Monday, February 06, 2023 // (IG): BB // BSidesCharm// Coffee for Bob
Musk says SpaceX 'ready' to activate emergency satellite over Turkey to find survivors
FROM THE MEDIA: Elon Musk has announced that SpaceX's Starlink service is ready to activate emergency satellites over Turkey in the wake of a 7.8 magnitude earthquake in the country. The earthquake has caused widespread devastation, with hundreds killed and thousands trapped under rubble. However, Turkish government approval is needed before the satellite services can be activated. The UK has offered assistance to Turkey and Syria following the disaster.
READ THE STORY: Express UK
An 11-year-old North Korean girl showing a new side to the country's propaganda style.
FROM THE MEDIA: North Korean YouTuber Song A has attracted 21,000 subscribers in nine months with her idyllic depictions of everyday life in Pyongyang. Experts believe her channel is part of an orchestrated propaganda effort by the North Korean government. Song A's videos show her swimming, rock climbing, eating dessert with her best friend, and reading "Harry Potter," but experts say the facilities she features are only accessible to a select few people in the country. It is likely that her videos are scripted and not representative of the typical life of North Koreans.
READ THE STORY: Insiders
Moldova PM calls for more EU help in curbing Ukraine war smuggling
FROM THE MEDIA: Moldova's Prime Minister Natalia Gavrilița has warned that the country needs more security support from Brussels to tackle increasing attempts of trafficking of people and arms from conflict-wracked Ukraine. She said that the EU's 'support hub' has achieved successful efforts in stopping trafficking, but it needs more resources to prevent networks from growing. The EU is already Moldova's most important backer, providing financial and humanitarian support since the war began. Gavrilița will this week sign agreements with the EU on customs, fiscal co-operation and health, and discuss trade liberalization, access to the EU's mobile phone roaming area and the single euro payments area. Russia is still subjecting Moldova to "elements of hybrid war", including cyber attacks, disinformation, and antigovernmental protests funded by exiled pro-Russian businessmen.
READ THE STORY: FT
Why the Chinese balloon crisis could be a defining moment in the new Cold War
FROM THE MEDIA: The Chinese balloon crisis is a watershed moment in the world’s dangerous new superpower rivalry, and it has underscored how polarized America can be when faced with a threat. The Trump administration had allowed several balloons to fly over US airspace without being shot down, but this one was shot down off of the Carolinas after drifting across the continental US and sparking a media frenzy and a Washington uproar. President Joe Biden has deepened US ties with Asian allies designed to counter China, and while his moderate action has been criticized by Republicans, he has also shown a willingness to stand up to Beijing's aggression. This incident has posed tough questions for Biden as it threatens to open up tensions between the Pentagon and the White House and impede diplomatic efforts aimed at avoiding confrontation between the two countries.
READ THE STORY: CNN
What is hybrid warfare? Inside the center dealing with modern threats
FROM THE MEDIA: The European Centre of Excellence for Countering Hybrid Threats (Hybrid CoE) was established in Helsinki, Finland six years ago to help Western governments identify and protect themselves against hybrid threats such as underwater explosions, anonymous cyber attacks, and the use of "bots" and disinformation campaigns. The center maps potential hybrid threats in the Arctic, and has examined Russia's actions in the Sea of Azov before its invasion of Ukraine. Analyses by the center suggest that Russia is winning the information war amongst substantial portions of the population in several NATO countries. The center does not undertake measures to counter hybrid threats, but assesses, informs, and trains others to do so.
READ THE STORY: BBC
Iranian threat actors responsible for recent Charlie Hebdo data breach
FROM THE MEDIA: Charlie Hebdo suffered a cyber attack earlier this month that potentially exposed the personal data of over 200,000 customers. Microsoft's Digital Threat Analysis Centre has attributed the attack to an Iranian nation-state actor called Emennet Pasargad, who goes by the name Holy Souls. The group is offering the stolen data for a price and has posted a sample to prove its legitimacy. Iran's Foreign Ministry responded by summoning the French ambassador and closing down the French Institute for Research in Iran. Social media accounts have been set up impersonating French officials and reporters, suggesting Iranian operators are behind the posts. This follows a warning of 'revenge' from Iran's Islamic Revolutionary Guard Corps commander Hossein Salami, who pointed to the example of author Salman Rushdie, who was stabbed in 2022.
READ THE STORY: CyberSecurityConnect
Prediction is Prevention: This is How Bureau Tackles Cyberattacks
FROM THE MEDIA: Cyber attacks in India have tripled in the last three years, according to data released by CERT-in. Bureau is a trusted network that provides safety net to businesses solving cyber fraud risks with its AI/ML-powered solution. Bureau uses AI to assess the trustworthiness of customers by analyzing data from various sources, such as phone and email intelligence. ML algorithms are used to build models that detect patterns and anomalies indicative of identity fraud. AI can be used to detect suspicious activity in online payments and automate the verification process. The current cybersecurity landscape in India is alarming, and businesses must invest in a wide spectrum of capabilities that protect users from fraud and cyber theft without compromising on growth and risk.
READ THE STORY: AIM
Russia Built A Dozen Air-Defense Vehicles For War In The Arctic. Then Sent Them To Ukraine To Get Blown Up
FROM THE MEDIA: The Tor-M2DT, a specially designed air-defense vehicle meant to operate in the cold of the Arctic, made its combat debut in Ukraine. In two months, Ukrainian forces destroyed two of them. The vehicles had come south with the 80th Arctic Motor Rifle Brigade and were featured in a Russian T.V. segment. Ukrainian gunners used GPS-guided Excalibur shells to take out the Tors, one of which they said was set ablaze, despite attempts by Russian soldiers to put it out with a fire extinguisher.
READ THE STORY: Forbes
FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection
FROM THE MEDIA: An ongoing malvertising campaign is distributing virtualized .NET loaders designed to deploy the FormBook information-stealing malware. The loaders use obfuscated virtualization for anti-analysis and evasion along with the Windows Process Explorer driver for terminating processes. The shift to Google malvertising is being used as an alternate delivery route to distribute malware ever since Microsoft announced plans to block the execution of macros in Office by default from files downloaded from the internet. MalVirt loaders, which are implemented in .NET, use the legitimate KoiVM virtualizing protector for .NET applications for concealing its behavior and are tasked with distributing the FormBook malware family. The loaders also deploy a signed Microsoft Process Explorer driver with the goal of carrying out actions with elevated permissions.
READ THE STORY: THN
America’s top cyber diplomat says his Twitter account was hacked
FROM THE MEDIA: Nate Fick, America's top cybersecurity diplomat, had his personal Twitter account hacked and shared the news on Saturday. It is unknown who was responsible for the hack or if any unauthorized posts were made. He leads the newly formed Bureau of Cyberspace and Digital Policy and is currently in Seoul to discuss cybersecurity cooperation with South Korea.
READ THE STORY: CNN
Not just balloons: Here’s how China spies on the US
FROM THE MEDIA: China has been accused of using a variety of methods to spy on and obtain intelligence from the US. This includes hacking, satellites, secret agents, “honeypot” traps, law enforcement and academia. In 2020, former Secretary of State Mike Pompeo claimed that Beijing was using the Manhattan Chinese Consulate as a major hub for espionage, while former CIA Chief of Counterintelligence James Olson said more than 100 Chinese spies were operating in the Big Apple at any given time. Former FBI electronics technician Kun Shan “Joey” Chun and NYPD cop Baimadajie Angwang have also been accused of spying for China. The Confucius Institute has also been named as a tool of Chinese influence.
READ THE STORY: NYPOST
TikTok working with US intelligence to ensure China cannot use platform for spying
FROM THE MEDIA: Sen. Cory Booker (D-NJ) said on Sunday that TikTok is collaborating with U.S. intelligence to protect the platform from Chinese surveillance, and that there's a "strong bipartisan view" that action needs to be taken against potential threats posed by China to the safety, security and secrets of the U.S. Congress and state legislatures have passed bills banning TikTok on government devices due to national security concerns.
READ THE STORY: Yahoo News
Ransomware Attacks in Europe Target Old VMware, Agencies Say
FROM THE MEDIA: Cybersecurity agencies in Europe are warning of ransomware attacks exploiting a two-year-old computer bug, which is targeting unpatched versions of VMware ESXi hypervisors. In response, the US Cybersecurity and Infrastructure Security Agency is working with partners to assess the impacts and provide assistance, while VMware has urged customers to apply the patch if they have not already done so. The problem attracted particular attention in Italy recently when it coincided with a nationwide internet outage.
READ THE STORY: VOA
Famed North Korean Android tablet auctioned off to hardcore devs
FROM THE MEDIA: The Samjiyon tablet, believed to have been developed by the Korea Computer Center and first revealed in 2012, recently resurfaced courtesy of a group of developers who purchased it from a previous owner. The device is said to have never been used and is in "mint-condition" and runs on Android 4.0.4 Ice Cream Sandwich. It features a 7" 1024 x 768 display backed by a 1.2 GHz processor, 1GB of RAM, and the option for 8GB or 16GB of storage. It lacks any internet connectivity and does not come with Google apps on board. Visitors to North Korea were able to purchase the tablet for a time until June of 2014. It is unclear what the developers plan to do with the tablet, though some observers have suggested a code dump among other things.
READ THE STORY: AndroidPolice
Global server shipments to suffer from declining performance in 1Q22, says DIGITIMES Research
FROM THE MEDIA: Global server shipments declined in fourth-quarter 2022 due to weakening demand from China-based datacenter operators and server brands. Going into first-quarter 2023, North American cloud service providers, Chinese datacenter operators, and server brands are expected to further reduce their server procurement, leading to a 10% decline in global server shipments compared to both the prior quarter and corresponding period of 2022.
READ THE STORY: Digitimes Asia
Saudi energy minister warns sanctions could lead to global supply shortage
FROM THE MEDIA: Saudi Arabia’s Energy Minister Prince Abdulaziz bin Salman warned of a shortage in energy supplies due to sanctions and underinvestment in the industry during a conference on 4 February. He added that Saudi Arabia was working to send Ukraine liquefied petroleum gas (LPG) to support the energy market. Prince Abdulaziz bin Salman also mentioned that OPEC+ was a responsible group of countries that does not engage in political issues but only policy issues relevant to the energy and oil markets. The same day, CNN reported that the Biden administration was taking a U-turn on its course with Saudi Arabia and holding back on previous threats.
READ THE STORY: The Cradle
Action Is Needed To Regulate Crypto Assets That Are Not Securities, Says CTFC’s New Chairman
FROM THE MEDIA: The new Chairman of the Commodities Trading Futures Commission (CTFC) says that crypto assets that are not considered securities need comprehensive legislation in order to protect customers and prevent catastrophic failures. He plans to work with Congress and crypto stakeholders to form regulations for the nascent industry.
READ THE STORY: Daily Hodl
Trust, not tech, is holding back a safer internet
FROM THE MEDIA: The tech industry is failing at cybersecurity despite global spending of $190 billion a year. To address this problem, a fundamental shift in the market is needed. Private sector initiatives won't be enough to protect us against cybercrime, and so public governance and policing must take on a greater role. This will require trust in the state, transparency, responsibility and accountability. If these are addressed, then a national endpoint security system may be possible, but we need to have conversations with politicians to decide how this will work.
READ THE STORY: The Register
Items of interest
Octosuite: A GitHub Open Source Intelligence Framework
FROM THE MEDIA: Octosuite is an open-source intelligence (OSINT) framework recently updated to version 3.1.0. It provides a secure and user-friendly interface for searching, exploring data related to repositories, organizations, and users. It is written in Python and can be used to investigate incidents like the 2022 GitHub Malware Attack. The Bellingcat Tech Team has encouraged feedback from the community about the tool.
READ THE STORY: InfoQ
RedTeam Flex: Project Management (Video)
FROM THE MEDIA: This video covers the basics of budgeting and cost accounting in a project, including how to create a budget from an estimate, adjust budgets, view project information, set up purchase orders, and create line items. It also provides an overview of project management concepts, such as at-risk and contingency management, and how to execute a purchase order.
RedTeam Flex: Project Startup (Video)
FROM THE MEDIA: This video covers how to create a project in RedTeam Flex, add team members, plans and specs, add cost codes and phases, create a project estimate, submit a request for quote, and create and submit a proposal. It also covers how to compare quotes and decide which company to work with.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.