Daily Drop: (437)
Tuesday, March 21, 2023 // (IG): BB // Cyber-Roundup// Coffee for Bob
Senators Request Cyber Safety Analysis of Chinese-Owned DJI Drones
Analyst Comments: A formal request from the senators highlights the ongoing concerns about potential cybersecurity risks associated with Chinese technology and infrastructure. Given the sensitive information that could be gathered by Chinese drones, the investigation requested by the senators is a reasonable step to mitigate potential risks. The fact that DJI drones dominate 90% of the consumer drone market in North America underscores the need for continued vigilance and scrutiny of Chinese technology in critical infrastructure and other sensitive sectors. The investigation could help inform future cybersecurity policies and regulations and ultimately enhance the resilience of U.S. critical infrastructure against potential threats.
FROM THE MEDIA: A group of senators from both sides of the aisle has requested the Cybersecurity and Infrastructure Security Agency (CISA) to conduct an investigation into potential security risks associated with drones manufactured by Shenzhen DJI Innovation Technology Co., Ltd. The Chinese drone manufacturing company was previously labeled as a "Chinese military company" by the U.S. Department of Defense. The lawmakers have expressed concerns that sensitive information or data could wind up in the hands of the People's Liberation Army (PLA) and other malicious actors, given the reported ties between DJI and the Chinese government. DJI drones are also used to inspect critical infrastructure, which allows the Chinese Communist Party (CCP) to develop a detailed picture of the layout, operation, and maintenance of U.S. critical infrastructure. The senators have requested that CISA revisit previous analyses on the safety of DJI drones and publish the results through the public National Cyber Awareness System.
READ THE STORY: Nextgov
The Scorched-Earth Tactics of Iran’s Cyber Army
Analyst Comments: Iranian regime's cyber army's tactics aim to distract, discredit, distort, and sow distrust among the Iranian population and international community. Their cyber activity has had the effect of sowing doubt, where no one is sure what is true and who is trustworthy. They have been successful in creating an environment of distrust, where anybody is potentially a regime goon. Although widespread vigilance against IRI state actors has made the public less susceptible to propaganda tactics, it has simultaneously created an environment of distrust. This situation is significant because it could impact the Iranian government's stability, and it indicates that the Iranian regime is vulnerable beyond its physical and virtual borders. Therefore, it is essential to monitor the Iranian regime's cyber activity and create strategies to counter their tactics.
FROM THE MEDIA: The Iranian regime is using various cyber tactics to combat opposition narratives and control its population. Among these tactics are old-school hacking, spear-phishing attempts on journalists and policy experts, and establishing credibility by masking themselves as anti-regime voices. The ongoing political unrest in Iran has also led to more intense disinformation campaigns on social media, with the regime attempting to shift the narrative in its favor and sow doubt in the minds of the public. In addition to causing confusion, the Iranian cyber army also seeks to discredit and undermine the opposition, often by hacking opposition figures directly or using sock puppet accounts to pit one faction against another. While the regime has had some successes, such as the "Judge of Death" distraction, many experts believe that the Iranian cyber response to the recent anti-regime movement signals a smarter and more prudent approach.
READ THE STORY: Wired
Crypto ATM manufacturer General Bytes hacked, at least $1.5 million stolen
Analyst Comments: The recent security breach, resulting in the theft of a significant amount of cryptocurrency and the shutdown of most General Bytes' US-based crypto ATMs, is a tactically significant event that may create unease among potential mainstream adopters. This incident underscores the ongoing risk of cyber attacks in the cryptocurrency sector and highlights the need for strong security measures to protect personal information and digital assets. The breach could have wider implications for the use and adoption of cryptocurrencies, particularly if customers lose confidence in the security of crypto ATMs and related services.
FROM THE MEDIA: Crypto ATM manufacturer General Bytes has experienced a major security breach resulting in the theft of at least $1.5 million worth of bitcoin, prompting the company to shut down the majority of its US-based automated teller machines. Hackers were able to exploit a vulnerability in the master service interface used to upload videos, which allowed them to remotely upload their own Java application onto the company's server. The breach enabled the attackers to read and decrypt API keys, access funds on exchanges and "hot" cryptocurrency wallets, steal usernames and passwords, and turn off two-factor authentication. This is the second security incident involving General Bytes' machines. The company is urging customers to take immediate action to protect their personal information.
READ THE STORY: The Record
South Korea Targets North Korean Satellites With New Sanctions
Analyst Comments: New sanctions by South Korea are significant from a strategic perspective as they add to the growing list of international measures aimed at pressuring North Korea to abandon its nuclear and missile programs. The focus on materials for North Korea’s satellite program is aimed at curbing its ability to launch ballistic missiles, as satellite technology is often used to develop intercontinental ballistic missiles. The new sanctions come as North Korea continues to defy UN Security Council resolutions banning tests of its ballistic missiles and nuclear devices. Although there is almost no trade between the two Koreas, the new sanctions could be used as a template for other countries to follow in imposing their own punishments on North Korea.
FROM THE MEDIA: South Korea has announced new sanctions on North Korea, focusing on materials used in its satellite program, following a series of missile launches. Seoul unveiled a “watch list” of 77 items related to North Korea’s satellite development program, including optical components, solar panels, antennas, and GPS devices, which will be banned from export to North Korea as part of the country’s export control measures. This is the first time that South Korea has released a list of materials that could curb North Korea’s satellite manufacturing. Since there is almost no trade between the two Koreas, the sanctions will not have an immediate effect, but they could be used as a guide for other countries to impose punishments on Pyongyang. South Korea has also designated four individuals and six institutions for their involvement in North Korea’s nuclear and missile programs, as part of its efforts to pressure the regime to abandon its atomic ambitions. North Korea has fired off 13 ballistic missiles since Feb. 18, including two intercontinental ballistic missiles designed to strike the US and a close-range ballistic missile designed to hit US bases in South Korea.
READ THE STORY: Bloomberg
How Russia's Ukraine War Disrupted the Cybercrime Ecosystem
Analyst Comments: The report by Alexander Leslie on the impact of the invasion of Ukraine by Russia in 2022 highlights significant changes that have occurred in the Russian and Ukrainian cybercriminal ecosystems. The brain drain of approximately 250,000 cybercriminals, and the resulting disruptions to every form of commodified cybercrime, have led to a dispersed decentralization and destabilization of the Russian cybercriminal ecosystem. The changes have caused significant disruptions to the culture of dark web shops, darknet forums, Telegram channels, social media, and elsewhere. The report notes that it might be too soon to tell if major players would set up shop in their new location or not. The breaking up of the "brotherhood of Russian-speaking threat actors" has also had a significant impact on the cybercriminal ecosystem. The report highlights the national security risk posed by hacktivist groups and their suspicious relationship with Russian state media. Overall, the report indicates that the changes have reshaped the types of cybercrime at play, upended supply and demand for illicit goods and services, and driven pricing instability, making it a significant event with both tactical and strategic implications.
FROM THE MEDIA: In 2022, Russia's invasion of Ukraine caused a significant upheaval in the Russian and Ukrainian cybercriminal ecosystem, according to a report by Alexander Leslie, an associate threat intelligence analyst at Recorded Future. Leslie identified disruptions in every form of commodified cybercrime, which included dark web shops and marketplaces, payment card fraud, and leaked databases. The war resulted in a brain drain of an estimated 250,000 cybercriminals leaving Russia and Belarus. Leslie noted that the ecosystem changes had reshaped the types of cybercrime at play, upended supply and demand for illicit goods and services, and driven pricing instability. The brain drain resulted in a dispersed decentralization and destabilization of the Russian cybercriminal ecosystem. Leslie observed that this destabilization had caused disruptions to culture on dark web shops, darknet forums, Telegram channels, social media, and elsewhere.
READ THE STORY: BankInfoSec
Researchers Shed Light on CatB Ransomware's Evasion Techniques
Analyst Comments: Utilization of the DLL search order hijacking technique by the CatB ransomware operation is of tactical significance as it allows threat actors to evade detection and launch the payload. The malware's ability to harvest sensitive data such as passwords and bookmarks is a major concern, as it can result in severe consequences for the victims. The absence of a ransom note and the use of Bitcoin payment demand is a trend that is becoming more common among ransomware operators. The use of MSDTC service for malicious purposes is also a matter of concern, as it can potentially bypass security solutions.
FROM THE MEDIA: Threat actors linked to CatB ransomware have been using DLL search order hijacking technique to evade detection and launch the payload. CatB is said to be an "evolution or direct rebrand" of another ransomware strain known as Pandora, and it relies on DLL hijacking via a legitimate service called Microsoft Distributed Transaction Coordinator (MSDTC) to extract and launch the ransomware payload. The dropper carries out anti-analysis checks to determine if the malware is being executed within a virtual environment and ultimately injects the rogue oci.dll containing the ransomware into the msdtc.exe executable upon system restart. Unlike other ransomware, CatB does not include a ransom note. Instead, each encrypted file is updated with a message urging victims to make a Bitcoin payment.
READ THE STORY: THN
SpaceX Third Party Vendor Hit by LockBit Ransomware, Gang Claims That It Stole Engineering Schematics
Analyst Comments: A breach at SpaceX highlights the need for organizations to evaluate and manage the risks associated with third-party vendors. The incident also underscores the continued threat posed by ransomware groups, which are increasingly targeting high-profile organizations and stealing sensitive information for extortion purposes. The potential impact on federal government contracts and defense projects adds strategic significance to the incident. Furthermore, the incident highlights the need for a holistic approach to cybersecurity, which incorporates all security products under one roof rather than relying on point solutions. The incident also highlights the importance of reviewing and revising cyber insurance coverage in light of changing ransomware threat landscapes.
FROM THE MEDIA: The LockBit ransomware group claims to have penetrated SpaceX via a third-party vendor, Maximum Industries, and stolen 3,000 SpaceX engineering drawings. The group leaked several documents, including a Raptor V2 engine schematic, and is now threatening to sell them to SpaceX's competitors if the company does not negotiate with the group. The third-party vendor is located near Dallas, two hours from where SpaceX produces the Raptor engines. The group is known for targeting vulnerabilities in third-party vendors and is the most active ransomware group in the past year, with over 1,000 victims. The breach potentially impacts federal government contracts, including defense projects, worth over $2 billion. The incident highlights the importance of a holistic approach to cybersecurity rather than point solutions.
READ THE STORY: CPO
China-Russia summit: What economic goals ahead
Analyst Comments: The visit of Chinese President Xi Jinping to Russia holds significant tactical and strategic significance, both in terms of bilateral economic cooperation and geopolitical developments. While Xi’s visit raises hopes of a breakthrough in ending the ongoing conflict in Ukraine, the main focus of his visit is to cement the “no limits” partnership he announced with Putin last year. The visit is expected to build on the strong momentum in boosting bilateral economic cooperation between China and Russia, with a focus on raising the quality and quantity of investment and economic cooperation. This economic cooperation has the potential to lower the susceptibility of both countries to the rising frequency of crisis waves emanating from developed economies.
FROM THE MEDIA: Chinese President Xi Jinping is visiting Moscow for a three-day state visit, which includes one-on-one talks with Russian President Vladimir Putin. This marks their 40th meeting, and the visit has raised hopes of a breakthrough in ending the ongoing war in Ukraine. China recently unveiled a 12-point position paper calling for a ceasefire in the Russia-Ukraine war and mediated a surprise rapprochement between Saudi Arabia and Iran. Xi’s visit is expected to focus on cementing the “no limits” partnership he announced with Putin last year, with bilateral economic cooperation being a critical area. The visit provides an opportunity to build on the strong momentum in boosting bilateral economic cooperation between China and Russia.
READ THE STORY: Moderndiplomacy
New Cyber Platform Lab 1 Decodes Dark Web Data to Uncover Hidden Supply Chain Breaches
Analyst Comments: The decline in ransomware payments indicates that more organizations have become resistant to paying the ransom. However, the value of stolen data can lead to serious consequences beyond the price tag. Therefore, the need for cybersecurity resilience is essential. The Lab 1 platform's contextualization of stolen records can help organizations build a more robust supply chain and prevent attacks, manage the damage, and view live risk quantification across thousands of suppliers. This platform can be particularly useful for breach insurance and other risk-related provisions.
FROM THE MEDIA: In 2022, ransomware payments fell by over 40% compared to 2021, and more organizations chose not to pay ransom demands. However, the stolen data still has value beyond a price tag, which could lead to phishing attacks, extortion attempts, and a risk to VIPs and senior leadership. Lab 1, a new cyber monitoring platform, contextualizes stolen records to assess risk exposure. The platform monitors, alerts, and analyzes data breaches across a company's entire supply chain by finding and contextualizing data found on forums, messaging platforms, and Dark Web marketplaces. Lab 1 also provides near-real-time alerting service and network effects of breaches.
READ THE STORY: THN
Senators Warn the Next US Bank Run Could Be Rigged
Analyst Comments: The event is significant at both tactical and strategic levels. At a tactical level, the report highlights the risks associated with the development of AI technologies and the need for ethical guidelines to mitigate those risks. The potential ramifications of AI, such as deception, disinformation, and job disruptions, have the potential to disrupt the structure of the economy, politics, and society. At a strategic level, the report calls for an entirely new regulatory framework for AI and other advanced information technologies, which puts pressure on governments and the industry to take proactive measures to address the risks associated with the development of AI. It also highlights the need for transparency and responsible experimentation, which can lead to safer technological development.
FROM THE MEDIA: A group of Harvard academics and AI experts have launched a report calling for ethical guardrails around the development of potentially dystopian technologies such as GPT-4, a chatbot developed by Microsoft-backed OpenAI that can produce highly persuasive machine-generated content. They are concerned about the plethora of experiments with decentralized social technologies and believe we have reached a constitutional moment of change that requires an entirely new regulatory framework for such technologies. The potential ramifications span every aspect of society and the economy, with risks such as deception, job disruptions, and disinformation on steroids. They suggest transparency as the first step towards ensuring that AI does not get the better of its makers.
READ THE STORY: Wired
Russia can't match the US military's hardware, but it has other ways to keep it from working properly
Analyst Comments: The war in Ukraine has demonstrated that the Russian military may not be as formidable a conventional threat to the US military as previously believed. However, the GAO report emphasizes the importance of investing in the security of information and cyber domains to counter the unconventional capabilities of adversaries such as Russia and China in information warfare. This analysis suggests that the US military must remain vigilant in protecting its information, systems, and personnel from potential cyber-attacks and influence operations, as these could significantly impact military operations and weapon performance.
FROM THE MEDIA: Ukraine has exposed the shortcomings of the Russian military, which has lost roughly 200,000 troops and thousands of heavy weapons systems. Although it may not pose a conventional challenge to the US military, Russia can still use unconventional tools like information operations to affect US forces. A recent report by the US Government Accountability Office (GAO) warns that through information warfare, US adversaries can adversely affect military missions and business functions. For example, adversaries could exploit the human infrastructure around the F-35 fighter jet, seek out vulnerabilities through a crew chief's social media, or compromise the networks of contractors working on the F-35 program. The report emphasizes the need for the Pentagon to invest in information and cyber security to protect against these threats.
READ THE STORY: Insider
Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen
Analyst Comments: This Mispadu Trojan can steal credentials and cause monetary harm to individuals and organizations. The fact that the Trojan can bypass detection by a wide range of security software and harvest a significant amount of bank account credentials underscores the need for cybersecurity measures to protect against such threats. Organizations should ensure that their security software is up-to-date and should educate their employees about the risks of opening spam emails and attachments. Additionally, individuals should be cautious about opening emails and attachments from unknown sources and should keep their security software updated.
FROM THE MEDIA: The Mispadu banking Trojan has been linked to multiple spam campaigns targeting several countries with the aim of stealing credentials and delivering other payloads. The Trojan, which was first documented in November 2019, can perpetrate monetary and credential theft and act as a backdoor. Mispadu uses compromised legitimate websites to turn them into their command-and-control servers to spread malware, filtering out countries they do not wish to infect. The Trojan is also equipped to gather the list of antivirus solutions installed on the compromised host, siphon credentials from Google Chrome and Microsoft Outlook, and facilitate the retrieval of additional malware. The certutil approach has allowed Mispadu to bypass detection by a wide range of security software and harvest over 90,000 bank account credentials from over 17,500 unique websites.
READ THE STORY: THN
This Chinese crypto has soared 1,800% – Should you buy the token… NO
Analyst Comments: Conflux's growth in the cryptocurrency market is noteworthy, especially considering China's use of economic warfare and Wall Street schemes, including market manipulation. As the cryptocurrency market continues to evolve, it is crucial for investors to be aware of these risks and potential manipulations. Conflux's partnership with China Telecom and its focus on real-world use cases may position the cryptocurrency for success in the blockchain space, but investors must remain vigilant about the risks associated with China's history of market manipulation and economic warfare.
FROM THE MEDIA: Conflux (CFX), a Chinese cryptocurrency, has grown by 1,800% so far this year, surpassing other popular coins such as Shiba Inu and Dogecoin. Despite China's ban on crypto-related activities, investors are attracted to Conflux's promises as a blockchain protocol, including its unique Tree-Graph consensus algorithm for increased scalability and throughput. Conflux has partnered with China Telecom to develop a blockchain-based SIM for over 500 million users, highlighting its potential for real-world use cases. The cryptocurrency is not necessarily focused on buzzworthy trends like Metaverse or AI, but is tapping into the Chinese market and its strong affiliation with blockchain advancement.
READ THE STORY: CNF
Africa faces ‘new Cold War’ as US tries to resist Russian gains
Analyst Comments: Moscow seeks to topple more French dominoes in central and western Africa, and the US is responding by adopting more forward-leaning measures. The assassination plot in Chad represents “a new chapter” in efforts by Wagner, a Kremlin-backed private military force, to advance Russian interests in Africa, and the US is taking a more forceful approach to stymie Russian gains on the continent. The US is also using new tactics, such as sharing sensitive intelligence with African leaders, as it moves more assertively in Africa. As African countries are presented as valued partners, not pawns in a global rivalry, the comparison with the Cold War that many see is one that the Biden administration wants to avoid.
FROM THE MEDIA: As the rivalry between Russia and the West intensifies in Africa, fueled by weapons, resources, and social media, Chad has emerged as the latest focal point. The US has warned Chad's president about Russian mercenaries planning to assassinate him and other high-ranking officials, while Moscow supports Chadian rebels in the Central African Republic. Moscow is also attempting to gain influence within Chad's ruling elite. To counter Russia's advances in Africa, the US has become more assertive, sharing sensitive intelligence with African leaders and employing new tactics to disrupt Russian gains. This approach is aimed at shoring up France's diminishing position in Africa, as Russia seeks to topple more French-supported governments in Central and West Africa. Despite concerns of a new Cold War in Africa, the US has presented its strategy as one of partnership, not rivalry. However, African leaders have expressed their desire to avoid being forced to choose sides, emphasizing that they've suffered enough from historic burdens. As Russia continues to expand its influence in Africa, Western powers are grappling with how to respond effectively.
READ THE STORY: The Irish Times
New DotRunpeX Malware Delivers Multiple Malware Families via Malicious Ads
Analyst Comments: The dotRunpeX malware's ability to inject a variety of known malware families into infected systems underscores the need for strong cybersecurity measures to protect against such threats. Organizations should educate their employees about the risks of opening phishing emails and attachments, and they should keep their security software up-to-date to detect and block such malware. The use of malicious Google Ads is also a reminder that individuals should exercise caution when downloading software from the internet and should only use trusted sources. The affiliation of the malware with Russian-speaking actors also highlights the continued threat posed by state-sponsored actors to global cybersecurity.
FROM THE MEDIA: DotRunpeX malware is a new injector that uses the Process Hollowing technique to infect systems with variously known malware families such as Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar. The malware arrives as a second-stage malware in the infection chain and is often deployed via a downloader that's transmitted through phishing emails as malicious attachments or through malicious Google Ads. Each dotRunpeX sample has an embedded payload of a certain malware family to be injected, with the injector specifying a list of anti-malware processes to be terminated. The malware is affiliated with Russian-speaking actors based on language references in the code.
READ THE STORY: THN
Are North Koreans sneaking into Africa as Chinese workers
Analyst Comments: The incident in Algeria highlights the potential for North Korean laborers to be working illegally on Chinese-run construction sites in Africa, which may have significant consequences for the enforcement of UN sanctions against North Korea. This development is of tactical significance as it exposes potential violations of the sanctions by Chinese companies and may lead to diplomatic tensions between China and other countries. It also raises concerns about the exploitation of North Korean workers and their working conditions, which may have broader implications for human rights issues in the region.
FROM THE MEDIA: On a Chinese construction site in Algeria, a North Korean worker fell to his death. While the cause of the fall was not declared, the incident has led to suspicion that Chinese companies may be hiring North Korean laborers in violation of UN sanctions on North Korea. The UN Security Council Resolution 2375, passed in 2017, bans North Korean nationals from working abroad in other countries. Reports in Algeria have cited several Chinese companies in the construction business employing North Koreans. China has recently opposed any further sanctions on North Korea, arguing they have crashed the country’s economy and that they ruin the possibility of dialogue to end the nuclear dispute. North Korean laborers provide cheap labor where they can work for low pay, and many of the workers are undocumented, making it easy to disguise their identity and help North Korea earn revenues abroad.
READ THE STORY: Monitor
NBA alerts fans after hack of a third-party service provider
Analyst Comments: The NBA data breach highlights the continued risk of unauthorized access to personal information and the importance of cyber hygiene and robust security measures. The breach is of tactical significance as it may lead to fraudulent activities and phishing scams, which could harm NBA fans and their personal information. The incident also underscores the need for organizations to have comprehensive data breach response plans in place and to work with cybersecurity experts to identify and mitigate any potential risks.
FROM THE MEDIA: The National Basketball Association (NBA) has revealed that an unauthorized third party gained access to an IT systems provider for mobile app and email communications, resulting in the capture of copies of names and email addresses of some NBA fans. The NBA has contacted those affected, and a warning has been issued to customers to be wary of phishing emails or scams taking advantage of the breach. While there has been no impact on the NBA’s systems or assets held securely, a cybersecurity firm has been hired to analyze the incident. It is unclear when the breach occurred or which service provider was affected.
READ THE STORY: The Record
SEC Chairman Comments on Crypto Activities, NYAG Sues Crypto Exchange
Analyst Comments: Gary Gensler's Op-Ed article and separate remarks on staking protocols and the New York Attorney General's lawsuit against the KuCoin cryptocurrency exchange signify the SEC's continued regulatory oversight and enforcement actions in the crypto market. The SEC's actions aim to protect investors and the markets by ensuring compliance with securities laws and addressing risks associated with non-compliant intermediaries. The lawsuit against KuCoin also underscores the regulatory risks associated with operating in the crypto market without proper registration and compliance with securities laws. The SEC's actions may have significant strategic significance in promoting investor protection and market integrity in the crypto market.
FROM THE MEDIA: The Chairman of the U.S. Securities and Exchange Commission (SEC), Gary Gensler, has addressed concerns that there is a lack of clarity in securities laws governing the crypto market. In an Op-Ed article, he cited various SEC actions addressing crypto market activities, such as lending, staking, “listing crypto securities,” accounting for crypto assets, disclosure obligations, and custody. The Chairman emphasized that the SEC's goal is to ensure that market participants comply with laws and rules to protect U.S. investors. The article also reported separate remarks by Chairman Gensler on staking protocols, urging a protocol to seek compliance with securities laws. Furthermore, the article highlighted the New York Attorney General's recent lawsuit against the KuCoin cryptocurrency exchange for operating in New York without registration and misrepresenting itself as an exchange. The enforcement action aims to stop KuCoin from operating in New York and to block access to its website until it complies with the law. The press release stated that this is one of the first times a regulator has claimed in court that Ethereum, one of the largest cryptocurrencies available, is a security.
READ THE STORY: lexology
CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws
Analyst Comments: The RVWP program is significant from both tactical and strategic perspectives. The program is a proactive and preventive measure that allows organizations to mitigate vulnerabilities before attackers can cause too much damage, reducing the prevalence of damaging ransomware incidents affecting American organizations. The program can benefit small organizations that may not have the necessary resources or personnel to manage vulnerabilities. Furthermore, the program's expansion to additional vulnerabilities and organizations can potentially enhance the cybersecurity posture of the United States against ransomware attacks. The RVWP program's success will depend on the effectiveness of the existing services, data sources, technologies, and authorities utilized to identify vulnerable systems and notify regional CISA personnel to mitigate the flaws.
FROM THE MEDIA: The US Cybersecurity and Infrastructure Security Agency (CISA) has launched the Ransomware Vulnerability Warning Pilot (RVWP) program, which proactively identifies vulnerable information systems associated with ransomware attacks. The RVWP program utilizes existing services, data sources, technologies, and authorities, including CISA's Cyber Hygiene Vulnerability Scanning. Once the program identifies vulnerable systems, regional CISA personnel will notify them so they can mitigate the flaws before attackers can cause too much damage. CISA initiated the RVWP by notifying 93 organizations identified as running instances of Microsoft Exchange Service with a vulnerability called "ProxyNotShell," widely exploited by ransomware actors. The agency plans to expand the program to additional vulnerabilities and organizations. Small organizations will benefit the most, given that large organizations typically have more personnel and resources to remediate or manage vulnerabilities. RVWP aims to provide timely and actionable information to reduce ransomware incidents affecting American organizations.
READ THE STORY: CSO
Chinese Research Centres Recruiting British-Trained Tech Talent
Analyst Comments: The recruitment of high-tech talent by Chinese institutes in the UK raises concerns about the potential transfer of sensitive technology to China. The recruitment campaigns, although not aimed at intellectual property theft or developing military capabilities, could have implications for national security. While a blanket ban on Chinese students is not necessary, experts suggest that stronger background checks and careful selection of candidates in sensitive areas are necessary. As such, universities and institutions should be more cautious about research relationships with Chinese institutions in certain disciplines where sensitive knowledge could be transferred.
FROM THE MEDIA: Three state-funded Chinese institutes have posted job adverts on the Chinese Embassy website in the UK, targeting Chinese scientists to recruit high-tech talent. The institutes, including the Suzhou Institute of Systems Medicine, Suzhou Institute of Nano-Tech and Nano-Bionics, and Yantai Institute of Coastal Zone Research, are looking for candidates for the National Natural Science Foundation's Science Fund Programme for Distinguished Young Scholars (Overseas), which provides funding and recruitment for accomplished young scientists to become leading figures in their fields. The program covers various areas such as marine environmental science, biomedical science, semiconductors, and advanced materials, with both civilian and military applications. There is no evidence to suggest that the recruitment campaigns are aimed at intellectual property theft or developing military capabilities, but concerns have been raised about British know-how being transferred to communist-controlled China.
READ THE STORY: The Epoch Times
Items of interest
Online Sleuths Untangle the Mystery of the Nord Stream Sabotage
Analyst Comments: The sabotage of the Nord Stream gas pipelines is a significant event that has heightened tensions between various countries. As the perpetrators remain unknown, the incident could have implications for global energy security and geopolitical relations. The use of OSINT to uncover potential clues demonstrates the growing importance of technology in modern warfare and intelligence gathering. However, the limitations of OSINT also highlight the need for traditional intelligence methods, such as human intelligence, in resolving complex issues. Overall, the Nord Stream sabotage underscores the ongoing importance of intelligence gathering and sharing in maintaining global stability and security.
FROM THE MEDIA: Open source intelligence (OSINT) researchers are using public data to verify or debunk claims about who was behind the explosions that ruptured the Nord Stream gas pipelines six months ago. The bombings, which leaked methane into the environment, have been blamed on Russia, the United States, the United Kingdom, and an unnamed pro-Ukrainian group. Recent media reports have largely been based on anonymous sources and provided little hard evidence. In the absence of official information, OSINT researchers are using techniques like flight- and ship-tracking data and satellite images to examine the claims. While OSINT can provide extra detail, it has its limits and can also raise new questions. Ultimately, there is still very little hard evidence publicly available about who may have been behind the attacks.
READ THE STORY: Wired
GPT-4 Prompt Engineering: Be Better Than 99% ChatGPT Users (Video)
FROM THE MEDIA: The video discusses how to create better prompts for GPT-4 by using prompt engineering. The video explores different approaches for creating better prompts, such as few-shot standard prompts, role prompting, adding personality to prompts, generating knowledge, and chain of thought prompting. The video provides examples of how to use these approaches and how they can improve results. The video also mentions a sponsor, brilliant.org, which offers interactive lessons in math, computer science, and engineering.
This Loophole Helps Me Scrape ANY Website with ChatGPT | Web Scraping with ChatGPT (Video)
FROM THE MEDIA: The video is about how to use ChatGPT to scrape any website by giving it instructions on how to locate and extract the desired data from the HTML code. The presenter demonstrates how to scrape movie titles from sublightscript.com, self-help book titles from Amazon.com, and tweets from Twitter.com using ChatGPT and Python libraries such as Beautiful Soup and Selenium. The process involves identifying the HTML element that contains the desired data and using that information to create a prompt for ChatGPT to generate the scraping code. The presenter provides step-by-step instructions on how to create the prompt and shows how to run the code to extract the data.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.