Daily Drop (897): U.S. Presidential Election | DHS: U.S. Telecom | Windows Downdate | AI: Roundup | IoT Panel | U.S. Arms to TW
10-28-24
Monday, Oct 28 2024 // (IG): BB // ScraperDaddy // Cloud Email Harvester
DHS to Investigate Alleged Chinese Hacks on U.S. Telecommunications, Targeting Trump and Vance
Bottom Line Up Front (BLUF): The Department of Homeland Security (DHS) is launching an investigation into breaches by the Chinese hacking group Salt Typhoon. The group allegedly accessed U.S. telecommunications networks to intercept data from senior officials’ phones, including Donald Trump and JD Vance. At least 10 telecommunications firms were affected, marking one of the most significant recent espionage attempts on U.S. infrastructure.
Analyst Comments: The DHS’s probe into the Salt Typhoon breach underscores increasing concerns over foreign interference, especially with high-profile election candidates being targets. If confirmed, this breach may reveal vulnerabilities within U.S. telecoms’ network edge devices, which hackers frequently exploit to access sensitive information. The investigation will likely prompt reviews of encryption standards and cybersecurity protocols across significant telecom providers. Given the White House's activation of a Unified Coordination Group (UCG), this incident may lead to swift regulatory responses, especially considering potential election security implications.
FROM THE MEDIA: A DHS Cyber Safety Review Board probe is underway to examine how the Chinese hacking group Salt Typhoon allegedly infiltrated several major U.S. telecommunications networks, including Verizon, AT&T, and Lumen, to intercept call and text data from officials like Donald Trump and JD Vance. According to sources familiar with the incident, the infiltration reportedly targeted approximately 40 individuals’ communications data through back-end network vulnerabilities. Federal investigators are still determining the extent of the accessed information, as much of the traffic remains encrypted. The White House initiated an emergency Unified Coordination Group to mitigate the breach, illustrating the severity of the situation. This incident highlights the threat of advanced persistent threat (APT) groups like Salt Typhoon exploiting edge devices, which sit at critical network junctures.
READ THE STORY: Politico // Substack
New Attack Allows Hackers to Downgrade Windows, Exploiting Patched Vulnerabilities
Bottom Line Up Front (BLUF): Researchers from SafeBreach Labs have discovered a novel “Windows Downdate” attack that downgrades system components on Windows 11, reviving old vulnerabilities, including a Driver Signature Enforcement (DSE) bypass. This exploit allows attackers to load unsigned drivers, posing significant risks to organizations relying on fully patched Windows systems.
Analyst Comments: This discovery underscores a critical vulnerability within the Windows update process, enabling attackers to revert systems to vulnerable states despite being fully patched. The ability to manipulate DSE and UEFI protections signals a concerning trend where attackers bypass advanced security controls. Such attacks could allow sophisticated malware and rootkits to gain kernel-level access, evading detection, and potentially persisting long-term. Given the scale of this vulnerability, adopting rigorous endpoint monitoring and robust UEFI configurations, such as the VBS “Mandatory” flag, is essential for mitigating these risks.
FROM THE MEDIA: SafeBreach Labs unveiled a new attack technique called Windows Downdate that compromises Windows 11 by downgrading essential system components, thereby re-enabling previously patched vulnerabilities. Alon Leviev, a researcher at SafeBreach, detailed how this attack takes advantage of the Windows Update mechanism, reverting critical modules like “ci.dll” to vulnerable versions. One major exploit targets the “ItsNotASecurityBoundary” vulnerability in Driver Signature Enforcement (DSE), allowing attackers to load unsigned kernel drivers by replacing verified security catalogs with malicious versions. Windows Downdate can disable features like Virtualization-Based Security (VBS) and Credential Guard by manipulating registry settings, making fully patched Windows systems susceptible to older exploits. The attack was presented at Black Hat USA and DEF CON 32, where Leviev outlined steps for bypassing UEFI protections without physical access. SafeBreach recommends organizations implement robust endpoint detection and maintain up-to-date protections, particularly utilizing UEFI “Mandatory” settings, to limit exposure to this exploit.
READ THE STORY: Hack Read
AI Research Roundup: Key Advances in LLM Capabilities
Bottom Line Up Front (BLUF): This week’s research roundup highlights recent advancements in AI model functionalities, including Claude's new Computer Use capabilities, the planning performance of OpenAI's o1 models, challenges in autonomous planning for language agents, and innovations in long-context retrieval augmented generation (RAG) methods. These papers reveal breakthroughs and limitations in how large language models (LLMs) handle real-world tasks requiring complex reasoning and interaction.
Analyst Comments: These updates illustrate how AI research rapidly expands into areas that improve model interactions, including capabilities for understanding dynamic environments and executing multi-step tasks. The addition of computer control to Claude models hints at future LLM applications in more operational and assistive settings, though current limitations in real-time performance remain. Meanwhile, OpenAI's o1 models and other planning research underscore the complexities in advancing planning capabilities, especially when models must balance following strict constraints and generalizing across different environments. The innovation in RAG methods with DRAG and IterDRAG scaling shows promise for improving long-context information processing, a crucial factor for maintaining coherence and context in larger generative applications. Together, these advancements mark an incremental but meaningful step toward more autonomous, capable language agents.
FROM THE MEDIA: Anthropic’s Claude model now includes Computer Use, enabling pixel-precise interaction with basic computer applications through screenshot sequences. This capability allows Claude to control applications like calculators and text editors, offering promising applications in assistive technology, though responsiveness issues persist in dynamic, real-time interfaces. Similarly, OpenAI’s o1 model shows progress in structured planning tasks, managing constraints, and action sequencing effectively. However, limitations in adaptability and optimality suggest that further refinement is needed for complex, real-world scenarios. A related study, Revealing the Barriers of Language Agents in Planning, shows that models such as Qwen2-7B and Llama3.1 struggle with task focus and goal consistency in complex scenarios. The findings highlight a need for improved episodic memory, which could significantly enhance the long-term planning capabilities of these models.
READ THE STORY: AI Changes Everything
Commerce Department IoT Panel Recommends Privacy Labels for Connected Cars
Bottom Line Up Front (BLUF): The Commerce Department’s Internet of Things (IoT) Advisory Board has recommended that car dealers display privacy labels on vehicle windshields to inform buyers about data collection practices. These labels would disclose if personal data is collected, shared, or sold and whether universal opt-out options are available, aiming to address growing consumer privacy concerns around connected vehicles.
Analyst Comments: This recommendation marks a significant step toward enhancing transparency in IoT data privacy, especially in the automotive industry, where connected vehicles can collect extensive data on drivers. By proposing privacy labels similar to Monroney labels, which show fuel efficiency and safety information, the advisory board aims to make privacy information more accessible to consumers. The auto industry may resist due to the label’s added complexity, but this proposal reflects a shift in regulatory expectations. If adopted, such labels could set a new standard for IoT privacy, impacting consumer expectations across other connected device markets.
FROM THE MEDIA: The Commerce Department’s IoT Advisory Board has recommended that car dealerships display privacy labels on connected vehicles, similar to Monroney stickers that disclose fuel and safety information. These proposed labels would inform consumers about data collection practices, including whether a car collects or shares personal data and if there are opt-out options for data collection. Backed by input from the National Institute of Standards and Technology (NIST), the advisory board emphasized the need for clear and concise disclosures to enhance consumer protection, referencing findings from a 2023 Mozilla Foundation report on automaker privacy issues. Privacy advocates like Andrea Amico of Privacy4Cars supported the initiative, noting that many consumers are unaware that their cars collect extensive data. Although the Alliance for Automotive Innovation, a major industry group, opposed the proposal, the board moved forward, underscoring the recommendation’s potential influence on IoT privacy practices worldwide.
READ THE STORY: The Record
Billionaires Influence the U.S. 2024 Election
Bottom Line Up Front (BLUF): Billionaires from both political spectrums, including figures like Elon Musk, Michael Bloomberg, and Dustin Moskovitz, have invested unprecedented sums into the 2024 U.S. presidential election. Their contributions are highly concentrated, with a few individuals significantly impacting fundraising efforts for both major candidates.
Analyst Comments: This surge in billionaire donations highlights how wealth concentration influences modern elections, where a few donors shape campaign dynamics disproportionately. Such significant investments indicate broader concerns among elite donors regarding policies that may affect business interests, economic stability, and the ideological trajectory of the U.S. government. The trend reflects the post-Citizens United landscape, where wealthy individuals exercise more significant influence, raising questions about democratic access and representation.
FROM THE MEDIA: According to The Financial Times, the 2024 election saw around 144 billionaires, approximately 18% of total donors, contributing at least $695 million combined. Dustin Moskovitz, co-founder of Facebook, and Elon Musk, CEO of Tesla and X, are two key figures driving support for Kamala Harris and Donald Trump, respectively. Moskovitz’s donation to pro-Harris groups, totaling over $38 million, underscores his alignment with more progressive ideals and criticism of Trump’s economic policies. On the other hand, Musk has allocated over $118 million to Trump’s campaign, viewing a potential Trump administration as more favorable to business growth and deregulation. High-profile billionaires like Michael Bloomberg and Miriam Adelson contribute substantially to this race. Bloomberg supports Harris due to concerns about Trump’s previous administration. At the same time, Adelson backs Trump with over $100 million, indicating a vested interest in policies that align with her business and ideological values.
READ THE STORY: FT
Senator Warner Criticizes Domain Registrars Over Alleged Role in Russian Disinformation
Bottom Line Up Front (BLUF): U.S. Senate Intelligence Committee Chair, Senator Mark Warner, criticized six U.S.-based domain registrars—NameCheap, GoDaddy, Cloudflare, NewFold Digital, NameSilo, and Verisign—for allegedly aiding Russian disinformation efforts by failing to monitor abuse on their platforms. Warner's concerns come after the Biden administration seized 32 domains used in a Russian disinformation campaign, "Doppelgänger," which targeted U.S. elections.
Analyst Comments: Warner’s response underscores a growing concern about domain registrars’ role in facilitating malicious activity by failing to flag and remove questionable registrations. Insufficient oversight can inadvertently support foreign influence campaigns, potentially undermining U.S. elections. Warner's demand for stricter controls suggests a possible move toward legislative actions, as recent U.S. actions increasingly target cyber infrastructure vulnerabilities. This could signal an upcoming shift in regulatory expectations for internet infrastructure providers.
FROM THE MEDIA: The domain registrars’ connection to disinformation surfaced after the Department of Justice (DOJ) seized 32 domains linked to the Doppelgänger campaign. Warner’s letter highlighted recurring issues, including registrars' failure to verify information accuracy, delay in removing fake websites, and inconsistent cooperation with disinformation researchers. Warner’s letter referenced a 2023 Meta report on Doppelgänger, which detailed Russia’s tactics of creating fake media and social accounts to influence U.S. opinion and undermine Western policies. Among the registrars named, only GoDaddy responded publicly, citing its efforts to curb online abuse.
READ THE STORY: The Register
China Criticizes U.S. Arms Sales to Taiwan Amid Geopolitical Tensions
Bottom Line Up Front (BLUF): China’s Ministry of Foreign Affairs has condemned a new $1.988 billion U.S. arms package to Taiwan, which includes missile defense and radar systems. Beijing claims the sale violates its sovereignty and supports separatist agendas, though U.S. officials frame it as a measure for Taiwan’s self-defense under the Taiwan Relations Act.
Analyst Comments: According to the U.S., this arms package aims to balance growing regional threats from China’s military expansion, while China's criticism reflects broader tensions over Taiwan's defense autonomy. Countries like Japan and South Korea view the U.S. stance as part of stabilizing the Indo-Pacific, despite China’s framing of these sales as provocations undermining its territorial claims.
FROM THE MEDIA: China argues U.S. arms support violates the one-China principle and encourages separatism. In contrast, the U.S. describes its support as defensive, emphasizing the need to maintain stability in the Taiwan Strait amid China's heightened military presence. This debate underscores the competing interests shaping Taiwan’s defense and broader Indo-Pacific security.
READ THE STORY: GT (CN)
North Korean Troops in Russia Training for Potential Deployment in Ukraine
Bottom Line Up Front (BLUF): The U.S. confirmed reports that around 3,000 North Korean soldiers are training in Russia, with potential plans for their deployment in Ukraine. The North Korean troops reportedly arrived at Vladivostok and are undergoing training in eastern Russia. While it's unclear if they will engage in combat, their presence underscores Russia’s deepening reliance on allies amidst military shortages.
Analyst Comments: This development points to a notable escalation in the Ukraine conflict involving adversaries of the U.S. beyond Europe. As the U.S. assesses responses, North Korea’s involvement could amplify geopolitical tensions, notably in Northeast Asia. This potential mobilization also highlights Russia’s increasing dependence on foreign military resources, raising questions about its internal military capacity. If North Korean troops are deployed, it may force the U.S. and its allies to consider countermeasures, possibly including additional sanctions targeting supporters of Russia's war efforts.
FROM THE MEDIA: According to a senior Biden administration official, North Korean troops arrived in Vladivostok earlier this month and are now at training facilities in eastern Russia. National Security Council spokesperson John Kirby indicated that while the soldiers’ combat involvement remains uncertain, they may soon be transferred to western Russia for deployment against Ukrainian forces. Secretary of Defense Lloyd Austin emphasized that the potential involvement of North Korean troops in Ukraine would be a severe concern to the international community. Ukrainian and South Korean intelligence sources suggest these troops may soon be stationed in the Kursk region to support Russia’s military operations.
READ THE STORY: MSN
Cisco Secure Firewall Management Center Vulnerability Allows Root-Level Command Execution
Bottom Line Up Front (BLUF): Cisco has disclosed a new vulnerability, CVE-2024-20424, in its Secure Firewall Management Center (FMC) software, allowing authenticated attackers to execute commands with root privileges. This vulnerability, caused by insufficient input validation, affects multiple Cisco products and requires valid user credentials for exploitation. Cisco has issued software updates to address the flaw.
Analyst Comments: This vulnerability exposes Cisco FMC users to potentially severe risk by allowing attackers with minimal access (Security Analyst role or higher) to execute arbitrary commands at the root level. Organizations using Cisco FMC should prioritize patching to avoid exploitation, as no workarounds exist for this vulnerability. This incident highlights the importance of stringent access control and rapid patch deployment within high-security network environments to prevent unauthorized access and command injection attacks. Given the critical role of Cisco’s firewall systems, the flaw could pose a significant threat to organizations that delay updating.
FROM THE MEDIA: A newly identified vulnerability, CVE-2024-20424, in Cisco’s Secure Firewall Management Center (formerly Firepower Management Center) could let authenticated, remote attackers execute arbitrary commands with root privileges. This flaw results from inadequate input validation within the FMC’s web-based interface, allowing attackers with Security Analyst credentials to send crafted HTTP requests to gain unauthorized root-level access. Once exploited, attackers could execute commands on the FMC and manage Cisco Firepower Threat Defense (FTD) devices. Cisco has released software updates to address the vulnerability and cautions that no workarounds exist. The vulnerability affects all products running a vulnerable FMC release, regardless of device configuration, and underscores the criticality of updating systems promptly to safeguard against unauthorized access.
READ THE STORY: Systemtek
Comparison of China-U.S. Economic Working Group Meeting Coverage
Bottom Line Up Front (BLUF): The sixth China-U.S. Economic Working Group meeting in Washington highlighted differences in approach. Both nations discussed global economic challenges, support for low-income countries, and economic policies. U.S. officials emphasized stabilizing global supply chains while managing economic dependencies. China raised concerns over U.S. tariffs and Russia-related sanctions, which it claims may hinder cooperation.
Analyst Comments: Comparing neutral and ECNS perspectives shows a strong contrast. The neutral coverage presented a balanced account, acknowledging both sides’ challenges, like China’s slowing economy and the U.S.'s inflationary pressures. ECNS’s coverage focuses heavily on China's viewpoints, omitting key U.S. concerns such as supply chain security and technology trade controls. By framing the talks as “pragmatic and constructive” without addressing contentious points, ECNS conveys an image of harmony that may understate the complexities and tensions present.
FROM THE MEDIA: ECNS, a Chinese state-affiliated propaganda factory, focused on China’s positive framing of the talks, characterizing them as “in-depth, pragmatic, and constructive.” ECNS coverage highlighted China’s concerns over U.S. tariffs and sanctions without discussing U.S. motivations for these measures, such as national security interests. ECNS also emphasized China’s recent fiscal policies as evidence of domestic strength while omitting references to U.S. discussions on supply chain security or technology controls, presenting China as the cooperative actor
READ THE STORY: ECNS (CN)
Items of interest
Reddit Tightens Data Access Controls, Demands Payment from Tech Giants
Bottom Line Up Front (BLUF): Reddit CEO Steve Huffman has taken a strong stance on monetizing Reddit’s data, requiring companies like Microsoft and other tech firms to pay for data access following recent agreements with Google and OpenAI. This policy marks Reddit’s shift from freely accessible data to controlled, compensated data usage, aiming to protect its data's integrity and enforce fair compensation.
Analyst Comments: Platforms like Reddit recognize the high value of data used to train AI models and are moving to charge companies that profit from their data. While Google and OpenAI have agreed to pay arrangements with Reddit, companies like Microsoft and others have resisted, leading to heightened tensions. Reddit’s recent restriction updates, such as its robots.txt file changes, indicate a significant escalation in its data strategy, suggesting other platforms might follow suit.
FROM THE MEDIA: As reported by The Verge, Huffman emphasized that agreements with companies like Google and OpenAI allow Reddit to ensure that its data is responsibly used and fairly monetized. He stated that without such agreements, Reddit cannot track how its data is applied, risking the potential of its robots.txt to block unauthorized access, affecting companies like Microsoft, Anthropic, and Perplexity, which have yet to enter into a licensing deal.
READ THE STORY: MSN
Friendshoring the Lithium-Ion Battery Supply Chain (Video)
FROM THE MEDIA: It's possible to earn millions of dollars finding zero days and vulnerabilities in software. But are you prepared to put in the work?
Browser Exploitation Introduction (Video)
FROM THE MEDIA: This stream includes retired content from the SANS SEC760 "Exploit Dev" course. It will focus on Use After Free exploitation of an outdated Internet Explorer version. I'll follow it up with another stream on browser memory leaks.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.