Saturday, December 24, 2022 // (IG): BB // THM:Windows RE // Coffee for Bob
Unexpected failure of Russian hackers and Ukraine’s ascendant IT expertise
FROM THE MEDIA: In the first days of the full-scale invasion, Ukrainians immediately came to the defense of their country. Some volunteered to fight at the front, other signed up for territorial defense units, while many did all they could to keep the military and civilian population supplied with everything they needed – there were many ways to help. One of them was proposed by Ukrainian IT professions who were actively developing software that allowed anyone join in the effort to crash Russian websites in a wave of DDoS attacks. Denial of Service attacks are some of the simplest types of hacking attacks; their main goal is to shut down the targeted website by flooding it with an unmanageable volume of requests. Thus, at the beginning of the invasion, Ukrainian users “killed” the websites of Russia’s Sberbank, the Kremlin, Rosneft, Roskomnadzor, mass media, and many others.
READ THE STORY: Yahoo News
Meta to pay $725 million to settle Cambridge Analytica lawsuit
FROM THE MEDIA: Meta, the parent company of Facebook, will pay $725 million to settle a class-action lawsuit filed in 2018. The lawsuit came in the wake of Facebook's revelation that it had improperly shared data on 87 million users with Cambridge Analytica, a British political consultancy tied to former President Donald Trump's election campaign. Cambridge Analytica got its access to Facebook user data via an app developed by a third party. While only around 270,000 Facebook account-holders used the "This is Your Digital Life" app, the app's permissions allowed it access to data on those users' friends. The end result was a dataset covering 87 million users that the developer than passed on to Cambridge Analytica, in contravention of Facebook's terms of service. The vast majority of those in the dataset had not given the consultancy firm permission to access their data.
READ THE STORY: HITB
Putin goes to war with Banksy after he tried to raise cash for war-torn Ukraine
FROM THE MEDIA: Mad Vlad’s cyber army has gone to war with street artist Banksy as he tries to raise cash for war-torn Ukrainians. The secretive graffiti artist is selling screen prints for the first time in eight years to help stricken folk battling for their freedom against the Russian invader’s thugs. Fifty of them are up for grabs as part of a lottery competition on the Legacy of War Foundation’s website. But the charity has revealed it has suffered thousands of “hostile attacks” around the sale of the artwork as around a million fans tried to get their hands on a print. Russian computer brutes are feared to have bombarded the site in revenge for Bristol lad Banksy’s stance on the war in a bid to scupper his efforts. It was targeted by 3,500 cyber “attacks” after encouraging the spray painter’s fans to splash out £5,000 each on a print.
READ THE STORY: Daily Star
FrodoPIR: New Privacy-Focused Database Querying System
FROM THE MEDIA: The developers behind the Brave open-source web browser have revealed a new privacy-preserving data querying and retrieval system called FrodoPIR. The idea, the company said, is to use the technology to build out a wide range of use cases such as safe browsing, scanning passwords against breached databases, certificate revocation checks, and streaming, among others. The scheme is called FrodoPIR because "the client can perform hidden queries to the server, just as Frodo remained hidden from Sauron," a reference to the characters from J. R. R. Tolkien's The Lord of the Rings. PIR, short for private information retrieval, is a cryptographic protocol that enables users (aka clients) to retrieve a piece of information from a database server without revealing to its owner which element was selected.
READ THE STORY: THN
International Piracy Mitigation Fosters Rare Collaborations
FROM THE MEDIA: Piracy is often thought to be a practice of the past, if not romanticized in fictional portrayals. But today’s pirates are eerily emblematic of 19th century pirates. While not as rampant, modern Pirates coupled with 21st-century challenges — narcotics, terrorism, and trafficking — pose serious problems. In 2020, piracy increased by 20% worldwide. Through a more targeted lens, it nearly doubled in the Indo-Pacific region. These unprecedented spikes in piracy threaten regional stability and global peace, necessitating a pointed response. America has worked tirelessly to mitigate piracy’s prevalence. To maximize efficiency, American partnerships with global powers — namely, China, Japan, and India — are expediting efforts in the Indo-Pacific. Too often have international scholars ignored these critical collaborations.
READ THE STORY: Modern Diplomacy
Since humans can't manage fusion the US puts millions into AI-powered creation
FROM THE MEDIA: Hot off the heels of the US Department of Energy's (DoE) sort-of nuclear fusion breakthrough, the agency is offering up $33 million for researchers that can wrangle artificial intelligence, machine learning, and other data resources to the cause. The aim is to get machine intelligence to speed the analysis and simulation of fusion energy and plasma sciences used on several DoE experiments. The agency is seeking proposals [PDF] for the application of AI/ML on existing public data, with an emphasis on approaches likely to support the development of a fusion pilot plant within the next few decades.
READ THE STORY: The Register
Data breach hits sports betting firm BetMGM
FROM THE MEDIA: New Jersey-based sports betting operator BetMGM has been impacted by a data breach that resulted in the theft of its customers' personal information, BleepingComputer reports. Threat actors were able to compromise BetMGM customers' names, birthdates, postal and email addresses, phone numbers, hashed Social Security numbers, and other account identifiers during the incident, which was discovered last month but is believed to have occurred in May, according to BetMGM. "BetMGM currently has no evidence that patron passwords or account funds were accessed in connection with this issue. BetMGM's online operations were not compromised. BetMGM is coordinating with law enforcement and taking steps to further enhance its security," said BetMGM, which has not yet disclosed the number of customers impacted by the incident.
READ THE STORY: SCMAG
The Vice Society may be upping its marketing game
FROM THE MEDIA: Cybersecurity firm SentinelOne discovered a new ransomware variant in use by the Vice Society group. It's custom-branded for the group, a first for these threat actors. Vice Society activity has been observed since June 2021, and was always seen utilizing third-party ransomware strains, such as “HelloKitty,” “Five Hands,” and “Zeppelin,” SentinelOne reports. The strain seen in a recent intrusion, which the firm’s researchers have dubbed “PolyVice,” appends the file extension of encrypted files to “.ViceSociety.” The recent findings that the Zeppelin ransomware strain implemented weak encryption that allowed for decryption may have been a factor in the group’s implementation of the new PolyVice variant. It is suspected that this ransomware is likely from a vendor, as Chilly ransomware and SunnyDay ransomware have identical functions, with variations only in campaign-specific details.
READ THE STORY: The Cyberwire
Shoemaker Ecco Leaks Almost 60GB Of Customer Data
FROM THE MEDIA: Shoemaker Ecco has been operating a misconfigured database for more than a year, exposing a huge tranche of sensitive information to whoever knew where to look. This is according to a new report from Cybernews(opens in new tab), whose research team recently identified 50 Ecco indices exposed to the public. In total, the database has had more than 60GB of sensitive data that’s been available since June 2021. “Millions of sensitive documents, from sales to system information, were accessible. Anyone with access could have viewed, edited, copied and stolen, or deleted the data,” the researchers said. While Ecco moved in to remedy the problem in the meantime, they did not comment on Cybernews’ findings. The database seems to be locked now, the researchers said. While scanning the web for unsecured and otherwise misconfigured databases, the research team found an exposed instance hosting Kibana, an ElasticSearch visualization dashboard, for Ecco. Kibana, as the researchers explained, helps process ElasticSearch information.
READ THE STORY: TECHNEWSBOY
Lock Bit Ransomware Gang Breaches Accenture Clients Report
FROM THE MEDIA: The LockBit ransomware group claimed that it had compromised an airport that used Accenture software and encrypted its systems using credentials obtained during the Accenture breach. Accenture disputes LockBit’s assertions. According to the ransomware group, LockBit, the customers of the consulting giant have been targeted using credentials obtained during the Accenture breach. According to the ransomware-as-a-service (RaaS) provider, they claimed to have infiltrated and encrypted the computers of an airport that used Accenture software on Wednesday. According to BleepingComputer, LockBit refuses to name particular businesses that were compromised by Accenture. Accenture refuted LockBit’s assertions in a statement to CRN.
READ THE STORY: Technology Malt
Global counter-ransomware task force to become active in January
FROM THE MEDIA: Clare O’Neil, the Australian cybersecurity minister, plans to announce in coming days that a global task force to counter ransomware will become operational next month, the latest step in a global effort that began in Washington to fight back against the growing number of cyberattacks, a senior Biden administration official told CyberScoop. As first announced during a recent summit in Washington, Australia will lead the International Counter Ransomware Task Force, which includes the U.S. and its allies, in an effort to foster greater international information sharing and exchanging capabilities to battling the global ransomware problem.
READ THE STORY: Cyberscoop
Royal ransomware tied to Conti gang
FROM THE MEDIA: Former Conti Team One threat actors have been operating Royal ransomware, which has been used in a slew of cyberattacks between September and December, SecurityWeek reports. Royal ransomware was noted by Trend Micro researchers to be a rebrand of the Zeon ransomware, which was linked in August to Conti Team One, one of the groups behind the Conti ransomware gang, which has been dismantled following a significant data leak stemming from the gang's support for Russia amid the ongoing Russia-Ukraine war. U.S. and Brazilian organizations have been the main targets of Royal ransomware, which is being delivered through callback phishing attacks that involve downloads of remote access software.
READ THE STORY: SCMAG
An In-Depth Look at Flipper Zero, the Popular Hacking Tool on Tik Tok
FROM THE MEDIA: RFID-controlled locks are widely used across the United States, and you may find one on your next hotel room’s door. Nearly twenty of these keyless entry systems, which are among the most common in the world, greeted me on my way to work the other day. However, a fun palm-sized device with a Tamagotchi-like interface may certainly bypass the locks on many of these doors. Flipper Zero, available on Amazon for $200, is a pocket-sized pen-testing tool made for hackers of varying skill levels. It’s smaller than a phone, so it’s easy to hide, and it’s packed with a variety of radios and sensors that let you intercept and replay signals from keyless entry systems, Internet of Things sensors, garage doors, NFC cards, and pretty much any other device that communicates wirelessly over short ranges.
READ THE STORY: Tech LLog
TikTok parent company ByteDance revealed the use of TikTok data to track journalists
FROM THE MEDIA: According to an email from ByteDance’s general counsel Erich Andersen which was seen by the AFP news agency, the Chinese company was attempting to discover who shared company information with a Financial Times reporter and a former BuzzFeed journalist. The company fired an undisclosed number of employees who were involved in the data leak because they violated the company’s Code of Conduct, but it did not reveal their names. In an attempt to discover the location of the unfaithful employees, the Chinese personnel analyzed their IP addresses, but this method was approximate. “Employees had obtained the IP addresses of the journalists in a bid to determine whether they were in the same location as ByteDance colleagues suspected of disclosing confidential information, a company review of the scheme led by its compliance team and an external law firm found, according to Andersen.” reported the AFP.
READ THE STORY: Security Affairs
FIN7 hacking group elevates status in cybercrime space
FROM THE MEDIA: Significant activity during the past year has made the FIN7 hacking group, also known as Carbanak, a prominent force in the cybercrime landscape, with the operation having compromised more than 8,147 victims around the world, most of which were in the U.S., according to The Hacker News. While FIN7 initially engaged in traditional social engineering tactics, the hacking group has moved to serve as an affiliate in ransomware attacks, a PRODAFT report revealed. Microsoft Exchange vulnerabilities have also been weaponized by the hacking group to infiltrate its targets. Aside from leveraging double extortion techniques, FIN7 has also engaged in distributing backdoors to already impacted systems, said researchers.
READ THE STORY: SCMAG
Xavier University Might Have Lost Personal Data in Hack
FROM THE MEDIA: Xavier University's computer network was hit by a cyberattack last month, potentially compromising students and employees' personal information, according to an email sent Thursday to students and staff. University President Reynold Verret said in the email that a network disruption on Nov. 22 prompted Xavier to hire cybersecurity experts to investigate. The disruption was determined to be an "encryption event," Verret said. "We have since learned that malicious actors claimed to have stolen personal information from students and employees during the event." Verret added that officials are now identifying and notifying those who might have had their data stolen. It's not clear how many individuals were affected, or when students and staff were first notified of the breach. Verret didn't say whether the theft of personal information had been confirmed beyond the hackers' assertions.
READ THE STORY: GT
Toronto children’s hospital confirms it was hit by ransomware
FROM THE MEDIA: The impact of the ransomware attack that hit Toronto’s Hospital for Sick Children may last for weeks. In an online statement today the hospital said it anticipates that it will be a matter of weeks before all systems are functioning as normal. There is no evidence to date that personal information or personal health information has been impacted. Clinical and operational teams are implementing backup procedures for systems that are not yet accessible, the statement says. “This is a fluid and evolving situation that is still under investigation,” it adds. “While we can confirm this is a ransomware attack, SickKids has been preparing for attacks of this nature, and mobilized quickly to mitigate potential impacts to the continuity of care. We have rapidly engaged with third-party expert organizations and law enforcement to bring a resolution to the situation as quickly as possible.”
READ THE STORY: ITWorld Canada
NFT Marketplace OpenSea Confirms Ban on Cuban Artists
FROM THE MEDIA: Citing U.S. sanctions on Cuba, OpenSea, the world’s largest marketplace for non-fungible tokens (NFT), said today that it's banning digital artists from all countries sanctioned by the United States. The ban came to light last week after NFTcuba.ART, a project that helps Cuban artists succeed in the NFT industry, tweeted that OpenSea had disabled its profile on the marketplace. Not only "Cubans on the island, but those who have other nationalities have to endure censorship in web3 company,” wrote NFTcuba.ART. The project asserts that the sanctions are being applied unfairly to Cuban artists who are living outside the island nation.
READ THE STORY: Decrypt
Morocco ‘tried to bribe MEPs’ over EU spyware investigation
FROM THE MEDIA: Morocco tried to bribe MEPs to obtain information about a European parliament inquiry into its use of Pegasus spyware, Belgian prosecutors believe. Morocco’s intelligence agency allegedly made payments after it was accused of using the Israeli hacking tool to spy on President Macron and French government ministers. The claims, which were made in Belgian prosecution documents seen by the Italian newspaper La Repubblica, add to the “Qatargate” scandal in which four people have been arrested on suspicion of taking bribes after police found hidden sacks of cash. So far the scandal has focused on allegations that Qatar paid bribes to MEPs to soften the EU stance on its human rights record, an accusation denied by the Gulf state.
READ THE STORY: The Times
China's space station releases small test satellite into orbit
FROM THE MEDIA: China has released a small test satellite into orbit from its recently completed Tiangong space station. The satellite was released from a deployer on the Tianzhou 5 cargo ship, which is currently docked at Tiangong. Tianzhou 5 launched on Nov. 12 with the primary mission of delivering supplies to the space station to support the three Shenzhou 15 mission astronauts but also carried a number of cubesats. The 26.5-pound (12 kilograms) satellite designated XW-4 (CAS-10) was released at 9:30 p.m. EST on Dec. 17 (0130 GMT on Dec. 18). The small spacecraft, also known as the Macao Student Science Satellite 1, carries both optical camera and radio payloads. These will be available for amateur radio operators on the ground to use for two-way communications and to send instructions for taking images.
READ THE STORY: Space
The PLA’s Strategic Support Force and AI Innovation
FROM THE MEDIA: In recent years, as progress in artificial intelligence (AI) has accelerated, nearly every major power has pledged to develop advanced AI capabilities and effectively integrate AI into their armed forces. Yet none have pursued those efforts as purposefully as China. Not only has Beijing issued an ambitious plan to make China the world’s leading AI power by 2030, but the Chinese Communist Party (CCP) has unveiled an aggressive innovation-driven strategy for the Chinese military, the People’s Liberation Army (PLA). Likewise, Xi Jinping, the General Secretary of the CCP, has consistently emphasized China’s commitment to AI development and “intelligent warfare”– most recently in his landmark report this fall to the 20th Party Congress. If China’s strategic ambitions for AI are clear, how it intends to integrate AI into the PLA remains opaque. The CCP’s goals for militarized AI are still shrouded in mystery, even as the PLA clearly views AI as a technology that will be vital for driving next-generation warfare.
READ THE STORY: Brookings
Blockware Customer Accuses Bitcoin Mining Firm of Fraud
FROM THE MEDIA: Bitcoin mining equipment and hosting provider Blockware Solutions was accused by a customer in a lawsuit of breach of contract, negligence, deceptive trade practices and fraud. The case, filed in U.S. federal court in the Northern District of Illinois on Dec. 17, centers around an allegation that Blockware sold Faes & Co. 50 mining rigs for $525,000. But, Faes said in the lawsuit, “Blockware did not actually own or operate a facility to host the miners and was not capable of doing so reliably.” Also, the facilities owned by third parties that Blockware could tap didn’t have reliable power, resulting in subpar service, according to the suit. “As a result, Faes’ miners under Blockware’s management and control have experienced prolonged downtime and inoperability due to lack of power, resulting in significant loss of revenue,” Faes argued. Faes said it has suffered at least $250,000 of damages.
READ THE STORY: Yahoo Finance
Web3 projects would rather get hacked than pay bounty: Finance Redefined
FROM THE MEDIA: Uniswap, one of the leading decentralized exchange platforms, is integrating debit and credit card support for its users. It will allow Uniswap users to buy cryptocurrency directly with their cards. An ex-employee caused Ankr protocol’s recent $5 million hack. The DeFi protocol alerted relevant authorities and is seeking to prosecute the attacker while shoring up its security practices. A Web3 developer has claimed that many crypto ecosystem projects would rather get hacked than pay bounties. After reporting and helping patch a smart contract vulnerability, the developer claims that the projects he helped started to ignore him. However, despite a tumultuous year, DeFi, nonfungible tokens (NFTs) and blockchain games drove decentralized application (DApp) usage across the industry, according to DappRadar’s 2022 report.
READ THE STORY: CoinTelegraph
Ukraine official urges 'liquidation' of Iranian weapons factories
FROM THE MEDIA: A top Ukrainian presidential aide called for the "liquidation" of Iranian factories making drones and missiles, as well as the arrest of their suppliers, as Kyiv accused Tehran of planning to supply more weapons to Russia. Writing on Twitter on Saturday, Ukrainian presidential aide Mykhailo Podolyak said Iran "blatantly humiliates the institution of international sanctions", before calling for the destruction of Iranian weapon factories in response. Kyiv has accused Tehran of supplying 1700 Shahed-136 loitering munitions to Moscow, which it says have been used to hit targets in Ukraine since September. Iran denies the allegations. Ukraine's espionage chief said in an interview released on Friday that Russia had already launched around 540 of the drones at military and energy targets in Ukraine.
READ THE STORY: Reuters
Artificial Intelligence’s Paradoxes: Easy But Hard To Implement, Lacking Talent But Easing Talent Shortages
FROM THE MEDIA: Listen to the experts and vendors discuss the state of artificial intelligence these days, and one can be forgiven for feeling confused about what it takes to bring AI to the table in a realistic way. Is it a complex undertaking that requires profound planning, or something that is becoming inherent in just about every solution now available? Is it too hard to find talent to create AI, or is AI filling talent gaps? Is AI driving digital transformation, or does digital transformation spur AI adoption? There’s no question that spending on artificial intelligence keeps rising. ROBO Global research, for one, projects that AI and machine learning spending will top $375 billion by 2025.
READ THE STORY: Forbes
Items of interest
China Denies Operating 'secret Police Stations' Abroad As South Korea & Japan Launch Probe
FROM THE MEDIA: The Chinese government has denied operating a "secret police station" in South Korea to monitor and intimidate Chinese nationals in an effort to maintain Beijing's influence over them, as per a report from South China Morning Post. A spokesperson for the Chinese foreign ministry on Thursday stated that China adheres to the principle of non-interference in other countries' internal affairs, follows international law, and respects the judicial sovereignty of all countries. Some time ago, a Spain based human rights group named Safeguard Defenders had claimed that China was operating police stations in 53 countries, including in South Korea and Japan.
READ THE STORY: Republic World
BruCON 0x0D - Automating Binary Analysis with Ghidra's P-Code (Video)
FROM THE MEDIA: "Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate“
CTF Minute Episode 4: Basic Binary Analysis to own CTF's (Video)
FROM THE MEDIA: CTF Minute Episode 4: Basic Binary Analysis methodology: Looking at using tools such as strings, XXD, and Ghidra to gain fast points in the basic binary analysis ctf rounds.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com