Monday, December 19, 2022 // (IG): BB // THM:Windows RE // Coffee for Bob
Where does Russian disinformation incubate in US
FROM THE MEDIA: The war in Ukraine is being decided on the battlefields in the south and east of the country. But how it’s discussed in America helps shape those battlefields. Military aid from the West has helped Ukrainian forces turn the tide. Economic aid has allowed the Ukrainian economy to cling to life after a third of it was ripped away by the invasion. The Kremlin prepared for this. Over the years, it has done its best to cultivate a discordant chorus of pro-Russian and anti-establishment voices. They slander Ukraine, vindicate Russia’s imperialism, and blame NATO for Russia’s war of aggression.
READ THE STORY: The Financial
New Agenda Ransomware Variant, Written in Rust, Aiming at Critical Infrastructure
FROM THE MEDIA: A Rust variant of a ransomware strain known as Agenda has been observed in the wild, making it the latest malware to adopt the cross-platform programming language after BlackCat, Hive, Luna, and RansomExx. Agenda, attributed to an operator named Qilin, is a ransomware-as-a-service (RaaS) group that has been linked to a spate of attacks primarily targeting manufacturing and IT industries across different countries. A previous version of the ransomware, written in Go and customized for each victim, singled out healthcare and education sectors in countries like Indonesia, Saudi Arabia, South Africa, and Thailand.
READ THE STORY: THN
Elon Musk looks set to step down as Twitter boss as 57% vote for his removal
FROM THE MEDIA: Elon Musk looks set to step down from the top job at Twitter after just two months, if he respects the results of an online poll launched on Sunday night. Around 57% of 14 million voters had said that Mr Musk should resign as Twitter chief executive with around three hours to go until the poll closed. Mr Musk launched the Twitter poll on Sunday night after having watched Argentina beat France in the World Cup final in Qatar. “Should I step down as head of Twitter? I will abide by the results of this poll,” he tweeted, along with the options “Yes” or “No”. The 12-hour poll was launched at 11.20pm on Sunday night. Since then the billionaire Tesla boss has also tweeted that people should be careful what they wish for, but denied that he has already selected his potential replacement. “No one wants the job who can actually keep Twitter alive. There is no successor,” Mr Musk said.
READ THE STORY: Independent
Frustrated Over Controlling Internet, Iran May Cut It Altogether
FROM THE MEDIA: Frustrated over how to block the Internet that savvy Iranians would not circumvent, the Islamic Republic seems to be about shutting down access to the WWW. The regime has given a 10-day deadline to the American company Meta Platforms, the owner of WhatsApp Messenger and Instagram, to establish offices in the country if they want its applications unblocked. The purpose of this move is to have control over its activities, a demand snubbed by the company. Facebook, YouTube and Twitter are also blocked. Instagram is the only major international platform still accessible, which Iranians use extensively to conduct ecommerce. This is one major impediment to parliament’s plan for shutting down all foreign social media networks. The demand had already seemed unreal, but many believe that the regime wanted to have an excuse to block the media platforms for good as it seems unable to stop the flow of information about the protests both within the country and to the outside world.
READ THE STORY: Iran International
Social Engineering Strikes Again As $1M+ Bored Ape Collection Stolen
FROM THE MEDIA: Bored Ape Yacht Club NFTs have become a staple in crypto culture. As one of the most recognizable collections in the NFT landscape, that too has come with a major target for scammers, hackers, and other unsavory players. As the NFT space grows, so too does the sophisticated nature of exploits and hacks. Over the weekend, this was on prime display, as a sophisticated scheme resulted in a major Bored Ape collection heist. Hacking and exploits targeting Bored Ape owners are nothing new. Case studies surrounding the collection span for well over the past year: from Hollywood actor Seth Green, to entire Discord exploits, we’ve seen a whole garden variety of successful BAYC exploit attempts. While it’s no fault of Yuga Labs, these exploits continue to shine light on how vital wallet security is for holders of the popular NFT collection. Furthermore, these types of exploits are far from being exclusive to Bored Ape Yacht Club, and typically exist across all of the major ‘blue chip’ NFT collections.
READ THE STORY: BITCOINIST
Foxconn fine for unauthorized China investment likely to be imposed soon
FROM THE MEDIA: Foxconn (2317.TW), the world's largest contract electronics maker, is likely to be fined soon by Taiwan's government for an unauthorised investment in a Chinese chip maker, a person with direct knowledge of the situation said on Monday. Taiwan, which Beijing views as sovereign Chinese territory, has turned a wary eye on China's ambition to boost its semiconductor industry and is tightening legislation to prevent what it says is China stealing its chip technology. Foxconn, a major Apple Inc (AAPL.O) supplier and iPhone maker, disclosed in July it was a shareholder in embattled Chinese chip conglomerate Tsinghua Unigroup, but said late on Friday it would be selling the stake. Taiwan said on Saturday it would fine Foxconn over the investment. Taiwan's government, which needs to clear all outbound investments, had not approved the deal. Taipei also prohibits companies from building their most advanced chip foundries in China to ensure they do not site their best technology offshore.
READ THE STORY: Reuters
The Ransomeware Hunting Team
FROM THE MEDIA: The Source" —Earlier this month, Rackspace was hit by a ransomware group that took customers' data. Potentially, this group has held onto this data in exchange for ransom, but the company has not said either way due to the investigation run by the FBI. This unfortunately is not a new story, and as of 2022, almost half of all data breaches began with stolen credentials. Ransomware attacks target businesses, hospitals and nonprofits and hold the data from their customers or employees for ransom. Damages from ransomware as a whole are likely to exceed $30 billion dollars by 2023. Many believe the FBI may not have enough manpower to combat these ransomware attacks, and that is where an informal, largely self-taught coalition of code crackers comes in. Renee Dudley and Daniel Golden write in their book about this group of people. “The Ransomware Hunting Team: A Band of Misfits' Improbable Crusade to Save the World from Cybercrime” tells the story of these code crackers who work tirelessly to defend cyber storage.
READ THE STORY: TPR
Glupteba botnet is back after Google disrupted it in December 2021
FROM THE MEDIA: In December 2021, Google announced it has taken down the infrastructure operated by the Glupteba botnet, it also sued Russian nationals Dmitry Starovikov and Alexander Filippov for creating and operating the botnet. The blockchain-enabled botnet has been active since at least 2011, researchers estimated that the Glupteba botnet was composed of more than 1 million Windows PCs around the world as of December 2021. The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. Now researchers from Nozomi Networks reported that the Glupteba botnet is back, and researchers reported a surge in the number of infections worldwide. Experts noticed a significant increase of malicious bitcoin addresses along with the increase in TOR hidden service being used as C2 servers.
READ THE STORY: Security Affairs
TikTok denies setting up 'illegal operations' in Taiwan
FROM THE MEDIA: TikTok's Chinese owner denied on Monday setting up a subsidiary company in Taiwan after the island's authorities said they were investigating the social media app for running "illegal operations".
The Mainland Affairs Council (MAC), Taiwan's top China policy-making body, said the cabinet had requested a multi-agency investigation during a meeting on security issues posed by TikTok earlier this month. The case was also forwarded to prosecutors for investigation after a local company allegedly engaged in business activities in Taiwan on behalf of ByteDance, TikTok's Chinese parent firm, MAC said without elaborating. Chinese internet and social media platforms are banned from operating businesses in Taiwan under local laws. ByteDance said on Monday it had no presence in Taiwan. "The recent reports suggesting ByteDance has set up a subsidiary in Taiwan are incorrect," a spokesperson told AFP.
READ THE STORY: ET
Russia scientists' bid to revive prehistoric viruses is 'very, very risky', says expert
FROM THE MEDIA: Attempts by scientists in Russia to revive ancient viruses could be "very, very risky", an expert has warned. Boffins at the Vector research center in Novosibirsk in Siberia are analyzing the remains of mammoths, woolly rhinoceroses and other Ice Age animals. They are trying to identify and revive prehistoric viruses, known as paleoviruses, that have been laying dormant for almost half a million years. The team aims to extract and study the infections that caused their deaths, reports The Daily Star. But experts say it’s “very very risky” as viruses that killed mammoths and other prehistoric animals would also be able to infect humans. Professor Jean-Michel Claverie, from the National Centre of Scientific Research at the University of Aix-Marseille, said: “The Vector research is very, very risky. “Our immune systems have never encountered these type of viruses. Some of them could be 200,000 or even 400,000 years old. I would not be very confident that everything is up to date.”
READ THE STORY: WalesOnline
Facebook Cracks Down on Spyware Vendors from U.S., China, Russia, Israel, and India
FROM THE MEDIA: Meta Platforms disclosed that it took down no less than 200 covert influence operations since 2017 spanning roughly 70 countries across 42 languages. The social media conglomerate also took steps to disable accounts and block infrastructure operated by spyware vendors, including in China, Russia, Israel, the U.S. and India, that targeted individuals in about 200 countries. "The global surveillance-for-hire industry continues to grow and indiscriminately target people – including journalists, activists, litigants, and political opposition – to collect intelligence, manipulate and compromise their devices and accounts across the internet," the company noted in a report published last week. The networks that were found to engage in coordinated inauthentic behavior (CIB) originated from 68 countries. More than 100 nations are said to have been targeted by at least one such network, either foreign or domestic.
READ THE STORY: THN
Spyware's threat to democracies
FROM THE MEDIA: We've been reporting on the wave of mass protests in places like China, Iran and Russia in recent months, places where citizens have taken to the streets in defiance of their government's deep hostility to that kind of dissent. But a recent piece in Foreign Affairs outlines a terrifying new trend that could thwart movements like this - the use of spyware to track individuals. And it's not just autocratic regimes. According to political scientist Ronald Deibert, democratic countries are beginning to rely on this software, too. And because this technology is largely unregulated, he argues that's likely to get worse. Deibert directs the Citizen Lab at the University of Toronto. His group tracks cyberespionage around the world. NPR's Michel Martin sat down with him to talk about his piece in Foreign Affairs, which is entitled "The Autocrat In Your iPhone: How Mercenary Spyware Threatens Democracy." And he began by explaining why this software is becoming more common as a way to track dissent around the world.
READ THE STORY: NPR
Greek prosecutor slams unflattering comparisons to Belgium’s Qatargate probe
FROM THE MEDIA: Greece’s Supreme Court prosecutor lashed out against media criticizing Greek judicial authorities by comparing them unfavorably with the Belgian investigators handling of the Qatargate scandal. He called for an extensive tax audit of media organizations. “It is not possible for a section of the press, taking advantage of an essentially completely ineffective press law, to turn and vilify anyone who, in the exercise of his duties, does not act in accordance with its wishes, its suggestions and even its dictates,” Isidoros Dogiakos said late on Saturday in the general assembly of the union of public prosecutors. The comments by Dogiakos come after sustained criticism — primarily by left-leaning news outlets and opposition politicians — of the judicial authorities in Athens for their handling of an ongoing probe of a Greek wiretapping scandal. That criticism has reached a crescendo in recent days, with comparisons to the relative speed and efficiency with which Belgian authorities have acted in their investigation of alleged corruption at the European Parliament.
READ THE STORY: POLITICO
After outcry over blocking links to Mastodon, Twitter announces ban on "promotion" of other social platforms
FROM THE MEDIA: Twitter today announced it would "no longer allow free promotion of certain social media platforms" on the site, specifying "Facebook, Instagram, Mastodon, Truth Social, Tribel, Nostr and Post." The one of those that matters, though, is Mastodon, the fast-growing network to which Twitter users—especially celebrities and media personalities—are flowing in droves since the site was bought by mercurial billionaire Elon Musk. One in three children in the UK lie about their age on social media, Ofcom says If it sounds like another haphazard effort to "policify" Musk's capricious and censorial outbursts, the evidence was already in: in recent days users trying to post links to Mastodon reported that they were falsely flagged as "potentially harmful" or as "malware."
READ THE STORY: BOINGBOING
Items of interest
North Korea confirms 'important' spy satellite test for April launch
FROM THE MEDIA: North Korea's state media KCNA said on Monday the country conducted an "important, final phase" test on Sunday for the development of a spy satellite, which it seeks to complete by April 2023. The report was released a day after the South Korean and Japanese militaries reported the isolated North's launch of two intermediate-range ballistic missiles towards its east coast. Pyongyang's National Aerospace Development Administration (NADA) conducted the test at its Sohae satellite launching station in the northwest to review its capability of satellite imaging, data transmission and ground control systems, according to KCNA. A vehicle carrying a mock satellite, which also included a 20 meter resolution full-color camera, two multi-spectra cameras, image transmitters and receivers, a control device and a storage battery, was fired at the "lofted angle" of 500 km (311 miles).
READ THE STORY: Reuters
Command Line Hacking – Over The Wire Bandit Walkthrough (Video)
FROM THE MEDIA: Improve your cybersecurity and Linux skills by solving challenges in the Bandit Wargame from OverTheWire. This video is a walk through of how to solve the challenges—but make sure to try each on your own before watching the solution!
Full Ethical Hacking Course - Network Penetration Testing for Beginners (Video)
FROM THE MEDIA: Learn network penetration testing / ethical hacking in this full tutorial course for beginners. This course teaches everything you need to know to get started with ethical hacking and penetration testing. You will learn the practical skills necessary to work in the field. Throughout the course, we will develop our own Active Directory lab in Windows, make it vulnerable, hack it, and patch it.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com