Tuesday, December 27, 2022 // (IG): BB // THM:Windows RE // Coffee for Bob
Starlink reports nearly 100 active terminals in Iran
FROM THE MEDIA: Twitter CEO and SpaceX Chief Executive Elon Musk said on Monday that his company, Starlink is now close to having 100 active internet satellites in Iran. This number have been achieved within three months after Musk tweeted that he would be activating the Starlink-operated satellite internet service in Iran amid protests. Musk revealed this in a tweet on Monday, "approaching 100 starlinks active in Iran". Starlink is a satellite internet constellation operated by SpaceX which provides satellite internet access coverage to 45 countries. As of December 2022, Starlink has over 3,300 mass-produced small satellites in low Earth orbit (LEO), which communicate with designated ground transceivers. Starlink satellite internet is easily available and can be ordered by checking the availability of the satellite service in your area on the official website of Starlink. The Starlink internet kit comes with a WiFi router, cables, base and of course the Starlink satellites.
READ THE STORY: WION News // TeslaRati
China linked to Daxin Malware
FROM THE MEDIA: As part of a long-running espionage effort directed by threat actors with ties to China from at least 2013, a previously unknown espionage tool has been used against specific governments and other targets of critical infrastructure. The backdoor, known as Daxin, was described as a highly developed piece of malware by Broadcom’s Symantec Threat Hunter team. It allowed the attackers to conduct a number of communications and information-gathering operations against targets in the telecom, transportation, and manufacturing industries that are strategically important to China. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) stated in a separate advisory that “Daxin malware is a highly sophisticated rootkit backdoor with complex, stealthy command-and-control (C2) functionality that enables remote actors to communicate with secured devices not directly connected to the internet.”
READ THE STORY: Technology Malt
Sandworm APT and Centreon Monitoring Software
FROM THE MEDIA: The Centreon IT monitoring software has been compromised by the “Sandworm group,” a group of Russian military hackers.
Russian hackers have a notorious history of taking part in prominent cyberattacks. And possibly the greatest of them all was the one that was uncovered in the latter part of last year when a U.S. cybersecurity firm called FireEye, which creates hacking tools, found that its own systems had been compromised. This breach, which remained mostly unreported throughout 2020, was carried out by the Russian organization Cozy Bear, also known as APT29. Add to that the recent breach, which Russian military hackers are thought to be responsible for, according to the French cybersecurity organization, ANSSI (Agence Nationale de la Sécurité des Systèmes information). The operation that broke into the internal networks of many French organizations using the Centreon IT monitoring software appears to have been carried out by hackers also known as the Sandworm group.
READ THE STORY: Technology Malt
Linux Foundation’s AgStack Project will build dataset of field boundaries
FROM THE MEDIA: On Dec. 20, the Linux Foundation announced its AgStack Project, which will host an open-source code base, along with a fully automated, continuous computation engine that will maintain a global dataset of boundaries for agricultural fields. The AgStack Asset Registry dataset will aid food traceability, carbon tracking, crop production, and other field-level analytics. This ‘registry’ is designed to continuously update using data from satellites and real field registrations that contain boundary information, which will train machine learning models to ascertain more boundaries, among other capabilities. Agricultural datasets are rarely public information. By using computer science and artificial intelligence (AI), users can create global field boundaries as a digital open source for public use, which can help farmers, agricultural companies, and the public manage crop production, study management practices, assess levels of productivity, monitor the spread of pests and diseases and more.
READ THE STORY: GPS World
Ransomware Attack Disrupts Antwerp City Services via a Digital Partner
FROM THE MEDIA: Digital city services of Antwerp, Belgium, went offline after a ransomware attack compromised the city’s digital partner. According to Het Laatste Nieuws (HLN), hackers gained access to servers belonging to the city’s digital services provider Digipolis, impacting almost all windows applications. The ransomware attack occurred within weeks of Ragnar Locker publishing 16 years’ worth of data, including investigation reports, from Antwerp’s Zwijndrecht police unit. Local media reported that the ransomware attack affected residential care centers for seniors, especially Antwerp Healthcare Company (Zorgbedrijf Antwerpen).
READ THE STORY: CPO
China’s Insatiable Hunger for Espionage and the ‘Thousand Grains of Sand’ Tack
FROM THE MEDIA: TikTok has everyone swept up in its short-form video wave, but the platform has a dark side. Bytedance, the company behind the viral sensation, has been exposed yet again as being an espionage front for the Chinese government. However, this isn’t news to anyone, as China has made spy work an integral part of its geopolitical policy. While many countries world over have just begun to wisen up to China’s insatiable hunger for sensitive information, India set a precedent by cutting off Chinese surveillance efforts at the beginning of 2020. Many panned the move vehemently, calling it anti-Chinese, however, this pre-emptive move may have helped preserve the privacy of millions of Indian citizens.
READ THE STORY: AIM
FIN7, the Notorious Cybercrime Group, Seeks to Breach Corporate Networks with Microsoft Exchange
FROM THE MEDIA: A Swiss cybersecurity firm, Prodaft, has recently released a report about FIN7, deeming it one of the deadliest cybercrime groups on the planet that mainly targets corporations with vulnerabilities. The group uses an auto-attack system, Checkmarks, to breach corporate networks with Microsoft Exchange vulnerabilities. It chooses its targets based on financial size, total employees, vulnerability, and other criteria. “FIN7 group is known to hold a notorious status due to their achievement in deploying extensive backdoors in leveraging software supply chains, distributing malicious USB sticks, and cooperating with other groups,” read the report’s overview. Prodaft claims to have gained a sneak peek into the group’s “inner workings”. The company obtained information about “their organizational structures, identities, attack vectors, infrastructures, and proof-supported affiliations with other ransomware groups.”
READ THE STORY: TechGenix
North Korean hackers targeted nearly 1,000 South Korean foreign policy experts
FROM THE MEDIA: South Korean authorities believe North Korean hackers, working for the government, have targeted at least 892 foreign policy experts in the country. The efforts focused on members of think tanks and academics, dating back to April. The attacks began with spear phishing emails, often claiming to be from figures in South Koreas political system. These usually included either links to fake sites or viruses as attachments. The ploy, while not particularly sophisticated, was enough to fool at least a handful of victims. The result was that several prominent experts had their personal data stolen, email lists compromised (exposing more people to the hackers), and 13 companies (primarily online retailers) were victims of ransomware. Although police believe only 49 recipients actually handed credentials over to the fakes sites and only two companies paid the 2.5 million won ($1,980) ransom, it's difficult to judge the full scale of the fallout.
READ THE STORY: Yahoo News
Ransomware: The Unwanted Gift Hackers Keep on Giving
FROM THE MEDIA: Since the outbreak of the coronavirus pandemic in 2020, many organizations have struggled to stay a step ahead of attackers who are taking advantage of remote workforces and rapidly adopted technologies—many of which don’t have the same cyber protections and training we might have once expected in an onsite business world. As such, your organization may now be more vulnerable than ever. And, this holiday season, as your workers get distracted thinking about the holidays and sometimes slower-than-average workflows at year-end, they very well put their guards down, further opening doors for threat actors to take advantage of your security weaknesses.
READ THE STORY: Security Boulevard
Cybersecurity researchers exposed new evasion techniques adopted by an advanced malware downloader called GuLoader
FROM THE MEDIA: CrowdStrike researchers d a detailed multiple evasion techniques implemented by an advanced malware downloader called GuLoader (aka CloudEyE). GuLoader uses a polymorphic shellcode loader to avoid traditional security solutions, the experts mapped all embedded DJB2 hash values for every API used by the malicious code. The malware uses an anti-analysis technique to avoid execution in virtualized environments. “In dissecting GuLoader’s shellcode, CrowdStrike revealed a new anti-analysis technique meant to detect if the malware is running in a hostile environment by scanning the entire process memory for any Virtual Machine (VM)-related strings.” reads the analysis published by CrowdStrike.
READ THE STORY: Security Affairs // THN
ZEROBOT BOTNET can now hack into APACHE Spark Servers
FROM THE MEDIA: Malware activities carried out by botnets pose a danger to devices and networks that is always developing. Due to the fact that Internet of Things (IoT) devices’ setups often leave them open to attack, threat actors target these devices in order to enlist them into nefarious activities. Additionally, the number of internet-connected devices continues to increase. Operators are redeploying malware for a range of distributions and aims, changing existing botnets to expand operations, and adding as many devices as possible to their infrastructure, according to recent trends. An example of a threat that is always adapting is Zerobot, which is a Go-based botnet that spreads largely via vulnerabilities in Internet of Things (IoT) devices and online applications. The malware’s controllers are continually adding new exploits and capabilities to it.
READ THE STORY: Security Newspaper
Island Hopping Attacks: What They Are and How to Protect Yourself
FROM THE MEDIA: Island hopping probably sounds more like an activity you'd carry out in the Bahamas rather than an attack strategy, but it's actually used quite often by cybercriminals looking to target networks without directly hacking into them. So, what is an island hopping attack, and how can you protect yourself against it? The term "island hopping" comes from World War II. The US Forces wanted to get to mainland Japan and had to move from island to island, using each as a launching pad for the next, with the mainland as the primary target. It was known as leapfrogging at the time. In an island hopping attack, the threat actors go after your partners and other third-party associates, using their cyber vulnerabilities to hop onto your more secure network.
READ THE STORY: MUO
Space Tech 3D-printing satellites to bring SWFL into the space business
FROM THE MEDIA: A Southwest Florida tech company is preparing to launch itself and the local economy into space in 2023 using 3D-printed satellites. Space Tech founder Wil Glaser set his sights sky-high, hoping what is now just a model rocket will carry his company into the future. “It’s kind of ‘eye on the prize’ because eventually, our satellites will be launching on something similar, like a Falcon 9,” Glaser said. “We’re going to be developing satellites and making satellites and then developing other space applications.” And the application Glaser and his tech team want to use to get into space is a unique form of 3D-printed cube satellite. Glaser says the benefit of using 3D printers is being able to take something from concept to completion in a matter of days. “We got to be on, like, version 20, something like that,” said Space Tech engineer Mike Carufe. “We have five different variants of each version.”
READ THE STORY: W
S. Korea officials apologizes for not downing DPRK drones
FROM THE MEDIA: South Korea's military apologized on Tuesday for failing to shoot down five North Korean drones that crossed their shared border after facing wide criticism over its lack of readiness. Monday's incursion prompted Seoul to fire warning shots and deploy fighter jets and attack helicopters to shoot down the drones, one of which flew close to the capital. "Yesterday, five enemy drones invaded South Korean airspace, and our military detected and tracked them, but we apologies for not being able to shoot them down," the Joint Chiefs of Staff (JCS) said in a statement.
READ THE STORY: Bangkok Post // Yonhap News
Chilean company develops AI-powered technology to detect failures in large-tonnage mobile mining equipment
FROM THE MEDIA: Chile’s National Piloting Center (CNP), a non-profit organization linked to the Production Development Corporation, has selected mining equipment monitoring technology Vitech as the winner of the Impact Mining 2022 contest, which will grant almost $30,000 to the creators of the solution to continue working on it. Developed by Fukay Data, Vitech is a software aimed at providing early detection of failures in large-tonnage mobile mining equipment. The technology relies on artificial intelligence, which can deliver early warning diagnostics of failures and vibration spectra. The hardware connected to it, on the other hand, consists of wireless sensors that can be installed in all moving equipment at a mine, from shovels, CAEX trucks, drills and support machinery.
READ THE STORY: Mining
NATO tames AI Driven Cyber Threats
FROM THE MEDIA: We all know that a technology can never be at fault, as it is the mind that does most of the damage. And the same applies to the usage of Artificial Intelligence (AI) technology that is now proving as a double-edged sword. In this world of AI driven cyberwarfare, NATO is finding it extremely difficult to tame the threat. However, in the coming year, the peace-loving agency will defend networks from attacks in an automated way. Already, a drill is being conducted at the CR14 NATO Cyber Range in Tallin, the capital of Estonia. And information is out that army commanders from over 30 countries took part in the drill to exhibit their skills of defending their country from adversary related digital threats. Yet, there is still a long way to go through!
READ THE STORY: Cyber Security Insiders
Huawei says it's "back in the game;" should Samsung and Apple worry
FROM THE MEDIA: Back in 2018, we told you that Huawei was working on an operating system to replace Android in case it lost access to the Google Mobile Services version of the software. What concerned Huawei at the time was that fellow Chinese smartphone and networking equipment company ZTE had been placed on the U.S. Entity List for not adhering to punishments placed on it by the U.S. after it sold gear to North Korea and Iran. Those sales violated U.S. sanctions. While then President Donald Trump removed ZTE from the Entity List, his administration added Huawei to the list a year later and it remains there to this day. In August 2019, Huawei introduced HarmonyOS. The company's consumer chief Richard Yu said during the announcement that the operating system was designed to work on a variety of devices such as smartphones, smart speakers, automobiles, computers, smartwatches, and tablets.
READ THE STORY: Phone Arena
Elon Musk reacts to bizarre comments by top Putin ally predicting ‘Fourth Reich’: ‘Epic thread!’
FROM THE MEDIA: Elon Musk responded to former Russian president and Vladimir Putin ally Dmitry Medvedev’s prediction for a 2023 US civil war by calling it “epic”. Among many outlandish predictions for the next year, the former Russian president predicted that “civil war will break out in the US” and that Elon Musk will “win the presidential election in a number of states”. The Tesla boss and multi-billionaire wrote: “Epic thread!!” Mr Medvedev on Monday, in a thread on Twitter, doled out his predictions for the following year. He said: “On the New Year’s Eve [sic], everybody’s into making predictions. Many come up with futuristic hypotheses as if competing to single out the wildest, and even the most absurd ones. Here’s our humble contribution. What can happen in 2023.”
READ THE STORY: Yahoo News
German double agent ‘passed Ukraine intelligence to Russia’
FROM THE MEDIA: Germany’s spy agency fears that Moscow was able to turn one of its agents in the months following the outbreak of war in Ukraine, it has emerged. The agent, who worked for Germany’s foreign intelligence service, the BND, is believed to have had access to secret information about the Ukraine war from Britain’s GCHQ spy agency and the National Security Agency (NSA) in the US. The alleged double agent, identified only as Carsten L in accordance with German privacy regulations, was arrested on suspicion of treason in Berlin last Wednesday. He was remanded in custody after appearing before a judge. Security sources are now investigating the possibility that the agent was blackmailed into betraying his country, German broadcaster Tageschau reported.
READ THE STORY: The Telegraph
Meta and Cambridge Analytica Scandal over a Data Breach Settled
FROM THE MEDIA: The investor of Facebook, Meta, has agreed to pay $725 million (£600 million) to resolve a lawsuit involving a data breach connected to the political consulting firm Cambridge Analytica. In the ongoing battle, Facebook was accused of granting access to user data to third parties, including the British company. According to attorneys, the requested amount is the most in a US data privacy class action. While denying wrongdoing, Meta claimed to have “revamped” its privacy policies in the previous three years. The settlement was “in the best interest of our community and stockholders,” the firm claimed in a statement. “We look forward to constructing services that consumers enjoy and trust while putting privacy first,” the statement reads.
READ THE STORY: Analytics Insight
Anonymous Bitcoin Whale Just Moved $33M Worth Of BTC Off Binance
FROM THE MEDIA: Bitcoin "Whales" (investors who own $10 million or more in BTC) typically send cryptocurrency from exchanges when planning to hold their investments for an extended period of time. Storing large amounts of money on an exchange presents an additional risk of theft, as exchange wallets are the most sought-after target for cryptocurrency hackers. The best way to secure Bitcoin is through holding it on a hardware wallet, which can't be done through holding digital assets on an exchange. Hardware wallets store one's private keys in an offline device, making it impossible for funds to be hacked via the internet.
READ THE STORY: Investing
How AI is helping in Solid Waste Management Tracking and Monitoring
FROM THE MEDIA: The Sustainable Development Goals laid out by United Nations aims to achieve sustainable living conditions in all countries by 2030. Nowadays, climate change and accelerated environmental deterioration is triggering the scientific community and other stakeholders to invest and formulate policies and strategies for efficient environmental management. Solid waste management is one of the challenging and serious issues among other environmental issues and poses a threat to environment considering the drastic increase in amount of waste being generated. Artificial Intelligence (AI) is one of the climbing technological trends of 21st century with its application ranging from small to large scale problems. AI is the capability of a machine to mimic human characteristics like gaining from certain examples and skill, distinctive things, comprehending and responding to language, selections and determination issue.
READ THE STORY: CXO Today
Items of interest
AI’s Malicious Use and Challenges to International Psychological Security
FROM THE MEDIA: In December 2022, the International Center for Social and Political Studies and Consulting published the second report “Experts on the Malicious Use of Artificial Intelligence and Challenges to International Psychological Security”, penned by this author. This report stems from the research project titled “Malicious Use of Artificial Intelligence and Challenges to Psychological Security in Northeast Asia” (21-514-92001) and jointly funded by the Russian Foundation for Basic Research (RFBR) and the Vietnam Academy of Social Sciences (VASS). The responses garnered from a targeted survey of twenty-five experts from twelve countries and the subsequent analysis of their feedback aim to bring to light the most serious threats to international information-psychological security (IPS) through malicious use of artificial intelligence (MUAI), determining how dangerous these threats are, which measures should be used to neutralize them, and identifying the prospects for international cooperation in this area.
READ THE STORY: Modern Diplomacy
Assembly Language Programming with ARM – Full Tutorial for Beginners (Video)
FROM THE MEDIA: ARM is becoming an increasingly popular language in the world of computer programming. It is estimated that over 200 billion devices contain an ARM chip, making the ARM language valuable to understand. By understanding an assembly language, programmers can have a better understanding of how code is compiled and run, making it possible to create more efficient programs. In addition to this, programmers can work at a lower level, allowing them to write code that interacts with hardware in an efficient manner.
What Is Assembly Language? (Video)
FROM THE MEDIA: Assembly language (ASM) is not a mythical dark art, in fact it's fundamental to computers operating at all. I take a quick look at a very simple assembly language and show where it fits in.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com