The CyberWire Daily Briefing 6.13.19

Cyber Attacks, Threats, and Vulnerabilities

Advanced Targeted Attack Tools Found Being Used to Distribute Cryptocurrency Miners (TrendLabs Security Intelligence Blog) We recently came across evidence of a large-scale cybercrime activity that appears to combine targeted attack tools and regular cybercrime.

Telegram Traces Massive Cyber Attack to China During Hong Kong Protests (Yahoo) The encrypted messaging app said it experienced a powerful distributed denial of service attack after “garbage requests” flooded its servers and disrupted legitimate communications. Most of those queries came from Chinese internet protocol addresses, founder Pavel Durov said in a subsequent Twitter

CORRECTED-UPDATE 2-Messaging service Telegram CEO points to China... (Reuters) The chief executive of Telegram, a popular encrypted messaging app, said on Wedn...

Telegram faces DDoS attack in China… again (TechCrunch) The popular encrypted messaging service Telegram is once again being hit with a distributed denial of service (DDoS) attack in Asia as protestors in Hong Kong take to the streets. For the last several days, Hong Kong has been overrun with demonstrators protesting a new law that would put the munici…

The Discovery of Fishwrap: A New Social Media Information Operation Methodology (Recorded Future) We share insight into Fishwrap, a new kind of influence operation that recycles old news about terror incidents by publishing them to appear as new.

Fishwrap Campaign Sways Social Media Users with Old News (Threatpost) 215 accounts use the same family of special URL shorteners to track the effectiveness of the operation.

Not quite fake news: Twitter accounts amplify old stories to sow discord (CyberScoop) Researchers are tracking a new kind of social media influence operation apparently meant to inflame Twitter users by repackaging old news and amplifying divisive content.

Army of Fake Accounts Is Spreading Twitter’s False ‘Breaking News Alert’ Terror Alarms (The Daily Beast) Researchers found a network of phony users that’s spreading panic with misleading ‘breaking news alert’ posts—and keeping track of everyone who clicks.

Alphabet-Owned Jigsaw Bought a Russian Troll Campaign as an Experiment (WIRED) In a controversial move, the tech firm played both sides of an online argument in Russia with the aim of testing disinformation-for-hire services.

Team of American Hackers and Emirati Spies Discussed Attacking The Intercept (The Intercept) Spies working for the United Arab Emirates discussed the attack with operatives at controversial firm DarkMatter.

UAE Enlisted Businessman to Spy On Trump White House (The Intercept) Rashid Al-Malik reported to UAE intelligence on the Trump administration’s Middle East policy as part of a broader influence effort.

Hackers stole photos of travelers and license plates from subcontractor (Naked Security) Critics say if the US can’t protect such data – which was improperly stored by a subcontractor – it shouldn’t collect it.

Visual surveillance and weak cyber security, Part One: When cameras get dangerous (Daily Maverick) In 2019, 15,000 surveillance cameras will be connected to the Internet to monitor Joburg’s streets 24/7. This is courtesy of video surveillance service provider Vumacam. But online cameras can be hacked – often quite easily.

Ransomware halts production for days at major airplane parts manufacturer (ZDNet) Nearly 1,000 employees sent home for the entire week, on paid leave.

Palo Alto Networks Reports Identify Container Security Concerns (Container Journal) Reports by Palo Alto Networks highlight the biggest container security issue is not how secure they are, but rather how they are configured.

Flaw in Evernote Extension Allows Hackers to Steal Data (SecurityWeek) A critical vulnerability found in a popular Evernote extension for Chrome can be exploited to steal sensitive data from the websites accessed by a user.

Flaw in SymCrypt Can Trigger DDoS (Infosecurity Magazine) A Google researcher reported a Windows vulnerability as part of Project Zero.

Warning: Google Researcher Drops Windows 10 Zero-Day Security Bomb (Forbes) A Google security researcher has gone public with a Windows 10 security vulnerability that could "take down an entire Windows fleet relatively easily" before Microsoft has actually fixed it. Here's what you need to know...

Google Researcher Details Windows Cryptographic Library Bug (GovInfo Security) A Google security researcher has disclosed what he calls an unpatched bug in the main cryptographic library used in newer versions of the Windows operating system

Akamai Threat Research Points to Gaming Industry as a Rising Target with 12 Billion Attacks and Counting (PR Newswire) According to the Akamai 2019 State of the Internet / Security Web Attacks and Gaming Abuse Report, hackers have ...

This former Chinese hacker used USB sticks to steal data from hotel guests and then sold it on a popular freelancing site (CNBC) A former PLA hacker was inspired by Russians to start his own lucrative business stealing sensitive data from tourists, according to Kate Fazzini's new book, "Kingdom of Lies."

The Security Nightmare of Formjacking (Infosecurity Magazine) Staying ahead of trends and the security game, hackers have latched onto another high-return attack

3.4 billion fake emails are sent around the world every day (Help Net Security) More than 3 billion fake emails are sent worldwide every day, with most industries not implementing authentication protocols thus remaining vulnerable.

Lake City Reveals It Suffered a 'Triple Threat' Ransomware Attack (The State of Security) The City of Lake City has confirmed that a "Triple Threat" ransomware attack affected the functionality of several of its computer systems.

A computer virus has thrown Philadelphia’s court system into chaos (The Verge) A shutdown has lasted weeks

OK Computer: Did Radiohead Get Hacked? (BankInfo Security) Hacking and extortion attempts against organizations have unfortunately become all too commonplace these days. On Tuesday, an unlikely victim went public: the revered British band Radiohead. But was the band really a hacking and extortion victim?

The Best, Weirdest, and Most Revealing Moments on Radiohead’s OK Computer Sessions Leak (Pitchfork) We combed through the 16 hours of raw material so you don’t have to.

Security Patches, Mitigations, and Software Updates

Adobe fixes critical security flaws in Flash, ColdFusion, Campaign (ZDNet) Fixing code execution bugs was a priority this month for Adobe.

If you haven’t patched Vim or NeoVim text editors, you really, really should (Ars Technica) Sandbox escape in the ancient text editors lets attackers get a reverse shell.

Google opens its Android security-key tech to iPhone and iPad users (TechCrunch) Google will now allow iPhone and iPad owners to use their Android security key to verify sign-ins, the company said Wednesday. Last month, the search and mobile giant said it developed a new Bluetooth-based protocol that will allow modern Android 7.0 devices and later to act as a security key for t…

Update Inertia: The psychology behind patching and updating software (Avast) Many IT experts working in a small to mid-size business environment will be familiar with the conversation they have with their management team about maintaining security integrity of the IT systems.

Google Says It Isn't Killing Ad Blockers. Ad Blockers Disagree (WIRED) Upcoming changes to Chrome has left ad blockers up in arms. But Google insists it won't stifle the extensions.

Cyber Trends

Q&A: General Keith Alexander weighs in on how to win the cybersecurity battle (SiliconANGLE) Q&A: General Keith Alexander weighs in on how to win the cybersecurity battle

Modular Malware is the next big cyber threat in 2019: Study (CRN - India) Barracuda researchers have seen a spike in the use of modular malware since the beginning of 2019. A recent analysis of email attacks targeting Barracuda customers identified more than 150,000 unique malicious files in the first five months of the year. Here’s a closer look at modular malware and ways to help detect and block …

The Symbiosis Between Public Cloud and MSSPs (SecurityWeek) As businesses move to the cloud and embrace MSSP, this will make it possible to deliver advanced capabilities that help fill entry level security requirements which account for the majority of security vacancies around the world.

Privacy policies are still too horrible to read in full (TechCrunch) A year on from Europe’s flagship update to the pan-EU data protection framework the Commission has warned that too many privacy policies are still too hard to read and has urged tech companies to declutter and clarify their T&Cs. (So full marks to Twitter for the timing of this announceme…

Data Theft/Fraud Tops National Security Fears, Unisys Finds (Meritalk) The latest survey by Unisys of consumer security concerns found that Americans are more alarmed about the possibility of identity theft and bankcard fraud than they are about national security in general.

Cyberattack Risk: Scans Find Big Businesses Exposed (BankInfo Security) Britain's biggest businesses continue to inappropriately expose servers and services to the internet, putting the organizations and data at risk, according to a

UK Orgs Lose 2.5 Months a Year on Poor Password Management (Infosecurity Magazine) Companies are failing to effectively manage password security

The Multibillion-Dollar Problem Of Weak Cybersecurity in Real Estate (Forbes) As the real estate industry continues to embrace PropTech, it also needs to grow in its awareness of the ever more sophisticated cybersecurity threats it can fall victim to! In this article, I looked at some of the main threats out there, and how they can be thwarted.

Marketplace

U.S. Cybersecurity Trade Mission to Southeast Asia (UCI Cybersecurity Policy & Research Institute) The rapid development of digital technologies in Southeast Asia is making the region a prime target for cybercriminals. The risk is heightened as ASEAN member countries become more integrated via trade, capital flow and connectivity, providing an opportunity for U.S.-based cybersecurity companies to export their knowledge and expertise to key countries in Southeast Asia.

Symantec, Sophos, NTT Lead Massive Cybersecurity M&A Surge (Channel Futures) It's been a big year for consolidation in cybersecurity this year, with powerhouses like Symantec and Sophos, as well as lesser-known competitors like Zix and Radware, buying companies.

Huawei’s Booming Smartphone Business Is Dealt a Blow by U.S. Ban (Wall Street Journal) The recent U.S. move to blacklist Huawei Technologies threatens to cut off its access to crucial phone components and software for devices used by millions of people world-wide.

Google Is Moving More Hardware Production Out of China (Bloomberg) Trump’s tariffs push tech giant to boost Taiwan manufacturing. Google proved keener than other tech companies about shift.

CrowdStrike pops more than 70% in debut, now worth over $11 billion (CNBC) Security software vendor CrowdStrike began trading on the Nasdaq under the ticker symbol "CRWD."

CrowdStrike stock jumps nearly 100% after IPO, CEO compares security company to Salesforce and ServiceNow (MarketWatch) The market for software initial public offerings remains strong, with CrowdStrike Holdings Inc. shares soaring in their trading debut.

Newly public CrowdStrike wants to become the Salesforce of cybersecurity (TechCrunch) Q&A with CrowdStrike CEO George Kurtz

Why CrowdStrike's CEO isn't surprised his company equaled Symantec in value in its Wall Street debut (Silicon Valley Business Journal) The Sunnyvale company's valuation soared to around $12 billion in its first day as a public company, nearly quadruple what it was last figured to be worth by private investors and roughly the same as much larger rival Symantec Corp.

Sunnyvale-based CrowdStrike tops targets in record cybersecurity IPO (Silicon Valley Business Journal) The company's initial market cap of about $6.7 billion is well above the previous high set by Santa Clara-based Palo Alto Networks, which was worth about $2.5 billion on its IPO day in 2012.

Security Awareness Training Firm KnowBe4 Raises $300 Million (SecurityWeek) Security awareness training firm KnowBe has taken a $300 million investment led by private equity giant KKR, valuing the cybersecurity company at $1 billion.

Phishing Simulation Vendor KnowBe4 Raises $300M To Grow Globally (CRN) Security awareness training and phishing simulation vendor KnowBe4 has received a $300 million investment from private equity giant KKR.

CybeReady Closes $5 Million Financing to Accelerate Go-to-Market Growth of Autonomous Security Awareness Training Platform (PR Newswire) CybeReady, the only autonomous cybersecurity training platform for enterprises, today entered the North...

SignalFx raises $75 million to monitor cloud apps, services, and environments in real time (VentureBeat) SignalFx, which develops a real-time cloud monitoring solution for customers in a range of verticals, has raised $75 million in venture capital.

Thales updates 2019 view after Gemalto integration (MarketWatch) Thales SA (HO.FR) has updated some of its 2019 targets following the completion of the integration of digital security company Gemalto and the disposal of...

Jacobs Completes Acquisition of KeyW; Steve Demetriou Quoted (GovCon Wire) Jacobs announced on Wednesday that its acquisition of KeyW has been completed. The move further positions...

World's largest brewer opens Israeli cybersecurity unit as attacks... (Reuters) Anheuser-Busch InBev (AB InBev), the world's largest beer maker, said on Th...

The Newest Haven for Cryptocurrency Companies? Wyoming (WIRED) The nation's least-populous state has enacted 13 laws in the past two years to welcome blockchain and cryptocurrency companies.

Exclusive: TEDCO CEO George Davis to resign (Baltimroe Business Journal) Davis is the latest executive to depart the state-backed funding organization, which has faced heavy scrutiny in recent months.

'Not going away': Outgoing TEDCO CEO Davis plans to continue working with Md. startups (Baltimore Business Journal) "I love TEDCO, I love what we're doing here, but I think there’s some things I can do in the private sector that can be just as impactful."

Secure Code Warrior Establishes Technical Advisory Board (Yahoo) Experienced software security executives provide advice and guidance on technology and product strategy. Global secure coding company, Secure Code Warrior, today announced the establishment of a Technical Advisory Board (TAB) to provide guidance, insights and mentoring to the company regarding the

Products, Services, and Solutions

Identity Signal Startup Proxy Launches Open Platform with New Access API and Identity SDK – Initial Integrations Include S2, Traction Guest, HQO, and Join Digital (West) Cutting-edge technology providers flocking to the platform to build out privacy-oriented, personalized, responsive building services

STEALTHbits Delivers Important Enhancements to Active Directory and LDAP Auditing Functionality in the Latest Release of StealthINTERCEPT (BusinessWire) STEALTHbits Technologies, Inc., a cybersecurity software company focused on protecting an organization’s sensitive data and the credentials attackers

Deep Instinct Selected by Kings Food Markets to Bring Advanced Cybersecurity to its Retail Stores Nationwide - Deep Instinct (Deep Instinct) Deep Instinct has been selected by Kings Food Markets to protect their complex digital infrastructure and POS systems across 24 grocery locations in the USA

Use your Android phone’s built-in security key to verify sign-in on iOS devices (Google Online Security Blog) Posted by Kaiyu Yan and Christiaan Brand Compromised credentials are one of the most common causes of security breaches. While Google aut...

VMware sneaks out mobile vSphere management app (CRN Australia) But MSPs can’t quite reclaim their weekends yet.

Arachnys and BAE Systems to improve the security and risk management of financial institutions (Help Net Security) Arachnys and BAE Systems to address anti-money laundering and compliance obligations and deliver accurate and efficient fraud detection and prevention.

Telefónica Launches a Fortinet-Powered SD-WAN Virtual Firewall (SDxCentral) Telefónica’s Business Solutions division launched a virtual firewall service based on Fortinet’s platform to protect SD-WAN deployments.

Akamai Introduces the Edge Cloud Solution (Light Reading) IoT Edge Connect, the newest product in the Edge Cloud solution line, enables real-time messaging and reliability to millions of IoT and application endpoints.

BlackBerry's Government Mobility Suite Becomes FedRAMP Ready (Nasdaq) BlackBerry Limited BB recently announced that its new Government Mobility Suite has received Federal Risk and Authorization Management Program (FedRAMP) Ready status.

Ixia network packet broker, cybersecurity test introduced (SearchNetworking) The Ixia network packet broker, Vision X, intends to provide visibility to users' data centers, while Ixia BreakingPoint QuickTest is designed to quickly and easily evaluate performance and security of devices and networks, according to Ixia.

Aruba Instant On: Secure wireless solutions for small businesses (Help Net Security) Aruba announced Aruba Instant On, a new secure wireless solution to address the current and future needs of small businesses with capacity for growth.

Louisiana-Based TraceSecurity Launches National Initiative to Raise Aw (PRWeb) Today, TraceSecurity, one of Louisiana’s leading cybersecurity firms, announced that it would provide a free Security Risk Assessment (SRA) tool to healthca

Farsight Security(R) and ThreatSTOP Partner to Introduce ThreatSTOP NOD to Prevent Phishing and Other Risks Associated with New Domains (Dark Reading) Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.

Verisk Launches New Underwriting Solution for Cyber Insurance (Yahoo) Verisk (VRSK), a leading data analytics provider, announced today the launch of its Cyber Underwriting Report, a new InsurTech solution that can help insurers underwrite a wide variety of risks in the growing cyber market with increased speed and precision. The report is designed to help insurers underwrite

CyberArk Joins Forces with CNA on Cybersecurity Program (Yahoo) CyberArk (CYBR) and CNA's new program will educate companies on the types of security gaps and possible threats along with providing additional privileged access-related services to policyholders.

Consumer Affinity Enters Closed Beta (PR Newswire) Consumer Affinity has released its initial platform for the iOS, Android, and web into a closed beta program for select...

Technologies, Techniques, and Standards

Agencies upgrade their systems for network access, promising stronger cybersecurity | Federal News Network (Federal News Network) ACT-IAC has teamed up with the Office of the Director of National Intelligence to advance ICAM best practices.

Use Of DNS Firewalls Could Reduce 33% Of All Cybersecurity Breaches, New Global Cyber Alliance Research Finds (Yahoo) NEW YORK, June 12, 2019 /PRNewswire/ -- New research from the Global Cyber Alliance (GCA) has found that Domain Name System (DNS) firewalls, also known as protective DNS, which are freely available and easy to install, could prevent 33% of cybersecurity data breaches from occurring. Through a simple

Retten, was zu retten ist (Netzpalaver) Der Rechner ist verschlüsselt. Wie geht es weiter?

Rebuilt Offutt Could Be New Information Warfare “Foothold” (Air Force Magazine) From the floodwaters that covered this base in March could emerge a new opportunity for the 55th Wing: the chance to be a key hub for the Air Force’s emerging information dominance organization.

Design and Innovation

Facebook Failed To Delete 93% Of Posts Containing Speech Violating Its Own Rules In India (BuzzFeed News) A yearlong study concluded that Facebook had made little progress in moderating non-English-language content in India, the company’s largest market by users.

Pinterest Has Banned The Influential Anti-Abortion Group Live Action After First Classifying It As Porn (BuzzFeed News) Pinterest said Live Action, which has more than 3.3 million social media followers, was spreading misinformation and conspiracy theories.

Google Protecting Jussie Smollett From 'Disparaging' Searches (Washington Free Beacon) Google is hiding searches of Jussi Smollett's self-attack from its platform due to concerns of "potentially disparaging" the liberal actor.

Predicting Vulnerability Weaponization (Dark Reading) Advances in data science are making it possible to shift vulnerability management from a reactive to a proactive discipline.

Leaked: The Feds’ Favorite iPhone Hackers Plan To Crack Android (Forbes) Grayshift, one of the government's favorite iPhone hackers, is planning to hack Androids too. But it'll master hacks of Apple products first, the CEO says.

Research and Development

£2m to boost cyber power behind wind energy production (EurekAlert!) The University of Nottingham is leading a £2m High Performance Computing (HPC) project to optimise the sustainable exploitation of wind power in both the European and Brazilian energy markets. Full story below....

Academia

Henry Ford College cybersecurity professor named mentor of the year (Press and Guide) Marrci Conner, who has taught cybersecurity at HFC for 10 years, was recently named Mentor of the Year by the Air Force Association’s (AFA) CyberPatriot, the National Youth Cyber Education

Legislation, Policy and Regulation

Report warns of Dutch vulnerability to cyberattacks (Washington Post) The Dutch counter-terrorism and security coordinator is warning that the country is vulnerable to cyber espionage and sabotage from countries including China Russia and Iran

Russia Bans 9 VPNs, But Not Kaspersky (Tech.co) Russian will ban all leading VPN providers except for one: Kaspersky Secure Connection. Here's how it happened and why Kaspersky stayed in their good books.

‘New Rules of Trust & Security’: Macron Wants EU Ties with Moscow Independent of NATO & US (Al-Manar TV Lebanon) French President Emmanuel Macron has called on Brussels to build “new rules of trust and security” w...

Battle of cyberspace (Tribuneindia News Service) THE G20 Summit, to be held in Japan on June 28-29, brings together leaders from developed and rising economies. The summit will be an important occasion for PM Modi to meet Presidents Trump, Xi Jinping and Putin after his decisive electoral victory.

Huawei asks U.S. to consider rural providers and open dialogue (Axios) Huawei argues that a proposed FCC ban on federal subsidies to telecoms using Huawei equipment would harm rural providers.

Why Huawei and 5G Pose a Cyber Threat to the U.S. (Yahoo) Mark Testoni, SAP National Security Services chief executive officer, and Deborah Golden, Deloitte U.S. cyber practice leader, discuss the cyber threat risks posed by the deployment of 5G technology with Bloomberg's Emily Chang on "Bloomberg Technology."

Why the Huawei ban is bad for security (CSO Online) Many believe the ban on exporting U.S. technology to Chinese company Huawei could hurt American tech vendors and do little to mitigate supply chain threats.

The U.S. Government Is Utterly Inept at Keeping Your Data Secure (The New Republic) What do your smartphone and the world’s most advanced fighter jet have in common? The Trump administration can’t protect them from hackers.

Analysis | The Cybersecurity 202: Get ready for the hacking back debate: Round 2 (Washington Post) A new bill would allow companies to take retaliatory action.

Congress to take another stab at hack back legislation (CyberScoop) Rep. Tom Graves, R-Ga., is reintroducing a hack back bill that would allow companies to go outside of their own networks and disrupt attackers' activities.

Active Cyber Defense Certainty Act (Washington Post) To amend title 18, United States Code, to provide a defense to prosecution for fraud and related activity in connection with computers for persons defending against unauthorized intrusions into their computers, and for other purposes.

House panel advances bill to create cybersecurity standards for government IT devices (TheHill) The House Oversight and Reform Committee approved bipartisan legislation on Wednesday that would establish baseline cybersecurity standards for government-purchased internet-connected devices.

Companies' self-regulation doesn't have to be bad for the public (The Conversation) A Nobel Prize-winning political economist found a way to promote good governance and protect users without the need for heavy-handed government regulation.

Congress wants to create ‘cyber first responders’ (Fifth Domain) The legislation is a companion to a similar bill approved by Senate committee in April.

Nevada Privacy Law Gives Consumers Right to Opt Out of Sale of Personal Information, Following California’s Lead in CCPA (Cooley) On May 29, 2019, Nevada passed a privacy law that gives consumers the right to opt out of the sale of their personal information. The law, SB 220, contains provisions that are similar to the C…

Litigation, Investigation, and Enforcement

Facebook collected device data on 187,000 users using banned snooping app (TechCrunch) Facebook obtained personal and sensitive device data on about 187,000 users of its now-defunct Research app, which Apple banned earlier this year after the app violated its rules. The social media giant said in a letter to Sen. Richard Blumenthal’s office — which TechCrunch obtained — that it…

Facebook Worries Emails Could Show Zuckerberg Knew of Questionable Privacy Practices (Wall Street Journal) Facebook uncovered emails that appear to show CEO Mark Zuckerberg’s connection to potentially problematic privacy practices at the company.

4,000 banned devices found on government networks (Fifth Domain) The Trump Administration and Commerce Department are weighing another ban on a Chinese technology company, Hikivision. However, a data security firm claims devices from previous bans still exist in the public sector.

Huawei Presses Verizon to Pay for Patents (Wall Street Journal) Huawei Technologies has told Verizon Communications that the carrier should pay licensing fees for more than 200 of its patents, further escalating tensions between the Chinese company and the U.S.

Trump says he’d consider accepting information from foreign governments on his opponents (Washington Post) President tells ABC in an interview, “there isn’t anything wrong with listening.”

Top Hoyer Aide Coordinated Steele Dossier Work With Key Obama State Department Officials (Epoch Times) Daniel Silverberg, then-House Democratic Whip Steny Hoyer’s national security adviser, coordinated “work on Russia dossier materials provided by ...

UK signs extradition request for Julian Assange (Deutsche Welle) The WikiLeaks whistleblower is one step closer to extradition after the UK signed a US request. His case will be heard by the courts on Friday.

Spanish soccer league’s app caught eavesdropping on users in anti-piracy push (Ars Technica) Shazam-like feature aimed to catch bars showing pirated soccer streams.

La Liga fined €250,000 for using its mobile app to eavesdrop on fans (Computing) Spanish football league used popular mobile app for fans to identify bars illegally televising matches

Telegram DDoS coincides with Hong Kong protests. Fishwrap lies with truth. Ransomware at ASCO. Hacking back. "Update inertia."

Bring your own context.