Daily Drop (603): RU: Glonass, US: Huawei, DPRK & RU: Cybercrime, DARPA: BRIDGES, HK: JPEX, ValleyRAT and Gh0st RAT, Software Supply Chain, Next-Gen Battery, Snatch Group, FDM: Pwn'd, IBM: Glass Chips
09-21-23
Thursday, Sep 21, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
Russia's Aging Satellite System Hinders Its Military Capabilities
Analyst Comments: Bloomberg's article from September 20, 2023, sheds light on the challenges faced by Russia due to its outdated satellite navigation system, Glonass. Established in the 1980s to rival the U.S. Global Positioning System (GPS), Glonass has not kept pace with technological advancements. This discrepancy has become evident in military operations, where Russia's reliance on the aging Glonass system has impacted its ability to deploy precision-guided munitions effectively. In contrast, countries like Ukraine have benefited from the superior accuracy of the U.S. GPS, further leveraging advanced systems like Elon Musk's Starlink for enhanced connectivity. The situation underscores the pivotal role of up-to-date satellite navigation in modern warfare. Russia's lag in this domain not only hampers its military prowess but also indicates a broader technological disparity with nations that have invested in and adopted advanced space systems.
FROM THE MEDIA: The limitations of Russia's satellite navigation system, Glonass, which was originally developed in the 1980s as a rival to the U.S. Global Positioning System (GPS). While the U.S. has continually updated its GPS system, Russia's Glonass has lagged behind in terms of accuracy and reliability. This has had a significant impact on Russia's military capabilities, forcing its armed forces to resort to less precise methods, such as using larger bombs to compensate for the lack of accuracy in guided munitions. The article suggests that the outdated Glonass system has hindered Russia's ability to effectively deploy smart weapons, contrasting it with Ukraine's successful use of U.S. GPS-guided precision rockets and Elon Musk's Starlink satellite constellation for internet connectivity.
READ THE STORY: Yahoo
China Accuses U.S. of Cyber Espionage Against Huawei and Other Entities
Analyst Comments: The allegations come amid escalating geopolitical tensions between the U.S. and China and should be viewed in that context. While the MSS did not provide specific evidence to support its claims, the accusations are serious and could have far-reaching implications for international relations and cybersecurity. The allegations also highlight the complex and often murky world of state-sponsored cyber activities, where attribution can be difficult to establish. China's claims could be seen as a counter-narrative to U.S. accusations of Chinese cyber espionage and could potentially be used as a justification for similar activities by other nations.
FROM THE MEDIA: China's Ministry of State Security (MSS) has accused the United States of conducting a decade-long cyber espionage campaign against Huawei and other Chinese entities. According to a WeChat post by the MSS, U.S. intelligence agencies, specifically the National Security Agency's (NSA) Computer Network Operations unit, have been involved in "systematic and platform-based attacks" against China since 2009. The MSS claims that the NSA hacked into Huawei's servers and carried out tens of thousands of malicious network attacks on other domestic entities, including Northwestern Polytechnical University. China's National Computer Virus Emergency Response Centre (NCVERC) also claims to have isolated a spyware artifact called Second Date, purportedly developed by the NSA.
READ THE STORY: THN
Convergence of Russian and North Korean Cybercrime: A New Threat Landscape
Analyst Comments: The challenges posed by Russia's reluctance to cooperate with international law enforcement, making the task of recovering stolen assets daunting. The merging of Russian and North Korean cybercriminal activities presents a formidable threat to global security, necessitating immediate and coordinated responses from international entities. While the transparency of blockchain offers potential investigative advantages, the challenges are still immense. In essence, the article serves as a clarion call for global entities to bolster their defenses against the evolving and high-stakes world of cryptocurrency-related cybercrime.
FROM THE MEDIA: Hacking groups associated with North Korea are increasingly leveraging Russian-based cryptocurrency exchanges notorious for their involvement in money laundering and illicit activities. This newfound collaboration has been substantiated through on-chain data and emerges after a historic arms meeting between North Korean leader Kim Jong-un and Russian President Vladimir Putin. The article also references an upcoming United Nations report that raises concerns about North Korea's advanced cyberattacks, which are being used to finance its nuclear ambitions. Chainalysis data indicates that about $21.9 million in cryptocurrency pilfered from Harmony Protocol was traced to a notorious Russia-based exchange. For 2023, the total value of cryptocurrency theft linked to North Korean entities is estimated at $340.4 million, marking a decline from the previous year's $1.65 billion. This reduction, however, doesn't necessarily signify enhanced security measures but might be attributed to increased code audits.
READ THE STORY: CryptoNewsBytes
The U.S. Defense Agency Invites Small Businesses and Nontraditional Contractors to Bolster Space Security
Analyst Comments: The initiative underscores the U.S. government's increasing focus on space as a strategic frontier. By opening up the call to a broader range of innovators, DARPA aims to tap into potentially revolutionary concepts that could significantly enhance the U.S.'s capabilities in space. However, the broad nature of the call, without specific details on the types of weapons or technologies sought, leaves room for ethical and strategic debates. As the U.S. aims to maintain its "space superiority," it must also navigate the complex landscape of international laws and norms governing the use of space.
FROM THE MEDIA: The U.S. Defense Advanced Research Projects Agency (DARPA) has issued a call for innovative ideas in space-based weaponry as part of its BRIDGES initiative. Aimed at engaging American small businesses and nontraditional defense contractors, the initiative seeks to expand the pool of companies that can contribute to national security in the space domain. The call comes amid rising concerns about China and Russia's advancements in anti-satellite technologies. Companies with accepted proposals will be rewarded with a contract and sponsorship for security clearance. DARPA plans to review the first round of proposals by October 1, 2023, and will continue accepting ideas until March 15, 2024.
READ THE STORY: PCMAG
Hong Kong Cracks Down on Unlicensed Crypto Platform JPEX
Analyst Comments: The arrest of six individuals, including social media influencers, sends a strong message about Hong Kong's commitment to enforcing its financial regulations, especially in the burgeoning field of cryptocurrency. The action against JPEX is particularly noteworthy given Hong Kong's ambitions to become a global crypto hub. By taking a firm stance on licensing and regulatory compliance, Hong Kong is likely aiming to build a more secure and reliable environment for crypto investors. However, the case also raises questions about the effectiveness of current regulations, as JPEX was able to operate without a license for an extended period, attracting a large number of fraud complaints. This incident may prompt Hong Kong authorities to further tighten regulatory oversight and could serve as a cautionary tale for other crypto platforms operating in or considering entry into the Hong Kong market.
FROM THE MEDIA: Hong Kong authorities have arrested six individuals connected to JPEX, a cryptocurrency trading platform that was operating without a license. The arrests include social media influencers and YouTubers, signaling a significant move by the government to enforce its financial regulations. The Hong Kong Securities and Futures Commission (SFC) had previously warned that JPEX was falsely claiming to have a license for its operations. The SFC has received 1,480 fraud complaints against the platform, totaling around a billion Hong Kong dollars ($128 million). This action comes as Hong Kong aims to position itself as a global hub for cryptocurrency trading, emphasizing that companies must adhere to licensing requirements.
READ THE STORY: The Register
Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT
Analyst Comments: The report highlights the growing sophistication and frequency of phishing campaigns targeting Chinese-language speakers. The use of multiple malware families and the involvement of different threat clusters suggest a coordinated effort to compromise systems and data. The emergence of new malware like ValleyRAT indicates that attackers are continually evolving their tactics. Organizations and individuals should be vigilant and take necessary precautions to protect against these evolving cyber threats.
FROM THE MEDIA: Chinese-language speakers are increasingly being targeted by multiple email phishing campaigns aiming to distribute various malware families such as Sainbox RAT, Purple Fox, and a new trojan called ValleyRAT. Enterprise security firm Proofpoint reported that these campaigns have been active since early 2023 and involve sending emails containing URLs that lead to compressed executables responsible for installing the malware. The campaigns are varied in their use of infrastructure, sender domains, email content, targeting, and payloads, indicating that different threat clusters are behind the attacks. Over 30 such campaigns have been detected in 2023, with at least 20 delivering Sainbox, a variant of the Gh0st RAT trojan. ValleyRAT, first documented in February 2023, is written in C++ and has functionalities commonly seen in remote access trojans.
READ THE STORY: THN
DHS Proposes Single Portal for Cyber Incident Reporting
Analyst Comments: The DHS's proposal aims to make it easier for victim organizations to report cyber incidents by streamlining and harmonizing the requirements. This could be a significant step toward improving the nation's cybersecurity posture, as it would facilitate quicker and more efficient sharing of information between the private sector and federal agencies. The recommendations also aim to balance the need for information with the burdens placed on the industry. The report outlines tasks for Congress, including the removal of legal barriers to harmonization and providing authority and funding for these efforts. It also suggests that incident reports should be exempt from Freedom of Information Act requests. Overall, the proposal appears to be a comprehensive approach to improving cyber incident reporting and response.
FROM THE MEDIA: The Department of Homeland Security (DHS) is considering the creation of a single web portal for federal cyber incident reporting. This comes as part of an effort to simplify the existing 52 federal cyber incident reporting requirements. The Cybersecurity and Infrastructure Security Agency (CISA) is coordinating this initiative in anticipation of its own rules under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). DHS Undersecretary for Policy Robert Silvers submitted a 107-page report to Congress, detailing the work done with 33 federal agencies, including the Treasury, Defense, Justice, Agriculture, and Commerce departments, to harmonize cyber incident reporting.
READ THE STORY: The Record
Rising Threats in Software Supply Chain: Malicious npm Packages Target Kubernetes and SSH Keys
Analyst Comments: The emergence of these malicious npm packages serves as a stark reminder of the growing risks associated with software supply chain attacks, especially in the realm of open-source software. The attacks are not only becoming more frequent but are also showing signs of increased sophistication, targeting high-value assets like cryptocurrency keys. For developers and organizations, this underscores the need for heightened vigilance when incorporating third-party packages into their software projects. Implementing robust security measures, such as regular audits and real-time monitoring, is becoming increasingly crucial to detect and mitigate these kinds of threats.
FROM THE MEDIA: In a recent discovery, cybersecurity researchers have identified a fresh batch of malicious npm packages that are engineered to steal sensitive information, including Kubernetes configurations and SSH keys, from compromised systems. These findings were reported by Sonatype, a software supply chain security firm, which has so far identified 14 different malicious npm packages. These packages are designed to impersonate legitimate JavaScript libraries and components. Once installed on a system, they execute obfuscated code to collect and transmit sensitive files, along with system metadata like usernames and IP addresses, to a remote server. This development is part of a broader trend where open-source registries like npm and PyPI are increasingly being targeted with various forms of malware, including cryptojackers and infostealers.
READ THE STORY: THN
U.S. Department of Defense Invests $30M in Next-Gen Battery Technology
Analyst Comments: The DoD's investment in BEACONS signifies a strategic move to bolster America's capabilities in battery technology, both for defense and commercial applications. This initiative aligns with the Biden administration's focus on bringing back lithium mining and other energy technology industries to the U.S. The center aims to work on safer, more efficient, and longer-lasting battery alternatives, which could have broad implications for sectors ranging from automotive to renewable energy. The focus on workforce development is particularly noteworthy, as it aims to prepare both PhD-level experts and technicians for the future of energy storage systems. The BEACONS center is expected to open in phases over the next 18 months, with facilities for R&D as well as small-scale manufacturing.
FROM THE MEDIA: The U.S. Department of Defense (DoD) has invested $30 million in an energy storage systems campus in Texas, aiming to advance next-generation battery manufacturing in the United States. The funds have been awarded to the University of Texas at Dallas (UTD) and a consortium of other educational institutions, private companies, and national labs. The investment will be used to establish the Batteries and Energy to Advance Commercialization and National Security (BEACONS) center at UTD. The center will focus on three main goals: optimizing existing lithium-ion technology, accelerating the development of next-gen batteries, and ensuring a smooth supply of materials within the U.S. A fourth priority, workforce development, is also highlighted as crucial for achieving these goals.
READ THE STORY: The Register
Russia-Based Group Targets Agriculture, IT, and Defense Industries; Adapts Tactics for Increased Efficacy
Analyst Comments: The advisory from the FBI and CISA underscores the evolving and sophisticated nature of the Snatch ransomware gang. Their ability to adapt and leverage the successes of other ransomware operations makes them a particularly concerning cybersecurity threat. The group's focus on multiple sectors, including agriculture, IT, and defense, indicates a broad threat landscape that organizations across industries should be aware of. The advisory serves as a critical reminder for organizations to remain vigilant and prepared for such advanced and adaptive cybersecurity threats.
FROM THE MEDIA: The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have spotlighted the Snatch ransomware gang, a Russia-based group that has been operational since 2018. Known for its evolving tactics and strategies, the gang has recently set its sights on organizations in the agriculture, IT, and defense sectors. Operating through a command and control (C2) server hosted in Russia, Snatch has been involved in high-profile attacks against entities like South Africa’s Defense Department and the city government of Modesto, California. The group employs a unique ransomware variant that reboots devices into Safe Mode to bypass antivirus software. They also purchase stolen data from other ransomware gangs to extort additional ransoms from their victims. Communication with victims is primarily through email and the Tox platform, although some have reported receiving spoofed calls from the gang directing them to their extortion site.
READ THE STORY: The Record
Free Download Manager Compromised: Ukrainian Hacker Group Distributes Malicious Linux Software
Analyst Comments: The incident involving Free Download Manager is a sobering reminder of the risks associated with downloading software from even well-known and trusted sources. The fact that the vulnerability went undetected for so long, affecting a small but significant subset of Linux users, highlights the stealthy nature of such attacks. This case also underscores the importance of continuous security monitoring and regular updates to web infrastructure. For end-users, it serves as a cautionary tale to be vigilant and proactive in checking for system vulnerabilities and malware, especially when downloading third-party software.
FROM THE MEDIA: The maintainers of Free Download Manager (FDM) have recently confirmed a security breach that dates back to 2020. The breach led to the distribution of malicious Linux software through their website. According to the alert issued by FDM, a Ukrainian hacker group exploited a vulnerability on a specific web page to distribute the malware. This issue potentially exposed users who attempted to download FDM for Linux between 2020 and 2022. Kaspersky's investigation revealed that the malicious Debian package deployed a DNS-based backdoor and a Bash stealer malware capable of harvesting sensitive data. FDM's internal investigation found that the vulnerability was unknowingly resolved during a site update in 2022. The company has released a shell script for users to check for malware presence but has clarified that the script does not remove the malware.
READ THE STORY: THN
Intel's Glass Substrates: A Leap Towards Higher Performance Chips
Analyst Comments: Intel's move towards glass substrates is a strategic effort to keep up with Moore's Law and to address the limitations of organic substrates, especially as chips become more complex and require higher performance. The rigidity and thermal properties of glass make it a promising material for future chip technologies. However, the adoption of glass substrates is not without challenges. Engineering glass with specific properties that can be mass-produced economically is a complex task that will take years to perfect. Furthermore, the technology is still in its nascent stage and is not expected to be commercialized until the end of the decade. Despite these challenges, the potential benefits of glass substrates, such as higher chip density and performance, make it a technology worth watching. Intel is not the only player in this field; other companies like Plan Optik AG and Corning are also exploring the use of glass in semiconductor applications. Overall, the development could mark a significant shift in chip manufacturing, offering more efficient substrates for increasingly complex applications.
FROM THE MEDIA: Intel has announced plans to replace organic substrates with glass substrates in its chip manufacturing process. The company believes that glass substrates will offer higher density and better performance, particularly for applications in artificial intelligence and machine learning. According to Intel's Rob Kelton, glass is more rigid than the current organic substrates, which are mostly plastic, and can handle more chips on a package. Glass substrates could enable a tenfold increase in interconnect densities, allowing for faster data flow in and out of the processor. The technology is expected to be particularly beneficial for large data centers, AI, and graphics applications, where high-density chiplets often operate at varying temperatures.
READ THE STORY: The Register
Gold Melody: The Initial Access Broker Fueling Ransomware Attacks
Analyst Comments: The emergence of Gold Melody as an initial access broker (IAB) highlights the evolving and complex landscape of cyber threats. By selling access to compromised systems, the group adds another layer of risk, making it easier for other threat actors to deploy ransomware or conduct other forms of cyber-attacks. This business model underscores the importance of robust patch management, as the group primarily relies on exploiting vulnerabilities in unpatched servers. Organizations need to be vigilant in keeping their systems up-to-date and monitoring for any signs of intrusion. The group's focus on financial gain rather than state-sponsored activities also indicates a trend where financially motivated cybercrime is becoming increasingly sophisticated.
FROM THE MEDIA: SecureWorks Counter Threat Unit (CTU) has identified a financially motivated cybercrime group known as Gold Melody, which also goes by the names Prophet Spider and UNC961. Active since at least 2017, this group specializes in initial access brokerage, selling access to compromised organizations for other adversaries to conduct secondary attacks like ransomware. Gold Melody exploits vulnerabilities in unpatched internet-facing servers and has been linked to a variety of attacks exploiting security flaws in servers like JBoss Messaging, Citrix ADC, Oracle WebLogic, and Apache Log4j, among others. The group targets sectors such as retail, healthcare, energy, financial transactions, and high-tech organizations primarily in North America, Northern Europe, and Western Asia. Their modus operandi includes deploying web shells for persistence, scanning the victim's environment, and paving the way for credential harvesting, lateral movement, and data exfiltration.
READ THE STORY: THN
Cybercrime Surge in India's Tech Hubs: A Paradox of Development and Vulnerability
Analyst Comments: The rise in cybercrime in India's tech hubs is a concerning trend that highlights the paradox of development and vulnerability. While these cities are at the forefront of technological innovation and economic affluence, they are also becoming attractive targets for cybercriminals. The report points to a lack of digital literacy and cybersecurity awareness as likely contributing factors. This is particularly alarming given that these cities are home to some of the world's leading tech companies. The high rate of financially motivated crimes, especially UPI fraud, indicates a focus on quick financial gains by exploiting the digital payment systems that are increasingly popular in India. The situation calls for immediate action in bolstering cybersecurity measures, improving digital literacy, and creating more robust systems to protect against financial fraud.
FROM THE MEDIA: India is experiencing a significant increase in cybercrime, with cities like Bengaluru and Gurgaon, known for their tech development, emerging as hubs for such activities. A report from the non-profit Future Crime Research Foundation (FCRF) has identified these cities as cybercrime hotspots from January 2020 to June 2023. The report suggests that factors such as proximity to major urban centers, limited cybersecurity infrastructure, and low digital literacy contribute to their vulnerability. Gurgaon district, home to less than 0.2% of India's population, accounted for 8.1% of reported cybercrimes. The city is a major corporate and IT hub, hosting companies like Google, Microsoft, and IBM India. Bengaluru, often called the "Silicon Valley of India," was also named an emerging cybercrime hotspot. Financially motivated crimes, particularly those involving Unified Payments Interface (UPI) fraud, accounted for 77.41% of all reported incidents.
READ THE STORY: The Register
Urgent Update Released to Mitigate Risk of Unauthorized Code Execution and Data Exposure
Analyst Comments: The critical nature of this vulnerability, with a CVSS score of 9.6, underscores the need for immediate action. Successful exploitation could lead to severe consequences, including unauthorized code execution and data exposure. Organizations using affected versions of GitLab EE should prioritize updating their installations to the latest patched versions to mitigate the risks. The vulnerability also serves as a reminder of the importance of maintaining up-to-date software to defend against potential security threats. Given that older vulnerabilities like CVE-2021-22205 are still being actively exploited, it's crucial for organizations to not only apply patches promptly but also to engage in continuous monitoring for any signs of intrusion.
FROM THE MEDIA: GitLab has released urgent security patches to fix a critical vulnerability, identified as CVE-2023-5009, that could allow an attacker to run pipelines as another user. This flaw affects all versions of GitLab Enterprise Edition (EE) starting from 13.12 up to 16.2.7 and from 16.3 before 16.3.4. The vulnerability could enable a threat actor to access sensitive information or use the elevated permissions of the impersonated user to modify source code or execute arbitrary code on the system. Security researcher Johan Carlsson discovered and reported the flaw, which has now been addressed in GitLab versions 16.3.4 and 16.2.7. The disclosure comes amid the ongoing exploitation of a two-year-old critical GitLab bug (CVE-2021-22205) by threat actors, including a China-linked group known as Earth Lusca.
READ THE STORY: THN
Sysadmin and Spouse Admit to Role in $88M Pirated Avaya Licenses Scam
Analyst Comments: The case highlights the vulnerabilities in software licensing systems and the potential for insider threats. Brad Pearce's previous employment at Avaya gave him the access needed to generate pirated software keys, demonstrating the risks associated with admin privileges. The large scale of the operation, involving $88 million in pirated licenses, indicates the significant financial impact such scams can have on software companies. This case serves as a cautionary tale for organizations to implement robust security measures, including regular audits and controls on admin access, to prevent such incidents.
FROM THE MEDIA: A sysadmin named Brad Pearce and his partner Dusti Pearce have pleaded guilty to being part of an international ring that sold pirated software licenses worth $88 million. The couple admitted to one count of conspiracy to commit wire fraud and could face a maximum penalty of 20 years in prison. As part of a plea deal, they must also forfeit at least $4 million in assets, including gold, silver, collectible coins, and cryptocurrency. The pirated licenses were for Avaya's business telephone system software and were used to unlock various features of the system. Brad Pearce had previously worked at Avaya and used his admin privileges to generate tens of thousands of software license keys, which were then sold to various customers, including Jason Hines, an Avaya reseller. Hines was the couple's biggest client, buying over 55% of the stolen licenses. The money gained from the scam was funneled through PayPal under a false name and then transferred to multiple bank accounts. The FBI is still investigating some aspects of the case.
READ THE STORY: The Register
Intel Slaps Forehead, Says I Got It: AI PCs. Sell Them AI PCs
Analyst Comments: Intel's focus on AI in personal computing represents a strategic shift to meet the evolving demands of consumers and developers. By integrating AI capabilities directly into the hardware, Intel aims to offer a more personalized and efficient computing experience. However, the success of this initiative will depend on the development of "killer apps" that can fully utilize these AI capabilities. The company is also looking to extend its reach into edge computing, indicating a comprehensive approach to AI across various platforms. This could potentially set a new standard for personal computing and edge devices, provided Intel can overcome the challenges associated with implementing these technologies.
FROM THE MEDIA: Intel CEO Pat Gelsinger used his keynote at Intel's Innovation conference to emphasize the importance of running large language models and machine-learning workloads locally on users' PCs. Gelsinger believes that the next era of PCs will be driven by AI capabilities. He acknowledged the work done by OpenAI, Microsoft, and Nvidia in the high-end AI sector but argued that the real opportunity lies in bringing these models to the masses by running them locally on personal computers. Gelsinger showcased various AI-enhanced apps running on Intel's OpenVINO inferencing platform, including plugins for image and music generation in popular open-source software like Audacity and GIMP. Most of these demos featured Intel's upcoming 7nm Core Ultra processors, previously code-named Meteor Lake, which are expected to arrive by December 14 at the earliest.
READ THE STORY: The Register
Items of interest
Satellite Hunting Hack Chat
Analyst Comments: The Hack Chat serves as an important platform for community learning and discussion about the complexities of satellite tracking. Scott Tilley's expertise adds significant value to the conversation, especially for those interested in the technical aspects of satellite hunting. The event also highlights the growing interest in space activities beyond national programs, touching on the role of individual and community efforts in understanding what's happening in orbit. It's a step towards democratizing information about space assets and could inspire more people to get involved in satellite tracking as a hobby or even as a more serious endeavor.
FROM THE MEDIA: Hackaday, a popular platform for tech enthusiasts, hosted a Satellite Hunting Hack Chat featuring Scott Tilley, an experienced satellite hunter. The event aimed to discuss the challenges and rewards of tracking satellites, many of which have classified payloads, poorly characterized orbits, and unknown communication protocols. Tilley, who has been hunting satellites for years and writes about his experiences on his blog "Riddles in the Sky," shared his expertise on tracking both long-lost and intentionally hidden satellites. The chat was part of Hackaday's live community events and took place on September 20, 2023, at noon Pacific time.
READ THE STORY: Hack-A-Day
The Satellite Hack Everyone Is Finally Talking About (Video)
FROM THE MEDIA: When Viasat’s network was hacked at the start of Putin’s invasion of Ukraine, the Ukrainian government scrambled to connect troops— and the satellite internet industry got a wakeup call. Bloomberg's Katrina Manson tells us more.
A Military Satellite - For Sale by Hackers (Video)
FROM THE MEDIA: Posted to a significant Russian Hacker forum, the list comes from a user who has prior listings with samples provided and pertains to an industry where the risk of unanticipated hacks is absolutely real.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.