Monday, November 28, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Ransomware Gang Leaks Local Belgian Police’s Data, Exposes Personnel Identities
FROM THE MEDIA: One of the biggest data leaks in the history of the Belgian public service has occurred. The Ragnar Locker ransomware gang recently released stolen data regarding many of the local Belgian police department's investigations, reports, and personnel details publicly, putting almost everyone involved at risk for a follow-up attack. The gang was allegedly supposed to leak the data of the municipality the police department belonged to, per Bleeping Computer. Zwijndrecht Police confirmed to local media through a post on Facebook that its data was stolen and published online, which includes numerous car number plates, fines, crime report files, personnel details, investigation reports, and more.
READ THE STORY: iTechPost
IKEA posted on ransomware gang’s leak site
FROM THE MEDIA: Vice Society has supposedly posted data taken from IKEA stores in Morocco and Kuwait. Snippets from the ransomware gang’s leak site suggest threat actors got ahold of confidential business data. Names of the files on Vice Society’s leak site also point to threat actors taking data from IKEA stored in Jordan as well. File and folder names indicate that sensitive employee data such as passports might have leaked. IKEA, the Swedish-Dutch furniture manufacturer headquartered in the Netherlands, operates two stores in Jordan, three in Kuwait, and four in Morocco.
READ THE STORY: Cybernews
Hackers leak personal data of over 100,000 Israelis
FROM THE MEDIA: A new hacker group called BlackMagic hacked into several Israeli websites over the past weekend and disclosed personal records of over 100,000 Israelis, including personal data and even pictures of IDs. As of now, it's hard to track the source of the new BlackMagic hackers, but American-Israeli cyber firm Check Point Software Technologies has indications that the group is currently holding records of Israeli companies and civilians. Amongst the companies whose data the hackers claim to have access to are state-owned Elbit Systems, Rafael Advanced Defense Systems, and several shipping and logistics companies. Some of the data is dated from the last few months, meaning the threat is recent, and the companies were unaware of the infiltration.
READ THE STORY: YNETNEWS
Yandex plans to break up with its Russian motherland
FROM THE MEDIA: Russia's most prominent tech company, Yandex, has announced steps to move some of its intellectual property out of Putin country and dispose of the rest to local interests. Yandex is a sprawling conglomerate often characterized as Russia's Google. It started as a search company, then moved into advertising, maps, e-commerce, cloud, and software for self-driving cars. Like its Silicon Valley analogs, Yandex also looked for a more advantageous jurisdiction for its headquarters and picked The Netherlands, which has for more than a decade been home to holding company Yandex NV.
READ THE STORY: The Register
Threat Modeling Using the Purdue Model for ICS Security
FROM THE MEDIA: The Purdue industrial control system (ICS) security model is a segmented approach to protecting physical processes, supervisory controls and operations, sensors, and logistics. Despite the rise of edge computing and direct-to-cloud connectivity, the ICS network segmentation model remains a crucial framework for protecting operational technology (OT) from attacks like malware. Industrial Control System (ICS) security has a lot to consider. Security professionals have to put processes and procedures in place based on the general risks involved in the industry. However, it is recommended that organizations specializing in ICS security should implement best practices as outlined by NSA and CISA for the Purdue Model for ICS Security.
READ THE STORY: Security Boulevard
RansomBoggs Ransomware hit several Ukrainian entities, experts attribute it to Russia
FROM THE MEDIA: Researchers from ESET observed multiple attacks involving a new family of ransomware, tracked as RansomBoggs ransomware, against Ukrainian organizations. The security firm first detected the attacks on November 21 and immediately alerted the CERT US. The ransomware is written in .NET and experts noticed that deployment is similar to previous attacks attributed to the Russia-linked Sandworm APT group. Sandworm (aka BlackEnergy and TeleBots) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST).
READ THE STORY: Security Affairs
Elon Musk Confirms Twitter 2.0 will Bring End-to-End Encryption to Direct Messages
FROM THE MEDIA: Twitter chief executive Elon Musk confirmed plans for end-to-end encryption (E2EE) for direct messages on the platform. The feature is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "everything app." Other functionalities include longform tweets and payments, according to a slide deck shared by Musk over the weekend. The company's plans for encrypted messages first came to light in mid-November 2022, when mobile researcher Jane Manchun Wong spotted source code changes in Twitter's Android app referencing conversation keys for E2EE chats.
READ THE STORY: THN
Operation Morning Light podcast review — a toxic Soviet spy satellite falls to earth
FROM THE MEDIA: In the winter of 1978, a group of men appeared in the town of Snowdrift (population: 300) in Canada’s Northwest Territories dressed in gloves, goggles and white suits. They carried instruments that appeared to be testing for radiation and instructed the local school to send its children home for the day. Several hundred miles away, two Americans, John Mordhorst and Mike Mobley, were running their dog sled teams across a vast tundra called The Barrens, when they found a pit in the snow. Looking more closely, they saw a tangled mess of metal that was frozen into the ice. Mordhorst recalls returning to their cabin and telling a friend what they saw.
READ THE STORY: FT
White House’s former ‘disinformation czar’ Nina Jankowicz registers as a foreign agent
FROM THE MEDIA: The White House’s former "disinformation czar" has recently registered as a foreign agent for a non-profit that is based in the United Kingdom. Registration documents viewed by Fox News Digital show that Nina Jankowicz is now working for "Centre for Information Resilience." According to its website, CIR is an "independent, non-profit social enterprise dedicated to countering disinformation, exposing human rights abuses, and combating online behavior harmful to women and minorities."
READ THE STORY: Foxnews
Australia beefs up scrutiny of Medibank following data breach
FROM THE MEDIA: Australia is beefing up its scrutiny of Medibank and will assess if further regulatory action is necessary, following a data breach that impacted 9.7 million customers. The insurance group also has pledged to share the outcome of an external review into the breach, which is believed to be the work of Russian hackers. Noting that the breach raised concerns about the robustness of Medibank's operational risk controls, the Australian Prudential Regulation Authority (APRA) said Monday it had "intensified" its supervision of Medibank.
READ THE STORY: ZDNET
Iran coordinated with Qatar to suppress opposition at World Cup
FROM THE MEDIA: Iranian authorities worked with Qatar to suppress any anti-regime expressions at the ongoing FIFA World Cup in the Gulf state, according to documents leaked by the Black Reward hacktivist group. The documents were seized by Black Reward after infiltrating the systems of the Fars News Network and shared with the Iran International news agency before being published on the group's Telegram channel. Basij commander General Ghasem Ghoreyshi told a Fars news reporter in the leaked recording that Qatar had provided a list of Iranians who had bought tickets to the games, noting that 500 individuals known for anti-regime activity were on the list.
READ THE STORY: JP
Xi’s Congress rhetoric and the PLA’s march ahead
FROM THE MEDIA: The developments in the wake of the 20th Party Congress of the Communist Party of China (CPC), China’s rise, its domestic debates and agenda merit a closer examination of the People’s Liberation Army’s (PLA) role as a geopolitical actor. Chinese President Xi Jinping, who made history with his unprecedented third term in office at the Party Congress in October, told the Chinese elite at the quinquennial gathering that it was important to further expedite military modernization to make it a world-class force. He underscored that the PLA should be able to stage military operations quickly and have the “ability to win local wars”.
READ THE STORY: The Hindu
Japanese MoD Report on Chinese Gray Zone, Influence Operations
FROM THE MEDIA: The People’s Liberation Army (PLA) is the Party’s army. It follows the Party’s command and defines its most important role as protecting the Party’s regime. Until President Xi Jinping’s military reforms, the Party exercised control over the military mainly through the PLA’s political work organizations, including the General Political Department, and political commissars. Such indirect control, however, was susceptible to communication issues and hindering the execution of joint operations, and caused widespread bribery and corruption in the PLA.
READ THE STORY: USNI News
Russia’s Ukraine Claims Risk Thwarting a Global Conference on Bioweapons
FROM THE MEDIA: Hundreds of diplomats and health security experts are gathering in Geneva to grapple with the increasing risk that viruses, bacteria and other pathogens could be used as weapons. But Russia’s presence threatens to undercut their efforts. Russia’s disinformation campaign alleging that the US has supported secret biological weapons laboratories in Ukraine is likely to undermine negotiations at a conference geared toward strengthening the Biological Weapons Convention, the first global disarmament treaty that sought to ban an entire category of weapons of mass destruction.
READ THE STORY: Bloomberg
Tik Tok’s influence on polls reflects China’s intention to mold political process in Malaysia
FROM THE MEDIA: China’s intentions to influence the political process in Malaysia were clearly seen when the global subsidiary of the Beijing-based social media company ByteDance, Tik Tok influenced polls in the South Asian country, the Singapore Post reported. The video-sharing social networking service controlled the elections by influencing the youth of the country. The Malaysian voters were influenced by the political parties extensively through the Chinese social media platform which produced videos and recruited social media influencers to target the young base who was its frequent users.
READ THE STORY: The Print
Critical Vulnerability in VM2 Sandbox Found Affecting Spotify Portal Platform Backstage
FROM THE MEDIA: Spotify Backstage, an open-source platform used to build developer portals and in use at a number of large companies, has been found vulnerable to a critical remote code execution vulnerability. Confirming that most vulnerabilities are found in indirect dependencies, the Backstage vulnerability is enabled by another vulnerability found in its JavaScript VM2 sandbox dependency. The Backstage vulnerability was discovered by the Oxeye research team and received a CVSS score of 9.8. The exploit consists in overriding the renderString
function used by Backstage template engine error handling component to cause the execution of arbitrary code.
READ THE STORY: InfoQ
5.4 million Twitter users' stolen data leaked online — more shared privately
FROM THE MEDIA: Over 5.4 million Twitter user records containing non-public information stolen using an API vulnerability fixed in January have been shared for free on a hacker forum. Another massive, potentially more significant, data dump of millions of Twitter records has also been disclosed by a security researcher, demonstrating how widely abused this bug was by threat actors. The data consists of scraped public information as well as private phone numbers and email addresses that are not meant to be public. Last July, a threat actor began selling the private information of over 5.4 million Twitter users on a hacking forum for $30,000.
READ THE STORY: Bleeping computer
Thousands of Dockers Container Images found Hiding Malicious Content
FROM THE MEDIA: According to the report of the Sysdig Threat Research Team, thousand of docker container images hosted on the popular database repository Docker Hub are malicious, putting users at risk of cyberattack. Sysdig Threat Research Team performed an analysis of over 250,000 Linux images in order to understand what kind of malicious payloads are hiding in the container images on Docker Hub. The result they found was shocking as thousands of images contained nefarious assets such as crypto miners, backdoors, and DNS hijackers.
READ THE STORY: Cyber Kendra
Cyberattack on L.A. schools shows bolder action needed to stop ransomware
FROM THE MEDIA: A ransomware attack on the Los Angeles Unified School District should serve as a wake-up call about the persistent threat to the nation’s critical sectors from cyberattacks and the need for more aggressive, concerted action to protect them. The breach of the nation’s second-largest school system, with more than 650,000 students and 75,000 employees, forced the shutdown of some of the district’s computer systems. The only silver lining is that no immediate demand for money was made and schools opened as scheduled on Sept. 6.
READ THE STORY: Venturebeat
Cyber black market selling hacked ATO and MyGov logins shows Medibank and Optus only tip of iceberg
FROM THE MEDIA: The highly sensitive information of millions of Australians — including logins for personal Australian Tax Office accounts, medical and personal data of thousands of NDIS recipients, and confidential details of an alleged assault of a Victorian school student by their teacher — is among terabytes of hacked data being openly traded online. An ABC investigation has identified large swathes of previously unreported confidential material that is widely available on the internet, ranging from sensitive legal contracts to the login details of individual MyGov accounts, which are being sold for as little as $1 USD.
READ THE STORY: ABC (AU)
Student Verification: How Edtech can benefit from Student ID Verification APIs
FROM THE MEDIA: Due to the growing acceptance of distance learning, digital courses, and most recently, the COVID-19 epidemic, online education has seen a significant increase. Online student identity verification has become more popular as a quick and secure method of verifying student IDs and a cost-effective approach to onboarding new students and employees. The rapidly disappearing manual and paper-based student verification procedures are neither scalable nor practical for educational institutions. They frequently lead to lost student records, protracted search times, verification mistakes leading to inaccurate student records, low productivity for administrators, and significant costs paid owing to inefficient storage.
READ THE STORY: Security Boulevard
Experts discuss the rise of Machine Learning adoption in the Middle East
FROM THE MEDIA: To make decisions more quickly and accurately, enterprises are increasingly turning to Machine Learning, arguably today’s most practical application of Artificial Intelligence (AI). Machine Learning is a type of AI that allows software applications to become more accurate at predicting outcomes without being explicitly programmed to do so. Machine Learning algorithms use historical data as input to predict new output values. Industry pundits share insights why Machine Learning has been made a central part of business operations. As organizations emerge from the lockdown restrictions that were imposed on businesses because of the COVID-19 pandemic, Machine Learning has taken center stage because it gives enterprises a view of trends in customer behavior and business operational patterns, as well as supports the development of new products.
READ THE STORY: Intelligent CIO
Twitter's Brussels Staff Sacked by Musk
FROM THE MEDIA: After a conflict on how the social network's content should be regulated in the Union, Elon Musk shut down Twitter's entire Brussels headquarters. Twitter's connection with the European Union, which has some of the most robust regulations controlling the digital world and is frequently at the forefront of global regulation in the sector, may be strained by the closing of the company's Brussels center. Platforms like Twitter are required by one guideline to remove anything that is prohibited in any of the EU bloc's member states.
READ THE STORY: Cysecurity
China develops de-orbiting sail to manage space debris
FROM THE MEDIA: Hundreds of millions of items of human-made debris are continually circling Earth, including broken rocket bodies, defunct satellites and fragments from orbital collisions. Keen to tackle the space-junk problem, Chinese aerospace scientists have managed to use a large "sail" to de-orbit spacecraft at the end of their life. The de-orbiter is a sail-like device made of a thin film, the thickness of which is less than one tenth of the diameter of a hair. Folded, it is approximately the size of an adult's palm, but it can cover an area of 25 square meters when unfolded. When a spacecraft is decommissioned, the sail onboard can be automatically opened.
READ THE STORY: UN
Items of interest
US bans Chinese telecoms imports – won't even consider authorizing them
FROM THE MEDIA: The United States' Federal Communications Commission (FCC) has barred itself from authorizing the import or sale of Chinese telecoms and video surveillance products from Huawei, ZTE, Hytera Communications, Hikvision, and Dahua, on national security grounds. As it is not legal to offer such products in the US without FCC approval, the move is effectively a ban on the five vendors' products. It's an expression of The Secure Equipment Act – a Biden administration law that requires the FCC to update its equipment authorization procedures.
READ THE STORY: The Register
API Exploitation: Hack your grades (Video)
FROM THE MEDIA: Dr Katie Paxton-Fear shows us how to hack the Generic University and change grades using the university API. You will learn some of the OWASP top 10 vulnerabilities including Broken Object Level Authorization and Broken User Authentication.
Certificates of Authority: Do you really understand how SSL / TLS works (Video)
FROM THE MEDIA: The Internet would be unusable without certificates and Certificates of Authority. If CAs got comprised or their private keys got stolen, we would be in big trouble.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com