Monday, January 30, 2023 // (IG): BB // BSidesCharm// Coffee for Bob
What’s behind the strange phenomenon of Havana syndrome
FROM THE MEDIA: Background - Havana Syndrome is an unexplained set of medical symptoms experienced by U.S. government officials and military personnel abroad, most notably in 2016 by U.S. and Canadian embassy staff in Havana, Cuba. Two new podcasts investigate the mysterious phenomenon of Havana Syndrome, a neurological disorder that has affected U.S. government officials abroad. The Sound: Mystery of Havana Syndrome follows British journalist Nicky Woolf as he attempts to discover the cause of the aural and visual disturbances reported by victims, while Vice's Havana Syndrome similarly delves into the political backdrop of the illness. Both podcasts feature interviews with experts and those affected, and are sure to be gripping and informative listens.
READ THE STORY: FT
Tracking Western parts in Russian weapons used against Ukraine
FROM THE MEDIA: The war in Ukraine has highlighted the extent to which Western-made components are being used in Russian and Iranian weapons systems. Reports by the Royal United Services Institute and Conflict Armament Research have found a total of over 950 different components from 70 manufacturers in 13 countries, including the US, Switzerland, Japan, Taiwan, and China. Swiss firms STMicroelectronics and u-blox, who manufacture semiconductors and global navigation satellite modules, have been implicated in the reports. The US administration has been working to reduce Russia's access to Western-made components and increase Ukraine's ability to target and bring down the drones being used in the conflict.
READ THE STORY: SWI
How Ukraine’s Cyber Police fights fraud, scams, and attacks on critical infrastructure
FROM THE MEDIA: Ukraine's Cyber Police had a busy year in 2022, with their focus shifting from online fraud, scams, and other forms of financially-motivated cybercrime to investigating and preventing cyberattacks targeting government institutions and critical infrastructure, as well as stopping Russian disinformation operations. Led by Yurii Vykhodets, the Cyber Police has started initiatives such as "Мрiя" (“Dream” in English), a project that helps counter enemy propaganda across the internet, and "Народний месник" (“National Avenger”), a Telegram bot that allows citizens to inform law enforcement personnel about signals and indicators they’ve discovered that might be used for enemy coordination. They have also joined an international initiative to tackle criminal money-laundering operations. In addition, they are actively fighting fraud on the internet and exchanging information with international law enforcement agencies through channels with Europol and Interpol.
READ THE STORY: The Record
An Ethical Dilemma: Weaponization of Artificial Intelligence
FROM THE MEDIA: Technological advancements over the past decade have changed the way we interact and live. Voice assistant devices, AI-enabled facial recognition software, and neural network sensing technologies have become commonplace in daily life. At the same time, the US Government has weaponized AI, ML, and autonomy for military operations, leading to ethical dilemmas about the appropriate use of these technologies. Through an ethical processing model involving the examination of rules, outcomes, and virtues lenses, leaders and professionals can develop moral solutions to the ethical challenges of weaponizing AI. Despite the potential risks posed by the weaponization of AI, the US Government has implemented policies to maintain checks and balances and ensure ethical decisions are made.
READ THE STORY: Small Wars Journal
Mass-market military drones have changed the way wars are fought
FROM THE MEDIA: The introduction of the Bayraktar TB2 drone in 2014 has revolutionized the arms market, allowing smaller nations to access the air capabilities previously limited to great military powers. These cheap, mass-market drones have been deployed in conflicts worldwide, from Ukraine to Ethiopia, and have changed the face of warfare with their easy availability and low cost. The proliferation of these drones has come with terrible human costs and has allowed great powers to use them in conventional warfare, as seen in Russia's Shahed-136 drone attacks on Ukrainian civilians. Alongside the TB2, other commercial drones, such as DJI quadcopters, have become ubiquitous on battlefields, making them a powerful and terrifying new weapon in modern warfare.
READ THE STORY: MIT Tech Review
Mounting pressure is creating a ticking time bomb for railway cybersecurity
FROM THE MEDIA: The railroad industry is facing a major transformation as digital systems and connected devices become increasingly integrated into operations. This has led to an expansion of potential cyber threats, necessitating a top-level, proactive and comprehensive approach to cybersecurity to protect company assets and customers' and employees' data. Cybersecurity Director/CISO Dimitri van Zantvliet of Dutch Railways and co-chair to the Dutch and European Rail ISAC discusses the increasing cyber-attacks on railway systems, as well as how they are building a practical cybersecurity approach and complying with cyber legislation. He advises that organizations must take a holistic and proactive approach to cybersecurity, including risk assessment, security strategy, security controls, employee training, monitoring and maintaining, and compliance, to effectively protect critical infrastructure from cyber threats.
READ THE STORY: HelpNetSecurity
Chaos engineering
FROM THE MEDIA: Chaos engineering is a resilience discipline that involves controlled experiments on production systems to uncover systemic weaknesses. The practice was born out of a need to counter the vanishing instance problem caused by the AWS outage back in 2008 at Netflix, which has since grown to include more failure modules, such as the Netflix Simian Army. Although chaos engineering is a more advanced tactic for first-principle strategy, companies providing global digital services that must run 24/7 without any downtime likely have a team of chaos engineers performing these experiments. It is also being used by traditional security teams to develop hypotheses around how the organization should react to a specific attack sequence, and as an alternative to security theater. However, chaos engineering is not for everyone and organizations should consider the resources needed to implement the tactic before pursuing it.
READ THE STORY: The Cyberwire
Japan, Netherlands reportedly join US in China tech export ban
FROM THE MEDIA: The US, Japan, and the Netherlands have reportedly agreed to a unified approach to restrict semiconductor exports to China, in an effort to prevent China from developing military technologies and to protest human rights abuses. Michael McCaul, chair of the US House Foreign Affairs Committee, has also suggested the Biden administration plans to ban US financing of Chinese tech. China has also explored its own semiconductor export ban, specifically for photovoltaic silicon wafer preparation technology, which is necessary for the production of solar panels. These developments have the potential to create a bottleneck for climate adaptation measures, as well as prevent Chinese firms from establishing manufacturing facilities overseas.
READ THE STORY: The Register
New Research Uncovers Threat Actor Behind Infamous Golden Chickens Malware-as-a-Service
FROM THE MEDIA: Cybersecurity experts have identified the individual behind the Golden Chickens malware-as-a-service, known online as “badbullzvenom,” as Frapstar, a carder from Canada. The 16-month investigation by eSentire’s Threat Response Unit revealed the real-world identity of Frapstar, as well as details of their interests, social media accounts, and tools used by the threat actor. Frapstar is believed to be part of a group responsible for a combined estimated loss of $1.5 billion, and has recently shifted tactics to target corporate hiring managers by sending resumes with malware. The true identity of Frapstar and the other individual controlling the badbullzvenom account remains unclear, with possible locations of origin in Moldova or Romania.
READ THE STORY: GBHackers
Russian Ransom Gang Black Basta Exposed
FROM THE MEDIA: Security researchers from Quadrant Information Security have successfully exposed one of the most active and powerful Russian ransomware groups, known as Black Basta. The group was caught infiltrating a company’s network, copying data and encrypting servers in order to extort money. Quadrant was able to detect the activity and gain insights into the systems and processes used by the group. Through packet inspection, they were able to identify the malware and the second stage payload which was later determined to be the penetration testing framework "Brute Ratel". Additionally, they were able to determine the unencrypted FTP connection used by the group and the credentials associated with it. Furthermore, the researchers were able to access the backend servers and explore the inner structures and working methods of the ransomware scene. Their findings suggest that Black Basta may no longer be able to continue working in the same way and that their data exfiltration servers could be taken down by contacting the hosting provider, although this is not always successful.
READ THE STORY: RS
Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices
FROM THE MEDIA: Since September 2021, researchers have observed a dramatic surge in exploitation attempts of a critical remote code execution vulnerability (CVE-2021-35394) in Realtek Jungle SDK, with 134 million exploit attempts recorded as of December 2022. The attacks have primarily originated from the US, Vietnam, and Russia, with the majority of attacks from Russia targeting organizations in Australia. The vulnerability has been exploited by a variety of threat actors, who have used it to deliver malicious payloads such as botnets, malicious scripts, and binary payloads, as well as to cause DoS. These findings indicate the importance of keeping software updated in order to protect against potential threats.
READ THE STORY: THN
South Korea to Launch Cryptocurrency Tracking System to Combat Blockchain-related Crimes in 2023
FROM THE MEDIA: The South Korean government is taking proactive steps to tackle the increased cases of blockchain-related crimes. The proposed ‘virtual currency tracking system’ will help the Ministry of Justice to check transaction details, extract related information between transactions, and check the source of funds before and after the remittance. The country’s police department has signed contracts with several local cryptocurrency exchanges and increased blockchain security experts to help strengthen its investigations. The South Korean court has also ruled in favor of investors who faced service outages in the past. These steps demonstrate the South Korean government's commitment to fight cryptocurrency-related crimes.
READ THE STORY: CoinSpeaker
Gee, tanks: Russian hackers DDoS Germany for aiding Ukraine
FROM THE MEDIA: This week has seen a variety of cyber security incidents, from the Russian Killnet group attempting to DDoS German infrastructure and government websites to Riot Games having its source code stolen and leaked. Additionally, some 44 gigabytes of Yandex source code was exposed, allegedly by a former employee, leading to speculation about the company's relocation plans. The incidents demonstrate the ongoing vulnerability of digital infrastructure and the varying motivations behind cyberattacks, from political to financial.
READ THE STORY: The Register
Arts and crafts used to back Russian hacker group
FROM THE MEDIA: Killnet, a pro-Russian hacktivist group, has received both financial and symbolic support from various sources, such as rapper Kazhe Oboyma, Moscow-based jeweler HooliganZ, and dark web forum Solaris, according to Radware researcher Daniel Smith. Smith argues that this is an example of how art and entertainment can be used to support criminal organizations and to promote their causes, and that the potential for dark-net marketplaces to directly fund criminal organizations is immense.
READ THE STORY: Cybernews
The Generative AI Revolution Is Creating The Next Phase Of Autonomous Enterprise
FROM THE MEDIA: Generative AI is quickly becoming an essential technology for businesses across many industries, allowing them to automate processes and create high-quality content faster than ever before. Companies such as OpenAI, Jasper, DeepL, Hypotenuse, Kore.ai, Copy.ai, Debuild, and Mongoose Media are leading the way in developing and leveraging this powerful technology, which can be used for marketing campaigns, copywriting, product descriptions, true personalization, diagnostics, drug discovery and development, and more. As AI-driven automated software engineering becomes more prominent, G7 countries have an opportunity to bridge the gap between human creativity and technological innovation and remain competitive in a fragmented world.
READ THE STORY: Forbes
Physicists Used Sound Waves to Give a Tiny Sun Its Own Kind of Gravity
FROM THE MEDIA: Researchers from the University of California, Los Angeles recently proposed a new method to simulate space events inside laboratories, using a small glass ball heated to a temperature of 5,000 degrees Fahrenheit. By using sound waves as a substitute for gravitational forces, they were able to generate currents in the hot plasma, creating conditions that resembled those around stars and planets. The team plans to scale up the experiment to more closely match the conditions in space, and to investigate other aspects of the simulation, which could be useful for studying the behavior of space weather and other phenomena related to our planet.
READ THE STORY: Science Alert
Vulnerabilities in PMbus can brick server boards
FROM THE MEDIA: Researchers at the University of Birmingham have uncovered a vulnerability present in Intel Xeon processors, Supermicro X11SSL motherboards and other server boards. The vulnerability, called PMFault, can be remotely activated to provide an over-voltage to the CPU, potentially leading to a condition known as 'bricking'. The underlying weaknesses include insecure firmware encryption and signing mechanisms, lack of authentication for firmware upgrades and control interfaces, and the PMBus being connected to the BMC and SMBus by default. The team has developed a PMBusDetect tool for detecting if the VRM is connected to the PMBus and provided source code and more details on the issue.
READ THE STORY: EENews
Black swans events are shaping the cybersecurity present and future
FROM THE MEDIA: The last few years have seen a surge of black swan events in the world of cybersecurity, from the onset of the COVID-19 pandemic to the subsequent push for decentralization and the record-breaking venture capital investments. The rise of Gen V attacks and the need for easier and quicker to install security products were also key drivers of innovation. However, the subsequent macroeconomic recession has caused a decline in innovation investments and the emergence of a cybersecurity bubble. Looking ahead, there is likely to be extreme consolidation of cybersecurity products and solutions to provide a comprehensive end-to-end solution, and organizations will need to tread carefully to ensure that start-ups retain their autonomy and agility. Despite the challenges presented by these black swan events, they are leading to a more cyber secure world.
READ THE STORY: VB
Covert Israeli Operations Against Iranian Missiles And Drone Plants Might Help Ukraine
FROM THE MEDIA: Israel is suspected to have been behind the drone attack on a military target near Isfahan, Iran on Saturday, a move that Ukraine welcomed. Ron Prosor, Israeli Ambassador to Germany, recently mentioned Iran's drones and missiles and stated that Israel had been helping Ukraine more than what was publicly known. Ukraine has previously criticized Israel for its reluctance to supply Ukraine with military hardware and early-warning systems. Israeli operations against Iranian military facilities could help Ukraine with delays in drone resupplies and potential SRBM transfers in the short term.
READ THE STORY: Forbes
Qatar replaces Russian company in Lebanon’s gas exploration
FROM THE MEDIA: Lebanon recently signed an agreement with QatarEnergy, TotalEnergies of France and Italy’s Eni company for oil and gas exploration in two Lebanese blocks of the Mediterranean Sea. This deal comes after the withdrawal of Russia from the agreement amid US sanctions and is a result of months-long talks. This exploration is seen as a critical step in Lebanon's economic recovery, as well as a way to further develop its oil and gas industry in the region. The agreement was signed with the presence of the ambassadors of Qatar, France and Italy, and was celebrated by Lebanese Caretaker Prime Minister Najib Mikati, who thanked US mediator Amos Hochstein for his successful handling of the indirect negotiations between Lebanon and Israel.
READ THE STORY: ArabNews
China's mobile IoT connections account for 70% of world's total
FROM THE MEDIA: China's mobile Internet of Things (IoT) user base has grown exponentially, with over 1.845 billion connections as of the end of 2022, representing 70% of the world's total. Additionally, 10.38 million mobile communication base stations have been built, and a wide range of networks including NB-IoT, 4G, and 5G have been developed, with NB-IoT covering the largest area. Moreover, the total number of terminal connections of the mobile network had also reached 3.528 billion, with more end users of mobile IoT than mobile phone users, accounting for 52.3% of the total. As a result, China's IoT industry chain covers a range of areas, including chips, modules, terminals, software, platform and service, and being applied to various areas such as public services, internet of vehicles, and smart retail.
READ THE STORY: ECNS
China’s Security Assessment on Data Outbound Transfer Explained
FROM THE MEDIA: The Cyberspace Administration of China (CAC) released the Data Outbound Transfer Security Assessment Rules six months ago and since then, many companies have filed their Security Assessment applications to CAC, however, many have been rejected for improvement or correction. This essay explains the important things to meet the requirements of the Security Assessment, such as who should file for it, when it is triggered, when a new filing is required, what should be filed, what is the focus of the assessment, what are the requirements for the legal documents of the data outbound transfer and the Security Assessment Report, and what are the administrative liabilities for violating the Security Assessment requirement. It is suggested that data processors should have a consultation with the provincial office of the CAC to understand the logics and expectations of the CAC, and they should assess the security risks of personal information and important data in all outbound transfer scenarios and make a self-assessment report before March 2023.
READ THE STORY: Lexology
Items of interest
AI rockets ahead in vacuum of U.S. regulation
FROM THE MEDIA: ChatGPT's success has spurred a tech-industry race to incorporate AI into everyday products and decision-making, prompting urgent calls from U.S. lawmakers for effective regulation of the technology to mitigate potential harms such as bias, misinformation, fraud, and hate. Despite bipartisan efforts, few expect a breakthrough on a federal AI law and the U.S. lags behind the European Union in terms of AI regulation. Companies, states, and the Federal Trade Commission are attempting to create new rules, but the patchwork system of regulation in place is still insufficient.
READ THE STORY: AXIOS
Roadmap to ChatGPT and AI mastery (Video)
FROM THE MEDIA: The video discusses the use of ChatGPT to help with writing essays and notes that there are many advantages to using the tool. However, the speaker also warns that it is subject-dependent and should not be relied on to do everything.
The SolarWinds Hack: The Largest Cyber Espionage Attack in the United States(Video)
FROM THE MEDIA: The SolarWinds hack of 2020 is one of the most sophisticated cyber espionage incidents in history, with threat actors infiltrating the system as early as January of 2019, and staying undetected for almost two years. In this attack, multiple Fortune 500 companies and government organizations were compromised, and the perpetrators used a variety of techniques to avoid detection, such as only using US domains for the victims command and control server and disabling antivirus and forensic tools. The attack was eventually attributed to the Russian foreign intelligence service SVR and led to multiple new sanctions imposed by the Biden administration. The attack revealed how vulnerable organizations are when incorporating third-party vendors into their supply chains, and how difficult it is to take measures against such an attack.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com