Friday, March 31, 2023 // (IG): BB // Financial Enabler // Coffee for Bob
Leaked IT contractor files detail the Kremlin's stockpile of cyber-weapons
Analyst Comments: The leaked documents, if verified, could provide unprecedented insight into the methods and operations of Russian intelligence and military agencies in the realm of cyber warfare. The Vulkan Files' links to the notorious NotPetya malware, which is thought to have been created by Russian intelligence, could further implicate Russia in this and other major cyberattacks. The documents' exposure may also have implications for companies working with NTC Vulkan, who may now face greater scrutiny from regulators and the public. The leak follows a similar pattern to that of the 2013 disclosures by former NSA contractor Edward Snowden, which also revealed classified information about state-sponsored cyber espionage.
FROM THE MEDIA: Several media organizations have been given access to leaked documents by an anonymous whistleblower that allegedly shows how Moscow-based IT consultancy NTC Vulkan supports Russian military and intelligence agencies with cyber warfare tools. Der Spiegel, the Guardian, Le Monde, Süddeutsche Zeitung, The Washington Post, and others worked with the whistleblower and have published a set of articles describing the leaked documents, known as The Vulkan Files. The files detail various Russian hacking tools linked to major security incidents and their use in creating the NotPetya malware. They also show links between NTC Vulkan and Russian intelligence and military agencies, including the FSB, GRU, and SRV intelligence apparatus. The leaked documents reportedly include maps of US energy infrastructure. The files have been confirmed by five Western intelligence agencies and were interpreted by Google-owned Mandiant.
READ THE STORY: The Register // The Hill // EURACTIV
‘Ridiculous’: White House rejects espionage charges against Wall Street Journal reporter
Analyst Comments: The arrest of Evan Gershkovich and the espionage charges made by Russia are concerning developments in the ongoing tensions between the United States and Russia. The White House's rejection of the allegations and their efforts to gain access to Gershkovich reflect their commitment to protecting the rights of American citizens abroad. It remains to be seen how this situation will unfold and what actions the United States will take in response to Gershkovich's arrest.
FROM THE MEDIA: The White House has rejected espionage charges made by Russia against Wall Street Journal reporter Evan Gershkovich, calling the allegations "ridiculous." Russia has claimed that Gershkovich was acting on orders from the United States to collect information about a Russian enterprise's activities that constitutes a state secret. The Journal has also rejected the allegations that Gershkovich was conducting espionage. Gershkovich was arrested by the Russian Federal Security Service in Yekaterinburg, where he was allegedly trying to gain access to classified information, according to Russian authorities. The White House is working to gain access to Gershkovich and to get more information about the arrest.
READ THE STORY: The Hill // TIME
Yes, there’s a new Cold War — and China started it
Analyst Comments: The opinion piece presents a strong argument, and the author provides specific examples to support their claim that China has launched a cold war against the US. However, the opinion piece does not acknowledge the US's role in the current tensions between the two countries, and the author does not propose any solutions to mitigate the situation. Additionally, some readers may view the piece as overly partisan or biased, as the author is affiliated with a conservative think tank. Overall, the article is informative and thought-provoking but should be read in conjunction with other sources to gain a well-rounded perspective on US-China relations.
FROM THE MEDIA: The author of the opinion piece argues that China has launched a cold war against the US and cites several pieces of evidence to support this claim. The evidence includes China's deliberate concealment of the COVID-19 pandemic's severity, its role in the production of fentanyl, the militarization of the South China Sea, the modernization of its armed forces, claims over Taiwan, economic and diplomatic ties with Latin America, surveillance and espionage activities in the US, and cyber-attacks against businesses and governments.
READ THE STORY: The Washington Times
US, UK, and eight others unite on cyber protections for dissidents, journalists, advocacy groups
Analyst Comments: The establishment of the Strategic Dialogue on Cybersecurity of Civil Society Under Threat of Transnational Repression is a positive development in the fight against cyber threats that target civil society organizations, human rights defenders, and journalists. These groups have long been the targets of authoritarian regimes who seek to silence opposition and suppress freedom of expression. The use of commercial spyware by governments is a particularly concerning threat, as it has been used to conduct indiscriminate surveillance and violate the privacy of activists and journalists. The involvement of 10 nations in the forum and their membership in the Freedom Online Coalition indicate a growing international recognition of the need to protect civil society from cyber threats. However, the success of the initiative will depend on its ability to effectively share information and implement measures to counter these threats.
FROM THE MEDIA: Ten countries have established a new Strategic Dialogue on Cybersecurity of Civil Society Under Threat of Transnational Repression, aimed at sharing ways to protect civil society organizations, human rights defenders, dissidents, advocacy groups, journalists, and cultural institutions from cyber threats. The use of commercial spyware by governments is a prominent threat, which has been used to target journalists and activists. The announcement comes as the US State Department endorsed Guiding Principles on Government Use of Surveillance Technologies produced by the Freedom Online Coalition, a 36-member group of nations. The 10 countries behind the civil society forum are also members of the coalition.
READ THE STORY: The Record
Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor
Analyst Comments: The use of advanced techniques and custom malware by state-sponsored threat actors highlights the importance of maintaining a robust cybersecurity posture. Cybersecurity experts have recommended that organizations apply patches regularly, monitor access to external-facing network devices, and configure intrusion detection or prevention systems to monitor for malware detections to defend against these attacks. It is essential to stay vigilant and proactive in implementing security measures to prevent potential cyber-attacks from state-sponsored actors.
FROM THE MEDIA: Chinese state-sponsored threat actor group, RedGolf has been found using a custom backdoor called KEYPLUG, as per cybersecurity firm Recorded Future. The firm revealed that the group has been active globally for many years and has the ability to rapidly weaponize newly reported vulnerabilities. Both Google-owned Mandiant and Malwarebytes have attributed the use of KEYPLUG by Chinese threat actors to the Winnti group. This activity is believed to be conducted for intelligence purposes rather than financial gain, and RedGolf will continue to demonstrate a high operational tempo and weaponize vulnerabilities in external-facing corporate appliances.
Bitter APT sets sights on the Chinese nuclear energy industry
Analyst Comments: The targeting of China's nuclear energy sector by Bitter APT is a significant development, highlighting the continuing cyber threats to critical infrastructure. The use of phishing emails and social engineering techniques to trick employees into downloading and opening malicious attachments is a common tactic used by APT groups. Bitter APT's use of Excel exploits and CHM and MSI files to achieve persistence and fetch additional malware from the command-and-control server is consistent with the group's previous activities. Organizations in critical sectors such as nuclear energy must implement robust cybersecurity measures to protect against such threats, including regular training of employees and monitoring of network traffic to detect and block malicious activities.
FROM THE MEDIA: The South Asian advanced persistent threat (APT) group, known as "Bitter," has been targeting the nuclear energy sector in China with phishing emails. The group, which has been active since at least 2021, has previously targeted energy and government organizations in Bangladesh, China, Pakistan, and Saudi Arabia, using Excel exploits and Microsoft Compiled HTML Help (CHM) and Windows Installer (MSI) files. In the latest cyber espionage campaign, the group used updated first-stage payloads with an extra layer of obfuscation and additional decoys for social engineering. The group targeted recipients in China's nuclear energy industry with at least seven phishing emails impersonating the Embassy of Kyrgyzstan in China.
READ THE STORY: SecurityWeek
China’s YMTC set for chip comeback despite US export controls
Analyst Comments: YMTC's ability to reduce its reliance on the US and other foreign chip equipment makers represents a significant blow to Washington's hopes of export controls being able to slow China's progress significantly in making advanced chips. The opening of the new fab would help YMTC regain competitiveness with its main rivals, Samsung and Micron. With Beijing seeing the company as playing a key role in its development of a domestic semiconductor industry, the government is helping with additional funding for the restructuring of its production lines and new equipment testing. While YMTC had about a 5% global market share in memory chips in 2021, up sharply from 1% in 2020, the acid test of the new fab's capabilities will come when it tries to move beyond its initial production of 128-layer 3D Nand flash memory - around two generations behind that of global leaders Samsung, SK Hynix, and Micron - to cutting-edge 196-layer and 232-layer chips.
FROM THE MEDIA: China's largest memory chip maker, Yangtze Memory Technologies Corp (YMTC), plans to begin production at a new plant as early as next year, despite Washington's export curbs imposed last October on the equipment needed to make advanced chips. The construction of the new plant was initially frozen, but YMTC has been testing locally made tools over a long period and is now confident enough to rely more on domestic suppliers for replacements. The company has set ambitious targets for equipment from local vendors, including Naura Technology and Advanced Micro-Fabrication Equipment. Management has also assured production engineers it will be able to source key chip manufacturing tools from Dutch equipment maker ASML, using older models not covered by a new US-Japan-Netherlands trilateral agreement on restricting exports.
READ THE STORY: FT
India hunts for spyware that rivals controversial Pegasus system
Analyst Comments: India’s move highlights the strong demand for sophisticated and largely unregulated spyware technology. The search for alternative vendors to the NSO Group demonstrates growing concerns among governments worldwide regarding the misuse of spyware to target dissidents and critics. However, the search for an alternative vendor raises questions about whether the new vendors would be any more responsible than the NSO Group. The use of spyware to target government organizations and the nuclear energy sector indicates that the threat actors could cause significant damage. Organizations must take proactive measures to mitigate the risks posed by APT groups by regularly updating and patching their systems, investing in cybersecurity tools and solutions, and implementing best practices to detect and respond to cyber threats.
FROM THE MEDIA: India is looking for alternative spyware vendors to the NSO Group, makers of the controversial Pegasus system. The Modi government officials have decided to buy spyware from less-exposed competitors than NSO Group, with the aim of spending up to $120mn through new spyware contracts. About a dozen competitors are expected to enter the bidding process. The Bitter APT group has recently targeted China’s nuclear energy industry with phishing emails impersonating the Embassy of Kyrgyzstan in China. The cybersecurity firm Intezer has discovered that the group has used updated first-stage payloads in its recently observed espionage campaign. Cybersecurity researchers have urged organizations to apply patches regularly, monitor access to external facing network devices, track and block identified command-and-control infrastructure, and configure intrusion detection or prevention systems to monitor for malware detections.
READ THE STORY: FT
Winter Vivern hackers exploit Zimbra flaw to steal NATO emails
Analyst Comments: The report from Proofpoint highlights the effectiveness of TA473's operational approach, which works against even high-profile targets who do not apply software patches quickly enough. The group's actions show that organizations must ensure they keep their software up to date with the latest patches, as failing to do so can leave them open to cyberattacks. Additionally, the use of phishing emails and the exploitation of vulnerabilities demonstrate the importance of cybersecurity awareness and training to help prevent such attacks.
FROM THE MEDIA: Russian hacking group TA473, also known as 'Winter Vivern,' has been exploiting unpatched Zimbra endpoints since February 2023 to steal the emails of NATO officials, governments, military personnel, and diplomats. The group scans for unpatched webmail platforms using vulnerability scanner Acunetix, then sends phishing emails from a compromised address to the target's Zimbra infrastructure, exploiting the CVE-2022-27926 vulnerability to inject JavaScript payloads into the webpage. These payloads are then used to steal usernames, passwords, and tokens from cookies, allowing the group to access targets' email accounts. The stolen information also enables the hackers to conduct lateral phishing attacks to further infiltrate the target organizations.
READ THE STORY: Bleeping Computer // The Register
China Unveils Naval Variant Of WZ-7 Recon Drone
Analyst Comments: The appearance of the WZ-7 drone in the Japanese Air Defense Identification Zone is likely to increase regional tensions as Japan and China dispute sovereignty over the Senkaku Islands. The WZ-7 drone is part of China's ongoing effort to establish an Anti-Access/Area Denial (A2/AD) capability to counter US Carrier Strike Groups. The drone's advanced surveillance and communication capabilities, combined with its long-range capabilities, make it an important part of China's overall A2/AD strategy. The drone's appearance may prompt Japan to increase its investment in surveillance technology and strengthen its defense capabilities.
FROM THE MEDIA: China's WZ-7 drone, built by the Guizhou Aircraft Industry Corporation, has made its first appearance in the Japanese Air Defense Identification Zone. The WZ-7 has two versions, an Air Force variant similar to the US Air Force's Northrop Grumman RQ-4 Global Hawk and a naval variant similar to the US Navy's MQ-4C Triton. The naval variant is focused on maritime surveillance and is fitted with Wave Transmitting Material to allow it to use satellite communication without a ground control station. It is equipped with an ESM suite for direction-finding and signals intelligence collection, and possibly a look-down radar at its nose. The drone could be used to supplement China's maritime ISR network and provide updated targeting information for anti-ship units. Alternatively, it may be a stand-off jammer asset to degrade surface combatants' communication or radar performance.
READ THE STORY: NavalNews
Ukrainian police bust fraud gang that stole $4.3 million
Analyst Comments: The arrest of the cyber fraud gang responsible for stealing roughly $4.3 million from over a thousand victims across the EU is a positive development. This incident highlights the continued threat posed by phishing scams and the importance of remaining vigilant when online. The use of fake "phishing" sites targeting users in several European countries and enticing them with products below market prices is an example of a common tactic used by cybercriminals. The Ukrainian police's actions demonstrate the government's commitment to combatting cybercrime, as well as the success of international cooperation in investigating and detaining the perpetrators.
FROM THE MEDIA: Ukraine's cyber police have arrested members of a cyber fraud gang that stole roughly $4.3 million from over a thousand victims across the EU. The group created over 100 fake "phishing" sites targeting users in several European countries, enticing them with products below market prices. Orders placed by the victims didn't correspond to actual purchases, while the threat actors stole credit card details they entered on the phony sites. The stolen data was then used to make online purchases using other people's credit cards. The fraudsters used two call centers in Vinnytsia and Lviv to communicate with the customers to convince them to place orders. The Ukrainian police have conducted over 30 searches on the members' homes, call centers, and cars, confiscating computer equipment, mobile phones, and SIM cards for examination. Two arrests made in Ukraine are believed to involve organizers of the criminal gang, while another ten members of the phishing gang were detained in other European countries.
READ THE STORY: Bleeping Computer
Realtek and Cacti flaws are now actively exploited by malware botnets
Analyst Comments: The detection of multiple malware botnets targeting known vulnerabilities highlights the importance of applying timely security updates and using strong administrator passwords. The fact that these botnets are targeting exposed network devices to launch DDoS attacks is a major concern, as it can result in significant disruptions to online services. Organizations should ensure that their network devices are properly secured and monitored for any suspicious activity.
FROM THE MEDIA: Between January and March 2023, multiple malware botnets have been found targeting two vulnerabilities, CVE-2021-35394 and CVE-2022-46169, in Realtek Jungle SDK and Cacti, respectively. These botnets are spreading Moobot and ShellBot malware and are enlisting exposed network devices to launch DDoS attacks. Moobot, which is a variant of Mirai, was first discovered in December 2021 and is actively targeting the Realtek and Cacti flaws. On the other hand, ShellBot was first observed in January 2023 and is primarily targeting the Cacti flaw. It has already developed three malware variants, with the latest one featuring a much more extensive set of commands.
READ THE STORY: Bleeping Computer
Australia names and shames in its
fight against foreign interference
Analyst Comments: The announcement of the framework is a welcome escalation of Australia’s efforts to counter foreign interference, as it demonstrates the government’s commitment to deter future activity by imposing costs on sponsors and increasing transparency. The government’s recognition that foreign interference will continue and that it needs a new form of deterrence is a positive development. The attribution framework is expected to provide a standardized approach to identifying and responding to foreign interference, increasing the legitimacy of any future attribution statement made. However, the political and diplomatic aspects of making an attribution, whether public or private, remain a challenge for Australia.
FROM THE MEDIA: Australia’s Minister for Home Affairs Clare O’Neil has revealed that the government is developing an attribution framework to counter rising foreign interference. The framework, which is usually used in cyberspace to determine the party responsible for malicious activity, will name and shame foreign perpetrators, as a means of imposing costs on sponsors and deterring future activity. Australia’s Director-General of Security, Mike Burgess, has warned that espionage and foreign interference have become Australia’s principal security concern, and O’Neil’s announcement is an escalation of efforts to counter such activities. The government is taking a standardized and transparent approach to identify and respond to foreign interference, in addition to broader measures such as raising awareness among multicultural communities and building social cohesion and democratic resilience. The announcement of the framework comes as the Australian government seeks to counteract foreign interference and increase its resilience against such activities.
READ THE STORY: The Interpreter
Lloyd’s of London battles insurers over ‘state-backed’ cyber attacks
Analyst Comments: The decision by Lloyd’s to require insurers to exclude payments for cyberattacks believed to be state-backed is a significant move that highlights the growing concern around cyber warfare sponsored by governments. While it is necessary to update war exclusions for the internet age, the ambiguity over what constitutes a state-backed attack and the difficulties in attributing attacks could make it difficult for insurers to provide a clear definition of war. Furthermore, the move could deter companies from buying cyber insurance policies, which could have long-term implications for the industry.
FROM THE MEDIA: Lloyd’s of London, the oldest insurance market in the world, is implementing a directive requiring insurers to exclude from policies payments for cyberattacks believed to be “state-backed”. The move reflects concerns that cyber warfare sponsored by governments poses a systemic risk to insurers. Some critics, however, argue that cyber attacks are becoming one of the biggest threats to businesses and warn that excluding coverage of state-sponsored cyberattacks may put off potential clients. Furthermore, there is uncertainty over the definition of “significant impairment to state infrastructure” and the issue of attributing attacks. Businesses spent around $10bn a year on cyber insurance policies in 2022, a figure expected to rise to $22.5bn by 2025.
READ THE STORY: FT
Nuclear talk as a tool of persuasion
Analyst Comments: Russia's plan to deploy tactical nuclear weapons in Belarus is a worrying sign of escalating nuclear tensions. While there are few signs of preparations, it is uncertain whether the move is merely a gesture or a practical reality. Regardless, it serves as a demonstration of Russia's nuclear capabilities and willingness to use them. The announcement also reflects heightened disinformation and underscores the importance of accurate information in diplomatic relations. The move is likely to further strain relations between Russia and the West, and it could increase the chances of a nuclear conflict if tensions continue to escalate. The international community should monitor the situation closely and work to find diplomatic solutions to reduce nuclear tensions.
FROM THE MEDIA: Russia has announced its plan to deploy tactical nuclear weapons in Belarus, which has raised concerns about Moscow's nuclear saber-rattling. The announcement is unlikely to offer any tactical advantage or additional deterrent effect. Diplomatically, it will draw Belarus closer to Russian policy and military operations. The announcement also represents heightened disinformation as a Russian response to the UK's decision to supply depleted uranium tank ammunition to Ukraine along with Challenger tanks. Russia suggested that depleted uranium is a nuclear weapon, and thus, its nuclear moves are purely defensive actions forced upon it by the West. Ukraine has called for an emergency meeting of the UN Security Council to address the Russian announcement.
READ THE STORY: The Cyberwar
FTX's Sam Bankman-Fried pleads not guilty to campaign finance, China bribery charges
Analyst Comments: The new charges against Sam Bankman-Fried add to the pressure on him as he prepares to face trial in October. The allegations of fraud, conspiracy, and bribery will have serious implications for both Bankman-Fried and FTX. The involvement of high-level political campaigns in the case could further fuel scrutiny of the cryptocurrency industry by lawmakers and regulators. The cooperation of three former members of Bankman-Fried's inner circle with prosecutors suggests that more information about the case may emerge, potentially increasing the legal and reputational risks faced by Bankman-Fried and his company.
FROM THE MEDIA: Sam Bankman-Fried, founder of cryptocurrency exchange FTX, has pleaded not guilty to new US charges of conspiracy to violate campaign finance laws and bribe Chinese authorities. Bankman-Fried had earlier pleaded not guilty to eight counts of fraud and conspiracy. He faces a possible sentence of decades in prison if convicted at a trial set to start on Oct. 2. Prosecutors had accused Bankman-Fried of illicitly contributing tens of millions of dollars to US political campaigns through straw donors, part of a strategy to buy influence in Washington. They also alleged that he conspired to violate an anti-bribery law by orchestrating a $40m payment to Chinese authorities to regain access to $1bn in cryptocurrency in Alameda accounts that had been frozen.
READ THE STORY: ET
Maxar eyes military customers for satellite images of objects in space
Analyst Comments: Maxar's move to build a new business imaging objects in space reflects the growing market for high-resolution images of objects in orbit, particularly amid rising security concerns and congestion in lower orbits. The company's discussions with the US Space Force and other agencies suggest strong demand for its services, particularly for space domain awareness data that can be shared with allies.
FROM THE MEDIA: Earth imaging company Maxar is seeking to build a new business by imaging objects in space. The company last year received approval from the National Oceanic and Atmospheric Administration to use its Earth imaging satellites to take pictures of objects in space and sell them commercially. Maxar is now in talks with the US Space Force and other agencies to provide high-resolution images of objects in orbit, supporting space traffic management and spaceflight safety in the increasingly congested lower orbits. The company is also seeking to add Department of Defense (DoD) customers to support broader DoD missions in space, situational awareness, and space domain awareness for both US and allied partners.
READ THE STORY: SN
CISA orders agencies to patch bugs exploited to drop spyware
Analyst Comments: The order by CISA is a response to the zero-day vulnerabilities used in the recent cyberattacks, which could be an indication of the increased sophistication of cybercriminals. The agency's proactive measures, which include ordering federal agencies to patch vulnerabilities, could reduce the impact of future attacks. However, it remains to be seen whether this will be effective in preventing future cyber attacks. Organizations should take a cue from CISA and prioritize cybersecurity by patching vulnerabilities to protect against potential attacks.
FROM THE MEDIA: The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch security vulnerabilities exploited as zero-days in recent attacks that targeted Android and iOS users. The vulnerabilities in question were used in two highly targeted campaigns discovered by Google's Threat Analysis Group (TAG) last year. CISA has added five of the vulnerabilities used in the two spyware campaigns to its Known Exploited Vulnerabilities (KEV) catalog and given Federal Civilian Executive Branch Agencies (FCEB) until April 20 to patch vulnerable mobile devices against potential attacks that would target these five security flaws. CISA urged all organizations to prioritize patching these bugs to thwart exploitation attempts.
READ THE STORY: Bleeping Computer
Microsoft’s latest bug: how Bing nearly went bang
Analyst Comments: The quick action by Wiz Research and Microsoft to patch this flaw is commendable. However, the potential severity of the vulnerability underscores the need for strong security measures and vigilance by technology companies. The fact that a flaw like this could be exploited with such ease highlights the importance of regular security audits and the need for companies to prioritize security in their software development processes. Additionally, the fact that the flaw could have been used to launch misinformation campaigns or phish and impersonate other websites underscores the importance of digital literacy and the need for users to be aware of potential security risks.
FROM THE MEDIA: Microsoft had to quickly patch a security flaw discovered by Wiz Research that could have exposed the personal information of millions of Bing search engine users. The flaw was located in the Azure Active Directory (AAD), which had a common system misconfiguration that exposed Microsoft apps to unauthorized access. By exploiting this flaw, attackers could take over Bing.com functionality, modify search results, and potentially enable the Office 365 credential theft of millions of Bing users. The Wiz researchers named the penetration campaign #BingBang and found that the flaw was simple to exploit, which could have allowed even low-skilled cybercriminals to cause damage.
READ THE STORY: Cybernews
Cyberstorage: Leveraging the Multi-Cloud to Combat Data Exfiltration
Analyst Comments: The emergence of the supercloud and cyber storage highlights the need for organizations to implement multi-cloud environments intentionally to enjoy benefits such as increased resiliency and scalability. The development of cyber storage, in particular, provides security teams with a way to address concerns over wide-scale cloud adoption and protect against ransomware and data exfiltration through proactive technology that blocks and responds to attacks as they happen. Cyberstorage's fragmentation and distribution of data across multiple storage locations also provide a higher level of resilience against attacks, making it an attractive solution for organizations looking to increase their security posture.
FROM THE MEDIA: Multi-cloud data storage has become a popular strategy for data management that enables organizations to enjoy the benefits of increased scale and overall resiliency. The multi-cloud approach has led to the emergence of the supercloud, an ecosystem where multiple cloud systems work together to provide benefits such as increased flexibility in accessing data, streamlined operations for DevSecOps teams, and reduced risks in single-point-of-failure scenarios. The supercloud has also paved the way for cyber storage, a technology that combines high-performance security with accessible storage to create a virtual layer on top of disparate cloud repositories. Cyberstorage addresses concerns over data vulnerability gaps and protects against ransomware and data exfiltration through fragmentation and distribution of data across multiple storage locations that make up the data harbor, providing a solution that fits within the framework of the multi-cloud environment.
READ THE STORY: THN
New Wi-Fi Protocol Security Flaw Affecting Linux, Android, and iOS Devices
Analyst Comments: The design flaw in the IEEE 802.11 Wi-Fi protocol standard, which has been discovered by researchers, presents a serious risk to the security of a range of devices running Linux, FreeBSD, Android, and iOS. The vulnerability could allow an attacker to hijack TCP connections and intercept client and web traffic. The flaw could be used to force frames intended for a particular client and execute a denial-of-service attack. Companies must implement transport layer security (TLS) to encrypt data in transit and apply policy enforcement mechanisms to restrict network access to prevent such attacks. Cisco has acknowledged that its products may be vulnerable, and therefore, it is essential for users to take adequate measures to protect their networks.
FROM THE MEDIA: Researchers from Northeastern University and KU Leuven have discovered a design flaw in the IEEE 802.11 Wi-Fi protocol standard that could be exploited to hijack TCP connections and intercept client and web traffic. The flaw can be abused to force frames intended for a particular client and execute a denial-of-service attack. The team exploited the Wi-Fi stacks that inadequately dequeue or purge their transmit queues when the security context changes. The vulnerability is present in a range of devices running Linux, FreeBSD, Android, and iOS. Cisco acknowledged that the attacks may be successful against Cisco Wireless Access Point products and Cisco Meraki products with wireless capabilities.
READ THE STORY: THN
Researchers Detail Severe "Super FabriXss" Vulnerability in Microsoft Azure SFX
Analyst Comments: The Super FabriXss vulnerability in Azure Service Fabric Explorer is a significant issue that could enable an attacker to execute code remotely without the need for authentication. This vulnerability could be weaponized to take control of a legitimate application and launch further attacks or gain access to sensitive data or resources. Microsoft has already patched the vulnerability, and users are recommended to apply the patch as soon as possible. The discovery of such a vulnerability in Microsoft's Azure services highlights the importance of ongoing security monitoring and patch management to minimize risks to organizations.
FROM THE MEDIA: Microsoft has patched a vulnerability tracked as CVE-2023-23383, also known as Super FabriXss, that was discovered in Azure Service Fabric Explorer (SFX). The flaw could allow remote attackers to achieve unauthenticated remote code execution on a container hosted on a Service Fabric node by leveraging an XSS vulnerability. The vulnerability resides in the "Events" tab associated with each node in the cluster from the user interface and is a reflected XSS flaw that is embedded in a link and only triggered when the link is clicked. Orca Security, the security firm that discovered the flaw, stated that it impacted Azure Service Fabric Explorer version 9.1.1436.9590 or earlier.
READ THE STORY: THN
Russia Using TikTok to Push Pro-Moscow Narrative on Ukraine
Analyst Comments: The ASD report suggests that some US adversaries are using TikTok for influence operations, with Russia exploiting the platform to push its narrative. Given TikTok's massive user base, concerns have been raised about the potential for disinformation campaigns and foreign influence operations. Though TikTok CEO Shou Zi Chew has tried to downplay these fears, lawmakers and security officials continue to have doubts. The ASD report underscores the need for a more comprehensive approach to mitigating the risks associated with social media platforms. It is important for TikTok and other social media platforms to improve their efforts to label state-controlled media accounts and identify and remove inauthentic content.
FROM THE MEDIA: The Alliance for Securing Democracy (ASD) has released a report suggesting that some US adversaries, such as Russia, are using the TikTok app for influence operations. According to the ASD, Russia has been using the platform to push its narrative and undermine Western support for Ukraine. The report highlights that some TikTok users are engaging more with Russian state media than reputable independent news outlets on the platform. As of March 22, the ASD found that there were 78 Russian-funded news outlets on TikTok with a total of over 14 million followers. Despite TikTok's commitment to label state-controlled media accounts, 31 of the accounts were not labeled. The report revealed that labeled Russian state media accounts are reaching larger audiences on TikTok than on other platforms.
READ THE STORY: VOA
Items of interest
Ukrainian hackers use Russian officer's wife's nude photos to gather intelligence
Analyst Comments: This operation highlights the ongoing tensions between Russia and Ukraine and their use of cyber tactics in their ongoing conflict. It also demonstrates the dangers of phishing attacks and the importance of being cautious with personal information online. The use of pinup calendars as a tactic to extract personal information and data is a novel technique and shows the creative ways in which hackers are trying to exploit people's trust. It is unclear what consequences this operation will have on the Russian officers whose information was obtained, but it is likely to further strain relations between Russia and Ukraine.
FROM THE MEDIA: The Ukrainian Cyber Alliance, in collaboration with the pro-Ukrainian news website InformNapalm, tricked twelve Russian military wives into giving away personal information about their husbands. The hackers pretended to create a pinup calendar to boost morale among Russian officers, and they convinced the wives to take photos in their husbands' uniforms. They used the images to track down biographical information on each officer. This operation began with Russian Colonel Sergey Valeriyevich Atroshchenko, whose information was available on the InfoNapalm website. Hackers found and published images of his face, home, and government documents, as well as his current address through his COVID-19 vaccination records. They then located his duty station and hacked into his portal on the Russian Ministry of Defense website to find out how much he got paid. The hackers moved on to Atroshchenko's wife, and her personal information, including nude photos, is now available on the InfoNapalm site.
READ THE STORY: JP
The Propaganda Machine: A Look Inside How Putin Deceives Millions of Russians (Video)
FROM THE MEDIA: Censorship includes blacklists for activists and politicians and the withholding of inconvenient events from the news. Propaganda often manipulates events or is based on partial truth, such as the famous example of Channel 1 airing a segment about a three-year-old child being crucified in Ukraine with no evidence. Today's propagandists justify Russia's invasion of Ukraine and rebuke Western values. The authorities have imposed military censorship, blocking websites of major independent media outlets, and filing cases against journalists and editorial boards declaring them to be foreign agents and undesirables.
Millions in Ads: China Runs Propaganda in Major US Newspapers (Video)
FROM THE MEDIA: The Chinese regime is pouring money into pumping out propaganda. It's medium is legacy U.S. media, disguised as opinion pieces. China Daily's ad inserts trace back to the Chinese Communist Party. Reports point to the millions spent ahead of U.S. elections, aiming to sway public opinion. Those ads highlight instances of China's success in other countries and push policies that favor Beijing. From former President Donald Trump to the head of Britain's intelligence agency, officials are sounding the alarm. What does this mean for democracy?
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.