Daily Drop (683): SAT: Distance, Storm-1152, Tesla: Autopilot, MITRE: EMB3D, Tiangong, GambleForce, SVR: JetBrains, Armada: Starlink, BazaCall, US Infrastructure, SEC: Reporting, Project Kuiper, OAuth
12-14-23
Thursday, Dec 14, 2023 // (IG): BB // ShadowNews // Coffee for Bob
Rethinking Space Safety: The Flaws of Spherical Keep-Out Zones
Bottom Line Up Front (BLUF): The concept of "minimum safe distance" or spherical "keep-out zones" in space, proposed to avoid satellite collisions and ensure safety, is fundamentally flawed due to the unique dynamics of satellite movement and space physics. These proposals, though well-intentioned, clash with practical and physical realities in space, potentially causing more problems than solutions.
Analyst Comments: The proposal of spherical keep-out zones in space reflects a natural but misguided attempt to apply terrestrial logic to extraterrestrial scenarios. Satellites, unlike sea or air vehicles, operate under strict physical constraints imposed by orbital mechanics. The suggestion of large keep-out zones ignores these constraints and the fact that satellites in the same orbit naturally avoid collision due to their motion. Furthermore, implementing such zones in geostationary orbit could disrupt existing satellite arrangements and increase debris risks. This discussion echoes historical challenges in establishing international norms for emerging domains, reminiscent of early maritime navigation rules.
FROM THE MEDIA: Robin Dickey and James Wilson discuss the increasing congestion in space and the associated risks, including satellite collisions and interference. They critique the proposals for establishing "minimum safe distance" norms or spherical "keep-out zones" around satellites, meant to prevent accidental or intentional collisions. However, they argue that these concepts are impractical due to the unique physics of satellite motion. For example, satellites in the same orbit naturally avoid collisions and imposing large keep-out zones could render parts of an orbit unusable, besides conflicting with existing arrangements like the geostationary slots registered with the International Telecommunication Union.
READ THE STORY: War on the Rocks
Microsoft's Legal Crusade Against Storm-1152 Cybercrime Syndicate
Bottom Line Up Front (BLUF): Microsoft has taken decisive legal action against Storm-1152, a cybercrime network responsible for creating and selling approximately 750 million fraudulent accounts and tools. These activities facilitated a range of cybercrimes, including phishing, identity theft, DDoS attacks, and ransomware, generating millions in illegal revenues.
Analyst Comments: Microsoft's move against Storm-1152 illustrates the escalating battle between tech giants and sophisticated cybercrime syndicates. The legal strategy to dismantle such networks is a significant step, in acknowledging the complex nature of modern cybercrime, which often blurs the lines between technology and traditional criminal activities. This case also highlights the growing trend of cybercrime-as-a-service (CaaS), where sophisticated tools and services are offered to enable a broader range of actors to engage in cybercrime. The involvement of threat groups like Octo Tempest and the utilization of cryptocurrency for transactions indicate an advanced and interconnected criminal ecosystem.
FROM THE MEDIA: Microsoft, in a recent legal maneuver, has targeted Storm-1152, a cybercrime group involved in creating and distributing around 750 million fraudulent Microsoft accounts. These accounts and tools were sold through various online platforms, including websites and social media, aiding cybercriminals in bypassing identity verification systems and facilitating crimes like phishing and ransomware. Microsoft’s associate general counsel for cybersecurity policy and protection, Amy Hogan-Burney, highlighted the significant risks posed by these fraudulent accounts.
READ THE STORY: THN
Tesla Recalls Over 2 Million Vehicles Following Autopilot Safety Concerns
Bottom Line Up Front (BLUF): The US National Highway Traffic Safety Administration (NHTSA) concluded its investigation into Tesla's Autopilot system, leading to a recall of over two million vehicles. The probe, focusing on Autopilot's safety controls, found them insufficient in preventing misuse, raising concerns about increased crash risks.
Analyst Comments: The NHTSA's findings and subsequent recall of Tesla vehicles underscore the complex challenges in the development and implementation of advanced driver-assistance systems (ADAS). Tesla's Autopilot, marketed with futuristic undertones, has faced scrutiny over its real-world capabilities versus public perception. This scenario reflects a broader issue in the automotive industry: balancing innovation in autonomous driving technology with safety and regulatory compliance. Tesla's response, involving software updates to enhance controls and alerts, indicates a shift towards more stringent safety measures.
FROM THE MEDIA: Tesla is set to recall over two million vehicles due to concerns over its Autopilot system, as determined by the NHTSA. The recall includes various models manufactured between 2012 and 2023. This action concludes a two-year investigation initiated after several accidents involving Teslas with Autopilot hitting emergency vehicles. The NHTSA's probe focused on 956 crashes, with 322 receiving particular attention. The agency concluded that the controls and scope of the Autopilot feature were not sufficient to prevent driver misuse.
READ THE STORY: The Register
Cloudflare's 2023 Internet Traffic Report: Growth, Trends, and Insights
Bottom Line Up Front (BLUF): Cloudflare's 2023 Year in Review report reveals a 25% increase in global internet traffic, with Google regaining its position as the most visited web destination. The report, derived from Cloudflare Radar, highlights significant trends, including regional traffic patterns, the dominance of Android in mobile traffic, and the growth of Starlink traffic. IPv6 adoption reached 33.75%, but IPv4 requests still dominated at 66.25%. The report also notes that Iceland had the highest internet speeds, and a substantial portion of bot traffic originated from the US.
Analyst Comments: Cloudflare's comprehensive report on internet traffic and trends in 2023 underscores the continued expansion and evolution of the global internet landscape. The 25% growth in internet traffic signifies the increasing reliance on digital connectivity for various aspects of life, including work, education, and entertainment. Google's position as the top internet service destination indicates the enduring influence of established tech giants in the digital space. The predominance of Android in mobile traffic, especially in emerging markets, reflects the diverse digital ecosystem and varying user preferences globally. The notable growth of Starlink traffic is a testament to the expanding reach of satellite internet services, especially in underserved regions. The gradual but steady adoption of IPv6, despite IPv4 still being predominant, illustrates the ongoing transition in internet protocols.
FROM THE MEDIA: Cloudflare's 2023 Year in Review provides valuable insights into global internet traffic and trends. Key findings include a 25% increase in overall internet traffic, with Google topping the list of most popular internet services. The report also highlights the significant presence of Android in mobile traffic, with over two-thirds of mobile internet traffic coming from Android devices. The rapid growth of Starlink's traffic underscores the expanding satellite internet coverage. IPv6 adoption has reached 33.75%, yet IPv4 remains the dominant protocol. Interestingly, the US accounts for a significant portion of global bot traffic.
READ THE STORY: The Register
MITRE Introduces EMB3D Threat Model for Enhanced Embedded Systems Security
Bottom Line Up Front (BLUF): MITRE, in collaboration with other research entities, has unveiled the EMB3D Threat Model, a new framework designed to improve the security of embedded devices in critical infrastructure. This model aims to provide a unified understanding of threats to embedded systems and effective security mechanisms to address them.
Analyst Comments: The EMB3D Threat Model represents a significant step in securing embedded systems within critical infrastructure, akin to the impact of MITRE's ATT&CK and CWE models in their respective domains. The model addresses a growing concern over the security of embedded devices, which are often targeted due to inadequate security measures and testing. By focusing on the unique challenges of embedded systems, including hardware and firmware threats, EMB3D offers a comprehensive approach to understanding and mitigating these risks. Its collaborative development and the call for community contributions reflect a concerted effort to stay ahead of evolving threats. This model is particularly crucial for sectors like food and agriculture, chemical, water treatment, and manufacturing, which have seen increased cyber threats targeting embedded devices.
FROM THE MEDIA: The EMB3D Threat Model, developed by MITRE and researchers from ONE Gas, Red Balloon Security, and Narf Industries, aims to provide a common framework for understanding vulnerabilities and security solutions for embedded devices used in critical infrastructure. The model was created in response to the increased cyber threats targeting these devices, particularly in essential sectors. EMB3D offers a centralized knowledge base, detailing known threats, vulnerable device properties, and necessary mitigations. It's designed to help both vendors and asset owners in securing embedded systems.
READ THE STORY: DarkReading
China's Tiangong Space Station: A New Era in Space Exploration
Bottom Line Up Front (BLUF): China's Tiangong space station, a significant milestone in China's space program, is now operational in low Earth orbit. With a mass of over 90 tons and a lifespan of at least 10 years, Tiangong marks China's ambitious move in space exploration and scientific research.
Analyst Comments: Tiangong's deployment represents a strategic advancement in China's space capabilities, indicating a shift in the global space exploration landscape. While considerably smaller than the International Space Station (ISS), Tiangong's establishment showcases China's growing expertise and independence in space technology. This development could lead to new international collaborations and competition in space exploration, research, and technology. Moreover, Tiangong's presence in orbit, with its sophisticated modules and capabilities, highlights the increasing importance of space infrastructure in scientific and geopolitical realms.
FROM THE MEDIA: Laurence Chu provides an overview of China's Tiangong space station, now operational in a low orbit between 400 and 450 km above Earth. Tiangong, meaning "Heavenly Palace," comprises several key components, including the core module Tianhe, which is 18 meters long, weighs 22 tons, and provides 50 cubic meters of living space for three astronauts. The station includes two experiment modules, Wentian and Mengtian, and is equipped with solar panels and a transfer vehicle for docking. With a total mass of more than 90 tons, Tiangong is about a quarter of the size of the ISS and is expected to have a lifespan of at least 10 years. The station's establishment marks a significant achievement for China's space program, reflecting the country's increasing capabilities and ambitions in space exploration and research.
READ THE STORY: Barrons
GambleForce: Emerging Hacker Group Targeting APAC Firms with SQL Injection
Bottom Line Up Front (BLUF): GambleForce, a new hacker group, has been conducting SQL injection attacks against companies in the Asia-Pacific region. The group employs basic but effective techniques to exploit vulnerabilities and steal sensitive data, impacting various sectors including gambling, government, retail, and travel.
Analyst Comments: The emergence of GambleForce highlights the ongoing threat posed by cybercriminals leveraging relatively simple techniques like SQL injection to achieve significant impact. This group's focus on exploiting vulnerabilities in website content management systems (CMS) underscores the persistent challenge for organizations to maintain robust cybersecurity measures. GambleForce's use of open-source tools and sophisticated frameworks like Cobalt Strike indicates a trend where threat actors combine basic methods with advanced technologies to execute their attacks. The targeting of diverse sectors across multiple countries reflects a strategic approach to cybercrime, potentially aimed at maximizing financial gain and data theft.
FROM THE MEDIA: GambleForce, identified by Group-IB, has targeted 24 organizations in the APAC region since September 2023, successfully breaching six. Their techniques involve SQL injections and exploiting vulnerabilities in CMS platforms. The group primarily uses open-source tools, including dirsearch, sqlmap, tinyproxy, and redis-rogue-getshell, to exfiltrate information from networks. They also employ a Chinese-command version of Cobalt Strike, a legitimate post-exploitation framework.
The group has exploited a medium-severity flaw in Joomla CMS (CVE-2023-23752) to access a Brazilian company's network. The exact use of the stolen information by GambleForce remains unclear, but Group-IB has taken down their command-and-control server and alerted the victims.
READ THE STORY: THN
FCC Targets SIM Swapping and Port-Out Fraud: New Enforcement Advisory Issued
Bottom Line Up Front (BLUF): The US Federal Communications Commission (FCC) has issued a new advisory to telecommunications carriers, reinforcing their responsibility to protect customers from SIM swapping and port-out fraud. This follows a report from the Department of Homeland Security's Cyber Safety Review Board on the increasing prevalence of these types of cybercrimes.
Analyst Comments: The FCC's advisory serves as a critical reminder of the evolving landscape of cybersecurity threats, particularly in the realm of mobile communications. SIM swapping and port-out fraud represent a significant risk in today's digital age, where mobile devices are central to identity verification and personal security. This type of fraud can have far-reaching consequences, from identity theft to financial fraud, and the ease with which criminals can execute these schemes is alarming. The FCC's move to enforce stricter measures and its emphasis on carriers' responsibilities underscore the need for more robust security protocols in the telecom industry.
FROM THE MEDIA: The FCC's recent advisory to US mobile carriers comes in response to increasing incidents of SIM swapping and port-out fraud. These schemes involve criminals taking control of a customer's phone number and mobile service, either by convincing the carrier to transfer the service to their account (SIM swapping) or by posing as the victim to open an account with a different provider and transferring the phone number (port-out fraud). The advisory highlights the crucial role of mobile phones in multi-factor authentication and other identity verification processes, making them attractive targets for criminals.
READ THE STORY: The Register
Russian SVR Exploits JetBrains Vulnerability in Global Cyber Campaign
Bottom Line Up Front (BLUF): The U.S., U.K., and Polish government agencies have reported that Russia's Foreign Intelligence Service (SVR) is exploiting a vulnerability in JetBrains' TeamCity software. This widespread campaign has compromised hundreds of devices across various regions, including the U.S., Europe, Asia, and Australia.
Analyst Comments: This latest cyber offensive by the SVR, utilizing the CVE-2023-42793 vulnerability, signifies an escalation in the sophistication and reach of nation-state cyber operations. The SVR's broad targeting approach, affecting diverse sectors like energy, medical devices, and IT, indicates a shift towards opportunistic exploitation of cybersecurity weaknesses in global infrastructures. The involvement of APT29, also known as CozyBear or Midnight Blizzard, in these attacks aligns with the group's historical pattern of intelligence gathering and strategic cyber operations. This incident underlines the critical need for heightened cybersecurity vigilance and rapid patching of known vulnerabilities, especially in software used for development and deployment processes.
FROM THE MEDIA: The SVR's exploitation of the TeamCity vulnerability began in September, following Microsoft's report of North Korean hackers using the same bug. This vulnerability in TeamCity, a tool used by developers, offers attackers access to source code and software processes, raising concerns about potential supply chain attacks. The SVR has reportedly used this access to escalate privileges, deploy additional backdoors, and establish long-term presence in compromised networks. Victims include organizations in various sectors, highlighting the SVR's opportunistic approach rather than targeted attacks. Despite patching the vulnerability in September, over 1,200 unpatched servers remain vulnerable. The FBI, NSA, U.S. CISA, Polish SKW, CERT Polska, and the UK's NCSC have issued an advisory, noting the SVR's history of targeting global networks since at least 2013 for foreign intelligence collection.
READ THE STORY: The Record
FCC Intensifies Efforts to Combat SIM Swap Fraud in Telecom Industry
Bottom Line Up Front (BLUF): The Federal Communications Commission (FCC) has issued a warning to mobile carriers about the rising threat of SIM swap fraud. This advisory follows a Cyber Safety Review Board (CSRB) report highlighting the malicious activities of the hacking group Lapsus$, which frequently employed SIM swaps in its operations. The FCC emphasizes the need for stronger identity verification processes and immediate customer notifications regarding account changes to enhance consumer protection against such cybercrimes.
Analyst Comments: The FCC's advisory represents a significant step in addressing the vulnerabilities within the telecommunications sector, especially concerning SIM swap attacks. These attacks have become a preferred method for cybercriminals to hijack a victim’s mobile phone account, leading to potential data breaches and financial fraud. The method exploits weaknesses in multifactor authentication systems, often leveraging text-message codes that can be intercepted. The FCC's emphasis on stricter identity verification and timely alerts to customers about account changes is a proactive measure to curb these incidents. However, this also underscores a broader challenge within the industry: balancing user convenience with robust security measures.
FROM THE MEDIA: The FCC has reminded mobile phone service providers of their critical role in safeguarding customers from SIM swap fraud, a rising concern in cybersecurity. This fraud involves cybercriminals transferring a victim’s phone number to a new device for malicious activities. Lapses in multifactor authentication practices, especially those relying on text messages, have been exploited by hackers, as reported by the CSRB. In light of this, the FCC has updated its requirements, mandating carriers to enhance customer data protection and identity verification before linking phone numbers to new devices or carriers. These measures are crucial in preventing unauthorized access and ensuring consumer safety in the digital sphere.
READ THE STORY: The Record
Armada's Innovative Starlink-Dedicated Data Centers: Revolutionizing Remote Connectivity
Bottom Line Up Front (BLUF): Startup Armada has raised over $55 million to develop portable Galleon data centers, designed to integrate seamlessly with SpaceX’s Starlink satellite network. These data centers aim to provide real-time data processing capabilities to remote locations, such as oil rigs and battlefields, traditionally limited by terrestrial connectivity.
Analyst Comments: Armada's initiative reflects a significant advancement in the field of remote data processing and satellite communication. By leveraging Starlink's broadband capabilities, Armada's Galleon data centers could revolutionize the way data is processed in off-the-grid areas. The size and portability of these data centers, akin to shipping containers, make them a versatile solution for various industries requiring real-time data processing in remote locations. This development also indicates a growing trend in the space industry, where startups collaborate with established space companies like SpaceX to create innovative solutions that address specific market needs. Armada's approach, focusing on a niche yet essential area of satellite-internet integration, showcases the potential for new ventures to disrupt traditional connectivity and data processing methods, especially in sectors where timely data access is crucial.
FROM THE MEDIA: Tampa-based Armada, founded a year ago, emerged from stealth mode with substantial funding to develop Galleon data centers, specifically for integration with SpaceX's Starlink network. These data centers are intended to enhance data processing capabilities in remote areas without standard connectivity. The Galleons, approximately nine meters in length, offer a more compact solution compared to traditional large-scale data centers. Armada's technology focuses on global connectivity through Starlink satellites, supported by an operating system that allows customers to manage multiple Starlink deployments. While Armada hasn't confirmed a direct partnership with SpaceX, the proximity of its main employee base in Bellevue, Washington, to SpaceX's satellite manufacturing site is notable.
READ THE STORY: SN
BazaCall Phishing Scammers Employ Google Forms in Latest Deceptive Tactics
Bottom Line Up Front (BLUF): BazaCall, a phishing scam group, has started using Google Forms to add a layer of authenticity to their phishing emails. This tactic aims to deceive recipients into believing the emails are legitimate, thereby increasing the effectiveness of the scam.
Analyst Comments: The evolution of BazaCall's phishing tactics to include Google Forms demonstrates a concerning trend in cybercrime where attackers exploit reputable platforms to lend credibility to their scams. The utilization of Google's trusted domain for sending response receipts can effectively bypass secure email gateways, highlighting a significant challenge for cybersecurity defenses. This method's effectiveness in evading traditional security measures underscores the need for continuous updating of cybersecurity strategies and the importance of educating users about the evolving nature of phishing attacks. Organizations must be vigilant and proactive in adopting advanced detection methods and reinforcing user awareness to combat such sophisticated phishing techniques.
FROM THE MEDIA: BazaCall, initially observed in late 2020, is known for phishing attacks where they send emails impersonating legitimate subscription notices, urging recipients to call a support desk to avoid charges. The scammers then convince the target to grant remote access, under the pretext of helping cancel the subscription, ultimately establishing persistence on the host. Commonly impersonated services include Netflix, Hulu, Disney+, and various antivirus software.
READ THE STORY: THN
Biden's Response Crucial to China's Cyberattack Threats on US Infrastructure
Bottom Line Up Front (BLUF): The Washington Examiner editorial emphasizes the urgent need for President Joe Biden to respond decisively to China's increasing cyber threats, particularly those targeting U.S. critical infrastructure. The article underscores the strategic importance of establishing a strong deterrent against potential Chinese cyberattacks in the context of escalating tensions over Taiwan and the Philippines.
Analyst Comments: The recent activity of "Volt Typhoon," a Chinese government-affiliated cyberthreat group, represents a significant escalation in cyber warfare tactics. By targeting critical U.S. infrastructure, China appears to be preparing for a broader conflict scenario, potentially involving Taiwan or the Philippines. The focus on civilian utilities like water, power, and communications systems indicates a strategy aimed at undermining public morale and creating internal pressure within the U.S. for a quick resolution in China's favor. This approach aligns with traditional Chinese military doctrine, which emphasizes swift and decisive action to minimize prolonged conflict. President Biden's response to these threats is crucial. A clear, assertive stance that communicates the U.S.'s capability and willingness to retaliate in kind could serve as an effective deterrent. The administration's approach to the Colonial Pipeline hack by Russian cybercriminals may have set a precedent that China is observing closely. Biden's next steps could either reinforce U.S. cybersecurity posture or inadvertently signal vulnerability, influencing China's strategic calculations.
FROM THE MEDIA: The Washington Examiner editorial discusses the escalating cyber threats from China, particularly targeting U.S. critical infrastructure. This threat is part of a larger strategy by China to create panic and division in the U.S. in the event of a conflict over Taiwan or the Philippines. The Chinese cyber group "Volt Typhoon" has compromised about two dozen U.S. infrastructure entities, including water utilities, ports, and oil pipelines. The goal is to pressure Americans to demand an end to any conflict favorable to China. The article calls for President Biden to clearly state that the U.S. will respond in kind to any Chinese cyberattacks on American utilities.
READ THE STORY: Washington Examiner
SEC Cyber Disclosure Rules Set to Transform Incident Reporting Landscape
Bottom Line Up Front (BLUF): The Securities and Exchange Commission (SEC) is implementing new rules requiring public companies to disclose significant cyber incidents within four business days. Despite industry backlash and legislative challenges, this mandate is poised to significantly impact how cyber incidents are reported and managed in the United States.
Analyst Comments: The impending SEC cyber disclosure rules represent a watershed moment in cybersecurity governance. By mandating timely reporting of significant cyber incidents, the SEC aims to enhance transparency and accountability in the corporate sector. However, the four-day window for disclosure is seen as challenging by many in the industry, potentially straining resources and necessitating rapid decision-making processes. Law enforcement agencies like the FBI and the Department of Justice (DOJ) are gearing up to implement the directive, including provisions for disclosure delays under certain circumstances, such as national security concerns. This move is likely to increase the flow of incident information between the private and public sectors, although the extent of this exchange remains to be seen.
FROM THE MEDIA: The new SEC rule, effective December 18, 2023, mandates public companies to report cyber incidents materially impacting their operations within four days of recognition. The rule has faced opposition from industry groups and Republican lawmakers, citing the tight reporting deadline as overly burdensome. The DOJ has issued guidance on potential exemptions, primarily when disclosure could threaten public safety or national security. The FBI will serve as a central intake point for incident information, which will be disseminated across the government.
READ THE STORY: The Record
Amazon Seeks Dismissal of Lawsuit Over Project Kuiper Launch Contracts
Bottom Line Up Front (BLUF): Amazon is requesting the dismissal of a shareholder lawsuit alleging improper approval of Project Kuiper's satellite launch contracts, asserting that its board conducted a thorough review of the agreements.
Analyst Comments: The lawsuit against Amazon concerning its Project Kuiper launch contracts highlights the intricate challenges and scrutiny faced by large corporations in their strategic decisions, especially when involving significant capital expenditures and potential conflicts of interest. The involvement of Blue Origin, owned by Amazon founder Jeff Bezos, adds a layer of complexity to the case, raising questions about corporate governance and procurement processes. Amazon's defense, stating that its directors conducted a diligent review, underscores the company's stance on the legitimacy of its decision-making process. This lawsuit and Amazon's response could set a precedent for how corporate boards manage and disclose decision-making processes for substantial investments, particularly in the fast-evolving space sector.
FROM THE MEDIA: A shareholder lawsuit filed against Amazon in August 2023 challenges the company's decision to award Project Kuiper launch contracts to Arianespace, Blue Origin, and United Launch Alliance. The lawsuit alleges that the Amazon board performed minimal due diligence on the contracts, which represent a significant capital expenditure. Particularly, it claims that about 45% of the contract value benefits Blue Origin, either directly or indirectly through its engine contract with ULA. Amazon's filing in Delaware’s Court of Chancery argues that the directors conducted an extensive review of the agreements, including Project Kuiper's overall strategy and the specific launch contracts, before approval.
READ THE STORY: SN
Russia's Smug Response to U.S. Isolation at UN over Israel Support
Bottom Line Up Front (BLUF): Russia has expressed a sense of satisfaction over the United States facing diplomatic isolation at the United Nations for its support of Israel amidst the Gaza conflict. This follows the U.S. veto of a U.N. Security Council resolution demanding a ceasefire in the Israel-Hamas war, leading to overwhelming support for the demand in the U.N. General Assembly.
Analyst Comments: Russia's reaction to the U.S.'s diplomatic isolation at the U.N. reflects the complex geopolitical dynamics that influence international relations and decision-making at global forums like the United Nations. Russia, which has faced its own isolation over the Ukraine conflict, sees the U.S.'s situation as an opportunity to highlight perceived double standards in international politics and to reshape its standing at the U.N. This situation underscores the challenges the U.S. faces in balancing its foreign policy objectives, particularly in the Middle East, where its support for Israel can conflict with broader international perspectives on the Israel-Palestine conflict.
FROM THE MEDIA: Russia's U.N. Ambassador Vassily Nebenzia commented on the U.S. veto of a ceasefire resolution in the Israel-Hamas conflict, accusing the U.S. of essentially giving a "license to kill" and holding it responsible for further casualties. The General Assembly resolution demanding a ceasefire garnered support from 153 countries, highlighting the U.S.'s isolation on this issue. Observers note Russia's strategic use of this situation to counter its own diplomatic isolation over Ukraine by pointing out U.S. actions in the Middle East. The U.S. maintains its indispensability in global leadership on these issues, despite facing criticism. The situation illustrates the complexities of U.N. politics and the influence of major powers in shaping global responses to conflicts.
READ THE STORY: Reuters
Items of interest
Financial Attacks Exploiting OAuth Applications on the Rise
Bottom Line Up Front (BLUF): Microsoft Threat Intelligence reports a surge in financially motivated attacks by threat actors who are compromising user accounts and misusing OAuth applications with high-privilege permissions for activities like cryptocurrency mining, establishing persistence in business email compromises, and launching spam activities using organizational resources.
Analyst Comments: The exploitation of OAuth applications for financial attacks signifies a strategic shift in cybercriminal tactics, emphasizing the vulnerabilities in token-based authentication systems. The common initial access vector in these attacks is account compromise via methods like credential stuffing and phishing. The absence of Multi-Factor Authentication (MFA) in most compromised accounts highlights a critical gap in cybersecurity practices. Securing the identity infrastructure, particularly through MFA, is essential to mitigate these threats. The vulnerabilities often arise from improper implementation of OAuth, underscoring the need for experienced engineering and thorough code reviews in security-sensitive projects.
FROM THE MEDIA: The Microsoft Threat Intelligence team reveals that attackers are using phishing and password-spraying attacks to compromise accounts that lack strong authentication and have permissions to create or modify OAuth apps. These apps, once compromised, are used for various malicious activities. Patrick Tiquet from Keeper Security notes that most OAuth vulnerabilities result from improper implementation, suggesting the need for experienced engineers in these projects. Emily Phelps from Cyware emphasizes the importance of MFA and the need for continuous monitoring in security systems. The report from Microsoft suggests that securing identity infrastructure is crucial in preventing such attacks, as attackers often target accounts without MFA.
READ THE STORY: SCMAG
OAuth 2 Explained In Simple Terms (Video)
FROM THE MEDIA: OAuth 2.0, often simply referred to as OAuth, is an open standard for access delegation commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. It acts as an intermediary on behalf of the end-user, providing the service with an access token that authorizes specific account information to be shared.
How to Hack OAuth (Video)
FROM THE MEDIA: OAuth is the foundation of most of modern online security, used everywhere from signing in to mobile apps, to protecting your bank accounts. Despite its ubiquity, it is still often difficult to implement safely and securely, especially in today's landscape, which is dramatically different from the world of online security as it existed when OAuth was initially created.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.