Thursday, February 09, 2023 // (IG): BB // BSidesCharm// Coffee for Bob
Deepfake news anchors spread Chinese propaganda on social media
Analyst Comments: Why do we care? The use of AI-generated presenters in videos by Chinese state-aligned actors has raised concerns among researchers. These media products promote the interests of the Chinese Communist Party or any narrative. Synthesia, a British AI video company is offering this capability to the public. The threat lies in the low cost and quick turnaround time of production.
FROM THE MEDIA: In a series of videos posted by Chinese state-aligned actors, AI-generated presenters were used to distribute content that promotes the interests of the Chinese Communist Party. The presenters were likely created using technology provided by a British AI video company called Synthesia, which can create AI-generated videos in minutes for as little as $30 per month. Despite their efforts, the videos received limited views and are an example of how countries such as China are leveraging similar technology in their operations. Researchers warn that threat actors will continue to experiment with AI tech to produce increasingly convincing footage that is harder to detect and verify.
READ THE STORY: The Record
New info-stealing malware used against Ukraine organizations
FROM THE MEDIA: Nodaria is a Russia-linked espionage group that has been active since March 2021. The group has recently been using a new information-stealing malware called Graphiron, written in the Go programming language, against targets in Ukraine and possibly other countries like Kyrgyzstan and Georgia. Graphiron is designed to gather system information, credentials, screenshots, and files from infected computers. It also has similarities to older Nodaria tools such as GraphSteel and GrimPlant. Symantec researchers suspect that the group continues to evolve their capabilities in an effort to circumvent defensive efforts.
READ THE STORY: The Record // THN // InfoSecMag
The impact of Russia’s Ukraine invasion on digital threats
FROM THE MEDIA: The ongoing war in Ukraine has had a major impact on energy prices, inflation, and cyberthreats, especially in the ransomware scene. Attackers are using increasingly destructive tactics such as deploying wipers that mimic ransomware. There has been an increase in cryptocurrency-themed phishing websites and banking malware detections, as well as increased phishing activity and Android adware detections. Gartner advises ERM leaders to reassess their organizational risk models due to the Russia’s invasion of Ukraine, and to monitor talent risk, cybersecurity risk, financial risk, and supply chain risk.
READ THE STORY: HelpNetSecurity
Tor and I2P networks hit by wave of ongoing DDoS attacks
FROM THE MEDIA: Tor and I2P networks have both been hit by a wave of distributed denial-of-service (DDoS) attacks since July 2022, which have caused network connectivity and performance issues for users. Tor Project's Executive Director Isabela Dias Fernandes revealed on Tuesday that the team is working to mitigate the impacts and defend the network from these attacks. Meanwhile, I2P users may also experience issues due to malicious floodfill routers crashing with OOM errors when hit by the Denial-of-Service attack. The attackers are changing their tactics often, making it difficult to defend against them.
READ THE STORY: BleepingComputer
OpenSSL Fixes Multiple New Security Flaws with Latest Update
FROM THE MEDIA: The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. The vulnerability is rooted in the way the popular cryptographic library handles X.509 certificates and could lead to an application crash, disclose memory contents, or even recover plaintext messages sent over a network by taking advantage of a timing-based side-channel attack. The fixes arrive nearly two months after OpenSSL plugged a low-severity flaw arising when processing an X.509 certificate, resulting in a denial-of-service condition.
READ THE STORY: THN
NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices
FROM THE MEDIA: The U.S. National Institute of Standards and Technology (NIST) recently announced the standardization of a family of authenticated encryption and hashing algorithms known as Ascon. These algorithms are designed to protect information created and transmitted by the Internet of Things (IoT), including its myriad tiny sensors and actuators, implanted medical devices, stress detectors inside roads and bridges, and keyless entry fobs for vehicles. The suite comprises authenticated ciphers ASCON-128, ASCON-128a, and a variant called ASCON-80pq that comes with resistance against quantum key-search, as well as a set of hash functions. It also provides authenticated encryption with associated data (AEAD), which can be used in vehicle-to-vehicle communications or to prevent counterfeiting of messages exchanged with RFID tags. Implementations of the algorithm are available in different programming languages, such as C, Java, Python, and Rust, as well as hardware implementations.
READ THE STORY: THN
SpaceX didn’t intend that Starlink be ‘weaponized’ by Ukraine: Shotwell
FROM THE MEDIA: SpaceX President Gwynne Shotwell has said that the use of Starlink internet communications by the Ukraine military as a weapon system in its war with Russia was never intended or agreed to. She added that they have taken steps to prevent Ukraine’s military from using the company’s Starlink satellite internet service for controlling drones and have shipped truckloads of Starlink terminals to Ukraine, allowing the country’s military to communicate by plugging them in and connecting them with the nearly 4,000 satellites SpaceX has launched into low-Earth orbit so far. Governments including the United States and France have also paid for other shipments of Starlink terminals.
READ THE STORY: Breaking Defense
‘No evidence of malicious access,’ Toyota says about serious bug exploited by outside researcher
FROM THE MEDIA: A security researcher discovered a back door in Toyota's Global Supplier Preparation Information Management System (GSPIMS) web application that provided access to information on more than 14,000 corporate user accounts and details of Toyota's suppliers and parts. The flaw was reported to Toyota in November and patched. It is the latest incident to expose weaknesses in the company's cybersecurity. The researcher used an Angular workaround to bypass the login screen and gain access to the GSPIMS system. He found a function that required only a valid email address—no password—to return a JWT with access to sensitive information. Despite reporting the issue, the researcher received no compensation from Toyota and noted this could be a disincentive for other researchers to look for exploitable flaws in the company's infrastructure.
READ THE STORY: The Record // Security Boulevard
Threat group targets over 1,000 companies with screenshotting and infostealing malware
FROM THE MEDIA: Researchers have discovered a new threat actor that is targeting over a thousand organizations since October to deploy credential-stealing malware. The attack chain includes reconnaissance components such as a Trojan that takes screenshots of the desktops of infected computers. Attackers use phishing emails with malicious macros or JavaScript files attached to get users to download and execute the malware, which is then used to steal crypto wallets, steam accounts, passwords from browsers and other data. The attack could be financially motivated or part of an espionage campaign.
READ THE STORY: CSO
AI Cyber Solutions Positioning To Better Secure Web3
FROM THE MEDIA: The crypto industry has lost $3.9 billion in 2022 due to hacking, fraud, and scam-related incidents. As the Web3 market is forecast to scale to $6 trillion, cyber security experts are expecting cyber crime to scale in pace with it. Artificial Intelligence (AI) and Machine Learning (ML) are seen as promising solutions for better digital security and the AI cybersecurity market is set to grow to $46 billion by 2028. ML can optimize smart contracts and help identify and mitigate potential vulnerabilities on Web3. While ML can help secure Web3, it is not a foolproof solution and cyber criminals can exploit the technology.
READ THE STORY: Forbes
Estonian intelligence: Russia underestimated Ukraine’s cyber resilience
FROM THE MEDIA: Russia underestimated the resilience of Ukraine’s cyberspace and the help it receives from Western countries and cybersecurity companies. Initially, Russia’s cyberattacks may not have been organized to maintain the support of the local population. Kinetic and cyber attacks against Ukraine’s power grid have escalated during the winter in an attempt to wear down Ukraine and undermine the morale of Ukrainian society. However, Russia’s influence operations have not had the intended effects and Ukrainian society remains united and trusts its government despite threats posted on social media and data leaks.
READ THE STORY: The Record
Meet the prolific Russian espionage crew hacking spymasters and lawmakers
FROM THE MEDIA: The Seaborgium hacking group is believed to have ties to Russian intelligence services and has been active since 2017. The group targets politicians, defense organizations, government organizations, NGOs, think tanks, journalists and activists in order to gain information that aligns with Russian state interests. Recently, the group has claimed British lawmaker Stewart McDonald as a victim after hacking his email account. The U.K.'s National Cyber Security Center is investigating the incident and providing the individual with support.
READ THE STORY: TechCrunch
AI is eating itself: Bing’s AI quotes COVID disinfo sourced from ChatGPT
FROM THE MEDIA: OpenAI's new chatbot, ChatGPT, can be used by malicious actors to generate and spread false narratives at an unprecedented scale. When prompted with a series of leading questions about a sampling of 100 false narratives from NewsGuard's proprietary database, the chatbot produced 80 responses that could have appeared on the worst fringe conspiracy websites or been advanced on social media by Russian or Chinese government bots. Despite safeguards built into the AI, some responses still included misinformation and misleading statements. OpenAI is aware of the risk posed by its chatbot, and has said that upcoming versions will be more knowledgeable.
READ THE STORY: TechCrunch
UK High Court allows Bahraini activists to sue government over spyware
FROM THE MEDIA: Wednesday, a High Court judgment granted the right to sue the Kingdom of Bahrain to dissidents who have been targeted with FinSpy surveillance software. The activists believe that the spyware infections were “carried out, directed, authorized or caused by the Bahraini government or its agents," according to law firm Leigh Day. Citizen Lab research has identified FinFisher as a sophisticated computer spyware suite sold exclusively to governments for intelligence and law enforcement purposes. In this report, we describe our findings regarding 32 governments and 10 specific government entities that are using FinFisher and highlight several cases that illustrate connections between different threat actors.
READ THE STORY: The Record
Cybercrime Web: How Chinese Syndicates Are Targeting Neighboring Countries
FROM THE MEDIA: Chinese syndicates and threat actors have been increasingly committing various cybercrimes in neighboring countries, such as PII theft, cross-border gambling, e-commerce scams, romance scams, and APT. In the Philippines, there is a "Pastillas Scheme" where airport immigration workers are bribed to ferry Chinese people from the airport to Philippine Offshore Gaming Operators (POGOs). In Cambodia, foreign employees and visitors have been subjected to human trafficking and abuse. In Myanmar, Chinese syndicates use tempting job postings on local social media platforms to entice Chinese nationals to serve as mercenaries or engage in fraud or drug trafficking. India has taken measures to address these security concerns.
READ THE STORY: News 18
China plants PLA ex-servicemen in general public for surveillance
FROM THE MEDIA: The Chinese Communist Party (CCP) is planting PLA ex-servicemen in village committees to ensure loyalty to President Xi Jinping and strengthen its grip on the general public. The CCP has also set up video surveillance infrastructure and checkpoints in Tibet, and is nurturing tech companies to monitor, censor, and condition public opinion online. Additionally, the CCP has launched the Golden Shield Project (GSP) which includes AI facial recognition technology and geolocation tracking of vehicles and people. China is also using multilateral institutions like BRICS to promote its surveillance technology abroad.
READ THE STORY: Devdiscourse
Putin’s Ukraine Invasion: Turbocharging Sino-Russian Collaboration in Energy, Maritime Security, and Beyond
FROM THE MEDIA: Putin’s invasion of Ukraine has the potential to profoundly alter the balance of power between Russia and China, as well as the United States’ position in maritime Asia. This article speculates on the implications of this development for Sino-Russian strategic and maritime-security dynamics, with a focus on potential increased energy and resource transactions, sharing of undersea-warfare technology and acoustic intelligence, and PLA access to air and naval bases in the Russian Far East and High North. It also identifies potential limiting factors that could constrain, divert, or even derail Sino-Russian collaboration.
READ THE STORY: Andrew S. Erickson
Secretly-Launched Russian Satellite with Unknown Purpose Breaking Up in Orbit, US Says
FROM THE MEDIA: US officials confirmed this week that a mysterious Russian satellite, Cosmos 2499, broke apart in low-Earth orbit. It was launched back in 2013 and 2014 and was thought to be debris until it started maneuvering in orbit. The 18th Space Defense Squadron is now tracking the dozens of debris chunks hurtling through space. Speculation has been that it was a spy satellite or an experimental anti-satellite weapon. Nobody knows what it was up to or why it broke up. Russia, China, and the US are all vying for space dominance, with the US having recently commissioned the Space Force to fight wars of the future.
READ THE STORY: Vice
Researchers strive to predict satellite resilience to weapons of mass destruction in space
FROM THE MEDIA: Gennady Miloshevsky, Ph.D., is an associate professor of mechanical and nuclear engineering in the Virginia Commonwealth University College of Engineering who specializes in computational physics with an emphasis on plasma, lasers and particle beams. With funding from the Defense Threat Reduction Agency, he is studying the effect weapons of mass destruction have on satellites within Earth’s orbit. His research involves developing computer codes to simulate temperature, pressure and radiation in order to study the state known as “warm dense plasma,” which occurs between the solid and classical plasma states and exhibits the characteristics of both. He also works to understand X-ray-induced shock generation, material ablation and blow-off within the vacuum of space. Practical experiments in a lab use lasers to replicate the heat and pressure generated by X-ray radiation, shock and other physical effects of a nuclear detonation.
READ THE STORY: VCU
Cultured Meat 101: The Science and Premarket Process
FROM THE MEDIA: Cultured meat is becoming a reality, and the FDA has established a premarket consultation process for companies wishing to market their products. Cells used to make lab-grown meat are usually satellite stem cells or induced pluripotent stem cells (iPSCs). Genetically stable cell lines are important for reproducibility and consistency, and the Good Food Institute is funding a project to collect a diverse array of animal species cell lines. Believer Meats is on track to produce 10 metric tons of meat per year in North Carolina.
READ THE STORY: WBD
Malicious Dota 2 game mods infected players with malware
FROM THE MEDIA: Researchers have discovered four malicious Dota 2 game mods that were used by a threat actor to backdoor players' systems. The attacker created the malicious game mods and included a file with malicious code which allowed them to remotely execute commands on the infected devices, potentially allowing the installation of further malware. They also included a malicious JavaScript exploit for CVE-2021-38003, a high-severity security flaw in Google's V8 JavaScript and WebAssembly engine. Valve released a security update to address the issue and alerted all affected players. A similar attack occurred on Grand Theft Auto Online where a cheat developer exploited a remote code execution vulnerability to include functionality to ban and corrupt players' accounts. Rockstar Games released a security update to address the issue.
READ THE STORY: BleepingComputer
Half of executives expect an increase in cyber incidents targeting financial data: report
FROM THE MEDIA: Company executives anticipate an increased number of cyber incidents targeting accounting and finance data during the next year. However, collaboration between security teams and accounting departments is lacking. A threat campaign called UNC3524 has been identified as targeting M&A information. To protect against threats, organizations should monitor network traffic, implement a zero-trust approach, and follow strict identity and access management controls.
READ THE STORY: CyberSecurityDive
Weee! grocery service confirms data breach, 1.1 million affected
FROM THE MEDIA: Weee!, an Asian and Hispanic food delivery service, suffered a data breach exposing the personal information of 1.1 million customers. The leaked database contains Weee! customers' first and last names, email addresses, phone numbers, device type (iOS/PC/Android), order notes, and other data the delivery platform uses. Payment information was not exposed as Weee! does not retain that data in their database. Customers can search for their email address on Have I Been Pwned to see if their information was exposed in this breach. Existing members of the notification service will automatically be notified via email.
READ THE STORY: BleepingComputer
CISA Releases Recovery Script for Victims of ESXiArgs Ransomware
FROM THE MEDIA: The US Cybersecurity and Infrastructure Security Agency (CISA) has released a free recovery script on GitHub for victims of the ESXiArgs ransomware variant that affected thousands of organizations worldwide this week. The tool is designed to help organizations attempt the recovery of configuration files on vulnerable VMware ESXi servers without having to pay a ransom. Organizations should understand how it works before attempting to use the tool. Meanwhile, VMware has urged organizations to patch the 2-year old vulnerability that ESXiArgs is exploiting, as well as disable ESXi's service location protocol (SLP) and port 427, where possible, to mitigate the risk of attack.
READ THE STORY: DARKReading
Sydney Man Sentenced for Blackmailing Optus Customers After Data Breach
FROM THE MEDIA: A 20-year-old man from Sydney has been sentenced to an 18-month Community Correction Order (CCO) and 100 hours of community service for attempting to blackmail Optus customers using their personal information that was stolen in a data breach. He had sent threatening SMS messages demanding AU$ 2,000 to 92 individuals whose details were part of the 10,200 records that was briefly published in a criminal forum in September 2022. The Australian Federal Police (AFP) said there is no evidence that any of the affected customers transferred the demanded amount.
READ THE STORY: THN
Blacklisted Chinese-Made Cameras Found in Use at Australian Government Sites
FROM THE MEDIA: An audit of surveillance equipment conducted by the Australian Shadow Minister for Cyber Security James Paterson has uncovered Chinese government-linked cameras and security gear installed at more than 250 Commonwealth buildings in Australia, including Defense and Foreign Affairs offices. The two companies responsible are Hikvision and Dahua, both part-owned by the Chinese Communist Party (CCP). Concerns have been raised that these cameras may contain spyware or be used as part of the CCP’s mass surveillance of Uyghur minorities in Xinjiang. The Australian War Memorial, National Disability Insurance Agency, and other government departments have pledged to replace the units.
READ THE STORY: VICE
Items of interest
L.A. is shutting down its largest gas plant — and replacing it with an unproven hydrogen project
FROM THE MEDIA: The Los Angeles City Council voted to move forward with an $800-million plan to convert the city's largest gas-fired power plant to green hydrogen. The vote authorized the L.A. Department of Water and Power to begin the contracting process, but critics raised the possibility that the project could fail and leave L.A. stuck burning natural gas. The motion approved by the council requires DWP officials to more closely examine alternatives and engage with communities near the gas plant. Green hydrogen has been touted as a potential substitute for natural gas on the electric grid, but climate activists have raised concerns about explosions, short-term climate change effects, and fossil fuel companies' involvement.
READ THE STORY: Los Angeles Times
Cyber Operations vs Information CODE WITH ME: Build a Chrome Extension (Video)
FROM THE MEDIA: This video shows how to create a Chrome extension in 10 minutes, including copying code from an existing extension and changing the name and description, creating a manifest file, setting the name and version of the extension, and creating a default pop-up. Finally, viewers learn how to enable developer mode, load the unpacked extension, and view upcoming concerts and links out to purchase tickets.
Can CHAT-GPT Create Google Chrome Extension (Video)
FROM THE MEDIA: The presenter demonstrates how to create a Google Chrome extension using chat GTB. First, they go to chat.openai.com and ask for a code for a Google Chrome extension that can replace the word "war" with "low". Next, they create two files: a file called "content.js" and a file called "manifest.json". The manifest.json file has to be updated to have a version number of "3", and the content.js file has to be converted from a capital letter to a small letter. Finally, they save the files and upload them to their extension directory on Chrome's developer mode. When they refresh the page, they see that the words "war," "world," and "love" have all been replaced with "low," "love," and "civil," respectively.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.