skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

FireEye continues to chew on APT41, Double Dragon, the PLA spies who moonlight as crooks (or vice versa). In a report issued yesterday, the researchers describe the threat group's Messagetap malware. The tool monitors and collects SMS traffic from specific phone and IMSI numbers. It also watches for specified key words. Messagetap has been deployed in a Chinese government espionage campaign against high-value or high-payoff targets, including dissidents, journalists, and selected foreign officials. FireEye calls the approach a combined focus on "upstream data and targeted surveillance."

The attention NSO Group's Pegasus tool has attracted from WhatsApp and Citizen Lab has flushed some additional surveillance activity. Reuters reports that Pegasus has been used against government officials in several countries. The Israeli government denies any involvement.

Roskomnadzor, Russia's Internet authority, today began installing the tools necessary to disconnect the country's Internet from the global Web, should the government decide it needed to do that. The plans for an autarkic Web have been in place for some time. What the disconnection will mean in practice remains to be seen, as SC Magazine points out.

The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) yesterday released details of the North Korean Trojan "Hoplight" (note: not "Hoplite") which opens a backdoor in affected machines.

Upstream Systems warns that the Android keyboard app, ai.type, is quietly making unauthorized purchases of premium digital content, racking up a cool $18 million in fraudulent charges.

Trend Micro notes a cresting wave of criminal cyberattacks on e-sports.

Notes.

Today's issue includes events affecting Australia, Bahrain, China, India, Israel, Democratic Peoples Republic of Korea, Mexico, Pakistan, United Arab Emirates, United Kingdom, United States.

Bring your own context.

As devices get smarter, they also introduce new vulnerabilities. Connectivity, like fire, is a good servant but a bad master.

"Our critical infrastructures on which our society relies, such as our water power, transportation, digital healthcare, energy generation and distribution - they are becoming increasingly connected. And we are, through, for example, industrial internet-of-things devices and so on and connecting these systems also to enterprise systems, we are increasing this connectivity all the time. And that has great business benefits, but it also means that the size and interconnectedness of these infrastructures make security a very challenging problem."

—Awais Rashid, professor of cybersecurity at the University of Bristol, on the CyberWire Daily Podcast, 10.30.19.

And just wait until 5G arrives.

Federal cloud market projected for major growth.

According to Coalfire’s latest report on FedRAMP, U.S. agencies spent $6.5B in cloud services in FY2018, an impressive 32 percent year-over-year increase, with the vast majority of Federal cloud migration still to come. SaaS/PaaS/IaaS providers can gain access to this market with significantly less investment in both time and cost by taking advantage of automation and recent FedRAMP program updates. Learn how.

In today's Daily Podcast, out later this afternoon, we speak with our partners at Dragos, as CEO Robert M. Lee explains why it’s important for him to set aside time for teaching. Our guest is Fortinet CISO Phil Quade, who discusses his recently published book The Digital Big Bang, which draws an analogy between the Big Bang at the beginning of spacetime and the explosion of bits and chaos at the beginning of cyberspace.

Cyber Security Summits: November 6 in Boston and November 21 in Houston (Boston, Massachusetts, United States, November 6, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com

NXTWORK 2019 (Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.

Cyber Attacks, Threats, and Vulnerabilities

Beijing constructs an “independence” plot for Hong Kong protests through information operations (Global Voices) Initial findings strongly suggest that the Chinese Communist party and state media outlets played a key role in spreading disinformation that framed the protests as a “pro-Hong Kong independence” movement.

Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources (Reuters) Senior government officials in multiple U.S.-allied countries were targeted earl...

Israeli spyware Pegasus has Android brother Chrysaor (Moneycontrol) The spyware tool, also known by the name of Q Suite and Pegasus Suite, can spy on pretty much every aspect of the infected device and its owner with capabilities to even access data stored on cloud services behind authentication walls.

No Israeli government involvement in alleged NSO-WhatsApp hack: minister (Reuters) The Israeli government on Friday denied any involvement in an alleged cyber- hac...

Pegasus malware explained: All you need to know about the spyware affecting high profile targets- Technology News, Firstpost (Tech2) Pegasus relies on three zero-day vulnerabilities which could be used to remotely jailbreak iOS devices.

APT 41 using MessageTap malware to gather SMS traffic (SC Magazine) Malware deployed by the Chinese hacking group APT 41 monitors SMS traffic and other mobile information en masse to target specific customer phone numbers

China-Linked Hackers Target Military, Government Texts, FireEye Says (Bloomberg) A state-linked Chinese hacking group is using malware to steal SMS text messages from high-ranking military and government targets, according to cybersecurity company FireEye Inc.

Hackers linked to China compromised telecoms network to monitor world leaders' messages (Computing) Chinese intelligence targeting 'upstream data entities', such as telecoms companies, in order to compromise world leaders' communications

()

MESSAGETAP: Who’s Reading Your Text Messages? (FireEye) MESSAGETAP is a new malware family used by APT41 that is designed to monitor SMS traffic.

40 million emoji-addicted keyboard app users left with $18m bill – after malware sneaks into Play Store yet again (Register) Bogus charges being racked up by Android tool

With one click, hackers can steal entire Horde inboxes (TechCrunch) A security researcher has found several vulnerabilities in the popular open-source Horde web email software that allow hackers to near-invisibly steal the contents of a victim’s inbox. Horde is one of the most popular free and open-source web email systems available. It’s built and main…

Esports tournaments facing huge cyberattack threats (TechRadar) Trend Micro research uncovers major threats facing esports industry

Current and Future Hacks and Attacks that Threaten Esports (TrendLabs Security Intelligence Blog) Cybercriminals will increasingly target the esports industry over the next three years. Many underground forums already have sections dedicated to gaming or esports sales, and the goods and services offered in these forums generate a lot of interest.

Trick or treating Android Emoji keyboard app makes millions of unauthorized purchases (Upstream) $18 million of fraudulent charges from the app blocked by malware security platform Secure-D

Google Hosted an Insecure App for Searching Personal Data of Palestinians (Vice) It’s possible to scrape the biographical data of thousands of Palestinians from an exposed server.

Researchers find hole in EU-wide identity system (Naked Security) The EU has fixed a flaw in the powerful yet complex eIDAS digital identification system that let people authenticate as someone else.

This aggressive IoT malware is forcing Wi-Fi routers to join its botnet army (ZDNet) Gafgyt has been updated with new capabilities, and it spreads by killing rival malware.

New Office 365 Phishing Scams Using Audio Voicemail Recordings (BleepingComputer) Ongoing phishing scams have been spotted targeting Microsoft Office 365 with partial audio voicemail messages to convince targets that they need to login to hear the full recording.

Crooks Use Clever Schemes to Get More Victims Over the Phone (NBC 6 South Florida) Unwanted robocalls seem random, but the next one you receive might not be random at all. NBC Responds exposes how today’s scammers tailor their calls to personally target you, and you might unknowingly...

New Chrome 0-day Bug Under Active Attacks – Update Your Browser Now! (The Hacker News) Google is warning Chrome users to update their browsers immediately due to a high-severity security bug that is being actively exploited in the wild and could let hackers hijack your computer.

Utah renewables company was hit by rare cyberattack in March (CyberScoop) A Utah-based renewable energy company was the victim of a rare cyberattack that temporarily disrupted communications with several solar and wind installations in March, according to documents obtained under the Freedom of Information Act.

Brewers hit by NSW container deposit scheme data breach (Brews News) Sensitive financial information about breweries has been released to their competitors in a data breach by the operator of the beleaguered New South Wales container deposit scheme.

Researchers fish out Fortune 500 companies' passwords from Dark Web. Guess the common one! (SC Magazine) Researchers have traced more than 21 million credentials linked to Fortune 500 companies that were traded in Dark Web marketplaces

Warning over QSnatch malware infecting QNAP NAS devices (Computing) After gaining access to a device, the malware injects malicious code into the firmware to gain persistence

Honeywell equIP and Performance Series IP Cameras and Recorders (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Honeywell Equipment: equIP series and Performance series IP cameras and recorders Vulnerability: Authentication Bypass by Capture-Replay  2. RISK EVALUATION Successful exploitation of this vulnerability could result in unauthenticated access. 

Honeywell equIP Series IP Cameras (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell  Equipment: equIP series IP cameras Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in denial-of-service conditions. 

Honeywell equIP and Performance Series IP Cameras (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell  Equipment: equIP series and Performance series IP cameras Vulnerability: Missing Authentication for Critical Function  2. RISK EVALUATION Successful exploitation of this vulnerability could result in unauthenticated access. 

Advantech WISE-PaaS/RMM (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WISE-PaaS/RMM Vulnerabilities: Path Traversal, Missing Authorization, Improper Restriction of XML External Entity Reference, SQL Injection 2.

MAR-10135536-8 – North Korean Trojan: HOPLIGHT (CISA) Notification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise.

()

A Maritime Cyber Attack Could Cost $110B, Cripple Global Supply Chains (Homeland Security Today) Ports would be unable to accommodate cargo and cruise ships. Heavy-haul trucks would be stranded and cause backlogs en route to ports.

Recovery Continues 3 Weeks After Carrollton Cyberattack (Dallas Observer) Cyber criminals struck again in Texas last month, this time in the Dallas suburb of Carrollton, where officials have grappled for weeks with the impacts of an attack that took out the city's website and paralyzed some municipal services. The attack took the city’s website and email servers offline, disabled...

Security Patches, Mitigations, and Software Updates

On Halloween night, Google discloses Chrome zero-day exploited in the wild (ZDNet) On Halloween, Google releases Chrome 78.0.3904.87 to patch a Chrome zero-day discovered by Kaspersky exploited in the wild.

()

Weblogic High Risk Vulnerability Threat Alert (NSFOCUS) Overview Recently, Oracle fixed two high-risk vulnerabilities in Weblogic (CVE-2019-2890 and CVE-2019-2891)  in its October critical patch update.

Linux maintainer: Patching side-channel flaws is killing performance (Naked Security) Mirror, mirror on the wall, which is the worst side-channel vulnerability of them all?

Cyber Trends

Forget the season of goodwill – this will be one of brutal digital electioneering  (The Telegraph) It’s more than 11,000 miles from Conservative Campaign HQ in Westminster but a low-key office on a quiet street in Auckland is set to play a key role in Boris Johnson’s election campaign.

Marketplace

35+ Initiatives to get more Women in Cybersecurity (Comparitech) We examine the gender gap and the challenges faced by women in cybersecurity, and highlight some of the initiatives dedicated to helping them.

Plixer Establishes Local Presence in APAC to Support Growth (West) Appoints Sanjiv Verma as Vice President of Sales for APAC

Luiz DaSilva Named Inaugural Executive Director for Commonwealth Cyber Initiative (Citybizlist) An internationally recognized expert in networks who currently leads an initiative that applies the expertise of 250 researchers

Products, Services, and Solutions

New infosec products of the week: November 1, 2019 (Help Net Security) The most important infosec products of the week come from the following vendors: HITRUST, Jetico, Baffle, Jumio and Moogsoft.

Snow Software Unveils Risk Monitor to Combat Security and Compliance Threats (CSO) Enhancements bridge the gap between IT and security data to provide a complete view of known vulnerabilities and applications containing personally identifiable information across the technology environment

Integris Software Partners with Cloudentity to Launch Industry-First Automated Data Privacy and Security Solution For API-based Services (PR Newswire) Cloudentity and Integris Software have formed a partnership to deliver the industry's first solution to address the data...

Censys Launches Attack Surface Visibility Platform (Censys) Automatic Attack Surface Monitoring and Real-time Alerts Protect Against Attackers and Data Breaches

LogicHub Automates Phishing Triage at Machine Speed (BusinessWire) LogicHub, the provider of the industry’s most complete security automation platform, today announced the release of LogicHub Autonomous Phishing Triag

Campaign Managers for Clinton, Romney Provide Help for Hacks (Bloomberg) Nonprofit offers candidate free or discounted cyberprotection. Both Mook and Rhoades have experience with election breaches

Nonprofit rolls out discounted cyber support for political campaigns (FCW) A Federal Elections Commission-sanctioned nonprofit group has announced partnerships with a number of companies to offer free or cheap cybersecurity services to candidates running for federal office.

Technologies, Techniques, and Standards

International Cyber Benchmarks Index (Neustar) The International Cyber Benchmarks Index is an initiative of the Neustar International Security Council which assesses the international cybersecurity landscape from the vantage point of security professionals across the EMEA and US regions.

5 Cybersecurity Questions To Ask Your CISO (Password Protected) We have identified 5 important cybersecurity questions and talking points you can use to start a meaningful cybersecurity conversation with your CISO.

How charities can protect themselves against phishing scams | UK Fundraising (UK Fundraising) Recent high-profile attacks against non-profit organisations reinforce the fact that no industry is immune to the rise in cyber crime. Charities Ed Macnair of Censornet advises that charities protect themselves against hackers and phishing scams to prevent donations to charity being stolen through cyber crime.

Design and Innovation

See, Facebook? Twitter Proves You Can Ban Political Ads (Wired) Twitter has decided to ban all political ads on its platform, while Facebook continues to allow even ones that lie.

Legislation, Policy, and Regulation

Today Russia begins disconnection from the global Internet (Sc Magazine) Russia is to begin installing the tools to isolate the country from the Internet a precursor to creating Russia's own national internet network. Alex Henthorn-Iwane discusses the implications with SC Media UK

Analysis | The Cybersecurity 202: U.S. officials are working on a Huawei long game (Washington Post) They hope U.S. innovation can push Huawei out of 5G edge devices.

ICO to police: Live facial recognition 'raises serious concerns' (Computing) ICO calls for a statutory code of conduct to stop police misuse of live facial recognition technology

New federal guidelines could ban internet in voting machines (POLITICO) A long-awaited update to federal voting technology standards could ban voting machines from connecting to the internet or using any wireless technology such as Wi-Fi or Bluetooth.

Democratic lawmakers call on Barr to stop opposing encryption (TheHill) A pair of Democratic lawmakers sent a letter to Attorney General William Barr on Thursday urging him to stop government requests for encryption backdoors, which allow the government to obtain certain user information from tech

Litigation, Investigation, and Law Enforcement

India asks WhatsApp to explain privacy breach (Reuters) India, WhatsApp's biggest market with 400 million users, has asked the Face...

Code of Practice on Disinformation one year on: online platforms submit self-assessment reports (European Commission) Today, the European Commission published the first annual self-assessment reports by Facebook, Google, Microsoft, Mozilla, Twitter and 7 European trade associations under the Code of Practice on Disinformation. The reports by the signatories of the Code set out the progress made over

Interior Department grounds drone fleet over security concerns (Engadget) Fearing security risks, the Department of the Interior grounded its 800 drones.

Facebook denied financial services opportunities to women and older people, lawsuit alleges (CNN) Facebook is facing a proposed class action lawsuit for allegedly denying people financial services products based on age and gender.

()

Judge lambasts porn company for spewing copyright lawsuits (Naked Security) A US court shielded ISP account holders from a request for expedited discovery to see whose IP addresses were used to share pirated videos.

NJ 'Cyber Savvy Youth' campaign targets child predators on the 'cyber-playground' (MY CENTRAL JERSEY) The campaign to educate and test the cybersecurity knowledge of students was unveiled as New Jersey closes out Cybersecurity Awareness Month.

Giuliani needed Apple genius help to unlock his iPhone after being named Trump cybersecurity adviser (NBC News) Giuliani’s actions call into question his understanding of basic security measures, two former FBI cyber experts told NBC News.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

AdvaMed Cybersecurity Summit (Arlington, Virginia, USA, November 6, 2019) The AdvaMed Cybersecurity Summit brings together experts across the device security spectrum. Experts will provide in-depth and timely updates on the state of medical device cybersecurity, including issues...

Chicago Suburbs Cybersecurity Conference (Chicago, Illinois, USA, November 6, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

SINET Showcase (Washington, DC, USA, November 6 - 7, 2019) SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. Each year, SINET evaluates...

Health Data Stewardship & Privacy Summit (Arlington, Virginia, USA, November 7, 2019) AdvaMed’s inaugural Health Data Stewardship & Privacy Summit will bring together leading experts and health care industry stakeholders to explore the current data privacy landscape and forecast what may...

ACSC 2019: Collaborate (Boston, Massachusetts, USA, November 7, 2019) The 2019 Annual Conference is a chance for ACSC members and people from the New England cybersecurity community to come together and share information, network, and learn about the latest information in...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.