Daily Drop: (439)
Thursday, March 23, 2023 // (IG): BB // Cyber-Roundup// Coffee for Bob
Chinese Warships Suspected of Signal-Jamming Passenger Jets
Analyst Comments: The ongoing signal interference by the Chinese military on commercial flights is a potential threat to aviation safety in the western Pacific Ocean and the South China Sea. The fact that warships are suspected to be the source of GPS jamming on some flights is a cause for concern. This activity could be part of a chain of attack or coincides with other alert-worthy activity that might be going on. The lack of visibility in the operational technology environment of the aviation industry is a significant concern. The need for better OT security in the aviation space and GPS signal integrity controls must be developed and deployed. The Chinese government could be expressing its feelings about the nuclear submarine deal with Britain and Australia.
FROM THE MEDIA: Qantas Airways, the Australian flagship airline, has warned its pilots about ongoing signal interference from "stations purporting to represent the Chinese military" on commercial flights over the western Pacific Ocean and South China Sea. The airline has also warned of GPS jamming on some flights suspected to originate from warships operating off the northwest shelf of Australia. The International Federation of Air Line Pilots' Associations has also noted that military warships in the South China Sea, Philippine Sea, and the Eastern Indian Ocean were placing VHF calls to some passenger flights and military aircraft. In some cases, flights were provided vectors to avoid airspace over the warship. The airline does not consider the activity to be a physical safety threat. However, experts warn that signal interference could be dangerous in the right situation, particularly if it coincides with other alert-worthy activity.
READ THE STORY: DarkReading
China Hawks Dine on Seared Branzino And Lament Threat to US
Analyst Comments: Thiel's criticism of TikTok and the comparison of the US-China relationship to a codependent marriage highlights the growing concern over China's influence and technological advancements. The dinner event, attended by tech executives, policymakers, and financiers, aimed to address the China threat and the urgency of the US and Western allies cementing their technological superiority over China. The risk that Beijing can gain access to data hoovered up by the app, which is owned by ByteDance Ltd., one of China's largest internet companies, is a serious concern.
FROM THE MEDIA: Peter Thiel, a billionaire entrepreneur and venture capitalist, likened the relationship between the US and China to a codependent marriage at a dinner for venture capitalists and lawmakers, a day before the CEO of TikTok testified on Capitol Hill. Thiel criticized the rise of TikTok, comparing it to homelessness, in a speech to guests at an event hosted by the Hill & Valley Forum, a group backed by Thiel and Vinod Khosla's venture capital firms, that brings together power players from Washington and Silicon Valley. The group aimed to press home the urgency of the China threat to lawmakers.
READ THE STORY: Bloomberg
The Hacker Mind Podcast: When The Dark Web Discovered ChatGPT
Analyst Comments: The use of generative AI on the Dark Web for scams is significant from a tactical and strategic perspective. As the Dark Web continues to expand, generative AI tools will likely make it easier for criminals to evade detection and carry out criminal activities. This could lead to an increase in cybercrime and other illicit activities on the Dark Web, which could have significant consequences for individuals, businesses, and governments. The use of generative AI tools also highlights the need for increased cybersecurity measures and regulations to ensure that the internet remains a safe and secure place for all users.
FROM THE MEDIA: Delilah Schwartz, Product Marketing Manager at Cybersixgill, discusses the use of generative AI on the Dark Web for scams. Schwartz explains that the Dark Web is an overlay on top of the internet and that it is not searchable or indexed. The Deep Web, which is not accessible or available to all, makes up 90% of the internet. Schwartz notes that the Dark Web is unregulated, making it a haven for those seeking anonymity, such as criminals, extremists, and cybercriminals. She points out that the Dark Web has become a hub of cybercrime and that there are marketplaces for just about anything. Schwartz also discusses how new generative AI tools, such as ChatGPT, are poised to make things crazier by lowering the barrier to entry.
READ THE STORY: Security Boulevard
Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products
Analyst Comments: The trend towards targeting edge-infrastructure technologies in zero-day attacks is concerning, given the increasing adoption of IoT devices in the enterprise environment. The increase in zero-day exploits and their growing severity poses a significant challenge to security practitioners. With less emphasis on endpoint detection and response (EDR), adversaries have been successful in exploiting edge devices' vulnerabilities. It is imperative that security practitioners keep up to date with current security trends and the exploitation of new zero-day vulnerabilities. Furthermore, it is important to recognize that financially motivated cyber attackers are exploiting zero-day vulnerabilities, resulting in increased ransomware attacks. The fact that Microsoft, Google, and Apple account for 67% of the zero-day vulnerabilities shows that even though these companies have implemented strict security measures, there is still a lot of work to be done to ensure the protection of their products from potential zero-day attacks.
FROM THE MEDIA: According to data analysis from Mandiant, zero-day attacks in 2022 show a trend of targeting security weaknesses in edge-infrastructure technologies such as VPNs, firewalls, and IT management products. Out of a total of 55 zero-day vulnerabilities, 10 of them involved Internet-facing edge devices. Researchers observed that adversaries perceive enterprise organizations as having fewer capabilities around endpoint detection and response (EDR) than they have around network monitoring. Threat groups, particularly Chinese state-sponsored groups, leveraged more zero-day exploits in 2022 than in previous years, with 13 zero-days likely exploited by state-backed groups. Seven out of 13 involved a Chinese advanced persistent threat (APT) group. Furthermore, the financially motivated cyber attackers were seen exploiting four out of 16 zero-day exploits. The three vendors Microsoft, Google, and Apple, accounted for 37 of the 55 zero-days tracked in 2022.
READ THE STORY: DarkReading
Baphomet will not bring back BreachForums
Analyst Comments: The closure of BreachForums is significant in the tactical sense as it deprives criminals of a platform for selling stolen data. However, the move is unlikely to have a significant strategic impact as other similar marketplaces are likely to fill the gap. The decision by Baphomet to shut down the forum due to security concerns may indicate increased pressure on dark web criminal operations by law enforcement agencies. The reference to bulletproof hosting providers suggests the need for greater scrutiny of these providers, who enable criminal activity by providing a safe haven for illicit content. The uncertainty caused by the closure of the forum may also provide law enforcement with an opportunity to investigate and disrupt other criminal activities.
This is not an ad:*HUNCHLY DARKWEB REPORT* gives a daily update the online statuses of darkweb pages.
FROM THE MEDIA: BreachForums, a dark web stolen data marketplace, will not be revived by its operator Baphomet, who has decided to shut it down due to concerns over compromised security. In a post, Baphomet expressed uncertainty over the safety of the forum's configuration, source code, and user information, and the possibility of law enforcement gaining access to the server. Baphomet plans to take some time off after shutting down the forum. The closure of BreachForums is expected to make it harder for criminals to sell stolen data in the short term, but it may also cause some uncertainty in criminal circles.
READ THE STORY: The Cyberwire
Malicious ChatGPT Chrome extension found with over 9,000 users
Analyst Comments: The discovery of this malicious ChatGPT variant is significant as it highlights the potential for cybercriminals to piggyback on the popularity of legitimate browser extensions to launch attacks. The use of sponsored search results to distribute the malicious extension suggests that attackers are using sophisticated tactics to reach potential victims. The theft of Facebook session cookies can result in the compromise of user accounts, which can be used for a range of illegal activities. The fact that the malicious code was added to an open-source project indicates the need for greater scrutiny of such projects and a more proactive approach to identifying and addressing security vulnerabilities. The swift removal of the extension by Google highlights the importance of collaboration between security researchers and tech companies in the fight against cybercrime.
FROM THE MEDIA: Guardio researchers have discovered a malicious variant of the ChatGPT browser extension that steals Facebook session cookies and can compromise user accounts. The malicious extension was distributed through sponsored search results and the Chrome App Store since at least March 14, 2023. The extension masqueraded as ChatGPT for Google and promised browser integration. Once installed, the extension triggered the OnInstalled function to steal Facebook session cookies, which were then sent to a Command and Control server hosted on worker.dev. The extension had amassed over 9,000 users before being taken down by Google.
READ THE STORY: Candid
Hacks, bots, and blackmail: How secret cyber mercenaries disrupt elections
Analyst Comments: The exposure of Team Jorge's activities emphasizes the persistent risks to electoral systems across the globe, illustrating the increasing complexity of cyber and disinformation strategies used to manipulate election results. These tactics have the potential to incite violence, civil unrest, and instability, thereby endangering national security and regional stability. In light of these findings, it is crucial for nations to bolster their cybersecurity and electoral infrastructure to safeguard against foreign interference and disinformation campaigns.
FROM THE MEDIA: An investigative report by a group of journalists has exposed the secretive Team Jorge, a group of Israeli cyber-influence specialists, who claim to have meddled in at least two presidential elections worldwide and charged multimillion-dollar fees for their services. The group reportedly uses a range of tactics such as spreading disinformation, hacking, forging blackmail material, physically disrupting elections, and deploying targeted social media campaigns. The investigation revealed that Team Jorge was involved in last year's Kenyan presidential election, which was plagued by disinformation. The report also highlights the group's murky relationships with other political consultancy firms such as Cambridge Analytica and the risks associated with such a clandestine disinformation-for-hire industry.
READ THE STORY: Daily Maverick
Putin’s Threat Over Depleted Uranium Is ‘Latest Twist in Propaganda War’
Analyst Comments: The warning by Putin has the potential to escalate the ongoing conflict in Ukraine, with Russia already heavily involved. The use of depleted uranium ammunition could lead to further international condemnation, with concerns about its potential long-term effects on health and the environment. It may also increase tensions between Russia and the UK, potentially leading to more aggressive actions against each other's military assets or citizens. The use of depleted uranium ammunition is controversial and could be seen as a breach of international law by some nations. The potential for a military response by Russia should not be ignored, and this issue should be closely monitored by military and political leaders.
FROM THE MEDIA: Russian President Vladimir Putin has issued a warning to the UK regarding the supply of depleted uranium in tank ammunition to Ukraine. During a meeting with China’s President Xi Jinping in Moscow, Putin raised concerns about the UK's decision to supply the Ukrainian armed forces with depleted uranium in their tank ammunition. He stated that Russia will respond accordingly if Ukraine or any other member of the West uses nuclear-based weapons in the ongoing conflict. The UK's Ministry of Defence denied that the ammunition had any nuclear capability and accused Putin of spreading disinformation. The use of depleted uranium has been a contentious issue in conflicts, and its potential link to Gulf War Syndrome has been debated for years.
READ THE STORY: The Epoch Times
Darkweb Cryptocurrency Mixer ChipMixer Shut Down for Allegedly Laundering $3 Billion Worth of Crypto
Analyst Comments: The takedown of ChipMixer is significant in both tactical and strategic terms. In tactical terms, the seizure of ChipMixer's servers and the arrest of its founder will disrupt cybercriminals' ability to launder illicit funds and could lead to the identification of additional criminal actors. In strategic terms, the operation underscores the increasing international cooperation between law enforcement agencies to combat the use of cryptocurrency mixing services for illicit activities. The coordinated effort between the U.S. government, Europol, and German police could set a precedent for future joint operations targeting online criminal activity.
FROM THE MEDIA: On March 15, 2023, the U.S. Federal Bureau of Investigations, Europol, and German police announced the shutdown of the darknet cryptocurrency mixing service, ChipMixer, in a coordinated effort. The U.S. government seized two domains and one Github account, while German authorities seized $46 million in cryptocurrency and ChipMixer’s back-end servers. ChipMixer’s founder, Vietnamese national Minh Quoc Nguyen, was charged with money laundering, operating an unlicensed money-transmitting business, and identity theft. The criminal complaint against Nguyen alleges that ChipMixer laundered more than $3 billion in cryptocurrency since 2017, including funds associated with ransomware, drug trafficking, and hacking tools.
READ THE STORY: Jdsupra
Ex-Head of Privacy-Centric Crypto Monero Refutes Allegations of Being a US Government Informant
Analyst Comments: The alleged arrest and accusation against Spagni have created significant media speculation and uncertainty in the cryptocurrency market. The privacy features of Monero make it increasingly attractive to illegal activities, and if it is found that Spagni was indeed an informant, this could have a significant impact on the anonymity and security of the cryptocurrency. Moreover, the allegations against Spagni have brought attention to the vulnerability of cryptocurrencies to government surveillance, and the need for developers and users to take extra measures to secure their transactions.
FROM THE MEDIA: South African Roberto “Fluffypony” Spagni, former lead maintainer of privacy-focused cryptocurrency Monero, has denied claims that he is a government informant after a tweet alleged that Spagni had been arrested by the South African Interpol and was awaiting extradition to the US. The tweet, which included a screenshot of an alleged arrest warrant, triggered speculation on social media and news media that Spagni was cooperating with law enforcement. Cryptocurrency Monero ranks No. 25 on CoinMarketCap with a market capitalization of $2.795 billion. The cryptocurrency uses privacy-enhancing technology that claims to obscure transactions to achieve anonymity so that observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. Monero is increasingly used in illegal activities such as money laundering, darknet markets, ransomware, and cryptojacking, Vice reported.
READ THE STORY: TMN
Google Suspends Chinese E-Commerce App Pinduoduo Over Malware
Analyst Comments: The suspension of Pinduoduo's app by Google highlights the ongoing concerns surrounding the security of Chinese-made software, and China's expanding cyber threat to the West. The move serves as a warning to users to be more cautious when downloading apps from unknown sources and reinforces the importance of companies taking extra steps to ensure the security of their software. It is also significant that Google's suspension does not affect PDD Holdings' online shopping platform, Temu, suggesting that the company has taken some measures to secure its software. Overall, the suspension of Pinduoduo's app highlights the growing threat of cyberattacks and the importance of cybersecurity, both for individuals and companies operating in the digital world.
FROM THE MEDIA: Google has suspended the app of Chinese e-commerce giant Pinduoduo due to the discovery of malware in certain versions of the software. This comes just weeks after Chinese security researchers revealed that the app had taken over devices by exploiting multiple security vulnerabilities. In the wake of the Google suspension, Pinduoduo has denied all accusations of malicious intent, claiming that the app was suspended alongside several others by Google. The suspension does not affect PDD Holdings' online shopping platform, Temu. Most of the news coverage of Google's action emphasizes that the malware was found in versions of the app available outside of Google Play. The move comes as lawmakers in Congress prepare to grill the CEO of TikTok over national security concerns, as China is now considered the broadest, most active, and most persistent threat to both government and private sector networks, according to the Biden administration's new cybersecurity strategy.
READ THE STORY: Krebson Security
Someone Has Been Mailing USB Drives to Journalists That Are Programmed to Explode
Analyst Comments: The use of USB sticks as a means of malware distribution is well-known, but the fact that explosive devices have been sent in this manner is highly alarming. This is a reminder that cyberattacks and other malicious activities can have physical consequences and underscores the need for heightened security measures when dealing with electronic media. The fact that journalists have been targeted in this manner is also concerning, as it highlights the potential for those who report on sensitive issues to be exposed to physical danger.
FROM THE MEDIA: Journalists in Ecuador have been receiving USB sticks in the mail containing explosives, causing mild injuries to one person so far. The drives have been sent to at least five different newsrooms, sometimes with threatening notes, and are designed to explode when inserted into a computer. The USB sticks were found to be rigged with RDX, a chemical agent commonly used in C-4 and other plastic explosives. The Ecuadorian government has publicly condemned the incidents, while a press freedom organization in the country has demanded an investigation into the source of the bombs.
READ THE STORY: Gizmodo
Cisco kindly reveals proof of concept attacks for flaws in rival Netgear's kit
Analyst Comments: The existence of these vulnerabilities poses a severe threat to the confidentiality, integrity, and availability of the Orbi wireless system, user data, credentials, and network devices. The critical vulnerability, CVE-2022-38452, poses the highest risk due to its potential for arbitrary command execution and the absence of a patch. Miscreants can scan for exposed, vulnerable routers to attack, increasing the risk of exploitation. CVE-2022-37337 is also severe, although requiring authentication, while CVE-2022-36429 is less severe but still poses a threat to the affected devices and user data. Netgear should prioritize patching CVE-2022-38452 to mitigate the risk of compromise to the affected devices and network.
FROM THE MEDIA: In August 2022, Cisco Talos researchers reported four vulnerabilities in Netgear's Orbi mesh wireless system to the vendor, impacting the main router and satellite routers. By December 2022, three of these vulnerabilities were patched, but the critical CVE-2022-38452 bug in the main Orbi router RBR750 18.104.22.168 remained unpatched. This vulnerability allows attackers to execute arbitrary commands if they have a username, password, and media access control address. Although a proof of concept exploit is available, it is unclear if the bug has been exploited in the wild. Patches have been issued for the other vulnerabilities, CVE-2022-37337, CVE-2022-36429, and CVE-2022-38458, addressing issues in access control, arbitrary command execution, and cleartext transmission, respectively.
READ THE STORY: The Register
US Space Force wants to test how to build satellites in orbit with $1.6 million Arkisys deal
Analyst Comments: The development of The Port represents a novel approach to reusable technology platforms for creating long-duration space infrastructure-as-a-service businesses. The platform's ability to assemble functional satellites off of another platform will open up Earth orbit markets, on-the-fly changes to existing satellites, and on-demand satellites for lunar or Martian exploration. The success of this project can boost space infrastructure and provide a platform for future space activities, making it significant in a strategic and technological sense.
FROM THE MEDIA: The U.S. Space Force's innovation division, SpaceWERX, has awarded a $1.6 million contract to Arkisys Inc. and its partners to develop The Port, a scalable commercial space platform. The platform will be one of the first long-duration space-infrastructure-as-a-service businesses and aims to create the first fully robotic orbital destination for space construction projects in Earth orbit, the moon, Mars, and beyond. The Port's architecture will be completely scalable, offering multiple services for a growing international space commerce customer base starting in 2024. Arkisys Inc. is a leading provider of advanced spacecraft architectures and plans to perform a full-scale demonstration in 1G to prove its concept for assembling a functional modular space platform.
READ THE STORY: SPACE
North Korean hackers Target ‘EXPERTS’ On the Korean Peninsula
Analyst Comments: The activity of Kimsuky poses a severe threat to the confidentiality, integrity, and availability of personal and sensitive information of individuals and organizations targeted by the threat actor. The North Korean government's backing of Kimsuky highlights the potential for the group's activity to affect foreign affairs and security think tanks worldwide. The exploitation of a malicious browser extension and app on Google Play highlights the significance of ongoing efforts to detect and prevent malicious actors from abusing legitimate platforms to carry out attacks.
FROM THE MEDIA: North Korean threat actor Kimsuky, active since 2012, has been targeting individuals on the Korean Peninsula, according to South Korean and German authorities. The group mainly targets political figures, diplomats, think tanks, and non-government organizations. In this case, Kimsuky is using two methods to target experts on the Korean peninsula: a malicious browser extension and a malicious app on the Google Play store. The browser extension hijacks victims' Gmail accounts, while the app poses as an "internal testing" environment, allowing hackers to access emails and cloud data. Although the attack mainly targets experts on the Korean Peninsula and North Korea, the technology exploited can be used universally, potentially affecting foreign affairs and security think tanks worldwide.
READ THE STORY: CyberSecurity Connect
Preventing Insider Threats in Your Active Directory
Analyst Comments: Insider threats pose a major challenge for organizations, making it essential to secure Active Directory (AD) against such risks. By adhering to the best practices mentioned in the article, organizations can mitigate the chances of insider threats compromising their AD. Implementing tools like Specops Password Policy can further strengthen security measures and ensure compliance with password policies, effectively addressing potential insider threats.
FROM THE MEDIA: Active Directory (AD) is a powerful authentication and directory service used by organizations worldwide. However, with this ubiquity and power comes the potential for abuse. Insiders offer some of the most potential for destruction since they have over-provisioned access and visibility into the internal network. Insecure devices, over-provisioned access, weak password policies, and phishing email attacks are some of the vulnerabilities of AD. To secure AD, organizations must restrict access to systems and networks, ensure connected devices meet a minimum standard of security, configure AD securely, separate permissions from the typical user account, and enable multi-factor authentication and a strong password policy. Specops Password Policy can help organizations create custom dictionary lists, block weak passwords, and provide in-depth scanning to detect over 3 billion compromised passwords on accounts throughout an AD domain.
READ THE STORY: THN
Biden, Trudeau set to meet in the shadow of Chinese influence accusations
Analyst Comments: The allegations of Chinese interference in Canadian elections and the potential connections of both leaders to China are significant events that could impact the diplomatic relations between Canada, the US, and China. These allegations could have a strategic significance and could potentially create internal instability and chaos within Canada, which could lead to negative consequences for its security and foreign relations. The meeting between Biden and Trudeau is expected to address these issues and could have a significant impact on the future of US-Canada relations and their stance on China.
FROM THE MEDIA: On March 21, 2023, Fox News reported that President Joe Biden and Canadian Prime Minister Justin Trudeau were to discuss various topics, including allegations of Chinese interference in Canadian elections. Maxime Bernier, leader of the People’s Party of Canada, claimed that a leaked CSIS report showed China's meddling in the 2019 and 2021 federal elections to favor Trudeau's Liberal party. Trudeau announced a probe into the allegations two weeks later. China denies any interference. Both Biden and Trudeau face accusations related to China, with Biden's family allegedly receiving payments through an associate linked to a Chinese energy company. David Stilwell, an advisory board member of the Vandenberg Coalition, warned that China's approach, termed "entropic warfare," aims to create chaos within a state to divide and weaken it. Aurel Braun, a professor at the University of Toronto, agreed that Canada had been slow to respond to China’s threat and should have taken action earlier.
READ THE STORY: Yahoo news
ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques
Analyst Comments: ScarCruft's use of weaponized CHM files to download additional malware onto targeted machines is significant in terms of tactical and strategic implications. The group's use of evolving tools, techniques, and procedures, along with its experimentation with new file formats and methods to bypass security vendors, demonstrates the group's continued sophistication and motivation to conduct espionage activities against South Korean targets. The group's ability to remain undetected on a GitHub repository for over two years is also concerning and highlights the need for increased vigilance in detecting and mitigating North Korean APT activity.
FROM THE MEDIA: The North Korean advanced persistent threat (APT) group ScarCruft, also known as APT37, Reaper, RedEyes, and Ricochet Chollima, is using weaponized Microsoft Compiled HTML Help (CHM) files to download additional malware onto targeted machines. The group has been active since at least 2012, and it continues to refine and retool its tactics to bypass detection. ScarCruft has been observed using other file formats, such as HTA, LNK, XLL, and macro-based Microsoft Office documents, in its spear-phishing attacks against South Korean targets. The group's infection chains deploy an updated version of a PowerShell-based implant known as Chinotto, which is capable of executing commands sent by a server and exfiltrating sensitive data. Chinotto's new capabilities include capturing screenshots every five seconds and logging keystrokes. ScarCruft has also been observed serving credential phishing webpages targeting multiple email and cloud services. A GitHub repository maintained by the group has hosted malicious payloads since October 2020, and the group has remained undetected for over two years.
READ THE STORY: THN
CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems
Analyst Comments: The vulnerabilities in Delta Electronics' InfraSuite Device Master and Rockwell Automation's ThinManager ThinServer are significant in terms of tactical and strategic implications. The vulnerabilities could allow threat actors to remotely execute arbitrary code, escalate privileges, and access files and credentials, potentially leading to the disruption of industrial control systems and critical infrastructure. The release of advisories by CISA highlights the need for increased vigilance in detecting and mitigating vulnerabilities in ICS equipment and underscores the importance of prompt updates and security patches. It also underscores the importance of limiting remote access to known devices to reduce the attack surface and potential impact of these vulnerabilities.
FROM THE MEDIA: The US Cybersecurity and Infrastructure Security Agency (CISA) has released eight Industrial Control Systems (ICS) advisories, warning of critical flaws affecting equipment from Delta Electronics and Rockwell Automation. The advisories include 13 security vulnerabilities in Delta Electronics' InfraSuite Device Master and multiple path traversal flaws in Rockwell Automation's ThinManager ThinServer, which could permit an unauthenticated remote attacker to execute arbitrary code, overwrite executable files with trojanized versions, and crash the software. Users are advised to update to the latest versions or restrict remote access of port 2031/TCP to known thin clients and ThinManager servers to mitigate potential threats.
READ THE STORY: THN
Microsoft investigating reports of ‘aCropalypse’ image-crop vulnerability in Windows
Analyst Comments: Microsoft is investigating reports that a vulnerability in Google Pixel's screenshot editing tool, Markup, which allowed anyone to partially recover the original unedited image data of a cropped and/or redacted screenshot, also affects Windows Snipping Tool and Snip & Sketch tool on Windows 10. Cybersecurity researchers Simon Aarons and David Buchanan reported the vulnerability in Pixel devices in January, and Google fixed the issue in a patch released on March 6. The researchers discovered that when a user crops and saves a screenshot, the device overwrites the image with the new version but leaves the rest of the original file in its place, potentially exposing sensitive information like license plates or credit card numbers.
FROM THE MEDIA: The vulnerability affecting Pixel devices and Windows Snipping Tool and Snip & Sketch tool highlights the need for increased vigilance in detecting and mitigating vulnerabilities in software tools and applications. The vulnerability potentially exposes sensitive information that could be exploited by threat actors for nefarious purposes, underscoring the importance of prompt security patches and updates. The fact that the vulnerability went undiscovered for three years highlights the need for increased scrutiny and testing of software tools and applications to detect and mitigate vulnerabilities that could expose sensitive data.
READ THE STORY: The Record
German and South Korean Agencies Warn of Kimsuky's Expanding Cyber Attack Tactics
Analyst Comments: The Kimsuky group's cyber attacks targeting experts on the Korean Peninsula and North Korea issues, particularly those working within the government, military, manufacturing, academic, and think tank organizations, are of strategic significance. The group's use of rogue browser extensions and phishing tactics to obtain the victim's Google account credentials and then installing malicious apps on the devices linked to those accounts indicates a sophisticated level of cyber espionage.
FROM THE MEDIA: German and South Korean government agencies issued a joint advisory warning about cyber attacks carried out by the Kimsuky group, also known as Black Banshee, Thallium, and Velvet Chollima. Kimsuky is a subordinate element within North Korea's Reconnaissance General Bureau and is responsible for collecting strategic intelligence on geopolitical events and negotiations affecting the DPRK's interests. Kimsuky has been observed using phishing tactics to obtain the victim's Google account credentials and then installing a malicious app on the devices linked to those accounts. The malware-laced apps embed FastFire and FastViewer and have capabilities to harvest a wide range of sensitive information by abusing Android's accessibility services.
READ THE STORY: THN
Russia draws in Africa with charm offensive against Western ‘neo-colonialism’
Analyst Comments: The Russia-Africa conference is of strategic significance as it demonstrates Russia's desire to strengthen ties with African countries and expand its influence on the continent. The conference also highlights Russia's efforts to counter the influence of the West, particularly former European colonizers, and the US, in Africa. Putin's announcement of the free delivery of grain to Africa and the training of African soldiers in Russia further underscore Russia's interest in expanding economic and security cooperation with African countries. The conference also provides an opportunity for African countries to assert their independence from former colonial powers and to build new alliances.
FROM THE MEDIA: On 19-20 March, a conference titled “Russia-Africa in a multipolar world” was held in Moscow to discuss cooperation and the fight against the influence of “former colonial powers”. The conference aimed to strengthen cooperation between African and Russian parliamentarians ahead of the Africa-Russia summit to be held in St. Petersburg in July. The conference featured speeches from Duma Speaker Vyacheslav Volodin and President Vladimir Putin, who both emphasized the need to cooperate more with African countries. Many African parliamentarians also attended the conference, and discussions centered around the actions of former European colonizers and the US.
READ THE STORY: The Africa Report
What do you do if a hacker takes over your ship
Analyst Comments: The increasing reliance on technology in the maritime industry has created a new front for cyber attacks that threaten to cause significant financial and reputational damage to companies. The development of a maritime digital security course is a significant step towards enhancing the industry's capacity to manage cyber threats. The course's focus on risk management and building resilience against cyber attacks is critical for the maritime industry's safety and sustainability. The simulated exercise offers a unique opportunity for practitioners and researchers to uncover vulnerabilities in maritime navigation and control systems for ships.
FROM THE MEDIA: The Norwegian University of Science and Technology (NTNU) in Ålesund has offered a new course titled "Maritime digital security" designed to address the issue of cybersecurity threats in the maritime industry. The two-month course focused on assessing and managing digital threats and building resilience against cyber attacks. The course developers, PhD candidates Marie Haugli-Sandvik and Erlend Erstad, worked in collaboration with the industry to develop the course, which appears to be the first of its kind in Norway. The course included a simulated exercise to practice realistic actions and situations in a safe environment using ship simulators designed to mimic the bridge of a ship underway in the North Sea. The exercise aimed to strengthen the skills of managers, middle managers, and operational, and administrative personnel in the maritime sector, enabling them to manage digital threats and vulnerabilities better.
READ THE STORY: Eurek Alert
Items of interest
SEC Charges Lindsay Lohan, Jake Paul, Soulja Boy, Akon In Crypto Promotion Scheme
Analyst Comments: The charges could deter other celebrities and influencers from engaging in similar behavior, thereby protecting potential investors from fraudulent schemes. The charges also send a message to the cryptocurrency industry that regulators will not tolerate illegal behavior and that those who engage in such behavior will face consequences. Finally, the charges could have broader implications for the cryptocurrency industry, as regulators may seek to increase oversight and regulation to prevent similar illegal activities in the future.
FROM THE MEDIA: The Securities and Exchange Commission (SEC) has charged eight celebrities, including Lindsay Lohan, Soulja Boy, Lil Yachty, Jake Paul, Akon, Ne-Yo, Austin Mahone, and Kendra Lust, with promoting cryptocurrencies without disclosing that they were paid to do so. The celebrities were specifically charged with promoting BTT and TRX, which are owned by Justin Sun, who is also being charged with fraud. Sun and his companies, Tron Foundation Limited, BitTorrent Foundation Ltd., and Rainberry Inc., are accused of offering and selling TRX and BTT as investments through bounty programs and then encouraging others to promote the tokens on social media and leverage their audiences to join Tron-affiliated Telegram and Discord channels. Sun has reportedly made $31 million from the secondary market sales of the illegal sales of the token. Some of the named celebrities have settled, agreeing to pay restitution upwards of $400,000, while others, including Soulja Boy and Austin Mahone, have not yet reached settlements.
READ THE STORY: Complex
Unrestricted Warfare Webcast (Video)
FROM THE MEDIA: The video is a webcast discussing the book "Unrestricted Warfare", which was written by two Chinese People's Liberation Army Colonels in 1999. The book presents a new concept of war that includes non-military weapons and discusses new weapons of war. The webcast covers five themes, including how the US defense and national security establishment is stuck on conventional warfare, how China should pursue new weapons of war, and the difference between limited and unlimited wars. The discussion includes insights from retired Marine Corps Lieutenant Colonel Max and Ford Observer China analyst Corey, who explains the difference between military officers and political commissars in the PLA. The webcast highlights how China's approach to warfare is more expansive and different from that of the US, and it brings together military and non-military components to achieve specific end states.
Counterintelligence: Defending against cognitive warfare (Video)
FROM THE MEDIA: The transcript is of a talk called "Defending Against the Cognitive Warfare" given by J. Karasek (also known as 4n6strider) and posted on YouTube. Karasek is a cyber threat researcher at Trend Micro who investigates threats on the internet and devices as well as threats to human brains. The talk focuses on cognitive warfare, which is a type of hybrid warfare that involves influencing the brains of enemy soldiers and the general public to make them weaker or confused. Karasek provides examples of how this is done through the use of memes and disinformation campaigns. He also explains how he analyzes these tactics and discusses his project, YOGAS, which is aimed at ingesting emails and websites to defend against cognitive warfare. Karasek emphasizes the importance of being aware of cognitive threats and provides some tips on how to defend against them.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at email@example.com.