The CyberWire Daily Briefing 6.15.18

Cyber Attacks, Threats, and Vulnerabilities

First details emerge about new batch of Intel processor security flaws (AppleInsider) Details of the first of the second wave of Spectre-style vulnerabilities in Intel processors has been published earlier than expected, with the "LazyFP" vulnerability potentially allowing an attacker to access sensitive data, such as cryptographic keys.

DYMALLOY (Dragos) DYMALLOY activity stretches back to 2015 and includes associations with activity into 2011. The activity focuses on intelligence gathering from industrial control system networks with an unknown intent.

In China's Far West, Companies Cash in on Surveillance Program That Targets Muslims (Foreign Policy) The firms profiting from China's rights abuses are often backed by Western investors.

Cyber-Attacks Expected as World Cup Kicks Off (Infosecurity Magazine) Information security professionals are preparing for the worst as this year's FIFA World Cup kicks off. The World Cup of football (a.k.a., soccer in the US) is set to take center stage in Russia. The tournament kicks off tonight between Russia and Saudi Arabia. While it's highly anticipated by football fans and hackers alike, security professionals believe that some sort of cyber-attack will occur on the 2018 FIFA World Cup football network, according to a recent survey.

SMTP Strangeness - Possible C2 (SANS Internet Storm Center) We received an email today that provided some interesting information from a reader (Bjorn) about some observed SMTP traffic that was unusal. From the appearance it could be related to exfil or C2. The domain in question is donotspamtoday.com whose IP is 185.14.30.147 and there is an DNS TXT entry for SPF. The domain was registered March 20, 2018. I have been unable to find any additional examples or information of similar traffic.

New MysteryBot Android Malware Packs a Banking Trojan, Keylogger, and Ransomware (BleepingComputer) Cybercriminals are currently developing a new strain of malware targeting Android devices which blends the features of a banking trojan, keylogger, and mobile ransomware.

DBGer Ransomware Uses EternalBlue and Mimikats to Spread Across Networks (BleepingComputer) The authors of the Satan ransomware have rebranded their "product" and they now go by the name of DBGer ransomware, according to security researcher MalwareHunter, who spotted this new version earlier today.

Click2Gov or Click2Breach? (Risk Based Security) Here on the Cyber Risk Analytics research team, we have more than our fair share of “glitch in the matrix moments” – you know, that proverbial black cat walking across your screen that makes you think: “Didn’t I just see this breach?” Usually it’s a case of similar circumstances or simply two names that are a lot alike. Other times, it might be something more.

GnuPG Vulnerability Allows Spoofing of Message Signatures (SecurityWeek) GnuPG recently addressed an input sanitization vulnerability where a remote attacker could spoof arbitrary signatures

Cyber-Physical Systems Are at Risk (Infosecurity Magazine) Recent research work has been focused to protect CPS and IoT devices from different perspectives.

Cortana Flaw Allows for Code Execution from Lock Screen (SecurityWeek) One of the vulnerabilities patched by Microsoft this month was a flaw in Cortana that can allow an attacker to elevate privileges and execute code from the lock screen

HealthEquity breach affects 23,000 individuals (Health Data Management) Data were compromised through an email account incident.

Facebook data privacy scandal: A cheat sheet (TechRepublic) Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 US presidential election.

Where does the Dixons Carphone cyber attack rank among other UK data breaches? (The Irish News) The Dixons Carphone attack is the latest significant data breach to affect UK consumers.

As PageUp remediates its security breach, a reminder that times have changed (CSO) An extensive forensic investigation has given employment service provider PageUp the all-clear after an extensive forensic investigation into a breach that saw unauthorised access to names and contact details of job-seekers in Australia, Singapore, and the UK.

Some Absolute Madman Is Trying to Phish Neopets Users (Motherboard) You remember Neopets. You probably had an account. A hacker was recently still trying to steal Neopets accounts with a phishing login page.

Security Patches, Mitigations, and Software Updates

Google locks out extensions that don’t come from its Chrome Web Store (Naked Security) Time’s up for Chrome extensions from third-party sites.

Decades-old PGP bug allowed hackers to spoof just about anyone’s signature (Ars Technica) SigSpoof flaw fixed inGnuPG, Enigmail, GPGTools, and python-gnupg.

“Hey, Cortana, did Patch Tuesday fix a serious lock screen bug?” (Naked Security) This month’s Update Tuesday includes fixes for 50 high-impact vulnerabilities in Microsoft Windows.

Is Apple doing the right thing in closing a security loophole used by police? (CNBC) Oren Falkowitz, Area 1 Security CEO, and Jamil Jaffer, George Mason Law National Security Institute founder, debate over whether Apple is doing the right thing in closing a security loophole used by police to gain access to iPhone user data, especially in catching criminals.

Cops Are Confident iPhone Hackers Have Found a Workaround to Apple’s New Security Feature (Motherboard) “Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build.”

NCC Group: Only a Quarter of Our Reported Flaws Were Fixed (Infosecurity Magazine) Firm claims vendors lack established remediation and disclosure processes

We’re Losing the Race to Patch Known Security Flaws: Will GDPR Help? (Infosecurity Magazine) Virtual Patching” is emerging as a solution to the problem of too many unapplied software fixes.

Cyber Trends

Exploring the maturity of corporate security awareness programs (Help Net Security) Corporate security awareness programs are gaining ground among businesses, but many of the pros responsible for their implementation are facing challenges.

Healthcare Hacking Trends on the Dark Web (Cynerio) One of the many troubling trends in dark web black markets is the buying and selling of PHI – protected health information.

The challenges of securing mobile workers and keeping data secure (Help Net Security) Jon Fielding, Managing Director for Apricorn in EMEA, talks about the challenges related to securing mobile workers, and how they can be solved.

New trends advance user privacy (Help Net Security) Privacy and security online are one of the top concerns of Americans, especially after numerous massive data breaches (Equifax, Yahoo, Uber) that happened

Biggest Global Cybersecurity Trends in 2018 (TeleMessage) We detail in this infographic the latest and biggest shifts and trends that are bound to shape the global cybersecurity scene in 2018 and beyond.

Marketplace

Cyberwarfare Concerns Yield Consequences for Russian Tech Companies (Healthcare Analytic News) Suspected involvement in destabilization efforts, including the devastating NotPetya attack that rocked healthcare, brought sanctions and killed partnerships this week.

How should the tech industry handle high-profile government contracts? (Federal Times) For tech companies, government contracts promise big money and relative security. But they are also a slippery slope.

Continuum Acquires CARVIR: Security Deal Provides MSP Market Differentiation (ChannelE2E) Continuum's buyout of CARVIR, confirmed today, further differentiates the MSP software company from traditional rivals like ConnectWise, Datto, Kaseya and SolarWinds MSP. Here's why.

Blueliv calls for radical socialisation in the security industry (Channel Eye) Security outfit Blueliv announced its expansion in the UK with a call for radical socialisation in the industry to profit all cybersecurity practitioners.

Founder of Chinese crypto-currency Tron buys Bittorrent (Asia Times) Justin Sun's purchase of the peer-to-peer file sharing protocol looks to be another sign that blockchain really is moving to take over the internet

Harris wins $400 million contract modification for electronic warfare system (C4ISRNET) Harris Corp has been awarded a contract modification worth as much as $400 million for the production of a electronic warfare system to sell overseas.

UK-Based Cybersecurity Firm Digital Shadows Opens in Dallas (Dallas Innovates) Digital Shadows CEO said Texas, and especially Dallas, was an attractive location for the expansion because of the “huge pool of talent” and the availability of top security professionals.

Palo Alto Networks adds trio of federal cyber vets as advisers (Washington Technology) Palo Alto Networks brings onboard three former top federal cybersecurity officials to advise the company on security and technology trends in both the U.S. and international government sectors.

Equifax names former IBM Watson exec as new CTO (ZDNet) Bryson Koehler previously served as the CTO of Watson and IBM Cloud Platform.

Facebook’s longtime head of policy and comms steps down (TechCrunch) A prominent figure that helped shape Facebook public perception over the course of the last decade is on the way out. In a Facebook post today, Elliot Schrage, vice president of communications and public policy, announced his departure. Schrage joined the company in 2008 after leaving his position …

Products, Services, and Solutions

New infosec products of the week: June 15, 2018 (Help Net Security) New infosec products this week include releases from the following vendors: Sysdig, Cybric, Silver Peak, FileCloud, and Denim Group.

15 Best Security Podcasts For You (Heimdal Security Blog) Summer’s here and that means one thing - there’s more time to relax and maybe learn something new. Here are the best cybersecurity podcasts we’ve listened to so far.

ElcomSoft Decrypts iMessages in iCloud (PR Newswire) ElcomSoft updates Elcomsoft Phone Breaker, the company's mobile extraction...

ElcomSoft's Latest Tool Can Allegedly Access iMessages in iCloud, But Only in Extreme Circumstances (Mac Rumors) Russian company ElcomSoft today claimed that the latest version of its Phone Breaker software can remotely access iMessage conversation histories...

Acuant Partners with Industry Leader to Mitigate Online Fraud. (Acuant) Partnership with Experian CrossCore includes facial recognition matching via selfie

Lockpath and Digital Shadows partner to advance digital risk management (Compliance Week) Lockpath, a provider of integrated risk management solutions, and Digital Shadows, a digital risk management and relevant threat intelligence provider, today announced a new partnership to strengthen how organizations manage and mitigate risk.

Qualys Dives into Container Security (Container Journal) Qualys at the DockerCon 2018 conference this week unfurled Qualys Container Security (CS), a cloud-based application that promises to make it easier to embed container security controls into DevOps processes.

Iron Mountain data recovery adds ransomware protection (SearchDisasterRecovery) Iron Mountain data recovery is taking on ransomware with the Iron Cloud Critical Protection and Recovery service that isolates data and features a cleanroom in the event of an attack.

Technologies, Techniques, and Standards

Bad Cybersecurity? No Access To DoD Networks (Breaking Defense) "We’re going to turn that off unless you secured that properly. Whoa! That's a very different mindset," Col. Straub told me. "The availability of the network versus the defense of the network, that's something we’re trying to get commanders to think about."

Fortinet’s Phil Quade: Addressing IT-Operational Tech Integration Key to Critical Infrastructure Cybersecurity (ExecutiveBiz) Phil Quade, chief information security officer at Fortinet, told Federal News Radio’s Ask the CIO program that aired Wednesday federal agency leaders seeking to cyber-secure operational technology used to power critical infrastructure should address the rising integration of OT with information technology driven by the prevalence of internet-connected devices. Quade said the government should work with...

Don’t be a Coinmining Zombie – Part 2: How Do You Protect Yourself from being Cryptojacked? (CSO) Safe behaviors to protect yourself from cryptojacking follow the familiar rules you should adhere to every day to protect yourself against viruses, worms, bots, and malware, including ransomware, which are ...

Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital (Dark Reading) Realizing the wide scope of fraud should be at the top of every business executive's to-do list. Here's some practical advice to help you stay safe.

Design and Innovation

Dank learning system autogenerates memes (TechCrunch) We all know that in the near future humanity will come to a crossroads. With 99% of the world’s population currently tasked with creating memes and/or dank memes, what will happen when computers get better at it than humans? Researchers may have just found out. Using machine learning, a pair …

Stanford Researchers Trained a Neural Network to Make These Memes (Motherboard) The model was trained on hundreds of memes in the “advice animal” style of text and image then tasked with producing its own captions.

The problem with ‘explainable AI’ (TechCrunch) The first consideration when discussing transparency in AI should be data, the fuel that powers the algorithms. Because data is the foundation for all AI, it is valid to want to know where the data comes from and how it might explain biases and counterintuitive decisions that AI systems make.

Research and Development

Can a software program predict the future? (Fifth Domain) The multitude of “what would happen if” questions keeps military planners up at night, and proves to be difficult to simulate. Now, BAE Systems may have the answer.

Booz Allen’s Chief Warns U.S. of a ‘Close Race’ With China on AI (Bloomberg.com) The chief executive officer of government contractor Booz Allen Hamilton Inc. warned that the U.S. has only a small advantage over China in the rising field of artificial intelligence and is at risk of falling behind without a “national strategy.”

Academia

Senior Military Colleges push to secure collective national cyber institute (Moultrie News) America’s Senior Military Colleges (SMC) worked jointly to address the escalating need for highly trained cyber operations and cybersecurity leaders. The colleges, which include The Citadel, the University of North

Kansas State University Polytechnic Campus Adds Graduate Certificate in UAS Information Assurance to Online Offerings (AviationPros.com) A graduate certificate in unmanned aircraft systems information assurance is being launched in fall 2018.

Legislation, Policy and Regulation

US: No sanctions relief before North Korea denuclearizes (Military Times) The United States will not ease sanctions against North Korea until it denuclearizes, Secretary of State Mike Pompeo said Thursday, as he reassured key Asian allies that President Donald Trump had not backed down on Pyongyang’s weapons program.

Trump must still hold North Korea accountable for cyberattacks (TheHill) President Trump concluded his first summit with North Korea’s Kim Jong Un in Singapore. In recent weeks, the president stated he is no longer interested in a maximum pressure strategy and Kim Jong Un has temporarily halted ballistic missile and nuclear weapons tests as part of his charm offensive.

ZTE Penalties Sought in Senate May Set Up Showdown With Trump (Bloomberg.com) Republican senators pushing to keep stiff sanctions on China’s ZTE Corp. dug in for a potential showdown with the White House as some of their colleagues said they’d try to negotiate a way out with President Donald Trump.

Politics not privacy fears behind Huawei spying claim by US (South China Morning Post) The company’s success is due to its smartphones being reliable and well-designed. There is no evidence that its products are being used for espionage

Industry worried about potential Huawei 5G ban (Financial Review) The Turnbull government faces a strong push back from mobile phone operators if it bans China's Huawei supplying equipment for the soon-to-be built 5G wireless networks.

Report offers tips on combating Chinese economic policy (Defense News) Boasting the world's second-largest economy, China is well-primed to influence smaller economic players in the Asia-Pacific region.

Senate sides with Trump, votes down GOP plan to expand Congress’s national security oversight (Washington Post) The Senate has again declined to assert authority over the president's decisions on trade-related issues.

Rest Easy, Cryptocurrency Fans: Ether and Bitcoin Aren't Securities (WIRED) Top officials from the SEC have publicly stated that the world's two most popular cryptocurrencies are not like stocks and bonds—a relief for people who own them.

The Army wants a better way to update software, buy smarter (C4ISRNET) The Army is holding what it calls software solariums as a way to improve the business side of the service’s multi-billion software efforts during the life of programs.

Top Marine says cyber warriors must get more flexibility (Fifth Domain) Neller laid out a futuristic vision for the Marines that embraced digital war-fighting and warned contractors.

Litigation, Investigation, and Enforcement

A Review of Various Actions by the Federal Bureau of Investigation and Department of Justice in Advance of the 2016 Election (Oversight and Review Division 18-04) In response to requests from Congress, various organizations, and members of the public...

DOJ watchdog faults Comey over handling of Clinton probe (TheHill) In a highly critical report released Thursday afternoon, Justice Department Inspector General Michael Horowitz hammered former FBI Director James Comey for poor judgment during the 2016 election, but found no evidence to show his key decisions in the investigation into former Secretary of State Hillary Clinton's emails were improperly influenced by political bias.

Live coverage: IG releases watchdog report on FBI, Clinton probe (TheHill) The Department of Justice's (DOJ) inspector general Michael Horowitz released a report Thursday afternoon on its investigation into the FBI and DOJ handling of a probe into former Secretary of State Hillary Clinton's private email server and its actions during the 2016 presidential race.

Watchdog rips Comey but says bias didn’t taint Clinton probe (POLITICO) The inspector general turned up fresh evidence of FBI officials exchanging messages critical of Trump and leaking to the media.

Comey Was ‘Insubordinate’ in Clinton Probe, Inspector General Finds (Bloomberg.com) Former FBI Director James Comey was “insubordinate” in handling the probe into Hillary Clinton, damaging the bureau and the Justice Department’s image of impartiality even though he wasn’t motivated by politics, the department’s watchdog found.

DOJ OIG on Comey, Clinton email investigation: OMG LOL (Ars Technica) Samsung autocorrect is "bane of literally every agent of the FBI's existence."

A ‘Technical Malfunction’ Made an FBI Twitter Account Seem Anti-Clinton in the Final Days of the Election (Motherboard) A report from the Department of Justice Inspector General revealed a mundane technical glitch was behind the 2016 Twitter beef.

Inspector General Criticizes FBI and Comey, But Some Want More (WIRED) The report found no evidence that politics influenced the outcome of the 2016 probe, frustrating those on the right hungry for proof of corruption.

Meet the <i>Other</i> Amorous FBI Staffers Who Texted About the Clinton Email Investigation (The Weekly Standard) Parsing the Inspector General’s report.

'Foreign actors' accessed Hillary Clinton emails, documents show (Fox News) “Foreign actors” obtained access to some of former Secretary of State Hillary Clinton’s emails -- including at least one email classified as “secret” -- according to a new memo from two GOP-led House committees and an internal FBI email.

The Mueller Indictments Still Don’t Add Up to Collusion (The Nation) A year of investigations has led to several guilty pleas, but none of them go to the core of the special counsel’s mandate.

Senators Demand Answers From Amazon on Echo's Snooping Habits (WIRED) The senators' questions cut to the heart of a key issue facing tech leaders today.

Kaspersky Lab Freezes Work with Europol in Protest of EU Vote (Dark Reading) New European Parliament document calls out Kaspersky Lab software as 'malicious' and says it should be banned.

Trial of two men accused of $20m hacked press release fraud begins (Naked Security) This is reportedly the first time criminal charges have been brought for a securities fraud scheme involving hacked inside information.

Gloucestershire Police BCC Error Leads to £80K Fine (Infosecurity Magazine) Child abuse case lands officer in hot water

Ex-US Navy man sentenced for taking classified information (Navy Times) A former member of the U.S. Navy has been sentenced to prison for illegally keeping classified national defense information, including that of some U.S. nuclear operations.

'Jeopardy!' champ pleads guilty in email hacking case (The Daily Telegram) A former “Jeopardy!” champion and Adrian College professor pleaded guilty Wednesday to illegally accessing another

The CIA ‘Can Neither Confirm Nor Deny’ It Has Documents on Satoshi Nakamoto (Motherboard) So, you’re saying there’s a chance?

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Monterey Cyber Security Workshop 2018 (Pacific Grove, California, USA, October 1 - 2, 2018) People with special expertise interested in making progress on the subjects at hand meet at the Monterey Incubator for a workshop to build an understanding of vital issues of the day. The workshop follows the Standard of Practice approach in addressing issues surrounding influence operations, infrastructure protection, and surveillance.

upcoming Events

Social Engineering—Rhode Island (Newport, Rhode Island, USA, June 16, 2018) Welcome to the first ever social engineering conference in Rhode Island!

NITSIG Meeting: Protecting Controlled Unclassified Information On U.S. Government Contractor Information Systems (Herndon, Virginia, USA, June 18, 2018) This meeting will discuss the security control requirements for the protection of Controlled Unclassified Information (CUI), for contractor information systems upon which CUI is processed, stored on, or transmitted through. These requirements must be implemented at both the contractor and subcontractor levels based on the information security guidance in NIST Special Publication (SP) 800-171: Protecting Controlled Unclassified Information In Non-Federal Information Systems And Organizations. The CUI protection requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and non-federal organizations. Failure to implement the security controls to protect CUI, would be a breach of contract.

Norwich University Cyber Security Summit (Northfield, Vermont, USA, June 18 - 20, 2018) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the second annual Cyber Security Summit in June 2018. The summit, presented in a continuing education format, welcomes Norwich alumni and others interested in exploring and discussing the latest in cyber security policy from both the federal level and the practical application of that policy on a local or business level.

Insider Threat Program Management With Legal Guidance Training Course (Tyson's Corner, Virginia, USA, June 19 - 20, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance an ITP. A licensed attorney with extensive experience in Insider Threats and Employment Law, will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

GovSummit (Washington, DC, USA, June 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information sharing and education on security topics affecting federal, state and even local agencies.

The Cyber Security Summit: DC Metro (Tysons Corner, Virginia, USA, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.

Impact Optimize2018 (Rosemont, Illinois, USA, June 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity. All of the information presented will be designed to facilitate growth and eliminate risk for organizations of all sizes and across all vertical markets, with security as the firm foundation of every solution. The event will include presentations by subject matter experts, breakout sessions among business leaders and live demonstrations of enterprise security and business software.

Nuclear Asset Information Monitoring and Maintenance (Warrington, England, UK, July 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s strategic ability to leverage the appropriate people, processes and technology to achieve organisational goals through an enterprise wide integrated asset information strategy.

Cyber Security Summit 2018 (Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together with technology providers & distinguished information security experts. Learn from acclaimed security professionals on how to protect your business from cyber attacks during interactive Panels & Keynote presentations. Convene with fellow influential business leaders, C-Suite executives, investors & entrepreneurs over 3 days of sailing, sessions, and networking opportunities.

The Cyber Security Summit: Seattle (Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Health Cybersecurity Summit 2018 (Santa Clara, California, USA, July 20, 2018) Worried about being hacked? Not sure how to respond to a cyber incursion? The first line of defense is a cyber threat preparedness strategy that includes coordination with critical infrastructure and emergency management agencies. Join executives, security professionals and elected officials for the Silicon Valley Leadership Group's Health Cybersecurity Summit on Friday, July 20, at Citrix Headquarters in Silicon Valley. Engage in a real-time cyber threat and response simulation, hone your digital defense skills, and learn about the unique security concerns faced by the healthcare industry and related infrastructure providers.

Global Cyber Security Summit (Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims to provide a creative and productive platform for professionals in the field of cyber security.

MysteryBot's bad, but not quite ready. Satan is now DGBer. Breaking iOS? Kaspersky breaks up with Europol. IG reports on FBI.