The CyberWire Daily Briefing 5.24.19

Cyber Attacks, Threats, and Vulnerabilities

Uncovering New Activity By APT10 (enSilo) In April 2019, enSilo detected what it believes to be new activity by APT 10, a Chinese cyber espionage group. The variants discovered by enSilo are previously unknown and deploy malware that is unique to the threat actor.

SandboxEscaper Drops Three More Windows Exploits, IE Zero-Day (Threatpost) As promised, developer SandboxEscaper has dropped exploit code for four more bugs, on the heels of releasing a Windows zero-day yesterday.

Russian Nation-State Hacking Unit's Tools Get More Fancy (Dark Reading) APT28/Fancy Bear has expanded its repertoire to more than 30 commands for infecting systems, executing code, and reconnaissance, researchers have found.

Instagram website leaked phone numbers and emails for months, researcher says (CNET) The flaw made the information easy to scrape and turn into a database.

Beyond “North America” - Threat actors target Canada specifically (Proofpoint) Proofpoint researchers describe the Canadian email threat landscape.

New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices (TrendLabs Security Intelligence Blog) We discovered a new variant of Mirai that uses a total of 13 different exploits, almost all of which have been used in previous Mirai-related attacks.

IoT Attacks Cost UK Firms Over £1bn (Infosecurity Magazine) Irdeto report reveals impact of customer data loss and attrition

Egyptian DDoS Campaign Observations (Akamai) Between March 19 and March 25, 2019, there was a very large amount of DDoS traffic sourced from a specific Egyptian Autonomous System (ASN) directed at Akamai Prolexic customers. It's worth noting this is an ASN we rarely see in...

PoC Exploits Created for Wormable Windows RDS Flaw (SecurityWeek) Several PoC exploits, including ones that can be used for remote code execution, have been created for the recently patched Windows RDS vulnerability tracked as CVE-2019-0708 and dubbed BlueKeep.

UK Political Parties Fail on Email Security Ahead of Elections (Infosecurity Magazine) Lack of strong DMARC policies put members at risk of phishing, says Red Sift

Another Day, Another Fraudulent App (White Ops) The White Ops Threat Intel team explores the inner workings of an app and a development kit that suggests fraudulent activity is afoot.

Fake cryptocurrency apps on Google Play try to profit on bitcoin price surge (Ars Technica) Researchers uncover two purported wallets uploaded after bitcoin prices rise.

Soaring Cryptocurrency Prices Draw Malicious Apps, Malware (Threatpost) As Bitcoin prices surge, so too are malicious apps, malware-ridden scams and cryptojacking attacks looking to profit from the cryptocurrency industry.

Fake cryptocurrency apps crop up on Google Play as bitcoin price rises | WeLiveSecurity (WeLiveSecurity) ESET researchers have analyzed fake cryptocurrency wallets cropping up on Google Play at the time of bitcoin’s renewed growth.

The alarming security state of airline mobile apps (Pradeo) Our latest study based on the security testing of global top 50 airline mobile applications shed the light on some alarming data privacy concerns.

Researchers are still using lessons from VPNFilter to track threats one year later - CyberScoop (CyberScoop) It’s a been a year since private security researchers worked with the FBI to dismantle a 500,000-router-strong botnet that loomed over Ukraine.

Comodo Issued Most Certificates for Signed Malware on VirusTotal (SecurityWeek) Comodo CA issued the largest number of digital certificates used to sign malware samples found on VirusTotal over the past year, Chronicle’s security researchers say.

An Update on How We Are Doing At Enforcing Our Community Standards (Facebook Newsroom) We're publishing our third Community Standards Enforcement Report.

More Data on Content Moderation Won't Silence Facebook’s Critics (WIRED) Facebook’s latest report lays out the sheer scale of its battle against fake accounts, spam, and other abuses.

Twitter Is Showing More Ads, And People Are Seeing Lots Of Weird Crap As A Result (BuzzFeed News) One malicious campaign used false articles about Drake and the Weeknd to promote casinos.

Snapchat Employees Abused Data Access to Spy on Users (Vice) Multiple sources and emails also describe SnapLion, an internal tool used by various departments to access Snapchat user data.

SQL Injections: The Cockroaches of the AppSec World (Infosecurity Magazine) If cockroaches had an equivalent in the digital world, it would have to be SQL injection vulnerabilities

Calibration Attack Drills Down on iPhone, Pixel Users (Threatpost) A new way of tracking mobile users creates a globally unique device fingerprint that browsers and other protections can't stop.

Cyberattacks are the newest frontier of war and can strike harder than a natural disaster. Here's why the US could struggle to cope if it got hit. (Albany Times Union) A successful cyberattack on critical infrastructure could do as much damage as a natural disaster, bringing a whole country to a standstill.

FBI investigating Cyber attack on City of Laredo (KGNS) A cyber attack on the City of Laredo caused panic for city officials and those who use their online services.

Google disables Baltimore's Gmail accounts used during ransomware recovery (Baltimore Sun) The creation of a large amount of accounts triggered Google's automated security system.

The city of Baltimore is being held hostage by ransomware (Naked Security) The mayor said no—for now—to paying 13 Bitcoins to (purportedly) unlock all seized systems. Manual rebuilding could take months.

EPA Cybersecurity Weaknesses Are Going Untracked and Unpatched (Nextgov) One EPA employee said their office was tracking vulnerabilities on their own to avoid oversight from other agency components.

Optus addresses major outage (CRN Australia) Impacted access to websites and gaming platforms.

Legal Threats Make Powerful Phishing Lures (KrebsOnSecurity) Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm.

How to defend against scams: 14 red flags everyone needs to be aware of (CSO Online) Does your security awareness training program help your employees learn when someone is trying to scam them?

LinkedIn Admits a Delay in Renewing TLS Cert (Infosecurity Magazine) A delay in SSL certification update has been fixed after users received security alerts.

Security Patches, Mitigations, and Software Updates

Mozilla fixes bugs, improves privacy in latest Firefox release (Naked Security) Mozilla rolled out version 67 of its Firefox browser this week, fixing some security bugs and introducing a host of privacy features.

Tor Browser for Android 8.5 offers mobile users privacy boost (Naked Security) After nine months of alpha testing, a stable release of the Tor browser for Android can now be downloaded from Google’s Play store or direct from the Project’s website.

Cyber Trends

Cyber Is the Perfect Weapon (SIGNAL Magazine) Cyber is fundamentally changing the national security landscape says David Sanger, national security correspondent for The New York Times.

73% of People Don’t Trust AI Voice Technology Such as Google Duplex to Make Simple Calls, Though Trust May Build as Usage Increases (Clutch) Nearly three-quarters of people (73%) say they are somewhat or very unlikely to trust a tool such as Google Duplex to correctly make simple calls for them. Duplex is a tool within Google Assistant that can call restaurants and book reservations using an AI-powered voice. Duplex caused controversy when it was unveiled in spring 2018 due to its

Attacks From Rogue Mobile Apps Jump 300%, and CNP Fraud Continues To Boom, RSA Finds (Digital Transactions) Fraud attacks involving rogue mobile applications jumped nearly 300% in the first quarter from the p

GDPR: Security Pros Believe Non-Compliance is Rife (Infosecurity Magazine) Lawyers warn enforcement activity will “step up”

Kaspersky Lab Sees Spike In Mobile Banking Cyberattacks (PYMNTS.com) Kaspersky Lab, a cybersecurity and anti-virus company, has reported a rise in a specific malware intended to steal money and credentials from people’s bank accounts. The company found 29,841 files of the malware in Q1 of 2019, which is up from 18,501 in Q4. Attacks on upwards of 300,000 users were detected. Kaspersky Lab released […]

Marketplace

‘Big four’ accountants are now Britain’s top cyber security employers (The Global Recruiter) “Every aspect of a modern company relies on its IT."

DoD stepping up recruitment efforts to find more diverse cyber talent (Federal News Network) As part of a new pilot program, the Defense Department awards contracts to five companies to actively recruit technical talent from the private sector.

Intel Community Asks Industry for Help Sorting Signal From Noise (Bloomberg GOV) The Office of the Director of National Intelligence will ramp up its outreach to technology providers as part of its Intelligence, Science, and Technology Partnership, or In-Step, according to a May 22 request for information.

How Silicon Valley gamed Europe’s privacy rules (POLITICO) The region’s data protection overhaul was supposed to help citizens. Instead, it’s helped Big Tech.

Huawei’s European Customers Are Put on Hold by U.S. Ban (New York Times) They’re unsure how Android phones will keep working as Google and other companies assess a Trump administration order.

Huawei’s US ban: A look at the hardware (and software) supply problems (Ars Technica) Huawei's hardware independence is actually pretty good! The software, though...

Jim Routh Joins Respond Software's Advisory Board (Yahoo) Veteran chief security officer to advise company on product direction and customer engagement

Cyren Expands Executive Team (Yahoo) Cyren (CYRN), a leader in cloud security, announced today that Lior Kohavi, who has served as Cyren's Chief Technical Officer since joining the company in 2013, has been promoted to the newly created position of Chief Strategy Officer & EVP Advanced Solutions

Products, Services, and Solutions

Blue Hexagon Expands Deep Learning-Based Network Threat Protection Solution with Comprehensive File and Platform Support (Blue Hexagon) Blue Hexagon expands file type and platform support to achieves parity with leading sandbox vendors without suffering from their inherent weaknesses.

SolarWinds Launches SolarWinds Security Event Manager (SEM) to Help IT and Security Pros Better Detect, Respond to, and Report on Threats (Yahoo) SolarWinds (NYSE:SWI), a leading provider of powerful and affordable IT management software, today announced the launch of SolarWinds® Security.

Tripwire Cloud Management Assessor Expands, Now Manages Secure Configuration for All Cloud Assets, from Cloud Storage to SaaS applications (BusinessWire) Enhanced Tripwire cloud security functionality allows organizations to evaluate monitor third-party SaaS applications such as Salesforce.com,

Barracuda launches Advanced Bot Protection (Yahoo) Application security leader deploys machine learning to protect organizations against automated threats CAMPBELL, Calif. , May 23, 2019 /PRNewswire/ -- Highlights: Barracuda Advanced Bot Protection uses ...

Forescout Strengthens Investment in OT Security (West) Forescout leads innovation within the operational technology (OT) cybersecurity space with the release of SilentDefense 4.0

How the browser betrays your organization (Federal News Network) Authentic8 offers a cloud browser called Silo, which facilitates worry-free browsing.

Technologies, Techniques, and Standards

Inside the Government's Quest to Safely Use Open-Source Code (Defense One) One security company found that about 10 percent of individual software components contain a known vulnerability.

CVE-2019-11815: A Cautionary Tale About CVSS Scores (TrendLabs Security Intelligence Blog) by John Simpson Vulnerabilities in the Linux kernel are not uncommon. There are roughly 26 million lines of code, with 3,385,121 lines added and 2,512,040 lines removed in 2018 alone. The sheer complexity of that much code means that vulnerabilities are bound to exist. However, what is not at all common is the existence of...

Protect Your Account With Google's Highest Ranked Security Methods (Life Hacker) Everywhere you turn, someone is handing out advice about account security and privacy. And while it never hurts to be reminded about all the ways you can protect your critical data, have you topped to wonder whether any of the various security measures you’re taking are actually effective?

How to conduct a proper GDPR audit: 4 key steps (CSO Online) Organizations subject to the EU's General Data Protection Regulation should do regular compliance audits. Here are the steps experts say you should take.

12 dark secrets of encryption (CIO) With data security a key concern across all systems, encryption is increasingly becoming the go-to solution. But encryption may be less of a sure thing than you think.

How DHL is securing 'the world's most international company' (CIO) Chin Kiat Chim, vice president and CISO of multinational logistics company DHL, explains the importance of combined business and technology strategies in security and the profile of the new CISO

How to stop email fraud, the costliest cybercrime (Avast) Learn what the FBI urges consumers and businesses to do to stop fraudulent emails.

Design and Innovation

Can the re-use of identity data be a silver bullet for industry? (CSO Online) The ability to re-use identity data for individuals across different systems would greatly simplify authentication. Here's what it would take to make it happen.

When Quantum Computing Meets AI: Smarter Digital Assistants and More (Wall Street Journal) Quantum computing’s processing power could significantly improve artificial-intelligence systems within about five years, experts and business leaders say.

Amazon Is Working on a Device That Can Read Human Emotions (Bloomberg) Described as a health product, it would work with a mobile app. Machines that can understand emotions are a sci-fi staple.

Legislation, Policy and Regulation

‘Not Limited’ to Cyberspace: NATO Threatens Physical Response to Cyberattacks (Sputnik) Jens Stoltenberg, NATO's secretary general, told officials at the Cyber Defense Pledge Conference in London on Thursday that the alliance won't hesitate to use all means necessary to respond to cyberattacks moving forward.

Time finally runs out for Theresa May (Times) Theresa May is set to resign as the Conservative leader today, clearing the way for a new prime minister by the end of July. She is expected to bring her premiership of nearly three years to a...

Who are the candidates to replace Theresa May? (Deutsche Welle) Following Theresa May's confirmation that she will quit on June 7, there are several Conservative candidates jostling for position to replace her as party leader, and by extension prime minister of the United Kingdom.

China’s new cyber totalitarianism (Boulder Weekly) Human Rights Watch has released a report on human rights abuses in the world’s largest totalitarian state — the People’s Republic of China. And it’s terrifying. As bad, if not worse, as anything Orwell imagined in 1984. It turns out that Human Rights Watch got its hands on a mobile surveillance app that Chinese security …

Forced Tech Transfers Are on the Rise in China, European Firms Say (Wall Street Journal) European businesses in China say forced technology transfers to local firms have become more common over the past two years as foreign firms battle for access in the world’s second-largest economy.

US, China dig in heels on Huawei as tech war intensifies (AFP.com) The United States and China hardened their stands over Huawei Thursday as Washington brushed aside claims of "bullying" and accused the Chinese tech giant of misrepresenting its ties to the Beijing government.

What to expect from China, as U.S. companies continue to cut ties with Huawei (Yahoo) Panasonic is the latest U.S. company to cut ties with Huawei. Yahoo Finance talks to the CEO of Red Balloon Security to discuss how China will react to this pull out.

China's Tariff List Advertises Its Trade War Weakness (The National Interest) President Donald Trump obviously overstated the case when he claimed that a trade war with China would be “easy to win.”

Trump calls Huawei 'dangerous' but says dispute could be resolved in trade deal (Stamford Advocate) President Donald Trump raised the possibility that a U.S. dispute with Chinese telecom giant Huawei could be resolved as part of a trade deal, days after his administration cut off U.S. technology sales to the company, calling it a national security threat.

Trump’s latest explanation for the Huawei ban is unacceptably bad (The Verge) It could do lasting damage to America’s credibility

Analysis | The Cybersecurity 202: FEC approves free cybersecurity for campaigns despite influence concerns (Washington Post) A nonprofit plans to give campaigns free security tools and run cyber bootcamps.

Murphy, Waltz to introduce bill to inform officials and public of hacking (Orlando Sentinel) U.S. Reps. Stephanie Murphy and Michael Waltz will file bipartisan legislation to require deferral officials to alert Congress and state and local officials when election systems are hacked.

Proposed US Senate bill would hand $700M to rural telecoms to avoid Huawei & ZTE (AppleInsider) A bipartisan group of U.S. senators have proposed a bill that would hand $700 million in grants to rural telecom providers to cover the cost of stripping Huawei and ZTE gear from their networks.

Senate panel wants to see secure 5G network experimentation (C4ISRNET) The Senate Armed Services Committee wants to ensure the Department of Defense can take advantage of the next generation of wireless technology, 5G.

Inside GCHQ: the art of spying in the digital age (Financial Times) Britain’s biggest intelligence service is rethinking its mission — and recruitment strategy

Facial Recognition Has Already Reached Its Breaking Point (WIRED) Facial recognition technology has proliferated unchecked in the US so far. Congress finally seems ready to do something about it.

UK to invest $28M in cyber operations centers (TheHill) The United Kingdom is preparing to invest 22 million pounds, the equivalent of almost $28 million, to open new cyber operation centers.

Texas passes first grid protection bills to boost cybersecurity monitoring and best practices (Utility Dive) SB 475 establishes the Texas Electric Grid Security Council to develop grid security standards, prepare for grid-related security threats and amend the state emergency plan to ensure coordinated response and recovery efforts.

The U.S. Senate is coming after ‘loot boxes’ (TechCrunch) Gamers feel passionately about loot boxes, turns out some elected officials do too. A new Senate bill was formally introduced today with bipartisan support and it could categorically shift how today’s top platforms and distribution platforms monetize the titles they sell. The bill’s int…

GOP, Dem Senators officially introduce loot box, “pay-to-win” legislation (Ars Technica) Expansive prohibitions could heavily impact large swathes of the game industry.

Litigation, Investigation, and Enforcement

Julian Assange faces 17 new charges under US Espionage Act (Times) The US authorities have issued 17 new charges against Julian Assange and accused him of breaking the Espionage Act for publishing classified military and diplomatic documents. The charges, which...

WikiLeaks founder Julian Assange charged with violating Espionage Act (Washington Post) The case could have major First Amendment repercussions.

WikiLeaks Founder Julian Assange Charged in 18-Count Superseding Indictment (US Department of Justice) A federal grand jury returned an 18-count superseding indictment today charging Julian P. Assange, 47, the founder of WikiLeaks, with offenses that relate to Assange’s alleged role in one of the largest compromises of classified information in the history of the United States. Assistant Attorney General for National Security John C. Demers, U.S. Attorney G. Zachary Terwilliger for the Eastern District of Virginia, Assistant Director John Brown of the FBI’s Counterintelligence Division and Acting Assistant Director in Charge Timothy Dunham of the FBI’s Washington Field Office made the announcement.

The Latest Julian Assange Indictment Is an Assault on Press Freedom (WIRED) By invoking the Espionage Act against Julian Assange, the Justice Department will effectively put national security journalism on trial.

New Assange indictment adds 17 espionage charges (Ars Technica) Obtaining, disclosing "National Defense Information" charges could trigger 1st Amendment battle.

Wikipedia case against NSA internet snooping returns to court (Washington Examiner) Attorneys for Wikipedia are scheduled to return to federal court next week in a long-running fight to limit government surveillance of internet messages.

Huawei Executive Accused by U.S. Startup of Involvement in Trade-Secrets Theft (Wall Street Journal) CNEX Labs, a chip startup backed by Microsoft and Dell, has accused a senior executive at Huawei Technologies of participating in a conspiracy to steal its trade secrets.

San Jose startup claims Huawei exec ordered IP theft (Silicon Valley Business Journal) A back-and-forth lawsuit over allegedly stolen trade secrets took a new turn at a pretrial hearing, where San Jose-based CNEX reportedly claimed a Huawei executive ordered an employee to spy on the startup.

BREAKING: Trump Approves Declassification of Documents Related to 2016 Election Spying (Townhall ) Late Thursday evening, President Trump granted Attorney General Bill Barr the authority to declassify information relevant to the investigation into how spying on the Trump campaign started in 2016.

Republicans Seethe as NSA Slow-Rolls ‘Unmasking’ Reform (The Daily Beast) The agency indicated more than a year ago it would shed more light for Republicans on who gets unmasked and why. Republicans say it hasn’t happened—and they’re not giving up.

TalkTalk Overlooked Nearly 5000 Customers with Breach Notification (Infosecurity Magazine) New report reveals thousands of victims were not informed

Mirai is back. Bad crypto apps rise with alt-coin price. More charges against Mr. Assange. Blacklisting Huawei. Phishbait.

Bring your own context.