The CyberWire Daily Briefing 1.15.19

Cyber Attacks, Threats, and Vulnerabilities

Netanyahu says Israel’s ready for any election cyber-meddling scenario. It isn’t (Times of Israel) Israelis' intimate data has been widely leaked, including from ministries * Laws are outdated, unenforced * Abuse of social media is rampant * Facebook won't respond to inquiries

Some of the biggest web hosting sites were vulnerable to simple account takeover hacks (TechCrunch) A security researcher has found, reported and now disclosed a dozen bugs that made it easy to steal sensitive information or take over any customer’s account from some of the largest web hosting companies on the internet. In some cases, clicking on a simple link would have been enough for Pau…

Flaws in Amadeus’ airline booking system made it easy for hackers to change passenger records (TechCrunch) You might not know Amadeus by name, but hundreds of millions of travelers use it each year. Whether you’re traveling for work or vacation, most consumers book their flights through one of a handful of bespoke reservation systems used across the commercial aviation industry. Amadeus is one of …

BEC Gangs Focus on Executives for Payroll Diversion Scams (Agari) Cybercriminals are increasingly targeting HR departments, tricking employees into changing payroll details and diverting paychecks into criminal accounts.

Hack Allows Escape of Play-with-Docker Containers (Threatpost) Researchers created a proof-of-concept escape of Docker test environment.

Criminals wielding Ryuk ransomware specialize in targeting enterprises (Help Net Security) A cybercriminal group using the Ryuk ransomware to exclusively target enterprises has managed to amass over 705 Bitcoins in less than six months.

Demonstrating Command Injection and E-Stop Abuse Against Industrial Radio Remote Controllers (TrendLabs Security Intelligence Blog) In our research, we found that it is possible to perform attacks within or out of RF range. For remote attackers out of the transmission range, there are two possibilities: be a truly remote attacker and do a computer-borne attack (that is, to take control of a computer used to software-program or -control the RF devices), or have temporary physical access to the facility to drop a battery-powered, pocket-sized embedded device for remote access. As a proof of concept (PoC), we developed such a device to show the feasibility.

Ryuk Ransomware Partners with TrickBot to Gain Access to Infected Networks (BleepingComputer) Ryuk has historically been considered a a targeted ransomware where the actors scope out networks in order to gain access and install their ransomware. New research now indicates that the Ryuk actors may be using other malware as an Access-as-a-Service to gain access to networks.

Multiple Zero-Days in PremiSys IDenticard Access Control System (Tenable®) Tenable Research discovered multiple zero-day vulnerabilities in the PremiSys access control system developed by IDenticard.

Fake Movie File Infects PC to Steal Cryptocurrency, Poison Google Results (BleepingComputer) A malicious Windows shortcut file posing as a movie via The Pirate Bay torrent tracker can trigger a chain of mischievous activities on your computer, like injecting content from the attacker into high-profile web sites such as Wikipedia, Google and Yandex Search or by stealing cryptocurrency.

SmokeLoader malware downloader enters list of most wanted malware (Help Net Security) SmokeLoader, a second-stage downloader known to researchers since 2011, rose 11 places in December to enter the Index’s top 10 at ninth place.

The Shikata Ga Nai Encoder (Booz Allen Hamilton) Everything you need to know about the Shikata Ga Nai encoder. How it works, how to generate your own signatures, and ways you can help improve the encoder.

Analysis | The Cybersecurity 202: White House emails are highly vulnerable to hackers and spammers, new data shows (Washington Post) It isn't following government rules requiring email spoofing protections, according to ValiMail.

Facebook exec gets SWATted (Naked Security) The imposter claimed to be the Facebook exec and said he’d shot his wife, tied up his kids and planted pipe bombs “all over the place.”

A city in Texas is using paper after suffering ransomware attack (HackRead) Another day, another devastating ransomware attack; this time, computers at The City Hall of Del Rio, Texas have suffered a massive ransomware attack forcing authorities to completely shut down the targeted network.

UK Banks Finally Issue New Cards After Ticketmaster Breach (Infosecurity Magazine) Incident was first reported to ticketing firm in April

Security Patches, Mitigations, and Software Updates

Schneider Electric's car charging stations get crucial patches (CyberScoop) Schneider Electric recently patched three security flaws in a popular type of electric-car charger that it manufactures, vulnerability assessment company Positive Technologies said Monday.

Cyber Trends

Almost Half of Companies Still Can’t Detect IoT Device Breaches, Reveals Gemalto Study (BusinessWire) Gemalto, the world leader in digital security, can today reveal that only around half (48%) of businesses can detect if any of their IoT devices suffe

Radware Report Shows That Respondants Claim Average Cost of Cyberattack Now Exceeds $1 Million (Nasdaq) Operational/Productivity Loss (54%) and Negative Customer Experience (43%) are Identified as the Primary Impacts of Cyberattacks

ExpressVPN Survey: Americans Want More Power over Their Data (ExpressVPN) Most Americans want more control over personal data that companies collect about them, an ExpressVPN survey found, but don’t expect to get it.

Tech Companies Constantly Break Our Trust and That Isn't Even the Real Problem (Popular Mechanics) The giants of tech can't be trusted—and we shouldn't have to trust them in the first place.

43% of businesses are still running Windows 7, security threats remain (Help Net Security) With one year to go until Microsoft ends support for its ten-year-old operating system Windows 7, as many as 43% of enterprises are still running the

Microsoft President Brad Smith says these are the 10 biggest challenges facing tech in 2019 (Business Insider) Microsoft CEO Brad Smith predicts tech will have to tackle artificial intelligence, US/China relations, state-sponsored cyberattacks, and more.

Marketplace

Huawei CEO Says Company Doesn’t Spy for China, Praises Trump (Wall Street Journal) The founder and CEO of Huawei said his company has never spied for the Chinese government—and never would—as he made a rare public appearance following the arrest of his daughter in Canada.

Report says Huawei and ZTE are taking different approaches to the U.S. smartphone market (Phone Arena) ZTE has hired former Senator and VP candidate Joe Lieberman to lobby in the U.S. While the company hopes to clear its name in the U.S., Huawei seems resigned to walk away from the U.S. market; both Chinese firms are considered national security threats in the states.

Sonrai Security Raises More Than $18 Million and Launches First Cloud Data Control Service - Sonraí Security (Sonraí Security) Enterprises are working with Sonraí Security to protect their clouds.

Data management startup Rubrik gets $261M at a $3.1B valuation as it moves into security and compliance (TechCrunch) There is a growing demand for stronger security at every point in the IT ecosystem, and today, one of the the more successful enterprise startups to emerge in the last several years is announcing a big round of funding to provide that. Rubrik, which provides enterprise data management and backup se…

The deal is done. Engility is now a subsidiary of SAIC. (Washington Business Journal) Engility Holdings Inc. is now a subsidiary.

Thoma Bravo Completes Acquisition of Imperva (CTECH) The technology investment firm announced an agreement to buy Nasdaq-listed information security company Imperva for $2.1 billion in October 2018

3 Cybersecurity Stocks to Watch in 2019 (Equities.com) These three cyber security stocks are poised to gain from the trend towards cloud based security.

How cyber competitions can help fill the cybersecurity talent shortage (CSO Online) The Cyber Security Challenge Masterclass event helps employers find skilled but non-traditional job candidates.

Afilias Joins Global Commission on the Stability of Cyberspace (PR Newswire) Afilias, the world's second largest domain name registry, has joined the Management Board of the Global...

Introducing Nick Hayes, IntSights’ New VP of Strategy! (IntSights Blog) I’m excited to kick off the new year with an important announcement. IntSights has hired Nick Hayes, formerly Senior Analyst at Forrester Research, as our Vice President of Strategy! Here’s a bit more about Nick’s experience, what he’ll be responsible for and why he joined IntSights.

Products, Services, and Solutions

HubStor Announces New Continuous Backup and Version Control to its Software-based Cloud Storage Platform (HubStor) New cloud backup features -- continuous data protection and version control policies -- offer enterprises more capabilities for information protection.

Nozomi Networks, Schneider Electric Work Together to Secure Critical Infrastructure (Nozomi Networks) I’m excited to let you know that Schneider Electric has teamed up with Nozomi Networks to help secure industrial facilities as they face escalating cyber threats and rapid digital transformation in the age of IIoT.

IoT Radar App from CYBEATS Now Available on the Palo Alto Networks Application Framework (Olean Times Herald) On the heels of a $3M seed investment, Cybeats, a cybersecurity company protecting Internet of Things (IoT) devices, today announced the availability of its IoT Radar app

RANK Software Partners with Scalar to Advance Proactive Cybersecurity Threat Hunting as a Service (GlobeNewswire News Room) RANK Software, an AI-based security analytics and threat intelligence platform, and Scalar, Canada’s leading IT solutions provider, today announced a partnership to deliver next-generation cybersecurity solutions through new Security Operations Centers.

Endace Joins IBM Security App Exchange Community (MarketWatch) EndaceProbe™part of collaborative development to stay ahead of evolving threats

Wapack Labs Introduces the Virtual Trust Officer Program (PR Newswire) Wapack Labs LLC announced today their new Virtual Trust Officer (vTO) Program. Insider threats plague even the...

Three encrypted Slack alternatives worth a look (CSO Online) Slack is not end-to-end encrypted, leaving workplaces that use the popular collaboration tool vulnerable to both hackers and nation-state attacks. These encrypted alternatives will keep your team chats private.

Technologies, Techniques, and Standards

USB-C Authentication sounds great, so why are people worried? (Naked Security) USB-C Authentication could banish USB threats forever, but it might also mean you’re tied to buying ‘approved’ accessories.

The Department of Health and Human Services Issues Guidelines on GDPR’s Territorial Scope (Cooley) On December 28, 2018, the U.S. Department of Health and Human Services (“HHS”) released the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication (t…

A new taxonomy for SCADA attacks (Help Net Security) There's no time like the present to start using a consistent, evidence-based taxonomy to analyze SCADA attacks and learn from them.

Banks Take the Hint From Regulators and Test AI to Spot Criminals (Wall Street Journal) Lenders such as U.S. Bancorp have come to recognize the benefits of working closely with regulators on AI implementation.

Zero trust pushes agencies away from an outdated approach to cybersecurity (Federal News Network) Randy Wood, vice president of U.S. public sector sales for Akamai, said zero trust is not a new idea, but one that is about five years old.

Shipmates, Information Management Is a Life-or-Death Proposition (Defense One) In the U.S. Navy, using and protecting data isn't just for "the IT guys" anymore. Everyone needs to get on board.

How to build a better CISO (Help Net Security) The technology industry has long been categorized by its ability to transform at the blink of an eye. If you think back 20 years, the internet was just

Bug Bounties Aren’t Silver Bullet for Better Security: Report (Infosecurity Magazine) MIT report also claims researchers rarely make good money from them

Design and Innovation

Accessibility Trumps Security in the Battle Between Authentication Alternatives (Infosecurity Magazine) We have the technology to make authentication more secure, so why do we insist on outdated, tired and inferior solutions?

Academia

LastPass Launches STEM Scholarship Program to Build Next Generation of Tech Leaders (Logmein) LastPass by LogMeIn, a leader in password management, today announced the launch of the LastPass STEM Scholarship Program , which aims to support students pursuing an education in science, technology, engineering or math (STEM) fields. Through the new program, LastPass will award one graduating high school or current college student $10,000 for tuition and $2,000 for books.

LastPass STEM Scholarship Program & Application (LastPass) LastPass is offering a $10K tuition scholarship plus $2K for books for incoming and current STEM undergrads. Are you the next leader in online security? Apply here.

Legislation, Policy and Regulation

Polish Government Mulls Huawei Ban After Employee Arrested (Infosecurity Magazine) Sales director sacked after being cuffed on spy charges

Poland Urges NATO Allies to Coordinate Against China Cybersecurity Challenges (Wall Street Journal) Poland is joining the U.S. in pressing its NATO allies to coordinate efforts to address security challenges from China after the arrest of two men on charges of spying for Beijing.

China says countries should end 'fabrications' about Huawei (Reuters) China on Monday urged countries to end "fabrications" about Huawei, af...

India's top court seeks govt response on plans to snoop on... (Reuters) India's Supreme Court on Monday asked the government to respond in six week...

Idaho plans to hire a cybersecurity specialist for elections | StateScoop (StateScoop) The new position would be responsible for monitoring threats against the state’s voter registration database and coordinating with county-level officials.

Navy reservists power a new cyber development unit (Fifth Domain) The new unit will focus on delivering capabilities to Navy cyberwarriors.

Litigation, Investigation, and Enforcement

China blocks Western diplomats from trial of 'cyber-dissident' (Reuters) China on Monday blocked Western diplomats from attempting to attend the trial of...

Kaspersky Helps the NSA (Lawfare) Kaspersky Labs, the Russian cybersecurity company, helped the NSA find a mole? For real.... it did.

Trump denies ever working for Russia, blasts investigators as ‘dirty cops’ (Military Times) Trump said he's been

Facebook Faces Action From German Watchdog (Dark Reading) German antitrust regulators prepare to require changes from Facebook regarding privacy and personal information.

Courts Hand Down Hard Jail Time for DDoS (KrebsOnSecurity) Seldom do people responsible for launching crippling cyberattacks face justice, but increasingly courts around the world are making examples of the few who do get busted for such crimes.

Bugs reported in web hosts. BEC for payroll diversion. Controversy over Huawei continues. Facebook exec swatted (no injuries).