The CyberWire Daily Briefing, 7.3.19

Cyber Attacks, Threats, and Vulnerabilities

Cybersecurity of NATO’s Space-based Strategic Assets (Chatham House ) This paper will introduce the cyber risks to strategic systems, through an evaluation of threats, vulnerabilities and consequences. It aims to frame the

ISIS Threats Leading Up to July 4 Depict New York, White House Attacks (Homeland Security Today) ISIS adherents have been renewing their vows of allegiance to leader Abu Bakr al-Baghdadi, who publicly declared himself caliph on July 4, 2014.

US Cyber Command issues alert about hackers exploiting Outlook vulnerability (ZDNet) Chronicle links the malware samples to Iran's APT33 group, which previously developed the infamous Shamoon malware.

Iran-Linked Hackers Said to Be Ready for Attacks on U.S. Targets (Foreign Policy) Even if real war doesn’t start, a cyberwar may soon be underway, experts say.

China Is Forcing Tourists to Install Text-Stealing Malware at its Border (Vice) The malware downloads a tourist’s text messages, calendar entries, and phone logs, as well as scans the device for over 70,000 different files.

Chinese border guards put secret surveillance app on tourists' phones (the Guardian) Software extracts emails, texts and contacts and could be used to track movements

Why can’t Israeli pilots get a GPS signal? (C4ISRNET) Israeli pilots have reported the loss of a GPS signal near Tel Aviv for nearly three weeks and officials believe Russia could be to blame.

File-storage app 4shared caught serving invisible ads and making purchases without consent (TechCrunch) With more than 100 million installs, file-sharing service 4shared is one of the most popular apps in the Android app store. But security researchers say the app is secretly displaying invisible ads and subscribes users to paid services, racking up charges without the user’s knowledge — or the…

A Cloudflare outage is impacting sites everywhere (TechCrunch) If you’ve been experiencing “502 Bad Gateway” notices all morning, for better or worse, you’re not alone. Cloudflare has been experiencing some major outages this morning, leaving many sites reeling in its wake. In fact, the company’s System Status page, which collects…

Cloudflare outage caused by bad software deploy (updated) (The Cloudflare Blog) Starting at 1342 UTC today we experienced a global outage across our network that resulted in visitors to Cloudflare-proxied domains being shown 502 errors (“Bad Gateway”). The cause of this outage was deployment of a single misconfigured rule within the Cloudflare Web Application Firewall (WAF)

TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States (Proofpoint) Proofpoint describes a new loader being distributed in the UAE, South Korea, Singapore, and the United States by a prolific threat actor.

Billions of Records Including Passwords Leaked by Smart Home Vendor (BleepingComputer) A publicly accessible ElasticSearch cluster owned by Orvibo, a Chinese smart home solutions provider, leaked more than two billion user logs containing sensitive data of customers from countries all over the world.

Confirmed: 2 Billion Records Exposed In Massive Smart Home Device Breach (Forbes) Smart IoT devices are increasingly being purchased to bolster home, and business, security. Which is all well and good until a device management company forgets to password protect the user database and leaves 2 billion passwords and other data open to anyone...

Newly reported flaws in cameras, locks add to scrutiny of smart-home security (CyberScoop) Homeowners trying to protect their property with surveillance cameras and smart locks may have actually made their households more vulnerable, according to security flaws unveiled by separate teams of researchers Tuesday.

An Analysis of Arlo (Tenable TechBlog) Netgear Arlo is one of the most popular IoT camera vendors out there.

Security flaws in a popular smart home hub let hackers unlock front doors (TechCrunch) When is a smart home not so smart? When it can be hacked. That’s exactly what security researchers Chase Dardaman and Jason Wheeler did with one of the Zipato smart hubs. In new research published Tuesday and shared with TechCrunch, Dardaman and Wheeler found three security flaws which, when …

Cirque du Soleil app gives attackers same admin rights as operators (ZDNet) The developers of the app did not implement any form of authentication.

Alert Logic Report Sheds Light on Evolving Attack Methods Against Small and Midsize Businesses (Yahoo) Alert Logic, the SIEMless Threat Management™ company, today released the research, "Critical Watch Report: SMB Threatscape 2019." This report, specifically focused on challenges small and midsize businesses (SMBs) face, reveals a steady increase in attacks

Phishing-as-a-service threats abusing cloud services (SearchSecurity) New research from cybersecurity vendor Cyren claims the phishing-as-a-service industry is increasingly abusing popular cloud services to host their malicious links and avoid detection.

Supply chain attacks on the rise as the supply chain evolves (Software Integrity Blog) Supply chain attacks are not new. But as the supply chain grows longer and more complex, the attacks are evolving to keep up. Is your supply chain secure?

Schneider Electric Modicon Controllers (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon Controllers Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition.

Quest KACE Systems Management Appliance (CISA) 1. EXECUTIVE SUMMARY CVSS v3 2.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Quest Equipment: KACE Systems Management Appliance (SMA) Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an administrative user unintentional access to the underlying operating system of the device.

Should you be concerned about your phone becoming a 'hot mic'? (Campaigns & Elections) Practitioners struggling to keep up with the growing list of cybersecurity protocols can add another concern to the list: a hacker turning their phone into a “hot mic.”

A Quick and Efficient Method For Locating the main() function of Linux ELF Malware Variants (TrendLabs Security Intelligence Blog) We constantly work on developing methods to address concerns pertaining to attacks against Linux systems, for example, by looking for ways to conduct quick and efficient analysis of malware samples that leads to their eventual detection and blocking.

New MacOS Malware Discovered (Dark Reading) A wave of new MacOS malware over the past month includes a zero-day exploit and other attack code.

Facebook Removes Accounts Used to Infect Thousands With Malware (Threatpost) A widespread malware campaign, ongoing since 2014, was using Facebook accounts and posts to spread malware through URL links.

US election security official highlights email threat (Washington Post) An election security official with the U.S. Department of Homeland Security has warned top state election officials nationwide to safeguard against fraudulent emails targeting state and local election workers

Hacking, Glitches, Disinformation: Why Experts Are Worried About the 2020 Census (New York Times) The government plans to deploy new technology for next year’s head count, but risks abound.

Riviera Beach pays massive ransom to hackers, official says (WPTV) A spokesperson confirms the City of Riviera Beach has paid a massive ransom to computer hackers following a costly cyber attack in May.

The Simple Way Apple and Google Let Domestic Abusers Stalk Victims (WIRED) To prove a point about common location-sharing apps, I asked my wife to use them to spy on me.

Helping survivors of domestic abuse: What to do when you find stalkerware (Malwarebytes Labs) As Malwarebytes works to improve its detection of stalkerware, we're also working to better protect the victims of this nefarious type of software. Here are some tips for survivors of domestic abuse who suspect they are being watched through stalkerware.

Security Patches, Mitigations, and Software Updates

Malwarebytes fixes Windows Defender deactivation bug in Windows 10 1903 (gHacks Technology News) Malwarebytes users who upgraded machines to Windows 10 version 1903 may have noticed that Windows Defender got deactivated after the upgrade automatically.

Cyber Trends

14 Reasons Professionals Give for Why Network Security is Getting Harder (Bricata) A survey found most cybersecurity professionals think the function of network security is getting harder. The survey also asked them "Why?" and here are their answers.

Trend Micro Global Survey Finds Internal Communication Falls Short Between Security and Developer Teams in the Move to DevOps (Trend Micro Newsroom) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity solutions, today announced results from a recent survey that shows despite the enterprise benefits assured by adopting a DevOps culture, the majority of IT leaders polled believe communication between IT security and software development must

Superannuation accounts a rich target for cyber-crime (Investment Magazine) Superannuation funds present unique opportunities for cyber-criminals to attack

Air travel needs cybersecurity, now tighter than ever (The Financial Express) Cybersecurity topics should not be considered only at a technical layer: even if these attacks are mainly performed on the IT infrastructure

Uncharted territory: why consumers are still wary about adopting cryptocurrency (Kaspersky) Cryptocurrency has rapidly become one of the most exciting technologies in recent years. The most popular of them all – Bitcoin – soared in value in 2017, leading to millions to purchase the currency and set up their own mining farms.

Symantec finds over 50% of enterprises 'believe security can't keep up with cloud adoption' (ITWire) Symantec has released its latest "Cloud Security Threat Report" which finds "cloud security exacerbated by immature security practices, overtaxed IT staff and risky end-user behaviour".

Cloud Security Threat Report (Symantec) Seventy-three percent of firms had cloud incidents due to immature security.

Top 3 Cybersecurity Trends that Modern Businesses Should Look out For (CIOReview) Top 3 Cybersecurity Trends that Modern Businesses Should Look out For By CIOReview - Cybersecurity is laced with highest security systems, playing a prominent role in curbing cyber theft from businesses....

The human factor and its role in cybersecurity breaches (Essential Retail) We take a look at the threat landscape facing retailers, and what companies can do to boost cyber security

Marketplace

Security-as-a-service soars, says Canalys (CRN Australia) 46 percent growth year on year heralds security transition.

What to Pay for Cybersecurity Professionals? (Cyber Defense Magazine) The increase in salaries is more dramatic this year, as companies fight each other for talent

Supply isn't keeping up with the demand to fill cybersecurity jobs in Ireland (Fora.ie) A jump in demand for suitable candidates has increased Ireland’s skills gap in the area.

TrapX Security raises $18 million to thwart cyberattacks with decoy assets (VentureBeat) San Jose-based cybersecurity solutions provider TrapX has raised $18 million in venture capital from a raft of investors.

Gryphon Expands Industrial Cyber Capabilities through Acquisition of PGFM (Yahoo) Gryphon Technologies, Inc. ("Gryphon" or the "Company"), a premier defense engineering and technical services provider supporting national ...

Broadcom Is in Advanced Talks to Acquire Symantec (Bloomberg) CEO Tan has branched out into software already with CA deal. Chipmaker led wave of deals that reshaped the industry.

Raytheon United Technologies merger (Military & Aerospace Electronics) Speculation merger may not happen, President worries it could cut competition, Air Force calls it a security concern, and investors question its logic.

The company you keep (SC Media) A new take on the old adage “you’re known by the company you keep,” might aptly apply to women in security who’ve found success, progress and

Don't tell Alice and Bob: Security maven Bruce Schneier is leaving IBM (Register) Says bye to Big Blue

Products, Services, and Solutions

Qualys Expands Global Cloud Platform to the Canadian Market (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, ...

Sepio Systems Partners with Distribution Giants Tech Data and SHI to Tackle Hardware-Based Cyber-Attacks (APN) The partnership will allow Tech Data’s and SHI’s customers to benefit from easy deployment of Sepio Prime and Sepio Agents for managing the security risk coming from uncontrolled peripheral devices and accessories in their network

Elbit : Subsidiary Selected to Supply a Cyber Intelligence System to the Dutch National Police | MarketScreener (Market Screener) Following an extensive and competitive evaluation process Cyber Intelligence Ltd, a subsidiary of Elbit Systems, was selected to provide the Dutch National Police...

5 Years of Fighting DDoS with the Power of Akamai (Akamai) Earlier this year, Akamai celebrated the fifth anniversary of the Prolexic acquisition. The merger was officially completed in February of 2014, and a lot has happened since then. In this post, we want to spend a moment reflecting on the last five years and look at what's ahead.

Unisys Stealth Integrates With Dell EMC Cyber Recovery Software (PAGEONE) Global IT company Unisys has integrated its award-winning software security system Unisys Stealth with Dell EMC Cyber Recovery software for improved cyber resilience and business continuity. This will allow quicker and more secured cyber recovery

Unisys Joins the Cyber Security Coalition to Help Fight Cyber Crime in Belgium (Yahoo) Unisys Corporation (UIS) today announced it has joined the Cyber Security Coalition – a partnership among more than 60 organizations from the academic world and the public and private sectors that have joined forces in the fight against cyber

Chrome OS Gets Its Own Cybersecurity Solution - Deep Instinct (Android Headlines) Deep Instinct has now unveiled a new update to its deep learning AI-driven cybersecurity solution that adds support for Chrome OS, make Chromebooks even more secure than before for enterprise and similar organizations.

ThreatConnect Releases Its Latest Version of CAL to Make Threat Intelligence More Easily Quantifiable (Yahoo) ThreatConnect®, provider of the industry’s only intelligence-driven security operations platform, announces its latest version of CAL™ (Collective Analytics Layer), its cloud-based analytics engine which offers immediate insight into the relevance and pervasiveness of threats and indicators of compromise

Technologies, Techniques, and Standards

Cybersecurity crisis communication: How to do it well (Help Net Security) Riviera Beach is one of the several cities and towns in Florida which have recently been hit with ransomware. Its local government, like that of Lake City

What businesses can learn from a classic movie (nCipher Security) They say that if you haven’t got your health, you haven’t got anything. At least that’s what Christopher Guest said in his role as Count Tyrone Rugen in the movie The Princess Bride.

The art and science of password hashing (Help Net Security) Password hashing is a one-way cryptographic transformation on a password, turning it into another string, called the hashed password.

How cyber security can tackle cyber bullying (The New Paper) Access to online learning exposes students to a wealth of information. However, it can also expose them to the darker side of the Internet. Cyber bullies use Internet-based platforms to torment others, even when attending school. And cyber bullying is a serious political,...

Design and Innovation

Facebook News Feed changes downrank misleading health info and dangerous ‘cures’ (TechCrunch) No, drinking bleach is not a miracle cure for diseases and other conditions — but that’s the sort of bogus health claim that’s floating around the web these days, getting blocked by sites like Amazon and YouTube. Now you can add Facebook to that list of sites taking action —…

Addressing Sensational Health Claims (Facebook Newsroom) In order to help people get accurate health information and the support they need, it’s imperative that we minimize health content that is sensational or misleading.

Facebook Is Censoring Posts That Could Save Opioid Users' Lives (Vice) Facebook appears to be blocking people who warn users about poisonous batches of drugs or who supply materials used to test for fentanyl.

Legislation, Policy and Regulation

Why the US cyber attack on Iran was 'game changing' (CNBC) Haiyan Song of Splunk says cyber attacks could be a "new way" for countries and nation states to think about their competitiveness in the military world.

Iran Isn’t Trying to Build a Bomb Tomorrow. It Wants Sanctions Relief. (Foreign Policy) Iran’s decision to surpass uranium enrichment limits isn’t a dangerous provocation. It’s a calculated effort to get European leaders to reinforce the nuclear deal and…

Europeans urge Iran to abide by nuclear pact; Israel says preparing... (Reuters) European signatories to a nuclear pact with Iran said on Tuesday they were "..

U.S. government staff told to treat Huawei as blacklisted (Reuters) A senior U.S. official told the Commerce Department's enforcement staff thi...

How U.S. Chipmakers Pressed Trump to Ease China's Huawei Ban (Bloomberg) Trump’s easing up on entity list comes after lobbying campaign. American firms say current restrictions harm national security.

Big Tech attacks UK plan to hold firms liable for harmful content (Financial Times) Online harms regulations says platform have duty of care to protect users.

Is Your VPN Provider in a 14 Eyes Country? (What is 14 Eyes?) (HackRead) The reason people have Virtual private networks (VPNs) is that they protect our online privacy, however, privacy is essentially non-existent if you live in a place where the government is allowed to track your online activities.

DOD's cyber policy deputy clarifies homeland support role (FCW) A senior defense official explained that DOD can provide information sharing and technical expertise to respond to ongoing cyber threats against the homeland.

House lawmakers officially ask Facebook to put Libra cryptocurrency project on hold (The Verge) ‘These vulnerabilities could be exploited and obscured by bad actors’

Analysis | The Cybersecurity 202: Time’s running out if Congress wants to boost 2020 election security (Washington Post) 'It takes time to plan, to do assessments,' says Vermont's top election official.

Thailand Fortifies Cybersecurity for a Seamless ASEAN Connected to the World (Yahoo) "Seamlessly connected" is how ASEAN aspires to facilitate and expand people-to-people interactions among its diverse population and build a common community with a shared sense of ownership.

France Moves Toward U.S. Model By Endorsing Corporate-Led Investigations (Wall Street Journal) Guidance explaining how internal investigations can help companies secure negotiated settlements to resolve allegations of certain financial crimes signals a significant shift in the country’s approach to corporate crime.

Spies fear a consulting firm helped hobble U.S. intelligence (POLITICO) Insiders say a multimillion dollar McKinsey-fueled overhaul of the country’s intelligence community has left it less effective.

New law brings big change to IRS in IT, cyber (FCW) A new law will implement a raft of technology and cybersecurity reforms at the IRS while also restoring hiring authorities that officials say are key to attracting qualified IT talent.

Litigation, Investigation, and Enforcement

Transnational Organized Crime and National Security: Hezbollah, Hackers and Corruption (Lawfare) Hezbollah has adapted to the American crackdown on its money laundering operations by bringing in new front-men and shell companies. In the U.S., municipalities across the country have suffered ransomware attacks. And, new corruption investigations demonstrate the vulnerability of Central and South American governments to drug cartels.

Senate committee details cyber deficiencies at 8 agencies, but is that the whole story? (Federal News Network) The HSGAC Subcommittee on Investigations’ report on the cybersecurity at eight agencies highlights systemic problems over the last decade.

Border-surveillance subcontractor suspended after cyberattack revealed sensitive monitoring details (Washington Post) The suspension is a crushing blow to one of the central cogs of the U.S. border-surveillance machine.

D-Link agrees to new security monitoring to settle FTC charges (Ars Technica) Agreement settles charges D-Link left users open to critical and widespread threats.

Kamala Harris campaign lawyer hired Fusion GPS for Hillary Clinton (Washington Examiner) The former top lawyer for Hillary Clinton’s failed presidential campaign who hired Fusion GPS to carry out controversial opposition research against then-candidate Donald Trump in 2016 is now working for a top 2020 Democratic presidential hopeful.

TikTok now faces a data privacy investigation in the UK, too (Engadget) The popular short-form video app may have violated the GDPR.

Why did the NCA in Ghana acquire Israeli company NSO’s Pegasus? (Ghana Business News) There is something ominous about the entire transaction. It’s a chilling reality, but Ghanaians are

An online vigilante group that targets sexual predators may have contributed to a sailor’s death (Task & Purpose) Officials confirmed to Task & Purpose that the sailor had been interviewed by the Naval Criminal Investigative Service about the incident caught on video prior to his death.

Outlook vulnerability exploited in the wild. GPS disruption. 502 errors traced to software glitch. TA505 vs. banking.

Bring your own context.