Daily Drop (364)
Wednesday, January 04, 2023 // (IG): BB // BSidesCharm// Coffee for Bob
Google develops free terrorism moderation tool for smaller websites
FROM THE MEDIA: Google is developing a free moderation tool that smaller websites can use to identify and remove terrorist material, as new legislation in the UK and the EU compels internet companies to do more to tackle illegal content. The software is being developed in partnership with the search giant’s research and development unit Jigsaw and Tech Against Terrorism, a UN-backed initiative that helps tech companies police online terrorism. “There are a lot of websites that just don’t have any people to do the enforcement. It is a really labor-intensive thing to even build the algorithms [and] then you need all those human reviewers,” said Yasmin Green, chief executive of Jigsaw. “[Smaller websites] do not want Isis content there, but there is a ton of it all over [them],” she added.
READ THE STORY: FT // Tech Times
How Artificial Intelligence Is Affecting Human Rights and Freedoms
FROM THE MEDIA: Smartphones and the many technologies that keep making them smarter have had a tremendous impact on the way we communicate, organize — and mobilize. If you’ve ever led, attended, or even considered participating in a protest, you may have found the information you needed thanks to smart devices like your phone or watch, but it's also possible you've been advised to leave them at home to avoid detection. Smartphones have helped enable access to information and educational resources through access to online learning and tools, particularly where in-person/physical learning is not possible or easily accessible. Mobile phones and the internet have become an important part of enjoying certain rights and freedoms, such as freedom of speech, freedom of expression, and the right to protest.
READ THE STORY: Global Citizen
The Guardian contacts data protection regulator after suspected ransomware incident
FROM THE MEDIA: The Guardian newspaper has contacted the United Kingdom’s data protection regulator following a suspected ransomware attack on December 20. It is not currently known what, if any, personal data the attackers accessed from the 200-year-old news organization. Under data protection regulations in the U.K., organizations must contact the Information Commissioner’s Office (ICO) to report personal data breaches when they lose timely access to data, even if it is not obtained by a third party. Organizations are required to notify the ICO of a breach “without undue delay and no later than 72 hours after having become aware of it,” according to the regulator’s guidance around ransomware incidents. A spokesperson for the ICO told The Record: “Guardian News and Media has made us aware of an incident and we are making enquiries.”
READ THE STORY: The Record
Researchers discover critical vulnerabilities in Ferrari, BMW, Toyota, and other automotive giants
FROM THE MEDIA: The disclosed vulnerabilities varied based on the manufacturer and their specifics. The researchers found the full compromise of an undisclosed system used by AT&T. It could potentially allow a threat actor to send and receive text messages, retrieve live geolocation, and disable hundreds of millions of SIM cards installed in Tesla, Subaru, Toyota, and Mazda vehicles, among others. “The impact of this vulnerability went far beyond the scope of car hacking and affected nearly every industry (nearly anything which uses a SIM card),” researchers add. North America’s largest device-independent telematics company Spireon also found itself under the spotlight.
READ THE STORY: CyberNews
Russian-Ukraine: New form of warfare in the form of cyberattacks
FROM THE MEDIA: The Russian invasion and occupation of Ukraine is not only market by military warfare and needless fatalities. Another feature of the campaign appears to be cyberwarfare, at least in terms of Russian activities directed towards Ukrainian services with the aim of causing additional disruption. A phishing attack has taken place, hitting various Ukrainian government agencies and the state railway (Ukrzaliznytsia). Considering the implications of this event is Joe Gallop, Cyber Threat Intelligence Manager at Cofense. According to Gallop the likely origin of the incident was Russia: “Though there is no confirmation yet, it is likely that DolphinCape is a Russian operation, designed to interrupt Ukraine’s railway systems while Russia loses ground in the war.”
READ THE STORY: Digital Journal
Los Angeles housing authority says cyberattack disrupting systems
FROM THE MEDIA: The Housing Authority of the City of Los Angeles (HACLA) has confirmed that it is dealing with a cyberattack after the agency appeared on the leak site of the LockBit ransomware group. A spokesperson for the agency told The Record on Monday that it is working with cybersecurity experts and will try to continue operations while the issue gets resolved. “We are working diligently with third-party specialists to investigate the source of this disruption, confirm its impact on our systems, and to restore full functionality securely to our environment as soon as possible,” a spokesperson said. HACLA is one of the nation’s largest and oldest public housing authorities. The agency has an annual budget of more than $1 billion and provides housing to more than 19,000 families in the city. This is the second major cyberattack on a L.A. agency after the Los Angeles Unified School District was attacked in September.
READ THE STORY: The Record // Los Angeles Times
More than 200 U.S. institutions hit with ransomware in 2022: report
FROM THE MEDIA: More than 200 local governments, schools and hospitals in the U.S. were affected by ransomware in 2022, according to research conducted by cybersecurity firm Emsisoft. The annual “State of Ransomware in the US” report found that 105 local governments; 44 universities and colleges; 45 school districts; and 25 healthcare providers operating 290 hospitals dealt with ransomware attacks last year. These figures are based only on public reports, and Emsisoft noted that they are likely significant undercounts of how many entities were actually affected by ransomware in 2022. The 105 state or municipal governments or agencies affected by ransomware marked a steep increase from the 77 such attacks seen in 2021.
READ THE STORY: The Record
Rackspace identifies ransomware threat actor behind December attack via Exchange
FROM THE MEDIA: Rackspace Technology has confirmed the threat actor known as Play was behind the ransomware attack that disrupted email access for its Hosted Exchange customers in early December. The threat actor was identified following a forensic investigation led by CrowdStrike, the FBI and other experts, Rackspace told Cybersecurity Dive Monday. Karen O’Reilly-Smith, chief security officer at Rackspace, said the attack was linked to a zero-day exploit associated with CVE-2022-41080. “Microsoft disclosed CVE-2022-41080 as privilege escalation vulnerability, and did not include notes for being part of a Remote Code Execution chain that was exploitable,” O’Reilly-Smith said via email.
READ THE STORY: Cyber Security Dive
Poland Sounds Alarm on Russian Hacking
FROM THE MEDIA: Polish intelligence issued a year-end warning over Russian hackers active in national cyberspace, saying they are intent on destabilizing a vital ally to Ukraine. Poland is a staging ground for military aid to Kyiv and a destination for more than 1.4 million refugees who fled Moscow's war of conquest, now in its 11th month. The country says it has extended $9 billion in aid to its eastern neighbor. Russian hacking in Poland predates the February 2022 invasion but hostile activity has since intensified, the Office of the Government Plenipotentiary for Cybersecurity said in a Friday alert. Hacking groups "linked to the Kremlin" use ransomware and distributed denial-of-service and phishing attacks with the goals of "destabilization, intimidation and sowing chaos," the Polish government agency wrote.
READ THE STORY: Bank Info Security
Rail giant Wabtec discloses data breach after Lockbit ransomware attack
FROM THE MEDIA: U.S. rail and locomotive company Wabtec Corporation has disclosed a data breach that exposed personal and sensitive information. Wabtec is a U.S.-based public company producing state-of-the-art locomotives and rail systems. The company employs approximately 25,000 people and has a presence in 50 countries, being the world's market leader in freight locomotives and a major player in the transit segment. The firm's 2021 financial results give a revenue figure of $7.8 billion, reporting a staggering 20% of the world's freight being moved by the 23,000 of Wabtec's locomotives in global operation. In an announcement published at the end of the year, Wabtec says hackers breached their network and installed malware on specific systems as early as March 15th, 2022.
READ THE STORY: Bleeping Computer
Congress gears up for fight over key surveillance program
FROM THE MEDIA: With the start of 2023, the clock has officially started ticking for lawmakers to reauthorize one of U.S. spy agencies’ most important — and newly controversial — surveillance tools. Unless Congress can come to an agreement by this time next year on Section 702 of the Foreign Intelligence Surveillance Act, what top U.S. spy agencies once called the nation’s “most significant tool in the NSA collection arsenal” could evaporate overnight. For years, supporters of Section 702 have successfully argued the privacy risks of the program — which permits spooks to surveil foreign persons located outside the country without a warrant and through the assistance of U.S.-based electronic communications service providers — pale in comparison to its security benefits.
READ THE STORY: Politico
Many Exchange servers still vulnerable to ProxyNotShell flaw
FROM THE MEDIA: Approximately 60,000 IP addresses with internet-facing Exchange Server instances are still vulnerable to ProxyNotShell flaw CVE-2022-41082, according to cybersecurity nonprofit Shadowserver Foundation. ProxyNotShell refers to a pair of Exchange Server zero-day vulnerabilities first disclosed in September that were chained together by threat actors in a series of targeted attacks. One flaw, CVE-2022-41040, is a server-side request forgery flaw, and the other, CVE-2022-41082, is a remote code execution bug. The name ProxyNotShell is a reference to ProxyShell, a now-infamous series of flaws disclosed in 2021. Microsoft did not patch ProxyNotShell until its November Patch Tuesday release. Until then, the company urged customers to mitigate the vulnerabilities by applying URL Rewrite instructions for the Autodiscover endpoint at the center of the exploit chain.
READ THE STORY: TechTarget
BitRAT malware campaign uses stolen bank data for phishing
FROM THE MEDIA: Threat actors behind a recent malware campaign have been using the stolen information of bank customers in Colombia as lures in phishing emails designed to infect targets with the BitRAT remote access trojan, according to cloud security firm Qualys. The company found that the infrastructure of an undisclosed Colombian cooperative bank had been hijacked by attackers while investigating BitRAT lures in active phishing attacks. A total of 418,777 records containing sensitive customer data, including names, phone numbers, email addresses, addresses, Colombian national IDs, payment records, and salary information, were stolen from the breached servers.
READ THE STORY: Bleeping Computer
Raspberry Robin Worm Hatches a Highly Complex Upgrade
FROM THE MEDIA: Hacking groups are using a new version of the Raspberry Robin framework to attack Spanish and Portuguese-language based financial institutions — and it's complexity quotient has been significantly upgraded, researchers said this week. According to a Jan. 2 report from cybersecurity firm Security Joes, the group has used the same QNAP server for several rounds of attacks — but victim data is no longer in plaintext but rather RC4-encrypted, and the downloader mechanism has been updated with new anti-analysis capabilities, including more obfuscation layers. Raspberry Robin is a backdooring worm that infects PCs via Trojanized USB devices before spreading to other devices on a target's network, acting as a loader for other malware. Since being spotted nesting in corporate networks in May, it has gone on to rapidly infect thousands and thousands of endpoints — and the species is rapidly evolving.
READ THE STORY: Dark Reading
Cyberattackers Torch Python Machine Learning Project
FROM THE MEDIA: An unknown attacker slipped a malicious binary into the PyTorch machine learning project by registering a malicious project with the Python Package Index (PyPI), infecting users' machines if they downloaded a nightly build between Dec. 25 and Dec. 30. The PyTorch Foundation stated in an advisory on Dec. 31 that the effort was a dependency confusion attack, in which an unknown entity created a package in the Python Package Index with the same name, torchtriton, as a code library on which the PyTorch project depends. The malicious library included the functions normally used by PyTorch but with a malicious modification: It would upload data from the victim's system to a server at a now-defunct domain.
READ THE STORY: DarkReading
Why Deere Thinks Satellites Are The Next Big Technology To Invest In
FROM THE MEDIA: Drones, robotics technology, and now satellites. John Deere’s Chief Technology Officer Jahmy Hindman told CNBC the world’s largest agriculture equipment player is in the process of finalizing a satellite partner. “We really have been focused on trying to solve connectivity, globally. We look at the burgeoning efforts that are happening in low Earth orbit satellites as an example – potentially – for us to start to solve some those connectivity issues.” The goal is to create a geospatial map that farmers can use to better track productivity and the performance of crops. “There’s so much friction and getting that data from the field into the cloud, where they can do something useful with it, that it really isn’t used very effectively at all.”
READ THE STORY: Vigour Times
China drone incursions drop a gauntlet on Japan
FROM THE MEDIA: China is provocatively upping the ante of its drone operations over the contested East China Sea, bringing it into more frequent aerial confrontations with neighboring and remilitarizing Japan. This week, Japan’s Ministry of Defense (MOD) disclosed that Chinese WZ-7 surveillance unmanned aerial vehicles (UAV) appeared over the East China Sea on January 1 and 2, prompting Japan to scramble its F-15J fighters in response, according to a The Warzone report. China’s WZ-7s have a 23-meter wingspan, an operational ceiling of 18,000 meters and a cruise speed of 750 kilometers per hour, according to an Asia Military Review article. The report speculated that the WZ-7 has a range of 7,000 kilometers while carrying a maximum payload of 650 kilograms.
READ THE STORY: Asia Times
Twitter Files reveal FBI’s role as “belly button”
FROM THE MEDIA: The latest installment of the Twitter Files revealed the FBI’s desire for Twitter to rely on it to be the belly button of the U.S. government (USG). The first Twitter Files installment of 2023 revealed shared the events that led up to the intelligence community’s influence on Twitter. Following that installment, journalist Matt Taibbi released another, which revealed the Global Engagement Center’s (GEC) role. Taibbi described the GEC as “a fledgling analytic/intelligence arms of the State Department,” and screenshots revealed how this new entity would go directly to the media. In one such instance, a report titled, Russian Disinformation Apparatus Taking Advantage of Coronavirus Concerns, was released, which wrecked a bit of havoc for Twitter.
READ THE STORY: Teslarati
Russia’s Wartime Cyber Operations in Ukraine: Military Impacts, Influences, and Implications
FROM THE MEDIA: This paper examines the military effectiveness of Russia’s wartime cyber operations in Ukraine, the reasons why these operations have not had greater strategic impact, and the lessons applicable to other countries’ military cyber efforts. It builds on previous analyses by taking a more systematic and detailed approach that incorporates a wider range of publicly available data. A major purpose of this paper is to help bridge the divide between cyber-specific and general military analysis of the Russia-Ukraine war. Most analysis of Russian cyber operations in Ukraine has been produced by cyber specialists writing for their own field, with limited integration of non-cyber military sources and concepts. Conversely, leading accounts of the war as a whole include virtually no mention of cyber operations.
READ THE STORY: Estonian Free Press
British-run spy tech powers Ukraine proxy war, putting civilians at risk
FROM THE MEDIA: On December 6th, The Grayzone revealed how British military and intelligence agencies were deploying technology created by shadowy private intelligence firm Anomaly 6 to illegally spy on citizens across the globe. The company’s technology effectively transforms every individual on Earth into a potential target for surveillance and/or asset recruitment by monitoring the movements of their smartphone. Anomaly 6 embeds tracking software in popular applications, then slices through layers of theoretically anonymous data to uncover a wealth of sensitive information about a device’s owner. Anomaly 6’s services are provided to Britain’s soldiers and spies through Prevail Partners, a private military company which The Grayzone has exposed as Whitehall’s arm’s-length cutout for prosecuting its proxy war in Ukraine. The firm has constructed a secret partisan terror army on Kiev’s behalf, and helped plan the Kerch Bridge bombing by Ukraine’s services.
READ THE STORY: The Gray Zone
Can these researchers help defend satellite systems targeted by hackers
FROM THE MEDIA: When hackers attacked a satellite internet provider in Europe on the eve of the Ukraine war, it disrupted internet communications at a vital moment for Kyiv’s defense. That digital assault, which officials and experts blamed on Moscow, had another effect, too. It showed just how vulnerable space systems remain, and what happens when attackers strike at the right time. But a new effort is attempting to improve cybersecurity awareness — and preparedness — in a sector that is only beginning to understand the threat it faces from malicious hackers. The Aerospace Corporation, a federally funded nonprofit research and development center, has launched new framework outlining how attackers could compromise satellite technology, an effort to bridge the knowledge gap between aerospace engineers and cybersecurity defenders and bolster efforts to secure space.
READ THE STORY: Cyberscoop
Iran vows to avenge Qassem Soleimani’s killing three years ago
FROM THE MEDIA: Senior Iranian officials and commanders have renewed a vow to avenge the assassination of top general Qassem Soleimani in Iraq three years ago. Soleimani, the commander of the Quds Force of the Islamic Revolutionary Guard Corps (IRGC) and a main architect of Iran’s regional influence, was hit by a drone strike claimed by the United States shortly after touching down in Baghdad on January 3, 2020. During events to mark the third anniversary of his death on Tuesday and in the days leading to it, a series of top figures in the Islamic Republic pledged that they remain fully committed to their promise of “harsh revenge” for the slain general. “We have not and will not forget the blood of martyr Soleimani. The Americans must know that revenge for martyr Soleimani’s blood is certain, and the murderers and perpetrators will have no easy sleep,” President Ebrahim Raisi told an audience of thousands in Tehran on Tuesday.
READ THE STORY: Aljazeera
American national security requires smart spectrum planning
FROM THE MEDIA: The United States has always been on the cutting edge of tech. Our free-market system enabled us to win the race to 4G, helped unleash the app economy, and allowed us to get to 5G faster than others. Our country’s leadership in tech helps secure the nation’s economic power and protect national security so the United States continues to serve as a beacon of peace and democracy. Technology should be a force for good in the world. Our national security, and the security of other nations, is tied to our ability to keep up with and get ahead of emerging technologies. I’m encouraged to see that Congress is working together to implement a national spectrum policy. America needs a national strategy to make sure there is enough spectrum to build out 5G networks and not fall behind China.
READ THE STORY: The Hill
Royal ransomware claims attack on Queensland University of Technology
FROM THE MEDIA: The Royal ransomware gang has claimed responsibility for a recent cyberattack on the Queensland University of Technology and begun to leak data allegedly stolen during the security breach. Queensland University of Technology (QUT) is one of the largest universities in Australia by the number of students (52,672), operating on a budget that surpasses one billion A$. The university is focused on scientific, technological, engineering, and mathematical studies and has received significant government funding to back its research in recent years. QUT disclosed a cyberattack on January 1st, 2023, warning students and academic staff of inevitable service disruptions resulting from the security incident. The university shut down all IT systems to prevent the attack's spread, and the university is working with external experts to respond to the security incident.
READ THE STORY: Bleeping Computer
Items of interest
The critical importance of resiliency for US missile warning satellites
FROM THE MEDIA: The first force design from the Space Warfighting Analysis Center (SWAC) includes a transition to a proliferated missile-warning (MW) & missile-tracking (MT) architecture. Thus far, announcements about the design have been focused on the promise of resilience in the new architecture, while little is known about the more urgent and important resilience during the transition to the new architecture. Let’s hope that the center will soon shed light on how to make the currently vulnerable MW constellation resilient during the transition, which will persist throughout this decade and likely into the 2030s. Otherwise, China, our pacing challenger, will have plenty of opportunities, including seizing Taiwan even without firing a shot well within this decade.
READ THE STORY: The Space Review
Hacking CCTV and IP cameras: Are you safe (Video)
FROM THE MEDIA: This is my third interview with the professional hacker Occupy The Web. In this video we discuss hacking CCTV, IP cameras and SCADA (supervisory control and data acquisition).
How To Hack IoT Cameras - Vulnerability Demonstration (Video)
FROM THE MEDIA: This is a recording from a lecture I gave at a Sydney Based University. In this video I demonstrated the vulnerabilities of IoT devices and how they need the same protection as any other device we expose to the internet. Obviously to fit within a 15-minute time frame, this process is expedited, and the scanning and information gather / enumeration phases would take much longer. As well as the exploit phase could rely on a CSRF attack as opposed to a brute-force. Regardless, the aim was to demonstrate the same vulnerabilities can still be present of devices we may not expect to have them.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com