Russia began setting the stage for cyberattacks against Ukraine a year ago

A Microsoft report out this week found that Russia started to lay the groundwork for launching cyberattacks against Ukraine as early as March 2021 when Russian hackers gained a foothold into Ukrainian government and Critical Infrastructure Networks. Microsoft’s report notes at least six separate Russia-aligned state hacking actors have launched more than 237 operations against Ukraine. The most notable are the destructive attacks launched by a GRU unit which researchers dub “Sandworm,” which was blamed for the Ukraine power grid attacks in 2016 and 2017, and several other recent destructive attacks, including the Viasat attack that knocked out the satellite network over much of Eastern Europe. The U.S. Department of State put a $10 million bounty on six of the Sandworm hackers this week, shortly after CISA sounded the alarm over fears that the U.S. should itself brace for a Russian cyberattack.

Read More

• Microsoft On the Issues: The hybrid war in Ukraine
• Microsoft discloses onslaught of Russian cyberattacks on Ukraine
• US offers bounty for Sandworm, the Russian hackers blamed for destructive cyberattacks

Tech giants duped into giving up data used to sexually extort minors

Absolutely brilliant reporting by @williamturton, who uncovered that Tech Giants including Google and Apple processed fake emergency user data requests sent by hackers, often by breaking into the email system of a law enforcement agency. From there, the hackers file user requests for minors, which the tech giants turned over without verifying the requests. (These emergency requests are often filed amid threats to life or safety.) According to the report, the information given by tech giants was used to extort and harass minors. The tech giants have said little so far. Apple — which constantly harps on about how much it claims to care about your privacy — didn’t even bother to comment. It’s thanks to companies like… *checks notes*… Toontown, which helped to bring the issue to light. @nixonnixoff said that most of the companies that were duped “treated this as a shameful matter to be kept top secret.” I think a lot of us will be thinking this…

Read More

• It ‘Felt Fishy’: Game Operator Rebuffed Fake Data Request

Also why the fuck are *Toontown* the company bringing this to light, and not said tech companies? They should be absolutely out in front of this, being transparent.

EU regulators need to be all over this.

— Kevin Beaumont (@GossiTheDog) April 28, 2022

How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities

Who needs a massive botnet when all you need, apparently, is a shovel? French intelligence is investigating an apparent act of sabotage that extensively disrupted internet services across France after a large number of fiber cables were cut. Now U.S. authorities are said to be on guard, knowing that fiber cables — which keep the backbone of the internet going — aren’t well protected, and often their locations are widely known.

Read More

• French investigate who is behind fiber optic cables sabotage
• Fibre optique : des câbles sabotés dans plusieurs régions, une enquête pénale ouverte

Multiples actes de malveillances sur infra fibre durant la nuit et la matinée. Incidents circonscrits, problèmes résiduels en cours de correction sur Reims et Graveline. Equipes Free mobilisées depuis 4h du matin.

— Free 1337 (@Free_1337) April 27, 2022

FBI conducted millions of searches of Americans’ data last year

According to the U.S. intelligence community’s transparency report, pushed out every year by the ODNI since the Snowden leaks, the U.S. government conducted as many as 3.4 million searches of U.S. data previously collected by the NSA. That’s without needing a warrant, since the data is collected and accessed under Section 702 of FISA, the law that allows the U.S. to spy on Americans, which is due to expire next year. The actual number of direct searches investigating Americans is probably far lower. More than half of the searches — close to 2 million — were related to a national security investigation involving attempts by alleged Russian hackers to break into U.S. critical infrastructure networks, for which the searches included efforts to identify and protect victims — including U.S. citizens. The WSJ does a good job of breaking down the figures and what they mean — and, @emptywheel, as always, has you covered.

Read More

• Intel report states FBI conducted nearly 2 million searches of US data related to cyberattacks in 2021
• National Security Surveillance on U.S. Soil Dropped Again in 2021, Report Says

Nowhere near as big as the huge number of 702 queries FBI did, this is a rather interesting stat.

Likely means everyone's doing more 12333 queries, which don't have to be counted. https://t.co/rsTbjBO4hm pic.twitter.com/HbyRpMFQbi

— emptywheel (@emptywheel) April 29, 2022

Twitter’s legal team is an aggressive defender of free speech, will that continue?

After the news finally dropped that Elon Musk would buy Twitter — a deal that still has to pass shareholder and regulatory approval(!) — @mmasnick dug into how Twitter’s legal department has been an “aggressive defender” of free speech, in large part by pushing back on subpoenas, often filed by “thin-skinned rich and powerful users,” and what Musk’s Twitter buy might mean for content moderation, privacy and free speech.

European wind-energy sector hit in wave of hacks

Three Germany-based wind energy companies have been targeted by cyberattacks since Russia’s invasion of Ukraine, at a time where Germany is moving away from its reliance on Russian oil and gas after Western sanctions try to cut off Russia from the rest of the economic world. The problem is that Germany is highly dependent on Russian oil and gas, and switching away to less reliant fuels is likely a multi-year process. Not a huge surprise then that cyberattacks targeting renewable, non-fossil fuels have swept the country, in some cases with ransomware, aimed at disrupting energy supplies. “A simpler strike on local internet-connected services could interfere with the remote monitoring systems of wind farms,” according to one security expert. You know, just how Viasat was hacked, causing roughly 5,800 wind turbines that relied on the satellite network to lose connection.

DJI insisted drone-tracking AeroScope signals were encrypted — now it admits they aren’t

In March, Ukraine’s vice prime minister accused drone maker DJI of helping Russia kill Ukranians by allowing Russia to freely use its drone detection system called AeroScope. DJI claimed that AeroScope signals are encrypted. Turns out, they’re not. That means governments (and others) don’t need AeroScope to see the exact position of every DJI drone. It wasn’t until hacker @d0tslash proved that the signals aren’t encrypted that DJI finally admitted that its remarks weren’t truthful.

Now to put the "DroneID is encrypted" thing to rest, then get some bed myself. Before + WEP key for c2 link. After – WEP key for c2 link… look who's still there? The unencrypted droneID packet. K thx for playing @DJIFlySafe @djienterprise @djiglobal @djisupport @adamlisberg! pic.twitter.com/SizPM7sfZ3

— KF (@d0tslash) March 31, 2022

Mexico top court strikes down phone and biometrics registry

Reuters reports that Mexico’s Supreme Court ruled that the government’s plans to create a national phone user registry tied to biometric data is unconstitutional. The phone carriers didn’t want it as it would’ve been costly to implement, but the government said it would’ve fought crime — where Mexico has some of the highest incidences of abductions in the world. The court said the registry would’ve violated human rights. Mexico has some 120 million cell lines, most of which are pre-paid.

Read more

• Mexico’s top court strikes down controversial cellphone registry with biometric data

Microsoft finds critical Linux flaw

A duo of privilege escalation bugs in Linux, dubbed Nimbuspwn, can be exploited to quickly gain root/system level permissions to an affected device. Ars Technica goes deep on the technical details, including how to gain persistent root access for a future backdoor.

Read more

• Microsoft finds Linux desktop flaw that gives root to untrusted users

Great news that security.txt is finally an RFC

According to @EdOverflow, who was one of the main proponents of security.txt. For those who don’t know, security.txt is a publicly accessible text file that admins can put in the root of their website directory to help researchers and hackers easily find urgent security contact information. It’s a great idea that’s aimed at speeding up the process of finding and alerting companies to security flaws. Some of the biggest companies use it — Yahoo and Google to name a couple. You can see how Google’s security.txt, for example, looks here. Excellent news and extremely well deserved.

Read more

• security.txt
• RFC 9116: A File Format to Aid in Security Vulnerability Disclosure

After 5 years of work, security.txt is officially an RFC. I am pleased to announce RFC 9116: https://t.co/uIqSRo28ak.

I would like to use this opportunity to thank those who made this possible. Thank you. ❤️ pic.twitter.com/Z8SNxd81ZO

— Ed (@EdOverflow) April 27, 2022

The post Cybersecurity and Infosec News Headlines Update on May 01, 2022 appeared first on PUPUWEB - Information Resource for Emerging Technology Trends and Cybersecurity.