The CyberWire Daily Briefing 11.28.18

Cyber Attacks, Threats, and Vulnerabilities

Malware Companies Are Finding New Ways to Spy on iPhones (Motherboard) Kaspersky Lab’s found evidence that a small spyware government contractor sells iOS malware, showing it may not be as rare as some people think.

New Hacker Group Behind 'DNSpionage' Attacks in Middle East (Dark Reading) Motives are not fully clear, though data exfiltration is one possibility, Cisco Talos says.

DNSpionage Campaign Targets Middle East (Cisco Talos) A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

Bypassing CVE-2018-15442: Another case of DLL Hijacking (SecureAuth) As an exploit writer, one of my tasks consists of gathering common vulnerabilities and exposures (CVE) and all of the information related to them in order to design an exploit for Core Impact. As part of this process I stumbled across CVE-2018-15422: A vulnerability in the update service of Cisco WebEx Meetings Desktop App for Windows.

Malvertising Campaign Impacts Millions of iOS Users (Threatpost) Researchers say the bad actor behind the malvertising campaign is still active.

Back to School: COBALT DICKENS Targets Universities (SecureWorks) Despite indictments in March 2018, the Iranian threat group is likely responsible for a large-scale campaign that targeted university credentials using the same spoofing tactics as previous attacks.

More obfuscated shell scripts: Fake MacOS Flash update (SANS Internet Storm Center) Yesterday, I wrote a diary about a nice obfuscated shell script[1]. Today, I found another example of malicious shell script embedded in an Apple .dmg file (an Apple Disk Image[2])

Microsoft explains one Azure authentication outage as another one happens (Ars Technica) Three different problems came together to break authentication earlier this month.

I’ve got a bridge to sell you. Why AutoCAD malware keeps chugging on (Ars Technica) CAD forever changed the design of modern buildings and industrial espionage alike.

Atrium Health says data of about 2.65 million patients involved in... (Reuters) Atrium Health, previously Carolinas HealthCare System, said on Tuesday data of a...

Cyber Monday 2018: Sam's Club Sale Has Nasty Surprises (Forbes) Sam's Club has superb Black Friday pre-sales, but can its Cyber Monday deals rivals? You're in for a nasty surprise...

Rockaway Township police computers down after possible cyber attack (Daily Record) Computer systems at the Police Department and Town Hall have been down since Thanksgiving after a possible cyber attack, sources said.

UPDATE: Mat-Su Borough Assembly to vote on funds for cyber attack response (KTUU) Months after a sophisticated cyber attack took the Mat-Su Borough's network offline, the borough is shifting around funds to continue its effort to rebuild and upgrade its network infrastructure.

Facebook, Twitter crack down on AI babysitter-rating service (Washington Post) Predictim's chief said the company was undeterred by the restrictions: “If you’re not hiding anything, if you’re not abusive, if you’re not a bully, I don’t see why you’d be scared."

Security Patches, Mitigations, and Software Updates

Siemens patches major firewall flaw, other vulnerabilities (TechGenix) German conglomerate Siemens has been busy trying to close several gaps in its security infrastructure caused by critical vulnerabilities.

Cyber Trends

Cybersecurity 2019: Predictions you can't ignore (Help Net Security) As we move forward to 2019, expect credit card and payment information theft to continue to rise, according to research from CyberInt.

IIoT Technologies Integration Creates Growth Opportunities in the Industrial Cybersecurity Industry (MarketWatch) Customer needs require scalable, flexible cybersecurity solutions, finds Frost & Sullivan

Nearly Three-Quarters of Americans Concerned About Identity Theft During Holiday Shopping Season (PR Newswire) The vast majority of Americans (71%) are concerned that their financial and personal information could be...

C-Suite: GDPR Could Lead to Greater Risk of Breaches (Infosecurity Magazine) German and UK executives vent concern at six-month milestone

Who's the Weakest Link in Your Supply Chain? (Dark Reading) Nearly 60% of organizations have suffered data breaches resulting from a third party, as suppliers pose a growing risk to enterprise security.

Marketplace

Defense officials taking advantage of new cyber authorities (Fifth Domain) New authorities allow DoD to act faster and respond quicker to activities in cyberspace.

Google employees sign letter against censored search engine for China (the Guardian) Project Dragonfly would allow Beijing to monitor users’ activity and open letter is latest sign of worker unrest at tech company

We are Google employees. Google must drop Dragonfly. (Medium) We are Google employees and we join Amnesty International in calling on Google to cancel project Dragonfly, Google’s effort to create a…

China leaves Huawei founder off honor roll marking 40 years of economic success (TechCrunch) In the lead up to China’s 40th anniversary of reforms and opening up, People’s Daily, the mouthpiece of the ruling Communist Party, published a list on Monday commending 100 extraordinary contributors to the country’s economic development. Familiar names like Jack Ma of ecommerce …

Censys Raises $2.6 Million Seed Round Led by GV and Greylock Partners (Odessa American) Censys, Inc., the trusted provider of Internet security data, announced its $2.6M Series Seed round to help companies find where their data may be exposed.

[Corrected] CyberGRX Raises $30 Million in Series C Funding Round Led by Scale Venture Partners (BusinessWire) CyberGRX today announced that it has raised $30 million in Series C funding led by Scale Venture Partners.

Can Palo Alto Networks Turn Up the Heat This Earnings Season? (The Motley Fool) Investors will be looking for a solid performance.

Kaspersky Predicts ‘Bubble-Burst’ for cryptocurrency in 2019 (BTC Wires) The month of November has brought quite a doom for the crypto World, right from bearish trend plunging the prices to new lows, to threats from crypto hackers robbing people of their hard-earned digital money. In short, the crypto world has not seen any breakthroughs be it price or security…

Former U.S. Congressman Mike Rogers Joins AppGuard (Benzinga) AppGuard, Inc, the pioneers of zero trust cybersecurity software for endpoints, servers and mobile platforms, announced today the...

Verodin Appoints Anomali Co-Founder Colby DeRodeff as Chief Technology Officer (BusinessWire) Colby DeRodeff joins Verodin’s executive team to further drive the rapid expansion of its Security Instrumentation Platform.

Products, Services, and Solutions

Tufin Announces New Cloud Security Solution (Benzinga) Tufin®, the market-leading provider of Network Security Policy Orchestration solutions, announced its latest cloud-native solution, Tufin...

IBM QRadar Advisor with Watson Expands Knowledge of Cybercriminal Techniques (IBM News Room) IBM (NYSE: IBM) Security today announced new capabilities for the company's AI-based security platform, QRadar Advisor with Watson, which expand the platform's knowledge of cybercriminal behavior...

K2 Software OEMs Safe-T Data's Software Defined Access to Securely Connect Cloud Services to On-prem Applications (PR Newswire) Safe-T® (Nasdaq: SFET), (TASE: SFET), a leading provider of software-defined access solutions for the hybrid...

Dataguise Supports GDPR Compliant Cloud Initiatives at AWS re:Invent 2018 (GlobeNewswire News Room) Next Generation DgSecure Platform Accelerates GDPR Compliance Across AWS Cloud Infrastructure

Bandura Cyber Announces Strategic Partnership with Castra Consulting to Enable Automated Threat Intelligence Protection (BusinessWire) Bandura Cyber has announced a strategic partnership with Castra Consulting Managed Services.

Beyond CASB Power: Check Point Announces General Availability for CloudGuard SaaS (Check Point Software) Check Point® Software Technologies Ltd. (NASDAQ: CHKP), ), a leading provider of cybersecurity solutions globally, , today announced the general availability of CloudGuard SaaS, an industry-first cloud suite designed to prevent sophisticated security threats that target SaaS applications. One of the latest additions to Check Point’s CloudGuard portfolio of cloud security products, CloudGuard SaaS protects …

Qualys Brings its Container Security Solution to New AWS Marketplace for Containers (PR Newswire) AWS re:Invent 2018, Booth #2529 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and a leading provider of cloud-based...

Offensive Security redesigns Exploit Database, its archive of public exploits (Help Net Security) Offensive Security updated Exploit Databas contains library of exploits, shellcode and security papers, adds filters and searching of displayed results.

Fugue Risk Manager protects against data breaches with self-healing cloud infrastructure (Help Net Security) Fugue solution can identify infrastructure compliance violations and automatically remediate unauthorized changes and configuration drift.

What Certified Ethical Hacker Is and What It Is Not (EC-Council Official Blog) A) Ethical Hacking IS NOT Pentest We hear it on the internet; ‘XXX certification is better than a C|EH because you have to do an actual penetration test and submit a report’. The comparison is not only inaccurate; those who make it misunderstand the nature and content of the C|EH course and certification test. There... Read More

Cylance Introduces AI-Powered Cloud Security Solution for AWS (BusinessWire) The award-winning CylancePROTECT® solution now supports AWS Linux to protect application instances running on cloud services infrastructure.

Bitglass and the Rise of Cloud Security Posture Management - Security Boulevard (Security Boulevard) As companies begin moving data from on-premises solutions to the cloud, the need to protect sensitive information and prevent data breaches becomes increasingly important.

Odo software prototype provides solution to sophisticated cyber-spying (Intelligence Online) French researchers are poised to make code obfuscation technology, which provides protection against sophisticated computer attacks, available to all.

SCADAfence Partners With Demisto to Extend Automated Incident Response and Security Orchestration to OT Networks (Sys-Con Media) SCADAfence, the industry leader in cybersecurity and visibility solutions for industrial OT networks, is partnering with Demisto, an innovator in security automation and orchestration technology, to enable industrial organizations to respond to the ever-increasing threats that spread from IT to OT networks.

Technologies, Techniques, and Standards

Who is responsible for IoT security in healthcare? (CSO Online) NIST panel debates who should own IoT security: vendors or users. The issue is especially important when it comes to protecting medical devices.

Here is How Open Source DIY Fatigue Saps Cybersecurity Resources (Bricata) Open source security tools often start as cost-saving DIY projects inside cybersecurity organizations, but as the network grows, these take more time to maintain and manage, which detracts from the task of actually protecting the network. #broids #ids #snortids

Secure Chorus continues to deliver industry-leading value with launch of cyber security standards for enterprise-grade mobile apps - Secure Chorus (Secure Chorus) Not-for profit membership organisation Secure Chorus has announced the completion of its first set of interoperability standards for regulatory-compliant encrypted voice calls. The move will lead the way to the commercial rollout of an ecosystem of different brand mobile apps for enterprise. Elisabetta Zaccaria, Secure Chorus’ Chairman of the board said: …

Take cybersecurity into your own hands: Don't rely on tech giants (Help Net Security) Google doesn’t want you to have to think about cybersecurity at all, similar to how we think about breathing, which sounds like a great idea. However, in

Why compliance is never enough (Help Net Security) Security leadership can steer senior management from focusing solely on compliance by educating them on what must be done to protect against cyber threats.

DDoS protection, mitigation and defense: 8 essential tips (CSO Online) Protecting your network from DDoS attacks starts with planning your response. Here, security experts offer their best advice for fighting back.

Key reasons holding back MFA adoption by mainframe customers (Help Net Security) While 64% of mainframers are aware that MFA is now available to control access to mainframe apps, only 20% acknowledge their organization is using it.

How CISOs can tell a better security story to their board (SC Media) By Ed Bellis, co-founder, CTO, Kenna Security Historically, when CISOs have been called to speak to their organization’s board of directors, it was an

Breaking down the barriers to an IoT-enabled government (GCN) Because the internet of things represents real and concrete risks, it’s time to accelerate progress toward a more orchestrated security framework so the government can tap into its many unique advantages.

What changes will the Corps' experiments in the information environment bring? (Marine Corps Times) The infantry battalion was a previous focus, and experiments led to the adoption of new gear and the downsizing and reconfiguring of the rifle squad.

The Army is rapidly regrowing electronic warfare (C4ISRNET) New forces and capabilities are being developed across several echelons.

Design and Innovation

How to Save the Cybersecurity Industry (Security Boulevard) Traditional 'detect and respond' antivirus products are failing, as cyber-criminals grow ever more inventive and legacy solutions simply can't keep up with the explosion in new malware. In this video, we discuss what can be done to halt this trend.

Research and Development

Can a new DoD center cut through the electronic warfare static? (C4ISRNET) The Joint Artificial Intelligence Center could help overburdened EW analysts.

The Army’s new approach for developing electronic warfare systems (C4ISRNET) The service wants more equipment at the brigade level ASAP.

Academia

Security Industry Association Announces 2018 RISE Scholarship Winners (Security Industry Association) The Security Industry Association (SIA) has selected six young professionals employed at SIA member companies to receive the 2018 SIA RISE Scholarship.

Iowa State launches cyber security engineering major for fall 2019 (The Ames Tribune) Iowa State University’s College of Engineering is launching a Cyber Security Engineering major next fall.The Cyber Security major will be a bachelor

The UTSA National Security Collaboration Center welcomes its first partners on campus (UTSA Today) While the construction of a new research facility will commence at the Downtown Campus next year, it’s not slowing down the UTSA National Security Collaboration Center (NSCC) from taking shape. Federal and industry partners are now arriving on campus to work with UTSA faculty and students.

NSA employees can get UTSA degrees through new program (ExpressNews) The University of Texas at San Antonio is one of eight higher education institutions around the country partnering with the National Security Agency to give agency employees the opportunity to get degrees in cybersecurity and languages.

Legislation, Policy and Regulation

Parliamentarians from across the world sign declaration on the ‘Principles of the Law Governing the Internet’ (UK Parliament) DCMS Committee fake news

Analysis | The Cybersecurity 202: Facebook is under siege around the globe. Now what? (Washington Post) Two hearings Tuesday show the company and its tech peers face new regulatory challenges

How to fight fake news and other online threats (Times) ‘Fake news” is everywhere, to judge by the frequency with which it’s cited, from American political discourse to yesterday’s international parliamentary inquiry into Russian meddling. But it’s...

Trump proposes a government-run TV news network to counter CNN (Ars Technica) Trump wants "Worldwide Network to show the World the way we really are, GREAT!"

New Zealand halts Huawei from 5G upgrade over security fears (AP NEWS) New Zealand’s international spy agency on Wednesday halted mobile company Spark from using Huawei equipment in its planned 5G upgrade, saying it posed a “significant network security risk.”

The US Loves To Charge Other Governments' Hackers With Crimes. What Happens When One Of Those Countries Returns The Favor? (BuzzFeed News) As the US grows increasingly comfortable with "name-and-shame" tactics against hackers who work for China, Iran, North Korea, and Russia, it's only a matter of time before US government hackers are outed.

What Really Matters in ‘Defending Forward’? (Lawfare) Why did the Pentagon choose a cyber strategy of “defending forward”?

Ex-NSA chief welcomes more U.S. offensive operations in cyberspace (Cyberscoop) Former National Security Agency director Michael Rogers has welcomed the Trump administration’s willingness to use cyber-operations to deter foreign adversaries, adding that the United States’ previous reluctance to do so was counterproductive.

Home Affairs attempts to allay concerns about Australian exporters for encryption-busting Bill (ZDNet) ASIO will immediately seek to use the legislation when it comes into force.

U.S. Senate Committee On Commerce, Science, & Transportation - Hearings (U.S. Senate Committee On Commerce, Science, & Transportation) U.S. Sen. Jerry Moran (R-Kan.), chairman of the Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security, will convene a subcommittee hearing titled “Oversight of the Federal Trade Commission,” at 2:30 p.m. on Tuesday, November 27, 2018.

Top House Armed Services Democrat wants oversight of new DoD cyber strategy (Federal News Network) Rep. Jim Langevin has a cyber-focused legislative session planned.

One breach standard is better than 50 state regimes: Treasury official (American Banker) The comments by Brent McIntosh, Treasury's general counsel, are at odds with concerns by state regulators and consumer groups who fear that a national standard on how firms handle data breaches could weaken pre-existing rules.

New Cybersecurity Law Offers Safe Harbor Against Tort Claims (Lexology) On November, 2, 2018, Ohio’s recently passed Data Protection Act (Act) officially became law. The Act provides a possible affirmative defense to…

Litigation, Investigation, and Enforcement

Facebook faces fresh lashing from nine countries for its inability to stop the spread of fake news (Washington Post) Facebook on Tuesday faced a fresh lashing from regulators representing Canada, France, the United Kingdom and six other countries for the social-networking giant’s inability to stop the spread of misinformation online and protect its users' personal data.

Everything You Should Know About Facebook’s UK Privacy Drama (WIRED) Lawmakers from nine countries grilled Facebook on Tuesday using a cache of sealed documents that had been seized in London last week.

Manafort Allegations Throw New Uncertainty into Russia Probe (VOA) Day after prosecutors accused President Trump's former campaign manager of repeatedly lying to them, trashing his agreement to tell all in return for a lighter sentence, he adamantly denies report in the Guardian that he had met secretly with Wikileaks founder Julian Assange in March 2016

Robert Mueller's Endgame May Be in Sight (WIRED) Recent developments in the special counsel investigation indicate that things are about to heat up.

Russian firm indicted by Mueller wants permission to disclose 'sensitive' US info (TheHill) A Russian consulting firm indicted by special counsel Robert Mueller is set to ask a U.S. court for permission to internally share information the federal government deems "sensitive."

House Cmte. Reviewing Twitter CEO Jack Dorsey's Testimony For False Statements (The Federalist) The House Energy and Commerce committee is currently reviewing whether Twitter CEO Jack Dorsey provided false testimony to Congress last September.

Federal judge delays decision on unsealing ‘interesting’ Julian Assange case (Washington Post) Prosecutors inadvertently revealed in a recent filing for an unrelated case that the WikiLeaks founder has been charged under seal.

Killing 3ve: US Dismantles Global Ad Fraud Scheme (Infosecurity Magazine) Eight men indicted for alleged role

Multiple botnets disrupted as part of anti-fraud operation (APN News) The internet scored a win after an FBI-led takedown disrupted a massive, multiyear scam that saw cyber criminals use botnets to manipulate internet traffic from 1.7 million IP addresses and generate nearly 30 million dollars in fraudulent ad revenue. F-Secure supported the takedown operation by providing threat intelligence on the scam’s malware […]

Two International Cybercriminal Rings Dismantled and Eight Defendants Indicted for Causing Tens of Millions of Dollars in Losses in Digital Advertising Fraud () A 13-count indictment was unsealed today in federal court in Brooklyn charging Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr Isaev and Yevgeniy Timchenko with criminal violations for their involvement in perpetrating widespread digital advertising fraud.

Israel: 'Rogue' NSO Group must have licence revoked (Amnesty) Amnesty calls for action on NSO Group, Israeli company whose spyware targeted Amnesty staff

IRS missed steps to accurately track outside data breaches, TIGTA reports (Federal News Network) The IRS failed to flag compromised personally identifiable information (PII) linked to dozens of external data breaches last year and put the tax information of nearly 11,000 people at risk, according to a recent watchdog audit.

Lax Oversight Enabled Illegal Wiretaps by Ex-Brooklyn DA, Lawyers Say in Proposed Class Suit (New York Law Journal) Relatives of an ex-Brooklyn DA's two surveillance targets allege she likely listened to the phone conversations of at least 700 other people during that period.

Lenovo to pay $7.3m for installing adware in 750,000 laptops (HackRead) In 2015, Beijing based laptop manufacturer and seemingly reliable technology company Lenovo made headlines that its 750,000 laptops had pre-installed adware called VisualDiscovery developed by Superfish.