nationalcybersecuritynews.today
Open in
urlscan Pro
82.165.207.139
Public Scan
URL:
https://nationalcybersecuritynews.today/the-taliban-on-the-ground-and-online-politically-motivated-hacktivism-in-iran-and-belarus-develo...
Submission: On September 01 via api from GB
Submission: On September 01 via api from GB
Form analysis 3 forms found in the DOM
POST
<form method="post" id="commentform" class="comment-form i-amphtml-form" novalidate="" action-xhr="https://nationalcybersecuritynews.today/wp-comments-post.php?_wp_amp_action_xhr_converted=1" target="_top"
on="submit:AMP.setState( { "commentform_post_78023": { submitting: true } } );submit-error:AMP.setState( { "commentform_post_78023": { submitting: false } } );submit-success:AMP.setState( { commentform_post_78023: {"values":{"mc-value":"","submit":"Post Comment","comment_post_ID":"78023","comment_parent":"0","comment":""},"submitting":false,"replyToName":""} } )"
amp-novalidate=""><amp-state id="commentform_post_78023" class="i-amphtml-layout-container i-amphtml-element i-amphtml-built" i-amphtml-layout="container" hidden="" aria-hidden="true">
<script type="application/json">
{
"values": {
"author": "",
"email": "",
"url": "",
"mc-value": "",
"submit": "Post Comment",
"comment_post_ID": "78023",
"comment_parent": "0",
"comment": ""
},
"submitting": false,
"replyToName": ""
}
</script>
</amp-state>
<p class="comment-notes"><span id="email-notes">Your email address will not be published.</span> Required fields are marked <span class="required">*</span></p>
<p class="comment-form-comment"><label for="comment">Comment</label> <textarea id="comment" name="comment" cols="45" rows="8" maxlength="65525" required="required" data-amp-bind-disabled="commentform_post_78023.submitting"
data-amp-bind-text="commentform_post_78023.values.comment" on="change:AMP.setState( { commentform_post_78023: { values: { "comment": event.value } } } )" i-amphtml-binding=""></textarea></p>
<p class="comment-form-author"><label for="author">Name <span class="required">*</span></label> <input id="author" name="author" type="text" value="" size="30" maxlength="245" required="required"
data-amp-bind-disabled="commentform_post_78023.submitting" data-amp-bind-value="commentform_post_78023.values.author" on="change:AMP.setState( { commentform_post_78023: { values: { "author": event.value } } } )" i-amphtml-binding="">
</p>
<p class="comment-form-email"><label for="email">Email <span class="required">*</span></label> <input id="email" name="email" type="email" value="" size="30" maxlength="100" aria-describedby="email-notes" required="required"
data-amp-bind-disabled="commentform_post_78023.submitting" data-amp-bind-value="commentform_post_78023.values.email" on="change:AMP.setState( { commentform_post_78023: { values: { "email": event.value } } } )" i-amphtml-binding="">
</p>
<p class="comment-form-url"><label for="url">Website</label> <input id="url" name="url" type="url" value="" size="30" maxlength="200" data-amp-bind-disabled="commentform_post_78023.submitting" data-amp-bind-value="commentform_post_78023.values.url"
on="change:AMP.setState( { commentform_post_78023: { values: { "url": event.value } } } )" i-amphtml-binding=""></p>
<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"> <label for="wp-comment-cookies-consent">Save my name, email, and website in this browser for the next time
I comment.</label></p>
<p class="math-captcha-form">
<label>Math Captcha<br></label>
<span><input type="text" size="2" id="mc-input" class="mc-input" name="mc-value" value="" aria-required="true" data-amp-bind-disabled="commentform_post_78023.submitting" data-amp-bind-value="commentform_post_78023.values.mc-value"
on="change:AMP.setState( { commentform_post_78023: { values: { "mc-value": event.value } } } )" i-amphtml-binding=""> − five = four</span>
</p>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" value="Post Comment" data-amp-bind-disabled="commentform_post_78023.submitting" data-amp-bind-value="commentform_post_78023.values.submit"
on="change:AMP.setState( { commentform_post_78023: { values: { "submit": event.value } } } )" i-amphtml-binding=""> <input type="hidden" name="comment_post_ID" value="78023" id="comment_post_ID"
data-amp-bind-disabled="commentform_post_78023.submitting" data-amp-bind-value="commentform_post_78023.values.comment_post_ID" on="change:AMP.setState( { commentform_post_78023: { values: { "comment_post_ID": event.value } } } )"
i-amphtml-binding="">
<input type="hidden" name="comment_parent" id="comment_parent" value="0" data-amp-bind-disabled="commentform_post_78023.submitting" data-amp-bind-value="commentform_post_78023.values.comment_parent"
on="change:AMP.setState( { commentform_post_78023: { values: { "comment_parent": event.value } } } )" i-amphtml-binding="">
</p>
<div class="amp-wp-default-form-message" submit-error=""><template type="amp-mustache">
<p class="{{#redirecting}}amp-wp-form-redirecting{{/redirecting}}">{{#message}}{{{message}}}{{/message}}{{^message}}Your submission failed. <small>The server responded with {{status_text}} (code {{status_code}}). Please contact the developer of
this form processor to improve this message. <a href="https://amp-wp.org/?p=5463" target="_blank" rel="nofollow noreferrer noopener">Learn More</a></small>{{/message}}</p>
</template></div>
<div class="amp-wp-default-form-message" submit-success=""><template type="amp-mustache">
<p class="{{#redirecting}}amp-wp-form-redirecting{{/redirecting}}">{{#message}}{{{message}}}{{/message}}{{^message}}It appears your submission was successful. <small>Even though the server responded OK, it is possible the submission was not
processed. Please contact the developer of this form processor to improve this message. <a href="https://amp-wp.org/?p=5463" target="_blank" rel="nofollow noreferrer noopener">Learn More</a></small>{{/message}}</p>
</template></div>
<div class="amp-wp-default-form-message" submitting=""><template type="amp-mustache">
<p>Submitting…</p>
</template></div>
</form>GET https://nationalcybersecuritynews.today/
<form role="search" method="get" class="search-form i-amphtml-form" action="https://nationalcybersecuritynews.today/" target="_top" novalidate="">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Search …" value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>GET https://nationalcybersecuritynews.today
<form action="https://nationalcybersecuritynews.today" method="get" id="amp-wp-widget-categories-1" target="_top" novalidate="" class="i-amphtml-form amp-form-dirty"><label class="screen-reader-text" for="cat">Select A Category</label><select
name="cat" id="cat" class="postform" on="change:amp-wp-widget-categories-1.submit">
<option value="-1">Select Category</option>
<option class="level-0" value="3">All News</option>
<option class="level-0" value="17">Android Security</option>
<option class="level-0" value="16">Browser Security</option>
<option class="level-0" value="4">Child Security</option>
<option class="level-0" value="24">Cloud Security</option>
<option class="level-0" value="22">Computer Hacking</option>
<option class="level-0" value="5">Computer Protection</option>
<option class="level-0" value="6">Conferences</option>
<option class="level-0" value="7">Education & Training</option>
<option class="level-0" value="19">Email Security</option>
<option class="level-0" value="8">Government Hacked</option>
<option class="level-0" value="23">Intl – Cyber News</option>
<option class="level-0" value="1">ios Security</option>
<option class="level-0" value="9">Linux Security</option>
<option class="level-0" value="10">Mac Security</option>
<option class="level-0" value="11">Malware/Ransomware</option>
<option class="level-0" value="12">Microsoft Security</option>
<option class="level-0" value="13">Phishing Scams</option>
<option class="level-0" value="14">Private Investigator</option>
<option class="level-0" value="21">Social Media</option>
</select>
</form>Text Content
Skip to content
National Cyber Security News Today
Menu
* Home
* All News
* Android Security
* Browser Security
* Child Security
* Cloud Security
* Computer Hacking
* Computer Protection
* Conferences
* Education & Training
* Email Security
* Government Hacked
* International Cyber News
* ios Security
* Linux Security
* Mac Security
* Malware/Ransomware
* Microsoft Security
* Phishing Scams
* Private Investigator
* Scams
* Social Media
* Post A Story
THE TALIBAN, ON THE GROUND AND ONLINE. POLITICALLY MOTIVATED HACKTIVISM IN IRAN
AND BELARUS. DEVELOPMENTS IN THE UNDERWORLD. | #CYBERSECURITY | #CYBERATTACK
September 1, 2021Category: All News
THE TALIBAN, ON THE GROUND AND ONLINE.
As the Taliban consolidates control over Afghanistan it establishes check points
and conducts house-to-house searches to find “collaborators” with the former
regime, the Washington Post reports. According to NBC News Afghans are purging
their social media accounts in an effort to remove all signs of connection with
“Western nations, international human rights groups, the Afghan military or the
recently collapsed Afghan government.”
The Taliban has long operated with some effect online, and their influence
operations are likely to continue, at least insofar as their intra-Islamist
rivalry with ISIS permits. Some of their influence campaigns are readily
foreseeable, if surprisingly well executed, like a mocking image of troops
looking like US Marines hoisting a Taliban flag in nicely done mockery of the
iconic flag raising on Iwo Jima. The Marines haven’t commented, the Military
Times observed. The Taliban fighters (said to belong to the Taliban’s Badri 313
battalion) holding the staff are also well-turned out in obviously stolen
military tactical kit, which itself makes a point. Military Times sees the image
as emblematic of the design savvy of Taliban propaganda.
Last Saturday afternoon Fox News broke the story that the US State Department
had come under cyberattack. State has, as is its policy, neither confirmed nor
denied the report, but Reuters says that a “knowledgeable source” told them
(“without confirming any incident”) that “the State Department has not
experienced significant disruptions and has not had its operations impeded in
any way.”
That data can be toxic, whatever government collects them, may be seen in the
growing likelihood of Taliban exploitation of data seized from the wreckage of
the former US-supported Afghan regime. POLITICO reports on the ongoing US effort
to contain the damage.
POLITICALLY MOTIVATED HACKTIVISM IN IRAN AND BELARUS.
A group calling itself Adalat Ali (“Justice of Ali”) has posted video it says it
obtained by compromising CCTV systems at Iran’s Evin prison, Zero Day reports.
Adalat Ali, which may be an Iranian dissident hacktivist group, says it wished
to draw the world’s attention to abusive conditions in Evin.
The Belarusian Cyber Partisans are the most recent political hacktivist group to
come to light, joining such Iranian groups as Indra and Adalat Ali.
Dissident hacktivists appear to have intensified their efforts against the
government of President Lukashenka. The Belarusian Cyber Partisans,
Bloomberg reports, claim to have compromised a large number of official
databases, including “lists of alleged police informants, personal information
about top government officials and spies, video footage gathered from police
drones and detention centers and secret recordings of phone calls from a
government wiretapping system.” They’ve released some of these publicly.
The Belarusian Cyber Partisans seem to seriously intend the overthrow of
President Lukashenka’s government, and MIT Technology Review reports signs that
the Partisans may have help from inside the regime itself.
MISCONFIGURED POWER APPS PORTALS.
UpGuard has disclosed that it found Microsoft Power Apps portals “configured to
allow public access.” The researchers notified forty-seven organizations that
their data were vulnerable to exposure. Some of the information at risk included
“personal information used for COVID-19 contact tracing, COVID-19 vaccination
appointments, social security numbers for job applicants, employee IDs, and
millions of names and email addresses.” The issue involves misconfiguration as
opposed to exploitation of a vulnerability. Users are addressing the
misconfiguration.
STREAMING AND SCAMMING.
Zscaler has released a report on scams and adware campaigns that accompanied the
recent Tokyo Olympics. The conclusions are instructive because they illustrate
the way in which high-profile events in sport and other cultural domains draw
the attention of cybercriminals.
THE T-MOBILE HACKER SPEAKS (PROBABLY).
The Wall Street Journal has been talking with the young American expatriate
(residing in Turkey) who claims to be responsible for hacking T-Mobile. John
Binns, who, the Journal says, seemed to have non-public knowledge about the data
breach, says he gained access to T-Mobile’s networks through an unprotected
router. Mr. Binns said the telco’s security was “awful,” and that he hacked them
“to make noise.” He had no comment on whether he was selling the stolen data, or
had been paid to compromise T-Mobile.
SPARKLINGGOBLIN, CHILD OF WINNTI.
An offshoot of the Winnti APT has been exploiting the SideWalk modular backdoor,
Threatpost reports. The group, which ESET calls “SparklingGoblin,” has been
hitting targets in East and Southeast Asia. Winnti has been associated with
Chinese intelligence services.
ESET notes that researchers at Trend Micro have observed the same activity,
which Trend Micro tracks as “Earth Baku.” Trend Micro states, “For this
campaign, Earth Baku has leveled its attacks against entities in the airline,
computer hardware, automotive, infrastructure, publishing, media, and IT
industries. According to our detections, these organizations are located in the
Indo-Pacific region. So far, we have registered hits in India, Indonesia,
Malaysia, the Philippines, Taiwan, and Vietnam.”
THE SHINYHUNTERS CLAIM TO HAVE AT&T DATA (AT&T SAYS IT WASN’T BREACHED).
Restore Privacy late last week said that the ShinyHunters are claiming on
RaidForum to have stolen a large quantity of customer data from AT&T, and teased
some of the data in a leak that solicited buyers for the information. AT&T said
that, wherever the data came from, it wasn’t from them. (“Based on our
investigation today,” the company told Restore Privacy, “the information that
appeared in an internet chat room does not appear to have come from our
systems.”)
The ShinyHunters have invited AT&T to negotiate the unreleased data’s return.
Intel 471 offers an interesting review of who the ShinyHunters are (including
the homage to Pokémon embedded in the gang’s name.) They describe the
ShinyHunters’ most probable and most dangerous actions at each stage of the
MITRE ATT&CK framework.
Digital Shadows looks at the ShinyHunters, the criminal group that claimed to
have compromised data held by AT&T (claims AT&T denies) and notes their shift
toward extortion and their here-today-gone-tomorrow mode of operation. Whatever
turns out to be the case with the claimed AT&T attack, the ShinyHunters will
probably recede temporarily, then reappear with refined technique.
DEVELOPMENTS IN THE UNDERWORLD.
The ransomware gang responsible for Ragnarok says it’s shuttering its
operations, and has released a decryption key for Ragnarok, according to the
Record. The Ragnarok gang had been active since 2019. Whether this represents a
genuine twilight of the bad gods or simply indicates a rebranding remains to be
seen.
Cequence finds that bot operators, like legitimate users, are finding virtual
private networks (VPN) useful in obscuring their origin and infrastructure. VPN
services that don’t limit the number of connections are proving valuable in
mounting high-volume attacks.
Palo Alto Networks’ Unit 42 describes four rising ransomware operations: Hive,
HelloKitty, LockBit 2.0, and AvosLocker. The gangs behind them run complex and
effective extortion campaigns; Unit 42 expects them to become increasingly
prevalent.
Digital Shadows offers a look at fraud, contention, and mutual exploitation in
the cybercriminal underworld. The C2C market does function like a market, but a
market with some very ugly corners.
The US FBI on Monday warned of the activities of a ransomware gang styling
itself the “OnePercent Group.” The Record reports that the OnePercent Group is a
criminal customer of ransomware-as-a-service operators. It is (or has been) a
known affiliate of REvil, Egregor, and Maze.
PATCH NEWS.
Microsoft has warned customers against a vulnerability in Azure’s Cosmos DB
database, Reuters reported early this morning. Researchers at Wiz discovered and
disclosed the issue, which involved access to database keys, earlier this month,
and Microsoft has now addressed the problem.
Redmond has also issued guidance on addressing ProxyShell vulnerabilities in
Exchange Server.
CRIME AND PUNISHMENT.
US Justice Department and the Securities and Exchange Commission (SEC) have
charged Manish Lachwani, co-founder and former CEO of mobile app testing company
Headspin, with securities fraud and wire fraud. The Justice Department stated,
“During the Series C fund raising round – starting no later than November 1,
2019, through at least January 30, 2020 – the federal complaint charges that
Lachwani engaged in a scheme of securities fraud and wire fraud. The complaint
alleges that in materials and presentations to potential investors, Lachwani
reported false revenue and overstated key financial metrics of the
company. According to the complaint, Lachwani maintained control over
operations, sales, and record-keeping, including invoicing, and he was the final
decision maker on what revenue was booked and included in the company’s
financial records. Multiple examples are alleged in the complaint of Lachwani
instructing employees to include revenue from potential customers that inquired
but did not engage Headspin, from past customers who no longer did business with
Headspin, and from existing customers whose business was far less than the
reported revenue.”
The SEC adds, “As further alleged, Lachwani enriched himself by selling $2.5
million of his HeadSpin shares in a fundraising round during which he made
misrepresentations to an existing HeadSpin investor. According to the complaint,
Lachwani’s fraud unraveled after the company’s Board of Directors conducted an
internal investigation that revealed significant issues with HeadSpin’s
reporting of customer deals, and revised HeadSpin’s valuation down from $1.1
billion to $300 million.”
COURTS AND TORTS.
French email security company Vade Secure has been ordered by a California court
to pay Proofpoint $14 million in an intellectual property theft lawsuit,
SecurityWeek reports. Proofpoint had alleged that a former executive of
Cloudmark took proprietary information from Cloudmark when he was hired by Vade
Secure in 2017. Cloudmark was acquired by Proofpoint during the same year.
Gary Steele, CEO and chairman of Proofpoint, stated, “While we welcome fair
competition and collaboration within the cybersecurity community, the
misappropriation, copying, and theft of our intellectual property required us to
vigorously enforce our rights. We appreciate the jury sending a strong message
that the theft of source code and misappropriation of trade secrets is
unacceptable.” Vade Secure told SecurityWeek, “While we were hopeful we would be
successful on all claims, we are pleased that the jury saw that
Proofpoint/Cloudmark’s claims were an overreach as evidenced by their decision
on damages. As a company whose core values are integrity and innovation, we
don’t believe this outcome accurately reflects who we are. We will be evaluating
our next steps in the coming days in light of this verdict.”
POLICIES, PROCUREMENTS, AND AGENCY EQUITIES.
US President Biden on Wednesday convened a meeting of industry leaders at the
White House for discussions of ways of improving cybersecurity. According to the
Washington Post, participants include the CEOs of Apple, Amazon, and JPMorgan
Chase, as well as CEOs from “major insurance, energy and water companies.”
Representatives of computer education not-for-profits are also attending. The
meeting had been planned for a month, and Administration sources tell the Record
that “You will definitely be seeing a set of concrete announcements.”
As President Biden met industry leaders to formalize cybersecurity national
priorities, he announced a cooperative program between industry and the National
Institute of Standards and Technology (NIST) to bolster technology supply chain
security. He also announced formal extension of the Industrial Control Systems
Cybersecurity Initiative to natural gas pipelines. Industry participants
committed to initiatives ranging from coupling insurance coverage to compliance
with certain basic security standards, to investment in cyber workforce
development, to committing resources to cybersecurity technology.
* Apple will push continuous security improvements in the technology supply
chain. The company will work with suppliers to “drive the mass adoption of
multi-factor authentication, security training, vulnerability remediation,
event logging, and incident response.”
* Google announced an investment of $10 billion over the next five years to
“expand zero-trust programs, help secure the software supply chain, and
enhance open-source security.” It will also help 100,000 US workers earn
“industry-recognized digital skills certificates.”
* IBM intends to train 150,000 people in cybersecurity skills over the next
three years. It will also partner with Historically Black Colleges and
Universities to establish Cybersecurity Leadership Centers.
* Microsoft will invest $20 billion over the next five years for integration of
cybersecurity into design, and to develop and deliver advanced security
solutions. It will also make $150 million in technical services available to
government organizations at the Federal, state, and local levels. It will
also establish partnerships to deliver cybersecurity training.
* Amazon will offer the public, at no charge, the same security awareness
training it offers its employees. All AWS account holders will receive
multi-factor authentication devices.
* Two cyber insurance providers, Resilience and Coalition, also participated in
the meetings. Resilience will require a minimal threshold of cybersecurity
best practices as a condition of coverage. Coalition will offer, free to any
organization that wants it, the underwriter’s cybersecurity risk assessment
and continuous monitoring platform.
The Record reports that Cuba’s government, spooked to urgency by recent
protests, has enacted a law that will be used against the distribution of news
the regime in Havana, on grounds of policy, deems false. The measure appears to
be a step toward a national firewall.
The Republic of Korea, unlike Cuba a functioning democracy with a robust civil
society, is also moving toward passage of a law designed to impose punitive
damages, Reuters reports, on those who spread falsehoods that cause demonstrable
harm to people. Seoul seems to have cast the issue along the lines of curbing
slander as opposed to imposing a more general censorship.
FORTUNES OF COMMERCE.
“Mr. White Hat,” as Poly Network refers to the hacker who looted cryptocurrency
held by the DeFi provider, has now returned all of the more than $600 million
stolen in the theft. Vice reports that Poly Network is now in the process of
returning the holdings to their proper owners.
The Intercept says that, although Cellebrite says it exited the Chinese market
last year, Chinese police have continued to buy the company’s phone cracking
technology.
LABOR MARKETS.
Team8’s Nadav Zafrir and NightDragon’s Dave DeWalt offered some thoughts on the
cybersecurity labor market during an online media availability yesterday. Asked
whether the much discussed talent gap in cybersecurity were real, DeWalt
answered immediately that, “100% the talent gap exists.” He sees a kind of
“poverty line” in the sector. Solid talent circulates through different roles at
the top of different organizations, but the gap really becomes evident when you
look at vulnerable organizations who can barely afford an IT person: they’re
unlikely to be able to afford a security person. “The talent is there, but
matchmaking is a bit of a challenge,” he said, and he thought that the gap
tended to open between what formal education prepared students for and the
actual cybersecurity roles organizations needed to fill. “There’s a gap between
education and employment.”
Zafrir agreed, and offered the example of Israeli national service as a possible
approach to closing the gap. When Israel’s Unit 8200 understood that it couldn’t
rely only on universities for talent, it turned to mandatory service. “Every boy
and girl out of high school must serve in the military.” Unit 8200 sought to
screen high school sophomores for aptitude to learn cyber rapidly. “And if you
can spot that aptitude for quick learning and move it into a training program
designed for them, you can do in six months what it would otherwise take you six
years to achieve.”
Original Source link
Previous Post
Next Post
SHARE THIS:
RELATED
* Afghanistan Updates: U.S. Prepares Airlift as Cities Fall to Taliban With
Stunning Speed | #socialmedia
* August 15, 2021
* In "All News"
* Taliban floods Kabul, president flees, Afghan government collapses |
#socialmedia
* August 17, 2021
* In "All News"
* Afghanistan ‘spinning out of control’ amid Taliban offensive: UN | Taliban
News | #socialmedia
* August 15, 2021
* In "All News"
Posted in All News, Intl - Cyber News
LEAVE A REPLY CANCEL REPLY
Your email address will not be published. Required fields are marked *
Comment
Name *
Email *
Website
Save my name, email, and website in this browser for the next time I comment.
Math Captcha
− five = four
{{#message}}{{{message}}}{{/message}}{{^message}}Your submission failed. The
server responded with {{status_text}} (code {{status_code}}). Please contact the
developer of this form processor to improve this message. Learn More{{/message}}
{{#message}}{{{message}}}{{/message}}{{^message}}It appears your submission was
successful. Even though the server responded OK, it is possible the submission
was not processed. Please contact the developer of this form processor to
improve this message. Learn More{{/message}}
Submitting…
Search for:
SELECT A CATEGORY
Select A Category Select Category All News Android Security Browser Security
Child Security Cloud Security Computer Hacking Computer Protection Conferences
Education & Training Email Security Government Hacked Intl – Cyber News ios
Security Linux Security Mac Security Malware/Ransomware Microsoft Security
Phishing Scams Private Investigator Social Media
Copyright © 2021 National Cyber Security News Today. All Rights Reserved.
Screenr parallax theme by FameThemes
✕
nationalcybersecuritynews.toda
FREE
VIEW