Wednesday, February 15, 2023 // (IG): BB // BSidesCharm// Coffee for Bob
This Russia-linked hack is worse than we knew
Analyst Comments: Although the Biden administration had disclosed the incident at the time, the new information suggests that the threat was more acute than U.S. officials revealed, and that the malware used in the attack, known as PIPEDREAM, is still out there and could be used again in the future. PIPEDREAM can target most industrial systems for critical infrastructure, making it particularly dangerous as a one-size-fits-all malware.
FROM THE MEDIA: Last year, hackers linked to Russia nearly took down a significant part of the US power grid, using malware called PIPEDREAM, and the malware still exists. The Biden administration had disclosed the attack at the time, but the new information indicates that the threat was more serious than what was revealed. Robert M. Lee, the founder and CEO of Dragos Inc, stated that it was the closest the US infrastructure came to going offline. The malware is capable of targeting most industrial systems for critical infrastructure, including the equipment that operates electric grids. This comes amid a surge in cyber and physical attacks against the US power grid, with many of the threats originating domestically.
READ THE STORY: Politico
Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad
Analyst Comments: China wants to gain access to sensitive information related to trade, finance, and investment in general. The Belt and Road Initiative is a massive infrastructure and economic development project that needs and uses information gathered form influence and espionage activities in target countries.
FROM THE MEDIA: Microsoft's Security Intelligence team has attributed a cyber espionage campaign in South America to the Chinese state-sponsored threat actor DEV-0147, who is using ShadowPad, a RAT associated with other China-based actors, and QuasarLoader, a webpack loader, to infiltrate and persistently access targets. DEV-0147's post-exploitation activity includes abusing on-premises identity infrastructure for recon and lateral movement, and the use of Cobalt Strike for command-and-control and data exfiltration. The continued use of ShadowPad by Chinese hacking groups suggests that the technique is yielding success. ShadowPad is a successor to the PlugX remote access trojan, and has been widely used by Chinese adversarial collectives linked to the Ministry of State Security and People's Liberation Army.
READ THE STORY: THN // InfoSecMag
ICS Vulnerabilities Chained for Deep Lateral Movement and Physical Damage
Analyst Comments: The demonstration of how these vulnerabilities can be chained together to enable deep lateral movement within an OT network, ultimately resulting in an attack on a movable bridge, serves as a warning to the potential for sophisticated attackers to gain granular control over industrial devices. Such attacks could result in not only the disruption of critical infrastructure but also the loss of human lives.
FROM THE MEDIA: Researchers from cybersecurity firm Forescout have demonstrated how attackers can use a combination of vulnerabilities in industrial control systems (ICS) to move laterally within operational technology (OT) networks and potentially cause physical damage. The researchers used two vulnerabilities they discovered in Schneider Electric’s Modicon programmable logic controllers (PLCs) last year, one for remote code execution (CVE-2022-45788) and the other for authentication bypass (CVE-2022-45789). They also exploited a vulnerability in a Wago coupler to reach the PLC and later used a remote code execution vulnerability in an Allen Bradley safety controller to gain granular control over industrial devices. The attack can be carried out across different network segments at the lowest levels of the network, where the PLCs run the physical operations of an industrial plant. The researchers also found that network connections to third-party maintenance providers can provide attackers with access to the OT network.
READ THE STORY: SecurityWeek
U.S. spies partnered with American tech companies to fight Russian cyberattackers in Ukraine
FROM THE MEDIA: The U.S. intelligence community collaborated with American technology companies, including Microsoft, to combat Russian cyberattacks on Ukraine and prevent a potential cyberwar spreading across the Atlantic. The National Security Agency's Cybersecurity Collaboration Center worked with private companies to identify and eliminate malicious operations in cyberspace. The partnership with Microsoft and other companies was aimed at stopping Russia's cyberattacks before it could cause devastating attacks on Ukraine's networks and potentially launch an assault on the United States. Microsoft's role in the partnership in Ukraine was disclosed by Nathaniel C. Fick, ambassador at large for cyberspace and digital policy, during a recent German Marshall Fund event.
READ THE STORY: The Washington Times
Security Service of Ukraine and NATO Allies Potentially Targeted by Russian State-Sponsored Threat Actor
Analyst Comments: This attack indicates that Sandworm is actively attempting to cut Ukrainians off from information regarding the status of the war. Another significant event is the exploitation of a zero-day vulnerability in Fortinet's FortiOS SSL-VPN, which allowed a suspected Chinese-nexus threat actor to target a European government entity and a managed service provider located in Africa.
FROM THE MEDIA: The Computer Emergency Response Team of Ukraine (CERT-UA) identified a data wiper malware called CaddyWiper that was used against the Ukrainian news agency Ukrinform. The attack is likely attributed to Sandworm, a Russian cyber military unit of the GRU. The malware was launched on the news agency's systems using a Windows group policy object (GPO), indicating that the attackers breached the target's network beforehand because internal access is needed to make changes to GPO. The attack appears to be aimed at cutting off Ukrainians from information regarding the status of the war, which has been ongoing since Russia invaded Ukraine in February 2022. Additionally, a Chinese-nexus threat actor successfully exploited a vulnerability in Fortinet's FortiOS SSL-VPN and installed the BoldMove malware on the compromised device, which is a backdoor used for espionage operations. Threat actors have also been observed abusing Microsoft OneNote file format as a malware delivery technique.
READ THE STORY: Security Boulevard
Musk’s Starlink satellites accelerating development of drone warfare
Analyst Comments: Starlink offers significant advantages over other satellite communication networks, including its ability to operate in low-Earth orbit, making it more resistant to jamming, and its ability to replace satellites that are put out of service with another one. However, there are also several security risks involved, including the possibility of geolocating the terminals, potentially giving away the physical positions of forces.
FROM THE MEDIA: The widespread use of Starlink by Ukrainian troops in defending against Russia's invasion is accelerating development of drone warfare. The Ukrainian military has not shied away from making use of Starlink to carry out drone missions, and the country's military is looking to establish strike forces that would be provided with Starlink equipment to create fleets of interoperable drones. The use of Starlink offers considerable advantages over other satellite communications networks, such as the ability to operate in low-Earth orbit and offer higher transmission speed, requiring less power to operate. However, reliance on Starlink entails a number of security risks, including the possibility of geolocating the terminals, which may reveal the physical positions of forces. Additionally, the system operator, SpaceX, has extensive access to information about clients, which may pose a risk of data breaches. Finally, the use of Starlink for military purposes raises questions about its legitimacy as a military target and how governments should respond to an attack on a single satellite or constellation.
READ THE STORY: C4ISRNET
Why the US needs the Bureau of Cyber Statistics right now
FROM THE MEDIA: The United States still lacks a repository of data on cybersecurity incidents, despite a recommendation in 2020 by the Cyberspace Solarium Commission to set up a Bureau of Cyber Statistics (BCS). The BCS would serve as a repository of data on cybersecurity incidents, helping both public and private sector organizations inform their risk-based decision-making and cyber strategy planning. The federal government has raw cyber data, but very little is made available to the public either in its raw form or as a detailed analysis. Creating the BCS is possible, starting with a phased approach to collecting data and defining mandated reporting requirements with precision and clarity. The BCS could help public utility providers make better decisions and could also be used by national security and intelligence analysts to understand trends associated with exploits and attacks against the nation’s critical and business infrastructures.
READ THE STORY: Cyberscoop
Tonga is the latest Pacific Island nation hit with ransomware
FROM THE MEDIA: Tonga Communications Corporation, one of two telecoms companies in the country, has suffered a ransomware attack. The firm published a Facebook post warning customers that the attack had locked access to part of its system, though its voice and internet services were not affected. Cybersecurity expert Dominic Alvieri said that Medusa ransomware had taken credit for the attack, according to reports. The Polynesian country is made up of some 171 islands and has a population of about 100,000.
READ THE STORY: The Record
The Most Powerful Weapon to use Against Democracies
FROM THE MEDIA: The increasing global connectivity and the use of artificial intelligence have given authoritarian regimes like China and Russia unprecedented power to conduct influence campaigns against democracies. These campaigns challenge the existing world order through various means such as using military power, creating parallel institutions, and increasing economic ties through infrastructure projects. AI-powered propaganda and disinformation campaigns on social media are becoming their most potent weapon against democracies, with the ability to target specific populations and beliefs. The line between domestic and international issues is blurred, and the challenges presented have implications for stability and freedom of speech.
READ THE STORY: Small Wars Journal
Cyber Terrorism: The Islamic State in Cyberspace
FROM THE MEDIA: The evolution and capabilities of pro-Islamic State (IS) hacking groups operating in cyberspace, with a focus on the tactics, techniques, and procedures used by these groups. The article also highlights the difficulty of assessing these groups from open sources, and the overestimation of their capabilities, which is the driving force behind massive IS propaganda campaigns. Additionally, the article mentions the three primary attack categories of cyber terrorism, typical practices of cyber terrorist groups, and the lack of sophisticated cyber capabilities among pro-IS groups. Finally, the article suggests that the scary narratives of IS cyber terrorism capabilities serve their intended purposes of spreading fear and reaching a global scale.
READ THE STORY: GreyDynamics
The Current Debate on ‘Forging the Defense Industrial Base for the Digital Age’
FROM THE MEDIA: The war in Ukraine has sparked a debate about the future of war and the defense industrial base. This is evident in various voices, including a recent hearing in Congress about whether the Pentagon is prepared to deter and defeat America's adversaries, a focus on the importance of the defense industrial base, and arguments that the Pentagon needs to embrace Silicon Valley's entrepreneurial culture and work to ensure the latest technology reaches the battlefield. The ongoing conflict in Ukraine has highlighted the importance of commercial technology in modern warfare, and there is a need for the DoD to focus on scaling commercial technology and partnering with startups and scaleups to incorporate emerging technologies into its arsenal and future plans.
READ THE STORY: OODALOOP
For a former ‘Yahoo Boy,’ romance is a cut-and-paste proposition
FROM THE MEDIA: The Federal Trade Commission has reported a significant increase in romance scams, with 70,000 people having reported being scammed out of $1.3 billion in 2020 alone. Yahoo Boys in Nigeria are often behind these scams and have been using romance victims to aid them in check fraud, business email compromise, and money laundering. An interview with a former Yahoo Boy, who requested to be referred to as "Tommy," revealed that scamming kits are readily available, and he was introduced to the scamming by a friend while in university. Tommy targeted vulnerable individuals, often single mothers, with a pre-made kit of notes he could copy and paste. He would claim to be an engineer with a company in California or Texas, and he would offer to send $2,000 but request a fee of $15 or $20 in return. Tommy scammed alone, but he occasionally received help from friends. He regretted scamming and stopped after realizing that it was wrong and that he did not want to hurt other people anymore. Tommy is now trying to find a job but noted that it is difficult to find work in Nigeria without connections.
READ THE STORY: The Record
Massive AdSense Fraud Campaign Uncovered - 10,000+ WordPress Sites Infected
FROM THE MEDIA: A black hat redirect malware campaign is using more than 70 fake domains mimicking URL shorteners to infect over 10,800 websites, including the use of Bing search result links and Twitter's link shortener service. The attackers aim to increase the authority of spammy sites in search engine results, which will artificially generate traffic to pages that contain the Google AdSense ID and ads for revenue generation. The threat actors are employing Q&A portals that masquerade as popular URL shortening tools and land on sites discussing blockchain and cryptocurrency. The campaign is one large and ongoing effort of organized advertising revenue fraud. The infected WordPress sites become compromised when the threat actor injects backdoor PHP code that allows for persistent remote access and redirects site visitors.
READ THE STORY: THN
Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps
FROM THE MEDIA: DevOps and security teams often have competing priorities and can view each other as an impediment to their work, leading to tension and conflict. One way to resolve this is to automate security testing with every release, in an approach known as continuous security. This involves involving the SecOps team early and often in the development process to identify and mitigate risks associated with new features. Regular and ongoing pen testing can be challenging to implement, which is where Pen-Testing-as-a-Service (PTaaS) can help. PTaaS provides continuous pen testing for web applications throughout a contract period, integrating security testing into the development process to identify vulnerabilities early and ensure continuous coverage. By aligning the priorities of development, security, and operations teams, PTaaS enables organizations to deliver secure software faster.
READ THE STORY: THN
Group-IB report details previously unknown Indian-sponsored SideWinder campaign
FROM THE MEDIA: Cybersecurity services company Group-IB Global Pvt. Ltd. has reported on previously undisclosed phishing attacks conducted by Indian government-affiliated state-sponsored hacking group SideWinder between June and November 2021. The attacks targeted government, military, law enforcement and other organizations across Bhutan, Afghanistan, Nepal, Myanmar and Sri Lanka, and the group made use of its newest custom tool, SideWinder.AntiBot.Script, as well as Telegram to receive information from compromised networks. SideWinder has been involved in a range of espionage campaigns targeting various industries, including military, government and energy companies.
READ THE STORY: SiliconANGLE
Oakland City Services Struggle to Recover From Ransomware Attack
FROM THE MEDIA: Oakland is still struggling to recover some of its city services more than a week after a ransomware attack on February 8th. While some critical services such as fire emergency and 911 dispatch are functioning normally, other services like filing police reports and paying taxes are still offline. The City's IT Department is working with a leading forensics firm and additional cybersecurity and technology firms on recovery and remediation efforts. This is an ongoing investigation with multiple local, state, and federal agencies involved.
READ THE STORY: DARKReading
MortalKombat ransomware found punching targets in US, UK, Turkey, Philippines
FROM THE MEDIA: A new ransomware called MortalKombat has been targeting organizations in the United States, United Kingdom, Turkey, and the Philippines in the past month. Cisco Talos researchers have been tracking the ransomware group behind the attacks and have also found a new malware called Laplas Clipper that steals cryptocurrency from victims. MortalKombat is known to encrypt files, including system, application, database, backup, and virtual machine files, as well as remote location files mapped to the victim’s machine. The ransomware group has been scanning the internet for organizations that have left remote desktop protocols (RDP) exposed to the internet, allowing them to target individuals, small businesses, and large organizations. The researchers also found that the Laplas Clipper malware monitors a user’s device for when a cryptocurrency wallet address is added to their cryptocurrency wallet address, then sends the information to the attacker-controlled Clipper bot. The malware can be purchased online for $49 per week or $839 per year, and the developers are planning to release updates in the coming months.
READ THE STORY: The Record
Healthcare giant CHS reports first data breach in GoAnywhere hacks
FROM THE MEDIA: Healthcare provider giant Community Health Systems (CHS) said that up to 1 million patients had their personal and health information compromised as a result of a recent wave of attacks that targeted a zero-day vulnerability in Fortra's GoAnywhere MFT secure file transfer platform. CHS claimed the incident has not had any impact on its information systems, and there has not been any material interruption of its business operations, including the delivery of patient care. The Clop ransomware gang claims to be behind these attacks and told BleepingComputer that they've breached and stolen data from over 130 organizations.
READ THE STORY: BleepingComputer
Teijin Automotive Technologies Files Notice of Data Breach Affecting Over 25k Employees
FROM THE MEDIA: Teijin Automotive Technologies, a Michigan-based manufacturing company specializing in lightweight composites for the automotive, marine, heavy truck, and recreational vehicle industries, has filed notice of a data breach with the US Department of Health and Human Services Office for Civil Rights (HHS-OCR). The breach occurred on December 1, 2022, after an employee opened a phishing email, enabling hackers to gain access to confidential employee data, including names, addresses, dates of birth, Social Security numbers, health insurance policy information, and banking information. All 25,464 impacted employees received data breach notification letters. Teijin Automotive Technologies is part of Japan-based Teijin Limited, which generates around $7bn in annual revenue and has 169 subsidiaries.
READ THE STORY: JDSUPRA
RedLine Stealer Malware: The Complete Guide
FROM THE MEDIA: RedLine Stealer is a type of infostealer malware that collects user information such as login credentials, cookies, and credit card data, and can also collect device information such as IP address, operating system, and antivirus tools. It is a Malware-as-a-Service (MaaS) and is often sold on dark web forums, and malicious actors can purchase and deploy it to collect stolen data. Threat actors use Telegram messaging app to purchase and deploy RedLine Stealer malware, which offers greater anonymity and is easier to use. Organizations can proactively mitigate risks by providing cyber awareness training, installing security updates, and monitoring the dark web and illicit Telegram channels. With Flare, organizations can automate dark web and Telegram monitoring to detect RedLine Stealer and prioritize threats.
READ THE STORY: Security Boulevard
Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities
FROM THE MEDIA: Microsoft has released security updates to address 75 vulnerabilities, including nine critical and 66 important flaws, three of which are actively being exploited in the wild. The three zero-day vulnerabilities that have been exploited are CVE-2023-21715, a Microsoft Office security feature bypass flaw, CVE-2023-21823, a Windows graphics component elevation of privilege vulnerability that affects OneNote for Android, and CVE-2023-23376, a Windows Common Log File System driver elevation of privilege vulnerability. Successful exploitation could allow an attacker to bypass Office macro policies or gain SYSTEM privileges. Additionally, the security updates address multiple remote code execution defects in Exchange Server, ODBC Driver, PostScript Printer Driver, and SQL Server, and denial-of-service issues impacting Windows iSCSI Service and Windows Secure Channel.
READ THE STORY: THN
PWC highlights 11 ChatGPT and generative AI security trends to watch in 2023
FROM THE MEDIA: According to PwC's top analysts, generative AI and tools like ChatGPT will impact the threat landscape, but they are optimistic that defensive use cases will rise to combat malicious uses of AI over the long term. They suggest the need to protect AI training and output, setting generative AI usage policies, modernizing security auditing, greater focus on data hygiene and assessing bias, keeping up with expanding risks and mastering the basics, creating new jobs and responsibilities, leveraging AI to optimize cyber investments, enhancing threat intelligence, threat prevention and managing compliance risk, implementing a digital trust strategy, and guarding against malicious AI usage.
READ THE STORY: VB
Russian with alleged ties to Putin convicted in hack-and-trade scheme
FROM THE MEDIA: Vladislav Klyushin, the Russian owner of a technology company linked to the Kremlin, has been convicted in Boston of charges relating to hacking into computer networks to obtain non-public information on stock movements. He was convicted of conspiring to obtain unauthorized access to computers, wire fraud, and securities fraud. Klyushin and four alleged co-conspirators carried out a hack-and-trade scheme to gain advanced access to earnings reports and make investments based on what they found, netting $90 million overall. Klyushin gained $38 million personally, with two-thirds of that coming from trades he made for himself, rather than for clients.
READ THE STORY: The Record
Binance, Huobi freeze some cryptocurrency stolen in $100 million Harmony hack
FROM THE MEDIA: Cryptocurrency exchanges Binance and Huobi froze accounts containing $1.4 million worth of assets stolen from blockchain company Harmony last June. The funds were traced through the sanctioned cryptocurrency mixer Tornado Cash, and U.S. authorities said it was frequently used by hackers connected to the North Korean military. Blockchain research company Elliptic notified the exchanges about the funds and stated that they were being funneled through complex chains of transactions to exchanges like Binance and Huobi. Binance has faced accusations of facilitating money laundering and U.S. Department of Justice prosecutors are considering levying charges against the exchange and its CEO, Changpeng Zhao.
READ THE STORY: The Record
Why Much of Asia Isn’t Bothered About the Balloon Spat Between the U.S. and China
FROM THE MEDIA: The downing of a Chinese balloon by a US F-22 fighter jet over the Atlantic near Myrtle Beach, South Carolina, on 4 February has elicited predictable and somewhat muted reactions across the Asia-Pacific region. Although the US continues to insist that the balloon was part of a covert Chinese spying operation, China has vehemently denied the claims, and Southeast Asian countries have called for calm and pointed fingers at the US for escalating tensions. Oriana Skylar Mastro, an Asia specialist at the Freeman Spogli Institute for International Studies at Stanford University, noted that the region is “not sure whether there might be a return of Trump or a Trump-like figure”.
READ THE STORY: Time
Why Much of Asia Isn’t Bothered About Chinese cameras leave British police vulnerable to spying, says watchdog
FROM THE MEDIA: A report by the UK government’s independent watchdog on surveillance warns that most police forces across England and Wales use camera equipment either made in China or containing Chinese components, leaving them open to spying by Beijing. The biometrics and surveillance camera commissioner, Fraser Sampson, has said that such equipment poses security and ethical concerns, with some implicated in helping the Chinese government monitor detainment camps for Uyghurs in Xinjiang province. Hikvision, the world’s largest maker of surveillance equipment, is the biggest supplier of such products to British police. In 2019, it was one of 28 companies placed on a US trade blacklist, as officials in Washington accused it of being implicated in “human rights violations and abuses”.
READ THE STORY: The Guardian
Google Rolling Out Privacy Sandbox Beta on Android 13 Devices
FROM THE MEDIA: Google has announced that it is rolling out its Privacy Sandbox on Android in beta, offering APIs that do not use identifiers to track users' activity across apps and websites. The system is Google's answer to Apple's App Tracking Transparency (ATT), which requires app developers to seek users' explicit consent before tracking their online behavior through unique identifiers. The technology behind Privacy Sandbox is a machine learning technique called federated learning, which allows decentralized edge devices to learn a shared prediction model while keeping all the training data on the device, preserving user privacy.
READ THE STORY: THN
China ramps up surveillance, security threat with new satellite support from Antarctica
FROM THE MEDIA: China is set to construct new ground stations in Antarctica to aid its satellite activity and data collection, raising concerns about Beijing's surveillance programs and data-collecting abilities. The Chinese base, which is already built, has been around since 1989, and it was built for research relating to marine, glaciological, geological, and atmospheric sciences. However, there have been reports that under the guise of civilian research, China began employing advanced military capabilities at the Zhongshan base, such as laser radar, which could damage or destroy targeted satellites. Such technology could also break away pieces of the device and increase the amount of debris in low Earth orbit that could further impair existing satellites. The Zhongshan research base was built in line with the international 1959 Antarctic Treaty that says the world’s most southern continent will be used strictly for peaceful scientific research and bars any military maneuvering.
READ THE STORY: FOX
US Space Force crafting new schedule for GPS ground system
FROM THE MEDIA: The delivery schedule for the Next-Generation Operational Control Segment (OCX), the GPS ground system used to operate GPS satellites, is being re-evaluated by the US Space Force due to technical issues that arose during recent testing. The upgraded version, called OCX, was scheduled for delivery in April 2022. The delay has caused cost overruns, and the program's government-contractor team is currently evaluating the schedule, according to a Space Systems Command spokeswoman. OCX will replace the ground system that operates the GPS satellites, but its schedule has been delayed multiple times since its launch, and its cost estimate has risen from $3.7 billion in 2012 to $6.2 billion in 2018.
READ THE STORY: C4ISRNET
Attacks on industrial infrastructure on the rise, defenses struggle to keep up
FROM THE MEDIA: According to a report from industrial cybersecurity firm Dragos, 2022 saw a rise in the number and sophistication of attacks targeting industrial infrastructure. Dragos tracked 20 separate threat groups that targeted industrial infrastructure organizations. Eight of these groups were active in 2022, including two new ones, Chernovite and Bentonite. Chernovite is the group behind a highly sophisticated malware platform called Pipedream, which was designed to attack industrial control systems. Pipedream is the first-ever ICS malware that leverages native functionality in some of the most widespread ICS protocols, including those used by Schneider Electric, Omron, CODESYS PLCs, and any PLCs that support the OPC Unified Architecture standard. The report also highlighted that 80% of assessed customers still lack visibility into their ICS systems, and half have network segmentation issues and uncontrolled external connections into their OT networks.
READ THE STORY: CSO
Items of interest
Russia deploys nuclear-armed ships for first time in 30 years
Analyst Comments: This could be a way to deter NATO from taking any aggressive actions against it, since the threat of a nuclear response can be a powerful deterrent. Another possibility is that Russia may see the Arctic as an increasingly important strategic region, due to the melting of the ice caps and the potential for new shipping routes and access to valuable natural resources.
FROM THE MEDIA: The risk of a nuclear escalation on Russia's borders with NATO countries is increasing, according to Norwegian military intelligence, as Moscow has replaced troops in the area with tactical nuclear weapons. The deployment of nuclear-capable warships and submarines of Russia's Northern Fleet poses a serious threat to NATO countries, particularly as mutual mistrust has raised the possibility of unwanted events and misunderstandings. The Norwegian Defense Ministry's annual report, Fokus 2023, warns that nobody should rule out the possibility of a local war turning into a larger conflict, involving Russia, the US, and NATO. The report also highlights Russia's amassing of aircraft near the Ukrainian border, which indicates that Moscow is preparing to send air support for its ground offensive.
READ THE STORY: El Pais
Cyber Physical Systems Security (5: Attacking SCADA and Modbus Communications) (Video)
FROM THE MEDIA: This video demonstrates how to attack SCADA and Modbus communications systems using Kali Linux and Metasploit. The presenter sets up a Plc controller on a Raspberry Pi and an SCADA system, and uses Wireshark to detect Modbus headers. They then exploit Modbus commands and capture packages passing between devices on the network. The video also provides an example of how to use Wireshark to track packets and potentially thwart attacks.
Bring ChatGPT INSIDE Excel to Solve ANY Problem Lightning FAST (Video)
FROM THE MEDIA: Leila demonstrates how to use ChatGPT, an AI chatbot, in combination with Excel Scripts to automate tasks in Excel. Specifically, it shows how to use ChatGPT to get a second opinion on a balance sheet, and how to split a string into smaller strings and loop through those strings to check for an array length of zero, which can help avoid empty rows or columns in a spreadsheet. The video also introduces AI and its potential productivity benefits.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.