The CyberWire Daily Briefing 5.29.19

Cyber Attacks, Threats, and Vulnerabilities

Not RIP: How ISIS Is Going Virtual (The National Interest) Baghdadi has plans to ensure relevancy and reform in the face of territorial loss.

Exclusive: Saudi Dissidents Hit With Stealth iPhone Spyware Before Khashoggi's Murder (Forbes) At least four Saudis have now been targeted with hyper-sophisticated iPhone spyware from an Israeli firm, after Forbes finds a Saudi satirist in London who's been hit.

Iran-linked campaign impersonated GOP midterm candidates online (POLITICO) Other governments are taking a page from the Russian playbook.

Network of Social Media Accounts Impersonates U.S. Political Candidates,Leverages U.S. and Israeli Media in Support of Iranian Interests (FireEye) A network of social media accounts engaging in inauthentic behavior that may support Iranian political interests.

Removing More Coordinated Inauthentic Behavior From Iran (Facebook Newsroom) We removed accounts, Pages and Groups originating in Iran for misrepresenting themselves on Facebook and Instagram.

Yoel Roth on Twitter (Twitter) “Earlier this month, we removed more than 2,800 inauthentic accounts originating in Iran. These are the accounts that FireEye, a private security firm, reported on today. We were not provided with this report or its findings.”

Facebook Removes a Fresh Batch of Iran-Linked Fake Accounts (WIRED) Outside researchers tipped Facebook off that a social media network was pushing Iranian interests, posing as journalists, and even impersonating politicians.

Research Shows Twitter Manipulation in Weeks Before EU Elections (SecurityWeek) Researchers with the Sherpa project analyzed the use of social media as a recommendation system -- specifically Twitter -- ahead of the European elections in May 2019.

Jessikka Aro, the journalist who took on Russian trolls (Times) You might classify a good day at work as your boss not being actively horrible. For Jessikka Aro, a good day at work is one without death threats. Aro is the Finnish journalist who exposed the...

Chinese Spy Group Mixes Up Its Malware Arsenal with Brand-New Loaders (Threatpost) New campaigns also show modified versions of known payloads.

New Zealand Treasury chief says website attacked 2,000 times (Reuters) New Zealand's Treasury chief said on Wednesday that the Treasury website wa...

DuckDuckGo Android Browser Vulnerable to URL Spoofing Attacks (BleepingComputer) The open source DuckDuckGo Privacy Browser for Android version 5.26.0 with more than 5 million installs makes it possible for potential attackers to launch URL spoofing attacks targeting the app's users by exploiting an address bar spoofing vulnerability.

One Million Devices Vulnerable to BlueKeep as Hackers Scan for Targets (SecurityWeek) Nearly one million devices are vulnerable to attacks involving the Windows RDS vulnerability dubbed BlueKeep and it appears that hackers have already started scanning the web in search of potential targets.

Almost one million Windows systems vulnerable to BlueKeep (CVE-2019-0708) (ZDNet) New research puts an initial estimation of 7.6 million vulnerable systems into more context.

One million Windows systems still vulnerable to 'wormable' BlueKeep RDP security flaw (Computing) Microsoft deemed BlueKeep RDP flaw so serious it even supplied a patch for Windows XP.

CVE-2019-0725: An Analysis of Its Exploitability (TrendLabs Security Intelligence Blog) We analyze the exploitability of CVE-2019-0725, a remote code execution (RCE) vulnerability in Windows Dynamic Host Configuration Protocol (DHCP) Server.

New APT10 Activity Detected in Southeast Asia (SecurityWeek) Researchers have detected what they believe to be new activity from Chinese cyber espionage group, APT10. The activity surfaced in the Philippines and shares similar tactics, techniques, and procedures (TTPs) and code associated with APT10.

Emerson Ovation OCR400 Controller (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 6.8ATTENTION: Exploitable remotely/low skill level to exploitVendor: EmersonEquipment: Ovation OCR400 ControllerVulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow2. RISK EVALUATIONSuccessful exploitation of these vulnerabilities may allow privilege escalation or remote code execution, or it may halt the controller.

Flipboard Breached in Nine-Month Raid (Infosecurity Magazine) Hacker accessed user databases, although passwords were encrypted

Google-protected mobile browsers were open to phishing for over a year (Naked Security) Researchers revealed a massive hole in Google Safe Browsing’s mobile browser protection that existed for over a year.

City of Laredo still recovering from cyber-attack (KGNS) The City of Laredo continues to work to connect its departments after a cyber-attack last week left them in the dark.

Baltimore says it will not pay ransom after cyberattack (Phys.org) The US city of Baltimore, a victim this month of a cyberattack that paralyzed part of its computer network, will not pay a ransom to undo the damage, Mayor Bernard Young said Tuesday.

Baltimore's Suffering, The National Security Agency's Role And The Cost To Your Career (Forbes) The hijacking of Baltimore and other cities represents a direct threat to your career. Here's what you can do about that.

Opinion | The Baltimore ransomware attack could be coming to your city — or hospital (Washington Post) These attacks tend to select victims that have weak cybersecurity practices and the means to pay substantial ransoms.

Eternally Blue: Baltimore City leaders blame NSA for ransomware attack (Ars Technica) Mayor and council president ask for federal disaster dollars to clean up IT toxic waste.

Feds owe Baltimore more than an explanation if NSA weapons were trained on the city's computers (Baltimore Sun) The federal government should help cover the costs incurred by Baltimore and other cities if NSA-developed hacking tools were used in ransomware attacks.

Stolen NSA Tool Wreaks Cyber Havoc on US Cities (Ride The Lightning) As the New York Times reported on May 25th, for nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts...

Interns and Social Media: A Goldmine for Hackers (Security Intelligence) A social media post from one of a company's interns was all this people hacker needed to enter a secure area with a counterfeit employee badge. Learn tips for welcoming new employees securely.

Perspective | It’s the middle of the night. Do you know who your iPhone is talking to? (Washington Post) We ran a privacy experiment to see how many hidden trackers are running from the apps on our iPhone. The tally is astounding.

Privilege Escalation Flaw Present In Slick Popup Plugin (Wordfence) In April, our Threat Intelligence team identified a privilege escalation flaw present in the latest version of Slick Popup, a WordPress plugin with approximately 7,000 active installs. We notified the developers, a firm called Om Ak Solutions, who acknowledged the issue and informed us that a patch would be released. Per our disclosure policy, we ...Read More

Hackers breach US license plate scanning company (Naked Security) One of the US’s most widely used vehicle license plate reader (LPR) companies, Perceptics, is reportedly investigating a data breach.

Security Patches, Mitigations, and Software Updates

Windows 10 May 2019 update breaks Sandbox security feature for some Insiders (Computing) Windows Sandbox is intended to help Windows 10 Pro and Enterprise users test untrusted code and websites in a secure environment.

Amazon adds ‘Alexa, delete what I said today’ command – TechCrunch (TechCrunch) Buried in the this morning’s Echo Show 5 announcement are a couple of new security features worth highlighting. In addition to the inclusion of a built-in camera shutter on the new smart display are a pair of Echo commands that let users delete voice recordings with an Alexa command. “A…

Cyber Trends

Proofpoint Q1 2019 Threat Report: Emotet carries the quarter with consistent high-volume campaigns (Proofpoint) Proofpoint researchers describe the threat landscape in the first quarter of 2019.

The Changing Face of Cybersecurity: Protecting Consumers and SMEs (Infosecurity Magazine) Small businesses leak information that criminals can freely obtain and abuse

Most global workers noticed stricter policies at work as a result of GDPR (Help Net Security) When enforcement of the GDPR went into effect on May 25, 2018, it had worldwide implications on data protection and privacy legislation. One year later,

How many adults trust companies with their personal data? (Help Net Security) More than one third (36%) of adults aged 16–75 trust companies and organizations with their personal data more since GDPR came into effect one year ago.

Marketplace

Analysis | The Cybersecurity 202: China’s big weapon in the Huawei fight: Money (Washington Post) U.S. allies may prioritize below-market rates over concerns about spying.

FireEye snags security effectiveness testing startup Verodin for $250M (TechCrunch) When FireEye reported its earnings last month, the outlook was a little light, so the security vendor decided to be proactive and make a big purchase. Today, the company announced it has acquired Verodin for $250 million. The deal closed today. The startup had raised over $33 million since it opene…

Palo Alto Networks to Acquire Cloud Security Company Twistlock (CTECH) Twistlock develops cybersecurity software for serverless, cloud, and container-based applications

Data Security Company AlgoSec to Lay Off Dozens of Employees (CTECH) AlgoSec develops data security management software used for enterprises and lists Microsoft, General Motors, Unilever, British Petroleum, and Sony as clients

Perspecta Awarded Funds for Background Check System (SIGNAL Magazine) Artificial intelligence and machine learning will aid efficiency.

Terbium Labs Named to Inc. Magazine's Best Workplaces 2019 (PRWeb) Terbium Labs has been named one of Inc. magazine’s Best Workplaces for 2019. The fourth annual ranking is a comprehensive measurement of private American compa

Cyber:Secured Forum 2019 to Feature Keynote Presentation From the NSA’s David Hogue (Cyber:Secured Forum) Hogue will address fostering innovation and public-private partnerships in cyber defense at this cybersecurity educational summit July 29-31 in Dallas.

Wells Fargo Names Industry Leaders to Technology Organization | Wells Fargo Online Newsroom (Wells Fargo) Today, Wells Fargo & Company (NYSE: WFC) named Gary Owen as chief information security officer and head of Information Security, and Steve Hagerman as head of Consumer Lending Technology. Both will join the company’s Technology organization reporting directly to Saul Van Beurden, head of Technology.

Products, Services, and Solutions

Tripwire Joins Amazon Web Services Partner Network Enabling Cloud-Delivered Cybersecurity Solutions (Tripwire) Vulnerability management solution Tripwire IP360 released on AWS Marketplace

Squirrel Compliancy Solutions Awarded Contract to Provide CCRI Support by the US Army's Military Entrance Process Command (MEPCOM) (Markets Insider) Squirrel Compliancy Solutions, a provider of network infrastructure security management, is announcing the Unite...

Radiflow iSID Industrial Cybersecurity App Now Available on Cortex by Palo Alto Networks (Yahoo) Radiflow, a leading provider of industrial cybersecurity solutions for industrial automation networks, today announced the availability of its iSID Industrial ...

ImmuniWeb launches free website security and GDPR compliance test (Immuniweb) The non-intrusive online test quickly verifies relevant GDPR and PCI DSS requirements, checks CMS security and runs a privacy check.

HP Collaborates with Deep Instinct to Roll Out AI-Powered Malware Protection for Next Generation HP EliteBook and ZBook PCs (BusinessWire) To provide customers with the best in next-generation cybersecurity protection, HP is working with Deep Instinct, the first company to apply an end-to

GitHub introduces Dependabot-powered automated security fixes (Help Net Security) GitHub has announced new and improved security tools for open source developers, including automated security fixes powered by Dependabot.

LIFARS, eSentire Deliver Incident Response-as-a-Service (MSSP Alert) LIFARS & eSentire introduce Incident Response as a Service. Together, the two companies offer managed security (MSSP), managed detection & response (MDR) & digital forensics services.

Polymath and CrowdEngine Team Up to Offer Complete Token Issuance Solution (PR Newswire) Polymath, the leading security token platform, has teamed up with CrowdEngine, a white-label issuance platform, to ...

PageFreezer Achieves ISO 27001 Certification (Yahoo) PageFreezer, a leading web and social media compliance archiving and data loss prevention provider, announces companywide ISO 27001 certification of in-house processes. PageFreezer Software is today announcing that it has earned ISO 27001 certification

Security Current Releases CISO-Authored Research Report on Vulnerability Management (PR Newswire) Security Current today announced the release of its CISO-authored report, CISOs Investigate: Vulnerability Management....

VinaPhone Selects KoolSpan to Power ProCall Secure Communications Solution (AP NEWS) VinaPhone ( http://vinaphone.com.vn ), the leading provider of advanced telecommunications technologies and services to government, enterprise, small & medium-sized business, and consumers in Vietnam announces its partnership with KoolSpan to power VinaPhone ProCallTM, the secure mobile communications solution for Vietnam.

OPAQ and Equinix to Present Session on Protecting Modern Networks with Next Generation Firewall-as-a-Service at Palo Alto Ignite ‘19 (BusinessWire) Session will explore how digital/cloud transformation introduces a security gap that is not addressed by on-premise firewalls and what can be done.

28 DevSecOps tools for baking security into the development process (CSO Online) Catch and remediate application vulnerabilities earlier and help integrate security in the the development process with these five categories of DevSecOps tools.

Technologies, Techniques, and Standards

Russia's Would-Be Windows Replacement Gets a Security Upgrade (Defense One) For sensitive communications, the Russian government aims to replace the ubiquitous Microsoft operating system with a bespoke flavor of Linux, a sign of the country's growing IT independence.

()

6 Common Flaws that Can Emerge in a Network Security Strategy Over Time (Bricata) As networks grow and evolve the change introduces new security flaws in the defenses. Here are six of the common flaws we see in our day-to-day work.

How to diminish the great threat of legacy apps (Help Net Security) Mitigating the risk that legacy apps represent requires planning. The following are a few best practices for ensuring a sound application security posture.

Volume and quality of training data are the largest barriers to applying machine learning (Help Net Security) Nearly eight out of 10 enterprise organizations currently engaged in AI and machine learning (ML) report that projects have stalled.

Handle personal data: What we forget is as important as what we remember (Help Net Security) Knowing the location of all personal data is also necessary to comply with a right to erasure request, but that's not all.

Don’t Mistake Compliance for Security (WhiteHat Security) Is your organization compliant with the security standards and regulations implemented by your industry, state, or country that are applicable to your organization? If you answered yes, congratulations. Now, a follow-up question. Is your organization actually secure? These are two distinct considerations.

Disrupting an Attacker from Exploiting Domain Credentials (Preempt) Disrupting an Attacker from Exploiting Domain Credentials - let’s review some zero-day attack patterns and discuss how to disrupt an attacker’s plan.

Act before a cyber-attack happens to you (Accounting Today) Don't wait for a breach to shore up your defenses -- and to help your clients protect themselves.

Big Ocean Cargo Carriers Join Blockchain Initiative (Wall Street Journal) Two major European ship operators have joined a blockchain platform, in a significant boost for the adoption of the technology across the logistics industry.

Embracing Your Legacy: Protecting Legacy Systems in a Modern World (Infosecurity Magazine) Legacy infrastructure is still a crucial part of enterprises across many industries

What I Learned Trying To Secure Congressional Campaigns (Idle Words) You know how it happens. You try to secure one Congressional campaign, and then another, and pretty soon you can't stop. You'll fly across the country just to brief a Green Party candidate in a district the Republicans carried by 60 points. You want more, more, always looking for that next fix.

()

Design and Innovation

We Need to Build Up ‘Digital Trust’ in Tech (WIRED) Opinion: Framing our concerns with tech as issues of privacy or responsibility focuses narrowly on symptoms, not on the systemic issue—we need digital trust.

Research and Development

This AI Uses Echolocation to Identify What You're Doing (WIRED) A research team built a device that can emit an ultrasonic pitch and pick up its echoes to tell if a person is sitting, standing, or walking.

To Fight Deepfakes, Researchers Built a Smarter Camera (WIRED) One way to tell if an image has been faked? Bake the tamper-proofing into the camera itself.

Academia

WNC Recognized in Top Tier in Governors’ Cybersecurity Talent Discovery Program - Western Nevada College (Western Nevada College) WNC ranked No. 4 in Nevada and No. 135 out of 5,200 colleges across the nation in the number of students discovering their aptitude for cybersecurity careers.

Sheridan College Student Selected For Prestigious Cybersecurity Internship (Wyoming Public Media) A student from Sheridan College was one of ten students from across the country chosen for a highly competitive cyber-security internship this summer.

Legislation, Policy and Regulation

US Sanctions on Huawei May Fuel China's Plan for Its Own Tech (WIRED) China's government has to plan to wean itself from reliance on Western technology. Blacklisting Huawei will only accentuate that impulse.

U.S. pushes hard for a ban on Huawei in Europe, but the firm’s 5G prices are nearly irresistible (Washington Post) The company can afford to provide such steep discounts in part because it has a silent partner: the Chinese government. And European officials, uncertain of Washington’s true intent, fear that recent security moves might be used as leverage in trade talks with Beijing.

Iranian guard talks tough, says it has no fear of US (Military Times) “The enemy is not more powerful than before,” said the Guard spokesman, Gen. Ramazan Sharif.

NATO to integrate offensive cyber capabilities of individual members (Fifth Domain) The head of the alliance has said NATO members must be willing to use cyber capabilities.

Cyber Command’s Strategy Risks Friction With Allies (Lawfare) The U.S. may have to operate in allied networks to adequately check its adversaries. Allies may not be so keen.

DHS assessment of foreign VPN apps finds security risk real, data lacking (CyberScoop) The risk posed by foreign-made VP applications must be accounted for, according to senior DHS official Christopher Krebs.

Former Unit 8200 Directors Among Tech Leaders Protesting Planned Legislation in Israel (CTECH - www.calcalistech.com) Pinhas Buchris and Ehud Schneorson, both former directors of Unit 8200, the Israeli military's equivalent of the NSA, are among the key figures signed on a letter of protest sent to Israeli lawmakers

DOJ Outlines Strategic IT Plan, Focuses on Innovation and Security (FedTech) The Justice Department plans to make cloud migration and efficient technology investment key elements of its agenda.

US Senate passes anti-robocalling bill (Naked Security) The TRACED Act was a slam dunk in the Senate, where it passed with an overwhelming 97-1 vote.

The Air Force names a new boss for ‘cyber effects’ (Fifth Domain) The Air Force's recently created deputy chief of staff for intelligence, surveillance, reconnaissance and cyber effects operations is getting a new leader.

Litigation, Investigation, and Enforcement

Huawei asks courts to overturn US ban claiming it is unconstitutional (Computing) Section 889 of the National Defense Authorization Act 2019 declares Huawei guilty without trial, the company claims.

Huawei Revs Up Its U.S. Lawsuit, With the Media in Mind (New York Times) The Chinese telecommunications giant has filed for summary judgment against the White House as it challenges limits against it via the courts and public opinion.

Redditor can stay anonymous, court rules (Naked Security) The Watch Tower sought to unmask a Jehovah’s Witness who posted its content to show what data the organization collects and processes.

Motion filed to dismiss lead prosecutor and possibly judge in SEAL war crime trial (Navy Times) “If the Military Judge authorized an investigation with such little knowledge, that is, at the very least, quite unnerving,” the motion reads.

She's serving 5 years in jail for leaking one document. Her mother says she's being silenced (CNN) The mother of the first whistle-blower arrested in the Trump era says her daughter is being held under an unjust media blackout to stop the American public learning who she really is.

Ireland Gets About Double the Average Breach Reports Under GDPR (BleepingComputer) The Irish data .watchdog says that it received almost double the number of valid data security breach notifications when compared to the European Union average, with 5,818 reports being filed in Ireland since May 25, 2018, while other EU member states received around 3,188 notifications during the last year.

How Barr's investigation will alienate our allies and harm national security (Washington Monthly) It is one more way that Trump is doing Putin's bidding.

CrowdStrike settles lawsuit as it preps for IPO (PitchBook) After two years, software developer CrowdStrike has settled a lawsuit with NSS Labs related to product testing. The settlement comes not long after the cybersecurity unicorn filed to go public.

Social Media Monitoring (Brennan Center for Justice) How the Department of Homeland Security Uses Digital Data in the Name of National Security

Cryptopia Fights to Keep Data Held by Arizona Firm (Infosecurity Magazine) The exchange, which was hacked and went into liquidation in May, has filed for U.S. bankruptcy protection.

Password Spraying Fells Citrix. Are We Next? (Infosecurity Magazine) The Citrix breach could turn out to be one of the most important in recent years

Midterm trolling from Tehran. BlueKeep updates. More Pegasus infestations noted. ISIS goes virtual. Bill of attainder?

Bring your own context.