The CyberWire Daily Briefing, 7.2.19

Cyber Attacks, Threats, and Vulnerabilities

Vietnamese hacking group has a ‘Swiss Army knife’ of tools at its disposal (CyberScoop) A set of remote access tools used by Vietnam’s top hacking group remained largely undetected for years despite their reliance on sloppy code and other hacking techniques that fall short of the group’s normally high standard, according to research published Monday by BlackBerry Cylance.

Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus (Threat Vector) The OceanLotus Group (aka APT32, CobaltKitty) is using a suite of remote access trojans dubbed 'Ratsnif' to leverage new network attack capabilities. In this blog, BlackBerry Cylance threat researchers have analyzed the Ratsnif trojans, which offer a veritable Swiss-army knife of network attack techniques.

RDP BlueKeep exploit shows why you really, really need to patch (Naked Security) A video of the exploit shows CVE-2019-0708 being exploited remotely, without authentication.

ETERNALBLUE sextortion scam puts your password where your name should be (Naked Security) Here’s a sextortion scam that puts your password right where your name would usually be, to rattle your cage even more than usual.

Billions of Records Including Passwords Leaked by Smart Home Vendor (BleepingComputer) A publicly accessible ElasticSearch cluster owned by Orvibo, a Chinese smart home solutions provider, leaked more than two billion user logs containing sensitive data of customers from countries all over the world.

Adware Campaign Identified From 182 Game and Camera Apps on Google Play and Third-Party Stores Like 9Apps (TrendLabs Security Intelligence Blog) We recently observed an active adware campaign concealed in 182 game and camera apps, majority of which were found on the Google Play Store.

This Scary Game Stole Passwords From Thousands of Android Users (Forbes) A horror game that was hiding in plain sight on Google Play terrified users with more than its gameplay.

MageCart Launches Customizable Campaign (Dark Reading) A tool new to MageCart bolsters the group's ability to evade detection and steal data.

Inter: Skimmer For All (Fortinet Blog) Learn about the Inter web skimmer campaign, recently uncovered by FortiGuard Labs…

Personalized medicine software vulnerability uncovered by Sandia researchers (Sandia Labs) A weakness in one common open source software for genomic analysis left DNA-based medical diagnostics vulnerable to cyberattacks.Researchers at Sandia National Laboratories i

The Infrastructure Mess Causing Countless Internet Outages (WIRED) You may not have heard of the Border Gateway Protocol, but you definitely know when it goes wrong.

Vulnerability Summary for the Week of June 24, 2019 (CISA) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Google Play Store scrubs more than 100 adware-infected camera and gaming apps (CyberScoop) Next time you’re thinking about downloading a new app — especially if it’s a freebie from the Google Play Store — and ask yourself: Is this worth getting hacked over?

Facebook abused to spread Remote Access Trojans since 2014 (ZDNet) It is estimated that tens of thousands of users became victims of the campaign.

Extortion Scam Claims EternalBlue Was Used to Install a Backdoor (BleepingComputer) An extortion scam is being distributed that claims a Remote Access Trojan, or RAT, was installed on your computer using the EternalBlue exploit. The scammers then go on to say that they used the RAT to take videos of you on adult web sites and that you must pay a ransom or they will send it to all of your contacts.

There might be malware underneath your morning texts (ETCIO.com) The sneaky nature of such malware is dangerous as compared to many files, images rarely come under scanner for viruses.

Will hacked voting machines decide the 2020 election? (Fifth Domain) Experts are worried about vulnerabilities, but the government says it hasn't yet seen evidence of hacking.

New study suggests Trump's 2016 poll numbers rose after increased Russian troll farm tweets (TheHill) The Russian troll farms that carried out a sophisticated disinformation campaign on U.S.

How a grim Eurovision Song Contest cyber attack was prevented at last second (9News) As millions of people around the world tuned into this year’s Eurovision final in Tel Aviv, little did they...

Georgia court agency hacked in ransom attack (Atlanta Journal-Consitution) Malware infected computers at Georgia Administrative Office of the Courts, which shut down its website and applications to contain the hack.

Florida city fires IT employee after paying ransom demand last week | ZDNet (ZDNet) At least one head rolls after second Florida city pays gigantic ransom demand to ransomware gang.

Key Biscayne recovering from cyberattack after hackers hit a third city in Florida (Miami Herald) The village of Key Biscayne confirmed Thursday it had been hit by a cyberattack — the third Florida city this month to fall victim to outside hackers.

Hacker deletes entire student newspaper website of University of Ottawa (HackRead) A hacker or simply call them a cyber criminal hacked into the independent student newspaper of the University of Ottawa (uOttawa) “The Fulcrum” and ended up deleting the entire website early Sunday morning.

Facebook, YouTube Overrun With Bogus Cancer-Treatment Claims (Wall Street Journal) Facebook and YouTube are being flooded with scientifically dubious and potentially harmful information about alternative cancer treatments, which sometimes gets viewed millions of times, a Wall Street Journal examination found.

Security Patches, Mitigations, and Software Updates

Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers (KrebsOnSecurity) It might be difficult to fathom how this isn’t already mandatory, but Microsoft Corp. says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication.

Cyber Trends

Analyzing Utilities Sector Cybersecurity Performance (BitSight) See what BitSight’s data science team learned when they analyzed the security performance of organizations in the utilities sector.

Survey: Americans Want to Protect Their Information, But Unsure Where to Start (Palo Alto Networks Blog) A new online survey from Palo Alto Networks and YouGov reveals that Americans are still confused about what it means to be safe on the internet.

Financial Industry Hit By Surging Numbers of Cyber-Incidents (Infosecurity Magazine) Retail banks were hit the hardest

Third parties contribute to 1000% increase in finance sector cyber-crimes (SC Magazine) Cyber-attacks reported in the UK financial service sector went up 1,000 percent since 2017, with third-party failures involved in 21 percent of incidents.

Nearly 20% of UK Children Exposed to Self-Harm Images Online (Infosecurity Magazine) There has been a year-on-year increase in the numbers and rates of police-recorded online child sexual offences in England, Wales and Northern Ireland

Marketplace

Keyfactor Acquires Spanish Digital Identity Firm Redtrust (Security Boulevard) Acquisition accelerates Keyfactor innovation, European expansion

Analysis | How Huawei Became a Target for Governments (Washington Post) Huawei Technologies Co., one of China’s most global companies, is increasingly in the crosshairs of the U.S. government and its Western allies, just as it’s pushing for a leadership role in the new wireless standard known as 5G. The telecommunications giant is facing multiple battles, including the arrest in Canada of its chief financial officer, criminal charges in the U.S. and the prospect of being banned from buying American-made components and shut out of infrastructure projects around the w

Telecom insiders detail hardships posed by Chinese technology ban (CSO Online) Banning Chinese Telecom vendors Huawei and ZTE creates fear, uncertainty and doubt as well as new supply chain security ideas among small telcos.

Bringing more talented individuals into the security industry (Help Net Security) In this interview, Tony Vizza, Director of Cybersecurity Advocacy, Asia-Pacific, (ISC)2, talks about the importance of developing security skills and more!

U.S. Army Picks ManTech for $21 Million Award to Advance Persistent Cyber Training Environment (PCTE) for Next Generation Cyber Warriors (Yahoo) ManTech (Nasdaq: MANT) today announced that it has won a three-year $21 million Other Transaction Agreement (OTA) award from the Department of.

UTC-Raytheon megadeal draws protest from second billionaire hedge-fund activist (Winston-Salem Journal) After supporting breaking United Technologies Corp. into three companies, a second billionaire hedge-fund activist has come out in opposition to the proposed merger of UTC and Raytheon.

Former Deputy Secretary of Defense Robert O. Work Joins SparkCognition Advisory Board (Yahoo) SparkCognition announced that Secretary Robert O. Work, former U.S. Deputy Secretary of Defense and Distinguished Senior Fellow for Defense and National Security at the Center for a New American Security (CNAS), has joined the company's Advisory Board.

Products, Services, and Solutions

Deep Instinct Updates Platform with Robust Deep Learning Cybersecurity for Google Chrome OS (Deep Instinct) Deep Instinct announces that it has added protection for the Chrome Operating System (Chrome OS) to its updated deep learning cybersecurity solution.

ID Incognito Launches - A Web App For Online Privacy (Yahoo) ID Incognito is a new web app dedicated to protecting your personal information online. The app was made in response to the growing need to provide personal information in order to use services online, specifically phone numbers and email addresses.

Bitdefender Delivers Proactive Attack Surface Reduction With Advanced Endpoint Risk Analytics (PR Newswire) Bitdefender, a global cybersecurity leader protecting over 500 million systems...

Singapore Government Announces Third HackerOne Bug Bounty Program to Reduce Risk, Boost Cybersecurity (Yahoo) HackerOne, the leading hacker-powered security platform, today announced it will partner with the Government Technology Agency of Singapore (GovTech) and the Cyber Security Agency of Singapore (CSA), to work with hackers from all over the world to further protect Singapore citizens by testing public-facing

Utimaco utilizes ISARA security solutions to offer the first commercial quantum-safe Hardware Security Module (Yahoo) Utimaco, one of the world’s largest manufacturers of Hardware Security Modules (HSMs) that provide the Root of Trust to numerous industries, and ISARA Corporation, the world’s leading provider of agile quantum-safe security solutions, today announced the world’s first commercial quantum-safe Hardware

Visure Solutions Launches New Comprehensive ALM Platform for Requirements Management (PR Newswire) Requirements management today is dominated by a first generation of rigid, heavy-to-use and multi-purpose legacy...

Opinion | What if All Your Slack Chats Were Leaked? (New York Times) Unless the company makes changes to its encryption and retention policies, using Slack could put your data at risk.

RSA taps Duo for New Zealand distribution (New Zealand Reseller News) Global cybersecurity company RSA has appointed Duo as distributor for its complete range of products in New Zealand.

Crowdsourced Security Testing that Puts Privacy First (IT Business Net) Synack Introduces First-of-its-Kind Workspaces with Endpoint Control to Support Privacy

Bitdefender Delivers Proactive Attack Surface Reduction With Advanced Endpoint Risk Analytics (Yahoo) The industry's first single-agent, single-console endpoint protection solution to combine risk analytics with advanced prevention and endpoint detection and response (EDR)

CyberX launches automated threat extraction platform (SecurityBrief) Unlike other traditional threat intelligence, Ganymede focuses on IoT/ICS/OT-specific threat intelligence for industrial and critical infrastructure organisations.

Technologies, Techniques, and Standards

How Europe's smallest nations are battling Russia's cyberattacks (Yahoo News) Earlier this year, the country of Berylia came under a coordinated cyberattack. For two days, hackers targeted the island nation’s power grid and public-safety infrastructure, while cyber experts from across Europe worked to counter the attacks. Of course, the island nation of Berylia is imaginary,

Austrian Banks Defend Themselves in First Cyber Attack War Games (Bloomberg) Austrian banks were found to be “by and large” well prepared to defend themselves from hacker attacks after the country’s financial regulator staged its first cyber war game.

Don’t Play the Victim: #HowTo Create a Ransomware Backup Plan (Infosecurity Magazine) Well managed data is easier to locate, utilize and update with the latest security policies

Privacy and Data Protection in Multimedia Apps (Infosecurity Magazine) The processing of sensitive data through multimedia apps poses significant risks to data security and privacy

How the healthcare industry can improve online trust (Help Net Security) Privacy on the internet is important in all industries, but none more so than the healthcare sector, which handles mass amounts of online health data

Stealth Attacks Require Stealth Responses (SIGNAL Magazine) Global, asymmetrical threats now dominate attacks on nations and businesses alike, and the enemy is not always immediately knowable, identifiable or even seen.

Business security in the age of malicious bots (Help Net Security) Malicious automated bots exploit legitimate application functionality, and they’re delivered at a scale to make them economically viable.

Design and Innovation

AI Powers ‘Self-Healing’ Technology (Wall Street Journal) Companies are tapping artificial intelligence to automate the care of their operations and information-technology infrastructure, finding that AI can identify and fix problems more quickly than humans.

Legislation, Policy and Regulation

Analysis | The Cybersecurity 202: Trump administration did right thing with cyberattack against Iran, say experts (Washington Post) The digital strike sent a message without killing anyone.

Iran Breaches Critical Limit on Nuclear Fuel Set by 2015 Deal (New York Times) Tehran also signaled that it now intends to enrich its nuclear fuel stockpile to a purer level, a provocative action that could move the country closer to being able to use the fuel for a weapon.

US-Iran clash enters cyber realm and tests a Trump strategy (The Christian Science Monitor) As the U.S.-Iran confrontation moves into the cyber realm, in addition to the physical, it also helps make an argument for restraint.

Iran Strikes Back (The Cipher Brief) The Cipher Brief talks with expert and former Deputy Commander of cyber command Vince Stewart about Iran's capabilities in cyber

Major or Minor? Lawmakers Keep Close Eye on Huawei Concession (Wall Street Journal) President Trump’s decision to let Huawei buy technology equipment again from the U.S. is emerging as a fresh source of tension between the administration and Senate Republicans.

President: We need to boost cybersecurity capabilities (ERR) President Kersti Kaljulaid held a meeting with the National Defence Council on Monday, to discuss the future of the e-state. One significant conclusion arose, namely that the state needs to actively seek opportunities to increase cyber security and cryptography capabilities.

APRA puts boards on notice over cyber security (Which-50) Global and local regulation is helping to concentrate boards’ attention on cyber security risks, according to industry experts. From today boards of

How to Win Friends and Wage Jihad (Foreign Affairs) With its wealth of experience and web of historical relationships with regional powers, al Qaeda looks poised to capitalize on the chaos engulfing the Middle East.

People who misquote the Bible will have their comments deleted from Church's Facebook, says Archbishop (The Telegraph) Churchgoers who misuse the Bible will have their comments deleted from posts on the official Church of England Facebook page, the Archbishop has said.

Can religion save us from the dark side of social media? (The Telegraph) It comes to something when the Archbishop of Canterbury, Justin Welby, is our most eloquent defender of truth.

US officials are talking about banning end-to-end encryption again | TheINQUIRER (http://www.theinquirer.net) Oh no, not this again,Security ,Security,Friction,donald trump,USA,Privacy ,encryption

What is the CISA? How the new federal agency protects critical infrastructure (CSO Online) The Cybersecurity and Infrastructure Security Agency (CISA) is a new federal agency, created to protect the nation's critical infrastructure.

[Letter from Senator Warren and Representative Jayapal to FCC Commissioner Pai] (Congress of the United States) We write to request information from the Federal Communications Commission's (FCC), Communications Security, Reliability, and Interoperability Council ("CSRIC" or "Counsel"), and the extent to which that body may be inappropriately dominated by industry insiders.

Industry Influence on an FCC Advisory Panel (Project On Government Oversight) The Federal Communications Commission is supposed to help keep our communication networks secure. But its reliance on an industry-dominated group for cybersecurity advice undermines that mission.

Senate Has Spoken: Smart Crowdsourced Security American Security First (AiThority) Synack, the most trusted Crowdsourced Security Platform, commends the work of the U.S Senate which put the security of American citizens.

Deepfake revenge porn distribution now a crime in Virginia (Ars Technica) New text effective today adds "falsely created images" to state law.

Litigation, Investigation, and Enforcement

‘The enigma of the entire Mueller probe’: Focus on origins of Russian investigation puts spotlight on Maltese professor (Washington Post) Joseph Mifsud’s tip to a Trump adviser that the Russians had “dirt” on Hillary Clinton led to the opening of the counterintelligence probe, special counsel Robert S. Mueller III wrote in his report.

Tulsi Gabbard Says a Teen Hacked a Replica of an Election System. She’s Wrong (Vice) Election security is a real issue, but Gabbard is not helping by getting the facts wrong about a hack that was demonstrated at Def Con 2018.

Square Faces Lawsuit Over Misfired Medical Receipt (Wall Street Journal) A California man accused Square of violating privacy laws after the payments company mistakenly forwarded a digital receipt containing details of his medical history to one of his friends.

Ratsnif's not good, but it's good enough. Android adware purge. EternalBlue scam. US-Iranian tension.

Bring your own context.