Thursday, December 29, 2022 // (IG): BB // THM:Windows RE // Coffee for Bob
World seeks Indian alternative to Chinese telecom solutions
FROM THE MEDIA: Global companies are counting on the Indian tech sector to offer an alternative to Chinese telecom solutions in a geopolitically uncertain environment, which will also be a driver for the 5G enterprise ecosystem in the country, industry executives said. The Indian IT services industry will play a significant role in providing such solutions by creating new revenue models and developing the requisite talent ecosystem to drive enterprise 5G use cases, the experts, who were speaking during a roundtable with ET and technology industry body Nasscom, said. “The geopolitical situation (is) obviously causing disruptions in the supply chain. There's this conversation about China Plus One in terms of ‘where will the alternative supply chain come from’ and people are looking at India from every aspect of being able to deliver those solutions,” said Jagdish Mitra — chief strategy officer at Tech Mahindra.
READ THE STORY: ET
North Korean Hackers Continue Assault on Digital Assets
FROM THE MEDIA: While Iranian state hackers have conducted ransomware attacks and crypto mining, and Russia is understood to use private ransomware groups in some capacities, the North Korean government is the only major adversary to include financial cybercrime in its offensive activities as a core objective. North Korea’s cybercrime program is hydra-headed, with tactics ranging from bank heists to ransomware deployment to stealing cryptocurrency from online exchanges. Dubbed Lazarus, Kimsuky, and BeagleBoyz, North Korean hackers employ ever-more-sophisticated tools to penetrate military, government, corporate, and defense-industry networks worldwide, conducting cyber espionage and exfiltrating classified data in order to assist in the development of North Korean weapons.
READ THE STORY: Securities.IO
New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software
FROM THE MEDIA: Users searching for popular software are being targeted by a new malvertising campaign that abuses Google Ads to serve trojanized variants that deploy malware, such as Raccoon Stealer and Vidar. The activity makes use of seemingly credible websites with typosquatted domain names that are surfaced on top of Google search results in the form of malicious ads by hijacking searches for specific keywords. The ultimate objective of such attacks is to trick unsuspecting users into downloading malevolent programs or potentially unwanted applications. In one campaign disclosed by Guardio Labs, threat actors have been observed creating a network of benign sites that are promoted on the search engine, which when clicked, redirect the visitors to a phishing page containing a trojanized ZIP archive hosted on Dropbox or OneDrive.
READ THE STORY: THN // BleepingComputer
Elon Musk calls out 'legacy media' and 'corporate journalism': 'We have only just begun'
FROM THE MEDIA: Billionaire and Twitter CEO Elon Musk slammed "corporate journalism" and "legacy media" in separate tweets about the response to the Twitter Files and claims that his reputation is in trouble. "Why is corporate journalism rushing to defend the state instead of the people?" Musk wrote Tuesday in response to a tweet about a Substack post headlined "In Response to the Twitter Files, Establishment Media Rushes to Defend the FBI," written by Leighton Woodhouse. Musk has released several installments of the Twitter Files through independent journalists such as Bari Weiss and Matt Taibbi. A recent installment detailed the coordination between Twitter and government agencies went way beyond the FBI.
READ THE STORY: Fox News
Ukraine to develop reconnaissance, combat drones, technology minister says
FROM THE MEDIA: Ukraine has bought some 1,400 drones, mostly for reconnaissance, and plans to develop combat models that can attack the exploding drones Russia has used during its invasion of the country, according to the Ukrainian government minister in charge of technology. In a recent interview with The Associated Press, Minister of Digital Transformation Mykhailo Fedorov described Russia’s war in Ukraine as the first major war of the internet age. He credited drones and satellite internet systems like Elon Musk’s Starlink with having transformed the conflict. Ukraine has purchased drones like the Fly Eye, a small unmanned aerial vehicle used for intelligence, battlefield surveillance and reconnaissance. “And the next stage, now that we are more or less equipped with reconnaissance drones, is strike drones,” Fedorov said. “These are both exploding drones and drones that fly up to three to 10 kilometers and hit targets.”
READ THE STORY: PBS
Yes, It’s Time to Ditch LastPass
FROM THE MEDIA: You’ve heard it again and again: You need to use a password manager to generate strong, unique passwords and keep track of them for you. And if you finally took the plunge with a free and mainstream option, particularly during the 2010s, it was probably LastPass. For the security service's 25.6 million users, though, the company made a worrying announcement on December 22: A security incident the firm had previously reported (on November 30) was actually a massive and concerning data breach that exposed encrypted password vaults—the crown jewels of any password manager—along with other user data. The details LastPass provided about the situation a week ago were worrying enough that security professionals quickly started calling for users to switch to other services.
READ THE STORY: Wired // The Verge
SBU blocks assets of Russian energy company that illegally imported its goods to Ukraine
Analyst Comments: By design Russian exports to the Europe are at a post-Soviet low. Russia is not the only sanctioned country attempting to sell their oil - Iran is in a similar situation. Moscow and Tehran are currently positioning to have strengthen their grip on the global market.
FROM THE MEDIA: The Security Service of Ukraine (SBU) has liquidated the mechanism of illegal sale of fuels and lubricants produced in Russia in Chernihiv region, a Ukrainian company, a part of the Gazprom financial and industrial group, is involved in the scheme. "As a result of investigative and operational work in Chernihiv region, the mechanism for the illegal sale of fuels and lubricants produced by the aggressor country was liquidated. A Ukrainian company, a part of the sanctioned Kremlin financial and industrial group Gazprom, is involved in the scheme," the SBU said in Facebook on Wednesday. According to the SBU, the company sold in Ukraine wholesale batches of Russian motor oils and other vehicle maintenance products illegally imported into Ukraine. It said that after the occupation of a part of Chernihiv region, the enemy used the territory of this enterprise as a base for its personnel and military equipment.
READ THE STORY: Interfax-Ukraine
French data agency fines Microsoft $63 million for Bing cookie violations
FROM THE MEDIA: France’s data privacy watchdog has issued Microsoft a more than $63 million fine for several violations related to how the Bing search engine handles cookies. During an investigation from September 2020 until May 2021, France’s Commission nationale de l’informatique et des libertés (CNIL) found that when users visited Bing.com, “cookies were deposited on their terminal without their consent, while these cookies were used, among others, for advertising purposes.” This was in violation of France’s Data Protection Act. Cookies are files created by websites as a user visits them, saving browsing information on the device and within the web browser.
READ THE STORY: The Record
Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities
FROM THE MEDIA: Thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months. The issues in question are CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), which were addressed by the virtualization services provider on November 8 and December 13, 2022, respectively. While CVE-2022-27510 relates to an authentication bypass that could be exploited to gain unauthorized access to Gateway user capabilities, CVE-2022-27518 concerns a remote code execution bug that could enable the takeover of affected systems. Citrix and the U.S. National Security Agency (NSA), earlier this month, warned that CVE-2022-27518 is being actively exploited in the wild by threat actors, including the China-linked APT5 state-sponsored group.
READ THE STORY: THN
DOJ arrests man behind brazen $100 million attack on Mango Markets
FROM THE MEDIA: A man who admitted to launching the more than $100 million hack against crypto platform Mango Markets was arrested in Puerto Rico, the Justice Department announced on Tuesday. Avraham Eisenberg appeared in court in the Southern District of New York following his arrest. An unsealed indictment charges Eisenberg with commodities fraud and commodities manipulation for his role in exploiting Mango Markets, a decentralized cryptocurrency exchange that has its own native crypto token, called MNGO. FBI agent Brandon Racz, who was tasked with investigating the case, found that in October Eisenberg “participated in a scheme to steal approximately $110 million by artificially manipulating the price of MNGO Perpetuals,” a type of futures contract on the Mango Markets platform.
READ THE STORY: The Record
DOJ opens probe into FTX ‘hack’ while SBF gets a new judge
FROM THE MEDIA: Sam Bankman-Fried (SBF) may be home for the holidays, but the legal walls are rapidly closing in on the disgraced founder of the collapsed FTX digital asset exchange. On Tuesday, Bloomberg reported that the U.S. Department of Justice (DOJ) had opened a criminal probe into the $372 million in digital assets that were allegedly hacked from FTX-controlled wallets on November 11, the day FTX filed for Chapter 11 bankruptcy. The probe, overseen by the DOJ’s National Cryptocurrency Enforcement Team, could result in a charge of computer fraud with a maximum sentence of 10 years in stripes. With the temporary exception of a handful of Bahamas-based customers, FTX users have been locked out of their accounts since that November 11 filing.
READ THE STORY: Coingeek
Drone utilization at bomb squad operations
FROM THE MEDIA: With the increase of drone use in law enforcement by SWAT teams, traffic units and dedicated drone squads, you might think that the ceiling has been reached for police deployment of drones. That is far from the case. A new application now emerging is the use of drones by bomb squads or Explosive Ordinance Divisions (EOD). Drones or Unmanned Aerial Systems (UAS) are enhancing how SWAT teams conduct tactical operations and the same may occur during bomb squad operations, as drones can enhance the overall speed at which suspicious items are located and placed under observation. The quick deployment of drones on scene by either a bomb technician certified as a Part 107 pilot or dedicated drone support personnel could be critical in determining the best course of action to take. Let’s look at a few of the general applications of current drone technology during an EOD response.
READ THE STORY: Police 1
Netwrix snaps up Remediant to enrich its privileged access management offering
FROM THE MEDIA: Data security firm Netwrix Corp. has acquired privileged access management startup Remediant Inc. for an undisclosed price to enrich its PAM offering. Founded in 2015, Remediant offers PAM software designed to assist enterprises in protecting their accounts from misuse and abuse. The software provides real-time monitoring, zero-trust security protection of privileged accounts and just-in-time administration across information technology and security ecosystems. The company’s flagship SecureOne software offers agentless real-time visibility into standing 24×7 administrative access and one-click removal of unnecessary, always-on, always available privileged accounts. Zero Standing Privilege technology in SecureOne requires users to use multifactor authentication for just-in-time resource access and eliminates blind spots in legacy PAM solutions by preventing administrative access sprawl outside the vault.
READ THE STORY: siliconANGLE
This creepy Android flaw can detect your identity and even gender
FROM THE MEDIA: A new malware variant has been detected that is capable of listening to a users’ calls, recognizing a callers’ gender and identity, and even recognizing, to some degree, what’s being said. Fortunately, the good news is that the malware is part of a research experiment done by white hats and poses no risk to smartphone users (at the time). Researchers from five universities in the United States - Texas A&M University, New Jersey Institute of Technology, Temple University, University of Dayton, and Rutgers University - teamed up and built EarSpy. EarSpy is a side-channel attack that abuses the fact that smartphone speakers, motion sensors, and gyroscopes, had gotten better over the years.
READ THE STORY: TechRadar
Royal ransomware claims attack on Intrado telecom provider
FROM THE MEDIA: The Royal Ransomware gang claimed responsibility for a cyber attack against telecommunications company Intrado on Tuesday. While Intrado is yet to share any information regarding this incident, sources have told BleepingComputer early this month that the attack started on December 1 and the initial ransom demand was $60 million. The Royal Ransomware group, made up of experienced threat actors and operating without affiliates, has reportedly stolen some data from Intrado's systems and is now threatening to publish it on their data leak site unless the company pays the ransom. Warning that stolen data will get leaked online is a common scare tactic used by ransomware gangs to scare victims into negotiating a deal or returning to the negotiation table.
READ THE STORY: BleepingComputer
Ukraine Successfully Blocked Over 4,500 Cyberattacks in 2022
FROM THE MEDIA: The Security Service of Ukraine, which protects Ukraine's information and digital security in wartime conditions, says the number of cyberattacks has tripled since last year and increased fivefold since 2020, when only 800 cyberattacks were documented. The chief of the SSU Cyber Security Department, Illia Vitiuk, attributed the success of his department to what it learned from the BlackEnergy cyberattack that caused power outages for about 1.4 million Ukrainians in the peak of 2015 winter. "We approached 2022 with eight years of hybrid warfare experience. After all, the war in cyberspace had been ongoing," Vitiuk says.
READ THE STORY: BankInfoSecurity
Italy Reaches All 55 EU Recovery Fund Targets to Unlock Payments
FROM THE MEDIA: Italy has successfully hit all 55 targets required to continue to receive European Union recovery fund cash, Minister Raffaele Fitto said in a statement. The country managed to reach targets set for the second half of the year, including creating a cyber-security agency, a reform of local public services, an education reform and changes to the fiscal system, said Fitto, who is Italy’s minister for the South, European Affairs, Cohesion Policy and the National Recovery Plan. Italy has been allocated the lion’s share of EU funds with about €200 billion ($212 billion) coming its way in the next few years in grants and loans. So far, the country has manged to hit all its targets and receive almost a third of disbursed grants.
READ THE STORY: Bloomberg
Tencent shares extend three-month rally after China approves new games
FROM THE MEDIA: Tencent shares extended a three-month rally after Chinese regulators granted new licenses for games made by the technology group marking the latest sign that Beijing was easing its crackdown on the sector. Shares of the world’s largest video game developer, which has a market value of more than $400bn, rose above 2 per cent on Thursday, extending a three-month rally of more than 50 per cent. Beijing launched a campaign in 2021 to rein in the technology industry’s growing power. It cracked down on ride-sharing group Didi Chuxing and others, launching cyber security investigations.
READ THE STORY: FT
The Multi Domain Threat beyond Yangtse
FROM THE MEDIA: The Yangtse incident, when examined, against the backdrop of the politico-military objectives of China, Xi Jinping’s persona, decline of China and relative rise of India indicates that India needs to be prepared for the next Yangtse. How does one identify the next Yangtse? After all, the next Yangtse might not be on land at all but in one or more of the other domains, through which China wages war against its adversaries. It is therefore important to understand the tenets of China’s multidomain war and identify likely actions in each domain. Unless we are clear about Chinese lines of action and operational concepts we will be flailing against windmills when they “make a feint to the East and attack in the West.”
READ THE STORY: Financial Express
Hackers accessed data on 270,000 patients from Louisiana hospital system in attempted ransomware attack
FROM THE MEDIA: Hackers accessed the personal data of nearly 270,000 patients in an attempted ransomware attack on a Louisiana health care system in October, a spokesperson for the system told CNN Wednesday. Lake Charles Memorial Health System, which includes a 314-bed hospital, thwarted the hackers’ attempt to encrypt its computers and prevented any disruption to patient care, according to spokesperson Allison Livingston. The health care provider’s own security team detected the hack, Livingston said in an email. The hack was disclosed in recent days as the network of hospitals notifies patients whose data was compromised. That includes patients’ health insurance information, medical records numbers and, in “limited instances,” Social Security numbers, according to the health system.
READ THE STORY: CNN
Items of interest
Log4j2 vulnerability on year later: ‘It is still being exploited’
FROM THE MEDIA: This month marks the one-year anniversary of the discovery of the Log4j2 vulnerability. Technically, it’s a 2021 cybersecurity event. However IT and infosec leaders spent much of 2022 hunting for and patching applications using the buggy open-source logging library module. If they’re smart, they’ll keep doing it in 2023, says one expert. “Many CISOs may still be thinking this is an exploit that is particular to a couple of vendors, and once they’ve patched their current software, this problem has gone away,” said Robert Falzon, head of engineering at Check Point Software Canada. “There are [IT] systems that kick in only once or twice a year, and those systems may be vulnerable and overlooked from a checking perspective. “It is still being exploited,” he said, and will be “for some time to come.”
READ THE STORY: ITWorld Canada
Retro Crackme : Reverse Engineering for Beginners (Video)
FROM THE MEDIA: In this reverse engineering tutorial for beginners, we are going to see how to reverse a retro crackme from 1998, which i solved about 24 years ago while i was learning Reverse Engineering.
Cracking the C0dez: An Introduction to Ghidra Scripting and CPU Emulation - Full CrackMe Walkthrough (Video)
FROM THE MEDIA: Introduction to Ghidra Scripting.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com