Daily Drop: (441)

03-25-2-23

Saturday, March 25, 2023 // (IG): BB // Cyber-Roundup// Coffee for Bob

After Meeting in Moscow, Will Xi and Putin Combine “IT Armies” and ICT-driven Hybrid Warfare Efforts Against the West

Analyst Comments: Both countries, their leaders, and their IT Armies and non-state actors are experts in kompromat, information warfare, and narrative warfare, with increasing activity in the digital domain. China’s investments in cybersecurity education have set the stage for a new, more prolific era of digital espionage, creating an additional imperative for the US and allied nations to improve defenses of government networks. The ICT-driven hybrid warfare landscape has been digitally carpet bombed by both the Chinese and Russians, burning and smoldering, indicating the significance of this event in a strategic context.

FROM THE MEDIA: The meeting between China's Xi Jinping and Russia's Vladimir Putin in Moscow, where they signed agreements for economic cooperation and affirmed their partnership, but did not discuss their information technology-driven hybrid warfare efforts directed at the West. The article notes that both countries are experts in kompromat, information warfare, and narrative warfare with increasing activity in the digital domain. The article highlights the risks posed by hybrid warfare, which is defined as a fusion of conventional and unconventional instruments of power and tools of subversion. The article suggests that China's investments in cybersecurity education have created a new era of digital espionage and pose a risk to companies, which increases the imperative for the US and allied nations to improve defenses of government networks.

READ THE STORY:   OODALOOP

U.S. and China wage war beneath the waves - over internet cables

Analyst Comments: The competition for dominance in the subsea cable industry highlights the importance of critical infrastructure in determining who achieves economic and military dominance. The US government’s intervention in the SeaMeWe-6 cable deal is significant in the context of US-China relations and the US government’s efforts to contain China’s high-tech sector. Undersea cables are a valuable asset for intelligence agencies, and the potential for espionage or sabotage makes the control of this infrastructure a matter of national security. The US government’s campaign to prevent HMN Tech from winning business or rerouting cables that would have directly linked the US and Chinese territories shows the level of importance placed on controlling these data conduits.

FROM THE MEDIA: The United States and China are competing for dominance in the subsea cable industry, with undersea cables seen as critical infrastructure that could be used for espionage or sabotage. SubCom LLC won a contract to lay a $600m cable to transport data from Asia to Europe, known as South East Asia–Middle East–Western Europe 6 (SeaMeWe-6), beating out Chinese firm HMN Technologies Co Ltd for the deal. The US government reportedly intervened in at least six private undersea cable deals in the Asia-Pacific region over the past four years to prevent HMN Tech from winning business or rerouting cables that would have directly linked US and Chinese territories. Undersea cables are central to US-China technology competition, with over 400 cables running along the seafloor carrying over 95% of all international internet traffic. Spy agencies can easily tap into cables landing on their territory, making them a potential “surveillance gold mine” for intelligence agencies. US diplomats cautioned foreign telecom carriers that Washington planned to impose crippling sanctions on HMN Tech, a development that could put their investment in the cable project at risk.

READ THE STORY:   Zawya

North Korea claims test of Russia-style unmanned underwater nuke

Analyst Comments: The “successful” test of the Haeil raises the threat posed by North Korea’s regime, combining conventional, nuclear, asymmetric, and underwater capabilities, to a new high. The weapon’s ability to take out enemy ports or naval formations with the powerful, radioactive waves it generates upon detonation poses a significant tactical and strategic threat. The automated systems and loitering capabilities of the weapon present new challenges for nuclear command and control over an extended period of time. The lack of a nuclear drive system limits the range and the ability of the weapon to lurk near enemy positions, making swift strikes on its port of deployment an effective defense strategy. However, the lack of countermeasures to some North Korean weapons and the possibility of the weapon being deployed and loitering present significant concerns for strategic defense capabilities. The link between North Korean arms developers and their Russian and Chinese counterparts is opaque, and the possibility of Russia providing assets or data in return for North Korea covertly providing shells to the Kremlin for use in Ukraine raises significant concerns.

FROM THE MEDIA: North Korea announced on March 18, 2023, that it had successfully tested a new weapon class, a nuclear underwater unmanned vehicle (UUV) named “Haeil,” designed to take down targets with a radioactive tidal wave. The UUV is capable of taking out enemy ports or naval formations with the powerful, radioactive waves it generates upon detonation. The timing of the test, combined with the recent missile launches and the ongoing largest South Korea-U.S. spring war drills in six years, raises tensions for Washington and Seoul on the Korean Peninsula. The weapon, which has been in development since 2012, was observed by North Korean leader Kim Jong Un between March 21 and March 23. The UUV can be deployed “at any coast and port or towed by a surface ship for operation,” according to Pyongyang media. While the weapon’s automated systems, combined with its ability to “loiter” far from port, are as worrisome as its firepower, the lack of a nuclear drive system limits the range and the ability of the weapon to lurk near enemy positions, according to a naval source.

READ THE STORY:   The Washington Times

How China-linked espionage is hindering TikTok's U.S. future

Analyst Comments: The ongoing cyber detente between the U.S. and China has made TikTok the perfect symbol for the primary concern behind targeting the Chinese social media platform: China's sophisticated and hard-to-detect espionage capabilities. The intelligence community's annual worldwide threats report named China the broadest, most active, and most persistent cyber espionage threat to the U.S. government and private sector. China-sponsored espionage campaigns have launched hundreds of wide-scale espionage campaigns in the U.S. to collect corporate secrets, sensitive communications, and much more. TikTok’s murky connections to its China-based parent company, ByteDance, and its quick rise in the U.S. have made it a significant concern. However, hyper-focusing on a TikTok ban is an imperfect solution that may get stuck in the courts and spur First Amendment concerns.

FROM THE MEDIA: Lawmakers in the U.S. are targeting TikTok for its data security programs, but the primary concern is China’s sophisticated and hard-to-detect espionage capabilities. Chilling relations between the U.S. government and Beijing have only made lawmakers warier of the capabilities China-backed hacking teams are brewing, and what classified U.S. data they’re collecting. China-sponsored espionage campaigns have launched hundreds of wide-scale espionage campaigns in the U.S. to collect corporate secrets, sensitive communications, and much more. TikTok’s quick rise in the U.S. and its murky connections to its China-based parent company, ByteDance, have made it the perfect symbol for the ongoing cyber detente between the two countries. Hyperfocusing on a TikTok ban is an imperfect solution that may get stuck in the courts and spur First Amendment concerns.

READ THE STORY:   AXIOS

It’s high time to step up the protection of Europe’s critical maritime infrastructure

Analyst Comments: The US's history of destroying critical infrastructure in countries that oppose it indicates a willingness to cause irreparable damage. The US's undersea warfare capabilities, including advanced UUVs and combat divers, enable it to gather information on critical infrastructure and potentially sabotage it. The recent Nord Stream pipeline explosion has highlighted the vulnerability of undersea infrastructure worldwide and prompted concerns about the security of communication cables. The creation of a Critical Undersea Infrastructure Coordination Cell by NATO demonstrates the recognition of the importance of protecting such infrastructure. The significance of these events is both tactical, in terms of the potential destruction of critical infrastructure, and strategic, in terms of the potential destabilization of countries and regions.

FROM THE MEDIA: The United States has a history of destroying critical infrastructure in countries that oppose it. In Nicaragua, the US destroyed oil storage facilities and pipelines, deployed mines in ports, and attacked fuel reserves. In Chile, the US directed terrorists to destroy power plants and electrical substations, leading to a long-term dictatorship. The US has also targeted Venezuela's oil-producing facilities, such as the Amuay refinery and El Palito refinery. The US's undersea warfare capabilities are highly advanced, with a focus on unmanned underwater vehicles (UUVs) that can perform multiple tasks. The US Navy is developing several UUVs, including Orca XLUUV, Snakehead, Razorback, and Viperfish. The US military also prioritizes the training of combat divers. The recent Nord Stream pipeline explosion has led to concerns about the vulnerability of undersea infrastructure worldwide, including communication cables. NATO has announced the creation of a Critical Undersea Infrastructure Coordination Cell to protect such infrastructure.

READ THE STORY:   Modern Diplomacy

OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident

Analyst Comments: The exposure of personal information and chat titles of ChatGPT users due to a bug in the Redis open-source library is a significant event as it reveals a vulnerability in OpenAI's ChatGPT service. The unintentional server-side change that increased the error rate and potentially exposed payment-related information of ChatGPT Plus subscribers is a severe security flaw that could undermine user trust and cause reputational damage to the company. Additionally, the critical account takeover vulnerability addressed by OpenAI shows that the ChatGPT service is vulnerable to exploitation by attackers, which could lead to further security incidents if not adequately addressed.

FROM THE MEDIA: On March 20, 2023, OpenAI revealed that a bug in the Redis open-source library had caused the exposure of personal information and chat titles of ChatGPT users, leading the company to temporarily shut down the ChatGPT service. The bug enabled some users to access other users' conversations from the chat history sidebar due to a corrupted connection and unexpected data from the database cache. The bug also resulted in an unintentional increase in the error rate, potentially exposing payment-related information of 1.2% of ChatGPT Plus subscribers. OpenAI notified affected users and implemented redundant checks to ensure the data returned by their Redis cache matches the requesting user. Additionally, OpenAI fixed a critical account takeover vulnerability discovered by security researcher Gal Nagli, which allowed attackers to access users' accounts, chat history, and billing information. The vulnerability was fixed within two hours of responsible disclosure.

READ THE STORY:   THN

Lula to seek Chinese semiconductor technology, investment in Beijing

Analyst Comments: The Brazilian government's decision to seek Chinese technology and investment to develop a semiconductor industry in the country despite U.S. attempts to discourage such association is a significant event as it underscores Brazil's growing ties with China and its efforts to balance ties with its top trading partners. The Brazilian government's move could also have strategic implications for Brazil's technological independence and its ability to produce semiconductors amid a global shortage. The U.S. government's concern over associations with the production of Chinese microelectronics reflects growing tensions between the United States and China over technology and trade. The Brazilian government's decision to prioritize the production of semiconductors and sign agreements with China on the production of communications and microelectronics equipment highlights Brazil's efforts to foster its sustainable development and digital economy.

FROM THE MEDIA: Brazil will seek Chinese technology and investment to develop a semiconductor industry in the country despite U.S. attempts to discourage such association. Semiconductors will be a priority on President Luiz Inacio Lula da Silva's visit to China next week. The Brazilian government aims to sign agreements with China on the production of communications and microelectronics equipment, including semiconductors, and the Sino-Brazilian CBERS small satellite program. The U.S. government has expressed concern over associations with the production of Chinese microelectronics, which could affect Brazilian plans to produce semiconductors amid a global shortage. However, Brazil's top foreign policy adviser, Celso Amorim, said Brazil cannot afford to take sides in growing tensions between China and the United States and will not adopt an ideology from either of them. Lula's trip to China comes less than two months after he met with U.S. President Joe Biden at the White House as Brasilia aims for a pragmatic foreign policy balancing ties with its top trading partners despite growing tensions between the two.

READ THE STORY:   Reuters

China’s Bitcoin-Funded Intelligence Operation Is All Concerning the Chips

Analyst Comments: The case of the Chinese intelligence officers trying to bribe an FBI agent with bitcoin to get nonpublic details about the US government’s investigations into Huawei underscores the importance of semiconductors to the Chinese tech giant and the Chinese semiconductor industry. The Chinese government and Huawei were concerned about how potential charges would affect their supply of high-end semiconductors, which are largely US designed and manufactured. The US government's ban on the export of Intel's supercomputing grade Xeon chips to some of China's largest universities and the revised guidelines by the US Department of Commerce Bureau of Industry and Security in 2019 that included Huawei has severely complicated Huawei's participation in the global semiconductor supply chain.

FROM THE MEDIA: Two Chinese intelligence officers were caught on U.S. soil trying to bribe an undercover FBI agent with bitcoin to get nonpublic details about the U.S. government’s investigations into Huawei, the Chinese tech giant. At the time, Huawei was concerned about how potential charges would affect its supply of high-end semiconductors, largely designed and manufactured in the US. The US government had already banned the export of Intel’s supercomputing grade Xeon chips to some of China’s largest universities in 2015. The FBI investigation into Huawei remains ongoing, and the Chinese semiconductor industry has been hit hard by another round of sanctions in the past year, including new export curbs and restrictions on working at Chinese semiconductor firms. Bitcoin played a pivotal role in espionage and counterintelligence operations.

READ THE STORY:   CryptoNewsBTC

Going Beyond Mercenaries: Is Prigozhin Preparing For A Power Struggle In Russia

Analyst Comments: Wagner Group's changes in recruitment strategy and expansion of activities among Russian youth are significant in both a tactical and strategic sense. By seeking to recruit sportsmen and members of private security companies, Wagner is likely aiming to increase the quality of its recruits and to create a more professional and disciplined force. Moreover, the creation of a youth branch and the ideological backing could lead to the development of a loyal and ideologically trained group that could be used to pursue a political agenda. This could have implications for Russian foreign policy and military actions.

FROM THE MEDIA: The Wagner Group, a Russian quasi-private military company (PMC), has been changing its recruitment strategy and expanding its activities among Russian youth. The group is seeking to recruit sportsmen and members of private security companies, and is also targeting youth in Siberia with the creation of a youth branch called "Wagnerenok". This youth branch aims to "nurture love for the Motherland among young Russians." Additionally, Wagner is looking to create an ideological backing centered around the "pursuit of justice." These changes may suggest a shift towards a more loyal and ideologically trained group that could follow their leader in pursuit of a political agenda.

READ THE STORY:   Eurasiareview

GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations

Analyst Comments: GitHub's replacement of its RSA SSH host key is a precautionary measure to prevent bad actors from impersonating the service or eavesdropping on users' operations over SSH. While the company has stated that there is no evidence that the exposed SSH private key was exploited by adversaries, it is taking steps to prevent any potential risks to its service and users. The incident highlights the importance of ensuring the security of private information and the need for measures to prevent the inadvertent publishing of private information.

FROM THE MEDIA: GitHub has announced that it has replaced its RSA SSH host key used to secure Git operations "out of an abundance of caution" after it was briefly exposed in a public repository. The activity was carried out at 05:00 UTC on March 24, 2023, to prevent any bad actor from impersonating the service or eavesdropping on users' operations over SSH. The move does not impact web traffic to GitHub.com and Git operations performed via HTTPS. No change is required for ECDSA or Ed25519 users. GitHub has stated that there is no evidence that the exposed SSH private key was exploited by adversaries. The company did not disclose how long the secret was exposed. GitHub has emphasized that the "issue was not the result of a compromise of any GitHub systems or customer information." The company blamed it on an "inadvertent publishing of private information." GitHub has also noted that GitHub Actions users may see failed workflow runs if they are using actions/checkout with the ssh-key option. The company is in the process of updating the action across all tags.

READ THE STORY:   THN

Erosion of Russia’s Hegemonic Stability in the South Caucasus and Transition to Risky Instability

Analyst Comments: The decline of Russian hegemony in the South Caucasus creates a power vacuum in the region that may lead to violent conflicts and wars amongst different regional and external actors. Iran's increasing influence in the region and its de-facto alliance with Armenia against Azerbaijan and Turkey pose a significant security threat to regional stability. The situation in the South Caucasus resembles the period described by the power transition theory of international relations, and the emergence of a rising power seeking to challenge the dominance of the declining power may lead to conflicts and wars. Therefore, regional and external actors need to cooperate and engage in diplomatic efforts to prevent the escalation of conflicts and promote stability and peace in the region.

FROM THE MEDIA: Russia has historically had hegemony over the South Caucasus region, but its dominance is being challenged by Azerbaijan and Armenia's efforts to deepen alliances with Turkey and the EU. Russia's authority in the region has come under threat following its invasion of Ukraine, leading to a power transition that could result in conflicts among different regional and external actors. Iran seeks to fill the power vacuum left by Russia and build an alliance with Armenia against Azerbaijan and Turkey.

READ THE STORY:   Modern Diplomacy

How Albania Became a Target for Cyberattacks

Analyst Comments: The expulsion of Iran from Albania over cyberattacks is significant for several reasons. Firstly, it is unprecedented for a country to sever diplomatic ties over alleged cyberattacks, and the decision indicates the seriousness with which NATO member countries view such threats to their critical infrastructure. Secondly, the aggressive nature of the cyberattacks, reportedly carried out by Iranian state actors, has caused significant damage to Albania's computerized public and private infrastructure, causing a loss of data, disruption of public services, and leak of sensitive information. Thirdly, the alleged collaboration between Russia and Iran in carrying out these cyberattacks highlights the growing strategic partnership between these two countries, particularly in the battlespace of Ukraine, where Iran has become Moscow's major military backer in the war.

FROM THE MEDIA: Iran has been expelled from Albania after cyberattacks targeted the Albanian government, reportedly in retaliation for sheltering the Mujahedin-e-Khalq (MEK), an Iranian opposition group. Albania had allowed the group to establish a base from which it held political activities, leading to attacks by Iranian state actors on Albanian government servers, which led to the loss of data, disruption of public services, and leak of sensitive information, including the identities of hundreds of undercover Albanian intelligence officers. Hackers used ransomware and launched a destructive "wiper" attack, destroying public data using disk-wiping malware. The decision to allow MEK was a controversial one, but Prime Minister Edi Rama defends the move, stating that Albania has a long tradition of sheltering people, citing its acceptance of more Jews after World War II than before. Cyber experts have suggested that the aggressive nature of the attacks indicates a collaboration between Russia and Iran. Albania, as a NATO member, is one of the most vulnerable members of the military alliance and remains under attack by malign foreign actors.

READ THE STORY:   FP

DOJ says ‘millions’ of US citizens victimized by BreachForums administrator

Analyst Comments: The arrest of the alleged administrator of the BreachForums website is significant in both tactical and strategic terms. This event is a tactical victory for law enforcement and cybersecurity experts, as it is likely to disrupt the activities of cybercriminals who relied on the site to buy, sell, and trade hacked or stolen data and other information. The shutdown of BreachForums will make it more difficult for cybercriminals to operate in the short term. Strategically, the arrest sends a message that law enforcement and cybersecurity experts are capable of identifying and prosecuting cybercriminals who engage in illegal activities online. It also highlights the importance of security measures to protect personal information and sensitive data.

FROM THE MEDIA: BreachForums had over 340,000 members, and as of Jan. 11, 2023, had over 14 billion individual records. Fitzpatrick allegedly created the platform in March 2022 after the shutdown of the predecessor, RaidForums, which was taken down by the government. Fitzpatrick was charged with conspiracy to commit and aid and abet solicitation for the purpose of offering unauthorized access devices, due to his alleged “operation of BreachForums and his middleman service on BreachForums.” The FBI and U.S. Department of Health and Human Services have been investigating pompompurin and other members of BreachForums since March 2022. The FBI obtained images of servers that had a database of forum activity from RaidForums. Fitzpatrick admitted to owning and administering BreachForums and previously operated the pompompurin account on RaidForums. Fitzpatrick estimated that he earned approximately $1,000 a day from BreachForums, and that he uses this money to administer BreachForums and purchase other domains.

READ THE STORY:   The Record

FBI, CISA investigating cyberattack on Puerto Rico’s water authority

Analyst Comments: PRASA represents a serious threat to the security and integrity of public water systems, which are critical infrastructure facilities that are essential to public health and safety. The attack highlights the need for continued efforts to assess and improve the cybersecurity of drinking water systems, as well as other critical infrastructure facilities, in order to prevent similar incidents and protect against the potential consequences of successful cyberattacks. The attack also underscores the increasing threat posed by ransomware groups to critical infrastructure, which is targeting organizations where there are weaker security controls and a higher likelihood of compromise and ransom payout.

FROM THE MEDIA: The FBI is investigating a cyberattack on the Puerto Rico Aqueduct and Sewer Authority (PRASA), which was announced on March 19. Customer and employee information was compromised, but the authority’s critical infrastructure was not affected due to network segmentation. The PRASA has activated security protocols and is working with relevant authorities, including the FBI and CISA. While the attackers have not been identified, the Vice Society ransomware group has claimed responsibility and included the authority on its list of victims. The attack occurred two weeks after the White House and U.S. Environmental Protection Agency (EPA) issued new rules ordering states and territories to assess the cybersecurity of drinking water systems.

READ THE STORY:   The Record

It’s a bot-eat-bot world as cybercriminals go hi-tech

Analyst Comments: The rise of generative AI and deepfakes represents a significant threat to national security, democracy, and personal privacy. The ease of access to generative AI technology and the increasing sophistication of cyber criminals and state actors means that the threat of cyber attacks is increasing rapidly. The lack of cybersecurity readiness among Australian organizations is concerning, with only one in ten considered to be in the "mature" stage of cybersecurity readiness. The increasing use of AI for automating attacks and creating deepfakes means that there is a need for a collective effort to develop better defense strategies. The lack of trust in content and the difficulty in creating boundaries means that lawmakers need to take action to address these issues.

FROM THE MEDIA: Generative AI has led to the creation of convincing deep fakes, which can be used to manipulate individuals or even entire societies. Deepfakes can be used for malicious purposes, including generating fake pornography or producing videos of people making false statements to influence election results. The ease of access to generative AI technology, including popular apps like ChatGPT, makes it easier for state actors and cybercriminals to deploy these techniques at scale. The threat of cyber attacks is increasing, with cybercrime occurring every seven minutes in Australia, and attacks on mobile devices increasing exponentially. The healthcare, education, financial services, and critical infrastructure sectors are the most common targets. The increasing use of AI for automating attacks and creating advanced deep fakes means that the entire cybersecurity ecosystem needs to come together to develop better defense strategies.

READ THE STORY:   Michael West

Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps

Analyst Comments: The emergence of Nexus as a new Android banking trojan is a significant threat to the financial industry, with several threat actors already adopting it. Its ability to perform ATO attacks against banking portals and cryptocurrency services, as well as read 2FA codes, makes it a potent tool for conducting fraud. The fact that it overlaps with another banking trojan and incorporates a ransomware module further increases its threat level. Additionally, Nexus's explicit rules prohibiting its use in specific countries suggest that threat actors using it may have a specific target or agenda. As such, this event is of both tactical and strategic significance, as it poses a direct threat to the security of financial institutions and their customers.

FROM THE MEDIA: Italian cybersecurity firm Cleafy has reported the discovery of a new Android banking Trojan known as Nexus. This emerging malware appears to be in its early stages of development and has been adopted by several threat actors to target around 450 financial applications and conduct fraud. Nexus is advertised as a subscription service to its clientele for a monthly fee of $3,000. The malware provides all the main features to perform Account Takeover attacks against banking portals and cryptocurrency services, such as credentials stealing and SMS interception. Nexus has been used in real-world attacks, with most infections reported in Turkey, and overlaps with another banking trojan dubbed SOVA. The malware also contains features to take over accounts related to banking and cryptocurrency services by performing overlay attacks and keylogging to steal users' credentials.

READ THE STORY:   THN

Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies

Analyst Comments: The significance of this event is that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The operational tempo of Chinese cyber espionage actors highlights their consistent investment in advancing their cyber weaponry to evade detection. The group's ability to hide malicious payloads in fake files and utilize custom tools to circumvent security measures could allow them to compromise sensitive information and pose a threat to national security. The group's continuous development of new tools and malware signifies a long-term threat to global security.

FROM THE MEDIA: The threat actor, Earth Preta, has been active since at least 2012 and is tracked by the cybersecurity community under multiple names such as Bronze President, HoneyMyte, Mustang Panda, RedDelta, and Red Lich. The group employs spear-phishing emails that deploy a range of tools for backdoor access, command-and-control (C2), and data exfiltration. Earth Preta uses malicious lure archives distributed via Dropbox or Google Drive links that employ DLL side-loading, LNK shortcut files, and fake file extensions to obtain a foothold and drop backdoors like TONEINS, TONESHELL, PUBLOAD, and MQsTTang. Recently, the group has been observed delivering Cobalt Strike via Google Drive links. Earth Preta tends to hide malicious payloads in fake files to avoid detection. The threat actor has been observed leveraging custom tools like ABPASS and CCPASS to circumvent User Account Control (UAC) in Windows 10.

READ THE STORY:   THN

Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

Analyst Comments: The discovery of this malicious Python package highlights the potential risks associated with using open-source libraries from public repositories such as PyPI. This development demonstrates the continued efforts of threat actors to find new ways to evade detection and compromise sensitive information. The use of Unicode to inject vulnerabilities into the source code indicates that threat actors are becoming increasingly sophisticated in their methods. The fact that the package was downloaded 183 times before being taken down suggests that this development could have significant implications for organizations that rely on open-source libraries. As such, it is essential for organizations to adopt robust security measures and stay up to date with the latest security trends to mitigate such risks.

FROM THE MEDIA: A malicious Python package named onyxproxy, uploaded to the Python Package Index (PyPI) repository, has been found to use Unicode to evade detection and deploy an info-stealing malware. The package, uploaded on March 15, 2023, was capable of harvesting and exfiltrating credentials and other valuable data and had attracted a total of 183 downloads before it was taken down. The package incorporates its malicious behavior in a setup script that is packed with thousands of seemingly legitimate code strings. The package uses homoglyphs to camouflage its true colors and inject vulnerabilities into the source code. This technique was previously disclosed in an attack technique called Trojan Source. The development highlights the continued attempts of threat actors to find new ways to slip through string-matching based defenses by leveraging the way the Python interpreter handles Unicode.

READ THE STORY:   THN

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

Analyst Comments: The fact that Russia-based threat actors weaponized the flaw in attacks targeting government, transportation, energy, and military sectors in Europe underscores the severity of the issue. The guidance provided by Microsoft highlights the importance of monitoring network telemetry to identify potential exploitation of this vulnerability. It is essential for organizations to keep their systems up to date and take necessary steps to bolster their networks to mitigate potential threats. The disclosure of this vulnerability also underscores the need for organizations to adopt a proactive approach to security and stay up to date with the latest security trends to mitigate potential risks.

FROM THE MEDIA: Microsoft has shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability (CVE-2023-23397). The critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) hashes and stage a relay attack without requiring any user interaction. The vulnerability was resolved by Microsoft as part of its Patch Tuesday updates for March 2023, but not before Russia-based threat actors weaponized the flaw in attacks targeting government, transportation, energy, and military sectors in Europe. Microsoft has urged organizations to review SMBClient event logging, process creation events, and other available network telemetry to identify potential exploitation via CVE-2023-23397.

READ THE STORY:   THN

How the Pentagon learned to love vulnerability disclosure

Analyst Comments: The VDP represents a significant evolution in the practice of vulnerability disclosure and bug bounty programs in the US government, which has been widely adopted in civilian agencies and private sectors. The successful implementation of the VDP in the DoD demonstrates the effectiveness of a coordinated vulnerability disclosure program in identifying and remediating security flaws. The VDP's scalability and adaptability make it a model for other agencies and foreign governments looking to establish similar programs. The VDP has also helped the DoD cultivate a positive relationship with the global community of ethical hackers, who are increasingly becoming an important part of the cybersecurity ecosystem. By recognizing and promoting the discoveries of ethical hackers, the VDP creates incentives for hackers to report vulnerabilities, ultimately leading to a more secure information infrastructure.

FROM THE MEDIA: The Department of Defense (DoD) has successfully implemented a vulnerability disclosure program (VDP) to encourage the global cybersecurity research community to spot bugs in its vast ecosystem of publicly accessible information networks and systems. The VDP provides a mechanism for reporting, assessing, and remediating security flaws that are found by white-hat hackers who have been given permission to scan all publicly accessible DoD information systems. Since its launch, the program has processed 45,000 reports, resulting in 25,762 actionable defects that require remediation. The DoD aims to recognize and promote the discoveries of ethical hackers by grading them against the Common Vulnerability Scoring System, awarding the "report of the month" or "report of the year" to the top-performing hacker. The DoD has no plans to expand the program to classified systems, but it is exploring new partnerships with research communities and academia to expand the program's scalability.

READ THE STORY:   The Record

Items of interest

Washington Must Wake Up To The Innovation Imperative

Analyst Comments: China's technological dominance could lead to its dominance in the global economic and trade system, as well as on the battlefield. The US's eroding investment in development and basic research, degradation of crown-jewel national laboratory facilities, and persistent lack of capital to move technologies to the scaling stage put the US at risk. The US must develop a comprehensive strategy to compete with China in technology and innovation, and a whole-of-nation effort is required to achieve this goal. The CHIPS and Science Act, Inflation Reduction Act funding, and the expansion of the National Science Foundation's mission are crucial first steps to deal with national needs and threats from China.

FROM THE MEDIA: The convergence of technology revolutions and high-stakes competition between the US and China could lead to China's dominance in technology, trade, and innovation. China is aggressively pursuing critical technologies and is using talent programs, research collaborations, espionage, cyber intrusion, and military-civil fusion to acquire technologies from the US. China sees data as a strategic resource that can give it an advantage over the US. The US must develop a national science and technology strategy, expand funding for innovation, develop technology at speed and scale, and embrace technology statecraft to deal with national needs and threats from China. However, the government cannot do it alone; a whole-of-nation effort is required with the government, the private sector, labor, and the education community working together.

READ THE STORY:   Forbes

DarkFi: The Coming Storm (Video)

FROM THE MEDIA: The speaker discusses the problems with centralization and lack of privacy in the current web ecosystem, including the control of web engines by big companies, the use of content delivery networks (CDNs) and virtual private servers (VPS), and the incorporation of closed source software in D5 projects. They also mention the lack of education in privacy and security among developers and the prevalence of proprietary software and the mismanagement of data. They suggest solutions such as building open-source communities, using a decentralized task management and communication platforms, and enforcing the use of free software licenses in blockchain technology. They also touch on the issue of anonymity in decentralized anonymous organizations and the need for unbiased and trustless voting systems.

From Cryptocurrencies to Cryptostates (Video)

FROM THE MEDIA: The speaker, Jarrad Hope, is the founder of a project called Status which aims to create a private, decentralized, and encrypted super application. In this talk, he discusses why he is in the crypto industry, the political consequences of the movement, and the reasons for developing new social orders based on voluntary interactions and enforcement of rights through protocols. He highlights the problems of debt slavery and technological authoritarianism and argues that applying liquid markets to social orders is the best thing we can do for humanity. He also discusses the concept of creating virtual states and self-determining communities that follow best practices in providing governing services and distributing non-coercive justice to all.

These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.