Tuesday, November 29, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
No ‘bright-line rule’ shines on targeting commercial satellites
FROM THE MEDIA: Cyber counterspace weapons can target both space satellites and ground-based systems by intercepting and monitoring data, corrupting data with malware, or even wresting control of the space system from the space operator. During the United Nations General Assembly’s First Committee session in October, Russian foreign ministry official Konstantin Vorontsov announced that “quasi-civil infrastructure may be a legitimate target for a retaliation strike.” In some ways, Vorontsov’s comments could be interpreted as a harbinger of increased disruption and denial methods against commercial space satellites in Ukraine, especially considering Russia’s cyberattack against Viasat Inc’s KA-SAT commercial satellites and interference with the approximately 25,000 Starlink internet terminals serving Ukraine.
READ THE STORY: The Hill
Census Bureau Chief Defends New Privacy Tool Against Critics
FROM THE MEDIA: The U.S. Census Bureau’s chief is defending a new tool meant to protect the privacy of people participating in the statistical agency’s questionnaires against calls to abandon it by prominent researchers who claim it jeopardizes the usefulness of numbers that are the foundation of the nation’s data infrastructure. The tool known as differential privacy “was selected as the best solution available” against efforts by outside groups or individuals to piece together the identities of participants in the bureau’s censuses and surveys by using third-party data and powerful computers, U.S. Census Bureau Director Robert Santos said in a letter last week.
READ THE STORY: Security Week // Fedscoop
$275M Fine for Meta After Facebook Data Scrape
FROM THE MEDIA: Following the discovery of a data set of Facebook user personal data available on the Internet, the European Union's Data Protection Commission (DPC) has found Meta Platforms Ireland Ltd. (MPIL) in violation of General Data Protection Regulation rules, fining the platform $275 million (€265 million), and requiring the company to make cybersecurity changes. The breached personal data was first discovered in April 2021, and followed by the launch of a DPC investigation, the regulator explained in an announcement of its findings. DPC reported that Facebook was out of compliance with the GDPR regulation to provide "data protection by design and default."
READ THE STORY: DarkReading
Cybercriminals are cashing in on FIFA World Cup-themed cyberattacks
FROM THE MEDIA: The hype and popularity of the FIFA World Cup has attracted audiences from across the globe. And this, in turn attracts a variety of cybercriminals, who want to exploit the varied fan following, and the organizations participating, to make a quick buck. Advanced persistent threat (APT) campaigns, phishing, credit card/cryptocurrency fraud, DDoS attacks, and identity theft are among the threats faced by organizations and audiences, CloudSEK reports. The cybercriminals are motivated by financial gain, ideology, or geo-political affiliations. Cashing stolen credit cards: Carding groups sell stolen credit card details to carry out illegal and unauthorized transactions.
READ THE STORY: HelpNetSecurity
EV chargers could be a serious target for hackers
FROM THE MEDIA: Computers! They’re in everything these days. Everything from thermostats to fridges and even window blinds are now on the Internet, and that makes them all ripe for hacking. Electric vehicle chargers are becoming a part of regular life. They too are connected devices, and thus pose a security risk if not designed and maintained properly. As with so many other devices on the Internet of Things, the truth is anything but. Sometimes, securing a certain system or device is as easy as disconnecting it from the network. When it comes to light switches and door locks, for example, we got by perfectly fine for years without accessing them online. However, in the case of EV chargers, it’s not practical. At the very least, connectivity is required to run payment systems.
READ THE STORY: Hackaday
Over 50 million passwords amassed by Russian hackers
FROM THE MEDIA: More than 50 million passwords have been exfiltrated by 34 Russian hacking groups through information-stealing malware, including Racoon and RedLine, during the first seven months of 2022, The Hacker News reports. Such malware distributed using a stealer-as-a-service model has also been used to steal 2.11 billion cookie files, 113,204 crypto wallets, and 103,150 payment cards, with the total haul estimated to have a market value of nearly $5.8 million, according to a Group-IB report. Over 890,000 devices across 111 countries have been compromised between January and July, most of which were in the U.S. Brazil, India, Germany, and Indonesia rounded up the top five countries impacted by the stealers.
READ THE STORY: SCMAG
Japan’s satellite constellation to be launched in line with counterattack capabilities
FROM THE MEDIA: A network of 50 small satellites working together in space will be developed for Japan’s defense. The first of these satellites is expected to be launched as soon as fiscal 2024, in line with the possession of counterattack capabilities to strike enemy missile launch sites for the purpose of self-defense, according to several government officials. The government and the ruling coalition are in the final stage of discussions to specify the possession of counterattack capabilities in the three documents that will be finalized by the end of this year: the National Security Strategy, National Defense Program Guidelines and Medium Term Defense Program.
READ THE STORY: Asian News Network
Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs
FROM THE MEDIA: While performing routine monitoring, Cyble’s Global Sensor Intelligence (GIS) discovered a threat actor is distributing unauthorized access to several Fortinet VPNs on a Russian cybercrime forum. When they evaluated the access, researchers realized that the attacker was trying to add a new public key to the admin user’s account. Further probe revealed that the targeted organizations used outdated FortiOS software. This indicated the attacker was managing authentication bypass by exploiting a channel or alternate path flaw tracked as CVE-2022-40684 in FortiOS. This authentication bypass flaw lets an unauthorized/unauthenticated attacker exploits the administrative interface.
READ THE STORY: HackRead
Black Basta Gang Deploys Qakbot Malware in Aggressive Cyber Campaign
FROM THE MEDIA: The Black Basta ransomware group is using Qakbot malware — also known as QBot or Pinkslipbot — to perpetrate an aggressive and widespread campaign using an .IMG file as the initial compromise vector. More than 10 different customers have been targeted by the campaign in the last two weeks, mostly focused on companies based in the US. According to a threat advisory posted by the Cybereason Global SOC (GSOC) on Nov. 23, the infections begin with either a spam or phishing email, which contain malicious URL links, with Black Basta deploying Qakbot as the primary method to maintain a presence on victims’ networks.
READ THE STORY: Dark Reading
Old Zero-Day Vulnerabilities Remain Unpatched on Samsung, Google Phones
FROM THE MEDIA: Google’s Project Zero team is on the front lines of digital security, analyzing code, reporting bugs, and generally making the internet safer. However, not every vulnerability gets fixed in a timely manner. A recent batch of serious flaws in Arm’s Mali GPU were reported by Project Zero and fixed by the manufacturer. However, smartphone vendors never implemented the patches, among them Google itself. So, that’s a little embarrassing. The story starts in June 2022 when Project Zero researcher Maddie Stone gave a presentation on zero-day exploits — known vulnerabilities for which there is no available patch.
READ THE STORY: ExtremeTech
Virginia County Confirms Personal Information Stolen in Ransomware Attack
FROM THE MEDIA: The incident was identified in September, when a threat actor accessed a server at Southampton and encrypted the data that was stored on it. The county says that it took steps to contain the attack immediately after identifying it, and that it launched an investigation into the incident, to determine the type of data that might have been compromised. The investigation revealed that personal information such as names, addresses, driver’s license numbers, and Social Security numbers might have been compromised, the county says in a notification letter sent to impacted individuals, a copy of which was submitted to the Montana Attorney General.
READ THE STORY: Security Week
New Magecart Threats Emerge: Cyber Monday and Holiday Season Concerns
FROM THE MEDIA: Security researchers have been monitoring four emerging skimming attacks of concern this holiday season. These threat actors primarily targeted ecommerce stores in the US, U.K., Australia, and Canada that used Magento and Presta-based ecommerce platforms. News of the emerging threats comes just days before the start of the most lucrative and risky 4-week period of the year for online retailers. The ecommerce industry is readying itself for a record $236 billion holiday shopping season this year. But if you’re one of the retailers hoping to capture a piece of that holiday spending pie, you better make sure you know exactly what your web applications and digital supply chain partners are doing with your customers’ data.
READ THE STORY: Security Boulevard
Trouble For Twitter As Data From More Than 5 Million Accounts Stolen And Leaked Publicly And Privately
FROM THE MEDIA: The controversies that surround the world of Twitter are plenty and this next piece of news is definitely turning heads for obvious reasons. A new report has gone on to speak about how data belonging to more than 5 million users on the digital platform is now up for grabs at various hacking forums. Other than that, it’s being shared both publicly and privately as it entails some information through API vulnerabilities. The news comes to us thanks to one security researcher that proved how such a bug was going to be abused widely through the likes of threat actors. This information entails a lot of public information which has been scrapped including phone numbers and email IDs that aren’t for the public.
READ THE STORY: DIW
RansomBoggs: New ransomware targeting Ukraine
FROM THE MEDIA: he ESET research team has spotted a new wave of ransomware attacks taking aim at multiple organizations in Ukraine and bearing the hallmarks of other campaigns previously unleashed by the Sandworm APT group. Even though the ransomware – called RansomBoggs by ESET and written in the .NET framework – is new, particularly the way it is deployed bears close resemblance to some past attacks attributed to the notorious threat actor. ESET has alerted Ukraine’s Computer Emergency Response Team (CERT-UA) about the RansomBoggs onslaughts, which were first detected on November 21st.
READ THE STORY: We Live Security
International cops arrest hundreds of fraudsters, money launderers and cocaine kingpins
FROM THE MEDIA: Europol has arrested hundreds of fraudsters, money launderers and cocaine kingpins, and shut down thousands of websites selling pirated and counterfeit products in a series of raids over the past month. As of Cyber Monday, law enforcement agencies had taken down 12,526 websites, disconnected 32 servers used to distribute and host illegal content for 2,294 television channels, and shut down 15 online shops selling counterfeit products on social media sites. Additionally, cops across several continents seized 127,365 fake designer watches, shoes, accessories, clothes, perfumes, electronics, phone cases and other counterfeit products worth more than Є3.8 million ($3.9 million).
READ THE STORY: The Register
HHS warns of ‘Lorenz’ ransomware threat against larger organizations
FROM THE MEDIA: The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center Nov. 21 warned of a human-operated ransomware threat targeting larger organizations, with compromised targets observed in the health care and public sectors. The individuals behind the “Lorenz” ransomware publish stolen data publicly as part of extortion-pressure campaigns, in which demands on enterprise targets reach $500,000 to $700,000. “The fairly new Lorenz ransomware is unique in that its operators appear to customize their executable code to be target specific, unlike other ransomware operators which use the same ransomware code to target multiple unrelated victim organizations” said John Riggi, AHA’s national advisor for cybersecurity and risk.
READ THE STORY: AHA
Musk goes to war with Apple
FROM THE MEDIA: Twitter CEO Elon Musk has a new target: Apple. In a string of tweets, the billionaire attacked the tech giant for pulling ads from Twitter, collecting fees from in-app purchases and allegedly threatening to pull Twitter from the App Store. Meanwhile, layoffs at major tech companies could put pressure on some housing markets. Twitter CEO Elon Musk publicly went after Apple on Monday for suspending some of its advertising on the social media platform, seemingly trying to take Twitter’s issues over a mass exodus of advertisers and turn it into a battle over “free speech.”
READ THE STORY: The Hill
Major Canadian Crypto Exchange Coinsquare Says Client Data Breached
FROM THE MEDIA: Coinsquare, one of Canada’s largest cryptocurrency exchanges, may have been breached, but the company claims customer assets are “secure in cold storage and are not at risk.” The exchange, which touts itself as “Canada’s trusted platform to securely buy, sell and trade Bitcoin, Ethereum, and more,” emailed customers yesterday to report a “data incident” in which an unauthorized third party accessed a customer database containing personal information. According to the email, the breach exposed “customer names, email addresses, residential addresses, phone numbers, dates of birth, device IDs, public wallet addresses, transaction history, and account balances.”
READ THE STORY: OODALOOP
Nighthawk red-teaming tool likely to be exploited in cyberattacks
FROM THE MEDIA: More threat actors are expected to leverage the commercial red-teaming tool Nighthawk in cyberattacks, reports SecurityWeek. Proofpoint researchers discovered that Nighthawk, which is a commercially sold remote access trojan similar to Cobalt Strike and Brute Ratel, has been initially leveraged by a legitimate red team operation last month, and while there have been no threat actors proliferating leaked versions of the tool online, security professionals have been urged to monitor in-the-wild exploitation.
READ THE STORY: SCMAG
Experts found a vulnerability in AWS AppSync
FROM THE MEDIA: Amazon Web Services (AWS) has addressed a cross-tenant confused deputy problem in its platform that could have allowed threat actors to gain unauthorized access to resources. The problem was reported to the company by researchers from Datadog on September 1, 2022, and the bug was solved on September 6. A confused deputy problem occurs when an entity that doesn’t have permission to perform an action can coerce a more-privileged entity to perform the action. AWS provides tools to protect an account if the owner provides third parties (known as cross-account) or other AWS services (known as cross-service) access to resources in your account.
READ THE STORY: Security Affairs
Spot the phish before it spots you: Tips and tricks to recognize and combat phishing attacks
FROM THE MEDIA: Since technology has become embedded in our lives, nine out of ten users have become more vulnerable and prone to scammers. These virtual con artists have started adopting black hat hacking or unethical hacking with the false intention of committing fraud, stealing sensitive data and violating privacy. According to Norton Labs’ recent study, “India witnessed over 1.5 crore cyber threats in the second quarter (Q2) this year, an average of more than 17.5 lakh attacks per day. In the April-June period, Norton thwarted over 900 million threats or around 10 million threats per day globally. During those three months, there were 22.6 million phishing attempts and 103.7 million file threats globally.”
READ THE STORY: Dataquest
WhatsApp disputes claims that it sustained a data leak
FROM THE MEDIA: Earlier this month a user on a well-known hacking community forum posted an ad claiming they were selling a 2022 database containing the mobile numbers of 487 million users of leading messaging platform WhatsApp. Allegedly, the dataset includes WhatsApp user info spanning eighty-four countries, with the top three most impacted nations being Egypt (45 million user records), Italy (35 million) and the US (32 million). The threat actor told Cybernews the US data would be sold for $7,000, while the UK’s 11 million users could be obtained for $2,500, and Germany’s set for $2,000.
READ THE STORY: The Cyberwire
NSA cyber director talks threats, opportunities
FROM THE MEDIA: The country’s top cyber warriors are dedicating “substantial resources” to combating ransomware, but attack activity is “back to as much or more than the historical norm,” Rob Joyce, director of NSA’s cybersecurity directorate, told MC in a wide-ranging interview that took place shortly before the U.S. turkey population took a sudden and entirely explicable nose-dive.
READ THE STORY: Politico
Computer crash causes chaos at Brooklyn hospitals network with ties to Hochul
FROM THE MEDIA: The computer network has crashed and been offline for more than a week at a Brooklyn hospital group chaired by a billionaire mega donor to Gov. Kathy Hochul — causing chaos for patients and medical workers, sources said Monday. Patients from Brookdale, Interfaith and Kingsbrook Jewish hospitals — part of the One Brooklyn Health System — have had to seek treatment at other hospitals amid the cybersecurity mess, which has left medical staffers unable to access patient records, sources told The Post.
READ THE STORY: NYPOST
China intensifying cyberattacks against Taiwan
FROM THE MEDIA: China launched 1.4 billion cyberattacks against Taiwan from September 2019 to August 2020, a new report by a Japanese government-funded think tank said. The attacks largely aimed to spread disinformation in Taiwan, with its authors assessing China’s cognitive warfare against Taiwan to be a “great threat,” the Japanese Ministry of Defense-affiliated Defense Research Institute said on Friday. The institute has published its China Security Report annually since 2011. This year’s report focused largely on cognitive warfare.
READ THE STORY: Taipeitimes
The Great China Reset: It’s a Little Too Early to Put Your Weapons Back in Storage
FROM THE MEDIA: After months of continuing to rally against China as the enemy, Australian PM Anthony Albanese sat down to have a 32-minute diplomatic meeting with Chinese president Xi Jinping, at the latter’s request, on 15 November 2022 in Bali, as the G20 summit was about to take place. Since then, the conversation has been revolving around the great China reset, as if the mounting war tensions this country has been following the US lead on with rising fervour since the onset of the pandemic, has somehow been swept away by this brief diplomatic interlude.
READ THE STORY: Sydney Criminal Lawyers
‘Weaponization of everything’: Putin’s hybrid warfare exposed by hidden attacks on Europe
FROM THE MEDIA: Numerous incidents across Europe are forming “part of a coherent cohesive unified effort [by Vladimir Putin] against the West”, experts have warned. Suspicious incidents have been flagged across Sweden, Britain, Norway, France, Germany, Poland, and beyond in the months following the invasion of Ukraine on February 24. The arrest of Sergey Skvortsov and Elena Koulkova in Stockholm earlier this week has highlighted Russian activity in the West which appears to be increasing amid Western support for Ukraine.
READ THE STORY: Express
Trio of new vulnerabilities allow code manipulation, denial of service (and worse) for industrial controllers
FROM THE MEDIA: Researchers at Vedere Labs disclosed a trio of new security vulnerabilities that can be used to attack automated industrial controllers and a popular piece of software used to program millions of smart devices in critical infrastructure. The bugs (tracked under CVE-2022-4048, CVE-2022-3079 and CVE-2022-3270) allow for logic manipulation and denial of service, primarily impacting products from two major German vendors: Festo automated controllers and CODESYS runtime, an application that allows developers to program smart devices and is, according to Vedere Labs, “used by hundreds of device manufacturers in different industrial sectors.”
READ THE STORY: SCMAG
CISA crucial in ensuring info sharing success under cyber incident reporting law
FROM THE MEDIA: Cybersecurity information sharing could reach a breakthrough under the recently passed Cyber Incident Reporting for Critical Infrastructure Act of 2022 but cybersecurity experts noted that its success is hinged on the implementation rules of the Cybersecurity and Information Security Agency, CyberScoop reports. Some industries will be required by the law, which is poised to be effective as late as 2025, to report hacking incidents within 72 hours and disclose ransomware payments within 24 hours, but the extent of information to be required, which is still unknown, is crucial in ensuring timely feedback with the private sector, with American Gas Association Senior Manager for Security Amanda Sramek emphasizing the industry's desire for concise information.
READ THE STORY: SCMAG
Computer crash causes chaos at The Developing Connection Between Cryptocurrency and Cybercrime
FROM THE MEDIA: The wild ride of cryptocurrencies isn’t simply influencing people that mine or exchange crypto. It just so happens, the mysterious stages that run crypto have also become progressively connected with cybercrime. A new report from Interisle Counseling Gathering found that illegal activities with cryptocurrencies grew 257% over last year (contrasted and a 61 percent expansion in phishing assaults by and large), especially for attacks on wallets and trades. Cybercriminals are using similar methods they use in other online monetary crimes on virtual monetary forms, and they are having extraordinary outcomes in their industries.
READ THE STORY: Cryptopolitan
Items of interest
Cyber-Threat Group Targets Critical RCE Vulnerability in 'Bleed You' Campaign
FROM THE MEDIA: The "Bleed You" campaign is trying to take advantage of a known remote code execution (RCE) vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions, and more than 1,000 systems are unpatched and vulnerable to compromise. The critical flaw, tracked as CVE-2022-34721, has been under active attack since September, a new report from Cyfirma warns, affecting vulnerable Windows OS, Windows Servers, along with Windows protocol and services.
READ THE STORY: DarkReading
Flipper Zero - Starter Guide (Video)
FROM THE MEDIA: The Flipper Zero, a portable multi-tool, is shown in this video interacting with transceivers for arbitrary interactions with the most popular wireless systems - RFID, NFC, BluetoothLE, infrared, and sub-1 Ghz wireless devices.
Bug Bounty bootcamp (Video)
FROM THE MEDIA: How to get experience with no experience? Have a look at bug bounty programs. Vickie Li demos Insecure Direct Object References (IDOR) and tells us how to get into bug bounty. We also discuss why her book Bug Bounty Bootcamp is a fantastic book to buy if you want to get into bug bounty. Get real world experience today.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com