The CyberWire Daily Briefing, 7.16.19

Cyber Attacks, Threats, and Vulnerabilities

Exclusive: Security reports reveal how Assange turned an embassy into a command post for election meddling (CNN) New documents obtained exclusively by CNN reveal that WikiLeaks founder Julian Assange received in-person deliveries, potentially of hacked materials related to the 2016 US election, during a series of suspicious meetings at the Ecuadorian Embassy in London.

Russia’s Turla group goes trolling with code labeled “TrumpTower” (CyberScoop) Turla was found to reference Trump Tower and "RocketMan," the latter a reference to President Donald Trump's nickname for North Korean leader Kim Jong Un

Turla renews its arsenal with Topinambour (Sec ureList) Turla's developers are still using a familiar coding style, but they’re creating new tools. Here we’ll tell you about several of them, namely “Topinambour” and its related modules.

RingCentral Is Also Affected By The Zoom Flaw That Gives Hackers Access To Your Mac’s Camera (BuzzFeed News) Video conferencing software provided by RingCentral and Zhumu is affected by a security flaw that could allow attackers easy access to laptop cameras and microphones.

Russia’s Election Hackers Are Back—and Targeting George Soros (The Daily Beast) The Kremlin’s targeting of George Soros and his organization carries echoes of 2016, when the GRU dumped 2,500 files stolen from the Open Society Foundations.

Bulgarians' personal and financial data leaked by hackers in attack on tax agency (Computing) Hacker describes Bulgarian government as stupid for the poor state of public sector security

Is ‘REvil’ the New GandCrab Ransomware? (KrebsOnSecurity) The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “REvil,” “Sodin,” and “Sodinokibi.”

Hackers Can Manipulate Media Files Transferred via WhatsApp, Telegram (SecurityWeek) Hackers can manipulate media files transferred by users via WhatsApp and Telegram due to the way Android allows apps to access files on a device’s external storage.

Researcher Bypasses Instagram 2FA to Hack Any Account (Threatpost) An independent researcher earned a $30,000 bug bounty after discovering a weakness in the mobile recovery process.

NCSC DNS Hijacking: "Boost Security" Warns Gov't as Attacks Soar (Computer Business Review) The NCSC has warned of a growing wave of DNS hijacking attacks, saying it has "observed various attacks which exploit the DNS system at different levels".

TrickBot adds new spam module, harvests 250M email addresses (SC Media) Malicious actors behind the information-stealing malware TrickBot have added a new module that has helped them gather a database of 250M email addresses.

TrickBot may have compromised 250 million email addresses, says report (Government Computing Network) Deep Instinct has revealed that the TrickBot malware has returned with TrickBooster, which may have already compromised 250 million email addresses

TrickBooster – TrickBot’s Email-Based Infection Module (Deep Instinct) TrickBooster – TrickBot’s Email-Based Infection Module. With 250 million plus email addresses harvested, the malware evaded detection by leading security.

Vulnerability Summary for the Week of July 8, 2019 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit the NIST NVD for updated vulnerability entries, which include CVSS scores once they are available.

Multi-stage attack techniques are making network defense difficult (Help Net Security) IT managers are inundated with cyberattacks and are struggling to keep up due to a lack of security expertise, budget and up to date technology.

Bust the password for an air-gapped machine – with its keyboard LEDs (Naked Security) Researchers have developed a technique for reading data from air-gapped PCs using LEDs. Cue dynamic hacker music now!

New DoppelPaymer Ransomware Emerges from BitPaymer's Code (BleepingComputer) Malware researchers have discovered a new file-encrypting malware they dubbed DoppelPaymer that has been making victims since at least mid-June, asking hundreds of thousands of US dollars in ransom.

Fake PrivatBank email delivers AgentTesla and Phishing (My Online Security) I received a rather interesting email earlier today. It pretends to be an email from Privatbank.com and written mainly in Ukranian. There is not a known bank using PrivatBank.com anywhere I can find…

Indiana County Pays $130,000 in Response to Ransomware Attack: Reports (SecurityWeek) LaPorte County in Indiana paid a ransom of over $130,000 demanded by cybercriminals who managed to infect its systems with a piece of ransomware.

Officials: Ransomware used in Strafford County cyber attack was likely sent from overseas (Union Leader) Officials said about 500 computers were affected by the ransomware, and that the major systems are now back up and running.

Lyon County School District hacked in latest cyber attack against local agencies (Reno Gazette Journal) Lyon County School District joins several other local agencies in the United States who see their systems locked down by a cyber attack.

I-TEAM: Don't be held hostage by a cyber hacker (WJXT) Experts say cyber hacking is worse than ever before, and something we use every single day is the door criminals are using to take over families, businesses and cities.

Monroe College Campuses Downed by Ransomware (Infosecurity Magazine) The attacker has reportedly demanded $2 million to decrypt the files.

Why Cities Are a Low-Hanging Fruit For Ransomware (Threatpost) In this first part of a two part series, Shawn Taylor with Forescout talks to Threatpost about lessons learned from helping Atlanta remediate and recover from its massive ransomware attack.

NHS Still Running 2000+ XP Computers (Infosecurity Magazine) NHS Still Running 2000+ XP Computers. Shadow minister angry at slow pace of upgrades

Japanese Exchange Bitpoint Hit By $32m Cyber-Attack (Infosecurity Magazine) Japanese Exchange Bitpoint Hit By $32m Cyber-Attack. Firm suspends services after notifying authorities

Security Patches, Mitigations, and Software Updates

Oracle to Release Critical Patch Update (Infosecurity Magazine) Six of the 322 security vulnerability fixes were reportedly discovered by Onapsis Research Labs team.

Critical Bug in WordPress Plugin Lets Hackers Execute Code (BleepingComputer) A critical security issue found in the Ad Inserter WordPress plugin currently installed on over 200,000 websites allows authenticated attackers to remotely execute PHP code.

Monero Reports on Resolving Fake XMR Minting Bugs a Month After Fix (Cointelegraph) Monero reveals fixes for major security risks for XMR — what does it mean?

Cyber Trends

Much like Amazon Prime Day, digital assistant and IoT device security is an epic deal (nCipher) Amazon Prime Day – which is actually “a two-day parade of epic deals” – is just around the corner. And more than half of Americans – and nearly 60% of U.K. residents – are planning on or considering buying a digital assistant during this global online shopping event July 15 and 16.

Failures in Cybersecurity Fundamentals Still Primary Cause of Compromise: Report (SecurityWeek) Analysis of more than 1,000 incident response engagements undertaken during 2018 found that failures in cybersecurity fundamentals remain a primary cause of compromise.

Organizations expect to boost their cybersecurity investments by 34% (Help Net Security) Companies worldwide expect to boost their cybersecurity investments by 34% in the next fiscal year, after raising them by 17% the previous year.

Exclusive: The raging battle between Good and Bad AI in cyber security (AME Info) As humans we've gotten lazy with our data. Cybercriminals are salivating at this and using AI and machine learning to know our deepest secrets and rob us blind.

Marketplace

Huawei to invest $3.1 billion in Italy but calls for fair policy on 5G: country CEO (KFGO) China's Huawei Technologies said it would invest $3.1 billion in Italy over the next three years, as the Chinese telecoms giant called on Rome to ensure the "transparent, efficient and fair" use of its 'golden power' on 5G network development.

Peter Thiel Urges U.S. Probe of Google’s ‘Seemingly Treasonous’ Acts (Bloomberg) The billionaire cites China work and dropped Pentagon contract. Thiel praises Trump’s aggressive posture toward China.

Billionaire investor Peter Thiel says the FBI and CIA should investigate Google (CNBC) Billionaire investor Peter Thiel spoke at the National Conservatism Conference, where he called Google's work in China "seemingly treasonous," Axios reported.

Facebook board member Peter Thiel calls for probe of Google for ‘treasonous’ acts (BGR) Late last year, a top US general went public with a pointed question for Google’s leadership, around the time the search giant was coming under fire over its interest in developing a search engine …

'Google is not a patriotic company,' says co-founder of data-mining company Palantir (CNBC) Joe Lonsdale says his fellow Palantir co-founder Peter Thiel was "courageous" for speaking out against Alphabet's Google.

Symantec and Broadcom cease deal negotiations: Sources (CNBC) Symantec would not accept less than $28 a share, sources tell CNBC's David Faber.

Broadcom’s Bid for Symantec Is Said to Have Stalled (New York Times) The discussions were halted after Broadcom dropped its takeover price for the security software company during due diligence, said people briefed on the matter.

Symantec Stock Falls As Broadcom Walks Away From Acquisition (Investor's Business Daily) Symantec stock plunged Monday on a report that Broadcom (AVGO) has broken off talks to acquire the cybersecurity software maker.

Broadcom still interested in buying Symantec: report (CRN Australia) Discussions could resume if both parties agree to valuation.

What’s Broadcom Thinking? (Tool Box Tech) It came as a bit of a surprise last year when it was announced that Broadcom, a semiconductor maker, was taking over CA Technology, perhaps best known for its mainframe software. But now, Broadcom is said to be in advanced talks with Symantec, a software cybersecurity company. So, what does it look like Broadcom is planning?Let’s look at a bit of...

DefenseStorm Secures $15M in Series A Funding (Yahoo) DefenseStorm, a leading cloud-based cybersecurity and cybercompliance management provider to regional and community banks and credit unions, announced today that it has raised $15M in a Series A financing round led by Georgian Partners. Justin LaFayette, Managing Partner at Georgian Partners, will join

CrowdStrike: The New Kid On The Block (Seeking Alpha) CrowdStrike has a disruptive endpoint security product with 137% revenue YoY growth rate.

Instagram Account Takeover Vulnerability Earns Hacker $30,000 (SecurityWeek) A researcher received $30,000 from Facebook after discovering a vulnerability that could have been exploited to hack Instagram accounts.

Tesla Awards Researcher $10,000 After Finding XSS Vulnerability (SecurityWeek) A researcher earned $10,000 from Tesla after discovering a stored XSS vulnerability that could have been exploited to obtain (and possibly modify) vehicle information.

Raytheon to help secure military systems from cyber threats for country in the Middle East North Africa region (PR Newswire) Raytheon Company (NYSE: RTN) has been awarded a contract to develop and deploy a mission-critical, advanced...

Securing Space: Kaspersky to Give Cosmonauts Cybersecurity Training (Al Bawaba) Kaspersky is proud to announce its new partnership with the Gagarin Research and Test Cosmonaut Training Center – the location in Star City where cosmonauts from all over the world prepare to go to space. As part of this collaboration, the company will hold special training for cosmonauts, as well as IT specialists at the center, to educate them on the current cybersecurity landscape.

FBI Wants Contractor to ID, Store Social Media on 'Diverse Threats' (Homeland Security Today) Bureau wants to receive alerts "derived from constant monitoring of social media platforms based on keywords relevant to national security and location."

Israel Police seeks to buy $11m worth of internet-monitoring equipment without bid (Haaretz) Verint system designed to collect information on social media networks, private forums and the dark web. Cyber security sources say lack of bidding process unjustified.

Six Niche Security Certifications (Go Certify) Sometimes you have to step off the beaten path to find the right certification. Let's take a look at the world of computer security certifications, and see which certs some people may be overlooking.

'We're two arms of the same body' - NTT Data UK CEO on why firm remains separate from new NTT goliath (CRN) UK CEO Simon Williams explains why his unit wasn't wrapped up in its parent company's restructuring

NTT Security appoints new CEO from Dimension Data (Channel Asia) NTT has appointed Matthew Gyde as CEO of NTT Security as the specialist provider transitions into the newly formed technology giant.

Don Maffei named interim chief executive officer of the Virginia Tech Applied Research Corporation (Virginia Tech) Maffei has served since 2017 as the vice president of finance and administration for the organization, which helps forge connections between Virginia Tech's research enterprise and industry and government groups seeking technological and data solutions.

Former JPMorgan Chase Cyber Law Chief Joins Hogan Lovells (1) (Big Law Business) Peter Marta will work as a partner in the firm’s New York office. Before joining the bank, he served with U.S. intelligence agency.

Products, Services, and Solutions

Cato Networks Introduces Hands-free Management for Global SD-WAN Service (Cato Networks) Cato becomes the first managed SD-WAN service with self-service, co-management, and full-service management options. With this new offering, Cato augments its partners’ capabilities in regions where partners are not ready to provide a fully managed service.

Aqua Security Launches Microsoft Azure Marketplace Private Offers (Aqua) New Private Offer capability enabling cloud native security software licensing & procurement directly through Microsoft Azure Marketplace.

Vade Secure Advances Low-Touch Email Security for MSPs with New Auto-Remediate Feature (Vade Secure) Drawing Upon Real-Time Threat Intelligence from 600 Million Mailboxes, Auto-Remediate Adds a Layer of Continuous, Automated Protection for Office 365 Environments

SyncDog Announces Partnership with Nine23 to Enable a Secure Workforce (BusinessWire) SyncDog Announces Partnership with Nine23 to Enable a Secure Workforce

Automated Third-Party Security Lifecycle Management Innovator Panorays Collaborates with Shared Assessments to Deliver Comprehensive Risk Evaluation (West) Customers Now Rely on Panorays to Reduce the Time Spent on Standardized Information Gathering (SIG) Responses

Exabeam SaaS Cloud Essential (Exabeam) Our Exabeam SaaS Cloud product offering family has grown — please join us in welcoming SaaS Cloud Essential to the world!

The First Comprehensive Crowdsourced Penetration Test Built Specifically for Government (BusinessWire) Synack, the trusted leader in crowdsourced security, launches the first comprehensive crowdsourced penetration test built specifically for government.

Kaspersky helps SOCs to combat cyberthreats (IT-Online) Kaspersky’s new offering for Security Operations Centers (SOCs) combines the company’s competences, solutions and services with its Red Teaming service, which helps evaluate how well internal security teams are prepared for tailored breach scenarios. The combination will enable enterprises with SOCs to overcome the issues that concern them the most. For large organisations, establishing a …

HackerOne attains ISO/IEC 27001:2013 certification (Help Net Security) HackerOne has achieved ISO/IEC 27001:2013 certification, the international standard outlining best practices for information security management systems.

NTT Security’s Global Threat Intelligence Center Achieves CREST Accreditation (BusinessWire) NTT Security has announced that its Global Threat Intelligence Center Team (GTIC) incident response team has received CREST accreditation.

Thales and Tata communication bringing secure connectivity to the cars with Korea Telecom (Help Net Security) Thales, a global leader in digital security, announces with Tata communication and Korea Telecom a new cooperation for the development of the car industry.

Trend Micro extends its network protection to the cloud (Help Net Security) Trend Micro announced the extension of its industry leading network protection to the cloud, now available on Amazon Web Services (AWS) Marketplace.

Technologies, Techniques, and Standards

Analysis | The Cybersecurity 202: House Republican campaign arm to offer candidates free cybersecurity help (Washington Post) It highlights hacking concerns up and down the ballot.

As Ransomware Rages, Debate Heats Up on Response (SecurityWeek) Ransomware has been a thorny cybersecurity issue for several years, and experts debate weather. organizations should pay or not pay ransomware demands.

Emsisoft releases a free decryptor for the Ims00rry ransomware (Emsisoft | Security Blog) Our malware team recently released a decryptor for the Ims00rry ransomware.

Cyber security: Think like the enemy (Computing) Cyber-security professionals need to get more cybercrime savvy about crypto-ransomware

#HowTo Avoid Common Configuration Sins (Infosecurity Magazine) Top five preventable configuration mistakes that can lead to a security breach.

New Air Force facility to protect weapons systems from cyber threats (UPI) The Air Force's newest cyber defense facility at Wright-Patterson AFB, Ohio, part of the branch's Cyber Resiliency Office for Weapons Systems program, is designed for learning about current and emerging cyber threats.

New Army cyber gear for drones and teams test, protect units in another domain (Army Times) For the first time the Army used cyber

Design and Innovation

NSA Uses This Challenge To Recruit New Talent (Wonderful Engineering) The National Security Agency uses its best and the brightest experts of cybersecurity for coming up with a cyber challenge. This cyber challenge, known as Codebreaker Challenge, is then provided to more than 330 schools and 2,600 students

8 in 10 IT Leaders Want to Eliminate Passwords (Security Magazine) New research reveals that enterprise users and security professionals alike are frustrated by the inefficiency and lax security of passwords for user authentication.

Passwords Are The Weakest Defense In A Zero Trust World (Forbes) 86% of CIO, CISO and Security VPs would abandon password authentication if they could.

Research and Development

Army researchers develop metrics for cyber defenders' agility (FCW) The cyber agility framework can help organizations better understand the effectiveness of their cybersecurity efforts.

Academia

RIT selects endowed executive director for new Global Cybersecurity Institute (RIT) Steve Hoover, former chief technology officer and senior vice president at Xerox and former chief executive officer of the Palo Alto Research Center (PARC), has been named to the newly created position of endowed executive director of RIT’s Global Cybersecurity Institute.

Clemson and Other Universities Work to Improve Cybersecurity (SecurityWeek) Clemson and other universities are working to improve cybersecurity.

Army Cyber Command officer earning accolades while building collaboration with academia (DVIDS) One Army Cyber Command officer is demonstrating what ARCYBER minds are made of, making great strides in the world of academia, building academic collaboration, and piling up accolades along the way.

Legislation, Policy and Regulation

With an eye to Russia, Europe focuses on hybrid warfare response (Fifth Domain) With potential attacks against Baltic nations by Russia fresh in the minds of European allies, both NATO and the European Union are focusing on strategies to either prevent or respond to “gray zone” warfare.

Ban Huawei from core of 5G networks, government told (ZDNet) But there are no technical grounds for a full ban on Huawei equipment in the UK's 5G networks, according to a committee of MPs.

Good News For Huawei And 5G: U.K. Lawmakers Say No Technical Reason For Ban (Forbes) The British Parliament select committee has today said no technological reason to ban Huawei from 5G infrastructure has been found, though ethical concerns still exist.

Huawei executive denies claim of ties to Chinese intelligence (PBS NewsHour) For months, the Trump administration has accused Chinese telecommunications giant Huawei of being a threat to U.S. national security, warning that data could be channeled through the company’s equipment to China’s intelligence services. Huawei is effectively banned from U.S. networks. What does the company think of Trump’s stance? Nick Schifrin talks to Huawei Senior Vice President Vincent Pang.

That Global Ban on Huawei? Not So Much Anymore (WIRED) A UK committee declines to recommend banning Huawei from the nation's telecom networks, as the US prepares to permit some sales to the Chinese company.

FCC underwhelmed by carriers’ sluggish robocall efforts (Naked Security) The FCC in June called for carriers to provide free, default robocall blocking services. One month later, plans are “far from clear.”

Commissioner Georffrey Starks Releases Responses to his Inquiry into the Availability of Free, Default Robocall Blocking Services (FCC) Today, FCC Commissioner Geoffrey Starks publicly released responses he received from major voice service providers to letters he sent in June seeking details about their plans to offer free, default robocall blocking services to consumers.

Tech giants face US monopoly grilling as Silicon Valley backlash gathers pace (The Telegraph) Tech giants will face a grilling from the US Congress on Tuesday as they defend themselves from charges that they have used their market dominance to unfairly crush competitors in Europe and the USA.

[Letter to the FTC from Senators Hawley and Cruz] (US Senate) We write to encourage the FTC to exercise its section 6(b) authority to investigate how major tech companies curate content.

How Silicon Valley’s Angry Right Wing Sends Its Message To Washington, DC (BuzzFeed News) How a small group of right-wing tech employees built a back channel straight to the nation’s capital.

Apple preaches privacy. Lawmakers want the talk to turn to action. (Washington Post) Apple has helped to create sky-high expectations of its commitment to privacy. But as states introduce privacy legislation, Apple is either absent from those efforts or backs industry groups that actively lobby against new laws.

U.S. proposes barring big tech companies from offering financial... (Reuters) A proposal to prevent big technology companies from functioning as financial ins...

Mnuchin: US has 'very serious concerns' that Facebook's Libra could be misused by terrorists (CNBC) Treasury Secretary Steven Mnuchin is raising red flags ahead of Facebook's proposed cryptocurrency launch.

Facebook’s testimony to Congress: Libra will be regulated by Swiss (TechCrunch) The head of Facebook’s blockchain subsidiary Calibra David Marcus has released his prepared testimony before Congress for tomorrow and Wednesday, explaining that the Libra Association will be regulated by the Swiss government because that’s where it’s headquartered. Meanwhile, he …

House passes bills to boost small business cybersecurity (TheHill) The House passed legislation by voice vote on Monday intended to increase cybersecurity at the Small Business Administration (SBA) and separately approved a bill to help small businesses defend against cyber attacks.

House-Passed NDAA Includes Key Cyber Provisions (SIGNAL Magazine) The House of Representatives' bill features supply chain risk measures and DOD cyber protections and operations.

NCAC Joins Call to Remove Provision from Intelligence Authorization Act (National Coalition Against Censorship) Over two dozen organizations are calling for Congress to remove a provision in the Intelligence Authorization Act that would redefine "covert agent."

Republican House member introduces bill to boost U.S. 5G presence (Reuters) A Republican lawmaker on Monday introduced legislation to boost the presence of ...

Pentagon studies how to secure 5G and beyond (C4ISRNET) The Defense Science Board published an unclassified summary of its study into 5G technologies.

Why won’t the National Security Commission share its thoughts on AI? (C4ISRNET) The classified briefings covered how to maintain U.S. competitive advantage in artificial intelligence and AI threats.

Litigation, Investigation, and Enforcement

Ousted UK ambassador leaked US intelligence (Washington Examiner) Leaked U.K. diplomatic cables critical of President Trump have led Britain’s ambassador, Sir Kim Darroch, to announce his departure from Washington earlier than expected. But the story is not yet concluded.

Privacy Group Asks FTC to Investigate Zoom (Decipher) EPIC, a privacy rights organization, has filed a complaint asking the FTC to look into Zoom’s actions after the disclosure of several vulnerabilities in its Mac client.

Before the Federal Trade Commission Washington, DC In the Matter of Zoom Video Communications, Inc. Complaint, Request for Investigation, Injunction, and Other Relief Submitted by The Electronic Privacy Information Center (EPIC) This complaint concerns business practices by Zoom Video Communications, Inc. (“Zoom”) that placed at risk the privacy and security of the users of its services.

Privacy Experts: Facebook’s $5B Fine Unlikely to Do Much (Threatpost) The FTC has levied its biggest fine ever against the social network, but it's unlikely to have much effect.

FY 2019 EPA Management Challenges (US Environmental Protection Agency Office of the Inspector General) Attention to agency management challenges could result in program improvements and protection for the public, and increased confidence in management integrity and accountability.

Flight evacuated after image of suicide vest AirDropped to Apple devices (the Guardian) Police have been unable to identify who sent the image before takeoff on a Tampa-bound flight

Paying the Piper: What we learned from the British Airways fine (Clearswift) The Breach Truth be told it was never really a question of ‘if’ but rather ‘when’ a significant fine for GDPR non-compliance would occur. Following the announcement that British Airways has been fined £183m, we have now seen the intent of the Information Commissioners Office (ICO) in following through on promises of substantial fines if businesses are found to be in contravention of the regulation.

SEC Chairman’s Stance on Waivers Gives Companies More Certainty But Does Little to Stem Controversy (Wall Street Journal) A recent shift in a Securities and Exchange Commission policy could give companies facing allegations of wrongdoing more certainty about the potential consequences of a settlement when finalizing an agreement with the agency, lawyers say.

Chinese Software Engineer Accused of IP Theft (Infosecurity Magazine) Chinese Software Engineer Accused of IP Theft. Man stole source code before moving back to China, indictment alleges

Tesla's suit against ex-employee a strong case for IP security (Security Brief) “There was no need for this employee to be using their own iCloud for data storage even if the original intent was non-malicious.

Chief loses anchors for lies about a petty officer’s wife (Navy Times) Officials dismissed two charges as part of a plea agreement, according to a Navy spokesman.

White-badged versions of Zoom under scrutiny. Broadcom-Symantec deal on hold. GandCrab hoods turn to REvil? Ims00ry decryptor.

Bring your own context.