Saturday, January 07, 2023 // (IG): BB // BSidesCharm// Coffee for Bob
SpyNote malware spies on Android users, steals banking credentials
FROM THE MEDIA: Hackers are increasingly using a new variant of SpyNote malware to secretly observe and modify infected Android smartphones, according to research published by ThreatFabric on Monday. SpyNote is a “powerful” spyware family designed to monitor, manage, and modify a device. Its most recent sample, SpyNote.C, has been the first variant to openly target online banking applications, according to ThreatFabric. The Android spyware is one of the most common malware used by hackers to track a user’s location, steal sensitive information, such as passwords and credit card numbers, record phone calls, intercept SMS messages and remotely manage a device.
READ THE STORY: The Record
FCC to mull changes to telecom data breach notifications
FROM THE MEDIA: The Federal Communications Commission voted unanimously Friday to investigate potential changes to the breach notification rules for telecommunications companies. FCC Chairwoman Jessica Rosenworcel said the rules the agency created more than 15 years ago are no longer compatible with a modern world where telecommunication carriers have access to a “treasure trove of data about who we are, where we have traveled, and who we have talked to.” “The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements,” Rosenworcel said.
READ THE STORY: The Record
Russia-Linked Turla APT Sneakily Co-Opts Ancient Andromeda USB Infections
FROM THE MEDIA: A hacking group — suspected to be the Russia-linked Turla Team — reregistered at least three old domains associated with the decade-old Andromeda malware, allowing the group to distribute its own reconnaissance and surveillance tools to Ukrainian targets. Cybersecurity firm Mandiant stated in a Thursday advisory that Turla Team APT, also known by Mandiant's designation of UNC4210, took control of three domains that were part of Andromeda's defunct command-and-control (C2) infrastructure to reconnect to the compromised systems. The endgame was to distribute a reconnaissance utility known as Kopiluwak and a backdoor known as QuietCanary.
READ THE STORY: DarkReading
Twitter Scraping Breach: 209 Million Accounts Leaked on Hacker Forum
FROM THE MEDIA: Personal data, including email addresses, of nearly 209 million Twitter users were scraped, stolen, and posted on an online hacking forum. As seen by Hackread.com, the database posted online contains 209,000,000 records, all belonging to Twitter users. The database comprises usernames, follower counts, creation dates, and email addresses of Twitter users. The good news is that no passwords, phone numbers, IP addresses, or physical addresses were leaked. Although some reports claim that the total number of leaked accounts is 235 million, Hackread.com’s analysis suggests that the exact number, after deleting duplicate accounts, is 209 million. This should not come as a surprise, as just a couple of months ago, a hacker leaked 5.4 million account details of Twitter users. This was followed by another incident in which a threat actor was selling scraped data of 400 million Twitter users.
READ THE STORY: HackRead
ChatGPT is helping hackers write malware codes
FROM THE MEDIA: ChatGPT, the new AI sensation, is helping even less skilled cyber threat actors write codes and launch cyberattacks effortlessly, researchers at security firm Check Point Research said in a blog post on Friday. Since OpenAI released ChatGPT in November last year, it has created a flurry of interest in AI and its possible uses. While it is too early to predict if ChatGPT will become the new favourite tool for participants in the Dark Web, the cybercriminal community has already shown significant interest and is jumping onto this latest trend to generate malicious code, researchers said. The firm’s analysis of several major underground hacking communities revealed that cyber attackers with little or no coding experience were using ChatGPT to write codes that could be used for spying, ransomware, and other malicious tasks.
READ THE STORY: TH
Chinese Researchers Claim Success in Breaking RSA Encryption With Quantum Computer, Experts Debate Veracity of Discovery
FROM THE MEDIA: In Sept. 2022, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that a post-quantum world was coming soon and stressed that contemporary encryption techniques could break. Months later, in December 2022, a scientific paper published by 24 Chinese researchers claimed to have broken 2048-bit RSA encryption using a quantum computer. The paper follows a report from April 2022 that detailed that China was “taking the lead” in the quantum computing race. Basically, a quantum computer is a type of computational device that uses quantum-mechanical phenomena and can perform operations on data faster than classical computers can perform computational tasks.
READ THE STORY: BITCOIN
Using Satellites to Hunt for Fossils
FROM THE MEDIA: New research from the University of Oregon illustrates a technique for optimizing fossil hunting efforts by leveraging satellite imagery to identify promising fossil sites before trekking into the wilderness. By identifying such sites, paleontologists would be able to better target where they should begin looking for fossils, ideally quickening the process and saving on resources. The new study, published in Geological Magazine, was led by researchers from the lab of paleontologist Edward B. Davis, PhD, who is one of the lead authors along with Elena Ghezzo and Matteo Massironi. Together, the researchers showed that satellite data can identify possible large fossils in remote areas, where it would otherwise be difficult to find the fossils. The team argues that by identifying suspected fossils with satellite imagery, it would allow research teams to more precisely target specific areas to dig.
READ THE STORY: Lab Manager
Jack Ma to give up control of Chinese fintech company Ant Group
FROM THE MEDIA: Chinese fintech giant Ant Group on Saturday announced that its founder Jack Ma will no longer control the company. It said that post a series of shareholding adjustments, Ma gave up most of his voting rights. Ma previously owned more than 50% of voting rights at Ant but the changes mean that his shareholding has fallen to 6.2%, as per a Reuters report. According to Ant's IPO paper, filed in 2020, Ma owned only 10% stake in Ant, but he exercised control over the company through related entities. Hangzhou Yunbo, an investment vehicle for Ma, controlled over two other entities that own a combined 50.5% stake in Ant, as per the Reuters report. Ant Group said it would add a fifth independent director to its board so that they comprise a majority of the company's board. It currently has eight board directors.
READ THE STORY: ET
TikTok freezes consultant hiring for U.S. security deal as opposition mounts
FROM THE MEDIA: TikTok has put on hold a hiring process for consultants that would help it implement a potential security agreement with the United States, two people familiar with the matter said, as opposition to such a deal among U.S. officials grows. The short-video app, which is owned by Chinese technology conglomerate ByteDance, has been seeking to assure Washington for the last three years that the personal data of U.S. citizens cannot be accessed and its content cannot be manipulated by China's Communist Party or any other entity under Beijing's influence. President Joe Biden revoked an executive order in 2021 by his predecessor Donald Trump to ban TikTok in the United States, but talks between his administration and the social media company have continued over a potential deal that would spare ByteDance from being forced to divest TikTok.
READ THE STORY: Zawya
Cybercrime is now the world's third-largest economy
FROM THE MEDIA: Cybercrime, that scourge of the virtual world, is now worth an estimated $6 trillion — making it the largest economy in the world after the US and China, according to data from Protiviti, a global consulting firm. “Over the last few years, globally cybercrime costs have been steadily increasing by 12-15 per cent annually,” Niraj Mathur, Managing Director, Security and Privacy Practice, Protiviti Member Firm for Middle East, told Khaleej Times in an interview. Protiviti delivers deep expertise, objective insights, a tailored approach and collaboration to help leaders face the future. Protiviti and its independent and locally owned member firms provide clients with consulting and managed solutions in finance, technology, operations, data, digital, legal, governance, risk and internal audit through its network of more than 85 offices in over 25 countries.
READ THE STORY: Zawya
Russian hackers targeted 3 US nuclear research labs
FROM THE MEDIA: A team of Russian hackers known as Cold River targeted three prominent US nuclear research laboratories last summer, Reuters reported Friday. The findings are supported by the findings of five cyber security experts. Reuters reported that the Argonne, Brookhaven and Lawrence Livermore National Laboratories were targeted by the group. Internet records reveal the hackers' attempts to create fake login pages for the three laboratories. The group then emailed nuclear scientists in an effort to trick them into revealing their passwords. It is unclear why the labs were targeted or if any of the attempts were successful. Spokespersons for Brookhaven and Lawrence Livermore National Laboratories declined to comment to Reuters. A spokesperson for the Argonne National Laboratory referred questions to the US Department of Energy which in turn declined to comment as well.
READ THE STORY: DW
Freedom for MegaCortex ransomware victims - the fix is out
FROM THE MEDIA: An international law enforcement effort has released a decryptor for victims of MegaCortex ransomware, widely used by cybercriminals to infect large corporations across 71 countries to the tune of more than $100 million in damages. The decryptor, built by Europol, cybersecurity firm Bitdefender, the NoMoreRansom Project, the Zürich Public Prosecutor's Office and the Zürich Cantonal Police, allows victims to recover files for free. Bitdefender also published a tutorial on how to use the took in both single-computer and network modes. The MegaCortex decryptor follows the release of a similar tool, this one to help recover files encrypted by LockerGoga ransomware, developed by the same coalition of law enforcement and infosec groups.
READ THE STORY: The Register
ChatGPT is enabling script kiddies to write functional malware
FROM THE MEDIA: Since its beta launch in November, AI chatbot ChatGPT has been used for a wide range of tasks, including writing poetry, technical papers, novels, and essays, planning parties, and learning about new topics. Now we can add malware development and the pursuit of other types of cybercrime to the list. Researchers at security firm Check Point Research reported Friday that within a few weeks of ChatGPT going live, participants in cybercrime forums—some with little or no coding experience—were using it to write software and emails that could be used for espionage, ransomware, malicious spam, and other malicious tasks. “It’s still too early to decide whether or not ChatGPT capabilities will become the new favorite tool for participants in the Dark Web,” company researchers wrote. “However, the cybercriminal community has already shown significant interest and are jumping into this latest trend to generate malicious code.”
READ THE STORY: arsTECHNICA
This new Linux malware floods machines with cryptominers and DDoS bots
FROM THE MEDIA: Cybersecurity researchers have spotted a new Linux malware downloader that targets poorly defended Linux servers with cryptocurrency miners and DDoS IRC bots. Researchers from ASEC discovered the attack after the Shell Script Compiler (SHC) used to create the downloader was uploaded to VirusTotal. Apparently, Korean users were the ones uploading the SHC, and it’s Korean users who are targets, as well. Further analysis has shown that the threat actors are going after poorly defended Linux servers, brute-forcing their way into administrator accounts over SSH. Once they make their way in, they’ll either install a cryptocurrency miner, or a DDoS IRC bot. The miner being deployed is XMRig, arguably the most popular cryptocurrency miner among hackers. It uses the computing power of a victim's endpoints(opens in new tab) to generate Monero, a privacy-oriented cryptocurrency whose transactions are seemingly impossible to track, and whose users are allegedly impossible to identify.
READ THE STORY: Techradar
Twitter API vulnerability leaves millions exposed
FROM THE MEDIA: The APIs that Twitter uses to collect non-public data from its users’ accounts may well be leaving that data vulnerable. In fairness, this is hardly news – a threat actor has been selling the data (including phone numbers and email addresses) of 5.4 million Twitter users, including celebrities and politicians, since July, 2022, based on a cache from December, 2021, for around $30,000. The data of an additional 1.4 million suspended users, collected through a different API, was also exposed for sale. So the vulnerability of this data was long established. But on November 24th, all 5.4 million users’ data was dumped, for free, on hacker forums.
READ THE STORY: Tech HQ
Chick-fil-A investigates reports of hacked customer accounts
FROM THE MEDIA: American fast-food restaurant chain Chick-fil-A is investigating what it described as "suspicious activity" linked to some of its customers' accounts. "We are investigating suspicious activity on some customer accounts," the company said in an alert displayed on its official website on Friday and first spotted by security researcher Dominic Alvieri. "We are committed to protecting customers’ data and are working quickly to resolve the issue." A support page on Chick-fil-A's One Membership Program customer support website provides potentially affected clients with details on what to do if they notice unusual activity on their accounts, if they see any mobile orders placed without their approval, or if they're loyalty points were used to redeem or gift rewards fraudulently.
READ THE STORY: BleepingComputer
Items of interest
The positive impact of the China-Arab cooperation on the regional situation
FROM THE MEDIA: There are such positive impacts on the new visit of Chinese President “Xi Jinping” to the Saudi Arabia to narrow the gap in economic development and easing the turbulent situation. Here, China expects to take advantage of the opportunity of the first Chinese-Arab summit to work with the Arab countries to consolidate the historical friendship, and to continue to deepen the formula of comprehensive, multi-level and wide-ranging cooperation between the two sides, in order to reach more consensus between the two sides in political dealings, economic and trade cooperation, as well as in building the Chinese society.
READ THE STORY: Modern Diplomacy
Hacker hunting with Wireshark (even if SSL encrypted!) (Video)
FROM THE MEDIA: The packets don't lie. You can hide processes or logs, but you cannot hide packets. Malware is a major problem in today's networks. Chris Greer is the Wireshark master. He shows us how to use Wireshark to find Malware and suspicious traffic in our networks.
FIVE COMMON MISTAKES when using Wireshark (Video)
FROM THE MEDIA: Packet analysis is hard enough. Avoid these common mistakes that make it even harder. I know... because I have made every single one of them! Comment below with mistakes you have made and how you overcame them.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com