The CyberWire Daily Briefing 6.18.19

Cyber Attacks, Threats, and Vulnerabilities

New ISIS Cybersecurity Bulletin Shows Interest in Microsoft BlueKeep Bug (Homeland Security Today) NSA stressed that "we have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact."

Homeland Security has tested a working BlueKeep remote code execution exploit (TechCrunch) Homeland Security’s cyber agency says it has tested a working exploit for the BlueKeep vulnerability, capable of achieving remote code execution on a vulnerable device. To date, most of the private exploits targeting BlueKeep would have triggered a denial-of-service condition, capable of knoc…

Iran says it dismantled a U.S. cyber espionage network (Reuters) Iran said on Monday it had exposed a large cyber espionage network it alleged wa...

Russia thwarts U.S. cyber attacks on its infrastructure: news agencies (Reuters) Russia has uncovered and thwarted attempts by the United States to carry out cyb...

Kremlin Warns of Cyberwar After Report of U.S. Hacking Into Russian Power Grid (New York Times) The New York Times reported that American intelligence had secretly inserted software that could allow it to disable the Russian energy system.

US cyberwar against Russia is hypothetical possibility, says Kremlin spokesman (TASS) According to Dmitry Peskov, "regretting to say that," Russia has repeatedly stated "that the vital areas of our economy are under continuous attacks from abroad"

Russia: Cyber war with US a possibility (Computing) President Trump has rejected reports of US agencies deploying malware in Russia's power grid

Kremlin: Cyber warfare between U.S., Russia a 'possibility' (UPI) The Russian government said Monday its electrical grid is safe but constantly under attack from enemies abroad -- including, Kremlin officials say, the United States.

Russia warns of “cyberwar” following report the US attacked its power grid (Ars Technica) NYT reported on US efforts to insert malware into Russia's energy infrastructure.

Trump administration escalates cyber-attacks on Russia as warning to Putin (The Independent) Aggressive strategy leaves US better poised to attack in case of major conflict but carries significant risk of escalating digital Cold War and cementing power grids as legitimate targets

U.S. Cyber Command and the Russian Grid: Proportional Countermeasures, Statutory Authorities and Presidential Notification (Lawfare) A blockbuster article by David Sanger and Nicole Perlroth in the New York Times reports U.S. Cyber Command operations to hold at-risk at least some aspects of the electric power grid in Russia. The story raises a host of legal and policy questions.

Argentina official: Cyber attack did not cause massive blackout (KTVZ) Argentina's energy secretary said he does not believe a cyberattack caused a massive power outage that left tens of millions of people in Argentina, Paraguay and Uruguay in darkness for several hours on Sunday.

A blackout left millions in South America without power. Officials still don't know what caused it (CNN) Argentina's Energy Secretary said he does not believe a cyber attack caused a massive power outage left tens of millions of people in Argentina, Paraguay and Uruguay in darkness for several hours on Sunday.

When your apps are dormant, you become a more likely target for crooks (CyberScoop) If you have banking or e-commerce apps you haven’t opened in months, it’s a good time to make sure no one else is using them, either.

At least 50,000 license plates leaked in hack of border contractor not authorized to retain them (CNN) At least 50,000 American license plate numbers have been made available on the dark web after a company hired by Customs and Border Protection was at the center of a major data breach, according to CNN analysis of the hacked data. What's more, the company was never authorized to keep the information, the agency told CNN.

A bug in Wi-Fi ‘extenders’ could give a hacker full control over the devices (CyberScoop) If you’re looking to strengthen the Wi-Fi signal in your home or business, be sure the equipment you use doesn’t have a vulnerability that could give free rein to hackers.

Vulnerability Summary for the Week of June 10, 2019 (US-CERT) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Australian Catholic University staff accounts compromised in phishing attack (CRN Australia) University email and bank account details accessed.

Three U.S. Universities Disclose Data Breaches Over Two-Day Span (BleepingComputer) Three U.S. universities have disclosed data breach incidents impacting personally identifiable information of students or employees following unauthorized access to some of their employees' email accounts.

I’d like to add you to my professional network of people to spy on (Naked Security) A deepfake was reportedly spotted in the wild: LinkedIn’s well-connected, young, attractive Eurasia/Russia expert “Katie Jones.”

Riviera Beach, Fla., Works Toward Normalcy Post-Cyberattack (GovTech) "We have not discussed the details of what's going on," said city spokeswoman Rose Anne Brown. "We feel it's expedient not to do that until we worked our way through this."

Security Patches, Mitigations, and Software Updates

The BlueKeep RDP Vulnerability - Making the Case for Patch Management (F-Secure Blog) The BlueKeep RDP vulnerability is a perfect example of why all companies should consider patch management as a core component of their security strategy.

Cyber Trends

Radware Survey: Cybersecurity is no Longer a Cost Factor for $1B Organizations; Rather It’s a Business Driver (West) Cybersecurity is Becoming a Shared Responsibility Across All Members of the C-Suite. 75% of Executives Say Security is a Key Component in Their Marketing Strategy. 72% of Executives Note Information Security as a Recurring Agenda Item in Every Board Meeting

EfficientIP and IDC: Average DNS Attack Cost Rises 49% to $1,070,000 (PRWeb) New EfficientIP report, in partnership with IDC, shows 34% increase in attacks

Domain Fraud Threats, Hiding in Plain Sight: Key Takeaways from the 2019 Domain Fraud Report (Proofpoint) Web domain fraud is a growing risk for businesses, employees, and their customers. Learn about domain fraud, industry trends, and research from the 2019 domain fraud...

2019 Domain Fraud Report (Proofpoint) Domain Fraud is an attractive attack for cyber criminals. Discover our Domain Fraud report that outlines our latest research on domain trends.

New McAfee Report Finds Eighty-Seven Percent of Companies Experience Business Acceleration from Use of Cloud Services (BusinessWire) McAfee, the device-to-cloud cybersecurity company, today released a special edition of its Cloud and Risk Adoption Report, focused on the business imp

Human error still the cause of many data breaches (Help Net Security) More than half of all C-Suites and nearly 3 in 10 SBOs reveal that human error or accidental loss by an external vendor was the cause of the data breach.

Business leaders admit to knowledge gaps and a lack of resources amid the growing threat of a cyber attack (Nominet) Report - find out how cyber security is treated at board level. What can hard-pressed CISOs and CIOs do about it?

Former NSA chief opens up about protecting the U.S. from cyberattacks (SiliconANGLE) Former NSA chief opens up about protecting the U.S. from cyberattacks - SiliconANGLE

Cyberattacks in the Middle East are on the rise. Here's who they're targeting (CNBC) A growing number of cyberattacks have been detected in the Middle East, and especially in the United Arab Emirates, according to a new report from cybersecurity firm DarkMatter.

DarkMatter Group Calls for Improved Vigilance as UAE's Cyber-threat Landscape Reaches Critical Level (Yahoo) DarkMatter Group, the region's first and only fully integrated digital and cyber transformation firm, today released the first semi-annual Cyber Security Report for 2019 revealing that critical infrastructure sectors, including Oil &

The sick man of the cyber-security sphere…it’s time the Australian healthcare industry took a preventative approach to high tech ‘contagion’ (CSO) Which industry is Australia’s worst offender when it comes to data breaches and cyber-security threats?

Marketplace

Huawei laptops return to Microsoft’s online store after mysteriously disappearing (The Verge) Gone one month, back the next

Why DoD’s decision to make cybersecurity an ‘allowable cost’ matters (Federal News Network) As part DoD’s move to shore up its supply chain, the Pentagon is developing with industry and other experts a new cybersecurity maturity model that is borrowing from standards like ISO 9000.

Controversial NSO Group to adopt policy of closer respect for human rights (Times of Israel) Owners say Herzliya-based company, whose spyware has allegedly been used by repressive regimes, will seek greater transparency, align itself with UN guiding principles on rights

Top 10 Cybersecurity Companies To Watch In 2019 (Forbes) Cloud Security platform and application sales are projected to grow at a 35.3% Compound Annual Growth Rate (CAGR) between 2017 to 2019, becoming a $459M market this year.

Accenture Acquires Deja vu Security, Seattle-Based ‘Security of Things’ Company (Accenture Newsroom) Accenture is announcing the acquisition of Deja vu Security.

Microsoft's GitHub acquires Pull Panda for code-review collaboration (Computing) Pull Reminders, Pull Analytics, and Pull Assigner now available free in the GitHub Marketplace

United Technologies CEO predicts Raytheon merger gets done despite activist investor opposition (CNBC) The deal would bring together a booming aerospace company with a giant government defense contractor.

CrowdStrike IPO: Investors Are Positively CrowdStruck—Cyber Saturday (Fortune) Is the Alphabet-backed firm really the "Salesforce of cybersecurity" its CEO claims?

SyncDog Announces Plan for Global Expansion Through Export Promotion Alliance (BusinessWire) SyncDog Announces Plan for Global Expansion Through Export Promotion Alliance

This Baltimore-based venture capital firm is looking to invest in D.C.-area startups (Technical.ly DC) Inner Loop Capital launched a $2.6 million Syndicate Fund to support cybersecurity and enterprise tech startups in the D.C. region.

Unicorn Power (J4VV4D Blog) As of last week, it became official, that KnowBe4 became the latest Infosec unicorn.

Bitdefender appoints new leader for the Middle East (TahawulTech.com) Bitdefender has appointed Tarek Kuzbari as regional director for the ME. The move comes as part of the vendor’s strategy to expand business.

Teradata Appoints Scott Brown as Chief Revenue Officer (Yahoo) Teradata (NYSE: TDC), the industry’s only Pervasive Data Intelligence company, today announced that it has appointed Scott Brown as Chief Revenue Officer, effective June 17, 2019. In this role, Brown will direct Teradata’s global go-to-market strategy and execution, and guide worldwide sales,

Products, Services, and Solutions

SolarWinds Announces the Availability of SolarWinds Service Desk (SolarWinds) The SaaS-based offering, available immediately, complements the company’s current IT Service Management (ITSM) product suite, extending ITSM capabilities to businesses of all sizes and maturity...

CipherCloud Extends Zero Trust Cloud Security to Email for Office 365 and G Suite (Yahoo) CASB+ Platform Innovations include Adaptive Access Control, UEBA, End-to-End Encryption, and Digital Rights Management for All Clouds

Netskope Introduces Zero-Trust Secure Access to Private Enterprise Applications (PR Newswire) Netskope, the leader in cloud security, today introduced Netskope for Private Access, a cloud-based service...

Trustonic, Rubean & CCV announce collaboration to develop mPOS solution (Trustonic) Using a smartphone as a mobile point of sale (mPOS) solution enables traders, small retailers and SMBs to save money on costly payment acceptance hardware, improve staff efficiency and increase customer satisfaction.

Avanan Reinvents Email Security with First Inline API-Based Solution to Catch Advanced Phishing Attacks (Yahoo) Avanan, a pioneer in cloud security, announced the first inline email security solution based fully on Application Programming Interfaces (APIs). The platform solves for the challenges associated

Aqua Security Announces Vulnerability Shield™, Industry-first Solution for Automatically Detecting and Blocking Attempts to Exploit Container Vulnerabilities | Aqua (Aqua) Aqua CSP 4.2 introduces the Vulnerability Shield to detect & prevent attacks targeting containers. And advanced runtime protection for serverless functions.

MongoDB 4.2 Adds Distributed Transactions, Field Level Encryption, Updated Kubernetes Operator and More... (MongoDB) MongoDB, Inc. (NASDAQ: MDB), the leading, modern, general purpose data platform, today announced the latest version of its core database...

ReliaQuest Launches Platform to Strengthen Visibility and Control in Enterprise Cybersecurity (PR Newswire) ReliaQuest, the cybersecurity enabler, today introduced GreyMatter, a first-of-its-kind, integrated platform that...

Redox Launches Public Bug Bounty Program With Bugcrowd to Help Keep Health Data Secure (BusinessWire) Redox launched a public bug bounty program with Bugcrowd to help ensure the security of its customers’ health data.

DH2i Launches DxConnect Network Security Software for Integrated Zero Trust Connectivity (DH2i) DH2i® today announced the general availability launch of DxConnect™ network security software for integrated Zero Trust (ZT) connectivity. DxConnect enables developers and network administrators to build an integrated ZT connectivity security infrastructure for cloud native applications, hybrid/multi-cloud connectivity and privileged user access without using a VPN.

Recorded Future Express Now Available on AWS Marketplace (Yahoo) Easy-to-Use Browser Extension Provides Instant Access to Actionable Threat Intelligence

BNM to establish financial threat intelligence platform (The Star Online) Bank Negara Malaysia (BNM), together with the financial industry, is in the process of establishing a Financial Threat Intelligence Platform.

Facebook Unveils Libra, Cryptocurrency Rival to Bitcoin (Wall Street Journal) Facebook formally announced plans to launch a cryptocurrency called Libra, promising a secure blockchain-based payment system backed by hard assets and designed for mainstream users.

Facebook reveals digital currency details (BBC News) Users will be able make payments with the currency via Facebook's apps and WhatsApp.

Cloudflare launches decentralized service for generating random numbers (ZDNet) New "League of Entropy" service will generate a stream of random numbers using five servers located across the globe.

The League of Entropy Forms to Offer Acts of Public Randomness (Decipher) Cloudflare and several other members have formed the League of Entropy to offer a quorum of public randomness beacons.

Microsoft Office 365 packs strong cyber defense features — if set up correctly (CIO Dive) The suite of cloud-connected enterprise applications holds up well before, during and after an incident, experts said. But only if the right settings are in place.

Skybox Security launches update to simplify hybrid cloud risk management (Security Brief) Intelligent automation brings harmony and efficiency to multi-vendor environments, integrating data and yielding contextual insight.

Most Powerful Email Security Solution Now Offered by ITsavvy (EIN News) ITsavvy just announced a partnership with Mimecast for powerful email security, archiving and retrieval.

Technologies, Techniques, and Standards

Fourth-Party Security: Another Level of Security Management (Panorays) Panorays' research indicates that there is a direct correlation between the security posture of the third party and its fourth parties.

How the U.S. is trying to improve election security ahead of 2020 (PBS NewsHour) Here are some of the steps the federal government has taken to help secure elections in the U.S., as well as some of the possible disinformation threats that could reappear in 2020.

How network modeling helps operations and security teams mitigate risk (CyberScoop) FDIC’s Howard Whyte and RedSeal’s Wayne Lloyd detail how network modeling of cloud and on-premise infrastructure help CIOs and security teams mitigate risk.

Tips on keeping personal info safe from online threats (Press Enterprise) The lines of privacy have blurred in our “share everything” social media culture. People are sharing aspects of their personal life that they never did before, giving criminals a leg up.

Soyez plus Smart que votre Smartphone : 10 conseils pour se protéger (Global Security Mag Online) Avec l’été qui approche à grands pas, de plus en plus de personnes utilisent leurs smartphones pour des tâches telles que faire du shopping de dernière minute pour les vacances, accéder à son compte bancaire ou rester connecté avec ses amis...

Design and Innovation

One Big Lesson From the Cyber Range to Help Solve Confirmation Bias (Security Intelligence) The IBM X-Force IRIS team practices a method called dual verification in the cyber range to help overcome confirmation bias and arrive at ground truth more quickly.

Academia

Virginia Cyber Range challenges hackers for good (Virginia Tech) The Virginia Cyber Range contributed to the 2nd Annual AWS Hackathon for Good by sponsoring a challenge during the Amazon Web Services Public Sector Summit in Washington, D.C.

Purdue announces new computer science department head (Purdue University) Professor Dongyan Xu has been named the next head of the Department of Computer Science at Purdue University. He begins his position Sept. 1.

Legislation, Policy and Regulation

Peter Dutton urges 'sensible' consideration of expanded cyber spy powers (The Sydney Morning Herald) Proposals for expanded domestic powers have stirred controversy but the minister has rejected suggestions of increased spying on Australians.

Scalise: I'm glad the administration is taking aggressive cybersecurity action (TheHill) House Minority Whip Steve Scalise (R-La.) in an interview that aired Sunday responded to a report that the Defense Department is ramping up digital attacks on Russia by saying he is glad the Trump administration is getting aggressive on cybersecur

House Homeland Security Republicans to introduce slew of cybersecurity bills (TheHill) Republicans on the House Homeland Security Committee are gearing up to introduce a bevy of bills aimed at enhancing the Department of Homeland Security's (DHS) cybersecurity capabilities.

Senate Receives Bill to Ensure Small Businesses Get DHS Contract Share (Homeland Security Today) Sponsor Correa calls legislation "necessary" to outfit DHS "while allowing domestic small businesses to better compete for federal government contracts."

How will Congress combat deepfake videos? (C4ISRNET) Congress is grappling with how to combat deepfake videos, which are created to manipulate audio and video in a way that is indistinguishable to most people.

3 more steps before Cyber Command can split from NSA (Fifth Domain) The Pentagon would have to meet a series of new requirements before U.S. Cyber Command could split from the National Security Agency, according to a proposal from a Senate defense committee.

Litigation, Investigation, and Enforcement

'Not all FAANGS will survive this battle': A Wall Street firm handicapped the impact of Big Tech regulation — and it's bad news for Facebook (Business Insider) Facebook is now under the jurisdiction of the FTC, which could be bad news for the social media company, relative to Apple and Alphabet.

Opinion | We still have questions about whether Russia meddled in N.C. That’s a bad sign. (Washington Post) A possible North Carolina cyberattack proves how vulnerable we really are.

A Supreme Court Decision Could Have Implications for Social Media Free Speech (Pacific Standard) The court ruled that First Amendment protections don't apply to a corporation that operates a public access channel in New York.

Sources: US to question Assange pal jailed in Ecuador (AP NEWS) U.S. investigators have received permission from Ecuador to question a Swedish programmer close to WikiLeaks founder Julian Assange who has been held in jail for more than...

State Department identifies 23 violations, 'multiple security incidents' concerning Clinton emails (Fox News) The State Department revealed Monday that it has identified "multiple security incidents" involving current or former employees' handling of Hillary Clinton's emails, and that 23 "violations" and seven "infractions" have been issued as part of the department's ongoing investigation.

Bring your own context.