Saturday, January 14, 2023 // (IG): BB // BSidesCharm// Coffee for Bob
The Curious case of Estonian Cyber Capabilities: Lessons for Pakistan
FROM THE MEDIA: Dutch Ruppersberger a United States congressman once had to answer a strange question “What keeps you up at night?” And his reply was “Spicy Mexican food, weapons of mass destruction, and cyber-attacks”. In Pakistan, food and nuclear weapons are commonly discussed in different forms but the phenomenon that is generally ignored by policy circles as well as by scholars is the threat of Cyberattacks. Generally, it is believed that only major Power like the United States, China, Russia, etc. are prominent actors in the realm of cyberwarfare. But there is also a smaller state “Estonia” that has developed itself as a major power in the sphere of cyber warfare and states like Pakistan can learn a lot from it The story began in April and May 2007, when Estonia faced a series of cyber-attacks in which many institutions were targeted using cyber weapons.
READ THE STORY: Modern Diplomacy
Russian Hackers Eager to Bypass OpenAI’s Restrictions to Abuse ChatGPT
FROM THE MEDIA: Hackread.com earlier reported how hackers are abusing ChatGPT to deploy malware. As per the latest news, Russian hackers are now trying to bypass OpenAI restrictions to exploit ChatGPT for malicious purposes. According to Check Point Research (CPR), Russian hackers are trying to bypass OpenAI‘s restrictions for the malicious use of ChatGPT. For your information, ChatGPT is an OpenAI-owned chatbot launched in November 2022. It is designed on the GPT-3 family of large language models and has been fine-tuned with reinforcement and supervised learning techniques. Its core function is mimicking human conversations, but the chatbot is highly versatile and features voice improvisation skills.
READ THE STORY: HackRead
Russian hacker wanted by the FBI reportedly wins Wagner hackathon prize
FROM THE MEDIA: In December 2022, the Wagner Group organized a hackathon at its recently opened headquarters in St. Petersburg, for students, developers, analysts, and IT professionals. Wagner announced the hackathon on social media earlier that month. Organizers created the promotional website hakaton.wagnercentr.ru, but the website went offline soon after. A December 8 archive of the website, accessed via the Internet Archive Wayback Machine, revealed that the objective of the hackathon was to “create UAV [unmanned aerial vehicle] positioning systems using video recognition, searching for waypoints by landmarks in the absence of satellite navigation systems and external control.” Hackathon participants were asked to complete the following tasks: display the position of the UAV on the map at any time during the flight; direct the UAV to a point on the map indicated by the operator; provide a search for landmarks, in case of loss of visual reference points during the flight and returning the UAV to the point of departure, in case of a complete loss of communication with the operator.
READ THE STORY: Atlantic Council
Europol takes down call centers that scammed Germans out of €2 million
FROM THE MEDIA: International police arrested scammers selling fake cryptocurrency in Europe, Australia, and Canada, Europol announced Thursday. During a cross-border investigation launched in June 2022, police arrested 14 suspects in Serbia and one in Germany. More than 260 other suspects, including people in Bulgaria and Cyprus, have been questioned and some are awaiting prosecution. The criminal network consisted of a number of groups operating from at least four call centers in Bulgaria, Cyprus, and Serbia. The police searched these locations and seized three digital wallets with about $1 million in cryptocurrencies, about €50,000 ($54,000) in cash, three cars, computers, and documents. The victims, mainly from Germany, lost over €2 million in an online investment scam. Police said the number of unreported cases was likely much higher, and that the total amount of losses could reach “hundreds of millions of euros,” Europol said.
READ THE STORY: The Record
Cisco warns of two vulnerabilities affecting end-of-life routers
FROM THE MEDIA: Cisco warned customers this week that it will not release software updates or workarounds to address two vulnerabilities affecting a line of routers that were last sold in 2020. The popular routers – Cisco Small Business RV016, RV042, RV042G and RV082 – are affected by CVE-2023-20025 and CVE-2023-20026. Cisco said it is aware that proof-of-concept exploit code is available and noted that it was discovered by Hou Liuyang of Qihoo 360 Netlab. The bugs allow a remote attacker to “bypass authentication or execute arbitrary commands on the underlying operating system of an affected device.” They added that the vulnerabilities are not dependent on one another. CVE-2023-20025 carries a CVSS score of 9 and was rated critical by Cisco. While Cisco said there are no workarounds to address the vulnerability, administrators can disable the feature.
READ THE STORY: The Record // THN
Malware Attack on CircleCI Engineer's Laptop Leads to Recent Security Incident
FROM THE MEDIA: DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee's laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company's systems and data last month. The CI/CD service CircleCI said the "sophisticated attack" took place on December 16, 2022, and that the malware went undetected by its antivirus software. "The malware was able to execute session cookie theft, enabling them to impersonate the targeted employee in a remote location and then escalate access to a subset of our production systems," Rob Zuber, CircleCI's chief technology officer, said in an incident report.
READ THE STORY: THN
FortiOS SSL-VPN Zero-day Flaw Exploited to Attack Government Organizations
FROM THE MEDIA: There have been a number of attacks against government organizations and government-related targets using FortiOS SSL-VPN zero-day vulnerabilities patched by Fortinet last month that have been exploited by unknown attackers. A security flaw (CVE-2022-42475) was exploited in these incidents to empower attackers to gain remote code execution and crash targeted devices remotely. This vulnerability can be attributed to a heap-based buffer overflow found in the FortiOS SSLVPNd application. The network security company quietly fixed the bug on November 28th by releasing a new version (7.2.3) of the software that addressed the vulnerability.
READ THE STORY: GBhackers
Ransomware gangs are starting to ditch encryption
FROM THE MEDIA: Criminal gangs are using a new method to guarantee a ransomware payout: They're ditching the part where they lock up a target firm's systems by encrypting them and are skipping straight to holding the company's precious data for ransom. As law enforcement attention on ransomware grows, gangs are constantly looking for less-flashy, but still efficient ways to keep their ransomware attacks going. A ransomware attack typically starts with hackers installing file-encrypting malware onto an organization's networks and then displaying a ransom note on every screen. In recent years, ransomware criminals have added another layer to their schemes: They steal data before locking an organization out, then demand a second payment to stop them from dumping all the data in public online.
READ THE STORY: AXIOS
Cole & Van Note Announces Cedar Cares Data Breach Investigation
FROM THE MEDIA: Cole & Van Note, a leading consumer rights law firm, announces today its investigation of Cedar Cares, Inc. on behalf of its consumers/clients, arising out the company’s recent data breach. According to the company, the private information of a massive number of people may have been stolen in the hacking of its information network. It is currently unknown how many people have had their information used for criminal purposes. If you received a notice of this alarming data breach and/or have transacted in any way with Cedar Cares, Inc., your information may already be in the hands of cybercriminals, making your urgent attention to this situation very important. Every case starts simply—with one person having the courage to make one contact.
READ THE STORY: News Trail
Microsoft applies coat of Rust to Azure Sphere IoT platform
FROM THE MEDIA: Developers can now use the Rust programming language when creating applications on Azure Sphere platform for internet-connected devices. Programmers can apply the performance and security capabilities within Rust to make software for Internet of Things devices and other embedded systems that can be the target of botnets and other malware. "Rust and Azure Sphere are a good match – a programming language that can improve safety of code with strict compile time safety checks alongside Azure Sphere's secure identity, update, and end-to-end encrypted communication services for internet-connected devices should provide greater security to the customer applications," Akshatha Udayashankar, an embedded software engineer at Microsoft, wrote in a blog post this week.
READ THE STORY: The Register
Russians say they can grab software from Intel again
FROM THE MEDIA: People in Russia can reportedly once again download drivers and some other software from Intel and Microsoft, which both withdrew from the nation after its invasion of Ukraine. Be aware that folks and companies in Russia have to take a somewhat circuitous route to get those files, according to Moscow's CNews. The situation, we're assured, is this: while Intel's website generally remains closed to netizens visiting from Russia, if those people can reach Intel's download portal from a search engine or some other place, they can now, once again, use that site even if they are in the land of Putin. In other words, they can't come in through the front door, but if they can find the correct URL, it should now work. After war broke out, that wasn't the case, we're told.
READ THE STORY: The Register
Russian hacking group claims responsibility for cyberattacks on Danish websites
FROM THE MEDIA: A Russian hacking group took credit Friday for cyberattacks on the websites of the Danish central bank and seven private lenders earlier this week. The NoName057(16) group also claimed responsibility in a statement for an attack on the Danish Finance Ministry’s website on Friday. An anonymous spokesperson from the group maintained that the attacks were conducted because of Denmark's support for Ukraine in its ongoing conflict with Russia. "Denmark supports Ukrainian neo-Nazis,” the group told local media. "That's enough for us to launch an attack on your country's critical infrastructure. The banking sector was selected because it is one of the most important components of this critical infrastructure.” The attacks targeted Danske Bank, Jyske Bank, Sydbank, Sparekassen Sjælland-Fyn, Bankinvest, Arbejdernes Landsbank and Handelsbanken.
READ THE STORY: AA
Control Web Panel Vulnerability, CVE-2022-44877, Actively Exploited in the Wild
FROM THE MEDIA: This post offers details on the Control Web Panel Vulnerability, CVE-2022-44877, which is actively being exploited in the wild. If you are using Control Web Panel in any version below 0.9.8.1147, make sure to patch as soon as possible. While CVE-2022-44877, a critical vulnerability affecting Control Web Panel (a popular free, closed-source, web-hosting interface), has received an official patch on October 25th 2022, evidence of active exploitation of the vulnerability are starting to accumulate. Over the last week, starting January 6th, adversaries appear to be scanning for unpatched instances running Control Web Panel (CWP) as well as actively attempting to exploit them. Currently, according to threat intelligence platform GreyNoise, there are at least four different IP addresses actively targeting the vulnerability.
READ THE STORY: Security Boulevard
The Rise of AI-Powered Weapons
FROM THE MEDIA: Advances in artificial intelligence (AI) technologies have big implications for lethal autonomous weapons, which are already in use in conflict zones around the world. Matt Devost is an international cybersecurity expert who started his career hacking into systems for the US Department of Defense back in the 1990s. In this interview with Brooke, Devost explains about the many ways that AI will be changing weapons in the near future, especially for micro decision making. He also talks about how the "wow" moment surrounding ChatGPT could extend to the use of AI for weapons, and the ethical risks that come into question when machines, rather than humans, make decisions.
READ THE STORY: WNYC Studios
Hackers to Get a Crack at Systems Running the Pentagon in New Bug Bounty
FROM THE MEDIA: The Defense Department is planning the third iteration of its Hack the Pentagon program with a focus on identifying vulnerabilities in the operational technologies that keep the iconic building and grounds running. The DOD launched the Hack the Pentagon program in 2016 with vendor HackerOne coordinating a bug bounty program on the department’s public websites. More than 1,400 hackers joined in the first round, discovering 138 unique vulnerabilities and tallying $75,000 in bounty rewards. The program was expanded in 2018 to include two more vendors: Synack and Bugcrowd. In a draft solicitation released Friday, DOD announced plans for a third go and laid out expectations for the vendors that will manage the program. Under Hack the Pentagon 3.0, the Washington Headquarters Service—which manages back-office resources for the Pentagon and parts of the DOD—wants to unleash white-hat hackers on the Facility Related Controls System, or FRCS, network.
READ THE STORY: NextGov
Hackers compromise Norton Password Manager
FROM THE MEDIA: The company is urging customers to change their passwords or risk being compromised. Norton's legally required data breach notification was posted on the Office of the Vermont Attorney General’s webpage Friday afternoon. The security software company first became aware of the incident on December 12, when intrusion detection systems alerted security teams of the unusual activity within the system. This led them to realize that the customer accounts had been potentially compromised. Norton traced the incident back to December 1. By December 22, the investigation had concluded that the third party had most likely obtained the large collection of usernames and passwords from another source, such as the dark web. “In assessing your account with your username and password, the unauthorized user third party may have viewed your first name, last name, phone number and mailing address.”
READ THE STORY: Cybernews
SpiderOak raises $16.4M for space cybersecurity tech to protect ‘soft underbelly’ of satellites
FROM THE MEDIA: A Lenexa-based company’s industry-leading technology is taking orbit with new investments that validate SpiderOak’s end-to-end cybersecurity efforts — a “mission critical” platform that reduces the attack surface of satellites and damages the ability of adversaries to jam and disrupt space communications. “Today, space-based assets are mission essential in all civil and military operations and rapidly becoming mission critical for all national and corporate infrastructure,” said Charles Beames, executive chairman of SpiderOak. “The Space Force and the space industry consensus is that a cyber-attack is the most likely and most damaging threat to these assets.”
READ THE STORY: Startland News
Quantum computers: How scientists can shield against cyber attacks
FROM THE MEDIA: Thirteen, 53, and 433. That’s the size of quantum computers in terms of quantum bits, or qubits, which has significantly grown in the last years due to important public and private investments and initiatives. Obviously, it is not only a mere question of quantity: the quality of the prepared qubits is as important as their number for a quantum computer to beat our existing classical computers, that is, to attain what’s called the “quantum advantage”. Yet it is conceivable that soon quantum-computing devices delivering such an advantage will be available. How would this affect our daily lives? Making predictions is never easy, but it is agreed that cryptography will be altered by the advent of quantum computers. It is an almost trivial statement that privacy is a key issue in our information society: every day, immense amounts of confidential data are exchanged through the Internet.
READ THE STORY: Interesting Engineering
Items of interest
China’s Imports of ICs Fell in 2022 for First Time Since 2004
FROM THE MEDIA: China’s imports of integrated circuits declined in 2022 for the first time in almost two decades. Imports of ICs fell 15% last year to 538.4 billion units from 635.6 billion units in 2021, according to data from General Administration of Customs released Friday. That’s the first annual drop since at least 2004 when Bloomberg started tracking the data. Imports grew 17% in 2021, 22% in 2020 and 6.6% in 2019. The decline comes at a time when the US is tightening controls over advanced chip sales to China. The US last year imposed restrictions on the export of some types of semiconductors used in artificial intelligence and supercomputing, seeking to stop China’s drive to develop its own chip industry and advance its military capabilities.
READ THE STORY: Bloomberg
SANS Webinar: Anatomy of the TRITON ICS Cyberattack (Video)
FROM THE MEDIA: This educational SANS webinar led by Justin Searle, Director of ICS Security at InGuardians and a senior SANS instructor, and Phil Neray, VP of Industrial Cybersecurity at CyberX, to learn about: - Technical architecture of the TRITON malware — including how the attackers cleverly inserted a backdoor into the firmware memory region of the safety controller without interrupting its normal operation or being detected.
How TRITON Disrupted Safety Systems & Changed the Threat Landscape of Industrial (Video)
FROM THE MEDIA: In 2017, a sophisticated threat actor deployed the TRITON attack framework engineered to manipulate industrial safety systems at a critical infrastructure facility. This talk offers new insights into TRITON attack framework which became an unprecedented milestone in the history of cyber-warfare as it is the first publicly observed malware that specifically targets protection functions meant to safeguard human lives. While the attack was discovered before its ultimate goal was achieved, that is, disruption of the physical process, TRITON is a wakeup call regarding the need to urgently improve ICS cybersecurity.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com