The CyberWire Daily Briefing 1.15.19

Summary

By the CyberWire staff

A well-known bug hunter has told TechCrunch he’s located some twelve flaws that affect some of the largest web hosting companies on the Internet: Bluehost, DreamHost, Hostgator, OVH and iPage.

Agari is seeing an uptick in payroll diversion attempts. The criminals are using social engineering, specifically business email compromise, against human resources departments.

If you’re out there fabricating connections between Huawei and espionage, the Chinese government would like you to please knock it off, says Reuters. The counsel will probably fall largely on deaf ears, even after a statement from Huawei founder and CEO Ren Zhengfei. The Wall Street Journal reports that Mr. Ren says the company hasn’t installed backdoors in its products, isn’t required by Chinese law to do so, and would refuse requests to assist in espionage. Despite American animadversions about Huawei and security, Mr. Ren says he likes the cut of President Trump’s jib.

Beijing is probably scowling in the general direction of Warsaw, where, the Wall Street Journal notes, the Polish government is not only considering a ban on Huawei, but also is urging its NATO allies to develop a coordinated response to Chinese spying.

A Facebook executive has been subjected to a swatting attack. Naked Security calls it a “prank,” but it’s an unusually repellent and dangerous one. The caller pretended to be the executive (unnamed in reports) and told police “he’d” shot his wife, tied up his children, and placed pipe bombs throughout their home. Fortunately no one was injured in the police response.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Canada, China, Germany, India, Israel, Liberia, NATO/OTAN, Poland, Russia, United Kingdom, United States

Bridge the Gap Between Policy & Technology at Georgetown

The Georgetown University Master's in Cybersecurity Risk Management prepares you to navigate today’s increasingly complex cyber threats. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. Join us for a webinar on Tuesday, January 29, at noon ET to explore our program.

On the Podcast

In today's podcast, out later this afternoon, Rick Howard from our partners at Palo Alto Networks revisits the notion of a cyber moon shot. Carole Theriault speaks with Paul Baccas from Proofpoint about the recent hack of an Australian emergency warning system.

Sponsored Events

Proactive Cybersecurity: Modeling Adversarial Behavior (Online, January 23, 2019) Join LookingGlass Product Manager, Dan Martin, and Security Ledger Editor-in-Chief, Paul Roberts for an introduction to ScoutThreat™, a threat management platform that helps security analysts streamline threat analysis work and extract the maximum value from threat intelligence.

5th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, March 13, 2019) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Wednesday, March 13th, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. Register today!

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Netanyahu says Israel’s ready for any election cyber-meddling scenario. It isn’t (Times of Israel) Israelis' intimate data has been widely leaked, including from ministries * Laws are outdated, unenforced * Abuse of social media is rampant * Facebook won't respond to inquiries

Some of the biggest web hosting sites were vulnerable to simple account takeover hacks (TechCrunch) A security researcher has found, reported and now disclosed a dozen bugs that made it easy to steal sensitive information or take over any customer’s account from some of the largest web hosting companies on the internet. In some cases, clicking on a simple link would have been enough for Pau…

Flaws in Amadeus’ airline booking system made it easy for hackers to change passenger records (TechCrunch) You might not know Amadeus by name, but hundreds of millions of travelers use it each year. Whether you’re traveling for work or vacation, most consumers book their flights through one of a handful of bespoke reservation systems used across the commercial aviation industry. Amadeus is one of …

BEC Gangs Focus on Executives for Payroll Diversion Scams (Agari) Cybercriminals are increasingly targeting HR departments, tricking employees into changing payroll details and diverting paychecks into criminal accounts.

Hack Allows Escape of Play-with-Docker Containers (Threatpost) Researchers created a proof-of-concept escape of Docker test environment.

Criminals wielding Ryuk ransomware specialize in targeting enterprises (Help Net Security) A cybercriminal group using the Ryuk ransomware to exclusively target enterprises has managed to amass over 705 Bitcoins in less than six months.

Demonstrating Command Injection and E-Stop Abuse Against Industrial Radio Remote Controllers (TrendLabs Security Intelligence Blog) In our research, we found that it is possible to perform attacks within or out of RF range. For remote attackers out of the transmission range, there are two possibilities: be a truly remote attacker and do a computer-borne attack (that is, to take control of a computer used to software-program or -control the RF devices), or have temporary physical access to the facility to drop a battery-powered, pocket-sized embedded device for remote access. As a proof of concept (PoC), we developed such a device to show the feasibility.

Ryuk Ransomware Partners with TrickBot to Gain Access to Infected Networks (BleepingComputer) Ryuk has historically been considered a a targeted ransomware where the actors scope out networks in order to gain access and install their ransomware. New research now indicates that the Ryuk actors may be using other malware as an Access-as-a-Service to gain access to networks.

Multiple Zero-Days in PremiSys IDenticard Access Control System (Tenable®) Tenable Research discovered multiple zero-day vulnerabilities in the PremiSys access control system developed by IDenticard.

Fake Movie File Infects PC to Steal Cryptocurrency, Poison Google Results (BleepingComputer) A malicious Windows shortcut file posing as a movie via The Pirate Bay torrent tracker can trigger a chain of mischievous activities on your computer, like injecting content from the attacker into high-profile web sites such as Wikipedia, Google and Yandex Search or by stealing cryptocurrency.

SmokeLoader malware downloader enters list of most wanted malware (Help Net Security) SmokeLoader, a second-stage downloader known to researchers since 2011, rose 11 places in December to enter the Index’s top 10 at ninth place.

The Shikata Ga Nai Encoder (Booz Allen Hamilton) Everything you need to know about the Shikata Ga Nai encoder. How it works, how to generate your own signatures, and ways you can help improve the encoder.

Analysis | The Cybersecurity 202: White House emails are highly vulnerable to hackers and spammers, new data shows (Washington Post) It isn't following government rules requiring email spoofing protections, according to ValiMail.

Facebook exec gets SWATted (Naked Security) The imposter claimed to be the Facebook exec and said he’d shot his wife, tied up his kids and planted pipe bombs “all over the place.”

A city in Texas is using paper after suffering ransomware attack (HackRead) Another day, another devastating ransomware attack; this time, computers at The City Hall of Del Rio, Texas have suffered a massive ransomware attack forcing authorities to completely shut down the targeted network.

UK Banks Finally Issue New Cards After Ticketmaster Breach (Infosecurity Magazine) Incident was first reported to ticketing firm in April

Security Patches, Mitigations, and Software Updates

Schneider Electric's car charging stations get crucial patches (CyberScoop) Schneider Electric recently patched three security flaws in a popular type of electric-car charger that it manufactures, vulnerability assessment company Positive Technologies said Monday.

Cyber Trends

Almost Half of Companies Still Can’t Detect IoT Device Breaches, Reveals Gemalto Study (BusinessWire) Gemalto, the world leader in digital security, can today reveal that only around half (48%) of businesses can detect if any of their IoT devices suffe

Radware Report Shows That Respondants Claim Average Cost of Cyberattack Now Exceeds $1 Million (Nasdaq) Operational/Productivity Loss (54%) and Negative Customer Experience (43%) are Identified as the Primary Impacts of Cyberattacks

ExpressVPN Survey: Americans Want More Power over Their Data (ExpressVPN) Most Americans want more control over personal data that companies collect about them, an ExpressVPN survey found, but don’t expect to get it.

Tech Companies Constantly Break Our Trust and That Isn't Even the Real Problem (Popular Mechanics) The giants of tech can't be trusted—and we shouldn't have to trust them in the first place.

43% of businesses are still running Windows 7, security threats remain (Help Net Security) With one year to go until Microsoft ends support for its ten-year-old operating system Windows 7, as many as 43% of enterprises are still running the

Microsoft President Brad Smith says these are the 10 biggest challenges facing tech in 2019 (Business Insider) Microsoft CEO Brad Smith predicts tech will have to tackle artificial intelligence, US/China relations, state-sponsored cyberattacks, and more.

Marketplace

Huawei CEO Says Company Doesn’t Spy for China, Praises Trump (Wall Street Journal) The founder and CEO of Huawei said his company has never spied for the Chinese government—and never would—as he made a rare public appearance following the arrest of his daughter in Canada.

Report says Huawei and ZTE are taking different approaches to the U.S. smartphone market (Phone Arena) ZTE has hired former Senator and VP candidate Joe Lieberman to lobby in the U.S. While the company hopes to clear its name in the U.S., Huawei seems resigned to walk away from the U.S. market; both Chinese firms are considered national security threats in the states.

Sonrai Security Raises More Than $18 Million and Launches First Cloud Data Control Service - Sonraí Security (Sonraí Security) Enterprises are working with Sonraí Security to protect their clouds.

Data management startup Rubrik gets $261M at a $3.1B valuation as it moves into security and compliance (TechCrunch) There is a growing demand for stronger security at every point in the IT ecosystem, and today, one of the the more successful enterprise startups to emerge in the last several years is announcing a big round of funding to provide that. Rubrik, which provides enterprise data management and backup se…

The deal is done. Engility is now a subsidiary of SAIC. (Washington Business Journal) Engility Holdings Inc. is now a subsidiary.

Thoma Bravo Completes Acquisition of Imperva (CTECH) The technology investment firm announced an agreement to buy Nasdaq-listed information security company Imperva for $2.1 billion in October 2018

3 Cybersecurity Stocks to Watch in 2019 (Equities.com) These three cyber security stocks are poised to gain from the trend towards cloud based security.

How cyber competitions can help fill the cybersecurity talent shortage (CSO Online) The Cyber Security Challenge Masterclass event helps employers find skilled but non-traditional job candidates.

Afilias Joins Global Commission on the Stability of Cyberspace (PR Newswire) Afilias, the world's second largest domain name registry, has joined the Management Board of the Global...

Introducing Nick Hayes, IntSights’ New VP of Strategy! (IntSights Blog) I’m excited to kick off the new year with an important announcement. IntSights has hired Nick Hayes, formerly Senior Analyst at Forrester Research, as our Vice President of Strategy! Here’s a bit more about Nick’s experience, what he’ll be responsible for and why he joined IntSights.

Products, Services, and Solutions

HubStor Announces New Continuous Backup and Version Control to its Software-based Cloud Storage Platform (HubStor) New cloud backup features -- continuous data protection and version control policies -- offer enterprises more capabilities for information protection.

Nozomi Networks, Schneider Electric Work Together to Secure Critical Infrastructure (Nozomi Networks) I’m excited to let you know that Schneider Electric has teamed up with Nozomi Networks to help secure industrial facilities as they face escalating cyber threats and rapid digital transformation in the age of IIoT.

IoT Radar App from CYBEATS Now Available on the Palo Alto Networks Application Framework (Olean Times Herald) On the heels of a $3M seed investment, Cybeats, a cybersecurity company protecting Internet of Things (IoT) devices, today announced the availability of its IoT Radar app

RANK Software Partners with Scalar to Advance Proactive Cybersecurity Threat Hunting as a Service (GlobeNewswire News Room) RANK Software, an AI-based security analytics and threat intelligence platform, and Scalar, Canada’s leading IT solutions provider, today announced a partnership to deliver next-generation cybersecurity solutions through new Security Operations Centers.

Endace Joins IBM Security App Exchange Community (MarketWatch) EndaceProbe™part of collaborative development to stay ahead of evolving threats

Wapack Labs Introduces the Virtual Trust Officer Program (PR Newswire) Wapack Labs LLC announced today their new Virtual Trust Officer (vTO) Program. Insider threats plague even the...

Three encrypted Slack alternatives worth a look (CSO Online) Slack is not end-to-end encrypted, leaving workplaces that use the popular collaboration tool vulnerable to both hackers and nation-state attacks. These encrypted alternatives will keep your team chats private.

Technologies, Techniques, and Standards

USB-C Authentication sounds great, so why are people worried? (Naked Security) USB-C Authentication could banish USB threats forever, but it might also mean you’re tied to buying ‘approved’ accessories.

The Department of Health and Human Services Issues Guidelines on GDPR’s Territorial Scope (Cooley) On December 28, 2018, the U.S. Department of Health and Human Services (“HHS”) released the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication (t…

A new taxonomy for SCADA attacks (Help Net Security) There's no time like the present to start using a consistent, evidence-based taxonomy to analyze SCADA attacks and learn from them.

Banks Take the Hint From Regulators and Test AI to Spot Criminals (Wall Street Journal) Lenders such as U.S. Bancorp have come to recognize the benefits of working closely with regulators on AI implementation.

Zero trust pushes agencies away from an outdated approach to cybersecurity (Federal News Network) Randy Wood, vice president of U.S. public sector sales for Akamai, said zero trust is not a new idea, but one that is about five years old.

Shipmates, Information Management Is a Life-or-Death Proposition (Defense One) In the U.S. Navy, using and protecting data isn't just for "the IT guys" anymore. Everyone needs to get on board.

How to build a better CISO (Help Net Security) The technology industry has long been categorized by its ability to transform at the blink of an eye. If you think back 20 years, the internet was just

Bug Bounties Aren’t Silver Bullet for Better Security: Report (Infosecurity Magazine) MIT report also claims researchers rarely make good money from them

Design and Innovation

Accessibility Trumps Security in the Battle Between Authentication Alternatives (Infosecurity Magazine) We have the technology to make authentication more secure, so why do we insist on outdated, tired and inferior solutions?

Academia

LastPass Launches STEM Scholarship Program to Build Next Generation of Tech Leaders (Logmein) LastPass by LogMeIn, a leader in password management, today announced the launch of the LastPass STEM Scholarship Program , which aims to support students pursuing an education in science, technology, engineering or math (STEM) fields. Through the new program, LastPass will award one graduating high school or current college student $10,000 for tuition and $2,000 for books.

LastPass STEM Scholarship Program & Application (LastPass) LastPass is offering a $10K tuition scholarship plus $2K for books for incoming and current STEM undergrads. Are you the next leader in online security? Apply here.

Legislation, Policy and Regulation

Polish Government Mulls Huawei Ban After Employee Arrested (Infosecurity Magazine) Sales director sacked after being cuffed on spy charges

Poland Urges NATO Allies to Coordinate Against China Cybersecurity Challenges (Wall Street Journal) Poland is joining the U.S. in pressing its NATO allies to coordinate efforts to address security challenges from China after the arrest of two men on charges of spying for Beijing.

China says countries should end 'fabrications' about Huawei (Reuters) China on Monday urged countries to end "fabrications" about Huawei, af...

India's top court seeks govt response on plans to snoop on... (Reuters) India's Supreme Court on Monday asked the government to respond in six week...

Idaho plans to hire a cybersecurity specialist for elections | StateScoop (StateScoop) The new position would be responsible for monitoring threats against the state’s voter registration database and coordinating with county-level officials.

Navy reservists power a new cyber development unit (Fifth Domain) The new unit will focus on delivering capabilities to Navy cyberwarriors.

Litigation, Investigation, and Enforcement

China blocks Western diplomats from trial of 'cyber-dissident' (Reuters) China on Monday blocked Western diplomats from attempting to attend the trial of...

Kaspersky Helps the NSA (Lawfare) Kaspersky Labs, the Russian cybersecurity company, helped the NSA find a mole? For real.... it did.

Trump denies ever working for Russia, blasts investigators as ‘dirty cops’ (Military Times) Trump said he's been

Facebook Faces Action From German Watchdog (Dark Reading) German antitrust regulators prepare to require changes from Facebook regarding privacy and personal information.

Courts Hand Down Hard Jail Time for DDoS (KrebsOnSecurity) Seldom do people responsible for launching crippling cyberattacks face justice, but increasingly courts around the world are making examples of the few who do get busted for such crimes.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Zero Day Con (Dublin, Ireland, March 7, 2019) On March 7 2019, Zero Day Con will bring together leading technology firms, industry experts and government officials that will share insights for cybersecurity professionals grappling with the rise of disruptive innovations. Join experts from across the world in an exploration of the emerging technologies redrawing the security landscape.

Derbycon 2019 (Louisville, Kentucky, USA, September 4 - 8, 2019) DerbyCon isn’t just another security conference. We’ve taken the best elements from all the conferences we’ve ever been to and put them into one. DerbyCon is a place you can call home, where you can meet each other, party, and learn. Our goal is to create a fun environment where the security community can come together to share ideas and concepts. Whether you know Linux, how to program, are established in security, are a hobbyist, or are trying to break into INFOSEC, the idea of DerbyCon is to promote learning and strengthen the community. We are a community of peers learning from one another.

upcoming Events

SINET Global Institute CISO Series (Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise and organizational threats. These are an intense “roll your sleeves up” thought leadership discussions on How Cyber is Driving the New Board Perspective on Enterprise Risk Management. Attendance is limited to 30 Security and Risk Executives from Global 2000 corporations.

CPX Asia 360 2019 (Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security professionals face. Experience insightful Cyber Talk keynotes, conference sessions, and hands-on labs covering the latest innovations. Register today!

CPX Americas 360 2019 (Las Vegas, Nevada, USA, February 4 - 6, 2019) CPX 360 promises to be the premier cyber security summit. CPX 360 is where you’ll receive up-to-the-minute intelligence about global threats and other vital topics from the world’s leading cyber security experts. In addition, you’ll enjoy getting hands on with cutting-edge security solutions from Check Point, networking with your peers, and celebrating with the world’s cyber security elite. If you attend one cyber security event this year, make it CPX 360.

QuBit Conference Belgrade 2019 (Belgrade, Romania, February 7, 2019) QuBit is a Cybersecurity Community Event connecting the East and West. We create a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and all carrier levels. We are collecting great feedbacks on past conferences so we would be glad to cooperate with you, too. QuBit Conference consists of one day (2 in Prague) full of educational presentations, keynotes, case studies and interactive panel discussions in QuBit way - community spirit and tons of great networking opportunities. Not to mention popular pre-conference hands on training held a day before conference.

NITSIG Meeting: Insider Threat Detection & Mitigation Using External Data Sources (Laurel, Maryland, USA, February 12, 2019) Gathering and analyzing Internal data sources is very important for Insider Threat Detection. Equally important is knowing what External data sources are also available to create the "Big Picture" of potential / actual Insider Threats. This meeting will focus on the many External data sources that are available from various companies, for organizations and businesses that want to be proactive in "Employee Threat Identification". This meeting will also provide insight into the possibility that your company's data may be "For Sale" on the Dark Web, and how to locate it.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.