Daily Drop (503)

05-29-2023

Monday, May 29, 2023 // (IG): BB // Intro Exploit Dev // Coffee for Bob

U.S Tech Mogul Bankrolls Pro-Russia, Pro-China News Network

Analyst Comments: The power dynamics and funding sources behind BreakThrough News and the International People's Media Network are intriguing. The involvement of former Kremlin-backed personalities and the financial support from Singham, a prominent tech entrepreneur, raise concerns about the network's objectives and influence. The convergence of narratives that criticize Western powers while favorably portraying China and Russia aligns with Beijing's geopolitical interests. However, the network's adherence to Cold War-era ideologies and its reliance on alternative voices may limit its impact and reach. The transparency of funding sources and the potential use of dark money within the network raises further questions about its operations.

FROM THE MEDIA: The emergence of BreakThrough News and its affiliation with the International People's Media Network has attracted attention due to its association with Russian state-affiliated outlets and its connections to a network of pro-Moscow, pro-Beijing content creators. The network, led by Tricontinental Institute for Social Research and funded by tech mogul Neville "Roy" Singham, aims to promote narratives that criticize the United States while portraying China and Russia in a positive light. The network's expansion into different regions crucial to China's geopolitical interests raises questions about its influence and potential impact.

READ THE STORY:   The Daily Beast

Arm announces Cortex-X4 among latest CPU and GPU designs

Analyst Comments: Arm's TCS23 announcement highlights the company's commitment to providing optimized chip technologies for improved performance and power efficiency in laptop and smartphone system-on-chips. The mix of CPU core types in the compute clusters offers flexibility to meet different workload requirements, while the fifth-generation GPUs focus on graphics performance and energy savings. Arm's TCS approach of curating and optimizing chip technologies under a unified umbrella provides customers with a comprehensive and integrated solution for their SoC designs.

FROM THE MEDIA: Arm is set to unveil new CPU and GPU designs under its Total Compute Solutions (TCS) umbrella. The TCS23 package offers compute clusters that can incorporate a mix of three CPU core types: the new Cortex-X4 performance core, the Cortex-A720 mid-level core, and the Cortex-A520 power-efficient core. The Cortex-X4 is claimed to be the fastest Arm CPU ever built, with a 15% performance increase and 40% less power consumption compared to the previous generation. The TCS23 also introduces fifth-generation GPUs with advanced rendering pipelines and Deferred Vertex Shading (DVS) for improved graphics performance and energy efficiency. Arm expects products based on TCS23 to hit the market early next year.

READ THE STORY:   The Register

Ethereum’s Shanghai upgrade made it easier to detect criminals

Analyst Comments: The shift to proof-of-stake on Ethereum and the ability to earn staking rewards have introduced new dynamics to the cryptocurrency ecosystem. The staking yield on Ethereum can be seen as a "risk-free rate" for the crypto market, which can help in analyzing financial behavior and detecting suspicious activity. Traditional forensics in the financial sector focuses on activity, whereas crypto forensics analyzes entities and networks of wallets to identify transfers of criminal assets. The ability to monitor wallet addresses and analyze asset flows in the crypto ecosystem makes it easier to detect the placement of illicit assets. The introduction of fixed-income assets on Ethereum provides a benchmark for risk-reward structures, allowing investigators to identify financial behavior that runs counter to expected trends. This can be valuable in detecting activities like wash trading of NFTs or layering criminal proceeds through DeFi protocols.

FROM THE MEDIA: The recent upgrade of Ethereum, known as the Shanghai upgrade, has transformed the blockchain into a proof-of-stake network. This upgrade allows validators to stake their Ether and earn staking rewards. The Ethereum ecosystem has been associated with investment themes such as decentralized finance (DeFi), stablecoins, Bitcoin (via wrapped versions of BTC), and non-fungible tokens (NFTs). With the upgrade, the network has also introduced fixed-income assets. The introduction of staking rewards on Ethereum has implications for crypto forensics, as it provides a benchmark interest rate that can help detect unusual financial activity and potential money laundering.

READ THE STORY:   CoinTelegraph

China Urges Japan to halt export restrictions on Chips

Analyst Comments: China's condemnation of Japan's semiconductor export controls highlights the ongoing tensions between the two countries in the technological and trade realms. The criticism from Wang Wentao underscores China's discontent with the restrictions imposed by Japan, which align with U.S. export controls. While Japan maintains that its actions are in line with its commitment to international peace and stability, China perceives these measures as violations of trade rules. The willingness to engage in practical economic and trade cooperation demonstrates China's desire to find common ground despite the disagreements. The meetings with U.S. officials reflect China's discontent with the economic and trade policies pursued by the United States, including initiatives that exclude China.

FROM THE MEDIA: Chinese Commerce Minister Wang Wentao has criticized Japan's semiconductor export controls during discussions with Japanese Trade Minister Yasutoshi Nishimura at the APEC conference. Japan had agreed to align its export controls with those of the United States, limiting the sale of certain chipmaking tools to China and imposing restrictions on semiconductor manufacturing equipment exports. Wang called these actions a violation of international economic and trade rules. However, China expressed a willingness to collaborate with Japan on economic and trade cooperation. Nishimura also met with U.S. Secretary of Commerce Gina Raimondo to deepen cooperation in advanced chip research and development. Wang, in his meetings with Raimondo and U.S. Trade Representative Katherine Tai, criticized U.S. economic and trade policies towards China, including the exclusion of China from the U.S.-led Indo-Pacific Economic Framework.

READ THE STORY:   Reuters

The Failures of Russian Intelligence in the Ukraine War and the Perils of Confirmation Bias

Analyst Comments: The analysis highlights the challenges and limitations of Russia's intelligence services within an authoritarian regime. The dependency on Putin's approval and the conformist culture within these services hinder their ability to provide objective intelligence assessments. The focus on confirming biases rather than challenging assumptions creates a flawed decision-making process. The public instance of Naryshkin's humiliation exemplifies the consequences of contradicting Putin's desired narrative. While there may be instances of dissent within the intelligence services, they often align with institutional rivalries rather than a pursuit of objective truth. The implications of these dynamics on Russia's military and political actions, as seen in the invasion of Ukraine, are significant.

FROM THE MEDIA: The Russian invasion of Ukraine surprised many, including the Kremlin itself. The Russian government expected minimal resistance and a quick victory, similar to the annexation of Crimea in 2014. However, Ukraine has proven to be resilient, defying Russian expectations. The flawed assumptions leading to the invasion may be attributed to the role of Russia's intelligence services and their relationship with President Vladimir Putin. While Putin is regarded as having strategic intelligence capabilities, the events in Ukraine revealed him as a flawed intelligence manager. Intelligence agencies within authoritarian regimes often struggle with dissenting viewpoints, and this appears to have been the case in Russia. Rather than providing an honest assessment of the situation in Ukraine, the intelligence services likely disseminated information that confirmed Putin's biases. The culture of seeking Putin's approval and conforming to the dominant viewpoint within the intelligence services has led to groupthink and a lack of independent thinkers. Public instances, such as Putin's humiliation of the SVR Director Sergey Naryshkin, further highlight the hesitancy to speak truth to power.

READ THE STORY:   Modern Diplomacy

PyPI Implements Mandatory Two-Factor Authentication for Project Owners

Analyst Comments: The implementation of mandatory two-factor authentication by PyPI is a significant step to enhance the security of the Python package repository. Account takeover attacks can have severe consequences for the software supply chain, as attackers can distribute trojanized versions of packages to spread malware widely. By requiring 2FA, PyPI aims to prevent unauthorized access to user accounts and reduce the risk of such attacks.

FROM THE MEDIA: The Python Package Index (PyPI) will require every account that maintains a project on the repository to enable two-factor authentication (2FA) by the end of the year. This move aims to mitigate the risks of account takeover attacks that could be used to distribute malicious versions of popular packages and compromise the software supply chain. PyPI has previously experienced instances of malware and package impersonation. The enforcement of 2FA will also include organization maintainers but not all users of the service. PyPI currently hosts 457,125 projects and has 704,458 users, with 38,248 users having enabled 2FA to date.

READ THE STORY:   THN

GCHQ’s Jeremy Fleming: ‘Xi doesn’t want to see Putin humiliated’

Analyst Comments: China's push for global currency settlement agreements exclusively utilizing the yuan demonstrates its efforts to strengthen the international role of its currency and reduce dependence on the US dollar. By signing these agreements with over 40 countries and regions, including significant players like Russia, Venezuela, and Gulf nations, China aims to promote cross-border yuan settlement and enhance the efficiency of bilateral trade. The move is seen as part of China's broader strategy to internationalize the yuan and establish it as a viable alternative to the US dollar in international transactions. One of the key motivations behind this initiative is to shield participating countries from the potential impacts of the "weaponized dollar," as evidenced by the sanctions imposed on Russia after its actions in Ukraine. By conducting direct settlements in yuan, China believes it can mitigate the influence of US-led financial sanctions and provide participating countries with greater financial autonomy.

FROM THE MEDIA: Sir Jeremy Fleming, the outgoing head of the UK's signals intelligence agency, GCHQ, has discussed the agency's role and challenges in an interview. Fleming highlighted the importance of cybersecurity and intelligence in the digital age, emphasizing the role of GCHQ in countering cyber threats and defending national security. He also spoke about the increased public trust in intelligence agencies and the need for cooperation between governments and tech companies in addressing cybersecurity issues. Fleming mentioned the evolving geopolitical landscape, particularly China's rise in cyber capabilities, and stressed the importance of staying vigilant in the face of emerging threats.

READ THE STORY:   FT

Don't Click That ZIP File! Phishers Weaponizing .ZIP Domains to Trick Victims

Analyst Comments: The "file archiver in the browser" phishing technique highlights the constant evolution and creativity of cybercriminals in their efforts to deceive users and steal sensitive information. By leveraging familiar file archiver software interfaces and utilizing legitimate file extension names, such as .ZIP, threat actors can enhance the credibility of their phishing campaigns. The introduction of new TLDs by Google, including .zip and .mov, has raised concerns about potential confusion between domain names and file names, providing attackers with another vector for phishing attacks. The increasing use of phishing kits and the adoption of more sophisticated techniques pose significant challenges for cybersecurity professionals. The use of encrypted .rpmsg messages and the abuse of legitimate features in Microsoft Teams demonstrate the adaptability and resourcefulness of cybercriminals in exploiting various platforms and services.

FROM THE MEDIA: A new phishing technique called "file archiver in the browser" has been discovered, which involves creating a phishing landing page that mimics a file archiver software within a web browser when a victim visits a .ZIP domain. Threat actors can use HTML and CSS to create realistic-looking phishing pages and host them on .zip domains, increasing the authenticity of their social engineering campaigns. In a potential attack, users could be redirected to a credential harvesting page when clicking on a file "contained" within the fake ZIP archive. The technique can also be used to download malicious files disguised as non-executable files. The discovery coincides with Google introducing new top-level domains (TLDs), including ".zip" and ".mov," which could potentially confuse users and invite phishing and other online scams. Cybersecurity experts warn that malicious actors may exploit the introduction of the .zip TLD to download malware using ZIP-related URLs.

READ THE STORY:   THN

Where Memory Ends and Generative AI Begins

Analyst Comments: The integration of AI into photo and video editing tools presents new possibilities for creative expression but also raises ethical and philosophical questions. The ability to manipulate images using generative AI challenges our understanding of reality, memory, and the trustworthiness of visual media. While these tools offer opportunities for artistic interpretation and creative enhancement, they also raise concerns about misinformation, deceptive practices, and the erosion of trust in visual content. The responsibility lies with tech companies and users to consider the context, transparency, and authenticity of AI-generated images. Establishing standards and guidelines for content origination and media transparency is crucial to ensure the responsible and accountable use of AI in image editing.

FROM THE MEDIA: Runway, a well-funded artificial intelligence (AI) startup, organized the first-ever AI film festival in San Francisco. Runway gained recognition for its text-to-image AI tool called Stable Diffusion in 2022. The company recently released a tool that allows users to change the style of existing videos using a simple prompt. As part of the festival, Runway selected 10 short films that showcased the capabilities of AI technology. One of the films, titled "Expanded Childhood," stood out by using AI-generated images created with OpenAI's DALL-E. The director, Sam Lawton, used the tool to modify photos from his childhood, altering details and adding elements that were not originally present. The film raised questions about the boundary between real memories and generative AI. Tech giants like Google and Adobe have also introduced AI-powered editing tools that can significantly change the context of images. Google's Magic Editor, available on select Android phones, can reposition subjects, remove unwanted elements, and fill in pixel gaps using generative AI. Adobe integrated its generative AI engine, Firefly, into Adobe Photoshop, introducing the Generative Fill feature that can edit photos and add new content based on text prompts.

READ THE STORY:   Wired

That old box of tech junk you should probably throw out saves a warehouse

Analyst Comments: Roland's story exemplifies the value of keeping old tech equipment, even if it seems outdated or useless. The incident highlights the importance of resourcefulness and thinking outside the box when faced with urgent tech support issues. It also emphasizes the benefit of having spare parts on hand to address unexpected failures. This anecdote serves as a reminder to IT professionals to consider the potential value of old equipment before discarding it. It showcases how a seemingly obsolete device can save the day and contribute to problem-solving in critical situations.

FROM THE MEDIA: In this edition of On-Call, a reader named Roland shares a tech support tale from a publishing company's warehouse. The facility heavily relies on a conveyor system controlled by servers connected to industrial control panels. When one of the control panels failed, it halted the movement and sorting of stock. The publisher's maintenance team urgently needed a replacement part but could only get 24-hour delivery. In a stroke of resourcefulness, Roland found an old Sun Microsystems workstation with an ATX power supply in their data center. They wired it into the control panel, performed a clever hack to power it up, and successfully revived the conveyor system.

READ THE STORY:   The Register

Neuralink says US OK's human experiments with Elon's brain chips

Analyst Comments: The FDA approval for Neuralink's human clinical trials marks an important step in the development of brain-computer interface technology. The ability to test the implant in humans will provide valuable data and insights for further refinement and improvement. Neuralink's focus on assisting paralyzed and blind patients reflects the potential for this technology to significantly impact healthcare and quality of life for individuals with disabilities. While the long-term goal of enhancing human cognitive abilities raises ethical and societal considerations, the initial applications for medical purposes have the potential to bring transformative benefits to those in need.

FROM THE MEDIA: Neuralink, the brain-computer interface startup founded by Elon Musk, has received permission from the US Food and Drug Administration (FDA) to conduct its first human clinical trials. The approval is a significant milestone for Neuralink, which has been developing a brain implant but faced challenges in obtaining official approval for human experimentation. The N1 device, a sensor chip with 1,024 electrodes, is implanted in the brain through a small hole in the skull. The electrodes connect with neurons and transmit electrical signals, which can potentially be used to control devices and perform tasks. Neuralink aims to help paralyzed and blind patients regain mobility and vision and ultimately enhance human cognitive abilities.

READ THE STORY:   The Register

What we know about China’s hacking of Navy systems

Analyst Comments: The breach of American infrastructure by Chinese-backed hackers raises concerns about cybersecurity and the protection of critical systems. The use of legitimate credentials and the exploitation of cybersecurity device flaws highlight the need for robust security measures and continuous monitoring. The involvement of the U.S. Navy infrastructure in Guam is particularly significant due to the strategic importance of the region. The joint advisory by the Five Eyes members demonstrates the collaborative effort to address cyber threats and enhance defenses.

FROM THE MEDIA: Chinese-backed hackers, identified as the group Volt Typhoon, have breached American infrastructure, including technology systems belonging to the U.S. Navy, according to reports from Microsoft. The hackers used legitimate credentials and exploited a flaw in Fortinet cybersecurity devices to gain access. The full extent of the hack is not yet clear, but it targeted various sectors, including communications, manufacturing, utilities, transportation, government, and more. The United States and its allies have published a report on how to detect and protect against similar intrusions. China has denied the allegations and called them a "collective disinformation campaign." The cybersecurity agencies of the Five Eyes intelligence sharing organization have issued a joint advisory on the hack and recommended steps to prevent similar attacks.

READ THE STORY:   Tasked and Purpose

Swiss electrification and automation technology giant ABB confirmed it has suffered a data breach after a ransomware attack

Analyst Comments: The successful breach and unauthorized access to ABB's systems raise concerns about the potential compromise of sensitive data. The involvement of the Black Basta ransomware group, known for its double-extortion tactics, further emphasizes the financial motivation behind such attacks. The fact that ABB may have paid the ransom indicates the challenges organizations face when dealing with ransomware incidents. ABB's response to the attack, including closing VPN connections and collaborating with cybersecurity experts, demonstrates a proactive approach to mitigate the impact and prevent further spread. The company's commitment to sharing information, such as indicators of compromise, is commendable and can aid other organizations in strengthening their defenses.

FROM THE MEDIA: ABB, a Swiss multinational company specializing in electrification and automation technology, experienced a cyber attack on May 7, 2023. The attack, attributed to the Black Basta ransomware group, targeted ABB's Windows Active Directory and infected numerous devices. While the extent of the impact is still being investigated, certain projects were delayed, and some factories were affected. ABB confirmed unauthorized access, deployment of ransomware, and data theft. The company has taken measures to recover, including closing VPN connections with customers.

READ THE STORY:   Security Affairs

Colombian government targeted by suspected cyber partisans

Analyst Comments: The cyber attack by SiegedSec on Colombian government websites highlights the persistent threat posed by hacktivist groups targeting public entities. The leaking of sensitive data, including emails and identification cards, raises concerns about potential privacy and security implications. The motives of SiegedSec seem to be driven by anarchistic ideals rather than financial gain, as they have not engaged in ransomware or attempted to sell the stolen data.

FROM THE MEDIA: Colombian government websites have come under attack by a suspected hacktivist group called SiegedSec. The group claims to have leaked 6GB of data, including emails, confidential documents, and ID cards. FalconFeedsio, a threat intelligence analyst, reported on the campaign and SiegedSec's statement that it marked their final attack in Operation Colombia. The group claimed to have targeted government websites, power supply controllers, and fuelling systems. The leaked data reportedly includes databases, backend files, and identification cards from the jcc.gov.co and hlp.gov.co websites. While the motive of SiegedSec remains unclear, it appears to be an anarchist group that does not prioritize specific industries or locations and does not make ransom demands.

READ THE STORY:   Cybernews

Japan on standby for DPRK ‘satellite’ launch in the next two weeks

Analyst Comments: North Korea's planned satellite launch raises concerns due to its potential violation of UN resolutions and its disguised missile test implications. It poses a threat to regional peace and safety, and Japan has expressed its strong opposition to the launch. The international community, including the US and South Korea, will closely monitor the situation. North Korea's development of a military spy satellite underscores its ongoing efforts to enhance surveillance capabilities and improve its military technology.

FROM THE MEDIA: North Korea has notified Japan of its plan to launch a satellite in the coming days, potentially aiming to put its first military spy satellite into orbit. The launch window is set from May 31 to June 11 and could affect waters in the Yellow Sea, East China Sea, and east of the Philippines' Luzon Island. Japan's Prime Minister's office called on North Korea to refrain from the launch and stated that it would cooperate with relevant countries, such as the US and South Korea. Launching a satellite would require the use of long-range missile technology, which is prohibited by United Nations Security Council resolutions. Japan's Defense Minister has ordered the country's Self Defense Force to shoot down the satellite or any debris that enters Japanese territory.

READ THE STORY:   Aljazeera

Items of interest

Russia adapted arms and tactics ahead of Ukraine's offensive

Analyst Comments: By drawing on field interviews with Ukrainian brigades, it offers valuable insights into Russia's military advancements that may have been overlooked. The analysis highlights significant improvements in areas such as air defense, electronic warfare, and engineering capabilities, suggesting that Russia has addressed early failures and become more formidable. This report serves as a reminder that perceptions of military strength should be regularly reassessed to accurately gauge the evolving capabilities of potential adversaries.

FROM THE MEDIA: UK's Royal United Services Institute (RUSI) challenges the widespread perception of the weakness of the Russian army, suggesting that it may be out of date or misconceived. While acknowledging issues such as dysfunctionality and poor morale, the report argues that Russia's battlefield advances have often been overlooked. The study draws on field interviews with Ukrainian brigades that have fought against Russian units. It emphasizes the importance of understanding Russia's changing military approach, not only for Ukraine but also for NATO members facing an increasingly hostile and evolving rival in Moscow.

READ THE STORY:   Modern Diplomacy

China’s Fishing Boats Carry a Deadly Secret (Video)

FROM THE MEDIA: China's fishing boats have gotten the name "maritime militia" because of their use for things that go well beyond fishing. Those who have had run-ins with China's fishing boats know that they're more than meets the eye, and that their mission is often more deadly than just catching fish. In this episode of China Unscripted, we discuss China's civilian-military fusion, when China might attack Taiwan, and how China looks at warfare. Joining us in this episode is Colonel Grant Newsham, a former Marine intelligence officer and author of the new book "When China Attacks: A Warning to America."

OSINT On The Ocean Maritime Intelligence Gathering (Video)

FROM THE MEDIA: The speaker emphasizes the vulnerabilities of ship systems, particularly outdated navigation and propulsion systems, and the potential risks posed by crew members introducing unauthorized devices like USB sticks. Various types of vessels are mentioned, including cargo ships, ferries, navy ships, cruise ships, fishing boats, yachts, and tankers. Rae Baker explains how to track ships using online resources like the USCG Maritime Information Exchange, Marinetraffic.com, and Vesselfinder.com, which provide details on ship locations, routes, and characteristics.

These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected to cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.