Daily Drop (808): NPM Vuls | RU Sanctions: Crypto | RU: DISINFO | MSHTML Flaw | CN: Gen AI | Shields Up | Counter CCP | Op. MORPHEUS | CN: EV Trouble | CN: DE Turbine | ChatGPT: MacOS | Rockwell Vul
07-04-24
Thursday, Jul 04 2024 // (IG): BB // ShadowNews // Coffee for Bob
*Started adding the Proof Of Concepts (PoC) if available for mentioned CVE’s :
A Proof of Concept (PoC) is a small exercise to test a certain hypothesis or demonstrate that a potential project can be viable. It's primarily used to verify that certain concepts or theories have the potential for real-world application. The purpose of a PoC is to showcase the feasibility, functionality, and potential of a concept before proceeding to the development of the full-scale project. *
Oversight Committee Demands Accountability for US National Security Threats
Bottom Line Up Front (BLUF): In a recent hearing, the House Committee on Oversight and Accountability revealed that federal agencies have failed to counter the Chinese Communist Party’s (CCP) infiltration and influence campaigns. Experts testified that the CCP's political warfare targets critical US industries and federal institutions, compromising national security and economic stability.
Analyst Comments: The hearing highlights the growing concerns over the CCP’s extensive influence operations within the US, which threaten to undermine national security and economic interests. The testimonies underscore the urgent need for federal agencies to recognize and address these threats effectively. While China is attempting a power shift in global dominance, it remains technologically behind the US in several areas. However, the CCP's strategic infiltration and influence campaigns present a significant risk, necessitating a coordinated and robust response from US federal agencies to protect American interests and maintain a competitive edge.
FROM THE MEDIA: The House Committee on Oversight and Accountability held a hearing titled “Defending America from the Chinese Communist Party’s Political Warfare, Part II.” Experts detailed how the CCP has successfully waged an influence and infiltration campaign, jeopardizing critical US industries, including the military, technology, financial markets, agriculture, intellectual property, and education systems. The hearing underscores the need for a comprehensive strategy to counter the CCP’s influence operations and protect US national security. Federal agencies must prioritize addressing these threats to ensure a secure and prosperous future for America.
READ THE STORY: House dot Gov
OpenAI’s ChatGPT Mac App Stored Conversations in Plain Text
Bottom Line Up Front (BLUF): OpenAI’s recently launched ChatGPT macOS app was found to store user conversations in plain text, posing a security risk. After the issue was highlighted, OpenAI released an update to encrypt these conversations, enhancing the app's security.
Analyst Comments: The discovery that ChatGPT's macOS app stored conversations in plain text underscores the importance of robust data protection measures, especially for applications handling sensitive information. While OpenAI responded quickly by encrypting the stored data, this incident highlights potential risks associated with apps not adhering to stricter security protocols, such as Apple's sandboxing requirements for App Store-distributed software. Users and developers must remain vigilant about data security practices to prevent unauthorized access and data breaches.
FROM THE MEDIA: Until recently, OpenAI’s ChatGPT macOS app stored user conversations in plain text, allowing easy access for anyone with local access to the computer. Pedro José Pereira Vieito demonstrated the vulnerability by creating an app that could read these conversations. After The Verge contacted OpenAI, the company quickly issued an update to encrypt the locally stored conversations. OpenAI's spokesperson, Taya Christianson, confirmed the fix, emphasizing the company’s commitment to maintaining high-security standards. The update renders previously accessible plain text conversations unreadable by encrypting them, addressing the security flaw.
READ THE STORY: The Verge
Global Police Operation Shuts Down 600 Cybercrime Servers Linked to Cobalt Strike
Bottom Line Up Front (BLUF): Operation MORPHEUS, a coordinated law enforcement initiative, successfully dismantled nearly 600 servers used by cybercriminals, particularly those employing unlicensed versions of the Cobalt Strike framework. This crackdown, led by the U.K. National Crime Agency and supported by multiple countries, marks a significant step in curbing cybercrime infrastructure.
Analyst Comments: The takedown of 600 cybercrime servers in Operation MORPHEUS highlights the effectiveness of international cooperation in combating cyber threats. Cobalt Strike, while a legitimate tool for security professionals, has been widely misused by cybercriminals for malicious activities. By targeting these unlicensed versions, law enforcement agencies have disrupted a key component of cybercriminal operations, potentially reducing the incidence of ransomware and malware attacks. However, the persistent availability of cracked versions of such tools underscores the need for ongoing vigilance and collaboration among global cybersecurity entities to address and mitigate these threats.
FROM THE MEDIA: Operation MORPHEUS, led by the U.K. National Crime Agency (NCA) and supported by authorities from Australia, Canada, Germany, the Netherlands, Poland, the U.S., and others, dismantled close to 600 servers associated with cybercriminal activities using Cobalt Strike. Europol reported that between June 24 and 28, 590 out of 690 flagged IP addresses across 27 countries were shut down. Cobalt Strike, developed by Fortra, is intended for adversary simulation and penetration testing but has been exploited by cybercriminals through cracked versions. These versions facilitate post-exploitation activities, allowing attackers to deploy malware and ransomware. The operation's success in disabling these servers is a significant blow to cybercriminal networks, lowering the barrier for entry into cybercrime and disrupting their operational capabilities.
READ THE STORY: THN
Chinese Gen AI researchers snagged more patents than everyone else combined since 2013
Bottom Line Up Front (BLUF): The World Intellectual Property Organization (WIPO) report reveals that Chinese entities have dominated generative AI patent filings and scientific publications from 2014 to 2023, significantly outpacing other countries, including the United States.
Analyst Comments: China's overwhelming lead in generative AI patents and publications signifies its strategic focus on AI research and development. This dominance could have significant implications for global technological leadership and economic competitiveness in the AI sector. The disparity between China's output and that of other nations, particularly the US, suggests a potential shift in the global AI landscape. However, it's important to note that quantity doesn't always equate to quality or practical implementation. The US's comparatively lower numbers, coupled with high citation rates for entities like OpenAI, indicate that impactful research may not always correlate with patent volume. This situation underscores the need for other nations to reassess their AI research strategies and investment priorities to maintain competitiveness in this crucial field.
FROM THE MEDIA: WIPO's report found 54,000 GenAI-related inventions and over 75,000 scientific publications between 2014 and 2023. China accounted for 38,210 inventions, while the US contributed 6,276. Chinese organizations dominated the top patent filers, with Tencent leading at 2,074 inventions. OpenAI ranked 335th in scientific article publications but 13th in citations. The report noted high growth in GenAI patents related to molecules/genes/proteins and applications in fields like agriculture and energy management. China's dominance is attributed to years of prioritizing AI research, while the US has only recently emphasized AI leadership and regulation.
READ THE STORY: The Register
Twilio's Authy App Breach Exposes Millions of Phone Numbers
Bottom Line Up Front (BLUF): Twilio disclosed a security breach affecting its Authy app, where threat actors exploited an unauthenticated endpoint to access data associated with millions of Authy accounts, including users' phone numbers. The incident highlights the vulnerability of digital communication platforms to cyber threats.
Analyst Comments: This breach of Twilio's Authy app underscores the persistent risks facing even well-established digital security tools. The exploitation of an unauthenticated endpoint to access sensitive user data like phone numbers raises serious concerns about the security protocols in place for popular two-factor authentication (2FA) services. While Twilio has acted swiftly to secure the compromised endpoint, the potential for phishing and smishing attacks using the exposed phone numbers remains a critical concern. This incident serves as a reminder of the importance of robust authentication and continuous monitoring to safeguard against evolving cyber threats.
FROM THE MEDIA: Twilio revealed that unidentified threat actors exploited an unauthenticated endpoint in its Authy app, exposing data associated with Authy accounts, including users' phone numbers. The breach was publicized after a database containing 33 million phone numbers was leaked by an online persona known as ShinyHunters on BreachForums. Authy, a 2FA app owned by Twilio since 2015, provides an additional layer of security for user accounts. Despite the breach, Twilio stated there is no evidence that the attackers accessed Twilio's systems or other sensitive data. However, as a precaution, Twilio recommends that users update their Authy apps to the latest versions (Android 25.1.0 or later, iOS 26.1.0 or later) and remain vigilant for potential phishing and smishing attacks using compromised phone numbers.
READ THE STORY: THN
Attempting A Great Power Shift: How China's Industrial Surge Threatens US Defense Readiness
Bottom Line Up Front (BLUF): The National Defense Industry Association's 2022 report highlights significant shortcomings in the American Defense Industrial Base (DIB), raising concerns about defense readiness amidst China's rapid advancements. Although China is attempting a power shift in the global defense landscape, it remains behind the US in many technological aspects. However, factors such as a shrinking workforce, industry consolidation, misaligned funding, and burdensome regulations are exacerbating vulnerabilities in the US defense sector.
Analyst Comments: The decline of the American DIB presents a substantial risk to national security, especially as China continues to enhance its defense capabilities. The shrinking workforce and consolidation of the industry have reduced resilience and innovation, while regulatory burdens and misaligned funding priorities hinder growth and adaptation. Although China has made significant strides in defense manufacturing and technology, it still lags behind the US in advanced defense technologies and overall military capability. Nonetheless, China’s dominance in manufacturing, particularly in critical areas like drones, rare earth elements, and semiconductors, further compounds these challenges. The US must focus on bolstering its industrial base through strategic investments, innovation, and reducing dependency on Chinese imports to maintain its defense readiness.
FROM THE MEDIA: Efforts to reduce dependency on Chinese imports are ongoing but challenging. The US must leverage its technological strengths and invest in rebuilding its industrial base to ensure a resilient and independent defense sector. While China is making significant progress, it still has considerable ground to cover to match the US's advanced defense technologies. The path forward requires a multifaceted approach. By leveraging our strengths in technology and innovation, and committing to long-term investments in our DIB, the United States can regain its competitive edge. Ensuring a resilient and independent defense manufacturing base is not just a strategic priority but a national imperative. The time to act is now.
READ THE STORY: Allen Control Systems
Rockwell: Vulnerabilities Allow Remote Code Execution and Denial-of-Service Attacks
Bottom Line Up Front (BLUF): Microsoft has identified two critical vulnerabilities in Rockwell Automation PanelView Plus devices that can be exploited by remote, unauthenticated attackers to execute arbitrary code or cause a denial-of-service (DoS) condition. These flaws pose significant security risks to industrial control systems.
Analyst Comments: The discovery of these vulnerabilities in Rockwell Automation's PanelView Plus devices highlights the critical need for robust security measures in industrial control systems. The potential for remote code execution and DoS attacks underscores the risks posed by unpatched systems in critical infrastructure. Organizations using these devices should promptly apply available patches and consider additional security measures to mitigate the risk of exploitation. This incident serves as a reminder of the importance of continuous monitoring and proactive vulnerability management in industrial environments.
FROM THE MEDIA: Rockwell Automation released advisories on September 12, 2023, and October 12, 2023, addressing these issues. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also issued alerts on September 21 and October 17, emphasizing the importance of addressing these vulnerabilities promptly.
READ THE STORY: THN
The Emerging Role of AI in Open-Source Intelligence
Bottom Line Up Front (BLUF): The Office of the Director of National Intelligence (ODNI) has unveiled a new strategy for open-source intelligence (OSINT), emphasizing its importance as the "INT of first resort". Artificial Intelligence (AI) and Machine Learning (ML) are transforming OSINT by enhancing data processing capabilities and enabling more sophisticated analysis.
Analyst Comments: The integration of AI and ML into OSINT represents a significant evolution in intelligence gathering and analysis. This shift addresses the challenges posed by the exponential growth of digital data, which has overwhelmed traditional OSINT methods. The application of AI in tasks such as real-time analysis, multilingual processing, and predictive analytics enhances the speed and depth of intelligence insights. However, the reliance on AI also introduces new challenges, including the risk of AI hallucinations and the need for human oversight to provide context and verify results. As these technologies mature, they will likely reshape the landscape of intelligence gathering, potentially altering the balance of power in information warfare.
FROM THE MEDIA: Matt Edmondson, a SANS Principal Instructor and Principal at Argelius Labs, highlights that while AI is transformative, potential issues like AI hallucinations must be considered. NLP is essential for sentiment analysis, entity recognition, and machine translation. Computer Vision aids in facial recognition, object detection, and OCR. Machine Learning enhances predictive analytics, anomaly detection, and network analysis. As OSINT continues to evolve, the collaboration between AI tools and human expertise will be key to its success.
READ THE STORY: THN
Dark Web Actors Exploiting a Critical Account Takeover Vulnerability Targeting NPM Accounts
Bottom Line Up Front (BLUF): A threat actor on BreachForums is offering to sell an exploit targeting npm accounts through a critical account takeover vulnerability, potentially allowing compromise of organizational devices through backdoored npm packages.
Analyst Comments: This incident highlights the ongoing security challenges in the open-source ecosystem, particularly for widely-used package managers like npm. The potential for backdooring packages used by specific employees could lead to far-reaching supply chain attacks. Historically, compromises of package managers have had significant impacts, as seen with incidents like the event-stream malware in 2018. The threat actor's approach of keeping details private suggests a sophisticated operation aimed at maximizing the exploit's value. This underscores the need for enhanced security measures in package management systems and vigilant monitoring of dependencies in software development pipelines.
FROM THE MEDIA: A threat actor known as Alderson1337 has advertised on BreachForums an exploit targeting npm accounts via an account takeover vulnerability. The exploit allegedly allows compromising npm accounts linked to specific organizational employees and injecting undetectable backdoors into packages. These backdoored packages, when updated, could lead to widespread device compromise within organizations. The threat actor has not publicly disclosed a proof of concept, instead inviting private communications for details. npm Inc., a GitHub subsidiary managing the JavaScript package manager, is the primary entity impacted. The Cyber Express has reached out to npm for comment, but no official statement has been issued yet, leaving the vulnerability claims unconfirmed.
READ THE STORY: The Cyber Express
Russia defies Western sanctions with crypto payments
Bottom Line Up Front (BLUF): The Russian Central Bank is encouraging businesses to use cryptocurrencies and digital assets for international transactions to circumvent Western sanctions imposed due to the Ukraine war.
Analyst Comments: The Kremlin's move to promote cryptocurrency usage for international payments represents a significant shift in Russia's approach to digital assets and highlights the evolving nature of economic warfare. Historically, Russia has been cautious about cryptocurrencies, but the pressure of sanctions has led to a pragmatic reassessment. This development could potentially accelerate the adoption of digital currencies in international trade, challenging the dominance of traditional financial systems. The creation of alternative payment systems like the "BRICS Bridge" further indicates a broader geopolitical realignment, with implications for global financial structures.
FROM THE MEDIA: The Central Bank of Russia has advised businesses to use "multiple choice solutions," including cryptocurrencies and digital assets, for foreign transactions to bypass Western sanctions. Elvira Nabiullina, Governor of the Russian Central Bank, emphasized the opportunities created by new financial technologies at a recent conference. Russia is also collaborating with BRICS nations to develop the "BRICS Bridge," a blockchain-based payment system. VTB Bank's head, Andrei Kostin, suggested classifying information about this system as a "state secret" due to its sensitivity. Despite these efforts, Nabiullina acknowledged that creating such alternative systems would take time and face challenges.
READ THE STORY: Cybernews
Microsoft MSHTML Flaw Exploited to Deliver MerkSpy Spyware Tool
Bottom Line Up Front (BLUF): Threat actors are exploiting a patched vulnerability (CVE-2021-40444) in Microsoft MSHTML to deliver MerkSpy, a surveillance tool targeting users primarily in Canada, India, Poland, and the U.S.
Analyst Comments: The exploitation of CVE-2021-40444, despite being patched in September 2021, underscores the persistent risk posed by unpatched vulnerabilities. The sophisticated attack chain, involving multiple stages and evasion techniques, demonstrates the evolving tactics of threat actors. The use of seemingly legitimate job-related documents as an initial lure highlights the continued effectiveness of social engineering in cyberattacks. The capabilities of MerkSpy, including its ability to capture sensitive information and establish persistence, make it a significant threat to both individual privacy and organizational security. This campaign emphasizes the critical importance of timely patch management and user awareness in defending against such threats.
FROM THE MEDIA: The attack begins with a Microsoft Word document containing a fake job description. Opening the file triggers the exploitation of CVE-2021-40444, leading to the download of an HTML file that executes embedded shellcode. This shellcode then downloads and executes a payload disguised as "GoogleUpdate," which injects MerkSpy into memory. MerkSpy establishes persistence through Windows Registry changes and can capture screenshots, keystrokes, login credentials from Google Chrome, and data from the MetaMask browser extension. The stolen information is exfiltrated to a command-and-control server. Fortinet FortiGuard Labs researcher Cara Lin reported these findings.
READ THE STORY: THN // PoC: CVE-2021-40444
Despite OS shields up, half of America opts for third-party antivirus – just in case
Bottom Line Up Front (BLUF): A survey by Security.org reveals that 46% of Americans use third-party antivirus software, with the rest relying on built-in OS protection or no protection at all. Usage of paid third-party security software doubles among the over-65 age group compared to under-45s.
Analyst Comments: This survey highlights the persistent concern about cybersecurity among American consumers, even as operating systems have improved their built-in protections. The higher adoption rate of third-party solutions among older users may reflect ingrained habits from earlier computing eras when such software was essential. The continued popularity of third-party antivirus, despite advancements in OS security, suggests a lack of trust in built-in protections or a desire for additional layers of security. This trend has implications for the antivirus industry and may influence how OS developers approach security features in the future.
FROM THE MEDIA: The survey of nearly 1,000 US citizens found that 46% use third-party antivirus software, with 49% using it on PCs, 18% on tablets, and 17% on phones. Of those using third-party solutions, 54% pay for the software, while 43% use free versions. The most popular paid brands are Norton, McAfee, and Malwarebytes. Fear of malware (84%), privacy concerns (54%), and online shopping worries (48%) are the main reasons for using antivirus software. Windows users are most likely to use third-party security software (43%), followed by Apple users (31%). The survey also noted that only 4% of respondents paid for Kaspersky software, suggesting limited impact from the recent US ban on the Russian security firm.
READ THE STORY: The Register
EV Industry Faces Uncertain Future Amid China's Rare Earth Material Control
Bottom Line Up Front (BLUF): China's tightening control over rare earth elements (REEs) poses a significant threat to the global electric vehicle (EV) industry. While researchers are exploring alternatives to REE-based magnets for EV motors, none are currently viable for widespread use, leading to potential supply chain disruptions and increased production costs.
Analyst Comments: China's dominance in the production and processing of rare earth elements is a strategic lever in the global EV market. The announcement that all REEs are now state property heightens the risk of supply restrictions, particularly amid escalating US-China tensions. Efforts by researchers at Oak Ridge National Laboratory and others to develop REE-free motor technologies are promising but face significant technical and performance challenges. This situation underscores the urgent need for diversified supply chains and continued innovation in alternative materials to mitigate dependency on Chinese REEs.
FROM THE MEDIA: China's recent decision to nationalize all rare earth elements (REEs) has intensified concerns about the stability of the global supply chain for critical materials used in electric vehicle (EV) motors. China, which produces around 60% of the world's REEs and processes nearly 90%, has positioned itself as a central player in the EV market by leveraging its control over these essential resources. Researchers at Oak Ridge National Laboratory (ORNL) have been working on developing EV motors that do not rely on REE magnets. Despite promising advancements, they report that non-REE alternatives currently result in degraded motor performance. For instance, replacing neodymium iron boron (NdFeB) magnets with non-REE magnets leads to heavier and less efficient motors. One potential alternative, the spoke-ferrite magnet motor, is approximately 30% heavier than its REE counterpart, posing significant manufacturing and performance challenges.
READ THE STORY: The Register
Germany to Scrutinize Chinese Wind Turbine Deal for North Sea Project
Bottom Line Up Front (BLUF): Germany's economy ministry will closely examine a deal involving Chinese-made wind turbines for the Waterkant offshore wind project in the North Sea. The review focuses on the implications for critical infrastructure and maintaining fair competition within the European Union's renewable energy sector.
Analyst Comments: The scrutiny of the deal between German asset manager Luxcara and Chinese wind turbine manufacturer Ming Yang reflects broader geopolitical and economic concerns. While Germany aims to enhance its renewable energy capacity, the inclusion of Chinese technology in critical infrastructure raises security and competitive fairness issues. This situation is emblematic of the tension between embracing cost-effective technological solutions and safeguarding strategic industries from potential foreign influence. As Europe navigates its energy transition, ensuring the resilience and independence of its supply chains will be crucial.
FROM THE MEDIA: Germany's economy ministry announced it will closely review a deal to supply Chinese-made wind turbines for the Waterkant offshore project in the North Sea. The project involves 16 turbines from Ming Yang, each with a capacity of up to 18.5 MW, and is set for installation in 2028. The review will address concerns related to critical infrastructure and competitive fairness. The deal has been met with criticism from WindEurope, Europe's wind industry lobby, which argues that it grants China access to critical infrastructure and undermines the European supply chain, which was prepared to deliver turbines for the project. The European Commission had earlier initiated a review of potential market distortions caused by Chinese wind turbine makers, a move China labeled as "discriminatory."
READ THE STORY: OE
Items of interest
Russia's Disinformation Blitz: Targeting France's Elections and Olympics
Bottom Line Up Front (BLUF): Russian state-sponsored disinformation campaigns are intensifying efforts to destabilize France ahead of legislative elections and the Paris Olympics, using sophisticated tactics to sow discord and erode trust in democratic institutions.
Analyst Comments: This escalation in Russian disinformation activities targeting France represents a significant threat to the integrity of democratic processes and national security. The focus on high-profile events like elections and the Olympics provides strategic opportunities for maximum impact. The use of advanced techniques, including AI-generated content and the exploitation of social media platforms, demonstrates the evolving nature of information warfare. This campaign underscores the need for enhanced cybersecurity measures, media literacy initiatives, and international cooperation to counter such threats effectively.
FROM THE MEDIA: Russian-affiliated actors have been circulating manipulated content, including fake photos of graffitied Stars of David and fabricated stories about French military recruitment in Ukraine. These campaigns aim to undermine NATO and reduce Western support for Ukraine. French officials are calling for increased vigilance as these efforts show no signs of abating. The upcoming Paris Olympics is expected to be a focal point for further disruption attempts. A recent government report highlights the sophisticated nature of these cyber activities and their potential impact on French society and international relations.
READ THE STORY: DEVDISCOURSE // ASENNOW
Pro-Russian bots in bid to influence EU elections (Video)
FROM THE MEDIA: On the eve of the vote for the European elections, pro-Kremlin bots launched a disinformation campaign on X in favor of the French far-right and against President Emmanuel Macron. We explain what happened in this edition of Truth or Fake.
Fake News Batters UK and France Ahead of Elections (Video)
FROM THE MEDIA: Both sets of votes are expected to shake up each country's political direction, but as usual, there’s plenty of disinformation making the rounds, particularly targeting individual politicians.
The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.