Daily Drop (664): IN and CN, Putin: Mikhail Kasyanov, EU: Spyware, CN: Opium Wars, Medley Interlisp, OwnCloud: Vul, Chinese Lithium, US: South China Sea, OpenCart: Vul, Aliquippa's Water Supp.
11-26-23
Sunday, Nov 26, 2023 // (IG): BB // The Leek Sino-Satire // Coffee for Bob
Navigating Geopolitical Challenges with India and China
Bottom Line Up Front (BLUF): Canada's once-held belief of being a "fireproof house" in terms of geopolitics is facing a dramatic transformation. The country, surrounded by oceans and a friendly neighbor in the US, is now grappling with complex foreign policy dilemmas, particularly concerning India and China. This article assesses how Canada's traditional notions of security and detachment are evolving as it confronts rising global powers and changing economic dynamics in Asia.
Analyst Comments: Canada's foreign policy is at a crossroads as it faces growing geopolitical challenges with India and China. The assessment reveals that the nation's historical perception of being insulated from global conflicts is no longer tenable. Canada's foreign policy experts and officials are recognizing the need for a strategic shift in dealing with emerging powers, emphasizing pragmatic diplomacy and stronger regional engagement. The article highlights how Canada's approach to foreign policy is evolving in response to these complex and dynamic global shifts.
FROM THE MEDIA: Exploring Canada's changing foreign policy strategy, it reflects the nation's understanding that it can no longer rely solely on its geographical isolation for security. In the face of tensions with India and China, Canada embraces pragmatic diplomacy while safeguarding its sovereignty. By expanding its presence in the Indo-Pacific and participating in international security efforts, Canada aims to adapt to the rapidly changing global landscape and protect its interests and values in a world where geopolitics no longer respects old boundaries.
READ THE STORY: FT
Putin Adds Former Russian Prime Minister to "Foreign Agent" List
Bottom Line Up Front (BLUF): Russian President Vladimir Putin has added former Russian Prime Minister Mikhail Kasyanov to the country's "foreign agent" list, a move that could undermine Kasyanov's credibility. This decision comes as part of Russia's broader crackdown on organizations and individuals receiving foreign funds or support, often used against independent media and opposition figures.
Analyst Comments: The designation of Mikhail Kasyanov as a "foreign agent" by the Russian Justice Ministry reflects the ongoing suppression of dissenting voices in Russia. Kasyanov's history as both a former prime minister and an opposition figure makes this move particularly noteworthy. It underscores the Kremlin's determination to stifle opposition and maintain control over the narrative, especially concerning its actions in Ukraine.
FROM THE MEDIA: Former Russian Prime Minister Mikhail Kasyanov's inclusion on the "foreign agent" list underscores the Kremlin's ongoing efforts to silence opposition and control the flow of information. This move poses a credibility challenge for Kasyanov, who has a history of opposing President Putin's policies. As Russia continues its crackdown on dissent, the implications for independent media and opposition figures remain a significant concern.
READ THE STORY: The Hill
Cyberattack on Aliquippa's Municipal Water System Linked to Iranian-Backed Group
Bottom Line Up Front (BLUF): Hackers claiming affiliation with a cyber guerrilla group tied to the Iranian government targeted Aliquippa's municipal water system, temporarily disrupting the supply of drinking water to Raccoon and Potter townships. The group, known as the "Cyber Av3ngers," has a history of attacking critical infrastructure hardware manufactured by Israeli-owned companies. The attack resulted in the shutdown of a pump and displayed an anti-Israel message on the control panel.
Analyst Comments: The Cyber Av3ngers, a sophisticated international hacking group, targeted Aliquippa's municipal water system by shutting down a pump responsible for supplying drinking water. The attackers left a message on the system's control panel expressing their anti-Israel sentiments. The controller used in the water system is manufactured by Unitronics, a company traded on the Tel Aviv Stock Exchange, making it a target for the group.
FROM THE MEDIA: Aliquippa's municipal water system experienced a cyberattack by the Cyber Av3ngers, a group with ties to the Iranian government. The attackers temporarily disabled a pump responsible for supplying drinking water and displayed an anti-Israel message on the control panel. Municipal authorities swiftly responded, and the incident did not impact water quality. Law enforcement agencies are actively investigating the cyberattack, and efforts are underway to secure critical infrastructure systems.
READ THE STORY: BC
European Parliament Adopts Resolution Urging Legislation in Response to Spyware Concerns
Bottom Line Up Front (BLUF): The European Parliament has passed a resolution with a strong majority (424 in favor, 108 against, with 23 abstentions) criticizing the European Commission for not taking decisive action against spyware abuses. This comes following an inquiry into the use of spyware, known as PEGA, which raised concerns about member states' national authorities' involvement in these abuses. The Commission's reluctance to interfere with member states' security matters has been met with criticism, as it fails to address the issue effectively.
Analyst Comments: The resolution reflects the growing concerns within the European Parliament regarding the misuse of spyware and its impact on privacy and civil liberties. While the Commission did propose legislation to protect journalists from spyware targeting, controversies surrounding the level of protection and potential watering down of the law have arisen in negotiations between the Commission, Council, and Parliament. Civil society groups argue that the proposed legislation may not be sufficiently robust to combat spyware abuses effectively.
FROM THE MEDIA: The European Parliament has called on the European Commission to take immediate action against spyware abuses, citing concerns raised in the PEGA inquiry. Despite the Commission's reluctance to interfere with member states' security matters, MEPs are pressing for legislation to protect against these abuses. However, debates over the level of protection and potential weakening of the law continue, leaving the effectiveness of the proposed legislation in question. Civil society groups advocate for stronger measures to combat spyware abuses and protect individuals' privacy.
READ THE STORY: The Record
Hackers Leak Sensitive Information from Leading US Nuclear Research Facility
Bottom Line Up Front (BLUF): The Idaho National Laboratory (INL), a prominent US nuclear research facility, has suffered a data breach orchestrated by the hacking group SiegedSec. The breach, which occurred on November 20, 2023, was attributed to a cybersecurity incident at an external vendor system approved by federal authorities, used for INL's cloud-based Human Resources services. The group, self-identifying as "gay furry hackers," has made unconventional demands, including research into creating real-life catgirls. While their motivations remain unclear, the breach has exposed significant amounts of employee data, including addresses, Social Security numbers, birth dates, and employment information.
Analyst Comments: The INL breach underscores the growing sophistication of cyber threats, even targeting critical research facilities. The demand for creating "IRL catgirls" is peculiar and likely a diversion tactic. The release of sensitive employee data poses security risks and raises concerns about the safety of affected individuals. The collaboration between INL, the Department of Homeland Security, and the FBI is vital for a thorough investigation. This incident highlights the urgency for organizations to enhance their cybersecurity measures and protect sensitive information.
FROM THE MEDIA: Hackers from SiegedSec breached the Idaho National Laboratory, a significant US nuclear research institution, by exploiting vulnerabilities in an external vendor system. The breach led to the exposure of extensive employee data, raising concerns about the affected individuals' security and privacy. Despite unconventional demands from the hackers, such as researching real-life catgirls, the breach is a reminder of the escalating cyber threats targeting critical organizations. INL is working with law enforcement agencies to investigate the breach's extent and mitigate potential damage, emphasizing the importance of robust cybersecurity measures in today's digital landscape.
READ THE STORY: HackRead
The Fentanyl Crisis and Echoes of the Opium Wars: A Letter
Bottom Line Up Front (BLUF): A letter from Marta Varela in response to Robert Armstrong's article, "How America got high as a kite," criticizes the view that drug problems stem from "lazy libertarianism" and highlights the Biden administration's efforts to curb fentanyl production. Drawing parallels to the opium wars in imperial China, Varela suggests that addressing drug epidemics involves complex geopolitical factors and revenue-driven policies, not just individual liberty.
Analyst Comments: Marta Varela's letter offers a historical perspective on the fentanyl crisis, linking it to the opium wars in China. Varela argues that the complexities of drug issues extend beyond ideology, with geopolitical interests and financial incentives playing a significant role. The letter underscores the need for a comprehensive understanding of drug problems and their historical context.
FROM THE MEDIA: In response to an article discussing drug issues and libertarianism, Marta Varela draws parallels between the fentanyl crisis and the opium wars in China. Varela suggests that the Biden administration's efforts to curb fentanyl production resemble imperial China's attempts to prevent the import of opium. The letter emphasizes that addressing drug epidemics involves more than just individual freedom, as geopolitical factors and revenue-driven policies also play a crucial role in shaping the outcome.
READ THE STORY: FT
The Revival of Medley/Interlisp: A Journey Back in Programming History
Bottom Line Up Front (BLUF): The Medley Interlisp Restoration Project, led by passionate programmers, aims to revive and modernize the historic Medley/Interlisp, a Lisp-based operating system. This project has succeeded in making it compatible with modern compilers and running on modern OSes, preserving a unique piece of computing history that was once utilized for AI research and development.
Analyst Comments: The article discusses the Medley Interlisp Restoration Project, highlighting its significance in preserving the Medley/Interlisp operating system. It provides historical context, showcasing the challenges of maintaining and reviving discontinued software. The project's efforts to update and make it compatible with modern systems are commendable, and it serves as a testament to the dedication of the programming community.
FROM THE MEDIA: The Medley Interlisp Restoration Project, led by Larry M Masinter and a team of dedicated programmers, is breathing new life into the Medley/Interlisp operating system, a historical piece of software with roots in Lisp-based computing. This project aims to modernize and preserve the system, making it compatible with contemporary compilers and operating systems. The article highlights the challenges of reviving discontinued software and the project's progress in keeping this piece of computing history alive.
READ THE STORY: The Register
Critical Vulnerabilities in ownCloud Pose Data Breach Risk
Bottom Line Up Front (BLUF): OwnCloud, an open-source file-sharing software, has disclosed three critical security vulnerabilities that could lead to data breaches and unauthorized access. The flaws affect various versions of ownCloud, including the disclosure of sensitive credentials, authentication bypass, and subdomain validation bypass. Users are advised to apply recommended fixes and enhance security measures.
Analyst Comments: In response to these vulnerabilities, ownCloud recommends specific actions for users. For the first flaw, users are advised to delete a specific file and disable the 'phpinfo' function. Additionally, changing secrets like admin passwords and credentials is recommended. The second issue highlights the risk of accessing, modifying, or deleting files without authentication, provided the username is known. Finally, the third flaw pertains to improper access control and suggests disabling the "Allow Subdomains" option as a workaround.
FROM THE MEDIA: OwnCloud, the popular open-source file-sharing software, has issued a warning regarding three critical security vulnerabilities that could potentially expose sensitive information and enable unauthorized access to files. These vulnerabilities impact different versions of ownCloud and vary in severity. The first flaw, with a CVSS score of 10.0, allows disclosure of sensitive credentials and configuration in containerized deployments. The second vulnerability, with a CVSS score of 9.8, relates to WebDAV API authentication bypass using pre-signed URLs. The third flaw, scoring 9.0 on CVSS, involves subdomain validation bypass.
READ THE STORY: THN
Ex-Russian PM Mikhail Kasyanov Designated as "Foreign Agent"
Bottom Line Up Front (BLUF): Russia's justice ministry has designated former Prime Minister Mikhail Kasyanov as a "foreign agent," a term commonly used to restrict anti-Kremlin opposition figures. Kasyanov, a vocal critic of President Vladimir Putin, left Russia following the full-scale invasion of Ukraine in 2022. Despite serving as Prime Minister during Putin's first presidential term, Kasyanov has strongly condemned Russia's actions in Ukraine. He currently resides in exile, joining numerous other Kremlin critics and civil society organizations on the "foreign agent" list. This designation imposes obligations, including explaining their status on their publications and providing detailed funding source updates, while restricting their participation in Russian political activities.
Analyst Comments: The "foreign agent" law, initially applied to foreign-funded non-governmental organizations, has since been expanded to encompass individuals and media entities, regardless of whether they are Russian or foreign, that are deemed to have foreign influence. This broader application of the law reflects the government's efforts to tighten control over dissenting voices within the country. Kasyanov's case is not unique, as other critics of the Russian government and civil society groups have also found themselves on the "foreign agent" list. The move to designate individuals like Kasyanov as "foreign agents" is part of a broader trend of curbing opposition and limiting the influence of anti-Kremlin figures and organizations in Russia.
FROM THE MEDIA: Russia's justice ministry has officially designated Mikhail Kasyanov, the former Prime Minister and a prominent critic of President Vladimir Putin, as a "foreign agent." This label, often used to stifle opposition to the Kremlin, imposes several obligations on those listed. They are required to disclose their "foreign agent" status on their publications, including on social media platforms, and provide detailed updates on their funding sources. Moreover, their participation in Russian political activities is restricted.
READ THE STORY: BBC
Chinese Lithium Prices Fall by Nearly 80% Year-on-Year, Impacting Electric Vehicle Battery Manufacturers
Bottom Line Up Front (BLUF): The price of lithium in China has witnessed a dramatic decline of nearly 80% year-on-year, with lithium carbonate now valued at 130,000 Chinese yuan (approximately 16,653.64 euros) per ton. Monthly data reveals a staggering drop of over 20% in lithium carbonate prices. This steep fall has been attributed to pessimistic industry prospects and reluctance among electric vehicle (EV) battery manufacturers to stock up on lithium amid concerns of potential tariffs and trade barriers resulting from an EU investigation into Beijing's EV production subsidies.
Analyst Comments: The substantial drop in lithium prices in China is alarming for the EV industry, as lithium-ion batteries are a critical component for electric vehicles. The declining prices may initially appear beneficial for EV manufacturers as they could potentially reduce production costs. However, the underlying reasons for this price plunge raise significant concerns. The reluctance of battery manufacturers to procure large quantities of lithium during the third quarter, a period typically dedicated to stock replenishment, indicates their apprehension about the future of the industry. This suggests that the outlook for the EV market might not be as optimistic as previously anticipated. Furthermore, the EU's investigation into Chinese subsidies for EV production has created uncertainty regarding future trade relations, potentially leading to new tariffs and barriers that could affect the global supply chain of lithium and EV components.
FROM THE MEDIA: The price of lithium carbonate in China has plummeted by nearly 80% year-on-year, causing significant concerns within the electric vehicle (EV) industry. Monthly data shows a more than 20% decrease in lithium carbonate prices, a critical component in lithium-ion batteries used in EVs. This sharp decline is attributed to the pessimistic outlook of the industry, prompting EV battery manufacturers to refrain from significant lithium purchases during a period traditionally dedicated to stock replenishment. Moreover, the EU's investigation into Chinese subsidies for EV production has raised the possibility of future tariffs and trade barriers, adding further uncertainty to the industry's prospects.
READ THE STORY: ST
China and U.S. Exchange Accusations Over South China Sea Incident
Bottom Line Up Front (BLUF): China and the United States engaged in a war of words over an incident in the South China Sea, where China's military claimed to have driven away a U.S. warship conducting a routine freedom of navigation operation. The U.S. Navy, however, asserted that it was exercising its navigational rights in accordance with international law. The incident highlights escalating tensions in the disputed region.The dispute in the South China Sea escalated as China claimed to have driven away a U.S. warship conducting a freedom of navigation operation. The U.S. Navy asserted that it was merely exercising its navigational rights in accordance with international law. This incident adds to the growing tension in the region, where China's territorial claims have sparked disputes with neighboring countries. The situation remains volatile, with both China and the United States standing their ground in the South China Sea, raising concerns about the potential for further confrontations.
Analyst Comments: Over the weekend, China's People's Liberation Army Southern Theatre Command stated on its official WeChat account that it had deployed naval and air forces to "track, monitor, and warn away" a U.S. destroyer. The U.S. Navy, in response, asserted that the vessel, the Hopper, was operating in accordance with international law, asserting navigational rights near the Paracel Islands in the South China Sea. China's territorial claims in the South China Sea have been a source of contention, as they overlap with the claims of several neighboring nations, including the Philippines, Vietnam, Indonesia, Malaysia, and Brunei. In 2016, the Permanent Court of Arbitration ruled that China's claims in the South China Sea had no legal basis, but China has continued to assert its sovereignty over the region. Additionally, the Philippines and Australia recently initiated their first joint sea and air patrols in the South China Sea, which further exacerbated tensions in the area. China's response to the U.S. vessel's presence underscores its position that the United States is a "security risk creator" in the South China Sea.
FROM THE MEDIA: The South China Sea remains a hotbed of tension as China and the United States clash over territorial claims and freedom of navigation operations. China's aggressive stance in asserting sovereignty over the region has raised concerns among neighboring nations and the international community. The recent incident involving the U.S. warship highlights the ongoing dispute, with both sides firmly entrenched in their positions. As maritime tensions continue to escalate, the situation in the South China Sea warrants close monitoring and diplomatic efforts to prevent further escalation and maintain stability in the region..
READ THE STORY: Reuters
OpenCart Owner's Hostile Response to Security Vulnerability Disclosure Sparks Controversy
Bottom Line Up Front (BLUF): OpenCart, an e-commerce store management system, faced controversy when its owner, Daniel Kerr, responded with hostility to a security researcher's disclosure of a static code injection vulnerability. The researcher, Mattia Brollo, reported the vulnerability to OpenCart through official channels, but received dismissive and offensive responses. The incident raises questions about the handling of security issues in the e-commerce platform.
Analyst Comments: Mattia Brollo, a penetration tester, initially tried to contact OpenCart regarding the vulnerability through official channels, including support emails and the OpenCart forum, but received no response. He eventually opened a GitHub issue to report the static code injection vulnerability. OpenCart's owner, Daniel Kerr, responded with hostility, dismissing the issue as a "non-vulnerability" and using offensive language. Despite the seriousness of the vulnerability, Kerr labeled Brollo as a "time waster" and even closed a pull request from Brollo, marking it as spam. The National Vulnerability Database recognized the vulnerability as CVE-2023-47444, with a severity score of 8.8 on the CVSS 3 scale. Kerr eventually merged the fix into OpenCart's master branch.
FROM THE MEDIA: OpenCart's hostile response to a security vulnerability disclosure has drawn attention to the platform's handling of security issues. The incident highlights a history of dismissive attitudes towards security concerns within the OpenCart community. As an e-commerce platform serving thousands of businesses, the controversy raises concerns about the platform's commitment to security and its responsiveness to vulnerability reports. Security researchers and users alike may be wary of how OpenCart handles future security disclosures, emphasizing the need for improved security practices in e-commerce systems.
READ THE STORY: The Register
Items of interest
General Electric Investigates Alleged Cyber Attack and Data Theft
Bottom Line Up Front (BLUF): General Electric (GE) is investigating claims made by a threat actor named IntelBroker, who alleges that they breached the company's development environment and stole data. The threat actor initially attempted to sell access to GE's development and software pipelines but later advertised the sale of network access and allegedly stolen data. GE is taking the claims seriously and is conducting an investigation.
Analyst Comments: IntelBroker, a known threat actor with a history of successful cyberattacks, posted on a hacking forum about selling access to General Electric's development environment for $500. When no buyers showed interest, the threat actor expanded the offer to include network access and allegedly stolen data. The data reportedly includes DARPA-related military information and other sensitive files.
FROM THE MEDIA: General Electric is investigating claims of a cyber attack and data theft made by a threat actor named IntelBroker. The threat actor attempted to sell access to GE's development environment and later advertised the sale of network access and allegedly stolen data. GE is taking the claims seriously and has not confirmed the breach but is actively investigating. IntelBroker's history of successful cyberattacks adds weight to the seriousness of the situation, emphasizing the need for robust cybersecurity measures in organizations.
READ THE STORY: Bleeping Computer
VulnerabilityGPT: Cybersecurity in the Age of LLM and AI (Video)
FROM THE MEDIA: With the rapid development of large language models (LLM) and generative AI, the landscape of cybersecurity has experienced a paradigm shift. In this one-hour webcast, we will delve into the emerging information security risks and opportunities associated with LLM and cyber deception operations. As these technologies become increasingly sophisticated, it is imperative for organizations to stay informed about potential threats and best practices in order to maintain a strong security posture.
Lone Wolf Actors: How Ransomware Evolved into Freelance Work (Video)
FROM THE MEDIA: With the rise of ransomware worldwide, observations have indicated a much more cohesive and business-like model for influential groups. This change in adversary modeling has led to many issues within threat actor groups, such as dissent and spontaneous disbandment of the campaigns. As such, the rise of lone-wolf actors has also begun to see an increase in freelance work. Thus, the ability for many in the CTI and IR world becomes more complex as pinpointing a specific variant, or actor group, is not going to be well documented in popular locations.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.