Daily Drop (793): Night Shift News
06-09-24
Sunday, Jun 09 2024 // (IG): BB // ShadowNews // Coffee for Bob
*Started adding the Proof Of Concepts (PoC) if available for mentioned CVE’s :
A Proof of Concept (PoC) is a small exercise to test a certain hypothesis or demonstrate that a potential project can be viable. It's primarily used to verify that certain concepts or theories have the potential for real-world application. The purpose of a PoC is to showcase the feasibility, functionality, and potential of a concept before proceeding to the development of the full-scale project. *
FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims
Bottom Line Up Front (BLUF): The FBI has provided over 7,000 decryption keys to victims of the LockBit ransomware, aiding them in recovering their data for free. This action follows the dismantling of LockBit's online infrastructure and the arrest of a key figure, Dmitry Yuryevich Khoroshev.
Analyst Comments: The FBI's distribution of decryption keys is a significant step in mitigating the damage caused by LockBit ransomware. This move underscores the importance of law enforcement in combating cybercrime and highlights the persistent threat of ransomware, even as groups are disrupted. Victims are urged to use these keys and remain vigilant, as paying ransoms offers no guarantee of data security or non-recurrence.
FROM THE MEDIA: The FBI has revealed it possesses over 7,000 decryption keys for LockBit ransomware victims, encouraging affected parties to retrieve their data without cost. This disclosure was made at the 2024 Boston Conference on Cyber Security by Bryan Vorndran, Assistant Director of the FBI Cyber Division. LockBit, responsible for over 2,400 attacks globally, saw its infrastructure dismantled in February by an international law enforcement operation led by the U.K. National Crime Agency. Dmitry Yuryevich Khoroshev, allegedly the group's administrator, was identified and accused of cooperating with authorities. Despite these disruptions, LockBit remains active at reduced levels. Vorndran cautioned that paying ransoms does not ensure data deletion or protection from future extortion. New ransomware groups like SenSayQ and CashRansomware are emerging, while existing ones, such as TargetCompany, are evolving their techniques to exploit vulnerabilities, particularly in VMWare ESXi environments.
READ THE STORY: THN
Chinese Espionage Campaign Targets Southeast Asian Government
Bottom Line Up Front (BLUF): The United States has accused Russia of launching a satellite, Cosmos 2576, into low Earth orbit which the Pentagon assesses is likely a counter-space weapon capable of attacking other satellites. The Russian satellite is positioned in the same orbital path as a U.S. government satellite, raising concerns about potential threats to critical U.S. space assets.
Analyst Comments: This development marks a significant escalation in the ongoing power dynamics between the U.S. and Russia, particularly in the space domain. The positioning of Cosmos 2576 in close proximity to a U.S. reconnaissance satellite underscores the urgent need for international regulations and agreements to prevent the weaponization of space. The potential for space-based conflicts could have catastrophic global consequences, making it crucial to prioritize peaceful cooperation and maintain a balance of power in space.
FROM THE MEDIA:The U.S. Space Command has assessed that the Russian satellite Cosmos 2576, launched on May 16, has characteristics resembling previously deployed Russian counter-space payloads labeled as anti-satellite weapons. While the satellite has not approached the U.S. asset so far, its presence in the same orbital ring raises serious security concerns. Russia's Roscosmos State Space Agency stated the launch was for the Defense Ministry's interests, while Russian officials dismissed the Pentagon's allegations as misinformation, affirming Russia's opposition to placing offensive weapons in space.
READ THE STORY: SecurityBrief // THN // Sophos
'Sticky Werewolf' APT Upgrades Tactics in Fresh Attacks on Aviation Sector
Bottom Line Up Front (BLUF): The pro-Ukrainian advanced persistent threat (APT) group known as 'Sticky Werewolf' has launched a new wave of cyberattacks targeting Russia's aviation industry, including aerospace and defense companies. Using an upgraded infection chain involving malicious LNK files, commodity malware, and multiple layers of obfuscation, the group aims to conduct espionage and data exfiltration. The attacks' timing aligns with TSA's recent cybersecurity directive for the aviation sector, highlighting the critical need to bolster cyber defenses against persistent threats.
Analyst Comments: Sticky Werewolf's latest campaign demonstrates the group's evolving tactics and sustained focus on high-value targets in the aviation sector, likely in support of pro-Ukrainian interests. The use of sophisticated phishing emails, malicious LNK files, and commodity malware like Rhadamanthys Stealer and Ozone RAT, coupled with advanced anti-analysis techniques, reflects the group's adaptability and efforts to stay ahead of defensive measures. The targeting of Russian aerospace and defense organizations suggests an intent to gather intelligence that could provide a strategic advantage to Ukrainian interests. This incident underscores the persistent threat of cyberattacks faced by the aviation industry and the urgent need for robust, proactive security measures as mandated by TSA's recent directive. Organizations must prioritize network segmentation, access controls, continuous monitoring, and timely patching to enhance their cyber resilience against advanced threats like Sticky Werewolf.
FROM THE MEDIA: According to reports from Dark Reading and Morphisec Labs, Sticky Werewolf has launched a new wave of attacks targeting Russia's aviation industry, including aerospace and defense companies. The group employs sophisticated phishing emails purporting to come from a Russian aerospace company, luring victims with fake invitations to a video conference on future cooperation. Malicious LNK files masquerading as meeting agendas and mailing lists are used to trigger a multi-stage infection process, ultimately deploying commodity malware like Rhadamanthys Stealer and Ozone RAT for extensive espionage and data exfiltration. The timing of these attacks coincides with TSA's recent emergency directive for the aviation sector, which mandates specific measures to bolster cyber resilience against persistent threats. Media reports highlight the geopolitical context of the attacks, given Sticky Werewolf's previous targeting of Russian and Belarusian organizations, and emphasize the critical importance of implementing strong cybersecurity measures to safeguard the aviation ecosystem.
READ THE STORY: DarkReading // Morphisec
SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign
Bottom Line Up Front (BLUF): The CERT-UA has identified a new cyber espionage campaign, SickSync, targeting Ukraine's defense forces using SPECTR malware. The attacks, attributed to UAC-0020 (Vermin), involve spear-phishing emails and trojanized applications, stealing sensitive information and credentials from compromised systems.
Analyst Comments: The resurgence of the Vermin group and their deployment of the SPECTR malware against Ukrainian defense forces highlights the persistent cyber threat posed by state-affiliated actors. These operations, leveraging spear-phishing and legitimate software like SyncThing, underline the necessity for heightened vigilance and robust cybersecurity measures within critical infrastructure and defense sectors.
FROM THE MEDIA: CERT-UA has issued a warning regarding cyber attacks on Ukraine’s defense forces, executed by the threat actor UAC-0020, also known as Vermin. The SickSync campaign uses spear-phishing emails containing a RAR self-extracting archive with a decoy PDF, a trojanized SyncThing application embedding the SPECTR malware, and a batch script to initiate the infection. SPECTR, active since 2019, captures screenshots, harvests files, extracts data from USB drives, and steals credentials from various applications. The malware uses SyncThing’s standard synchronization functionality to exfiltrate stolen data. The recent attacks mark Vermin's return after previous campaigns targeting Ukrainian state bodies. This development coincides with other cyber threats involving social engineering and malware targeting Ukrainian defense entities by actors such as GhostWriter.
READ THE STORY: THN
The Rising Threat of Lookalike Domain Attacks on Fleet Security
Bottom Line Up Front (BLUF): Lookalike domain attacks are becoming an increasing threat to fleet security, with cybercriminals creating domains that closely resemble those of legitimate carrier companies to conduct phishing attacks, steal sensitive information, and commit fraud. The rise of artificial intelligence has further enabled threat actors to create realistic-looking websites, emails, and multimedia to deceive users. The trucking industry, with its interconnected systems and numerous vendors, is particularly vulnerable to these attacks.
Analyst Comments: The growing prevalence of lookalike domain attacks in the trucking industry is a concerning trend that demands immediate attention and proactive measures from fleet operators. As cargo theft continues to rise, with fraudulent methods like identity theft and domain spoofing becoming more sophisticated, organizations must prioritize cybersecurity to protect their assets, data, and reputation.
FROM THE MEDIA: According to a report by Commercial Carrier Journal, lookalike domain attacks are becoming a rising threat to fleet security in the trucking industry. Cybercriminals are creating domains that closely resemble those of legitimate carrier companies to conduct phishing attacks, steal sensitive information, and commit fraud. The article highlights the increasing sophistication of these attacks, with the use of artificial intelligence to create realistic-looking websites, emails, and multimedia. Experts from cybersecurity firms Arctic Wolf and ProCircular emphasize the vulnerability of the trucking industry due to its interconnected systems and numerous vendors, which provide multiple points of entry for threat actors. They also point out the economic incentives for attackers to target critical infrastructure like the trucking industry.
READ THE STORY: CCJ
How Ransomware Gangs Leverage Security Compliance to Pressure Victims
Bottom Line Up Front (BLUF): Ransomware attackers are increasingly using the threat of non-compliance with data privacy regulations like GDPR and CCPA to pressure victims into paying ransom demands. By exfiltrating sensitive data before encrypting files, these threat actors exploit the potential for hefty fines and reputational damage that organizations face if they fail to protect consumer information. This tactic has become a powerful tool in the arsenal of double extortion ransomware campaigns.
Analyst Comments: The weaponization of compliance regulations by ransomware gangs presents a significant challenge for organizations. The financial and legal consequences of non-compliance, such as the €20 million or 4% annual global turnover fine under GDPR, can be devastating. This has created a perverse incentive for companies to consider paying ransom demands to avoid the risk of regulatory penalties and public scrutiny. The rise of double extortion ransomware, where data is stolen before files are encrypted, has made this tactic particularly effective. Threat actors like the Maze and REvil groups have openly leveraged the threat of GDPR fines to coerce victims into paying. The exposure of sensitive customer data on the dark web not only leads to compliance issues but also erodes consumer trust and damages brand reputation.
FROM THE MEDIA: As reported by Darktrace, the trend of ransomware gangs weaponizing compliance regulations to pressure victims has been on the rise. Notorious groups like Maze and REvil have publicly announced their intentions to exploit GDPR and other data privacy laws to extort payment from compromised organizations. The Maze group, for example, established a website in late 2019 to 'name and shame' victims by publishing stolen data, including sensitive customer information. This tactic was then adopted by other ransomware operators, with the REvil gang explicitly stating their plans to leverage GDPR fines as additional leverage. Darktrace highlights that over 70% of ransomware attacks now involve data exfiltration, underscoring the prevalence of this double extortion strategy. The company emphasizes the importance of early detection and autonomous response in defending against these threats, with its Cyber AI platform demonstrating success in stopping ransomware like WastedLocker before encryption occurs.
READ THE STORY: Darktrace
Commando Cat Cryptojacking Attacks Target Misconfigured Docker Instances
Bottom Line Up Front (BLUF): The Commando Cat threat actor is exploiting poorly secured Docker instances to deploy cryptocurrency miners. Using the cmd.cat/chattr Docker image container, the attackers gain control over host systems by leveraging misconfigured Docker remote API servers.
Analyst Comments: Commando Cat's campaign exemplifies the ongoing threat posed by cryptojacking, especially through exploiting Docker configurations. This highlights the critical need for robust security practices and proper configuration of containerized environments. Organizations should ensure Docker instances are securely configured and regularly updated to mitigate such risks.
FROM THE MEDIA: Trend Micro researchers Sunil Bharti and Shubham Singh reported that the Commando Cat group is conducting cryptojacking attacks by exploiting misconfigured Docker instances. The attackers utilize a Docker image named cmd.cat/chattr to create a container, which then breaks out using the chroot command to access the host system. They retrieve the malicious miner binary from a command-and-control server using curl or wget commands. This binary is suspected to be ZiggyStarTux, an IRC bot based on Kaiten malware. The attack campaign leverages Docker images to deploy cryptojacking scripts, exploiting vulnerabilities in Docker configurations while evading detection by security software. The ongoing campaign emphasizes the importance of securing Docker instances to prevent unauthorized exploitation and maintain system integrity.
READ THE STORY: THN
AI Companies Must Be Transparent About Misuse by Propagandists
Bottom Line Up Front (BLUF): A new investigation has revealed that at least seven Russian and Belarusian-speaking independent journalists and opposition activists living in Europe were targeted with Pegasus spyware. These individuals, who have faced threats for their critical views on their governments, are now dealing with advanced surveillance tactics while in exile.
Analyst Comments: OpenAI's disclosure of AI misuse by propagandists is a commendable step towards transparency and accountability in the AI industry. As researchers have long anticipated, adversarial actors are adopting generative AI, particularly large language models, to amplify the scale and sophistication of their disinformation campaigns. OpenAI's proactive detection and mitigation efforts demonstrate lessons learned from the struggles of social media platforms in the wake of Russia's interference in the 2016 US election. While the impact of these AI-powered influence operations appears limited thus far, it is crucial not to underestimate the potential threat. Generative AI enables propagandists to produce content more efficiently and convincingly, reducing the cost and effort required to run deceptive campaigns. However, authentic influencers with large, engaged audiences remain the key drivers of viral content and narratives. As such, the focus should be on preventing the growth and distribution capabilities of malicious actors.
FROM THE MEDIA: MIT Technology Review reports that OpenAI recently disclosed the misuse of its generative AI tools by propaganda networks from Russia, China, Iran, and Israel. These bad actors used the tools to create large volumes of social media comments and convert news articles into Facebook posts, likely aiming to improve the quality and quantity of their output. The article commends OpenAI for its transparency and the precedent it sets for the AI industry. It draws parallels to the efforts of social media platforms like Facebook, YouTube, and Twitter (now X) in creating integrity teams and making regular disclosures about influence operations following Russia's interference in the 2016 US election.
READ THE STORY: MIT Technology Review
New York Times Source Code Stolen Using Exposed GitHub Token
Bottom Line Up Front (BLUF): Cybersecurity researchers have identified active exploitation of multiple high-severity vulnerabilities in WordPress plugins, leading to unauthorized creation of administrator accounts and potential site compromise. WordPress site owners are urged to update affected plugins and monitor for unusual activities.
Analyst Comments: The exploitation of vulnerabilities in popular WordPress plugins highlights the persistent risks associated with web application security. The affected plugins are widely used, making the scope of potential impacts significant. Site administrators must prioritize prompt updates and thorough security audits to mitigate the risks. This incident also underscores the importance of employing robust security measures such as Web Application Firewalls (WAFs) and regular vulnerability assessments.
FROM THE MEDIA: Researchers from Fastly have identified that threat actors are actively exploiting security vulnerabilities in several WordPress plugins. These vulnerabilities allow for unauthenticated stored cross-site scripting (XSS) attacks due to insufficient input sanitization and output escaping. Attackers leverage these vulnerabilities to inject malicious scripts, create rogue administrator accounts, and establish backdoors within the affected WordPress sites. The PHP backdoors are typically embedded into plugin and theme files while tracking scripts are designed to relay information back to a remote server.
READ THE STORY: SecurityAffairs // DarkReading // The Register
Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models
Bottom Line Up Front (BLUF): Zyxel has released security updates to fix five vulnerabilities, including three critical flaws, in two of its end-of-life network-attached storage (NAS) devices. The impacted models are NAS326 and NAS542, and the vulnerabilities could allow unauthenticated attackers to execute operating system commands and arbitrary code on affected installations. While there is no evidence of active exploitation, users are advised to update to the latest firmware versions for optimal protection.
Analyst Comments: Zyxel’s swift response to address these vulnerabilities highlights the ongoing security challenges with end-of-life devices. The disclosed vulnerabilities, especially those allowing remote code execution and command injection, pose significant risks. Organizations relying on older NAS models must prioritize updates or consider upgrading to newer, supported hardware to maintain security integrity.
FROM THE MEDIA: Zyxel has released crucial security patches for its NAS326 and NAS542 network-attached storage devices, which have reached end-of-life status. The patches address five vulnerabilities: CVE-2024-29972, CVE-2024-29973, CVE-2024-29974, CVE-2024-29975, and CVE-2024-29976. Three of these flaws could allow unauthenticated attackers to execute OS commands or arbitrary code via crafted HTTP POST requests or configuration files. The updates are included in firmware versions V5.21(AAZF.17)C0 and V5.21(ABAG.14)C0. Despite no current evidence of exploitation, Zyxel urges users to update their devices promptly for enhanced security .
READ THE STORY: THN
Russia-Aligned Operation Targets US Users on X to Discredit Georgian Protests
Bottom Line Up Front (BLUF): Researchers have uncovered a Russian-linked disinformation campaign targeting American users on the social media platform X. The campaign aims to discredit protests in Georgia against a controversial law targeting foreign agents. The operation, attributed to the Russia-linked network Doppelgänger, uses automated accounts to spread false narratives.
Analyst Comments: This discovery underscores the persistent threat of foreign influence operations in social media ecosystems. The use of bots to manipulate public opinion and discredit genuine democratic movements highlights the evolving tactics of state-sponsored disinformation networks. Doppelgänger's activities, while crude, reflect broader strategic objectives to undermine Western support for pro-democracy movements and sow discord.
FROM THE MEDIA: The Atlantic Council’s Digital Forensic Research Lab (DFRLab) has identified nearly 40 suspicious accounts on the social media platform X (formerly Twitter) that were part of a disinformation campaign targeting U.S. users. These accounts, linked to the Russia-aligned network Doppelgänger, were created in May 2024 and utilized stock images for avatars. They posted replies to prominent U.S. accounts, including political figures and media outlets, with content aimed at discrediting anti-government protests in Georgia. These protests began in response to a law passed by the Georgian Dream Party, perceived as a threat to media independence and civil society. The campaign also included anti-Ukraine and anti-U.S. narratives. Despite the rapid removal of these accounts, the incident highlights ongoing efforts by Doppelgänger to influence Western public opinion and undermine support for democratic movements.
READ THE STORY: The Record
Akira: The Emerging Ransomware Threat
Bottom Line Up Front (BLUF): Akira ransomware, although not as well-known as BlackCat or LockBit, poses a significant threat due to its unique tactics and the skill of its operators. Organizations of all sizes are potential targets, and maintaining robust cyber hygiene is crucial to mitigating risks.
Analyst Comments: Akira's emergence in the ransomware landscape highlights the evolving nature of cyber threats. Its use of FTP for exfiltration and targeting of less secure, ancillary organizations to access primary targets underscores the need for continuous vigilance and prompt security updates. This shift in tactics also reflects the adaptability of ransomware groups in finding new vectors of attack, emphasizing the importance of comprehensive cybersecurity measures.
FROM THE MEDIA: Scott Small, director of cyber threat intelligence at Tidal Cyber, warns that the Akira ransomware gang, though not as prominent as other ransomware groups, is highly skilled and poses a serious threat. Akira distinguishes itself by using FTP for file exfiltration, a less common method among ransomware groups, making it somewhat easier to detect if organizations know what to look for. Small emphasizes the importance of core cyber hygiene practices to mitigate risks. He also notes that Akira targets a broad range of organizations, including smaller, less secure ones, to gain access to larger targets. Small advises organizations to stay vigilant and promptly install security updates to protect against such threats.
READ THE STORY: The Register
Frontier Communications: Data Breach Affects 750,000 Individuals
Bottom Line Up Front (BLUF): Frontier Communications confirmed that a cyberattack in April 2024 led to the theft of personal information, including names and Social Security numbers, of over 750,000 individuals. Despite cybercriminal claims of a larger breach, no financial data was compromised. The company has since taken steps to bolster its cybersecurity measures.
Analyst Comments: This breach underscores the persistent vulnerability of large enterprises to cyberattacks and the critical importance of robust cybersecurity measures. While Frontier’s response involved swift containment and notification of authorities, the incident highlights the ongoing challenge of protecting sensitive personal information. The conflicting claims about the extent of the breach also illustrate the tactics used by cybercriminals to sow confusion and fear.
FROM THE MEDIA: In a regulatory filing, Frontier Communications revealed that more than 750,000 individuals were impacted by a cyberattack detected on April 14, 2024. The stolen data included names and Social Security numbers, but no financial information. Cybercriminal group RansomHub, which took responsibility for the attack, claimed a larger breach involving additional personal details, although these claims are disputed. Following the breach, Frontier engaged cybersecurity experts to investigate and contain the incident, notifying law enforcement and regulatory bodies. Despite RansomHub’s inflated claims, the attack highlights the significant risk posed by such cyber threats and the need for continuous cybersecurity vigilance.
READ THE STORY: The Register
Texas Attorney General Investigates Connected Car Manufacturers Over Data Sharing
Bottom Line Up Front (BLUF): Texas Attorney General Ken Paxton has initiated an investigation into several connected car manufacturers, including Kia, General Motors, Subaru, and Mitsubishi, over allegations of unauthorized data collection and sharing. This probe examines potential violations of consumer protection laws and aims to enforce stricter data privacy practices as the state's new data privacy law takes effect.
Analyst Comments: This investigation signals a significant shift towards stricter enforcement of data privacy laws in Texas. The focus on connected car manufacturers underscores the growing concerns over how modern vehicles collect and share vast amounts of personal data without explicit consumer consent. As regulatory scrutiny intensifies, automakers may need to reevaluate their data practices and enhance transparency to avoid legal repercussions and maintain consumer trust.
FROM THE MEDIA: The Texas Attorney General’s office is investigating multiple connected car manufacturers for allegedly collecting and selling driver data without consent. The investigation, led by Attorney General Ken Paxton, targets potential deceptive trade practices under state consumer protection laws. Companies including Kia, General Motors, Subaru, and Mitsubishi received investigative demand letters. The probe follows reports of extensive data collection from modern vehicles, potentially used by law enforcement and insurers without driver consent. This move coincides with the upcoming implementation of Texas's comprehensive data privacy law on July 1, which aims to protect Texans from unauthorized data exploitation.
READ THE STORY: The Record
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
Bottom Line Up Front (BLUF): A critical PHP vulnerability (CVE-2024-4577) affecting all versions of PHP on Windows servers has been disclosed. This CGI argument injection flaw allows remote code execution, prompting urgent updates to PHP versions 8.3.8, 8.2.20, and 8.1.29 to mitigate the risk.
Analyst Comments: The emergence of CVE-2024-4577 highlights the ongoing challenge of securing web applications, even against long-known vulnerabilities. The flaw, which exploits a minor Windows feature overlooked in previous patches, serves as a reminder of the complexity in ensuring comprehensive security. Administrators should promptly update their PHP installations and consider transitioning to more secure configurations like Mod-PHP, FastCGI, or PHP-FPM.
FROM THE MEDIA: DEVCORE security researchers have identified a critical vulnerability in PHP (CVE-2024-4577) affecting Windows servers. This CGI argument injection flaw can bypass previous security measures (CVE-2012-1823) via specific character sequences, enabling unauthenticated attackers to execute arbitrary code. The vulnerability impacts all PHP versions on Windows, especially XAMPP installations using Traditional Chinese, Simplified Chinese, or Japanese locales. Following responsible disclosure, updates have been released for PHP versions 8.3.8, 8.2.20, and 8.1.29. Security experts urge immediate patching due to active exploitation attempts detected by the Shadowserver Foundation and the simplicity of the exploit.
READ THE STORY: THN
Snowflake’s Customer Breaches Make 2024 the Year of the Identity Siege
Bottom Line Up Front (BLUF): Recent breaches at Snowflake, Santander, TicketMaster, and others highlight a surge in identity-related cyberattacks. Poor authentication practices, particularly the lack of mandatory multi-factor authentication (MFA), have left organizations vulnerable, resulting in massive data theft and financial fraud.
Analyst Comments: The recurring theme in these breaches is inadequate identity security measures, particularly the reliance on single-factor authentication. The trend underscores the urgent need for organizations to adopt robust identity and access management (IAM) solutions, including mandatory MFA and zero-trust architectures. The breaches should serve as a wake-up call for enterprises to reevaluate and strengthen their security postures to mitigate identity theft risks.
FROM THE MEDIA: The cybersecurity landscape in 2024 is witnessing a wave of identity-related breaches, with high-profile incidents at Snowflake, Santander, TicketMaster, and others. Snowflake's breach was partly due to its optional MFA policy, which allowed attackers to exploit stolen credentials and bypass security measures. The attackers used compromised credentials to generate session tokens, enabling undetected movement within Snowflake’s systems. Meanwhile, Santander and TicketMaster disclosed significant breaches affecting millions of customers, with data sold on dark web forums. These incidents reflect a broader trend of cybercriminals targeting weak identity security practices. Reports indicate that adopting identity-based zero-trust safeguards could have prevented many of these breaches. Consequently, organizations are increasingly focusing on implementing advanced user authentication methods and improving identity security to combat these threats.
READ THE STORY: VB // Security Boulevard
Items of interest
Encrypted Messaging App Signal Stops Working in China
Bottom Line Up Front (BLUF): As of March 15, 2021, users in China reported that the encrypted messaging app Signal has stopped working without the use of a VPN. This development aligns with China's increasing regulation and censorship of internet services and apps.
Analyst Comments: The inaccessibility of Signal in China without a VPN underscores the ongoing efforts by Chinese authorities to control and restrict communication channels that offer privacy and encryption. This move reflects the broader strategy of the Chinese government to limit the use of foreign apps that could bypass state surveillance, maintaining tight control over information flow within the country.
FROM THE MEDIA: Users in China found that the encrypted messaging app Signal is no longer operational without a VPN. This follows a pattern of strict internet regulations and expanded censorship by Chinese cyber authorities, which have banned numerous apps, media outlets, and social media sites in recent years. Signal’s website also became inaccessible in China, though the app remained available on Apple’s China app store and continued to function in Hong Kong. Signal experienced a global surge in downloads after WhatsApp updated its privacy terms in January, leading many users to seek alternative messaging services that prioritize privacy. This shutdown adds Signal to the list of apps, including Google services, that face heavy restrictions in China.
READ THE STORY: Yahoo News
China tells Apple to remove WhatsApp, Signal, and Telegram from app store: Report (Video)
FROM THE MEDIA: China has ordered Apple (AAPL) to remove popular messaging apps, including WhatsApp, from its app store, according to a report from The Wall Street Journal. The apps were removed due to supposed national security concerns, without officials specifying which ones.
China Bans Encrypted Messaging Apps (Video)
FROM THE MEDIA: Leo Laporte and Steve Gibson react to Chinas decision to ban western encrypted messaging apps.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.