Saturday, December 03, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Should Ukraine rein in its patriotic hackers
FROM THE MEDIA: When Russia invaded Ukraine in February, a 23-year-old from Kyiv who goes by Vlad decided to fight back. But instead of a rifle, he picked up the weapon he knows how to use best — his computer. Vlad, who works as an information security specialist, and his friends started to hack Russian websites and leak sensitive data. They also took control of Russian surveillance cameras to monitor the movement of enemy troops. Vlad declined to go into detail about his activities and asked The Record not to use his last name due to safety concerns — he does not serve in the military and may be criminally liable for his cyberattacks, as well as targeted by Russia.
READ THE STORY: The Record
Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices
FROM THE MEDIA: Mayors' offices and courts in Russia are under attack by never-before-seen malware that poses as ransomware but is actually a wiper that permanently destroys data on an infected system, according to security company Kaspersky and the Izvestia news service. Kaspersky researchers have named the wiper CryWiper, a nod to the extension .cry that gets appended to destroyed files. Kaspersky says its team has seen the malware launch “pinpoint attacks” on targets in Russia. Izvestia, meanwhile, reported that the targets are Russian mayors' offices and courts. Additional details, including how many organizations have been hit and whether the malware successfully wiped data, weren’t immediately known.
READ THE STORY: arsTECHNICA
Android Phone Makers’ Encryption Keys Stolen and Used in Malware
FROM THE MEDIA: While Google develops its open source Android mobile operating system, the “original equipment manufacturers” who make Android smartphones, like Samsung, play a large role in tailoring and securing the OS for their devices. But a new finding that Google made public on Thursday reveals that a number of digital certificates used by vendors to validate vital system applications were recently compromised and have already been abused to put a stamp of approval on malicious Android apps.
READ THE STORY: Wired
‘Black Panthers’ – A SIM Swap Gang Connected With Dark Web Got Arrested
FROM THE MEDIA: Spanish National Police arrested the notorious SIM-swapping gang operating under the name “Black Panthers” for various cyber crimes. The law enforcement agents arrested 55 people, including the leader heading this Black Panthers gang. The operators behind this Black Panthers committed the bank scams through SIM swapping attacks with other methods such as social engineering techniques, Vishing, Phishing, or Carding to call forwarding. There 100s of victims got scammed and this group stole around 250,000 euros.
READ THE STORY: GBHACKERS
US Air Force reveals B-21 Raider stealth bomber that'll fly the unfriendly skies
FROM THE MEDIA: In Palmdale, California on Friday, Northrop Grumman CEO Kathy Warden revealed a US Air Force warplane that had only been shown in artist renderings and is supposed to be seldom seen, the B-21 Raider. "The B-21 Raider changes everything, reaffirming peace through deterrence, advancing technology and ushering in a new paradigm in aircraft design, development, and manufacturing," said Warden. "With this aircraft, we're delivering the next generation of stealth technology designed for the US Air Force to meet its most complex missions."
READ THE STORY: The Register
A new Linux flaw can be chained with other two bugs to gain full root privileges
FROM THE MEDIA: Researchers at the Qualys’ Threat Research Unit demonstrated how to chain a new Linux vulnerability, tracked as CVE-2022-3328, with two other flaws to gain full root privileges on an affected system. The vulnerability resides in the snap-confine function on Linux operating systems, a SUID-root program installed by default on Ubuntu. The snap-confine is used internally by snapd to construct the execution environment for snap applications, an internal tool for confining snappy applications. The CVE-2022-3328 is a Snapd race condition issue that can lead to local privilege escalation and arbitrary code execution.
READ THE STORY: Security Affairs
Schoolyard Bully Malware Stealing Facebook Credentials on Android
FROM THE MEDIA: Mobile security company Zimperium’s zLabs has released a warning about a notorious Android trojan that has stolen around 300,000 credentials of Facebook users. According to zLabs, Schoolyard Bully malware is the name of malware used in a brand-new Android threat campaign that has been active since at least 2008. The attackers specifically target Facebook user credentials, and the malware is found in several applications downloaded from third-party app stores and the Google Play Store. The malware’s primary targets are based in Vietnam.
READ THE STORY: HackRead
Binance freezes $3 million worth of crypto stolen in Ankr hack
FROM THE MEDIA: Binance, one of the last remaining crypto giants, froze about $3 million worth of cryptocurrency early on Friday morning after Web3 infrastructure provider Ankr was hacked. Ankr said $5 million worth of Binance coin was stolen from the platform and that it planned to cover all of the losses suffered by its users. Another platform, Helio, confirmed that it was also hit in a connected attack. “Ankr understands the concern this has created within the community and will continue working to mitigate the situation and has already taken the necessary steps to prevent future similar incidents,” the company said on Friday.
READ THE STORY: The Record
Concern Over DDoS Attacks Falls Despite Rise in Incidents
FROM THE MEDIA: Even with the shifting threat landscape, organizations view malware, phishing, and data breaches as their biggest threats. Almost a third of respondents in Fastly's Fight Fire with Fire survey consider data breaches and data loss as the biggest cybersecurity threat to their organization over the next 12 months. Malware (29%) and phishing (26%) round out the top three. What's notable is the change in focus from 2021, when 31% of respondents named malware as their biggest threat, followed by distributed denial of service attacks (26%) and attacks targeting known vulnerabilities (25%).
READ THE STORY: DarkReading
FBI warns about Cuba, no, not that one — the ransomware gang
FROM THE MEDIA: The US government has issued an alert about Cuba; not the state but a ransomware gang that's taking millions in purloined profits. The Cuba gang has hit more than 100 organizations worldwide, demanding over $145 million in payments and successfully extorting at least $60 million since August, according to a joint FBI and US Cybersecurity and Infrastructure Security Agency (CISA) advisory. The FBI first warned about the cybercrime gang in December 2021, and since then, the victim count in the US alone has doubled. In that the same time, the ransom payments received also jumped.
READ THE STORY: The Register
Cyber Safety Review Board to probe Lapsus$ ransomware spree
FROM THE MEDIA: The Cyber Safety Review Board is set to examine the Lapsus$ ransomware gang, the U.S. Department of Homeland Security announced Friday. A prolific group, Lapsus$ has targeted a wide range of global companies and government agencies, sometimes with ruthless digital extortion, since late 2021. The 15-member board, chaired by DHS Under Secretary for Policy Robert Silvers, reviewed the ransomware group’s activities over the past year and sent recommendations to President Joe Biden via Homeland Security Secretary Alejandro Mayorkas and Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency.
READ THE STORY: Cyber Security Dive
Cloud provider Rackspace hit by ongoing 12-hour Exchange outage
FROM THE MEDIA: American cloud computing services provider Rackspace is investigating a 12-hour-long and still active outage leading to connectivity issues and affecting hosted Microsoft Exchange environments they manage for their customers. The list of impacted services includes MAPI/RPC, POP, IMAP, SMTP, ActiveSync, and the Outlook Web Access (OWA) interface used to access the Hosted Exchange instance to manage email online. "We are investigating an issue that is affecting our Hosted Exchange environments. More details will be posted as they become available," Rackspace said on Friday night, at 02:49 AM EST, when it acknowledged the outage.
READ THE STORY: Bleeping Computer
Medibank prognosis gets worse after more stolen data leaked
FROM THE MEDIA: Australian health insurer Medibank's prognosis following an October data breach keeps getting worse as criminals dumped another batch of stolen customer data on the dark web. The miscreants, believed to be linked to Russia's REvil ransomware gang, posted what they claimed to be the rest of the exfiltrated data on Thursday, adding: "Case closed." Medibank said it's still analyzing the leaked data, which includes six "sipped files in a folder called 'full' containing the raw data that we believed the criminal stole."
READ THE STORY: The Register
Will OpenAI’s ChatGPT be used to write malware
FROM THE MEDIA: New OpenAI chatbot ChatGPT could be used to generate malware, some analysts have warned. Artificial intelligence-generated code could have a devastating effect on cybersecurity, as human-written defensive software may not be sufficient to protect against it. As reported by Tech Monitor yesterday, OpenAI released the ChatGPT chatbot this week. Based on the company’s GPT-3 large language AI model, it has already proved itself adept at completing a wide variety of tasks from answering customer queries to generating code and writing complex and accurate prose based on simple prompts.
READ THE STORY: TechMonitor
Google Expands Support For Ukraine In Fight Against Russia
FROM THE MEDIA: Google announced on Dec. 1, it’s reinforcing its commitment to support Ukraine in its war conflict with Russia by announcing new steps that the company is taking to support Ukraine. The support comes after Ukrainian Vice Prime Minister of Ukraine Mykhailo Fedorov visited the Google offices in Washington, D.C., and detailed some of the challenges the nation has been facing due to the conflict in Ukraine. One of the key forms of support that Google has given the Ukrainian government is by delivering 50,000 new google workspace licenses.
READ THE STORY: Meritalk // Axios
BlackProxies proxy service increasingly popular among hackers
FROM THE MEDIA: A new residential proxy market is becoming popular among hackers, cybercriminals, phishers, scalpers, and scammers, selling access to a million claimed proxy IP addresses worldwide. The new platform was spotted by DomainTools analysts who have been watching the emergence of these services, reporting that ' BlackProxies' is one of the most quickly growing newcomers in the space. A new entity that claims such a big pool of available proxies is an important development considering that law enforcement has shut down several large proxy providers like RESNET and INSORG in the past couple of years.
READ THE STORY: Bleeping Computer
Novel DuckLogs malware-as-a-service detailed
FROM THE MEDIA: More than 6,000 victims have been compromised by the new DuckLogs malware-as-a-service operation, whose platform is being leveraged by over 2,000 cybercriminals, according to BleepingComputer. Cyble researchers discovered that DuckLogs features an info-stealing component aimed at exfiltrating hardware and software information, browser-stored account credentials and cookies, local disk files, data from messaging apps, Outlook and Thunderbird emails, FileZilla and TotalCommander data, CrypticVPN, OpenVPN, NordVPN, and ProtonVPN data, Steam, Minecraft, Battle.Net, and Uplay accounts, and Metamask, Exodus, Coinomi, Atomic, and Electrum cryptocurrency wallets.
READ THE STORY: SCMAG
Applying AI Techniques in Cybersecurity, Counterterrorism, and International Security
FROM THE MEDIA: From predicting terrorist attacks to destabilizing terrorist networks to predicting, detecting, and mitigating cyber-attacks in real time, artificial intelligence (AI) has shown potential as a valuable tool to protect against nefarious actors around the world. A newly launched Northwestern lab will help lead in developing and deploying AI technologies that serve as solutions to these global threats. Led by V.S. Subrahmanian, Walter P. Murphy Professor of Computer Science in Northwestern Engineering and a faculty fellow at the Northwestern Roberta Buffett Institute for Global Affairs, the new Northwestern Security and AI Lab (NSAIL) is conducting fundamental research in AI relevant to issues of cybersecurity, counterterrorism, and international security.
READ THE STORY: Northwestern
Ye suspended from Twitter (again)
FROM THE MEDIA: The rapper Ye, formerly known as Kanye West, has once again been suspended from Twitter after he tweeted a photo of a swastika. Meanwhile, Edward Snowden, a former NSA contractor who leaked classified information in 2013, has been granted a Russian passport and has sworn his allegiance to the former Soviet Union nation. “I tried my best. Despite that, he again violated our rule against incitement to violence. Account will be suspended,” Musk said in an early morning tweet. Thursday evening, Ye tweeted out an image of the Star of David containing a swastika inside.
READ THE STORY: The Hill
Russian Telegram channel spreads digitally modified photo of Poland’s prime minister
FROM THE MEDIA: The Russian army has been implementing defensive facilities in the Kherson region since October, preparing for either a Ukrainian army advance or an organized retreat. Russian forces remain entrenched in various parts of Kherson and southern Ukraine. Ukrainian forces reportedly damaged a rail bridge north of Melitopol that served as a critical supply route for Russian troops. After the successful Ukrainian counteroffensive in Kherson, Russian forces are likely to increase attacks on critical infrastructure, such as factories and warehouses. On November 19, the Russian armed forces attacked the Motor Sich plant in Zaporizhzhia with Iranian drones. Video emerged on Telegram of explosions at the site of the attack. The plant manufactures aircraft engines and industrial marine gas turbines.
READ THE STORY: Atlantic Council
Taiwan Semiconductor Manufacturing to Offer Advanced Chips
FROM THE MEDIA: Last week, Taiwan Semiconductor Manufacturing Co. founder Morris Chang announced that the company was planning to produce chips with advanced 3-nanometer technology. But now, TSMC will offer advanced 4-nanometer chips when its new $12 billion plant in Arizona opens in 2024. Citing unnamed sources familiar with the matter, Bloomberg is reporting that TSMC is doing this after customers like Apple, Advanced Micro Devices, and Nvidia have pushed the company into doing so.
READ THE STORY: NASDAQ
Ukraine works to keep infrastructure up as deadly Russian strikes continue
FROM THE MEDIA: Russian forces continued to shell the city of Kherson and the surrounding area, killing at least three, Ukrainian authorities said, as the nation works to maintain civilian infrastructure. There were 42 separate strikes against Ukrainian-held territory in the Kherson province alone on Thursday, the provincial governor, Yaroslav Yanushevych, said Friday. “The enemy purposefully attacks the civilian infrastructure of the region and kills civilians,” he said.
READ THE STORY: NYPOST
Experts argue 'sludge' could muck up cyber attacks
FROM THE MEDIA: Threat actors can be discouraged from attacking networks when small changes are made to make their operations more difficult. That's according to a recent paper from infosec experts at the National Security Agency (NSA), Johns Hopkins University and Fastly. Known as "sludge," the paper describes several small security steps and network conditions that create technical red tape and can potentially slow down the process of data collection and exfiltration. The concept of sludge was popularized in 2021 book titled Sludge: What Stops Us from Getting Things Done and What to Do about It by legal scholar Cass Sunstein.
READ THE STORY: TechTarget
Where Advanced Cyberttackers Are Heading Next: Disruptive Hits, New Tech
FROM THE MEDIA: In November, Ukraine's president revealed that the country's IT defenses fended off more than 1,300 Russian cyberattacks, including attacks on satellite communications infrastructure. The onslaught of cyberattacks highlights one of the shifts in advanced persistent threat (APT) attacks seen in the past year: In 2022, geopolitical tensions ratcheted up, and along with them, cyber operations became the go-to strategy for national governments. While Russia and other nations have used cyberattacks to support military actions in the past, the ongoing war represents the most sustained cyber operation to date and one that will undoubtedly continue in the coming year, experts say.
READ THE STORY: DarkRead
Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies
FROM THE MEDIA: In this attack campaign, the adversary demonstrates persistence in trying to gain access to victim environments and performs constant, and typically daily, activity within the target environment once access is gained. It is imperative for organizations to swiftly implement containment and mitigation actions if this adversary is in the environment. In multiple investigations, CrowdStrike observed the adversary become even more active, setting up additional persistence mechanisms, i.e. VPN access and/or multiple RMM tools, if mitigation measures are slowly implemented. And in multiple instances, the adversary reverted some of the mitigation measures by re-enabling accounts previously disabled by the victim organization.
READ THE STORY: CrowdStrike
The Twitter Files: Hunter’s Laptop
FROM THE MEDIA: Someone needs to go and wake up Sleepy Joe, because Twitter CEO Elon Musk is airing the social media company’s dirty laundry when it comes to #LaptopGate as if they were episodes on Netflix. Musk has made good on his threat to reveal the internal communications at Twitter that led to management and ‘community safety’ actively killing the Hunter Biden laptop story, tweeting: ‘Tune in for Episode 2 of The Twitter Files tomorrow!’
READ THE STORY: spectator
Teenagers led a group of hackers who breached some of the world's biggest tech companies.
FROM THE MEDIA: The Biden administration announced Friday the U.S. would investigate recent hacks linked to a teenage cybercriminal group that focused on extortion. The U.S. Cyber Safety Review Board, a 15-member panel of experts from across government and private sector, will probe a series of high-profile hacks by the group, known as Lapsus$. Homeland Security Secretary Alejandro Mayorkas said its goal is to "evaluate how this group has allegedly impacted some of the biggest companies in the world, in some cases, with relatively unsophisticated techniques, and determine how people can build resilience against innovative social engineering tactics and address international partnership in combatting criminal cyber actors."
READ THE STORY: CBSNEWS
Water Utility Drips Alert 4 Months After Breach
FROM THE MEDIA: South Staffordshire Water in England this week began warning customers that their personal details were exposed in a data breach, elevating their risk of identity theft. The privately owned utility serves 1.7 million Britons but won't say how many were caught up in the breach, which occurred in July, the company confirmed in August. That delayed acknowledgment happened after the Cl0p ransomware group had already taken responsibility, albeit after first erroneously fingering Thames Water Utilities as the victim. Subsequently, South Staffs Water issued a data breach notification, confirming that it was the victim, as data leaked by Cl0p suggested (see: Comedy of Errors: Ransomware Group Extorts Wrong Victim).
READ THE STORY: GovInfoSec
US must affirm Iranians’ demands: Freedom, not the Islamic Republic
FROM THE MEDIA: For eight weeks, Iranians have taken the streets with a basic rallying cry: “Woman, life, freedom!” Tehran cannot and never will heed that call — the regime is built on misogyny, killing, and tyranny. That’s why protesters have chanted “[Iranian Supreme Leader Ali] Khamenei will be overthrown this bloody year!”, “Death to Khamenei!”, and “Death to the dictator!” It is time for the U.S. to endorse what the Iranian people want: The end of the “Islamic Republic” and the establishment of a free democracy.
READ THE STORY: The Hill
Disruptions dodged as diesel shortage eases
FROM THE MEDIA: There is still a national diesel fuel shortage, but a small price drop and the reactivation of a few American refineries have avoided disruptions in the crucial traffic of trucks, trains and ships. Waco economist Ray Perryman and Texas Oil & Gas Association President Todd Staples say the scenario is getting more complex by the day. “While diesel supplies remain very tight, they are holding fairly steady,” Perryman reported. “Prices have fallen slightly over the past few weeks, though they remain elevated compared to a year ago.
READ THE STORY: OA Online
Uganda says its debut satellite launched into orbit
FROM THE MEDIA: Uganda’s first satellite has been successfully launched into orbit from the International Space Station (ISS) and the East African nation’s ground controllers were in contact with the device, the government said on Friday. The PearlAfricaSat-1 spacecraft was rocketed to the ISS by NASA on Nov. 7, alongside Zimbabwe’s ZimSat-1, with officials saying it will help Uganda monitor weather and disasters, map its mineral wealth and generate other crucial data. "Today, Friday Dec 2, 2022 at 1045 EAT Uganda’s first satellite PearlAfricaSat-1 was deployed into orbit from the International Space Station," Monica Musenero Musanza, minister for science, technology and innovation said in a statement.
READ THE STORY: DUNYAN News
Sivers Semiconductors signs $16.4 agreement with European satellite communications company
FROM THE MEDIA: Sivers Semiconductors AB ("Sivers") today announces that its business unit, Sivers Wireless, has signed a strategic development agreement worth $16.4 million (approx. 170 MSEK) with a European satellite communications company to develop several chipsets for satellite communication ground terminals. Sivers has already received purchase orders of approx. 16.1 MSEK for development work to this project from August to November 2022 (whereof 7.5 MSEK was announced on 27th of September). The agreement includes the development of multiple chips, forming the core of the customer's next generation of ground terminals, which is redefining communications by enabling ubiquitous connectivity and once-unattainable performance and functionality across a broad range of SATCOM markets.
READ THE STORY: Market Screener
Items of interest
US chip group: $52b is not enough, we need an extra $30b in federal funding
FROM THE MEDIA: America's top booster for federal semiconductor aid is arguing that the country needs to spend tens of billions more in silicon incentives to ensure it doesn't lose leadership in chip design to other countries. In a report released on Wednesday, the Semiconductor Industry Association (SIA) said the US should invest roughly $20 billion to $30 billion in semiconductor design and research and development through 2030 on top of the $52 billion in chip manufacturing subsidies that were approved by Congress in July. The group hired Boston Consulting Group to crunch numbers and lay out the reasoning.
READ THE STORY: The Register
Jammer! He Just Wanted Privacy, But This Little Device Caused Big Trouble (Video)
FROM THE MEDIA: Gary Bojczak drove a truck for a construction company that was constantly tracking his vehicle. Plugging a little dongle into the cigarette lighter could block that surveillance, but ended up causing way more problems than it solved.
Qakbot Campaign and the Black Basta Ransomware Group (Video)
FROM THE MEDIA: The Cybereason Global SOC (GSOC) team is investigating Qakbot infections observed in customer environments related to a potentially widespread ransomware campaign run by Black Basta.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com