Daily Drop(52)
2-18-22
Friday, February 18, 2022 // (IG): BB //Weekly Sponsor: ISG
Navy plans to become ‘cyber ready’ by ditching compliance-obsessed ATO processes
FROM THE MEDIA: An influx of money from the CARES Act helped the Department of the Navy (DON) make major strides in modernizing its networks. Now, leaders say, it’s time to focus on bolstering those networks’ cybersecurity, including with a major pivot from compliance-driven approaches to a new philosophy called “Cyber Ready,” which focuses instead on continuous monitoring and ongoing risk assessments. The idea of keeping constant tabs on a system’s cyber health certainly isn’t new — indeed, it’s central to the National Institute of Standards and Technology Risk Management Framework DoD already uses to authorize systems on its networks, as a theoretical matter anyway. But Navy IT leaders think they’ve hit on a new framing that will help with the cultural changes needed to actually, finally, move away from checklist-based, single-point-in-time security approvals. Aaron Weis, the Navy Department’s CIO, said describing the problem in terms of “readiness,” akin to the way the military measures its servicemembers and weapons systems’ ability to execute missions on a day-to-day basis, has found a good deal of resonance in the Navy and Marine Corps.
READ THE STORY: Federal News Network
A QUICK LOOK:
CVE-2021-44731 Linux privilege escalation bug affects Canonical’s Snap Package Manager
FROM THE MEDIA: Qualys experts found a new Linux privilege escalation vulnerability, tracked as CVE-2021-44731, in Canonical’s Snap Package Manager. Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel. The packages, called snaps, and the tool for using them, snapd, work across a range of Linux distributions The flaws have been discovered by Qualys researchers, the CVE-2021-44731 is the most severe one and is a race condition in the snap-confine’s setup_private_mount() function. The snap-confine is a program used internally by snapd to construct the execution environment for snap applications. An unprivileged user can trigger the flaw to gain root privileges on the affected host. “Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host.” reads the post published by the experts. “As soon as the Qualys Research Team confirmed the vulnerability, we engaged in responsible vulnerability disclosure and coordinated with both vendor and open-source distributions in announcing this newly discovered vulnerability.” Qualys experts also developed a PoC exploit for this issue that allows obtaining full root privileges on default Ubuntu installations.
READ THE STORY: Security affairs // ZDnet
A QUICK LOOK:
DOJ Is Amping Up Its Crypto Scrutiny, Naming Head of New Enforcement Team
FROM THE MEDIA: The Justice Department named a veteran cybersecurity prosecutor to lead a new team dedicated to investigating and prosecuting illicit cryptocurrency schemes carried out by cyber criminals and nation states including North Korea and Iran. Eun Young Choi will be the first director of the National Cryptocurrency Enforcement Team, which will serve as the focal point for efforts to identify and dismantle the misuse of cryptocurrencies and other digital assets, Deputy Attorney General Lisa Monaco announced Thursday. “If we’re going to see -- as I think we will -- cryptocurrency gaining more traction and gaining wider adoption, we’ve got to make sure that the ecosystem that they operate in can be trusted and, frankly, can be policed,” Monaco said in an interview. “We’re going to make it our business to go after them and get those proceeds back and make it clear to them that they can’t hide.” The $2 trillion market for cryptocurrencies has boomed as companies and investors look to reap higher returns and get a foothold in a technology seen as still in its early days. Prosecutors and regulators are rushing to determine how to police that space -- as well as the market for other digital assets such as nonfungible tokens -- which has become a new frontier for criminals and rogue nations to steal and launder billions of dollars through anonymous avenues like blockchain transactions, encryption and digital wallets.
READ THE STORY: Bloomberg
A QUICK LOOK:
Iranian hackers behind biggest ransomware attacks of 2021
FROM THE MEDIA: Iranian hackers used ransomware tools the most in 2021 to steal data and blackmail users and companies, while hackers from China were the biggest exploiters of software vulnerabilities around the world in the same period, reveals a new report from cybersecurity firm CrowdStrike. Iran-based hacker groups, according to the report released on Friday, have been focusing on using ransomware as their key tool since late 2020. The use of ransomware in global cybercrimes rose by 82% through the year, the report added. Through 2021, Iranian groups such as BlackShadow and Deus figured among the biggest ransomware users in the world – targeting both Iranian and global companies. This is not the first time that Iranian hackers have been linked to increasing ransomware activities. In November 2021, a report by the Microsoft Threat Intelligence Centre (MSTIC) and Digital Security Unit (DSU) noted that hacker groups based in Iran were increasingly targeting Indian companies in the information technology (IT) space – something that was not prevalent until at least July 2021.
READ THE STORY: Live Mint
A QUICK LOOK:
How a ‘fake image’ in a Saudi activist’s phone blew the lid off NSO’s Pegasus spyware
FROM THE MEDIA: As per the Reuters report, Citizen Lab found that Saudi Arabian women's rights activist Loujain al-Hathloul's phone was infected with a version of the malware that could penetrate without requiring any action from the user's end. A glitch in the NSO Group’s spyware Pegasus left behind a “mysterious fake image file” on the phone of Saudi Arabian women’s rights activist Loujain al-Hathloul, and is the likely trigger which helped cybersecurity researchers across the world discover how the malware infected phones, according to a report by Reuters. A single activist helped turn the tide against NSO Group, one of the world’s most sophisticated spyware companies now facing a cascade of legal action and scrutiny in Washington over damaging new allegations that its software was used to hack government officials and dissidents around the world. It all started with a software glitch on her iPhone. An unusual error in NSO’s spyware allowed Saudi women’s rights activist Loujain al-Hathloul and privacy researchers to discover a trove of evidence suggesting the Israeli spyware maker had helped hack her iPhone, according to six people involved in the incident. A mysterious fake image file within her phone, mistakenly left behind by the spyware, tipped off security researchers. The discovery on al-Hathloul’s phone last year ignited a storm of legal and government action that has put NSO on the defensive. How the hack was initially uncovered is reported here for the first time.
READ THE STORY: The Wire
A QUICK LOOK:
Russian Cyberattacks Against Ukraine Risk Crossing the Line Into Warfare
FROM THE MEDIA: Russia may be holding off on a land invasion, but a growing list of cyberattacks against Ukraine has prompted concern that the online incursions might eventually cross into cyberwarfare. Earlier this week, the website of Ukraine's Ministry of Defense suffered from what appeared to be a distributed denial of service attack, where a bombardment of data requests overwhelms a site. The websites of two banks were also taken offline. The attacks weren't immediately attributed to Russia, but they follow a string of digital incursions in recent weeks that've been blamed on Ukraine's neighbor. Those attacks defaced government websites and planted destructive malware on Ukrainian computer networks. Past attacks attributed to Russia but denied by that country have been even more destructive, shutting down power grids and other critical infrastructure. The cyberattacks come against a backdrop of growing international tension over a Russian troop buildup on Ukraine's borders, which the US and its NATO allies say could presage a military invasion. Russia has said it's pulled back some of its troops, a claim NATO says isn't true. On Thursday, President Joe Biden warned that Russia could still invade Ukraine within days.
READ THE STORY: Cnet
A QUICK LOOK:
VMware Horizon servers are under active exploit by Iranian state hackers
FROM THE MEDIA: Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said on Thursday. Security firm SentinelOne has dubbed the group TunnelVision. The name is meant to emphasize TunnelVision’s heavy reliance on tunneling tools and the unique way it deploys them. In the past, TunnelVision has exploited so-called 1-day vulnerabilities—meaning vulnerabilities that have been recently patched—to hack organizations that have yet to install the fix. Vulnerabilities in Fortinet FortiOS (CVE-2018-13379) and Microsoft Exchange (ProxyShell) are two of the group’s better-known targets. Recently, SentinelOne reported, TunnelVision has started exploiting a critical vulnerability in Log4j, an open source logging utility that’s integrated into thousands of apps. CVE-2021-44228 (or Log4Shell, as the vulnerability is tracked or nicknamed) allows attackers to easily gain remote control over computers running apps in the Java programming language. The bug bit the Internet’s biggest players and was widely targeted in the wild after it became known. The SentinelOne research shows that the targeting continues and that this time the target is organizations running VMware Horizon, a desktop and app virtualization product that runs on Windows, macOS, and Linux.
READ THE STORY: Arstechnica
A QUICK LOOK:
How electronic warfare could factor into the Russia-Ukraine crisis
FROM THE MEDIA: When Russian forces occupied Ukraine’s Crimean peninsula in February 2014, the Russian Navy reportedly jammed cell phone signals in the process. This kind of attack, paired with the physical destruction of communications infrastructure, as well as online attacks on internet-connected sites and services, is broadly categorized as electronic warfare. War is still primarily an undertaking involving bombs, bullets, and broken bodies, but the placement of those bombs and bullets is increasingly shaped by fights waged in the electromagnetic spectrum. Electromagnetic warfare is often paired with attacks on computer systems carried out over the internet, which are broadly called cyber attacks. Understanding how modern wars are fought means understanding the invisible fights waged by signals and over code. If Russia does launch an attack on Ukraine, as the mass of Russian forces that have been assembled for months along their shared border suggest it might do, electronic warfare will likely be part of the attack, as it was when Russia occupied parts of Ukraine in 2014. The 2014 occupation included the Russian capture of Crimea, complete with physical destruction of communication links to the rest of the country, and led to Russian support for two self-declared breakaway republics of separatists in Eastern Ukraine.
READ THE STORY: POPSCI
A QUICK LOOK:
Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails
FROM THE MEDIA: Cisco has released security updates to contain three vulnerabilities affecting its products, including one high-severity flaw in its Email Security Appliance (ESA) that could result in a denial-of-service (DoS) condition on an affected device. The weakness, assigned the identifier CVE-2022-20653 (CVSS score: 7.5), stems from a case of insufficient error handling in DNS name resolution that could be abused by an unauthenticated, remote attacker to send a specially crafted email message and cause a DoS. "A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period of time until the device recovers, resulting in a DoS condition," the company said in an advisory. "Continued attacks could cause the device to become completely unavailable, resulting in a persistent DoS condition." The flaw impacts Cisco ESA devices running Cisco AsyncOS Software running versions 14.0, 13.5, 13.0, 12.5 and earlier and have the "DANE feature enabled and with the downstream mail servers configured to send bounce messages." DANE is short for DNS-based Authentication of Named Entities, which is used for outbound mail validation.
READ THE STORY: THN
A QUICK LOOK:
How China Uses Bots and Fake Twitter Accounts to Shape the Olympics
FROM THE MEDIA: Contained in the Potemkin village of China’s propaganda, the Winter Olympics have unfolded as an unalloyed success, a celebration of sports activities and political concord that has obscured — critics say whitewashed — the nation’s flaws and rights abuses. At Beijing 2022, the hills are snowy, not brown as regular this time of yr. A Uyghur skier is the image of nationwide unity, the tennis participant Peng Shuai only a curious spectator. Athletes and international journalists reward the well mannered volunteers and marvel on the high-speed trains and the robots that boil dumplings and blend drinks. Whereas China’s management of what its home viewers and readers devour is effectively established, the nation has unfold its personal model of the Video games past its borders, with an arsenal of digital instruments which are giving China’s narrative arguably better attain and extra subtlety than ever earlier than. With bots, pretend accounts, real influencers and different instruments, China has been in a position to selectively edit how the occasions have appeared, even outdoors the nation, selling every part that bolsters the official, feel-good story in regards to the Winter Olympics and making an attempt to smother no matter doesn’t.
READ THE STORY: GOM
A QUICK LOOK:
Items of interest
YouTube’s Olympics Highlights Are Riddled With Propaganda(Article)
FROM THE MEDIA: ECTOR
SOURCE DATA
SPORTS FANS WHO tuned in to watch the Beijing Winter Olympics on YouTube are instead being served propaganda videos. An analysis of YouTube search results by WIRED found that people who typed “Beijing,” “Beijing 2022,” “Olympics,” or “Olympics 2022” were shown pro-China and anti-China propaganda videos in the top results. Five of the most prominent propaganda videos, which often appear above actual Olympics highlights, have amassed almost 900,000 views. Two anti-China videos showing up in search results were published by a group called The BL (The Beauty of Life), which Facebook previously linked to the Falun Gong, a Chinese spiritual movement that was banned by the Chinese Communist Party in 1999 and has protested against the regime ever since. They jostled for views with pro-China videos posted by Western YouTubers whose work has previously been promoted by China’s Ministry of Foreign Affairs. Similar search results were visible in the US, Canada, and the UK. WIRED also found signs that viewing numbers for pro-China videos are being artificially boosted through the use of fake news websites.
READ THE STORY: Wired
How China Turned the Pandemic and Protests Into Propaganda Opportunities (Video)
FROM THE MEDIA: China's state media have been using the pandemic and U.S. protests sparked by the killing of George Floyd to rally its citizens at home, as Beijing’s relationships around the world grow tenser.
A Look At China’s Nationalist Propaganda As The Communist Party Turns 100(Video)
FROM THE MEDIA: The Chinese Communist Party is celebrating the 100th anniversary of its founding and the party’s grip on power continues to grow under President Xi Jinping. Tourists are flocking to historic sites, even as that history omits important, troublesome events.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com