Daily Drop (484): Chinese Chipmaker Plans, Food distribution Breach, New ‘Blood Diamonds’, RU - Snake Cyber Espionage, Ukraine War Tech, Operation Cookie Monster, DDoS-for-hire
05-10-2023
Wednesday, May 10, 2023 // (IG): BB // Cloak & Dagger// Coffee for Bob
Chinese chipmaker plans listing after clearing US export controls
Analyst Comments: The confirmation from US chip toolmakers is positive news for CXMT, and it will help the company to bypass US export controls on advanced chip tools. This will help CXMT to expand and achieve its ambitious growth goals in 2023. The company plans to raise annual capital expenditure by about $4bn in 2023, and it is looking to turn to more Chinese equipment suppliers for expansion, which will raise the capital expenditure even further. However, CXMT is still behind its US competitors in terms of technology, and it is unclear if it can catch up. The company plans to list on Shanghai’s Starboard, which will provide it with the necessary funds to expand. The IPO plans are still in the early stages, and the size and timeline of the IPO have not been determined yet.
FROM THE MEDIA: ChangXin Memory Technologies (CXMT), one of China’s leading DRam memory chip makers, is set to expand after receiving confirmation from US chip toolmakers that they can supply the company’s new production lines. CXMT was previously forced to put its expansion plans on hold due to US export controls on advanced chip tools. However, the company has found a way to bypass the tightened requirements for exports by using American equipment that can make less sophisticated chips for phones, servers, and electric vehicles. CXMT has set ambitious expansion goals for 2023, and to fund this, the company plans to list on Shanghai’s Starboard with the initial public offering (IPO) in its early stages.
READ THE STORY: FT
A Mysterious New Hacker Group Is Lurking in Ukraine’s Cyberspace
Analyst Comments: The emergence of the Red Stinger hacking group adds to the list of state-sponsored actors operating in the region, with Ukraine being one of the most targeted countries for cyberattacks in the world. The group's development of its own hacking tools and the reuse of characteristic scripts and infrastructure indicates its level of sophistication. The fact that Red Stinger's motives and allegiance are unclear adds to the challenge of combating such threats. It is essential for governments and organizations to increase their cybersecurity measures, especially in the wake of increasing tensions and conflicts in the region. By releasing information about the group's activities, the researchers hope other organizations will deploy detections for Red Stinger operations and search their own telemetry for additional indications of what the hackers have done in the past and who is behind the group.
FROM THE MEDIA: According to researchers from the cybersecurity firm Malwarebytes, a new hacking group, dubbed Red Stinger, has been conducting espionage operations since 2020 targeting both pro-Ukraine and pro-Russia targets. Malwarebytes attributes five operations between 2020 and the present to the group, with two campaigns being conducted in the past year. The group’s motives and allegiance are unclear, but the digital campaigns are noteworthy for their persistence, aggressiveness, and lack of ties to other known actors. During one campaign, Red Stinger compromised victims' devices to exfiltrate screenshots and documents and even recorded audio from their microphones. In another campaign, the group targeted multiple election officials running Russian referendums in disputed cities in Ukraine.
READ THE STORY: Wired
Will Eastern Order Surface?
Analyst Comments: While China has demonstrated great potential in recent years, the persistent norms and appeal of society are still based on the American order. The current century is one of cultural revolution rather than economic systems as China has already embraced the capitalist form of economic growth in the international order. According to Foreign Affairs, the American order has multiple layers, with liberal internationalist notions and tasks on the outside, followed by the US's unique position, geography, and trajectory of political expansion. The United States has the leverage to play an extraordinary position as a global power balancer, situated in a position where oceans separate it from other powerful nations, its landmass encompasses both Asia and Europe, and it has critical opportunities to shape like-minded blocs of states that contour and embed global statutes and organizations.
FROM THE MEDIA: The article discusses the shift in the global power dynamics from the post-war era to the present day, and how the United States, China, and Russia are engaged in a contest over two opposite logics of world order. The American Order, which is based on liberal internationalist notions and tasks, has captured hegemony through its soft power and excellence of values. On the other hand, China has emerged as a potent power to counter American hegemony with the advent of authoritarian capitalism. The article discusses the layers of the American Order, which include its liberal internationalist notions, geopolitical landscape, and domestic civil setup. The article also explains how the effort between the United States and its adversaries, China and Russia, is a contest between two opposite logics of world order.
READ THE STORY: Modern Diplomacy
Food distribution giant Sysco warns of a data breach after a cyberattack
Analyst Comments: The data breach at Sysco is the latest incident that has been reported this year, following a series of cyberattacks against large companies across various industries. Cybercriminals often target large organizations with valuable data, and the increase in remote working due to the pandemic has created new vulnerabilities for companies. Sysco's confirmation of the data breach is an important reminder that even large and well-established companies can be targeted by cybercriminals.
FROM THE MEDIA: Sysco, a global food distribution company, has revealed in an internal memo that its network was breached earlier this year by cybercriminals who stole sensitive information including business, customer, and employee data. The company stated that customer and supplier data in the US and Canada, as well as personal information belonging to US employees, may have been impacted by the incident. Sysco confirmed the security breach in a quarterly report filed with the US Securities and Exchange Commission. The company stated that the investigation is ongoing, and Sysco has begun the process of preparing to comply with its obligations with respect to the extracted data. The company also hired a cybersecurity firm to help investigate the incident and notified federal law enforcement of the cyberattack. Sysco stated that the incident has not impacted its business operations, and customer service has not been interrupted.
READ THE STORY: Bleeping Computer
The new ‘blood diamonds’: the elaborate plan to halt Russia’s trade
Analyst Comments: The article highlights the challenges faced by the diamond industry in India, which processes over 90% of the world’s diamonds. A traceability scheme, if introduced, would bring upheaval for everyone in the fragmented and complex diamond supply chain, which would push up costs in a commodity business where margins can be thin. Some in the industry complain that the cumbersome G7 initiative would risk affecting demand for natural gems across the board and hitting supplies from the informal sector the hardest. Moreover, strengthening an existing system of written supplier declarations could be a more feasible solution than a tech-tracking solution.
FROM THE MEDIA: The global diamond industry, centered in the Indian city of Surat, is set to be impacted by a proposed international diamond tracing system aimed at blocking Russian diamonds. As the war in Ukraine continues, Western nations are trying to cut off Russia’s diamond revenues. Russia’s rough diamond exports were worth $4bn in 2021, but every available revenue source is important to Moscow’s treasury as it bankrolls President Vladimir Putin’s invasion. The US government has already placed sanctions on Alrosa, the world’s largest diamond mining company by volume and two-thirds owned by state bodies. Soon, the G7 is expected to endorse efforts to drive down Russia’s diamond mining revenues by introducing an effective mechanism for tracking and tracing individual gemstones, which today does not exist. If successful, it would in effect extend the concept of “blood diamonds” to gemstones used to bankroll state-backed warfare, as well as rebel activity.
READ THE STORY: FT
The Team of Sleuths Quietly Hunting Cyberattack-for-Hire Services
Analyst Comments: The collaboration between Big Pipes and the FBI is an example of a successful public-private partnership in the fight against cybercrime. The group's efforts to track, measure, and rank the output of booter services, and to hunt down their operators, have led to significant disruptions in the booter industry. The takedown of 13 cyberattack-for-hire services is a notable achievement and a reminder of the importance of collaboration between law enforcement and private sector experts. However, the accelerating tempo of disruptions may push booter services deeper into the shadows and make them harder to detect and take down.
FROM THE MEDIA: The FBI and a group of internet security researchers, called Big Pipes, have been working together to track and take down cyberattack-for-hire services that offer distributed denial-of-service (DDOS) attacks to knock websites offline. The group's 30 members include staffers from major cloud service providers and gaming companies, as well as FBI agents, federal prosecutors, security researchers, and academics. Their collaboration has led to the takedown of 13 cyberattack-for-hire services in the most recent operation, which comes just four months after their biggest bust of 49 DDOS-for-hire sites. Big Pipes' data collection on booter service operators has resulted in intermittent Christmas interventions to disrupt the most active booter services. The group's detection and analysis of the biggest and most active booter services has helped the FBI understand who to target in the booter landscape and pursue them more efficiently.
READ THE STORY: Wired
U.S. Government Neutralizes Russia's Most Sophisticated Snake Cyber Espionage Tool
Analyst Comments: The neutralization of the Snake malware by US authorities highlights the ongoing threat posed by state-sponsored hacking groups and the need for continued efforts to protect against them. Turla has been targeting sensitive entities across Europe, CIS, and NATO-affiliated countries for nearly two decades, using malware to steal sensitive documents. While the FBI's neutralization of the malware is a significant achievement, Turla remains an active and formidable adversary with an array of tactics and tools to breach its targets across multiple platforms. It is important for organizations to remain vigilant and take appropriate measures to protect themselves from state-sponsored cyberattacks.
FROM THE MEDIA: The US government has disrupted a global network compromised by an advanced malware strain known as Snake, which is wielded by Russia's Federal Security Service (FSB). The malware dubbed the "most sophisticated cyber espionage tool," is attributed to a unit within Center 16 of the FSB and has been used to steal sensitive documents from hundreds of computer systems in at least 50 countries over nearly 20 years. The neutralization was orchestrated as part of an effort called Operation MEDUSA using a tool created by the FBI codenamed PERSEUS that allowed authorities to issue commands to the malware to cause it to "overwrite its own vital components" on infected machines.
READ THE STORY: THN // The Record // FT
Ukraine war puts the spotlight on tech-led defense companies
Analyst Comments: The defense industry is experiencing a significant shake-up, with smaller technology-led companies gaining prominence in an industry traditionally dominated by long-established incumbents such as Lockheed Martin and BAE Systems. The conflict in Ukraine has accelerated the trend of disruptive innovation, with companies such as Milrem Robotics, AeroVironment, and Baykar gaining attention for their success on the battlefield. The success of these companies has highlighted the challenges that larger defense contractors and government procurement agencies face in keeping up with the faster pace of innovation in the commercial world. The development cycles of prime contractors can be lengthy, making it difficult to keep up with the rapid advances offered by more agile technology companies.
FROM THE MEDIA: The war in Ukraine has led to a shift in the arms trade, with technology-led start-ups gaining more prominence in the industry dominated by established companies such as Lockheed Martin and BAE Systems. Innovative technologies such as sensors, robotics, and unmanned systems, developed for both civil and military uses, are disrupting procurement, with smaller, more agile companies having an advantage over long-established incumbents. Robotics and autonomous systems, in particular, are expected to evolve significantly over the next five to ten years. Governments are now diversifying their supplier base, with orders being placed not just with large prime vendors but also with smaller companies. The establishment of the European Defence Fund has encouraged small and medium-sized companies to take part in collaborative research projects. The US and the UK are also working to involve smaller suppliers in the procurement process by changing processes, including ensuring payment within 30 days and abolishing pre-qualification questions for low-value contracts.
READ THE STORY: FT
Exclusive: Deputy AG Monaco on ‘Operation Cookie Monster’ and Why it Represents a Change
Analyst Comments: The DOJ's shift in focus to preventing cyber attacks represents a more proactive approach to combating cybercrime. This approach acknowledges the challenges of prosecuting cyber criminals and the need to disrupt cybercriminal networks to prevent future attacks. Pairing prosecutors with cyber agents allows the DOJ to take more immediate action against cyber criminals, even if it does not result in prosecution. The DOJ's willingness to use every tool available, including financial sanctions and asset seizures, demonstrates its commitment to preventing and disrupting cybercrime.
FROM THE MEDIA: The US Department of Justice has shifted its focus to preventing cyber attacks instead of only prosecuting cybercriminals. In a recent interview, Deputy Attorney General Lisa Monaco explained that the DOJ is using every tool available to prevent and disrupt cybercrime, including financial sanctions, intel operations, and asset seizures. Monaco cited Operation Cookie Monster, which disrupted the Genesis Market, a cybercrime bazaar that sold millions of credentials to fraudsters, ransomware actors, and other cybercriminals. The operation targeted enablers and facilitators of cybercrime, and paired prosecutors with cyber agents to prevent future attacks. Monaco emphasized the importance of putting victims at the center of the DOJ's strategy and working with the private sector to prevent attacks.
READ THE STORY: The Record
Feds continue takedowns of DDoS-for-hire ‘booter’ sites
Analyst Comments: The Department of Justice’s action in seizing domains that host “booter” services is a significant step in preventing DDoS attacks, as these services are often used to facilitate cyberattacks on critical industry sectors. The DoJ’s continued focus on shutting down booter services has contributed to decreasing the number of these services available and making it more difficult for cybercriminals to engage in DDoS attacks. As the DoJ has stated, booter services have continued to proliferate, and further action is needed to tackle the threat. Cybersecurity experts recommend organizations invest in DDoS mitigation tools and services to help defend against these attacks.
FROM THE MEDIA: The US Department of Justice (DoJ) has seized 13 more internet domains that hosted “booter” services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks on websites, taking the total to 61 domains seized across three waves of seizures since December 2018. Targets of booter services have included schools, universities, financial institutions, and government agencies, with booter users launching millions of attacks against millions of victims. Four people arrested in a previous sting have pleaded guilty to computer fraud and abuse charges, while the recent seizure included ten "reincarnations" of services shut down in December.
READ THE STORY: The Record // THN
This European Satellite Giant Is Coming for Starlink
Analyst Comments: Eva Berneke's move to adapt Eutelsat's business model to the changing satellite industry seems to be a smart decision, given the declining TV revenues and the increasing demand for low-orbit satellite technology. However, the merger with OneWeb comes with its own challenges, including post-Brexit politics and the need to upgrade OneWeb's Gen One satellites. Berneke's bold move to upgrade the satellites by 2027, despite the high cost, shows her willingness to embrace risk and innovation. Berneke's policy of neutrality regarding sanctions against TV channels carrying Russian propaganda may be viewed positively by some as a way to ensure the company's legitimacy. However, others may criticize this stance for not taking a more active role in implementing sanctions against regimes that violate human rights. The accusations of Eutelsat's alleged aid to Russian propaganda by the Ukrainian government also present a challenge to Berneke's leadership.
FROM THE MEDIA: Eva Berneke, the CEO of Eutelsat, the world's third-largest satellite company, has had a busy year since taking over in January 2022. Eutelsat's primary business had been beaming TV channels using geostationary satellites, but its TV revenues were dwindling as the industry shifted towards low-orbit satellite technology. To adapt to the changing market, Berneke initiated a shake-up, and Eutelsat merged with struggling British satellite provider OneWeb, absorbing OneWeb's constellation of 648 low-orbit satellites. The merger has been touted as Europe's entry into the space race, and Eutelsat hopes to become a major player in the booming low-orbit satellite market.
READ THE STORY: Wired
Operation ChattyGoblin: Hackers Targeting Gambling Firms via Chat Apps
Analyst Comments: The report highlights the ongoing activities of various APT groups worldwide and their evolving tactics, techniques, and procedures. The attacks serve as a reminder that APT groups remain a significant threat to businesses and government institutions worldwide. The use of chat applications to distribute malware is a growing trend, and organizations need to be vigilant in monitoring their network traffic and ensuring that their employees are aware of the risks of phishing attacks via chat apps. The report also highlights the need for international cooperation and collaboration in identifying and mitigating the activities of APT groups.
FROM THE MEDIA: According to Slovak cybersecurity firm ESET, a China-aligned threat actor named "Operation ChattyGoblin" has been targeting Southeast Asian gambling companies since October 2021. The attack tactics involve using chat applications, such as Comm100 and LiveHelp100, to distribute a C# dropper that deploys another C# executable, ultimately leading to the deployment of a Cobalt Strike beacon on compromised workstations. ESET's APT Activity Report for Q4 2022–Q1 2023 also highlights attacks against government institutions in South Asia by India-linked threat actors Donot Team and SideWinder, and Confucius, a group that has ties to Patchwork and has been active since at least 2013. The cybersecurity company has also detected the Iranian threat actor OilRig deploying a custom implant named Mango to an Israeli healthcare company. Other notable APT activity includes attacks from Russia-aligned APT groups Gamaredon, Sandworm, Sednit, The Dukes, and SaintBear, with the last group employing an updated version of its Elephant malware framework and a novel Go-based backdoor known as ElephantLauncher.
READ THE STORY: THN
North Korean hackers stole 830K people’s data in attack on Seoul hospital: ROK
Analyst Comments: This is one of the largest known cyberattacks on South Korean civilian infrastructure, and it highlights the persistent threat that North Korean hackers pose to critical infrastructure such as hospitals. The attack underscores the importance of strengthening security systems and policies in all sectors, including installing security updates, controlling access to systems, and encrypting important data including personal information. It is important for organizations to remain vigilant and take proactive measures to protect their networks from similar attacks.
FROM THE MEDIA: North Korean hackers have reportedly breached the intranet of Seoul National University Hospital (SNUH) between May and June 2021, accessing the personal medical records of around 830,000 people, including 810,000 patients and 17,000 former and current employees. According to the Korean National Police Agency (KNPA), the attackers used seven domestic and overseas computer servers to access the hospital’s intranet. The attack has been attributed to North Korean hackers based on the IP addresses of the attack’s sources, intrusion techniques and the use of North Korean vocabulary in the attack. The KNPA warned that North Korean hackers will likely attempt to invade information and communications networks in other sectors as well.
READ THE STORY: NKNEWS
Browser Fingerprint Spoofing: A New Cyber Risk
Analyst Comments: Malicious actors can use browser fingerprinting technologies and anti-detection technologies to impersonate legitimate users and circumvent security controls like authentication and bot detection. One type of attack, known as Gummy Browsers, involves the collection of identifiable browser information to impersonate a legitimate user. Malicious actors can obtain the fingerprint using JavaScript APIs or supported languages, HTTP headers, and fonts. Gummy Browsers can potentially compromise ad privacy, defeat user authentication, and bypass fraud detection.
FROM THE MEDIA: Cybercriminals can exploit browser fingerprinting technology and anti-detection browsers to circumvent security controls. Browser fingerprinting technology collects users' information when they visit a website, including browser type and version, operating system, active plugins and extensions, time zone, language, screen resolution, system fonts, keyboard layout, and user agent. Anti-detection or anti-fingerprinting browsers allow users to customize their digital fingerprints to protect their privacy. However, cybercriminals can use Gummy Browsers to impersonate legitimate users by collecting identifiable browser information and using it to execute attacks, such as compromising ad privacy, defeating user authentication, bypassing fraud detection, and bot attacks. Flare's generative AI can help monitor for browser fingerprint spoofing to mitigate risks.
READ THE STORY: Security Boulevard
Weather Warfare a Future Challenge for Pakistan
Analyst Comments: This article provides a comprehensive overview of the potential risks and impacts of weather warfare on Pakistan’s security, agriculture, water resources, economy, and general stability. The article acknowledges the vulnerability of Pakistan to weather warfare and the need for a multifaceted approach to address the issue. The strategies proposed by the article, such as building resilience, fostering international collaboration, investing in technology, and legislative frameworks, are appropriate and feasible solutions to mitigate the risks of weather warfare.
FROM THE MEDIA: Pakistan is vulnerable to weather warfare due to its reliance on agriculture and water resources, which can be targeted through techniques such as cloud seeding. Weather warfare can exacerbate Pakistan’s susceptibility to natural disasters, leading to food shortages, financial losses, and social unrest. It can also affect the energy industry, infrastructure, environment, and public health. To address this issue, Pakistan needs to focus on building resilience, international collaboration, and technology and legislative frameworks. Pakistan can achieve this by creating early warning systems, disaster management systems, and resilient infrastructure. Pakistan must also diversify its water supplies, invest in technology, and pass laws to control and oversee weather modification operations. Educating the public and strengthening international accords like the Environmental Modification Convention (ENMOD) are also necessary steps.
READ THE STORY: Modern Diplomacy
China’s local governments look to Middle Eastern funds for investment
Analyst Comments: The move by Chinese local governments to attract Middle Eastern and Asian sovereign wealth funds reflects the challenges faced by these governments in raising money domestically to stimulate economic development after the pandemic. Sovereign wealth funds, which are flush with petrodollars, have become an attractive source of investment capital for local governments looking to fund priority areas such as semiconductors, biotechnology, new energy, high-tech manufacturing, and infrastructure. The deepening economic and diplomatic ties between China and the Middle East, as evidenced by the meetings between local government officials and Middle Eastern sovereign wealth funds, also highlight the shift in power dynamics and the growing influence of China in the region, traditionally a US sphere of influence.
FROM THE MEDIA: Chinese local governments are seeking to attract Middle Eastern and Asian sovereign wealth funds to finance economic development in the aftermath of the pandemic. Officials from local governments have held meetings with subsidiaries of Saudi Arabia's Public Investment Fund, the Qatar Investment Authority, and the Abu Dhabi Investment Authority, among other sovereign wealth funds, according to executives and officials briefed on the matter. The meetings highlight the deepening economic and diplomatic ties between China and the Middle East, traditionally a US sphere of influence, and also come at a time when global investors are seeking to attract Middle Eastern cash, with Gulf nations flush with petrodollars following last year's oil boom. Several Chinese local governments, including Shenzhen and Guangzhou, have approached Middle Eastern funds to boost investment in biotech, new energy, and infrastructure and construction industries. The central government's indication that it will no longer bail out local governments, which have been hit by zero-Covid policies and a liquidity crunch in the property sector, has added pressure on local governments to seek new investment sources.
READ THE STORY: FT
ESET APT Report: Attacks by China-, North Korea-, and Iran-aligned Threat Actors; Russia Eyes Ukraine and the EU
Analyst Comments: The release of ESET's APT Activity Report provides valuable insights into the current threat landscape, particularly as it relates to state-sponsored hacking groups. The report highlights the continued activity of APT groups from China, Iran, North Korea, and Russia, and their ongoing targeting of various sectors and regions. It also underscores the importance of utilizing advanced threat detection and protection tools to mitigate these threats. Organizations should consider implementing the recommended security measures outlined in the report to reduce the likelihood of falling victim to APT attacks.
FROM THE MEDIA: ESET, a Slovakian cybersecurity firm, has released its APT Activity Report, which provides a summary of the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from October 2022 to the end of March 2023. During this period, China-aligned threat actors such as Ke3chang and Mustang Panda focused on European organizations. Iran-aligned group OilRig deployed a new custom backdoor in Israel. North Korea-aligned groups continued to focus on South Korean and South Korea-related entities. Russia-aligned APT groups were particularly active in Ukraine and EU countries, with Sandworm deploying wipers. The report is based on ESET technology and telemetry data.
READ THE STORY: DARKReading
The threats to press freedom in Canada and the world
Analyst Comments: While Canada ranks 15th in the World Press Freedom Index, the harassment of journalists and media professionals is still an ongoing issue, and CBC/Radio-Canada has been working to raise public awareness and ensure the safety of its staff. The article also discusses the recent controversy surrounding Twitter CEO Elon Musk's labeling of CBC's Twitter account as "government-funded" and the implications of such labeling for public broadcasters. Despite these challenges, CBC's commitment to independent, fact-based journalism remains steadfast, as democracies depend on the health of their independent news media.
FROM THE MEDIA: The 30th anniversary of World Press Freedom Day has prompted reflection on the state of journalism in Canada and globally. Over the past three decades, the news media landscape has undergone significant changes, including digital transformation, polarization, disinformation, and growing distrust of mainstream media. At the same time, authoritarian regimes have restricted, censored, or thwarted independent journalism, with more than 560 journalists and media workers currently imprisoned, including Wall Street Journal reporter Evan Gershkovich in Russia. The World Press Freedom Index ranks Norway, Ireland, and Denmark as the top three countries for press freedom, while Vietnam, China, and North Korea are at the bottom. Canada ranks 15th. CBC/Radio-Canada's Twitter account was recently labeled as "government-funded" by CEO Elon Musk, sparking controversy and prompting CBC/Radio-Canada and other public broadcasters to pause their activity on their official Twitter accounts.
READ THE STORY: CBC
Items of interest
Iranian state-sponsored hackers exploiting printer vulnerability
Analyst Comments: The award of the contract to Elbit America highlights the US Army's commitment to providing its soldiers with a connected-tech edge. The Next Gen Hubs will play a vital role in the Nett Warrior system, providing control nodes for the latest network-connected kit for infantry troops. The Nett Warrior system addresses battlefield communication shortcomings and improves situational awareness for individual soldiers and their squadmates. The Army's efforts to improve communication and situational awareness using network-connected devices are crucial for maintaining battlefield readiness and effectiveness. The success of the NGH and the Nett Warrior system will depend on how well the equipment performs in the field, and whether the soldiers find it intuitive to use.
FROM THE MEDIA: The US Army has awarded a contract to defense firm Elbit America for 33,000 Next Generation Hubs (NGH), a rugged wearable USB device. The NGHs will serve as control nodes for the Nett Warrior system, the US Army's latest network-connected kit for infantry troops. The Nett Warrior system is designed to use commercial smart devices with tactical applications networked through the Integrated Tactical Network to provide situational awareness for individual soldiers and their squadmates. Elbit's Next Gen Hubs will help address battlefield communication shortcomings and connect components such as targeting systems, laser range finding, night vision, thermal sights, and even personal drones.
READ THE STORY: The Register
From Zero to Zero Day (Video)
FROM THE MEDIA: The speaker, Jonathan, discusses his journey from being an 18-year-old with some programming knowledge to becoming a security researcher and finding a zero-day vulnerability in Chakra, a JIT compiler used in Microsoft Edge. He shares his learning process, which included practicing through war games and capture-the-flag competitions, reading about basic vulnerabilities, and exposing himself to real-world vulnerabilities. He also talks about the patterns he noticed in vulnerabilities and how he found the vulnerability in Chakra through his knowledge of JavaScript engines. He explains how he exploited the vulnerability and demonstrates it in a working demo. He advises beginners to practice and learn through examples and reading about vulnerabilities.
Asset Discovery Using Shodan (Video)
FROM THE MEDIA: The speaker discusses using the Shodan CLI for asset discovery and demonstrates how to obtain data on a particular domain, manipulate and clean the data using JQ, and use it with other tools like httpx and nuclei. The speaker also announces a giveaway and encourages viewers to subscribe and hit the notification bell.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.