Thursday, March 30, 2023 // (IG): BB // Financial Enabler // Coffee for Bob
Russia arrests Wall Street Journal reporter for espionage
Analyst Comments: The arrest of Evan Gershkovich by the FSB underscores the ongoing tensions between Russia and the United States, particularly in the context of the fighting in Ukraine. The charges against him and his potential imprisonment for up to 20 years raise serious concerns about the treatment of journalists and the freedom of the press in Russia. This incident is also likely to further strain the already-tense relationship between the two countries and could have implications for other journalists reporting on sensitive topics in Russia.
FROM THE MEDIA: Evan Gershkovich, a reporter for the Wall Street Journal, has been arrested on espionage charges by Russia's Federal Security Service (FSB). He was detained in the Ural Mountains city of Yekaterinburg while allegedly trying to obtain classified information about the activities of one of the enterprises of the Russian military-industrial complex that constitutes a state secret. Gershkovich is the first reporter for an American news outlet to be arrested on espionage charges in Russia since the Cold War. His arrest comes amid the bitter tensions between Moscow and Washington over the fighting in Ukraine.
READ THE STORY: Arab News
Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware
Analyst Comments: The use of clipper malware is not new, but the use of the TOR browser and Trojanized installers to distribute it is a new trend. The ability of the clipper malware to remain silent for years without displaying any signs of presence until it replaces a crypto wallet address is a worrying feature for users. The fact that the malware only activates when clipboard data meets a specific criterion makes it more evasive. The method of distribution is unclear, but evidence points to the use of torrent downloads or third-party sources. It is, therefore, important for users to download software only from reliable and trusted sources.
FROM THE MEDIA: Russian and Eastern European users of the TOR anonymity browser have been targeted with clipper malware since September 2022. Trojanized installers of TOR are used to distribute the clipper malware which replaces cryptocurrency wallet addresses in the clipboard with random addresses from a hardcoded list, redirecting users' funds to attackers. This campaign is believed to have netted the attackers around $400,000 in illicit profits through the theft of Bitcoin, Litecoin, Ether, and Dogecoin. The campaign is suspected to be larger than reported, with the possibility of the threat actors using other software installers and delivery methods to target more users.
READ THE STORY: THN
Tensions With China Emerge Over Undersea Cables Carrying Internet Traffic
Analyst Comments: The growing tension between the United States and China over undersea internet cables highlights the importance of cybersecurity in international relations. The strategic targeting of these cables has the potential to cause significant harm to national security and disrupt global internet connectivity. The recent incidents of the cables being cut raise questions about targeted harassment and the need for greater protection and investment in cable armor, deeper burial, and decoy cables. It also underscores the need for international legal frameworks that clarify the consequences of accidental or intentional underwater cable destruction. The ongoing tensions between the United States and China suggest that cybersecurity will remain a critical area of concern in the years to come.
FROM THE MEDIA: Undersea internet cables, which are responsible for carrying the majority of intercontinental internet traffic, have become a focal point for geopolitical tensions between China and the United States. Cybersecurity experts suggest that submarine cables are involved in every aspect of the rising geopolitical tensions between the two nations. The cables have been a hot spot in China's relations with Taiwan, with recent incidents of the cables being cut, raising questions about targeted harassment of Taiwan by China. The loss of internet cables and connectivity has significant military implications, as shown by Russia's targeting of internet infrastructure during its assault on Ukraine.
READ THE STORY: VOA
US Deports North Korean Sentenced for Money Laundering to China
Analyst Comments: The deportation of Mun from the US to China highlights the continuing efforts of the US to enforce sanctions on North Korea, particularly with regard to its nuclear program. The use of shell companies and falsified transaction records to evade sanctions highlights the difficulty of enforcing such measures, as does North Korea’s use of evasion schemes to procure luxury goods from 90 countries between 2015 and 2017. North Korea’s use of front companies to conceal its illicit activities has been an ongoing challenge for US and UN efforts to enforce sanctions, but Mun’s sentencing and deportation represent a significant victory in this regard. The fact that Mun was affiliated with the RGB, a North Korean intelligence organization, also underlines the links between the country’s illicit activities and its intelligence apparatus.
FROM THE MEDIA: North Korean national Mun Chol Myong has been deported from the US to China after serving 45 months in prison for money laundering offenses. Mun had been using the American financial system to purchase luxury goods for the North Korean regime, violating US and UN sanctions aimed at curbing the country’s nuclear and missile programs. Mun was affiliated with the Reconnaissance General Bureau (RGB), North Korea’s intelligence organization that has been sanctioned by the US and the UN. The RGB is known to operate outside of North Korea’s military structure and has been linked to terrorist, clandestine, and illicit activities.
READ THE STORY: VOA
North Korean threat actor APT43 pivots back to strategic cyber espionage
Analyst Comments: The APT43 group's activities align with North Korea's strategic interests and its reliance on cyber capabilities to achieve its goals. APT43's use of social engineering and credential harvesting highlights the need for individuals and organizations to remain vigilant against phishing attempts and to adopt strong security measures. The group's collaboration with other North Korean state-sponsored groups and its persistent and continuously developing operations reflect the country's sustained investment and reliance on cyber capabilities. Organizations and individuals targeted by APT43 should implement strong cybersecurity measures and remain aware of evolving threat actors' tactics and techniques.
FROM THE MEDIA: APT43, also known as Kimsuky or Thallium, is a North Korean state-sponsored cyber threat group that has been carrying out cyber espionage and cybercrime operations since at least 2018. APT43 specializes in credential harvesting and social engineering with a focus on foreign policy and nuclear security issues, reflecting North Korea's strategic nuclear goals. The group also engages in cryptocurrency theft and laundering to fund its infrastructure needs. A new report by Google-owned cybersecurity firm Mandiant shows that APT43 has been targeting track two diplomatic channels since 2022, including religious groups, universities, non-governmental organizations, journalists, academics, bloggers, and human rights activists. The group's ultimate aim is to collect information about international negotiations, sanctions policy, and other countries' foreign relations and domestic politics as they may affect North Korea's nuclear ambitions.
READ THE STORY: CSO
China’s claims of the ‘Global Security Initiative’ run counter to the ground reality of bullying countries in SCS
Analyst Comments: The use of cloud-based power to mine cryptocurrency by the North Korean hacking group APT 43 is a novel tactic. This approach allows the group to produce clean bitcoin that cannot be traced by law enforcement, enabling them to fund their cyber espionage activities. The group's use of tailored spear-phishing emails and spoofed websites designed to steal credentials, along with persona building on fake LinkedIn profiles, highlights the sophistication of their tactics. The group's increasing aggressiveness and likely automation of its campaigns are a cause for concern. Overall, this report shows the continuing evolution and adaptation of North Korean hacking groups in their use of cryptocurrency-related cybercrime to fund their activities.
FROM THE MEDIA: China's "Global Security Initiative" (GSI), announced by President Xi Jinping in April 2022, aims to present China as an honest broker in conflicts and offer a plan for a "common, comprehensive, cooperative and sustainable security." However, an Inside Over report notes that China's policies and actions demonstrate its contempt for the United Nations Charter and UN entities when they oppose Beijing's tactics in the South China Sea. The GSI is a repackaging of Xi Jinping's speeches on a global Sinocentric order at the Conference on Interaction and confidence-building measures in Asia (CICA) and other past statements. The GSI's basic principles include offering China as an honest broker while respecting the sovereignty and territorial integrity of all nations and upholding the principles of the UN Charter, which are not reflected in China's actual policies.
READ THE STORY: The Print
Africa becoming a hot target for threat actors
Analyst Comments: The report by Trellix highlights the increasing threat of cyber-attacks in South Africa, especially in the government, education, and banking sectors. The use of spear-phishing tactics, exploiting vulnerabilities such as ProxyLogon, and the weaponization of USBs indicate that cyber attackers are becoming more sophisticated in their methods. Moreover, the report suggests that South African organizations are considered more willing to pay ransomware attackers, making them an attractive target for cybercriminals. The report emphasizes the importance of identifying and understanding threat actors and implementing robust security infrastructure to mitigate such attacks.
FROM THE MEDIA: Trellix, a global cybersecurity company, reported an increase in cyber threat campaigns in South Africa at the beginning of 2023. According to the report, the most targeted sectors include government, education, and banking. Threat actor groups such as Common Raven and FIN7 have been identified as the major culprits behind these attacks. Common Raven, which primarily targets the financial sector, has reportedly earned around $11 million in four years and is now expanding operations in Southern Africa. Meanwhile, FIN7, a threat actor known for stealing financial data and selling it, is a new entrant in the South African market. The report also identified UNC4191, which has links to China and is primarily focused on government and academic institutions, as a sophisticated group that weaponizes USBs to infiltrate systems.
READ THE STORY: iTWeb
AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services
Analyst Comments: The emergence of AlienFox is concerning as it shows threat actors targeting minimal cloud services to expand subsequent campaigns. The malware is highly modular and constantly evolving, indicating that the threat actors behind it are sophisticated and have the resources to adapt to new security measures. Organizations are recommended to adhere to configuration management best practices and follow the principle of least privilege to mitigate the risks posed by AlienFox. The ability of the malware to create new Amazon accounts is particularly concerning, as it could be used to carry out fraudulent activities.
FROM THE MEDIA: A new malware toolkit called AlienFox is being distributed on Telegram and is designed to harvest credentials from API keys and secrets from popular cloud service providers. According to cybersecurity firm SentinelOne, the malware is highly modular and constantly evolving to accommodate new features and performance improvements. Its primary use is to enumerate misconfigured hosts via scanning platforms and subsequently extract credentials from configuration files exposed on the servers. AlienFox can gather sensitive data from various platforms, including AWS, Google Workspace, and Microsoft 365. It can also create new Amazon accounts if an email address is not already linked to an Amazon.com retail account.
READ THE STORY: THN
Beijing Reinforces Its Case to Be a Global Cyber Leader
Analyst Comments: While China is trying to offer itself as a responsible leader in cyberspace, some argue that the white paper merely underscores Beijing's commitment to robust control over information and information systems. Others see China's emphasis on a law-based approach to cyberspace governance as an attempt to fill the void of global cyber leaders, a role that the US has held for a long time. China has skillfully juxtaposed its law-based governance aspirations against the US's more aggressive cyber policy, playing to its position of cyber sovereignty. China has made its case to the world through its white papers and the United Nations in the GGE and OEWG, hoping to gain ground in recruiting others to its side.
FROM THE MEDIA: Beijing recently released a white paper titled "China’s Law-Based Cyberspace Governance in the New Era," emphasizing the importance of a rules-based approach to the Internet and highlighting the country's success in adhering to such values. The white paper stresses upholding the rule of law in cyberspace, consolidating the system for Internet governance, promoting public awareness, and increasing international exchanges and cooperation when it comes to cyberspace governance. The white paper identifies three stages of cyber legislation in China, showing a gradual but steady development. China uses the white paper as a way to promote itself as a responsible actor on the global stage and to demonstrate that its adherence to a law-based cyberspace approach to governance has been instrumental in its own overall strategy and success in cyber-related matters.
READ THE STORY: OODALOOP
Binance concealed ties to China for years, even after the 2017 crypto crackdown
Analyst Comments: The accusations against Binance are serious and could impact the company's reputation and business operations. If the claims of concealing ties to China are true, it could also result in legal consequences. Binance has denied the allegations and stated that the company "does not operate in China nor do we have any technology, including servers or data, based in China." Nevertheless, the allegations and the CFTC lawsuit will likely cause increased scrutiny and regulatory pressure on the company, which could affect its growth and global market position.
FROM THE MEDIA: According to documents obtained by the Financial Times, Binance CEO Changpeng Zhao and other senior executives have allegedly been concealing the cryptocurrency exchange's ties with China for several years. The report claims that Binance had significant ties to China despite its claims of leaving the country after a 2017 ban on crypto. The report mentions an office still in use at the end of 2019 and a Chinese bank used to pay employees. The report backs up accusations made in a lawsuit filed on March 27 by the United States Commodity Futures Trading Commission (CFTC) against the exchange, claiming that Binance obscured the location of its executive offices, as well as the “identities and locations of the entities operating the trading platform.”
READ THE STORY: Cointelegraph
FDA can now reject new medical devices over cyber standards
Analyst Comments: The implementation of these new cybersecurity standards for medical device manufacturers is a necessary move to help protect the industry from increasing cyber threats. The medical sector has been a prime target of cyber attacks and vulnerabilities in medical devices have left them open to exploitation by threat actors. The new regulations will ensure that cybersecurity is baked into devices from the outset and will remain a priority beyond the initial implementation. However, it is worth noting that these regulations only apply to new products and not existing ones. Therefore, the concerns surrounding currently deployed insecure devices and legacy technologies will not be alleviated. The new focus on accountability for software makers and the industry for defects in products is a significant shift from previous strategies that placed the emphasis on users.
FROM THE MEDIA: The US Food and Drug Administration (FDA) has implemented new cybersecurity standards for medical device manufacturers seeking its approval. The rules came into effect on 23 March 2023, with manufacturers needing to prove their products meet certain cybersecurity standards. These include releasing updates and patches after a product goes to market, providing a software bill of materials, and submitting a plan for identifying and addressing “postmarket cybersecurity vulnerabilities”. Devices that have software and are connected to the internet are affected by new standards, such as insulin pumps, blood sugar monitors, and certain pacemakers. The new regulations were laid out in an omnibus appropriations bill signed into law in December 2022.
READ THE STORY: The Record
Mélofée: Researchers Uncover New Linux Malware Linked to Chinese APT Groups
Analyst Comments: The discovery of this new malware highlights the ongoing threat of state-sponsored cyberattacks from China. While the capabilities of Mélofée are relatively simple, they can still enable adversaries to conduct their attacks under the radar. The use of infrastructure overlaps with other known Chinese state-sponsored hacking groups like APT41 and Earth Berberoka further reinforcing the likelihood of a Chinese origin. This discovery underscores the importance of regular security monitoring and the use of best practices for securing Linux servers to prevent such attacks.
FROM THE MEDIA: An unknown Chinese state-sponsored hacking group has been found to be linked to a newly discovered piece of malware named Mélofée that targets Linux servers. French cybersecurity firm ExaTrack has discovered three samples of the malware that date back to early 2022. One of the samples is designed to drop a kernel-mode rootkit that is based on an open-source project called Reptile. Both the implant and the rootkit are deployed using shell commands that download an installer and a custom binary package from a remote server. Mélofée's features are no different from other backdoors of its kind, allowing it to contact a remote server and receive instructions that enable it to carry out file operations, create sockets, launch a shell, and execute arbitrary commands. The malware's ties to China come from infrastructure overlaps with groups such as APT41 (aka Winnti) and Earth Berberoka (aka GamblingPuppet).
READ THE STORY: The Record
life of a Russian 'illegal' bared in US charges
Analyst Comments: The recent cases of Russian spies living as "illegals" highlight the continued use of traditional espionage tactics by Russia, even as cyberattacks and disinformation campaigns receive more attention. The cases also reveal the continued vulnerability of Western societies to infiltration by foreign intelligence services. The use of deep cover operatives is a significant threat, as they are often able to blend into society and gather information without detection for long periods of time. The cases also reveal the continued incompetence of some Russian intelligence operatives, who have been sloppy in their spycraft and tradecraft, putting themselves and their operations at risk of detection.
FROM THE MEDIA: Several recent cases of Russian spies living as "illegals" have been uncovered, including the case of Brazilian Viktor Ferreira (real name Sergey Cherkasov), who was accepted into the elite Johns Hopkins School of Advanced International Studies (SAIS) in Washington, DC. According to a US indictment, Cherkasov was a Russian spy under deep cover, with his memory drives revealing a wealth of information about his life and spycraft. Similar cases have been uncovered in Greece, Norway, and Italy.
READ THE STORY: Yahoo News
US commits $25 million to Costa Rica for Conti ransomware recovery
Analyst Comments: The allocation of $25m to Costa Rica to support its cybersecurity is a welcome development as it shows the US commitment to helping countries build their capacity to protect themselves from cyberattacks. This funding will help Costa Rica establish a centralized security operations center to defend against future attacks. However, some may criticize the decision to support Costa Rica rather than other countries that have also suffered ransomware attacks, especially given that the Conti ransomware group also targeted US entities. Nevertheless, the move is part of a broader initiative to support democratic countries and to hold malicious actors accountable.
FROM THE MEDIA: The US government has allocated $25m to support cybersecurity efforts in Costa Rica following a ransomware attack last year. Costa Rica's new President, Rodrigo Chaves, declared a state of emergency after the now-defunct Conti ransomware group caused significant damage to the country's Ministry of Finance, Ministry of Public Works and Transport, and the Costa Rican Social Security Fund. The funding will be used to establish a centralized security operations center within the Ministry of Science, Innovation, Technology, and Communications to prevent, detect, and respond to cyberattacks. It will also support strategic and technical planning, cybersecurity training and capacity building, and the purchase of hardware, software, licenses, and tools. The US officials plan to meet with President Chaves to discuss the grant and broader measures to secure digital infrastructure. The move is part of a broader effort to support Ukraine in its war with Russia.
READ THE STORY: The Record
US energy sector facing cyber risk from Chinese-made grid tech
Analyst Comments: The threat of Chinese equipment in the US electric grid has long been a concern, as it may be used for cyber espionage or cyber attacks, leading to severe implications for national security. The efforts by the US Department of Energy and the collaboration with national labs to identify vulnerabilities in different grid equipment are commendable. However, there need to be more extensive information-sharing efforts, including the involvement of the private sector networks, cyber technology companies, and the intelligence community to address the issue comprehensively. It is essential to identify all equipment of Chinese origin and have secure systems and processes to ensure that the electric grid remains protected.
FROM THE MEDIA: The prevalence of Chinese equipment in the US electric grid is causing national security concerns as it may pose risks to the country. US Senator Angus Maine urged the US to identify electric grid equipment originating from China in a Senate Energy and Natural Resources Committee hearing. The Department of Energy Office of Cybersecurity, Energy Security, and Emergency Response Director, Puesh Kumar, stated that the Energy Department is making efforts to understand the most critical grid system components and identify those manufactured in China. Kumar also noted that more extensive information-sharing efforts are required to counter Chinese equipment threats.
READ THE STORY: SCMAG
Germany sours on Microsoft again, launches antitrust review
Analyst Comments: Microsoft's influence extends far and wide, which could result in anticompetitive practices. Germany's Bundeskartellamt's investigation is, therefore, appropriate. Microsoft is no stranger to antitrust investigations and litigation, and it's important to have an early warning system to detect possible abuses of power. The investigation will be helpful in assessing whether Microsoft's presence across different markets is anti-competitive and whether it warrants closer scrutiny by regulators. The agency's focus on the company's digital ecosystem, its size and influence, and the risk it poses to other businesses is an appropriate and necessary move.
FROM THE MEDIA: Germany's competition regulator, Bundeskartellamt, has started an investigation into Microsoft to determine whether it is a company of "paramount significance." The regulator will scrutinize Microsoft's vast portfolio, including operating systems, productivity software, cloud services, video games, and social media, to decide whether it warrants closer attention. Microsoft's size and influence could harm competition, Bundeskartellamt said. The agency is conducting the investigation under abuse control laws introduced in early 2021, which prohibit large companies from undertaking specific business practices if regulators believe they could harm competition.
READ THE STORY: The Register
Sewage releases breaching conditions more than doubled last year
Analyst Comments: It is unclear whether the sewage releases by water companies that breach permit conditions are intentional or not. While water companies are allowed to release sewage during heavy rainfall to prevent it from backing up into homes, they are expected to report to the Environment Agency when these releases occur at other times, such as when sewers become blocked. However, the reported increase in breaches of permit conditions suggests that some water companies may not be properly reporting these incidents or taking measures to prevent them from happening. Further investigations will be required to determine whether the breaches are intentional or not. The rise in sewage releases that breach permit conditions highlights the need for improved wastewater treatment infrastructure, as compliance with permit conditions is essential to avoid environmental risks.
FROM THE MEDIA: Water companies in the UK are releasing sewage hundreds of times a year at times when they are not allowed to do so. The number of sewage releases breaching permit conditions more than doubled from 273 in 2021 to 554 in 2022, with Southern Water being the worst offender. Water companies are permitted to release sewage when their overflow systems are under stress due to heavy rain. However, they are expected to report to the Environment Agency (EA) when their sewage overflows occur at other times. The regulator is expected to take action against repeated breaches, which can lead to prosecution. The EA and Ofwat are currently investigating all water companies over potential breaches of their environmental permits.
READ THE STORY: Telegraph
Latest State of API Security report: 400% increase in attackers and more
Analyst Comments: The findings of the State of API Security report are concerning, as they demonstrate that API attacks are increasing, and organizations' API security programs are not mature enough to prevent them. The report highlights that API security is not only a security problem but also a critical business issue that affects application rollout and business success. It is concerning that only 12% of respondents consider their API security programs to be advanced, and 30% have no current API security strategy, despite having production APIs in place. Organizations need to prioritize API security and adopt modern security strategies that address security at every stage of the API lifecycle to prevent attacks and protect sensitive data. The report's recommendations for improving API security, such as implementing shift-left API security practices, must be taken seriously by organizations to avoid becoming victims of API attacks.
FROM THE MEDIA: The fifth edition of the State of API Security report by Salt Labs reveals that the number of unique attackers targeting APIs has increased by 400% over the last six months. In addition, 94% of survey respondents experienced security problems in production APIs, with 17% reporting that their organizations suffered a data breach as a result of API security gaps. The report also highlights that API security has become a significant business issue, with more than half of the respondents stating that they have had to slow the rollout of new applications because of API security concerns. Furthermore, only 12% of respondents consider their API security programs to be advanced, while 30% have no current API security strategy.
READ THE STORY: Security Boulevard
How to Build a Research Lab for Reverse Engineering
Analyst Comments: The article provides a comprehensive overview of the different ways to create a malware analysis lab, and it highlights the pros and cons of each approach. The use of bullet points to outline the advantages and disadvantages of each method is particularly helpful. Additionally, the recommended list of essential tools for reverse engineering and malware analysis is beneficial for security researchers.
FROM THE MEDIA: Malware analysis labs provide an isolated space for examining malware. The setup can range from a simple virtual machine to a more intricate network of interconnected machines and actual networking hardware. Four different methods for creating an analysis lab include utilizing virtualization, building a dedicated machine, deploying a cloud lab, or subscribing to a sandbox-as-a-service. Each approach has its own set of benefits and drawbacks, and the correct choice depends on what you are trying to achieve and the resources available to you.
READ THE STORY: THN
3CX Desktop App Supply Chain Attack Leaves Millions at Risk - Urgent Update on the Way
Analyst Comments: This news highlights the increasing threats posed by supply chain attacks, as attackers target vendors to gain access to their client's systems. The fact that the 3CXDesktopApp was digitally signed and distributed through the official channels makes this attack more dangerous, as it could have easily gone unnoticed. The attack on such widely used software could potentially impact a large number of businesses and users. 3CX's prompt response to the attack by issuing a new build is commendable, but it underscores the need for businesses to have robust cybersecurity measures in place, including regular updates and patching of their software. Additionally, the fact that this attack is reportedly linked to a North Korean nation-state actor serves as a reminder of the continued threat posed by state-sponsored hacking groups.
FROM THE MEDIA: 3CX, the company behind 3CXDesktopApp, is reportedly working on a software update for its desktop app following a supply chain attack. Cybersecurity vendors have raised an alarm after digitally signed and rigged installers of the software were used to target downstream customers. SentinelOne researchers stated that the trojanized 3CX desktop app is the first stage in a multi-stage attack chain that pulls ICO files appended with Base64 data from GitHub and ultimately leads to a third-stage info stealer DLL. The cybersecurity firm is tracking the activity under the name SmoothOperator, stating the threat actor registered a massive attack infrastructure as far back as February 2022. 3CX claims to have more than 600,000 customers and 12 million users in 190 countries, some of which include well-known names like American Express, BMW, Honda, Ikea, Pepsi, and Toyota.
READ THE STORY: THN
How space exploration is fueling the Fourth Industrial Revolution
Analyst Comments: This article provides a comprehensive overview of the current state of the space industry, highlighting the key trends, players, and opportunities in the sector. It is well-researched and presents a balanced view of the subject matter. The author effectively demonstrates the positive impact of 4IR on the space industry and how it is transforming the economic, political, and social systems.
FROM THE MEDIA: The convergence of technologies in the Fourth Industrial Revolution (4IR) is transforming the space industry, leading to new players, trends, opportunities, and challenges. Falling launch costs and increasing capabilities of smaller satellites due to technological advancements are leading to new capabilities for space exploration, as well as direct benefits for society on Earth. The private sector now leads the public sector in space discovery and technological application. As space technology continues to evolve, it is unlocking new opportunities for more inclusive prosperity. These opportunities are present in both space-to-Earth activities and space-to-space activities, and they have the potential to provide groundbreaking capabilities for a range of sectors. Additionally, countries and regions that were previously left out of the space industry now have the potential to engage in meaningful diplomacy on a global stage and to find areas of common goals despite ongoing conflicts on Earth.
READ THE STORY: Brookings EDU
War On Crypto Intensifies: SEC Charges Another Company
Analyst Comments: The SEC's crackdown on the crypto industry continues, and this latest move shows that the regulator is not slowing down its pace. The charges against Beaxy and its executives suggest that the SEC is taking a tough stance against companies that fail to comply with securities laws. The charges also highlight the importance of registration requirements for market makers and intermediaries to protect investors and ensure market integrity. The fact that Windy, Murphy, Abbott, Peterson, and the Braverock Entities have agreed to permanent injunctions and civil penalties without admitting or denying the allegations suggests that they recognize the seriousness of the SEC's charges. Overall, this case underscores the need for crypto firms to comply with securities laws and regulations, or face potentially severe consequences.
FROM THE MEDIA: The US Securities and Exchange Commission (SEC) has charged cryptocurrency platform Beaxy and its executives with violating securities laws by failing to register as a national securities exchange, broker, and clearing agency. The SEC has also accused Beaxy of conducting an unregistered offering of the Beaxy token (BXY) and misappropriating $900,000 for personal use, including gambling. In addition, market makers operating on the Beaxy platform have been charged as "unregistered dealers" for failing to comply with registration requirements. The SEC has also targeted Windy Inc., the firm that provided the Beaxy platform, and its executives Nicholas Murphy and Randolph Bay Abbott. The SEC alleges that Windy violated the Securities Exchange Act, and Murphy and Abbott are accused of operating an unregistered exchange, broker, and clearing agency. Finally, Brian Peterson and his companies, known as the Braverock Entities, have been accused of acting as unregistered dealers by providing market-making services for the Beaxy token and other crypto assets without registering.
READ THE STORY: Bitcoinist
Trojanized Tor browsers target Russians with crypto-stealing malware
Analyst Comments: This attack is a simple yet effective way for attackers to steal cryptocurrency transactions from unsuspecting users. The use of an outdated Tor Browser version and localized installers makes it harder for users to detect the malware, which is why it is critical to download software only from official and trustworthy sources. The fact that the Trojanized Tor installers are targeting regions where the official Tor Project website is banned is likely to be the main reason why users in those regions fall victim to this attack.
FROM THE MEDIA: Security researchers from Kaspersky have issued a warning that trojanized Tor Browser installers are being used to target users in Russia and Eastern Europe, as well as in other countries worldwide. These malicious installers include an outdated version of the browser and hidden malware that hijacks the clipboard, replacing cryptocurrency wallet addresses with those belonging to the attackers. Kaspersky found that these installers have been responsible for stealing almost $400,000 in cryptocurrency, with over 16,000 variants detected between August 2022 and February 2023.
READ THE STORY: Bleeping Computer
Items of interest
Bitter APT sets sights on the Chinese nuclear energy industry
Analyst Comments: The targeting of China's nuclear energy sector by Bitter APT is a cause for concern, as it suggests that the group is seeking sensitive information. Bitter APT has been active for several years and has previously targeted government agencies, military organizations, and diplomatic missions in various countries. The use of phishing emails with Excel or CHM payloads is a common tactic used by cybercriminals and APT groups. Organizations should implement security measures such as multi-factor authentication, email filters, and regular employee training to mitigate the risk of phishing attacks.
FROM THE MEDIA: China's nuclear energy sector has been targeted by a cyberespionage campaign launched by Bitter, an advanced persistent threat group based in South Asia. The group used phishing emails with Excel or CHM payloads to infect computers and retrieve additional malware, according to a report by Intezer. The Excel payloads enabled the creation of scheduled tasks for deploying EXE files, while the CHM files allowed arbitrary code execution. Bitter APT is known to have used various files in its operations.
READ THE STORY: SCMAG
What is Fuzzing? (Video)
FROM THE MEDIA: The speaker introduces a tool called "Wfuzz" which performs fuzzing by sending input to an application quickly and repeatedly to find unique responses that could lead to vulnerabilities. The tool allows the user to add an attack designation and a word list for testing. The speaker also highlights another tool called "OWASP Mass" for performing initial reconnaissance and finding APIs. The speaker has a section in their book on discovering APIs and recommends using web application proxying, looking for advertised public APIs, and using dev tools or proxy tools to filter out API requests for finding APIs.
Uncovering Hidden Bugs and Vulnerabilities in C/C++ (Video)
FROM THE MEDIA: The speaker, Johan, introduces himself as a senior safety software developer at Code Intelligence and gives a brief background of his experience in software quality. He talks about the importance of fuzzing in finding bugs and vulnerabilities in C and C++ applications. He explains the modern approach to fuzzing using coverage-guided mutation-based fuzzing and the use of sanitizers to trigger bugs. He also discusses the different types of errors that can be found with different sanitizers and the benefits of using fuzzing to detect logical bugs, infinite loops, and differential fuzzing.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.