Daily Drop (669): Boko Haram: ISR, Vladimir Dunaev, SpaceX: SK Spy SAT, UEFI: LogoFail, Issa Zarepour, CVE-2023-6345, CN: 2024, CN: EV IRA tax Credit, NXP, Tianhui-5 , CN Coast Guard, Huawei, TikTok
12-02-23
Saturday, Dec 02, 2023 // (IG): BB // The Leek Sino-Satire // Coffee for Bob
Weaponized Drone Use by Radical Islamist Groups in Africa
Bottom Line Up Front (BLUF): Radical Islamist groups in Africa, including Boko Haram and ISWAP, are increasingly using drones for intelligence, surveillance, reconnaissance (ISR), and potentially for delivering improvised explosive devices (IEDs). This evolution in tactics poses a significant challenge for security forces and could prolong conflicts in the region.
Analyst Comments: The adoption of drone technology by radical Islamist groups in Africa marks a concerning escalation in their operational capabilities. Initially used for ISR purposes, there is a growing potential for these groups to weaponize drones, notably seen in ISWAP's testing of delivery drones for IED attacks. This shift reflects these groups' adaptability and their ability to integrate new technologies into their strategies. The use of drones for ISR has already enhanced their operational efficiency, as seen in Boko Haram's sophisticated use of drones surpassing Nigerian military capabilities in 2019. The possibility of drone weaponization presents a serious threat, not only to military targets but also to humanitarian operations.
FROM THE MEDIA: Radical Islamist groups in Africa, particularly Boko Haram and ISWAP, have significantly incorporated drone technology into their operations since 2018. Initially focusing on ISR, these groups have utilized drones for target identification, surveillance of military convoys, and propaganda videography. Boko Haram, an Islamic State affiliate, demonstrated rapid advancement in drone capabilities, outpacing the Nigerian military by 2019. In northern Mozambique, terrorists have used drones in combination with disguises to target government forces. ISWAP, notably, is exploring the use of drones for delivering IEDs, indicating a potential shift towards more offensive drone capabilities. This evolution in drone use highlights the increasing sophistication of these groups and presents new challenges for counterterrorism efforts in the region.
READ THE STORY: Small War Journal
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware
Bottom Line Up Front (BLUF): Vladimir Dunaev, a 40-year-old Russian national, has been convicted for his involvement in developing and deploying the TrickBot malware. Arrested in South Korea in 2021 and extradited to the U.S., Dunaev faces up to 35 years in prison for crimes including computer fraud, identity theft, and conspiracy to commit wire and bank fraud. TrickBot, initially a banking trojan, evolved into a multi-functional tool linked to ransomware attacks and suffered significant setbacks following internal leaks and the Russian invasion of Ukraine.
Analyst Comments: Vladimir Dunaev's conviction marks a significant milestone in the ongoing battle against global cybercrime. TrickBot's evolution from a banking trojan to a versatile malware platform underscores the dynamic nature of cyber threats. The successful international cooperation leading to Dunaev's arrest and conviction highlights the effectiveness of global cybersecurity collaboration. However, the case also reflects the increasing sophistication and adaptability of cybercriminal networks, which continue to pose significant challenges to cybersecurity efforts worldwide.
FROM THE MEDIA: Dunaev's role in the TrickBot operation involved developing tools for credential harvesting and data mining, as well as creating code to evade detection by security software. His arrest followed a broader crackdown on the TrickBot group, with the U.K. and U.S. sanctioning 11 suspected members. The TrickBot malware, active since 2016, has been linked to numerous ransomware attacks. The Conti ransomware crew, which took over TrickBot operations, faced a significant blow after aligning with Russia during the Ukraine invasion, leading to internal leaks that exposed their activities. Alla Witte, another TrickBot malware developer, was previously sentenced to over two years in prison. Dunaev's sentencing is scheduled for March 2024, where he faces a substantial prison term for his cybercriminal activities.
READ THE STORY: THN
SpaceX Launches South Korean Spy Satellite, Bolstering Surveillance Capabilities
Bottom Line Up Front (BLUF): SpaceX successfully launched South Korea's first spy satellite from Vandenberg Space Force Base in California, enhancing South Korea's independent intelligence, surveillance, and reconnaissance capabilities. This move comes after North Korea's recent launch of a military reconnaissance satellite, underscoring the escalating space race in the region.
Analyst Comments: The launch of South Korea's spy satellite by SpaceX represents a significant step in South Korea's efforts to establish an independent space-based surveillance system. This move is strategically important, especially in the context of North Korea's recent advancements in satellite technology. South Korea's decision to contract SpaceX for launching a total of five spy satellites by 2025 indicates a rapid development strategy to achieve 24-hour surveillance over the Korean Peninsula. The satellite's capabilities, including electro-optical and infra-red, coupled with future synthetic aperture radar (SAR) satellites, will substantially enhance South Korea's monitoring and early-warning systems. This development also reflects the broader trend of countries investing in space technologies for national security and surveillance purposes, reducing reliance on allies for satellite intelligence.
FROM THE MEDIA: SpaceX has launched South Korea's first spy satellite, marking a significant development in the country's surveillance and reconnaissance capabilities. The Falcon 9 rocket carried the satellite into orbit, and communication was successfully established with an overseas ground station shortly after. This launch is part of South Korea's broader plan to deploy a series of reconnaissance and military communication satellites, aiming for a comprehensive monitoring system over the Korean Peninsula. The electro-optical and infra-red satellite will soon be followed by others equipped with synthetic aperture radar (SAR) technology. This push for independent space capabilities comes as North Korea advances its own satellite technology, having recently launched the Malligyong-1 reconnaissance satellite.
READ THE STORY: Reuters
UEFI Flaws Expose Hundreds of Devices to Bootkit Attacks through Image Parsing Vulnerabilities
Bottom Line Up Front (BLUF): Security researchers have uncovered vulnerabilities in UEFI system firmware from major vendors, potentially compromising hundreds of consumer and enterprise devices. These vulnerabilities, named "LogoFail," allow attackers to deploy malicious payloads during the boot phase, bypassing security measures like Secure Boot and Intel Boot Guard. The flaws exist in image parsers used by firmware vendors, exposing devices from Intel, Acer, and Lenovo, among others, across both x86 and ARM architectures.
Analyst Comments: The discovery of the LogoFail vulnerabilities in UEFI firmware highlights a critical aspect of cybersecurity - the often-overlooked boot process. The fact that these vulnerabilities can bypass established security protocols like Secure Boot and Intel Boot Guard is particularly concerning, indicating a deeper layer of potential exploitation in device security. The targeting of image parsers, a seemingly benign component responsible for displaying vendor or workplace logos during boot-up, underscores the sophistication and creativity of modern cyber threats. The widespread nature of these vulnerabilities across major hardware vendors and architectures signals a need for broader, more comprehensive firmware security measures.
FROM THE MEDIA: The vulnerabilities enable attackers to inject malicious images into the EFI system partition, leading to the installation of persistent bootkits. Binarly, the security research team behind this discovery, considers these vulnerabilities more dangerous than previous threats like BlackLotus or BootHole due to their stealthy nature and method of exploitation. All three major independent BIOS vendors (AMI, Insyde, and Phoenix) are affected, along with devices from Intel, Acer, and Lenovo. The researchers plan to reveal more details at Black Hat Europe, including the process of exploiting these vulnerabilities. This revelation sheds light on a previously under explored area of cybersecurity, with image parsers now identified as a potential attack surface.
READ THE STORY: The Register
Iran's Space Industry Progresses Under Raisi Administration: ICT Minister's Announcement
Bottom Line Up Front (BLUF): Issa Zarepour, Iran's Minister of Information and Communication Technology, asserts the country's space industry is advancing steadily. He cites the approval of a 10-year development plan under President Raisi's administration and announces plans to launch five satellites by year-end, emphasizing improved coordination in space activities.
Analyst Comments: Iran's renewed focus on its space industry, as outlined by Minister Zarepour, signifies a strategic shift and an effort to assert technological prowess on an international stage. This development is noteworthy given the country's historical challenges in space technology, especially considering the 11-year hiatus in the Supreme Council of Cyber Space meetings. The emphasis on satellite construction, infrastructure, and launch capabilities reflects Iran's ambition to enhance its presence in space and possibly leverage it for broader geopolitical and communication purposes. However, the involvement of the IRGC and the Ministry of Defense in satellite launches could raise international concerns regarding the dual-use nature of space technology.
FROM THE MEDIA: Issa Zarepour, Iran's ICT Minister, announced significant progress in the country's space industry, highlighting the approval of a detailed 10-year development document by the Raisi administration. He emphasized that this plan outlines specific goals for satellite construction, infrastructure, and launch capabilities over one-year, two-year, and three-year periods. Zarepour also mentioned the resumption of the Supreme Council of Cyber Space meetings, signaling a renewed focus on space and cyber capabilities. Importantly, he announced plans to launch five satellites by the end of the year, with two each from the IRGC and the Ministry of Defense and one from an external launch. The coordination of these activities is managed by the Supreme Space Council and the Iranian Space Agency, aiming to elevate Iran's status in the space sector through empathy, coordination, and cooperation across various bodies.
READ THE STORY: Tehran Times (Poss. Propaganda)
Ransomware Attack Disrupts 60 Credit Unions: Tech Provider Targeted
Bottom Line Up Front (BLUF): A ransomware attack on Ongoing Operations, a cloud services provider owned by Trellance, caused outages for about 60 credit unions. The National Credit Union Administration (NCUA) is coordinating responses, with no current evidence of data misuse. The incident underscores the growing cyber threats facing financial institutions, particularly through third-party service providers.
Analyst Comments: This ransomware attack highlights the vulnerability of financial institutions to cyber threats, especially through third-party service providers. The involvement of numerous credit unions and the impact on critical services like FedComp, a data processing solution provider, demonstrate the extensive consequences of such attacks. The NCUA's increased reporting of cyber incidents since the implementation of new rules in September indicates a rising trend in cyberattacks targeting financial sectors. The reliance on third-party providers, who may not have the same level of oversight and security as federally insured credit unions, poses a significant risk.
FROM THE MEDIA: Oslo-based mobile app security firm Promon has detailed the workings of FjordPhantom, a sophisticated malware targeting Android users in Southeast Asia. Spread mainly via email, SMS, and messaging apps, the malware tricks users into downloading a fake banking app that includes both legitimate features and malicious components. Once installed, it employs a social engineering technique involving a bogus call center, guiding victims to operate the app. A distinctive feature of FjordPhantom is its use of virtualization to run malicious code in a container, thereby bypassing Android's sandbox protections and accessing sensitive data without root access. This virtualization also allows for the injection of code and the alteration of key APIs within a virtual environment, enabling the malware to capture sensitive information and suppress warning dialogs. Security researcher Benjamin Adolphi highlights that the malware is modular and can adapt its attacks to different banking apps.
READ THE STORY: The Record
Chrome Vulnerability Exploited: CISA Issues Warning
Bottom Line Up Front (BLUF): The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed the exploitation of a severe vulnerability in Google Chrome, tracked as CVE-2023-6345, affecting the Skia graphics-rendering code. Google has released an emergency update for Chrome, and federal agencies are required to address the bug by December 21. The vulnerability is significant due to Chrome's widespread use and the potential risks it poses.
Analyst Comments: This recent vulnerability in Chrome highlights the ongoing challenges in ensuring software security, especially for widely used applications. The nature of the bug, affecting a fundamental graphics-rendering component, underscores the complexities in modern software development and the increasing sophistication of cyber threats. The quick response by Google and CISA's directive illustrate the seriousness of the issue. It's a reminder that as software becomes more intricate, the potential for exploitable vulnerabilities grows, necessitating vigilance from developers, security professionals, and users. The attention from state-sponsored actors towards popular software like Chrome further amplifies these security concerns.
FROM THE MEDIA:Reported by Joe Warminsky on November 30, 2023, a severe Chrome bug prompted an emergency update from Google and a warning from CISA. The vulnerability, affecting the Skia code library, was exploited in the wild, leading to its inclusion in CISA’s Known Exploited Vulnerabilities catalog. Google's Threat Analysis Group initially reported the bug, highlighting the risks inherent in open-source projects like Skia, which Google sponsors. Experts, including Lionel Litty of Menlo Security and Saeed Abbasi of Qualys, emphasize the ongoing security challenges posed by Chrome's complexity and its attractiveness to sophisticated attackers, including state-sponsored entities. This situation reflects the broader cybersecurity landscape where widely used software becomes a prime target for malicious activities.
READ THE STORY: THN
China's Contradictory Stance on Internal Affairs: Espionage and Election Interference
Bottom Line Up Front (BLUF): China's claim of non-interference in other nations' internal affairs is contradicted by its actions, including intellectual property theft, aggressive maritime claims, funding foreign politicians, operating secret police stations abroad, and attempting to influence foreign elections, notably the upcoming 2024 U.S. elections.
Analyst Comments: China's approach, as highlighted in the opinion piece, reflects a complex strategy of outward non-interference coupled with covert operations to sway global political and economic landscapes. The removal of thousands of Facebook accounts imitating Americans to discuss U.S. politics and U.S.-China relations, as reported by Meta, exemplifies China's digital influence campaigns. These efforts, while not sophisticated, reveal Beijing's intent to manipulate democratic processes in other countries, contradicting its public stance on non-interference. This duplicity is a critical aspect of China's foreign policy, warranting close scrutiny, especially as geopolitical tensions rise ahead of the 2024 U.S. elections. President Xi Jinping's assertions of non-interference should be viewed in light of these contradictory actions, underlining the need for vigilance and robust countermeasures in the face of such covert operations.
FROM THE MEDIA: The Chinese Communist Party's (CCP) long-standing claim of non-interference in other nations' internal affairs is contested by its consistent actions contrary to this stance. As per the opinion piece, China engages in activities such as intellectual property theft, maritime territorial expansion, funding foreign political figures, operating secret police stations abroad, and attempting to influence foreign elections. Recently, Meta took down over 4,700 Facebook accounts imitating Americans, discussing U.S. politics and U.S.-China relations, indicating China's interest in influencing the U.S. political landscape. Despite the low sophistication of this campaign, it highlights China's ambition to shape foreign democratic processes. This contradiction is further emphasized by President Xi Jinping's recent statements in San Francisco about non-interference and peaceful coexistence, which starkly contrast with these interference activities.
READ THE STORY: Washington Examiner
U.S. Targets China's Influence in EV Supply Chain with New IRA Tax Credit Rules
Bottom Line Up Front (BLUF): The U.S. Treasury has introduced stringent rules under the Inflation Reduction Act to limit China's role in the American electric vehicle (EV) supply chain. These rules disqualify EVs with significant Chinese components or connections from receiving full subsidies, aiming to bolster domestic production but potentially impacting the transition from petrol vehicles.
Analyst Comments: The Biden administration's move reflects a strategic pivot in U.S. policy to strengthen domestic industries while countering China's dominant position in the global EV supply chain. This approach aims to reduce reliance on Chinese battery components and technology, which is critical given China's substantial control over key EV materials like lithium, cobalt, and graphite. However, the rules pose logistical and cost challenges for U.S. automakers and could limit the variety of EV models eligible for subsidies in the short term. This policy also underscores the geopolitical tensions between the U.S. and China, as it follows President Biden's recent meeting with Chinese President Xi Jinping.
FROM THE MEDIA: The U.S. Treasury's new rules under the Inflation Reduction Act aim to reduce China's influence in America's EV supply chain, effective from next month. EVs with Chinese-made battery components or significant ties to the Chinese government won't qualify for full IRA subsidies. This decision aligns with the Biden administration's dual objectives of transitioning to electric vehicles and reducing reliance on China for critical EV components. Critics, however, argue that these measures could slow down the transition from petrol cars. The rules also affect $6 billion in grants from the 2021 infrastructure law and, starting in 2025, will apply to critical minerals used in EVs. The Alliance for Automotive Innovation sees the Treasury's approach as a "pragmatic balance," although the Chinese embassy criticized the rules as "economic bullying."
READ THE STORY: FT
Hackers Infiltrate NXP, Major Chipmaker, for Over Two Years Undetected
Bottom Line Up Front (BLUF): An espionage hacking group, believed to have connections to China, infiltrated the network of NXP Semiconductors for more than two years, from late 2017 to early 2020. They accessed sensitive data including chip designs and intellectual property. The breach, involving intricate tactics and the use of cloud services for data exfiltration, was not disclosed to customers or shareholders, with NXP downplaying the impact as non-material.
Analyst Comments: The prolonged and covert nature of this breach raises significant concerns about the security of technology supply chains. NXP, as a key player in the semiconductor industry, provides critical components for various security-sensitive applications, making this breach especially alarming. It underscores the sophistication of cyber espionage groups and the persistent threat they pose to global technology infrastructure.
FROM THE MEDIA: The breach of NXP, a leading chipmaker, by the espionage group dubbed "Chimera" or "G0114", lasted from 2017 to 2020. Detected by NRC Handelsblad, the hackers targeted employee mailboxes and network drives to steal chip designs and other intellectual property. They cleverly expanded their network access, erased their tracks, and used cloud storage services like Microsoft OneDrive for data exfiltration. Despite the severity, NXP's 2019 report only briefly mentioned the incident, claiming no "material adverse effect." NXP chips, integral in various security mechanisms and devices, make this breach concerning for the broader security ecosystem. The method of compromise often involved leveraging data from prior breaches on platforms like LinkedIn, demonstrating the interconnected risks in digital security.
READ THE STORY: arsTechnica
China Expands Space Capabilities: Launches Twin Earth-Mapping Satellites
Bottom Line Up Front (BLUF): China successfully launched a pair of Tianhui-5 Earth-mapping satellites using a Long March 6A rocket from the Taiyuan Satellite Launch Center. This dual-satellite launch, part of China's ambitious 2023 space program, suggests partially classified objectives, potentially including military applications, given the limited details released about the satellites' specifications.
Analyst Comments: This launch represents a strategic advancement in China's space capabilities, particularly in Earth observation and mapping. The utilization of the newly developed Long March 6A signifies China's growing self-reliance and innovation in space technology. The partial classification of the Tianhui-5 mission aligns with China's pattern of blending civilian and military space endeavors, raising questions about the broader implications for global space competition and security. The rapid pace of China's space launches in 2023 reflects its intent to assert itself as a major space power, challenging existing dynamics in space exploration, commercialization, and geopolitical influence.
FROM THE MEDIA: China's latest space mission involved launching Tianhui-5 Earth-mapping satellites on a Long March 6A rocket. While state media announced a successful single satellite launch, the U.S. Space Force's 18th Space Defense Squadron detected two payloads, hinting at a partially classified nature. The satellites, developed by the Shanghai Academy of Spaceflight Technology, are in sun-synchronous orbits at an altitude of 378 miles. The mission's secrecy suggests potential military uses. This launch marks the 50th in China's record-breaking year, aiming for around 70 launches to deploy over 200 spacecraft. The Long March 6A's design, featuring a liquid-propellant core with solid boosters, highlights China's evolving launch capabilities.
READ THE STORY: Space
Xi Jinping Directs China's Coast Guard to Enforce Maritime Law, Crack Down on Criminal Activities
Bottom Line Up Front (BLUF): Chinese President Xi Jinping has mandated the nation's coast guard to stringently enforce maritime law and suppress "criminal activities" in a move to safeguard China's territorial sovereignty. This directive was issued during Xi's inspection of the China Coast Guard's East China Sea command office and highlights the escalating tensions in contested maritime regions, particularly in the South China Sea.
Analyst Comments: Xi Jinping's recent directive to the China Coast Guard underscores the country's ongoing assertive stance in the South China Sea, a region fraught with territorial disputes. This move signals Beijing's unwavering commitment to defending its maritime territorial claims, especially against countries like the Philippines, with whom they have had several confrontations in disputed waters. Historically, China's expansive claim over the South China Sea, as demarcated by the "Nine-Dash Line," has been a point of international contention, contributing to regional instability.
FROM THE MEDIA: President Xi Jinping's inspection of the China Coast Guard's activities and his subsequent directives were reported by state media on December 1, 2023. Xi emphasized the importance of enforcing maritime law and cracking down on illegal activities at sea to protect China's territorial sovereignty. He stressed the need for establishing mechanisms for coordination and cooperation in maritime law enforcement, while also advocating for exchanges and cooperation with foreign countries in this realm. This move comes amidst ongoing territorial disputes in the South China Sea, particularly with the Philippines.
READ THE STORY: Reuters
China's Strategic Shift: Huawei as the Core of Semiconductor Self-Sufficiency
Bottom Line Up Front (BLUF): Huawei Technologies Co., once on the brink of collapse due to US sanctions, has been transformed into Beijing's key player in building an independent semiconductor industry. This strategic shift involves Huawei's extensive involvement in the Chinese chip sector, not only as a major customer and designer but also as a critical support system for smaller entities in the supply chain, often without explicit disclosure to avoid triggering US restrictions.
Analyst Comments: Huawei's elevation to the forefront of China's semiconductor ambitions is a direct response to US sanctions. This pivot is significant, signaling Beijing's resolve to circumvent US technological dominance and build a self-reliant chip ecosystem. Huawei's diversified role, extending beyond its primary business, into supporting smaller entities in the semiconductor supply chain, reflects a comprehensive approach to achieve technological independence. This strategy is not just about circumventing current sanctions but is a long-term play to secure China's position in the global tech landscape. The transformation of Huawei, from a company primarily known for telecommunications and consumer electronics to a central figure in the semiconductor industry, marks a critical juncture in the US-China tech rivalry, where semiconductors are a crucial battleground.
FROM THE MEDIA: Bloomberg News reports that less than five years following crippling US sanctions, Huawei has become central to China's efforts to develop an independent semiconductor ecosystem. The company's role extends beyond its core business, providing support to smaller firms in strategic chip supply areas. This includes engineering expertise and financial aid, often without public disclosure to avoid US restrictions. State support has intensified, with investments from a Shenzhen city government fund focused on supporting Huawei's semiconductor network. This network includes optical specialists, chip equipment developers, and chemical manufacturers, along with a $30 billion state-sponsored endeavor to build chip fabrication facilities. Huawei denies receiving government support for semiconductor development. The decision to elevate Huawei's role came directly from the government's top echelons. Huawei has adapted rapidly to US sanctions, with extensive internal efforts to redesign its technology to function without American components.
READ THE STORY: Bloomberg
Rise of Disinformation on Social Media: The Case of Bin Laden's 'Letter to America' on TikTok
Bottom Line Up Front (BLUF): Professors Sascha-Dominik (Dov) Bachmann and Dr Mohiuddin Ahmed from the Australian Institute of International Affairs highlights the growing concern over disinformation campaigns on social media platforms like TikTok. It particularly focuses on the spread of Osama Bin Laden's 'Letter to America' on TikTok, underscoring the risks of such platforms amplifying extremist ideologies and influencing public opinion, particularly among Generation Z.
Analyst Comments: The dissemination of Bin Laden's 'Letter to America' on TikTok symbolizes a new frontier in information warfare, where social media platforms become conduits for extremist ideologies. This phenomenon underscores a broader challenge in the digital age: the ease with which disinformation can spread and influence public opinion, especially among younger generations. The blending of historical events with contemporary conflicts, as seen in the linking of Bin Laden's rhetoric to the current Israel-Palestine conflict, illustrates the complex nature of cognitive warfare in the social media landscape.
FROM THE MEDIA: This letter, presented in the context of the ongoing Hamas-Israel conflict, has been used to stir sentiments against the West and Israel, and to justify jihadist activities. It highlights the potential of such content to support the agendas of Islamist terrorist organizations like Al Qaeda and Hamas, posing a national security threat. The piece emphasizes the role of state and non-state actors in utilizing social media for psychological operations (PSYOPS) to manipulate public opinion. This form of cognitive warfare is increasingly targeting democracies like Australia and the US. The article also discusses the broader implications for Australia, noting the significant number of Australian internet and social media users and their susceptibility to disinformation campaigns.
READ THE STORY: AIIA
The Traveler Privacy Protection Act: A National Security Threat?
Bottom Line Up Front (BLUF): Sheldon H. Jacobson, an opinion contributor at The Hill, argues that the proposed Traveler Privacy Protection Act, which seeks to limit the use of biometrics like facial recognition at airport security checkpoints, poses a threat to U.S. national security. He asserts that this act could inadvertently enable malicious individuals to exploit the nation's air system, compromising safety for air travelers.
Analyst Comments: Jacobson's stance is rooted in the belief that biometric technologies, particularly facial recognition, are crucial for maintaining a secure air travel system. He points out the resource constraints faced by the TSA and emphasizes the efficiency and reliability of biometrics over traditional physical screening methods. While acknowledging concerns about privacy, he argues that the risks posed by limiting biometric use in airport security outweigh potential privacy infringements.
FROM THE MEDIA: Jacobson, a Computer Science professor with over 25 years of experience in aviation security, underscores the TSA's commitment to a risk-based security strategy, highlighting the success of programs like PreCheck since 2011. He criticizes the senators proposing the bill as being ill-informed, potentially regressing airport security advancements. Jacobson points out that biometrics, empowered by artificial intelligence, are essential for verifying traveler identities, a critical component of airport security. He argues that concerns over privacy violations with facial recognition are overstated, emphasizing that the TSA's use of such data is focused solely on security and is not nefarious.
READ THE STORY: The Hill
US, UK, Australia Enhance Space Surveillance to Counter Emerging Threats
Bottom Line Up Front (BLUF): The US, UK, and Australia, under the Aukus security pact, have committed to developing ground-based radars for enhanced space surveillance. This initiative, aimed at monitoring emerging threats in space, particularly from China, will see the first radar operational in Western Australia by 2026, with others following by 2030. This move underscores the increasing importance of space in global security dynamics.
Analyst Comments: The Aukus pact's latest decision to build space surveillance radars reflects a strategic shift in recognizing space as a critical domain for national and international security. The focus on 'space domain awareness' indicates a heightened concern about potential vulnerabilities in satellite communication and navigation systems, which are pivotal in modern military and civilian operations. This move aligns with broader global trends of militarization and strategic competition in space, particularly with China's advances in this realm.
FROM THE MEDIA: The agreement, as reported by Demetri Sevastopulo, Felicia Schwartz, and Lucy Fisher, involves constructing three radars across the US, UK, and Australia, with the first to be operational in Western Australia by 2026. This system aims to improve the detection, tracking, and identification of objects in deep space up to 36,000km away. The initiative is part of the broader Aukus pact, initially focused on nuclear-propelled submarines for Australia, but now expanding into other technological domains. These include cyber capabilities, AI, quantum technologies, and hypersonic weapons development. Additionally, there are plans to enhance maritime domain awareness through autonomous systems and to apply advanced AI in anti-submarine warfare. This expansion of the Aukus pact into space and other high-tech areas signals a significant escalation in technological cooperation among these allies in response to perceived global security threats, especially from China.
READ THE STORY: FT
Critical Vulnerability in OwnCloud File-Transfer Service Exploited by Threat Actors
Bottom Line Up Front (BLUF): A severe vulnerability (CVE-2023-49103) in the open source file-transfer service ownCloud, with a 10/10 CVSS rating, has been exploited by threat actors. The issue, disclosed on November 21, exposes sensitive data such as admin passwords and mail server credentials. Contrary to company claims of no known exploits, researchers observed active exploits starting November 25. The vulnerability affects over 11,000 internet-exposed ownCloud instances.
Analyst Comments: The exploitation of ownCloud highlights the ongoing risk landscape in digital file-transfer services, a sector that has faced numerous cybersecurity challenges. This incident underscores the critical importance of timely patch management and robust security protocols in open-source software. OwnCloud's vulnerability, along with similar breaches in other file-transfer services earlier in the year, signals a growing trend where such platforms are becoming lucrative targets for cybercriminals. The merging of ownCloud with Kiteworks and Dracoon could compound these security challenges, as integrating disparate systems often introduces new vulnerabilities.
FROM THE MEDIA: The CVE in ownCloud's Graph API app was discovered by an external researcher and subsequently patched by the company. However, researchers from Greynoise and the SANS Internet Storm Center have reported active exploitation of this vulnerability. The vulnerability reveals PHP environment configuration details and is part of a trio of disclosed vulnerabilities. Despite ownCloud's mitigation measures, such as disabling the "phpinfo" function, the vulnerability remains a concern. The exposure of over 11,000 ownCloud instances to the internet significantly increases the potential impact. Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) included these vulnerabilities in its weekly roundup, highlighting their significance. The incident falls into a broader context of heightened cybersecurity threats targeting file-transfer services, as seen with similar attacks on MOVEit, GoAnywhere, and IBM Aspera Faspex.
READ THE STORY: CyberSecurityDrive
Escalating Cyber Warfare: China Intensifies Cyberattacks Against Taiwan
Bottom Line Up Front (BLUF): China-based nation-state hacking groups have significantly increased cyberattacks on Taiwan in 2023, targeting government, private industry, and defense organizations. These attacks, framed against geopolitical tensions and a semiconductor trade war, involve sophisticated techniques and espionage, according to reports from Google, Microsoft, and Fortinet.
Analyst Comments: The surge in cyberattacks from China against Taiwan represents a new front in the ongoing geopolitical tensions between the two entities. These cyber operations are not just acts of espionage but are also tools of geopolitical leverage, especially in the context of the semiconductor trade war and Taiwan's strategic importance in global semiconductor manufacturing. The use of advanced cyberattack methods like 'living off the land' techniques by groups like Flax Typhoon highlights a shift towards more stealthy and sustained cyber campaigns.
FROM THE MEDIA: Google has identified nearly 100 Chinese hacking groups targeting Taiwan, with attacks spanning government, industry, and defense sectors. Microsoft observed the Flax Typhoon group, active since 2021, targeting Taiwanese organizations using sophisticated methods like web shells and living-off-the-land techniques. Fortinet's study revealed a staggering 80% increase in cyberattacks on Taiwan in the first half of the year, with DDoS attacks and the use of NSA-developed tools like DoublePulsar.
READ THE STORY: CSO
Items of interest
China's Innovative Underwater Data Center: Powering Digital Storage with Ocean's Depths
Bottom Line Up Front (BLUF): China is pioneering an underwater data center project, aiming to install 100 units by 2025. These centers, housed 35 meters beneath the sea, offer space and energy efficiency advantages, utilizing seawater for natural cooling and saving significant electricity annually.
Analyst Comments: China's venture into underwater data centers is a remarkable innovation in digital storage technology. This approach addresses two critical challenges in data management: space and energy efficiency. The underwater placement not only conserves valuable land space but also harnesses the natural cooling properties of seawater, significantly reducing electricity consumption. However, the project raises concerns about potential impacts on marine ecosystems and the technical complexities of maintaining such facilities underwater. The comparison with the power of 6 million PCs underscores the massive scale and capability of these centers. This initiative reflects China's commitment to technological advancement and environmental sustainability, albeit with challenges that need addressing.
FROM THE MEDIA: China is embarking on an ambitious project to establish underwater data centers, with plans to install 100 units by 2025, occupying an area equivalent to 13 football fields. These centers, positioned 35 meters below sea level, offer significant advantages, including space conservation and natural cooling through seawater, which can save about 122 million kilowatt-hours of electricity annually. Constructing these 1,300-ton units presents challenges in terms of pressure, corrosion resistance, and environmental impact. Each unit is designed to operate for 25 years and has a processing power equivalent to 60,000 PCs, amounting to a total power comparable to 6 million computers. The Hainan Undersea Data Center, a joint venture between the government and private companies, represents the first commercial underwater data center.
READ THE STORY: Science alert
Underwater Data Centers: The Next Big Thing in Keeping Computers Cold (Video)
FROM THE MEDIA: Underwater data centers represent an innovative solution for cooling computing systems, leveraging the ocean's natural properties. This emerging trend could redefine how we manage the thermal aspects of data storage, offering both environmental and efficiency benefits.
Could Underwater Data Centers Make Cloud Computing Greener? (Video)
FROM THE MEDIA: Cloud storage centers suck up a lot of energy. But when Microsoft tried putting data centers underwater a couple of years ago, it found the strategy greatly reduced energy use and improved performance. Now a U.S. startup called Subsea Cloud is pushing forward with similar plans. How much could underwater data centers do to alleviate emissions from our cloud usage? And what are the hurdles to getting there? Zoe Thomas hosts the first in Tech News Briefing’s four-part series on emerging climate technologies.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.