The CyberWire Daily Briefing 6.19.19

Cyber Attacks, Threats, and Vulnerabilities

Hacking the Russian Power Grid (New York Times) Attacks by the United States risk escalating a digital Cold War and renew questions about whether certain targets should be off limits in cyber conflict.

U.S. Cyber Command, Russia and Critical Infrastructure: What Norms and Laws Apply? (Just Security) Emplacing malware in critical infrastructure on which the civilian population depends is a decision States must not take lightly. Is it lawful?

FBI warning: Foreign spies using social media to target government contractors (ZDNet) FBI warns security clearance holders to be careful when disclosing work information on social media profiles.

Feds Issue BlueKeep Vulnerability Warning (Industrial Safety and Security Source) In a warning to prevent companies from suffering like they did during WannaCry and NotPetya, an alert went out this week from the Cybersecurity and

U.S. Government Announces Critical Warning For Microsoft Windows Users (Forbes) The U.S. Department of Homeland Security has issued a critical warning for users of Microsoft Windows through the Cybersecurity and Infrastructure Security Agency. Here's what you need to know and what you need to do next.

Netflix warns of several new TCP networking vulnerabilities (Computing) The vulnerabilities relate to the MSS and TCP SACK capabilitie

Netflix researcher spots TCP SACK flaws in Linux and FreeBSD (Naked Security) Three vulnerabilities in the FreeBSD and Linux kernels could allow attackers to induce a denial-of-service by clogging networking I/O.

SACK TCP flaws can crash, slow down Linux-based systems (Help Net Security) Several Linux SACK TCP flaws could lead to systems crashing or consuming too many resources and slowing down, according to Netflix.

A deeper look into the WhatsApp hack and the complex cyber weapons industry (CSO) On May 13, a major security flaw in the popular messaging app, WhatsApp, was announced. The pervasive vulnerability, which affected both Apple and Android devices, allowed malicious actors to inject commercial spyware by ringing up unsuspecting targets using the WhatsApp’s VOIP-based call function.

Alert Regarding Vulnerability (CVE-2019-2729) in Oracle WebLogic Server (JPCERT/CC) On June 18, 2019 (local time), Oracle released a security advisory regarding a vulnerability (CVE-2019-2729) in Oracle WebLogic Server.According to the advisory, Oracle WebLogic Server contains a deserialization vulnerability. A remote attacker leveraging this vulnerability may execute arbitrary code.

State cyber-attack poses big danger for UK banks: Bank of England (Reuters) A state-backed cyber-attack could secretly corrupt the records of British financ...

Black Lotus Labs identifies tiering structure of pervasive botnet (PR Newswire) New intelligence from Black Lotus Labs, reveals undocumented tactics spam botnet Emotet uses to hide and spread,...

Robocalls are overwhelming hospitals and patients, threatening a new kind of health crisis (Washington Post) For most Americans, robocalls are a nuisance. For hospitals, spam calls can be a life-or-death threat in a setting where every second counts.

Cybersecurity: Why one old web scam is on the rise again (ZDNet) Fake domains and bogus websites are experiencing something of a revival - unfortunately.

What the latest iOS passcode hack means for you (Computerworld) Cellebrite, an Israeli-based forensics company, claims it has advanced its hacking technology to include Apple's iOS 12.3 and 'high-end Android' devices.

New Report Shows That Russia Might Be Responsible for the Biggest Crypto Theft in History (Coindoo) Based on a recent report, North Korean hackers are probably not responsible for the biggest crypto theft ever to be carried out on a crypto exchange.

Google Calendar is down, it’s not just you Update: It’s back (TechCrunch) Snow day. All meetings are canceled until further notice. Google Calendar has been hit with what appear to be some pretty widespread issues. The company has confirmed service interruptions via its G Suite Status Dashboard, noting, “We’re investigating reports of an issue with Google Cal…

Google Calendar now up and running after three hours of downtime (Computing) Users were met with a 404 error message when they tried to access the service

Nefarious LinkedIn (Adventures in Development) A look at how LinkedIn exfiltrates extension data from your browser.

Facebook WordPress plug-ins found to have zero-day flaw (TechRadar) Zero-day flaws could allow an attacker to take over a WordPress site

Threat Actors Use Older Cobalt Strike Versions to Blend In (BleepingComputer) Plenty of outdated Cobalt Strike servers exist in the wild, helping cybercriminals or giving security professionals the upper hand when testing corporate defenses; and they can be easily identified to stifle intrusions of any purpose.

Tesla Model S and Model 3 Prove Vulnerable to GPS Spoofing Attacks as Autopilot Navigation Steers Car off Road, Research from Regulus Cyber Shows (Yahoo) Tesla Model S and Model 3, electric cars built for speed and safety, are vulnerable to cyberattacks aimed at their navigation systems, according to recent research from Regulus Cyber. During a test drive using Tesla's Navigate on Autopilot feature, a

90% off Ray-Bans? It’s a 100% Instagram SCAM! (Naked Security) The ads look like they’re been shared by friends, but they’re really pod people who’ve hijacked accounts.

NHS service accidentally reveals identities of HIV patients in email blunder (Graham Cluley) An NHS health board has found itself in the awkward position of apologising to 37 HIV patients, after accidentally disclosing their identities.

Remove “Microsoft has detected suspicious activity” Tech support scam (Tech Support Scam) - updated Jun 2019 (2Spyware) “Microsoft has detected suspicious activity” is a tech support scam that shows false system messages about alleged malware. “Microsoft has detected suspicious activity” scam

Bella Thorne steals hacker’s thunder, publishes nude photos herself (Naked Security) Sheesh! At this rate, extortionists are going to have to seek alternate employment.

Harrison County Courthouse investigating cyberattack (WDTV) According to officials there, several servers and files have been encrypted and corrupted. A ransom of $1,500 was requested by the hackers,

Security Patches, Mitigations, and Software Updates

Mozilla plugs critical Firefox zero-day used in targeted attacks (Help Net Security) A critical Firefox zero-day remote code execution vulnerability is being abused in targeted attacks in the wild, Mozilla has warned on Tuesday.

Vulnerable TP-Link Wi-Fi extenders open to attack, patch now! (Help Net Security) Several TP-Link Wi-Fi extender devices sport a critical remote code execution vulnerability that could allow attackers to take over the devices.

Cyber Trends

One year of GDPR application: Europeans well aware of their digital rights (Help Net Security) Europeans are relatively well aware of the new data protection rules, their rights and the existence of national data protection authorities, to whom they

Platform Benchmark Report (NAVEX Global) Compliance programs consist of many components — training, policies, hotlines, third party risk management, etc — but in order to be successful, ethics and compliance programs must integrate these elements cohesively.

Most Cybersecurity Vendors Not Using Basic Email Authentication (Yahoo) A new assessment of security and risk vendors shows that most of these companies have an opportunity to adopt basic email security controls, in an effort to better protect their customers from third-party risks. The assessment, released today, was conducted

Avast IoT Study Shows Major Discrepancies Between Different Regions (TechNadu) Avast carried out the most extensive IoT study ever, scanning 83 million devices from around the world, and finding many security issues.

Avast Hacked a Smart Coffee Maker All Kinds of Ways (Avast) See what an Avast researcher learned by hacking a smart coffee maker in all kinds of ways.

How employees and their organizations are prioritizing data privacy (Help Net Security) Employees in the UK expressing greater understanding of privacy laws, and better training opportunities, than those in the U.S.

Mobile Video Conferencing: Trends, Challenges, And Solutions (Enterprise Mobility Exchange) Enterprise Mobility Exchange surveyed its audience in April 2019 about the current state of using mobile devices for collaboration tools in order to learn about the numerous complications prohibiting smooth video conferencing, and strategies that IT leaders can leverage to ensure smooth video conferencing on mobile devices.

Marketplace

A hiring initiative for cyber (FCW) A new fellowship program for young government cyber hires promises college loan repayment for participants, but the incentives don't reward long government service.

As cyber crimes rise, insurers bat for individuals to opt for risk cover (The Times of India) India Business News: HYDERABAD: Cybercrime is set to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015, according to Cybersecurity Ventures.

Libra: Why Facebook's billion dollar bet on its own digital currency will pay off (The Telegraph) At the start of 2018, Mark Zuckerberg first signalled his interest in cryptocurrencies, digital coins that were designed as money for the internet age.

Facebook's cryptocurrency ambitions face privacy concerns,... (Reuters) Facebook Inc announced ambitious plans on Tuesday to launch a new global cryptoc...

Companies Without a Tech Plan in M&A Deals Face Higher IT Costs (Wall Street Journal) Companies without a playbook for integrating information-technology systems in the wake of an acquisition or merger risk spiraling IT costs—and angry employees—chief information officers, consultants and analysts say.

Activists urge Google to break up before regulators force it to (Reuters) Shareholder activists want Google parent Alphabet Inc to break itself up before ...

Pentagon to take a ‘hard look’ at Raytheon, UTC tie up (The Middletown Press) The Pentagon is reviewing Raytheon Co's planned merger with United Technologies, but scrutiny of the proposed deal by the federal government will not end there.

Palantir's IPO Plans are Just as Secretive as the Company Itself (Yahoo) Investors have been excited for a while now about the potential for a Palantir market debut, even though the company has yet to lay out any specific plans for an initial public offering.

Valtix Introduces the First Cloud Native Network Security Platform; Raises $14M in Initial Funding (Yahoo) Today, Valtix announced that it has raised over $14 million in funding from Trinity Ventures, Vertex Ventures and Wing Venture Capital. The company also unveiled the industry's first cloud-native network security platform, the Valtix Security Platform

Welcome to the Tribe - Onapsis Completes Acquisition of Virtual Forge (Onapsis) Onapsis has completed its acquisition of Virtual Forge, leading provider of cybersecurity solutions for SAP.

BitDam Receives the 2019 Europe Technology Leadership Award for Proactive Content Security (PRWeb) BitDam, provider of cybersecurity solutions that protect enterprise communications from advanced threats hidden in files and links, announced today that it

For pen testing firm IOActive, security is cultural not transactional (TechCrunch) IOActive may not be a household name but you almost certainly know its work. The Seattle-headquartered company has been behind some of the most breathtaking hacks in the past decade. Its researchers have broken into in-flight airplanes from the ground and reverse engineered an ATM to spit out gobs …

Aviatrix Attracts Veteran Leadership Team to Build the Enterprise Multi-Cloud Backbone (Aviatrix Systems) Aviatrix today announced that the team that “virtualized the network” at Nicira and built it into a billion-dollar business at VMware has joined the company to build the Enterprise Multi-Cloud Backbone.

Kroll adds managing director to cyber-risk practice (Compliance Week) Kroll announced the appointment of Thomas Brittain as an associate managing director in the Cyber Risk practice.

Products, Services, and Solutions

Stay One Step Ahead of Hackers with Irdeto Trusted Telemetry (Irdeto) A key component of Cloakware® Security Services, Trusted Telemetry delivers reliable information on security events in real-time, providing early warning of cyberattacks

Imperva Strengthens Defense-in-Depth Application Security Portfolio (Imperva) Imperva, Inc., the cybersecurity leader championing the fight to secure data and applications wherever they reside, today announced significant enhancements to the Imperva Application Security portfolio, now offering targeted protection against account takeover (ATO), an industry-leading approach to detecting and blocking malicious attacks targeted at APIs, as …

Panorays Unveils New Tools for Auto Discovery of Third and Nth Parties and Geolocation of Digital Assets (Panorays) Panorays has announced the availability of two new tools to automatically discover third- to nth-party suppliers and to locate digital assets globally.

Ping Identity and iovation Provide User and Device Risk Management for Zero Trust Access (BusinessWire) Ping Identity, the leader in Identity Defined Security, today announced its combined solution with iovation, a TransUnion company, to provide customer

ASC X9 Publishes White Paper and Technical Report on Quantum Computing Risks; New Quantum Standard Effort Announced (ASC X() The Accredited Standards Committee X9 Inc. (X9) today announced the release of two documents on quantum computing: a white paper that seeks to educate the financial services industry about the risks that a large quantum computer would pose to the industry, and a Technical Report that describes both cryptographic and noncryptographic uses for quantum computers...

Infocyte Taps Solutions Granted as Master MSSP, Enabling MSPs to Deliver Comprehensive, Cost-effective Endpoint Security Solutions to Small and Mid-market Organizations (Benzinga) The strategic partnership democratizes the security landscape, enabling the delivery of enterprise-grade managed security services—typically reserved for the Fortune 1000—to small...

Top 20 Public Bug Bounty Programs of All Time (HackerOne) Ever wonder who runs the biggest, fastest, and most lucrative bug bounty programs on the HackerOne platform? Now you can find out!

MongoDB gets a data lake, new security features and more (TechCrunch) MongoDB is hosting its developer conference today and, unsurprisingly, the company has quite a few announcements to make. Some are straightforward, like the launch of MongoDB 4.2 with some important new security features, while others, like the launch of the company’s Atlas Data Lake, point t…

SD-WAN Roundup: Riverbed Scales up with Versa Networks, Fortinet Launches SD-Branch (Channel Partners) Riverbed and Versa Networks, a software-defined wide area networking (SD-WAN) vendor, are partnering. Versa gained a new customer base to help it chase VeloCloud, and Riverbed gained a popular SD-WAN solution for the enterprise.

Atos and Virtru announce partnership to offer a data security solution for Digital workplace (APN News) Atos, a global leader in digital transformation, today announced a strategic partnership with Virtru, a leading data protection platform provider that stands at the intersection of security and privacy. The partnership will provide global organizations with a joint encryption solution for Digital Workplace, protecting customer data across cloud-based platforms. This solution combines Atos hardware encryption with Virtru’s encryption software and […]

Akamai Technologies join hands with DreamHack for cybersecurity (CISO MAG | Cyber Security Magazine) Digital entertainment company DreamHack recently announced a new partnership with the cloud delivery network provider Akamai Technologies to jointly share data security insights along with analysis on the global gaming and eSports industry.

Fortinet Offers Integrated Security for Business Branches (Nasdaq) Fortinet FTNT recently unveiled a comprehensive solution - Secure SD-Branch - designed to offer WAN and access edge security, and security driven networking to distributed enterprises.

PhishLabs Enhances Email Incident Response Service (PhishLabs) Today we are releasing an enhancement to the Email Incident Response Service. The upgrade will include the addition of SOAR and overall enhancements.

Technologies, Techniques, and Standards

Agencies need force multiplying technologies to keep up with the cyber threat (Federal News Network) Gigamon’s Dennis Reilly said tools like next generation network packet brokers help agencies catch up and get ahead of cyber attackers.

Techniques for Conducting Threat Hunting at Scale (Bricata) The law of large numbers theorem facilitates threat hunting at scale on large networks because it isolates unusual activity and network anomalies.

Detecting Advanced Bots Using Active Interrogation (ThreatXLabs) Read how we used ThreatX's enhanced bot detection & mitigation capabilities to reduce the volume of possible bot requests sent by suspicious source entities.

The Risk Management Framework Is Dead. Long Live the RMF. (Nextgov.com) A framework is just that: a frame of reference from which to adapt according to your needs and situation.

Apple Federal Credit Union Releases List of Safeguards for Using Mobile Cash Apps (BusinessWire) Apple Federal Credit Union released a list of safeguards to help consumers protect their funds when using mobile cash apps.

Why phishing education has never been more critical to your business (Help Net Security) Phising education is essential. Here are several best practices that will help you keep your business, data and employees safe.

Grappling With Cyber Threats in a Smart Building Era (Commercial Property Executive) In a Realcomm panel in Nashville, Tenn., experts hashed out the implications of new privacy regulations and the growing array of risks as people and properties get more connected.

A simple message for security teams: Prove the value (CIO Dive) New technologies create new risks. New risks put pressure on the security organization. And the security organization, in a competitive threat and talent landscape, is asked to meet demands while proving worth.

Design and Innovation

Coming in 2020: Calibra (Facebook Newsroom) Today we're announcing plans for a digital wallet for Libra, a new global currency powered by blockchain technology.

Facebook announces Libra cryptocurrency: All you need to know (TechCrunch) Facebook has finally revealed the details of its cryptocurrency, Libra, which will let you buy things or send money to people with nearly zero fees. You’ll pseudonymously buy or cash out your Libra online or at local exchange points like grocery stores, and spend it using interoperable third-…

First Look: Libra - An in-depth review of Facebook's long-anticipated entry into cryptocurrency (Binance Research Report) Binance Research, the market and research analysis arm of Binance, discusses Libra, Facebook’s first cryptocurrency, from a technical and analytical perspective along with the potential impacts of this new entrant to the market.

The Ambitious Plan Behind Facebook’s Cryptocurrency, Libra (WIRED) Facebook designs a cryptocurrency that it won't fully control, but that will uniquely benefit Facebook.

Facebook cryptocurrency: how Libra will change the way you spend money (The Telegraph) Facebook has unveiled plans for a global cryptocurrency which the social networking giant hopes will provide an alternative to cash, credit cards and bank transfers.

Adobe Created an A.I. That Spots -- and Reverses -- Fake Photos (Digital Trends) The company behind the software that's often used to manipulate photographs may help make it easy to spot a fake photo. Researchers at Adobe recently created an artificially intelligent program that can recognize when Photoshop's Face Aware Liquify tool is used -- and even reverse the edits.

Automated cryptocode generator is helping secure the web (Techxplore) Nearly every time you open up a secure Google Chrome browser, a new MIT-developed cryptographic system is helping better protect your data.

Instagram Targets Account Hijacking (TechNewsWorld) Account hijacking has become a nettlesome problem at Instagram so it has decided to do something about it. The social media company has begun testing a simpler method for users to reclaim their compromised accounts. It allows users locked out of their hacked accounts to ask for a six-digit code to be sent to the email address or phone number originally used to open the account.

Research and Development

Researchers develop app to detect Twitter bots in any language (Help Net Security) A new application that can detect Twitter bots independent of the language used was developed by researchers at the University of Eastern Finland.

Evaluation of password hashing schemes in open source web platforms (Science Direct) Nowadays, the majority of web platforms in the Internet originate either from CMS to easily deploy websites or by web applications frameworks that all…

All Things Considered: An Analysis of IoT Devices on Home Networks (Avast/Stanford) In this paper, we provide the first large-scale empirical analysis of IoT devices in real-world homes by leveraging data collected from user-initiated network scans of 83M devices in 16M households.

Research Highlights All Things Considered: an Analysis of IoT Devices on Home Networks (Avast/Stanford) Stanford University and Avast joint research to understand what the smart homes of the world look like today.

Legislation, Policy and Regulation

Why cyber warfare represents diplomatic territory (PBS NewsHour) The New York Times reported over the weekend on U.S. military attempts to infiltrate the Russian power grid. The effort represents the latest offensive in an increasingly digital conflict with Russia, whose 2016 election interference is well documented. John Yang talks to R.P. Eddy, a former National Security Council official and founder of an intelligence consulting firm, about this new frontier.

Editorial: American cyber hacking (Richmond Times-Dispatch) On June 15, The New York Times published an alarming news story that detailed how the U.S. has recently become far more aggressive toward Russia in its online countermeasures as

UN surveillance expert urges global moratorium on sale of spyware (iTnews) Pending rules to stop governments snooping on opponents and critics.

Don’t think that Putin and Xi are going soft (Times) Disruptors of the world, unite! If I had my way the world’s most irritating opponents of police states would gather for a pint every Thursday (Karl Marx’s old digs in Dean Street would do fine) to...

Facebook Token Runs Into Instant Political Opposition in Europe (Bloomberg) French finance chief says it can’t be a ‘sovereign currency’. Germany’s Ferber sees Facebook becoming a shadow bank

Top Democrat calls for Facebook to halt cryptocurrency plans until Congress investigates (The Verge) ‘Facebook is continuing its unchecked expansion and extending its reach into the lives of its users,’ Rep. Maxine Water said

Senators weigh potential security risks from Chinese-made drones (TheHill) Members of the Senate Commerce security subcommittee examined the impact of banning Chinese-made drones, or components for drones, during a hearing on Tuesday.

Opinion | Bolton moves to promote loyalists at the National Security Council (Washington Post) Bolton wants his senior team in place to establish stability in the run-up to the 2020 election, officials said.

Analysis | The Cybersecurity 202: Senate Democrats target McConnell in election security fight (Washington Post) Here's how they plan to push their bills despite his opposition.

Newsroom Portman, Peters Introduce Bipartisan Bill to Strengthen Cybersecurity Coordination with State and Local Governments (Senator Portman) U.S. Senators Rob Portman (R-OH) and Gary Peters (D-MI) introduced bipartisan legislation to promote stronger cybersecurity coordination between the Department of Homeland Security (DHS) and state and local governments to safeguard against cyber threats.

Maryland Gov. Hogan sets up new computer security office to protect state networks (Baltimore Sun) Maryland Gov. Larry Hogan has signed an executive order to strengthen the state's defenses against cyber attacks.

Hogan hires a cybersecurity chief, ramping defense against threats to data systems (Washington Post) The governor signed an executive order that also creates a statewide Office of Security Management.

Rep. Will Hurd: I'm a conservative. I was 'disinvited' to the Black Hat Conference. Here's what I want to know (Fox News) This weekend, I experienced a first as a member of Congress – I was uninvited to give the keynote address at the world’s premier cybersecurity conference.

Litigation, Investigation, and Enforcement

Four to Face Murder Charges in Downing of Malaysia Airlines Flight 17 (New York Times) Investigators said on Wednesday that three Russians and one Ukrainian would be tried in the Netherlands in March, whether they were present or not.

UN rights investigator to issue report on Khashoggi killing (Al Jazeera) Agnes Callamard will issue her report on the killing of Saudi journalist Jamal Khashoggi on Wednesday.

Inside Backpage.com’s Vicious Battle With the Feds (WIRED) For years, it was the largest portal for sex on the internet. Now its fate could shape the future of Silicon Valley.

usso-American grid hacking and deterrence. Argentina blackout update. Spies troll for sources. Facebook's cryptocurrency.

Bring your own context.