MEDIA: Google has detailed a critical security flaw for phones containing a Mali GPU that has yet to be properly addressed. Google's Project Zero team posted on its official blog details on what this issue is and why it is so important that a fix for it comes out immediately. The critical security issue, CVE-2022-33917, affects devices containing ARM's Mali GPU. The report lists users of devices from Google, Samsung, Xiaomi, and OPPO with a Mali GPU are at risk of this critical unpatched security flaw.
READ THE STORY: HITB
Economic war to energy war: Ukraine War reflects new dimensions of warfare
FROM THE MEDIA: The war in Ukraine started as conventional war under nuclear hangover. It soon turned into hybrid war with non-state actors, triggered sanctions against Russia as part of economic war and transformed into energy war with Russia trying to starve the opponents of as much energy as possible, and the West trying to minimize Russian financial gains by capping the price and coercion of non-compliant states, albeit with a divided house. While the kinetic, contact, hybrid war continues between Russia and Ukraine, the US led NATO too continue fighting a non-kinetic, non-contact war in economic, information, diplomatic and political domains, simultaneously against Russia.
READ THE STORY: WION
Nearly 500 million WhatsApp User Records Sold Online
FROM THE MEDIA: In what is becoming a rather common trend, a threat actor is claiming to sell 487 million WhatsApp users’ mobile phone numbers on a popular hacking community forum which surfaced as an alternative to popular and now-sized Raidforums. The 2022 database is said to contain WhatsApp user data from 84 countries with Egypt having the largest chunk of stolen phone numbers (45 million), Italy with 35 million, and the US with 32 million.
READ THE STORY: HackRead
Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches
FROM THE MEDIA: At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered for sale the stolen data on the popular hacking forum Breached Forums. In January, a report published on Hacker claimed the discovery of a vulnerability that can be exploited by an attacker to find a Twitter account by the associated phone number/email, even if the user has opted to prevent this in the privacy options.
READ THE STORY: Security Affairs
AIIMS ‘ransomware’ attack: Key patient data at risk, sale on Dark Web
FROM THE MEDIA: With the All India Institute of Medical Sciences (AIIMS), New Delhi, still struggling to get its servers up and running after a massive ransomware attack earlier this week, cyber-security researchers on Saturday said the most reported attacks in the healthcare industry, which rose during the pandemic, involve the leak or sale of databases on the Dark Web. The exploited databases contain Personally Identifiable Information (PII) of patients and healthcare workers, as well as administrative information such as blood donor records, ambulance records, vaccination records, caregiver records, login credentials, etc.
READ THE STORY: The North Lines
Ragnar Locker Ransomware Leaked the Belgium Police’s Data
FROM THE MEDIA: The leaked data contains vehicle number plates, crime reports, PII, investigation reports, etc. Zwijndrecht police responded to the media, saying that it was a human error, and are informing the concerned persons. People affected by this leak are advised to change their sensitive records for good. The current leak regarding Zwijndrecht police was actually aimed at the Zwijndrecht municipality, but the Ragnar Locker gang instead hit the local police in their process. Well, after a prolonged time, the hackers have now leaked the stolen data on their darknet website.
READ THE STORY: Techdator
Wiretapping Scandal in Greece: Police Chief was ‘Under Surveillance’
FROM THE MEDIA: A new media report on the wiretapping scandal in Greece on Sunday alleged that the former Head of Hellenic Police (ELAS) and a senior judge were under surveillance by the intelligence service. The report on the weekly Documento newspaper, which has almost single-handedly exposed the scandal, says that the police chief and current Secretary General of the Ministry of Citizen Protection Michalis Karamalakis and the prosecutor of the scandal Vasiliki Vlachou were wiretapped.
READ THE STORY: Greek Reporter
American CIA Offers Jobs To Disgruntled Russians, But Can Human Intelligence Outperform New-Age Technology
FROM THE MEDIA: The open invitation of the Central Intelligence Agency (CIA) to the disgruntled Russians to join it as spies could be interpreted as the admission of arguably the best-endowed spy network of the world that its policy of dealing with Moscow so far was inadequate. But will recruiting Russians as American spies work in this cyber age? The answer may prove difficult, given the growing importance of technology, not manpower, in the success of intelligence gathering.
READ THE STORY: Eurasian Times
GameStop Experiences a Data Breach, Customer Private Information Leaked Through Website
FROM THE MEDIA: Customers’ billing addresses and payment histories may have been exposed after a data breach at the retailer GameStop. On Saturday, clients were allegedly seeing other users’ details while refreshing their purchase pages, according to many people on social media. Although one person posted a picture of a partial credit card number, it’s unclear whether this also contains entire digits. In the end, there seems to have been a bug in GameStop’s user database, where customers were unintentionally accessing and/or updating their information and viewing names, orders, addressees, and maybe even credit card information for other GameStop users.
READ THE STORY: Appuals
Cyber attacks 'crippled Scots NHS systems' with patient records stored on pieces of paper
FROM THE MEDIA: Doctors were forced to keep patient records on pieces of paper and emails after a huge cyber attack crippled critical Scots NHS systems. Health Secretary Humza Yousaf has been accused of suppressing details of the hack, despite fears confidential files for millions of people could have been stolen and treatment waiting times hit. The ransomware attack, which crippled the Adastra system, blocked access to patient records for months, with some parts still not working today.
READ THE STORY: Daily Record
Cyber attack hits Iran’s Fars news agency
FROM THE MEDIA: Hackers have disrupted the work of Iran’s Fars news agency, one of the main sources of news disseminated by the state during protests over Mahsa Amini’s death, the agency said. Iran has been rocked by protests since Amini’s death in custody on September 16, after her arrest for an alleged breach of the country’s dress code for women. Fars said its website had been disrupted late Friday by a “complex hacking and cyberattack operation”. “Removing possible bugs... may cause problems for some agency services for a few days,” it said in a statement posted Saturday on its Telegram channel.
READ THE STORY: New Indian Express
Network tokenization is innovating the payments experience
FROM THE MEDIA: The global economy is in the midst of a digital payment revolution. Accelerated by the effects of COVID-19, the pandemic pushed many consumers from cash to using digital and contactless payment options for the first time. Nowhere else has unprecedented and unforeseen growth occurred as in the digital and ecommerce sectors, especially businesses within industries that rely heavily on digital transactions such as retail, restaurants, banking and insurance.
READ THE STORY: Fintech Mag
In the wake of Thanksgiving, let’s review Alaska’s food security
FROM THE MEDIA: Being off from work and thinking of the Thanksgiving feast this season, the one thing that bubbled to the top of my mind is: the importance of food, and, as President Abraham Lincoln initiated it during the Civil War, a day of thanksgiving and praise. Leaving aside culture wars, which historical narrative is right about the holiday’s origin four centuries ago, the role of Providence, the subsequent expanding railroads and Indian wars, etc., I think that in our state, we are going to individually take more seriously the individual responsibility for figuring out how to get what we need to eat.
READ THE STORY: ADN
UK joins others in banning Chinese-made security cameras
FROM THE MEDIA: Chinese-made security cameras have been banned by the UK Government. It has joined the US, India, EU, Australia, and many more in banning their use, especially in sensitive areas where AI and facial recognition may be surreptitiously used. The US issued a blanket ban in 2019 to immediately rip-and-replace specific brands of Chinese-made security cameras and 5G network infrastructure. In a statement to the UK parliament, Cabinet Office Minister Oliver Dowden said that after a security review, Government Departments had been instructed to immediately stop deploying equipment produced by companies subject to the National Intelligence Law.
READ THE STORY: CyberShack
Is Russia 'weaponizing' winter? Europe scrambles to keep Ukraine warm
FROM THE MEDIA: European officials are scrambling to help Ukraine stay warm and keep functioning through the bitter winter months, pledging Friday to send more support that will mitigate the Russian military’s efforts to turn off the heat and lights. Nine months after Russia invaded its neighbor, the Kremlin’s forces have zeroed in on Ukraine’s power grid and other critical civilian infrastructure in a bid to tighten the screws on Kyiv. Officials estimate that around 50% of Ukraine’s energy facilities have been damaged in the recent strikes.
READ THE STORY: CS MONITOR
Afghanistan imported electricity problem now resolved
FROM THE MEDIA: The Uzbekistan-imported electricity supply in 18 Afghan provinces has been restored to normal operations, Da Afghanistan Breshna Sherkat (DABS), the country’s state-run electricity company announced. DABS tweeted on Friday, the 25th of November, that the second circuit of imported electricity has been reconnected last night after the technical issue in Uzbekistan had been resolved. According to an earlier announcement from DABS, Uzbekistan’s technical problems were to blame for load shedding and blackouts in Kabul and other Afghan provinces.
READ THE STORY: PAKOBSERVER
Kim vows North Korea to have world’s most powerful nuclear force
FROM THE MEDIA: Kim also handed promotions to more than 100 officials and scientists for their work on the Hwasong-17 – dubbed the “monster missile” by analysts and believed to be capable of reaching the US mainland – just days after Pyongyang test-fired it in one of its most powerful launches yet. Hailing the new ICBM as “the world’s strongest strategic weapon”, Kim said North Korean scientists had made a “wonderful leap forward in the development of the technology of mounting nuclear warheads on ballistic missiles”, the official Korean Central News Agency (KCNA) reported.
READ THE STORY: BRECORDER
Ottawa to bolster security to combat foreign influence, disinformation in new Indo-Pacific strategy
FROM THE MEDIA: Foreign Affairs Minister Mélanie Joly will unveil a long-awaited Indo-Pacific strategy on Sunday that promises to bolster the ability of national security agencies to combat foreign influence and disinformation campaigns in the region and in Canadian affairs. Ottawa will provide nearly $230-million over the next five years to expand the capacity of Canadian intelligence and cyber security agencies to work closely with partners in the Indo-Pacific region and also to protect “Canadians from attempts by foreign states to influence them covertly or coercively,” according to the national security chapter provided to The Globe and Mail on Saturday.
READ THE STORY: The Globe and Mail
US FCC bans the import of electronic equipment from Chinese firms
FROM THE MEDIA: The US government has already added the companies to the Covered List and the new rules aims at protecting the Americans from national security threats involving telecommunications. “The Federal Communications Commission adopted new rules prohibiting communications equipment deemed to pose an unacceptable risk to national security from being authorized for importation or sale in the United States. This is the latest step by the Commission to protect our nation’s communications networks.” reads the announcement published by FCC. “In recent years, the Commission, Congress, and the Executive Branch have taken multiple actions to build a more secure and resilient supply chain for communications equipment and services within the United States.”
READ THE STORY: Security Affairs
Items of interest
Twitter Users Warned Not To Delete Their Accounts—Here’s Why
FROM THE MEDIA: Nobody expected the Elon Musk takeover of Twitter to be business as usual after the world's richest person was essentially forced to complete his over-valued purchase of the social network. But the seeming scattergun business decisions that Musk started within days of taking control have shaken Twitter to its core. With thousands of staff sacked or let go, complete departments gutted and questions raised about Twitter's ability to moderate content or even maintain uptime, ordinary and high-profile members have been quitting in droves. But if you are thinking of joining them, there's one important thing you should not do: delete your Twitter account.
READ THE STORY: Forbes
Elon Musk: A future worth getting excited about (Video)
FROM THE MEDIA: What's on Elon Musk's mind? In this exclusive conversation with head of TED Chris Anderson, Musk details how the radical new innovations he's working on -- Tesla's intelligent humanoid robot Optimus, SpaceX's otherworldly Starship and Neuralink's brain-machine interfaces, among others -- could help maximize the lifespan of humanity and create a world where goods and services are abundant and accessible for all. It's a compelling vision of a future worth getting excited about.
Social Media’s Free Speech Problem (Video)
FROM THE MEDIA: The defense of free speech by social media companies can only go so far without permanently damaging a democracy — is it too late to fix? The problem of misinformation on social media has ballooned over the last few years, especially in relation to elections. The result has been further polarization of our already divided country.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com