The CyberWire Daily Briefing 1.3.18

Cyber Attacks, Threats, and Vulnerabilities

Iran’s Cyber War on Dissidents Could Infiltrate Your Mailbox (Defense One) Tehran’s agents are busily working against the protesters — and anyone who may have contacted them from abroad.

Iranian Netizens Flock to Tor After Censorship Crackdown (Infosecurity Magazine) Iranian Netizens Flock to Tor After Censorship Crackdown. Government blocks services as violent protests continue

Jazayeri calls for barricade against enemy’s cyber attack (Mehr News Agency) TEHRAN, Jan. 02 (MNA) – Iranian Brigadier General Jazayeri said any inefficiency and weakness in managing cyberspace and protecting it against enemy troops was unforgivable and called for creation of strong fortresses against any possible cyber attack.

Insecurity Not to Be Allowed in Tehran: IRGC Commander (Tasnim News Agency) The deputy commander of IRGC’s Sarallah headquarters, a key base for handling security affairs in Tehran, said the headquarters is not responsible for dealing with the recent unrest in the capital but made assurances that related officials will not allow insecurity to continue.

Iranians Are Mad as Hell About Their Foreign Policy (Foreign Policy) Tehran's adventures abroad have triggered anger at home. Here's how American foreign policy can step up.

Report: All Intel Processors Made in the Last Decade Might Have a Massive Security Flaw (Gizmodo) There’s small screwups and big screwups. Here is tremendously huge screwup: Virtually all Intel processors produced in the last decade have a major security hole that could allow “normal user programs—from database applications to JavaScript in web browsers—to discern to some extent the layout or contents of protected kernel memory areas,” the Register reported on Tuesday.

Serious Intel bug affects major cloud providers, and the fix will affect performance (Computing) Slowdowns of 35 per cent have been reported

'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign (Register) Other OSes will need an update, performance hits loom

"Trackmageddon" Vulnerabilities Discovered in (GPS) Location Tracking Services (BleepingComputer) Two security researchers —Vangelis Stykas and Michael Gruhn— have published a report on a series of vulnerabilities that they named "Trackmageddon" that affect several GPS and location tracking services.

GPS tracking vulnerabilities leave millions of products at risk (CSO Online) It's an IoT nightmare. One that is entirely preventable. Two researchers have disclosed problems with hundreds of vulnerable GPS services using open APIs and trivial passwords (123456), resulting in a multitude of privacy issues including direct tracking. Further, many of the vulnerable services have open directories exposing logged data.

Unpatched macOS Flaw Allows Code Execution, Root Access (Security Week) A researcher who specializes in hacking Apple’s iOS operating system has made public the details of an unpatched vulnerability in macOS that can be exploited to take complete control of a system.

MacOS LPE Exploit Gives Attackers Root Access (Threatpost) A researcher with the Twitter handle ‘Siguza’ published details of a macOS local privilege escalation vulnerability dating back to 2002 that could give an attacker root access to systems.

Researcher drops 15-year-old zero-day that affects all Mac OSes (CSO Online) A researcher released details of a macOS kernel exploit, which has been around for more than a decade, that could allow an attacker to get root access.

macOS Exploit Published on the Last Day of 2017 (BleepingComputer) On the last day of 2017, a security researcher going online by the pseudonym of Siguza published details about a macOS vulnerability affecting all Mac operating system versions released since 2002, and possibly earlier.

Automatic autofill of your username and password? Not a good idea (Graham Cluley) Is your browser's built-in login manager leaking your username (and possibly your password too)?

Code for Satori malware posted on Pastebin (HackRead) The code behind Satori malware, a variant of Mirai malware that hijacked IoT devices including Huawei routers has been leaked online on Pastebin.

Necurs Botnet Fuels Massive Year-End Ransomware Attacks (Security Week) The Necurs botnet started 2017 with a four-month vacation, but ended the year sending tens of millions of spam emails daily as part of massive ransomware distribution campaigns.

New Locky-like ransomware named ‘Scarab’ found by PhishMe (Digital Forensics) New ransomware – named Scarab – has been observed by PhishMe. While it shares some similarities in behaviour and distribution with Locky, there are also some distinct differences.

A desperate YouTube moderator scam spam (Graham Cluley) Times must be getting tough for spammers if they're having to resort to these types of tricks to get their unwanted messages seen.

Apps Disguised as Security Tools Bombard Users With Ads and Track Users' Location (TrendLabs Security Intelligence Blog) In early December, we found a total of 36 apps on Google Play that executed unwanted behavior. These apps posed as useful security tools under the names Security Defender, Security Keeper, Smart Security, Advanced Boost, and more. They also advertised a variety of capabilities: scanning, cleaning junk, saving battery, cooling the CPU, locking apps, as well as message security, WiFi security, and so on. The apps were actually able to perform these simple tasks, but they also secretly harvested user data, tracked user location, and aggressively pushed advertisements.

Your computer's antivirus software may be spying on you (PCMag India) A former NSA hacker reverse engineered Kaspersky anti-virus to spy tool

Top 5 Ways to Hack a Business (BankInfo Security) Simulated attacks by an information security testing firm have found that fresh WannaCry, NotPetya and EternalRocks would still rip through many an enterprise network. Here's how organizations must respond.

VMware Issues 3 Critical Patches for vSphere Data Protection (Threatpost) VMware released three patches fixing critical vulnerabilities affecting its vSphere cloud computing virtualization platform.

Frankfurt airport IT failure: disruption not caused by cyber attack (Verdict) One of the world’s busiest airports, Frankfurt airport, is currently undergoing an IT failure that could disrupt flights and lead to cancellations

Security Patches, Mitigations, and Software Updates

Opera browser updated to stop crypto-currency mining (HOTforSecurity) The last year has seen a rise in the number of websites hogging visitor’s CPU and browser resources by surreptitiously mining for cryptocurrencies while you surf. Sites like Pirate Bay have found themselves in hot water after visitors discovered it had added... #bitcoinmining #cpu #cryptocurrency

VMware Issues 3 Critical Patches for vSphere Data Protection (Threatpost) VMware released three patches fixing critical vulnerabilities affecting its vSphere cloud computing virtualization platform.

Patching Takes More than a Fortnight for Many Firms (Infosecurity Magazine) Patching Takes More than a Fortnight for Many Firms. Ivanti research finds security gaps persist on the endpoint

Cyber Trends

2017 Cybersecurity in Review and Predictions for the New Year (Recorded Future) Dr. Chris Pierson takes a look back at 2017 and tries to make sense of what it all meant, what 2018 may have in store for the cybersecurity industry, and how best to prepare.

Believe It: Cybersecurity is Getting Better, Not Worse (Infosecurity Magazine) We’ve become beholden to our own fear, uncertainty, doubt – which basically says that cybersecurity has never been worse.

Despite cybersecurity concerns, many consumers don't protect themselves (Help Net Security) Despite awareness of the need for cybersecurity, many consumers are not taking proactive steps to keep their personal information protected from identity t

Marketplace

NSA’s top talent is leaving because of low pay, slumping morale and unpopular reorganization (Washington Post) Since 2015, the spy service has lost several hundred hackers, engineers and data scientists.

10 startups outside Silicon Valley to watch in 2018 (VentureBeat) Earlier this week, I wrote that the two questions I get most frequently from people who are interested in learning about Heartland Tech are about what cities they should be watching and what startups should be on their radar. I wrote about cities to watch here, and now I'd like to talk about startups to keep an eye on in 2018.

Army Aims to Accelerate Cyber Defense System Prototyping, Acquisition Via Vendor Consortium (Executive Gov) The U.S. Army plans to launch a process that seeks to facilitate the prototyping and acquisition of

Why do CISOs change jobs so frequently? (CSO Online) Aside from earning more money, CISOs pursue other opportunities when current employers minimize cybersecurity commitments and efforts.

Imperva Appoints Mike Burns as CFO (BusinessWire) Imperva, Inc. (NASDAQ:IMPV), a leading cybersecurity company that delivers best-in-class solutions to protect data and applications – wherever they re

Products, Services, and Solutions

How 3 innovative products approach network security (CSO Online) The network security category is constantly evolving with the emergence of new threats and attack techniques. Here's how 3 network security products tackle the problem.

Law Firm Cybersecurity Assessment and Services (TCDI) Law firms are entrusted with their clients’ most sensitive information and have an ethical obligation to protect it. In today’s digital world, that means ensuring technical and procedural safeguards are in place to prevent data breaches. Failure to do so can result in catastrophic damage to a firm’s reputation and bottom line.

Blockchain announcement sends stock of Hooters franchisee soaring [Updated] (Ars Technica) Press release: “Eating a burger is now a way to mine for cryptocoins.”

Technologies, Techniques, and Standards

How DHS Protects Federal Networks by Breaking into Them (FedTech) The Department of Homeland Security’s National Cybersecurity Assessments and Technical Services team is beefing up its role in securing federal IT and critical infrastructure.

DMARC Adoption Surges Ahead of Federal Mandate (Infosecurity Magazine) Federal domain adoption of the DMARC email security scheme in the US increased 38% in 30 days.

Federal DMARC Adoption Report, Secure your Email (Agari) 68% of all Federal domains lack a DMARC policy, leaving their citizens and agencies open to email cyber attacks. Get the statistics today - get the report.

NIST looks to private sector for help securing IoT devices (FederalNewsRadio.com) NIST will soon start hosting events to exchange ideas on methods and technologies to ensure Internet of Things devices are secure.

Morphing Network Security (Bricata Blog) If you dropped a CIO from the 1990s into the modern data center, chances are they’d be overwhelmed. So much has changed, because technology changes so quickly.

How to keep your browser and devices safe from cryptojackers (Help Net Security) Cryptojacking makes surfing the web similar to walking through a minefield. What can you do to prevent your browsers/devices being used to do the cryptojackers' work?

Are you crypto-agile? (CSO Online) A recent spate of successful attacks against our most popular and trusted cryptographic algorithms has me hoping that all companies understand the importance of crypto-agility.

CIO upfront: 3 steps towards a cyber resilient organisation (CIO New Zealand) True cyber resilience means having the insight to anticipate a changing threat landscape, the agility to adapt and respond quickly to a cyberattack, and the resources to support the costs of recovery, writes Ian Raper, regional vice president, ANZ, Palo Alto Networks

IT security experts are NOT control system and safety experts (Control Global) Sensor and process anomaly detection is an engineering function that requires detailed knowledge of the systems and the process. It also has a direct impact on process safety.

The Big Hack Attack (Financial Advisor) Rob is an advisor in Cincinnati at a firm with some half a billion in assets. He’s always thought his cybersecurity was pretty good and figured his firm would be a fairly unappealing target for thieves and hackers.

How to Protect Your Home Router from Attacks (Motherboard) A comprehensive guide for choosing and setting up secure Wi-Fi.

The Cybersecurity 'Upside Down' (Dark Reading) There is no stranger thing than being breached. Here are a few ways to avoid the horror.

You Could Mine 1 Bitcoin Per Month If You Harvested the Body Heat from 44,000 People (Motherboard) A best case scenario would look like a ‘Matrix’-esque hellscape and still require hundreds of people.

Fighting on Today's Front Lines (Infosecurity Magazine) The overall impression is that data breaches are the result of enemy nation states, hacktivists, organized crime, and other evil forces.

Design and Innovation

AI System Sorts News Articles By Whether or Not They Contain Actual Information (Motherboard) How much "news" is actually new?

The Logan Paul Video Should Be a Reckoning For YouTube (WIRED) Logan Paul's video of Japan's "suicide forest" was a nadir for the YouTube star—and the platform that enables him.

YouTube is equally to blame for Logan Paul’s video (TechCrunch) It appears that YouTube is more responsible for the first crisis of the year on its video platform than was initially thought. Yesterday, the internet was..

A Visit to Facebook's Recently Opened Center for Deleting Content (Motherboard) Our tour of one of Germany's new content moderation centers gave us a look at Facebook’s content moderation—and what it means for the people who have to enforce its deletion rules.

Why a controversial cybersecurity prediction about IDS from 2003 is still relevant (CSO Online) The complicating factors that prompted a technology analyst to label the market as obsolete 14 years ago still persist today; it remains a rallying cry for greater security innovation.

Smart cars need smart and secure IT/OT Infrastructures (Help Net Security) OT systems and their parallel safety systems were not designed to stop the present threat of hackers whose intent would be to make them fail in catastrophic ways.

Research and Development

Qtum Foundation, Trusted IoT Alliance, and Chronicled, Inc. to Develop Secure IoT Use Cases (PRNewswire) Chronicled, Inc. and The Qtum Foundation have announced a collaboration...

Academic researchers fire latest shots in adblocking arms race (Ars Technica) Manipulating javascript can overcome publishers' software.

Legislation, Policy and Regulation

Trump ready to punish Iran’s elite guard unit (Times) The Trump administration is preparing to impose severe sanctions on Iran’s Revolutionary Guard as a state crackdown on protesters intensifies. The elite militia, responsible for protecting the...

The West must seize this chance to change Iran (Times) When Iranian students took to the streets against president Mahmoud Ahmadinejad almost a decade ago, he called them “khas o khashak” — dust and trash — and sent in security services to crack their...

Johnson warns Russia that the UK is prepared to tackle cyber threats head-on | Computing (Computing) First visit in five years has done little for state relationships

Pakistan fires back after 'incomprehensible' Trump tweet (Military Times) Pakistan fired back Tuesday after President Donald Trump accused it of harboring terrorists, calling his New Year’s Day tweet “completely incomprehensible.”

You realize, of course, this means War (Security Boulevard) Security researchers have long spoken about “the attribution problem” – that is, the difficulty of pinning a specific security event to a specific threat a

Microsoft and Facebook Join Forces to Stop Cyberattack on the U.S. (The Motley Fool) An ongoing cyberattack pitted these tech titans against foreign cyber-invaders.

FERC Proposes Cybersecurity Incident Reporting Rule (Lexology) On December 21, 2017 the Federal Energy Regulatory Commission (FERC) proposed a rule to direct the North American Electric Reliability Corporation…

The FCC is still tweaking its net neutrality repeal (but that’s normal) (TechCrunch) You may think, from the pomp accompanying the FCC's vote in December to repeal net neutrality, that the deed was done. Not so. In fact, the order hasn't even..

Ajit Pai’s FCC is still editing the net neutrality repeal order (Ars Technica) Repeal undergoing final changes as FCC prepares for court battle.

Peter Cochrane: US will 'shoot itself in the head and the foot' over lifting of net neutrality (Computing) Former BT CTO Peter Cochrane warns that the lifting of net neutrality in the US will raise barriers and hinder innovation

What is the GDPR, its requirements and deadlines? (CSO Online) GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. And non-compliance could cost companies dearly. Here’s what every company that does business in Europe needs to know about GDPR.

Litigation, Investigation, and Enforcement

IP address errors lead to wrongful arrests (Naked Security) It’s not just typos that result in errors tracing an IP number back to a residential address

Privacy vs. Security: Will SCOTUS Leave the (Third) Party in 2018? (Lexology) If the government obtains information about your past locations from your wireless provider, is that a search? If so, is it a search that requires…

A year later, an investigation in search of a crime (TheHill) In all of the end-of-year reviews, the most surprising (and most disappointing) realization for many is what's missing from the list: the charging of Donald Trump.

As the Dossier Scandal Looms, the New York Times Struggles to Save Its Collusion Tale (National Review) The totality of the evidence undermines the Times’ collusion narrative ...

BRIEF-Finjan And Fireeye Enter Patent License Agreements (Reuters) Finjan Holdings Inc - under terms of agreements, FireEye agreed to pay Finjan a 1-time net settlement amount of about $12.5 million payable in cash

Serial Swatter “SWAuTistic” Bragged He Hit 100 Schools, 10 Homes (KrebsOnSecurity) The individual who allegedly made a fake emergency call to Kansas police last week that summoned them to shoot and kill an unarmed local man has claimed credit for raising dozens of these dangerous false alarms — calling in bogus hostage situations and bomb threats at roughly 100 schools and at least 10 residences.

Call of Duty gaming community points to ‘swatting’ in deadly Wichita police shooting (Wichita Eagle) A worldwide community of online gamers might be a key in finding out why a 28-year-old man is dead after being shot by police Thursday evening.

Hackers Who Disabled Police Cameras Prior to Trump Inauguration Left Trail of Clues (Dark Reading) Romanian police last month arrested Mihai Isvanca, and Eveline Cismaru for allegedly breaking into 123 computers controlling surveillance cameras at DC's police department in 2017.

Iran cracks down on Internet services (and Infy gets busy). Intel kernel memory bug. A macOS bug is out. "Trackmageddon."