The CyberWire Daily Briefing 11.30.17

Summary

By The CyberWire Staff

The US Army's Intelligence and Security Command and NSA continue to mop up the embarrassing exposure of Red Disk data on an unsecured AWS S3 account.

HP denies media reports that its PCs came pre-loaded with software that surreptitiously reported usage data back to HP without users' permission.

Clarksons, the UK-based global shipping company, said its network had been compromised by criminals who accessed proprietary information and demanded ransom in exchange for keeping the information unannounced. Clarksons declined to pay and turned the matter over to the police. The criminals appear to have achieved access through a single compromised legitimate user's account (since disabled), not by exploiting a software vulnerability.

Apple has patched the root vulnerability in MacOS High Sierra. The upgrade appears to be quick and painless to install; all Mac users are advised to do so.

Callcredit, Equifax and Experian are said to be preparing for GDPR implementation by working on a Credit Reference Agency Information Notice (CRAIN). The document is intended to bring credit bureau use of personal information into line with the EU's pending requirements.

US Representative Adam Schiff (Democrat, California), ranking member of the House Intelligence Committee, says the committee is close to consensus on how to reform and reauthorize Section 702 foreign electronic surveillance authorities.

An inspector general report on US Department of Defense Management challenges finds that measures put in place post-Snowden to control and monitor privileged insiders remain inadequate.

Accused NSA leaker Reality Winner has been denied her request for pre-trial release.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, India, United Kingdom, United States

A note to our readers: We invite everyone to join us in expressing our condolences to the family and friends of Gerald Masson, who passed away last week at the age of 74. The founding chair of Johns Hopkins University’s Department of Computer Science and founder of the Johns Hopkins University Information Security Institute, he played a long and leading role in the development of information security as an academic and research discipline. He'll be missed; please join us in remembering a life well-lived.

Your cyber security posture is right of boom.

Whether you're focused on IT or national security, exploits and data loss incidents put your mission at risk. Your current tools assess and analyze content after it's breached your network - they all work right of boom. It's only a matter of time until boom happens to you. Don't let it. getleftofboom.com

On the Podcast

In today's podcast we hear from our partners at Dragos, as Robert M. Lee reviews industrial control system security for that natural gas sector. Our guest, Shaun Walsh from Cylance, brings some perspective to the topic of artificial intelligence.

And we've also got a new Special Edition Podcast up. This one is on building your cyber security career, and features informative discussions with Kathleen Smith, CMO from ClearedJobs.Net, and Dragos founder and CEO, Robert M. Lee.

Sponsored Events

Flying Blind: 2017 Cloud Configurations Gone Wrong (Webinar, December 7, 2017) How can you avoid data breaches from public cloud misconfigurations in the future? Join our team of cloud security experts for a 45-minute webinar to learn more about the steps you can take to improve your cloud security posture and keep your critical information protected.

Earn a master’s degree in cybersecurity from SANS (Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

NSA accidentally leaks more secrets after 'Red Disk' was left on unsecured AWS server (Computing) Who needs Edward Snowden when the NSA is so careless with its own data?

NSA’s fifth data leak: All you need to know (TEISS) Confidential and sensitive data belonging to INSCOM, a joint US Army and NSA command that gathers intelligence for US military and political leaders, were stored on an unprotected cloud server with no password protection.

Cobalt Malware Spreads Using 17-Year-Old Vulnerability (Infosecurity Magazine) The spam email poses as a notification from Visa about some rule changes in its payWave service in Russia.

More Malspam pushing Emotet malware (SANS Internet Storm Center) I published a diary on malicious spam (malspam) pushing Emotet back in June 2017. Since then, I continue to catch the occasional sample, and this malspam appears to occur on a near-daily basis.

Triggered via malicious files, flaws in Cisco WebEx players can lead to RCE (Help Net Security) Updates are out for six Cisco WebEx flaws that can be exploited by remote attackers to execute malicious code on a target system.

Websites use your CPU to mine cryptocurrency even when you close your browser (Ars Technica) Resource-draining code hides in pop-under windows that can remain open indefinitely.

HP: we did not secretly install spyware on PCs (CRN Australia) Denies media reports.

Hackers Breach GitHub Repository for Bitcoin Gold Windows Wallet (HackRead) Bitcoin price is surging, and same goes for cyberattacks against it. The Bitcoin Gold (BTG) team have announced that a hacker breached into their Github re

Antivirus vendors have your data. Can they handle GDPR? (Heimdal Security Blog) See what you need to check about antivirus telemetry because both of you will face the consequences of GDPR non-compliance

OpenEMR flaw leaves millions of medical records exposed to attackers (Help Net Security) A vulnerability in open source electronic medical record software OpenEMR can be exploited to steal patients' medical records and other PII.

Over a Quarter of Ransomware Now Targets Business (Infosecurity Magazine) Over a Quarter of Ransomware Now Targets Business. Remote desktop systems an increasingly popular vector, says Kaspersky Lab

UK shipping firm Clarkson reports cyber attack (Reuters) British shipping services provider Clarkson Plc (CKN.L) on Wednesday said it was the victim of a cyber security hack and warned that the person or persons behind the attack may release some data shortly.

Shipping giant refuses to pay hackers ransom after data stolen (WeLiveSecurity) Clarksons, the global shipping firm, has turned the tables on criminal hackers who attempted to extort a ransom payment after stealing confidential information from the company's network.

Security Patches, Mitigations, and Software Updates

Apple closes that big root hole – “Install this update as soon as possible” (Naked Security) That Apple root hole we wrote about just yesterday? Apple has pushed out a patch already – get it while it’s hot!

Apple Macs have gaping root hole – here’s a superquick way to check and fix it (Naked Security) You can’t login as “root” on a Mac because it never asks you to set the password, so you don’t know what it is. Except that it’s [blank].

Cyber Trends

You Can't Fight a War Without Twitter (Motherboard) Journalist David Patrikarakos believes the rise of social media now demands a redefinition of warfare as we understand it.

IoT is changing the meaning of ‘critical infrastructure’ (Federal Times) The proliferation of internet of things devices tied into critical industries is changing the perspective on what constitutes critical infrastructure.

75% of insider breaches are accidental (Help Net Security) Approximately 25% of insider threats are hostile with the remaining 75% due to accidental or negligent activity, according to NTT Security. This graph repr

The Risk of Overconfidence in the Cybersecurity Perimeter (Bricata) A 2017 survey of IT leaders suggests the vast majority of businesses are overconfident in their perimeter defenses. More than 90% said, “businesses feel that perimeter security is keeping them safe.”

Cut the FUD: Why Fear, Uncertainty and Doubt is harming the security industry (Help Net Security) Although the acronym is close to a century old, FUD (Fear, Uncertainty and Doubt) has come to be closely associated with the technology industry since the

Marketplace

ReversingLabs Closes $25 Million Series A Round, Led by Trident Capital Cybersecurity and JPMorgan Chase (DIgital Journal) ReversingLabs, a leader in enterprise-scale, real-time file analysis and classification, today announced it closed a $25 million Series A Round. The funding round was led by Trident Capital Cybersecurity and JPMorgan Chase. Sean Cunningham of Trident Capital Cybersecurity will join the Board of Directors at Reversing Labs.

Pwnie Express Wrangles $8M, Names Board Member DeSisto CEO (Xconomy) Pwnie Express, a Boston cybersecurity company that helps businesses detect rogue devices on their networks, has pulled in more venture capital and appointe

Proofpoint makes second cybersecurity acquisition this month (Silicon Valley Business Journal) Proofpoint Inc. on Wednesday announced its second acquisition of November, agreeing to buy U.K.-based browser security business Weblife.io for $60 million.

European investor NordicEye wins big with Proofpoint’s $60 million offer for Weblife (TechCrunch) Cybersecurity company Proofpoint is buying the Los Angeles-based security company Weblife.io in a $60 million all-cash deal. Backed by a slew of investors..

Report: Nokia In Talks To Acquire Juniper Networks (CRN) Juniper's networking business has been on a tear this year, boosting its revenue nearly 40 percent in the second quarter, and making it an attractive target for the telecom equipment giant.

Nokia rejects Juniper acquisition rumours (CRN) Telecoms giant was reported to be preparing a bid for networking vendor

Why BlackBerry Ltd Is a Prime Takeover Target (InvestorPlace) BlackBerry stock has strong technology, exposure to high-growth markets, and valuable patents which should appeal to acquirers.

Deep Instinct recruits Aussie partners in APAC push (ARN) Israeli-based cyber security provider, Deep Instinct, has launched in the Australian market as part of its global expansion strategy in the Asia Pacific region.

ManTech names new president of mission and cyber group (Washington Technology) Rick Wagner has been named president of ManTech's mission, cyber and intelligence solutions group. He'll replace the retiring Bill Varner on Jan. 1.

Polaris Alpha Names Former US Cyber Command Deputy Commander Lieutenant General (Ret.) James K. McLaughlin And Former National Reconnaissance Office Advanced Systems Director Major General (Ret.) Robert H. Latiff to its Advisory Board (PRNewswire) Polaris Alpha today named two high profile former military and government...

NSS Labs Adds Dina Bruzek as Senior Vice President of Products (Business Insider) NSS Labs, Inc., a global leader and trusted source for independent, fact-based cybersecurity guidance, today announced that Dina Bruzek has joined the company as Senior Vice President of Products. In this role, Dina will execute the product strategy across the company’s engineering and product management groups delivering on the CAWS Continuous Security Validation Platform.

Products, Services, and Solutions

Vectra Ups the Ante on Automated Threat Detection with Threat Intelligence Integration and New Active Directory Threat Detections (PRNewswire) Vectra, the leader in automating the hunt for in-progress...

Deloitte launches Threat Hunting-As-A-Service powered by Sqrrl (Help Net Security) Deloitte CyberSOC EMEA Center, SL. closed a strategic agreement with Sqrrl to provide Managed Threat Hunting Services to clients in the EMEA region using S

Alert Logic Launches Managed Rule Groups for AWS WAF to Provide Enhanced Protection Against WordPress Vulnerabilities (BusinessWire) Alert Logic today announced, at AWS re:Invent 2017 in Las Vegas, the availability of Alert Logic Managed Rule Groups for AWS WAF.

AWS Debuts Amazon GuardDuty for Cloud Threat Detection (eWEEK) Amazon Web Services announces a new managed threat detection service that can help detect malicious activities.

AWS allows customers to manage and protect IoT devices (Help Net Security) AWS IoT helps you collect and send data to the cloud, make it easy to load and analyze that information, and provide the ability to manage your devices.

AlgoSec and Check Point Deliver Integrated Solution for Managing Security in Amazon Web Services (AWS) (GlobeNewswire News Room) Integrated solution combines advanced threat prevention with end-to-end visibility, and automated security policy management to optimize agility, security and compliance across hybrid environments

5 Free or Low-Cost Security Tools for Defenders (Dark Reading) Not all security tools are pricey.

Technologies, Techniques, and Standards

First US Federal CISO Shares Security Lessons Learned (Dark Reading) Greg Touhill's advice for security leaders includes knowing the value of information, hardening their workforce, and prioritizing security by design.

Callcredit, Equifax and Experian launch industry-wide information notice for GDPR (IBS Intelligence) Callcredit, Equifax and Experian are launching a Credit Reference Agency Information Notice (CRAIN) in preparation for GDPR on the 25th of May, 2018.

What Cyber Command learned from ISIS operations (Federal Times) One of the lessons learned from the cyber efforts to combat ISIS is that targeting the cyber domain is similar to targeting in the physical domains.

How Facebook’s Annual “Hacktober” Campaign Promotes Cybersecurity to Employees (Harvard Business Review) With a month of security competitions, games, and T-shirts.

This giant cyberwar game pits defenders against malware, hybrid and mobile attacks (ZDNet) The Cyber Coalition exercise is the biggest held by NATO.

Scarab Ransomware Protection Tips (Information Security Buzz) News reporting a major new ransomware campaign using the infamous Necurs botnet to spread via millions of spam emails. The Scarab ransomware was sent to 12.5 million email addresses in the first four hours alone, according to Forcepoint. IT security experts commented below. Jim Walter, Senior Research Scientist at Cylance: “This is an example of where modern, …

How the Cloud Killed the Firewall (Data Center Knowledge) The firewall as we know it cannot keep up with today’s enterprise application needs.

Don't become a victim of cyber crime (BBC News) What are the top tips we can all use from a cyber-crime conference?

Cybersecurity breaches: It's time to break the silence and work together (GCN) The more we promote intelligence sharing and the tools and processes to enable it, the more we all benefit from shared situational awareness, improved security posture and greater defensive agility.

Future proofing organisations with zero-trust approach (CPI Financial) Repeated onslaughts of cybersecurity attacks are driving businesses to relook at their security policies end-to-end, and to make them more future-ready for digital environments, explains Mechelle Buys Du Plessis, Managing Director–UAE, Dimension Data.

Design and Innovation

Google AI lets phone owners know about shoulder surfers (Naked Security) Researchers’ system halts a text conversation, shows a face peering over your shoulder, and involves alarmingly pretty sparkles and rainbows!

Research and Development

Physicists Made an Unprecedented 53 Qubit Quantum Simulator (Motherboard) These special quantum computers are able to model physical interactions that are too complex for conventional supercomputers.

Air Force leaders launch new electronic warfare research (C4ISRNET) Recognizing that future wars will not be solely fought on ground, sea and air, the U.S. Air Force is kicking off a third-study on how it plans to use electronic warfare (EW).

ESET malware researchers awarded 3rd place in Volatility Plugin Contest (WeLiveSecurity) ESET malware researchers Peter Kálnai and Michal Poslušný were awarded 3rd place in this year's Volatility Plugin Contest for their Browserhooks tool.

Academia

Johns Hopkins computer scientist, cybersecurity expert Gerald Masson dies at 74 - JHU Information Security Institute (JHU Information Security Institute) Gerald Masson was founder of JHU's Information Security Institute and founding chair of the Department of Computer Science

Why it’s time for the UK education sector to prioritise cybersecurity in schools (Open Access Government) Oliver Wells, Education Manager at Sophos, explains that the education in the UK must turn its focus to cybersecurity in schools

Champlain College Online Enhances Cybersecurity Program with New Leadership (BusinessWire) Champlain College Online, designated as a National Center of Academic Excellence (CAE) in Cyber Defense by the National Security Agency and the D

DMU student named among UK's best cyber sleuths (DeMontfort University) Following a challenging three-day cyber-attack simulation, a student from De Montfort University Leicester (DMU) has been named among the best cyber security investigators in the UK.

Legislation, Policy and Regulation

Policy to prevent ransomware attacks soon: IT ministry (DNA India) Policy to prevent ransomware attacks soon: IT ministry - The government has been taking proactive steps to ensure safe cyber space. The ongoing global conference will seek to extend cooperation amongst global counterparts on this issue

U.S. lawmaker says House intel panel near consensus on NSA spy program (Reuters) Members of the U.S. House of Representatives Intelligence Committee are close to an agreement on how to overhaul a controversial National Security Agency surveillance program and hope to complete legislation soon, the top Democrat on the panel said on Wednesday.

The Pluses and Perils of Trump's Cyber Strategy (Nextgov.com) Continuity on most cyber policies masks a growing erosion of global cyber norms.

The Air Force is speeding up cyber ops (Axios) A report coordinating cyber, air, and space ops comes out next week.

Peter Thiel Turns Down a Senior Intelligence Role (The Atlantic) The president’s biggest backer in Silicon Valley told the White House he no longer wishes to lead the President’s Intelligence Advisory Board.

The Net Neutrality Controversy De-Mystified (GalkinLaw) Binding contracts can easily be formed via email without the parties being aware.

An Intelligent Path to Network Modernization (SIGNAL Magazine) The EIS contract will usher in a new era of telecom with a diverse set of solutions for upgrading to the next-generation of network technology.

Litigation, Investigation, and Enforcement

Accused leaker loses appeal seeking pretrial jail release (Military Times) A woman charged with leaking U.S. secrets has lost an appeal of a federal magistrate’s order that she remain jailed until trial.

Pentagon watchdog: DoD remains vulnerable to insider threats (Fifth Domain) The ability of employees or government contractors to steal and disseminate troves of classified information has alarmed the Defense Department, which has taken multiple steps to stop such occurrences.

The Least Significant Pawn in the Yahoo Hack Pleads Guilty (BleepingComputer) Karim Baratov, a 22-year-old Canadian national, pleaded guilty to charges related to the FBI's investigation into the Yahoo 2014 data breach.

Justices hear case that could reshape location privacy in the cellular age (Ars Technica) Gorsuch: unfettered access is "exactly what the framers were concerned about."

Radio Shack robbery to have huge consequences for location privacy (Naked Security) This could go beyond Radio Shack and location data; it may apply to email/text messages, internet searches, and bank and credit card records.

Trump admin to Supreme Court: No warrant needed for cellphone records (The Washington Times) The Trump administration told the Supreme Court on Wednesday that cellphone records belong to telecom companies, not to their customers, as they sought to defend the ability of police to track Americans’ whereabouts without having to obtain a warrant first.

Insider threat — Chemours employee steals trade secrets (CSO Online) Chemours' off-boarding process provided the evidence that Jerry Jindong Xu stole trade secrets and intellectual property and tried to monetize the information in China.

Coinbase Ordered to Turn Over Identities of 14,355 Cryptocurrency Traders to the IRS (Motherboard) The exchange lost a legal battle and now Bitcoin’s tax problem is coming to a head.

Australian man uses snack bags as Faraday cage to block tracking by employer (Ars Technica) On 140 occasions, electrician logged that he was working while concealing his location.

Making Sense of Cybercrime Statistics -- Virtualization Review (Virtualization Review) The data is notoriously difficult to parse, but some basic conclusions can be drawn.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

New York State Cybersecurity Conference (Albany, New York, USA, June 5 - 7, 2018) June 2018 marks the 21st annual New York State Cyber Security Conference and 13th Annual Symposium on Information Assurance (ASIA). Hosted by the New York State Office of Information Technology Services, in partnership with the University at Albany's School of Business, and The New York State Forum, Inc., the conference is part of a statewide effort to boost cyber security awareness and empower state and local governments, academia, organizations and citizens to take better control of their digital security.

upcoming Events

Cyber Security Summit Los Angeles (Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Los Angeles is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

cyberSecure (New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. It brings together corporate leaders from multiple function areas who help shape policies, risk management strategy, compliance programs, and an organization’s cyber-incident response playbook. This two day event is designed to educate in-house counsel, compliance and privacy officers, risk managers, and CIO/CISOs about the current cybersecurity challenges affecting your business continuity.

cyberSecure (New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. Unlike other cybersecurity events, cyberSecure brings together corporate leaders from multiple function areas who help shape policies, risk management strategy, compliance programs, and an organization’s cyber-incident response playbook. This two day event is designed to educate in-house counsel, compliance and privacy officers, risk managers, and CIO/CISOs about the current cybersecurity challenges affecting your business continuity.

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, December 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive comprehensive guidance and best practices for establishing and managing an Insider Threat Program. Anyone concerned with employee threat identification and mitigation will gain valuable knowledge from attending meetings. This meeting will focus on human resources interaction with an insider threat program and behavioral indicators of insider threat.

Hackers Challenge (New York, New York, USA, December 6, 2017) Welcome to the Hackers Challenge - a must-attend event for IT security professionals across all industries. Radware and Cisco invite experienced hackers to attack the cyber-defense of a website within a limited time-frame, in a simulated environment. The Hackers Challenge is designed to better understand the threats and methods of hackers by observing them in action.

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, December 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government and private sector decision makers, buyers, and influencers in order to meet and do business and to advance resilience against cyber attack.

Third International Conference on Information Security and Digital Forensics (ISDF 2017) (Thessaloniki, Greece, December 8 - 10, 2017) A 3 day event, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures.

International Conference on Cyber Security: Forging Global Alliances for Cyber Resilience (New York, New York, USA, January 8 - 11, 2018) The Federal Bureau of Investigation and Fordham University will host the Seventh International Conference on Cyber Security (ICCS 2018) on January 8-11, 2018, in New York City. ICCS is held every eighteen months. It is an unparalleled opportunity for global leaders in cyberthreat analysis, operations, research, and law enforcement to coordinate their efforts to create a more secure world.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.