The CyberWire Daily Briefing 11.29.17

Cyber Attacks, Threats, and Vulnerabilities

Exclusive: NSA hit by yet another leak (ZDNet) The leak marks at least the fifth exposure of NSA-related data in as many years.

NSA's Ragtime program targets Americans, leaked files show (ZDNet) Several more variants of Ragtime appear in recently leaked documents.

Top Secret US Army and NSA Files Left Exposed Online on Amazon S3 Server (BleepingComputer) Ten days after an Amazon S3 server exposed data from the US Army's CENTCOM and PACOM divisions, security researchers have identified another S3 server instance that leaked files from INSCOM, a joint US Army and NSA agency tasked with conducting intelligence, security, and information operations.

Cybersecurity company finds classified NSA, Army data online (Fifth Domain) Data belonging to the U.S. Army’s Intelligence and Security Command, a division of both the Army and the National Security Agency, was identified on an unsecured server.

Surge in exposed credentials puts companies at risk (Help Net Security) The volume of credential exposures has dramatically increased to 16,583 from April to July 2017, compared to 5,275 last year’s analysis by Anomali.

Venezuela and Russia Teamed Up to Push Pro-Catalan Fake News (The Daily Beast) During the Catalan secession crisis, a flood of social media posts from Russia and Venezuela spread fake news. The evident purpose: to undermine European as well as Spanish unity.

Russia Will Build Its Own Internet Directory, Citing US Information Warfare (Defense One) Moscow’s independent DNS may help it ward off cyber attacks — or mount its own.

Anyone Can Hack MacOS High Sierra Just by Typing "Root" (WIRED) A Turkish company found a glaring flaw in Apple's desktop operating system that gives anyone deep access, no password required.

MacOS High Sierra Users: Change Root Password Now (KrebsOnSecurity) A newly-discovered flaw in macOS High Sierra — Apple’s latest iteration of its operating system — allows anyone with local (and, apparently in some cases, remote) access to the machine to log in as the all-powerful “root” user without supplying a password.

SWIFT warns banks on cyber heists as hack sophistication grows (Reuters) SWIFT, the global messaging system used to move trillions of dollars each day, warned banks on Wednesday that the threat of digital heists is on the rise as hackers use increasingly sophisticated tools and techniques to launch new attacks.

Weak password settings leave IoT devices vulnerable to attack (Deccan Chronicle) By successfully hacking IoT devices, criminals are able to blackmail people or spy on them.

The Internet of Things Presents Unaddressed Cybersecurity Vulnerabilities (Business News Daily) IoT is a powerful tool, but with it comes security concerns that must be addressed.

Differences in opinion and perspectives on control system cyber security (Control Global) James (Jim) Lewis is the Senior VP and Program Director for the Center for Strategic and International Studies - CSIS. I testified with Jim March 19, 2009 before the Senate Committee on Commerce Science and Transportation. Jim’s focus then, and continues to be, an IT focus on confidentiality of information...

Hackers are exploiting Microsoft Word vulnerability to take control of PCs (ZDNet) Colbalt malware uses legitimate penetration tools to gain access to large swathes of infected systems -- but a patch is available.

Conference Calls a ‘Significant & Overlooked’ Security Gap in the Enterprise (Infosecurity Magazine) 66% of professionals use the same passcodes to dial-in to calls for up to a year or more

How secure are the most popular crypto currencies mobile apps? (High-Tech Bridge) We tested the most popular crypto currency mobile apps from Google Play for common vulnerabilities and weaknesses. Over 90% may be in trouble.

Fifty-Seven Percent of Email "From" Healthcare Industry is Fraudulent (BusinessWire) Agari research reveals healthcare cyber security is in critical condition. Industry consortium calls for adoption of DMARC security standard.

HP accused of sneaking CPU-sapping telemetry app onto users' PCs in recent update (Computing) HP Touchpoint Analytics Service 'harvests telemetry information', admits the company

Forcepoint sees rise in cryptocurrency hacks next year (BorneoPost Online) Cybersecurity software developer, Forcepoint, predicts an increase in cryptocurrency hacks next year, with attackers targeting cryptocurrency exchanges in their malicious activ…

POS Data Breaches The Top Threat To Hospitality Firms, Study Says (Media Post) The most prevalent type of cyber breach hitting hospitality companies is POS, BitSight reports. For retailers, it is web apps.

Consumers warned of Irish Water refund phishing scam email (irish Mirror) Security company ESET Ireland says the scam comes in the form of an email entitled 'Your Irish Water Account – Action required'

Hackers target Victoria's Secret shoppers in run-up to Christmas (The Telegraph) Hackers are conspiring to attack Victoria’s Secret customers ahead of the busy Christmas season, security experts have warned.

Elite Oxbridge Alumni Club Reports Stolen Hard Drive (Infosecurity Magazine) Elite Oxbridge Alumni Club Reports Stolen Hard Drive. Thousands of members may have had bank and personal details compromised

Security Patches, Mitigations, and Software Updates

Apple releases a macOS security update to fix huge login security flaw (TechCrunch) Apple has just released a security update for macOS High Sierra and you should update right now (Apple will automatically push the security patch later..

Apple's High Sierra allows root with no password, there's a workaround to help (CSO Online) Earlier this afternoon on Twitter, a developer posted a screenshot and reported it was possible to obtain root access on Apple's High Sierra without a password. Several users recreated this issue on their own systems, including a staffer here at IDG. However, as problematic as this issue is, the workaround is rather easy.

Cyber Trends

'McAfee Labs 2018 Threats Predictions Report' Previews Five Cybersecurity Trends (McAfee Blogs) Welcome to the McAfee Labs 2018 Threats Predictions Report. We find ourselves in a highly volatile stage of cybersecurity everyday.

Thales: 91% of U.S. Consumers Concerned with Security Risks of Internet-Connected Cars (Thales Security) Despite fears that connected cars are among the devices most vulnerable to hacking, ownership is on the rise

The State of Cloud Storage Providers’ Security: 2017 Survey (Clutch) Small businesses remain widely confident in their cloud storage provider’s security, but many businesses are leaving sensitive data at risk by neglecting industry regulations and other additional security measures, according to our new data.

Fortinet Quarterly Threat Landscape Report: The Battle Against Cybercrime Continues to Escalate (Fortinet Blog)   Fortinet just released its Threat Landscape Report for Q3 of 2017. Its findings are drawn from millions of sensors...

GDPR: The death of telemarketing? (Computing) An expert panel at a recent Computing event discuss whether telemarketing will still be possible once the GDPR comes into force

Industrial IoT threatened by connectivity challenges (Computing) Logistics firms are struggling with IoT connectivity challenges,Internet of Things

Are your connected devices searchable on the Internet? (Help Net Security) The majority of exposed device types are wireless APs – networking hardware devices that allow a Wi-Fi device to connect to a network.

Marketplace

Opportunities for the insurance market following the GDPR and underinsurance of cyber risks (Lexology) The incoming EU General Data Protection Regulation (GDPR) has made cyber risks a priority for the boards of organisations doing business in Europe. In…

CIA to continue cloud push in the name of national security (ZDNet) The intelligence agency's director of digital futures has touted the partnership with AWS as one providing a 'game-changing' environment for the CIA to perform like a Silicon Valley startup while protecting national security.

Kaspersky CEO says he would leave if Russia asked him to spy (Reuters) The founder of Moscow-based anti-virus software company Kaspersky Lab said on Tuesday he would quit Russia if its intelligence agencies ever asked his company to spy for it.

Terbium Labs Raises $6 Million from Glasswing Ventures to Meet Global Demand for its Dark Web Data Intelligence System (Street Insider) Terbium Labs, the premier dark web intelligence company, today announced it has raised $6 million in financing led by Glasswing Ventures, bringing the total raised to $15 million.

Qualys Announces Agreement to Acquire Assets of NetWatcher (Qualys) Acquisition adds to Qualys Cloud Platform powerful threat detection, incident response, and compliance management capabilities for businesses of all sizes

FireEye's Latest Earnings Provide a Checkup on Its Transition (The Motley Fool) With the company in the middle of a significant transformation, this quarter’s earnings indicate whether management is on the right track.

Cellebrite, the company known for cracking iPhones, is making tons of money (Cyberscoop) On the back of newly achieved breakthroughs against Samsung Galaxy S phones and LG products, Cellebrite announced record-high revenue for 2017.

Intensifying Cybersecurity Fears Could Fuel Blackberry Rebound (Forbes) Sometimes there’s a temptation to think that cyberattacks are an unfortunate consequence of our ever-increasing interconnected digital world, which is underscored by the fact that most Americans walk around with a personal computer in their pocket.

KeyW Announces Award on GSA’s $50 Billion Alliant 2 Unrestricted GWAC (GlobeNewswire News Room) The KeyW Holding Corporation (NASDAQ: KEYW) today announced that the General Services Administration has awarded its wholly owned subsidiary, Sotera Defense Solutions, Inc. (Sotera), a contract on its $50 billion Alliant 2 Governmentwide Acquisition Contract (GWAC).

Ron Gula: Md. needs you to create the next great cybersecurity company (Baltimore Business Journal) Is there still opportunity in cybersecurity? Yes and it’s brimming with potential.

Tempe cybersecurity firm expanding internationally, hiring as fast as it can (Phoenix Business Journal) The 100-employee Bishop Fox began its high-end cybersecurity work in February 2006.

Just don't call them ethical hackers (Sydney Morning Herald) The field of cyber security has a couple of problems. First, the media insists on using headline-friendly terms like "ethical hacker" for roles that are done not by loners in hoodies, but professionals in corporate cubicles.

Cybersecurity Provider Bricata Adds New CFO and VP of Engineering (Bricata) As the drumbeat of data breaches brings renewed enthusiasm for standalone network intrusion prevention and detection, the company scales to meet demand

Products, Services, and Solutions

Ivanti Enhances Identity Governance Capabilities to Support GDPR Readiness and Governance Models (Ivanti) Expanded reporting and analytics in Ivanti Identity Director add intelligence to identity and access management (IAM) projects

Bugcrowd Partners with Samsung to Reward Security Researcher Community (GlobeNewswire News Room) Bugcrowd to process payments for Samsung’s Mobile Security Rewards Program

Healthcare Provider Slashes Time Spent on HIPAA Audits by 40% (Netwrix) Medical Center Clinic streamlines its audit processes by leveraging the visibility provided by Netwrix Auditor

IGEL Teams with Imprivata to Improve Productivity for Healthcare Organizations (IGEL) IGEL and Imprivata® teamed up to improve the productivity & efficiency of healthcare professionals by combining the IGEL OS with Imprivata OneSign SSO.

Cellebrite Extends Digital Intelligence Portfolio to Help Combat Emerging Drone Threat (PRNewswire) Cellebrite, the leading provider of digital intelligence...

ForgeRock Identity Platform Helps Financial Organizations Ensure Compliance with Impending Open Banking and PSD2 Regulations (GlobeNewswire News Room) ForgeRock digital identity solutions provide critical authentication, authorization and security capabilities for financial services brands to empower customers

Fortinet extends virtualized Security Fabric apps to AWS users (RCR Wireless) AWS joins Fortinet Fabric-Ready Partner Program

Palo Alto Networks Achieves AWS Networking Competency Status (PRNewswire) Palo Alto Networks® (NYSE: PANW), the next-generation security...

Gigamon Achieves AWS Networking Competency Partner Status and Debuts NetFlow Capability for its Cloud Visibility Platform (PRNewswire) Gigamon Inc. (NYSE: GIMO), an industry leader in...

Novetta Achieves Amazon Web Services (AWS) Government Competency Status (PRNewswire) Novetta, a leader in advanced analytics technology, today announced it has...

ProtectWise Achieves AWS Networking Competency Status (PRNewswire) Security leader ProtectWise announced today that it has achieved Amazon Web...

Three Steps to Secure Your AWS Environment Using IBM QRadar (Security Intelligence) IBM QRadar can help you secure your AWS environment by checking for misconfigurations, monitoring for anomalous activity and curating content rules.

BioCatch Shows How Behavioral Biometrics Work With Nexsign (FindBiometrics) BioCatch is sketching out its integration into NexSign in further detail with a demo of the technology in action. The integration was announced...

Friedman LLP Launches New Cyber Security Practice (CPA Practice Advisor) Top 50 accounting and advisory firm, Friedman LLP, is expanding its service offerings to include cyber security consulting with the launch of Friedman CyZen LLC ("CyZen"), a wholly owned company of Friedman. The goal of CyZen is to bring peace of mind...

Technologies, Techniques, and Standards

Zero-days, Botnets, and Swarming: What You Need to Know to Protect Your Organization (CSO Online) CSO offers the latest information and best practices on business continuity and data protection, best practices for prevention of social engineering scams, malware and breaches, and tips and advice abut security careers and leadership.

Ransomware is a hostage situation, and you must understand it to combat it (Computing) Does your security playbook cover ransomware?

Design and Innovation

Les espérances de la cryptographie quantique (Largeur.com) Alors que les systèmes de chiffrement classiques atteignent leurs limites, de nouvelles solutions proviennent de la physique des particules. Leur concrétisation à grande échelle est proche.

Cryptocurrencies Aren't 'Crypto' (Motherboard) As the price of Bitcoin and Ethereum skyrocket, and more and more people who are unfamiliar with technology join in the craze, words start to lose their original and correct meaning.

Why Security Depends on Usability -- and How to Achieve Both (Dark Reading) Any initiative that reduces usability will have consequences that make security less effective.

Research and Development

China racing for AI military superiority over US, says report (South China Morning Post) China, no longer technologically inferior to America, has become a peer that may have the capability to overtake it, American think tank study warns

Academia

Lone Star College offering cyber security apprenticeships (Houston Chronicle) With employees around the region, across the United States and throughout the world looking for workers skilled in cyber security...

Legislation, Policy and Regulation

Are we at cyberwar? (Federal Times) There's a lot of chatter about the threat of cyberwar. But do recent cyber breaches perpetuated by Russia and other adversaries mean the battle has already begun?

Despite growing interest in cyber, nations have many competing priorities (Federal Times) Nations need to rectify competing national priorities with growing cyber interest and investment.

Tillerson has harsh words for Russia’s ‘malicious tactics’ (Washington Post) Trump’s secretary of state says relations with Moscow will remain frosty as long as it supports separatists in eastern Ukraine.

This Beijing-Linked Billionaire Is Funding Policy Research at Washington’s Most Influential Institutions (Foreign Policy) The Chinese Communist Party is quietly reshaping public opinion and policy abroad.

A digital migraine? How the Americas can step up cybersecurity strategies (Federal Times) Developing joint cyber policies for all the American nations is a major challenge, even without Chinese and Russian activities in the region.

A Lasting Defeat: The Campaign to Destroy ISIS (Belfer Center) On December 11, 2016, just before my time as Secretary of Defense would end, I stepped off a C-130 transport plane onto a cold and dusty patch of northern Iraq that had been on my mind for more than a year: an Iraqi military airfield called Qayyarah West.

How CYBERCOM’s efforts against ISIS have changed (Federal Times) U.S. Cyber Command is shifting its digital approach to the Islamic State group, using what one general calls the “totality of the U.S. government’s capabilities.”

USAF official: Why elevating CyberCom isn't enough (FCW) Making cyber a combatant command is sign of the Pentagon's priorities, but it will take collaborative leadership to facilitate cyber readiness, says an Air Force cyber leader.

Age verification legislation will lead to p[0]rn habit database (Naked Security) “Data collection creates an inherent risk of data loss through hack, breach, or other forms of intrusion.”

Litigation, Investigation, and Enforcement

Hacker pleads guilty to huge Yahoo hack, admits helping Russia’s FSB (Ars Technica) Three fellow co-defendants remain at large in Russia, unlikely to be extradited.

Dem. rep seeks answers on FBI's failure to notify Russian hacking victims (TheHill) Rep. Ted Lieu (D-Calif.) on Tuesday requested the FBI brief Congress on its apparent decision not to notify hacking victims attacked by the same believed-Russian group that leaked Democratic officials emails during the election season.

'Blowback': Clinton campaign planned to fire me over email probe, Obama intel watchdog says (Fox News) A government watchdog who played a central role in the Hillary Clinton email investigation during the Obama administration told Fox News that he, his family and his staffers faced an intense backlash at the time from Clinton allies – and that the campaign even put out word that it planned to fire him if the Democratic presidential nominee won the 2016 election.

Citing probes, Defense Intelligence Agency bars access to Flynn records (Military Times) The Defense Intelligence Agency is refusing to publicly release a wide array of documents related to former National Security Adviser Michael Flynn, saying that turning them over could interfere with ongoing congressional and federal investigations.

US Charges Chinese Hackers In Cyberattacks (PYMNTS.com) Three individuals connected to a Chinese cybersecurity company have reportedly hacked automation company Siemens, software processing firm Trimble and bond credit rating business Moody’s Analytics in an attempt to steal business information. According to a Monday (Nov. 27) report in Reuters, which cited U.S. prosecutors via an indictment that was unsealed in federal court in […]

Chinese Firm Behind Alleged Hacking Was Disbanded This Month (Fox Business) Guangdong Bo Yu Information Technology Co., also known as Boyusec, was deregistered Nov. 17. Chinese Firm Behind Alleged Hacking Was Disbanded This Month, at 1504 GMT, incorrectly stated it was deregistered Nov. 11 in the third paragraph. (Nov. 29)

CIA and NSA codes are on the web, and the leakers could be in the agencies (TheHill) We can't be so focused on offense that we forget about the need to defend our most valuable weapons.

NSA Caught Navy Officer Illegally Trying To Pry Into American’s Phone (BuzzFeed) An officer deployed to Iraq tried to access data on her boyfriend’s son’s phone during a training exercise in 2011. After the breach was discovered, the officer was placed on administrative duty and s

Uber’s security practices come under fire (again) after new evidence comes to light in the Alphabet lawsuit (Recode) A former Uber employee claims some of the company’s security officers worked to actively avoid creating a "paper trail."

In Carpenter Case, Supreme Court Must Understand That Cell Phones Aren’t Voluntary (WIRED) Opinion: A privacy case hinges on whether mobile users volunteer their data. They don't.

Unsecured AWS bucket found with alleged INSCOM data. MacOS High Sierra easily rooted. SWIFT warns of financial threats.