Every Sunday evening, the CyberWire will be taking a look back in the Week that Was, a narrative summary of the past seven days' significant cyber security news. Designed for busy professionals who need a week-to-week perspective on developments and trends, the Week that Was provides context for the breaking stories of the day. Every issue is organized topically, with inline links to sources the reader can follow for amplified detail. Like the Daily News Briefing, the Week that Was is delivered to subscribers by email, free and spam-free. If you already subscribe to the CyberWire Daily News Briefing you'll automatically receive the Week that Was (a sixth issue joining the five you already receive each week). If you aren't a Daily News Briefing subscriber but would like to sign up for just the Week that Was, you can do so here.
Russia says (to widespread skepticism) it wasn't us who hacked QNA. Social engineering beats 2FA. Security cameras, routers, vulnerable to exploitation. EternalBlue's risks and mitigations. UK security receives criticism. Comey testifies today.
Russian officials denied allegations that their country's intelligence services were behind the hacking of Qatar News Agency (QNA) in what appears to have been a provocation. Most observers, however, think the campaign looks like a Russian operation, and seems to be a bellwether of future online disinformation efforts.
Motherboard cites anonymous security industry sources who claim QNA's content management system was hijacked, and that poor security at the news service left it wide-open to compromise.
False stories suggested official Qatari sympathy for both Israel and (more damagingly) Iran. The incident began on May 23rd, with hoaxed broadcast news and a coordinated Twitter campaign. Neighboring Arab states, especially other members of the Gulf Cooperation Council, have since ostracized Qatar.
Investigation into the leaked NSA report on Russian influence operations turns up, as a side note, the considerable success the threat actors had defeating two-factor authentication: they simply convinced their marks to give them the second factor. The alleged leaker, Reality Winner, remains in custody, her arrest offering a cautionary tale for any who think the boss isn't watching.
F-Secure has identified vulnerabilities in networked security cameras produced by Foscam and sold under a variety of badges. Among the problems are hard-coded passwords users can't change.
While EternalBlue exploits are being weaponized against Windows 10, mitigations are also available, and believed effective.
British intelligence and security officials continue to receive criticism over their handling of known extremist threats.
Former FBI Director Comey testifies today before the US Congress about Russian influence operations.
Today's issue includes events affecting Afghanistan, Australia, Bahrain, China, Iran, Israel, Libya, New Zealand, Qatar, Russia, Saudi Arabia, Singapore, United Arab Emirates, United Kingdom, and United States.