Wednesday, November 30, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Sandworm hacking group linked to new ransomware deployed in Ukraine
FROM THE MEDIA: The notorious state-backed Russian hacking group known as Sandworm may be behind a new wave of ransomware attacks in Ukraine, according to new research from cybersecurity company ESET. Malware called RansomBoggs hit several organizations in Ukraine before it was discovered by the Slovakia-based firm last week. The attack carried multiple references to the animated film Monsters, Inc. The ransom note sent to infected computers was purportedly written on behalf of the movie’s main protagonist, the monster James P. Sullivan, whose job in the film was to scare kids.
READ THE STORY: The Record
Crafty threat actor uses 'aged' domains to evade security platforms
FROM THE MEDIA: A sophisticated threat actor named 'CashRewindo' has been using 'aged' domains in global malvertising campaigns that lead to investment scam sites. Malvertising involves the injection of malicious JavaScript code in digital ads promoted by legitimate advertising networks, taking website visitors to pages that host phishing forms, drop malware, or operate scams. The CashRewindo malvertising campaigns are spread across Europe, North and South America, Asia, and Africa, using customized language and currency to appear legitimate to the local audience.
READ THE STORY: Bleeping Computer
Cyberattackers Selling Access to Networks Compromised via Recent Fortinet Flaw
FROM THE MEDIA: Fortinet customers that have not yet patched a critical authentication bypass vulnerability that the vendor disclosed in October in multiple versions of its FortiOS, FortiProxy, and FortiSwitch Manager technologies now have an additional reason to do so quickly. At least one threat actor, operating on a Russian Dark Web forum, has begun selling access to multiple networks compromised via the vulnerability (CVE-2022-40684), and more could follow suit soon.
READ THE STORY: DarkReading
Oracle Fusion Middleware Flaw Flagged by CISA
FROM THE MEDIA: A critical bug in Oracle's Fusion Middleware Access Manager has landed on the Cybersecurity and Infrastructure Security Agency's list of known exploited vulnerabilities. The critical flaw, tracked under CVE-2021-35587, could allow a threat actor to compromise and take over the Oracle Access Manager. Oracle's Fusion Middleware is an enterprise cloud platform used by customers that include large telecom carriers and factories, according to its site.
READ THE STORY: DarkReading
Espionage group using USB devices to hack targets in Southeast Asia
FROM THE MEDIA: USB devices are being used to hack targets in Southeast Asia, according to a new report by cybersecurity firm Mandiant. The use of USB devices as an initial access vector is unusual as they require some form of physical access — even if it is provided by an unwitting employee — to the target device. Earlier this year the FBI warned that cybercriminals were sending malicious USB devices to American companies via the U.S. Postal Service with the aim of getting victims to plug them in and unwittingly compromise their networks.
READ THE STORY: The Record
ENC Security, the encryption provider for Sony and Lexar, leaked sensitive data for over a year
FROM THE MEDIA: When you buy a Sony, Lexar, or Sandisk USB key or any other storage device, it comes with an encryption solution to keep your data safe. The software is developed by a third-party vendor – ENC Security. Netherlands-based company with 12 million users worldwide provides “military-grade data protection” solutions with its popular DataVault encryption software. As it turns out, ENC Security had been leaking its configuration and certificate files for more than a year, the Cybernews research team discovered.
READ THE STORY: Security Affairs
Software-Defined Vehicles: The Convergence of IT and IoT Behind the Wheel
FROM THE MEDIA: The effects that the digital world can now have on the physical world via cyber-physical systems are more prominent than ever. Organizations need to take note, as this may provide cyber threat actors additional ways to affect a person's physical safety. The rapid development of cyber-physical systems is largely due to two things: the growth and evolution of the internet of things (IoT), and a move toward more software-centric and intrinsically internet- and cloud-reliant technologies. The internet has fast become an integral component to the operation of our devices, as connectivity enables new features that were previously not possible.
READ THE STORY: Blackberry
Binance CEO Warns Users to Be Vigilant as Dark Web Hackers Auction Off 500 Million Whatsapp Numbers
FROM THE MEDIA: Binance CEO Changpeng Zhao has warned users of an upcoming wave of phishing scams as hackers are selling up-to-date mobile phone numbers of nearly 500 million WhatsApp users. In a tweet, Zhao, who goes by the name CZ on Twitter, said over 487 million WhatsApp phone numbers are for sale on the Dark Web. He stated that the numbers seem legit and that users should be prepared to receive phishing links and scam messages.
READ THE STORY: OODALOOP
Trigona ransomware spotted in increasing attacks worldwide
FROM THE MEDIA: A previously unnamed ransomware has rebranded under the name 'Trigona,' launching a new Tor negotiation site where they accept Monero as ransom payments. Trigona has been active for some time, with samples seen at the beginning of the year. However, those samples utilized email for negotiations and were not branded under a specific name. As discovered by MalwareHunterTeam, starting in late October 2022, the ransomware operation launched a new Tor negotiation site where they officially named themselves 'Trigona.'
READ THE STORY: Bleeping Computer
Google files lawsuit accusing ‘G Verifier’ scammers of impersonating company
FROM THE MEDIA: Google announced on Tuesday that it has filed a lawsuit against a company allegedly impersonating it through telemarketing calls and manipulating reviews of Business Profiles on Google Search and Maps. A Google spokesperson shared dozens of reports sent to them from people who said they had been scammed by the company – which went by “G Verifier” – by attempting to charge people for creating Business Profiles, something Google provides for free.
READ THE STORY: The Record
Fake COVID-19 Tracking App Spreads Punisher Ransomware
FROM THE MEDIA: Remember when malicious actors were spreading Nerbian RAT through fake WHO Safety emails on COVID-19? Well, If you believe that threat actors and scammers have given up on COVID-19-related scams, then you are wrong as Punisher ransomware is out there with the help of fake COVID-19 tracking apps. It is just as important now to access reliable sources for COVID-related updates as it was back when the pandemic was at its peak.
READ THE STORY: HackRead
Maryland county disrupted by Thanksgiving cyberattack
FROM THE MEDIA: Some government systems in Maryland's Washington County have been disrupted by a cyberattack on Thanksgiving, with numerous services and websites yet to be restored, Government Technology reports. While Washington County would not be able to accept and process taxes, water and sewer service payments, and permits due to the cyber incident, phone services and 911 have not been impacted by the attack, according to the county.
READ THE STORY: SCMAG
How to find hidden data breaches and uncover threats in your supply chain
FROM THE MEDIA: A company’s supply chain is like a body’s nervous system: a mesh of interconnected manufacturers, vendors, sub-contractors, service delivery firms, even coding and collaboration tools. The connected enterprise is an efficient enterprise. Provided that the supply chain works. Supply chain topics tend to focus on manufacturing and labor. Yet there’s far less attention being given to another aspect of the supply chain, no less important: cybersecurity. When one node of the interconnected enterprise is breached, the pain can spread thick and fast.
READ THE STORY: HelpNetSecurity
Lockheed Martin's Army cyber training platform goes civilian
FROM THE MEDIA: Locheed Martin has bagged a government contract to train 17,000 remote US Army civilian employees on security readiness, and wants to also extend the offer to private entities. The defense contractor will supply the Army's Civilian Career Management Activity with its new Mission Readiness and Reporting (MR2) platform, which was originally designed for the US military's Joint Cyber Command and Control ecosystem. Lockheed Martin describes MR2 as "a simple concept" that operates similarly to other cloud-based management applications and displays data "as a customizable dashboard that monitors the capacity of personnel, teams, equipment and infrastructure."
READ THE STORY: The Register
FTX hacker reportedly transfers a portion of stolen funds to OKX after using Bitcoin mixer
FROM THE MEDIA: Hackers who drained FTX and FTX USA of over $450 million worth of assets just moments after the doomed crypto exchange filed for bankruptcy on Nov. 11, continue to move assets around in an attempt to launder the money. A crypto analyst who goes by ZachXBT on Twitter alleged that the FTX hackers have transferred a portion of the stolen funds to the OKX exchange, after using the Bitcoin mixer ChipMixer. The analyst reported that at least 225 BTC — worth $4.1 million USD — has been sent to OKX so far.
READ THE STORY: Investing
Apple helps the Chinese communists suppress protests
FROM THE MEDIA: While journalists are trying to pressure Apple into dumping Twitter from the app store, Apple is already bending its knee to the Chinese Communist Party, at the expense of protesters in China. With protests spreading across China over Xi Jinping’s zero-COVID strategy, Apple has restricted the use of AirDrop on iPhones and Apple devices in the country. Protesters use AirDrop to bypass the communist regime's censorship of the internet and communicate directly with other protesters by “forming a local network of devices that don’t need the internet to communicate,” according to Quartz.
READ THE STORY: Washington Examiner
Million-dollar bug bounties: The rise of record-breaking payouts
FROM THE MEDIA: Bug bounty rewards have breached the $1 million mark, and there are reports of even higher payouts within the ethical hacking community. But are these ‘mega bounties’ good for security researchers, and the firms that offer them? And are they truly achievable for those partaking? In early 2022, a security researcher named ‘satya0x’ earned $10 million for discovering a vulnerability in crypto platform Wormhole. The reward was paid through Immunefi and – so far, at least – stands as the largest bug bounty payout so far.
READ THE STORY: Portswigger
New Chinese cyberespionage campaign targets Asia and US
FROM THE MEDIA: A recently discovered attack campaign likely run by threat actors in China has been targeting public and private organizations in the Philippines, Europe, and the United States for perhaps as long as a year using multi-stage malware that is capable of self-replicating and is designed to steal data. The campaign may have been ongoing since September 2021 but researchers at Mandiant discovered it recently, and found that the threat actor is relying on the older technique of deploying USB drives with malware on them as the initial infection vector.
READ THE STORY: DUO
Musk suggests that he wants to "go to war" against Apple, starts lobbing "tweet grenades"
FROM THE MEDIA: These days you have to wonder just exactly what is going through the mind of multi-billionaire Elon Musk. After spending $44 billion to buy Twitter, Musk is acting like someone who never made a major decision in his life. He says one thing, reverses direction in a day and reverts back to his original thought a few days later. At this point, can Twitter board members trust him to pick which flavor of ice cream cone to buy at Baskin Robbins? After all, the ice cream purveyor offers 31 flavors.
READ THE STORY: PhoneArena
Fear of 'angry people' drove Bankman-Fried to open withdrawals for Bahamians
FROM THE MEDIA: FTX’s former CEO Sam Bankman-Fried has divulged what really went on in the days before it filed for bankruptcy when the exchange selectively reopened withdrawals — only for Bahamian users. In a telephone interview with crypto blogger Tiffany Fong, dated Nov. 16, Bankman-Fried claims to have made the decision to reopen withdrawals to Bahamian citizens as he did not want himself, nor the exchange, to be in a country “with a lot of angry people in it.”
READ THE STORY: Cointelegraph
Here’s a look at free speech absolutist Elon Musk’s ties to Chinese censorship
FROM THE MEDIA: A good portion of Elon Musk’s time since the Thanksgiving holiday has been devoted to attacking Apple, and subsequently the national media, for not supporting free speech full-throatedly enough. (He fired off five anti-Apple tweets in just 30 minutes on Monday.) His own commitment to this principle is supposedly demonstrated by his belief that his new Twitter should reinstate accounts, ranging from various neo-Nazis’ to Donald Trump’s, which had been banned for violating the platform’s rules against hate speech, bullying, and discrimination.
READ THE STORY: Fast Company
The Greatest Threats to U.S. National Security: Russia, China, and Iran/Terrorism
FROM THE MEDIA: Russia’s threat to the United States includes: direct military conflict, cyber attacks, supporting separatists, threats to freedom of navigation, and territorial expansion. On November 15, a missile blast killed two people in Poland, near the Ukraine border. Russia was the primary suspect. President Joe Biden later told the Poles that the missile was part of a Ukrainian defense system. Whether the missile actually came from Russia directly or was the indirect result of Russian shelling, the incident underscores the danger Russia poses.
READ THE STORY: Modern Diplomacy
Defense Intelligence Agency forms ‘China mission group’ to track rival
FROM THE MEDIA: The Defense Intelligence Agency is pulling together a group of analysts and experts to monitor competition with China, a world power Pentagon officials consider the leading threat to U.S. national security. John Kirchhofer, the DIA’s chief of staff, on Nov. 29 said his agency, which produces, analyzes and disseminates military intelligence, established a “China mission group” that will reach full operational capacity early next year.
READ THE STORY: Yahoo News
'Russian missiles can't destroy the cloud': Ukraine leader describes emergency migration
FROM THE MEDIA: Ukraine's Mykhailo Fedorov, vice prime minister and minister for digital transformation, spoke to press at Amazon Web Services' re:Invent conference in Las Vegas, describing how emergency migration to the cloud is securing the country's digital infrastructure. "Let me be honest with you. This is priceless. State registers and databases are critical information infrastructure," he said. According to Liam Maxwell, AWS Director of Government Digital Transformation, "in January 2022 it was increasingly clear there was going to be an attack on Ukraine from Russia.
READ THE STORY: The Register
Hackers cripple prestigious Indian hospital’s Internet systems
FROM THE MEDIA: Cyberattackers have crippled systems at one of India’s most prominent hospitals for a week, forcing the institution to operate a raft of key medical services and labs manually. The All India Institute of Medical Sciences – a hospital that’s traditionally treated the country’s top politicians – has succumbed to a ransomware attack that’s shut down centralized records since Nov 23, the institution said in a statement. India’s premier state-run teaching hospital has advised various departments to store data individually until systems can be restored, people familiar with the matter said, asking to remain anonymous disclosing sensitive information.
READ THE STORY: The Straits Times
How to Use Cyber Deception to Counter an Evolving and Advanced Threat Landscape
FROM THE MEDIA: As software supply chain attacks increase, cybersecurity talent wanes, and alert fatigue leads to burnout, an always-on, defense-first mentality will no longer suffice. While many defense strategies aim for zero incidents across an entire network, it's time to reevaluate that thinking. Take a page out of the bad actors' book by implementing new strategies that ensure fast detection and intelligence collection. Enter cyber deception. Cyber deception is a proactive cyber defense methodology that, when executed well, puts the defender in the driver's seat.
READ THE STORY: DarkReading
Stolen Twitter Data Leaked Online, Even Bigger Breach Revealed
FROM THE MEDIA: A data breach that impacted Twitter back in the summer has come back to haunt Elon Musk’s platform, after stolen data was published online. It was in July this year when Twitter was compromised by a vulnerability that had existed since late 2021. The hacker, who went by the username “devil”, began touting the Twitter database of 5.4 million users on hacker forum, Breached Forums in the summer for $30,000. Breached Forums was the same hacker forum that gained international attention in July 2022 after a data breach exposed over 1 billion Chinese residents.
READ THE STORY: Silicon
Research paves way for communications that cannot be hacked, scientists say
FROM THE MEDIA: Groundbreaking research into a phenomenon could in future render communications impossible to hack, experts have said. Scientists at Heriot-Watt University’s Institute of Photonic and Quantum Sciences made the discovery in their study of quantum entanglement. The phenomenon is when two particles – such as photons of light – remain connected, even when they are separated by vast distances. Quantum technology involves harnessing the physics of sub-atomic particles to develop ultra-high performance applications, including more powerful computing, more secure communications and more reliable navigation systems.
READ THE STORY: Independent
Hacked Twitter data includes phone numbers, personal emails for celebrities, prominent politicians
FROM THE MEDIA: More than 5.4 million user records from Twitter have been published online, exposing everything from private phone numbers to email addresses. The data, which was released for free on a popular hacking forum this month, was pilfered last December after hackers exploited an API vulnerability on the social media platform. Although Twitter says the issue was patched in January after it was reported to the HackerOne bug bounty program, numerous threat actors were able to take advantage before the vulnerability was fixed.
READ THE STORY: Daily Dot
Vulnerabilities found affecting OT products from German companies Festo and CODESYS
FROM THE MEDIA: Three vulnerabilities have been disclosed affecting operational technology (OT) products from two German companies: factory automation manufacturer Festo and automation software company CODESYS. Researchers from cybersecurity firm Forescout said two of the bugs affect Festo automation controllers and one affects the CODESYS software, which is used by hundreds of device manufacturers in different industrial sectors, including Festo. These vulnerabilities affect hundreds of industrial devices in the supply chain.
READ THE STORY: The Record
Items of interest
Data stolen in ransomware attack against North Carolina college
FROM THE MEDIA: North Carolina-based Guilford College has confirmed having sensitive student, faculty, and staff data stolen in a ransomware attack last month by the Hive ransomware gang, which posted a sample of the stolen data on Friday, reports The Record, a news site by cybersecurity firm Recorded Future. Investigation into the incident continues but law enforcement and individuals who may have been impacted by the ransomware attack have already been notified.
READ THE STORY: SCMAG
Objectives of Nation State Cyber Attackers (Video)
FROM THE MEDIA: It is important to look into the motivations of government orchestrated cyberattacks, such as SolarWinds, as understanding the threat-agent’s objectives can provide important insights to their long-term goals and potential next steps.
Understanding the Business of Cybercrime (Video)
FROM THE MEDIA: It might be easy to characterize cyber criminals as random threat actors, but plenty of them work within sophisticated organizations that function like legitimate businesses.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com