The CyberWire Daily Briefing, 7.30.19

Cyber Attacks, Threats, and Vulnerabilities

LinkedIn Accounts For More Than Half Of Social Media Phishing Emails In Q2 2019, According To KnowBe4 Findings. (IT Security Guru) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, reviewed the results of tens of thousands of simulated phishing tests over the course of Q2 2019 and found that more than 50 percent of those related to social media had “LinkedIn” in the title. With this information, organisations need to …

Iranian Hacker Group APT34 Use New ‘Tonedeaf’ Malware over LinkedIn in Latest Phishing Campaign (KnowBe4) Iranian Hacker Group APT34 Use New ‘Tonedeaf’ Malware over LinkedIn in Latest Phishing Campaign

LAPD Breach Exposes Thousands of Officers (Infosecurity Magazine) Hacker claims to have their hands on details of over 17,000

LAPD Police Officers' Personal Information Stolen in Data Breach (NBC Southern California ) A suspected hacker claimed he or she had stolen the personal information of about 2,500 LAPD officers, trainees, and recruits, along with approximately 17,500 police officer applicants, in what may be a...

Capital One Announces Data Security Incident (PR Newswire) Capital One Financial Corporation (NYSE: COF) announced today that...

CapitalOne Discloses Massive Data Breach: 106 Million Impacted (SecurityWeek) Capital One said that a malicious individual was able to exploit a vulnerability in cloud infrastructure used by the company and gain access to sensitive data on more than 100 million customers and credit applicants.

Capital One Says Breach Hit 100 Million Individuals in U.S. (Bloomberg) Seattle woman held in jail on federal charge of computer fraud. Accessed data includes about 140,000 Social Security numbers.

Hacker ID’d as former Amazon employee steals data of 106 million people from Capital One (Ars Technica) Former systems engineer arrested on charges she accessed data in Firewall hack.

Capital One data breach exposes tens of thousands of Social Security numbers, linked bank accounts (CNBC) Capital One says a data breach exposed personal information of its customers, including Social Security details and bank account numbers.

Capital One’s breach was inevitable, because we did nothing after Equifax (TechCrunch) Another day, another massive data breach. This time it’s the financial giant and credit card issuer Capital One, which revealed on Monday a credit file breach affecting 100 million Americans and 6 million Canadians. Consumers and small businesses affected are those who obtained one of the com…

NAS vendors hit by brute force ransomware attacks (Naked Security) Cybercriminals are targeting numerous Network Attached Storage vendors with a new wave of ransomware.

As Real-World Danger Grows, Enterprises Wrestle with BlueKeep (Theatpost) Fears of a WannaCry-level global attack grow as working exploit info starts to go public.

A VxWorks Operating System Bug Exposes 200 Million Critical Devices (Wired) VxWorks is designed as a secure, "real-time" operating system for continuously functioning devices, like medical equipment, elevator controllers, or satellite modems.

200 million enterprise, industrial, and medical devices affected by RCE flaws in VxWorks RTOS (Help Net Security) Armis researchers have discovered 11 vulnerabilities (including 6 critical RCE flaws) in Wind River VxWorks, running on over 2 billion embedded devices.

'URGENT/11' Critical Infrastructure Bugs Threaten EternalBlue-Style Attacks (Threatpost) Researchers have uncovered easy-to-exploit bugs that can impact physical safety, utilities, healthcare devices and more, setting the stage for widespread worm attacks.

Armis Finds 11 Zero-Day Vulnerabilities, Dubbed "URGENT/11," Exposing More than 200 Million Critical Devices using VxWorks' TCP/IP Stack (IPnet) (PR Newswire) Armis, the leading enterprise IoT security company, announced today the discovery of 11 zero-day...

URGENT/11 Information from the Research Team (Armis Labs) Armis found 11 0day vulnerabilities in VxWorks®, a widely used operating system in over 2B devices including industrial, medical and enterprise devices.

Urgent/11 Further Boosts VxWorks Security (Wind River) Att Wind River, security is embedded in our DNA. It is part of our rich heritage of nearly 40 years in mission-critical systems. It is built into all the technologies we provide to help our customers develop trusted and reliable solutions. We take security extremely seriously, which is why the recent vulnerabilities discovered within the TCP/IP (IPnet) networking stack, dubbed "Urgent/11," has resulted in the most secure VxWorks to date.

New Android Ransomware Uses SMS Spam to Infect Its Victims (BleepingComputer) A new ransomware family targeting Android devices spreads to other victims by sending text messages containing malicious links to the entire contact list found on already infected targets.

Exclusive: Hack Breaks Your Visa Card’s Contactless Limit For Big Frauds (Forbes) A hack on Visa contactless could let opportunistic crooks drain accounts with a single tap and they don’t even need to steal the credit card. And it may have ramifications for Visa cards across the world.

Flaws Allow Hacker to Bypass Card Limits (Infosecurity Magazine) Researchers bypass the payment limits of Visa contactless cards.

How crooks can cover up crimes by hacking IoT cameras to show fake footage (ZDNet) Researchers detail the risk posed by insecure IoT devices, demonstrating how hackers could hide evidence of a physical break-in from operators of internet-connected cameras.

Removing Coordinated Inauthentic Behavior in Thailand, Russia, Ukraine and Honduras (Facebook Newsroom) We've removed multiple Pages, Groups and accounts for misleading people about who they are and what they're doing.

Russian Fake News Targeted Ukraine Elections (Infosecurity Magazine) Facebook forced to remove over 100 accounts

Fake Version of WhatsApp Giving ‘Free Internet’ (Infosecurity Magazine) A scam impersonating WhatsApp tricks users into spreading the fraudulent app in exchange for free internet.

Your phone is the new political battlefront (Times) According to Dominic Cummings, the new senior adviser to the prime minister, almost nobody in media or politics understands anything about anything. Also according to Cummings there is one great...

Park DuValle health center pays $70,000 ransom for patient records in cyberattack (WDRB) The West Louisville nonprofit that runs medical clinics serving low-income patients has paid hackers nearly $70,000 to unlock the medical records of some 20,000 patients, which have been held hostage

Facebook Connected Her to a Tattooed Soldier in Iraq. Or So She Thought. (New York Times) Renee Holland sent her Facebook friend thousands of dollars. She became entwined in a global fraud that the social network and the United States military appear helpless to stop.

Hackers’ Latest Target: School Districts (New York Times) Schools handle a lot of personal data and may not have strong technology teams, leaving them vulnerable to attacks, experts say.

Vulnerability Summary for the Week of July 22, 2019 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Security Patches, Mitigations, and Software Updates

SECURITY VULNERABILITY RESPONSE INFORMATION - TCP/IP Network Stack (IPnet, Urgent/11) (Wind River) Wind River® is committed to delivering secure, reliable products that keep your devices protected. As part of this commitment, our Security Response Team is constantly monitoring and assessing thousands of notifications from CERT-accepted authorities and agencies, Linux security communities such as oss-security, and our customers. Wind River prioritizes these notifications, responds, and proactively contacts customers for timely alerts, enabling them to secure their devices.

Truecaller pushes software fix after covertly signing up Indians to its payments service (TechCrunch) Truecaller, a service that helps users screen robocalls, has rolled out an update to its app in India, its largest market, after a previous software release covertly signed up an unspecified number of users to its payments service. A number of users in India began to complain late Monday that Truec…

Cyber Trends

Kubernetes adoption, market share, and security trends - get the report · StackRox: Container Security for Docker and Kubernetes (StackRox) Learn about 2019 Kubernetes adoption trends, growth rate and market share, and the security issues that companies are most concerned about

Mobile Threat Report 2019: Trends & Recommendations (CrowdStrike) A new report on the mobile threat landscape offers a deep-dive into the threats that plague mobile devices, and offers recommendations to secure data against them.

2019 CrowdStrike Global Threat Report (CrowdStrike) The 2019 CrowdStrike® Global Threat Report offers one the industry’s most comprehensive reports on today’s top cyber threats.

Three quarters of gamers suffer hate and harassment online (Naked Security) Trolling, stalking, sexual harassment, and humiliation have become so bad that one in ten respondents had depressive or suicidal thoughts.

Marketplace

Capital One discloses massive data breach; shares down 3% (Seeking Alpha) Roughly 100M U.S. customers and 6M Canadian customers were affected, says the company, but no credit card numbers or login credentials were taken, nor were the vast majority of Social Security numbers. What was breached: About 140K Social Security numbers, 80K linked bank account numbers, and personal information from credit card applications from 2005 until early this year.

Huawei Shows Resilience in the Face of U.S. Blacklisting (Wall Street Journal) The Chinese company said its first-half revenue rose 23% from a year earlier, as the technology giant appeared to shrug off the impact of a U.S. supplier blacklisting.

GitHub confirms it has blocked developers in Iran, Syria and Crimea (TechCrunch) The impact of U.S. trade restrictions is trickling down to the developer community. GitHub, the world’s largest host of source code, is preventing users in Iran, Syria, Crimea and potentially other sanctioned nations from accessing portions of the service, chief executive of the Microsoft-own…

The State of Cybersecurity Hiring (Burning Glass Technologies) The number of cybersecurity job postings has grown 94% since 2013, three times faster than IT jobs overall. But a talent gap persists.

DataGrail Locks-In a total of $9.2M To Accelerate Growth and Meet Anticipated Demand In Advance of Nevada Privacy Law and California's Consumer Privacy Act (CCPA) (PR Newswire) DataGrail, the first purpose-built privacy platform designed to help companies comply with new and emerging...

Trinity Cyber raises $23 million to foil hacking attempts in real time (VentureBeat) Trinity Cyber, a startup that combines threat detection with inference to combat hackers, emerged from stealth with $23 million in capital.

Trump's Cyber Czar Is Back—and He Wants to Make Hackers Suffer (WIRED) Former White House top cybersecurity official Tom Bossert reveals his new startup, Trinity. Its focus: "active threat inference."

Techstars nabs $42M to expand its global presence (TechCrunch) SVB Financial Group, the holding company of Silicon Valley Bank, invests in Techstars.

Encrypted Data Prevails in Shark Tank (SIGNAL Magazine) The latest shark tank winner is a company that simplifies encryption methods to secure entire networks of data.

Facebook warns over Libra plans (Seeking Alpha) A number of factors could prevent Facebook's (NASDAQ:FB) cryptocurrency from seeing the light of day, the tech giant reminded investors in its latest quarterly report.

Chairman Re-elected as SIMalliance Supports SIM Evolution to Optimise Device Connectivity and Security in new 5G and IoT Landscapes (SIMalliance) Remy Cricco (IDEMIA) has been re-elected to serve a third term as the Chairman of SIMalliance, the non-profit global SIM industry association which advocates the protection of sensitive connected and mobile services using a tamper-resistant secure hardware component.

Products, Services, and Solutions

BorderHawk Cybersecurity Launches Data Security Services For Small Bus (PRWeb) BorderHawk CyberSecurity today launched an innovative outsourced data security service for small and medium-sized businesses to help prepare them for inevi

LoginRadius Advances Authentication with ‘Sign In with Apple’ Integration (EIN News) New authentication method gives customers more privacy, security, and versatility than ever before.

Fugue and New Light Technologies Partner to Better Secure the Public Cloud (Fugue) New Light Technologies Inc. (NLT) announces a strategic partnership with Fugue to deliver public cloud configuration, drift detection, active drift enforcement (e.g., self-healing infrastructure), and security control gap analysis for NLT’s Amazon Web Services (AWS) and Microsoft Azure clientele.

Teltonika Cooperates with NanoLock Security for Powerful Router Cyber Defense (PR Newswire) NanoLock Security, the industry's only cloud-to-flash, powerful security and...

Google teams up with VMware to bring more enterprises to its cloud (TechCrunch) Google today announced a new partnership with VMware that will make it easier for enterprises to run their VMware workloads on Google Cloud. Specifically, Google Cloud will now support VMware Cloud Foundation, the company’s system for deploying and running hybrid clouds. The solution was deve…

Blockchain (the company) launches an exchange (The Pit) (TechCrunch) The company called Blockchain is mostly known for its cryptocurrency wallet. Today, the company is also launching an exchange so that you can buy and sell cryptocurrencies without going through a third-party exchange. The company’s exchange is called The Pit and is focused on mainstream adoption an…

Technologies, Techniques, and Standards

Avoid Paying Millions in Fines; Take Steps to Secure Customer Data Now: OTRS Group shares expert advice on how to protect your customers. (PR Distribution) On Monday, the Federal Trade Commission settled with Equifax for up to $700 million as a result of a data breach that occurred back in 2017 when Equifax failed to properly secure their network. The records of nearly 150 million people were compromised at the time.

How to increase the efficiency of your risk and compliance management strategy (Help Net Security) Infiniti has announced the completion of their recent article on how to increase the efficiency of your risk and compliance management strategy.

Who Needs Data Center Security? Everyone (Infosecurity Magazine) Data is essential to running a business today

Cloud adoption and security are not mutually exclusive (Help Net Security) The shift to the cloud has dramatically reduced the time organizations are willing to devote to security as part of the development process.

Hunting Threats on Twitter: How Social Media can be Used to Gather Actionable Threat Intelligence (Trend Micro) Social media is a content-rich platform many enterprises use, but how can InfoSec professionals and security teams use it to gather threat intelligence that they can use to protect their organizations?

Design and Innovation

IT security specialists need to look at IoT security in buildings in a completely different way, says Cundall director Chris Grundy (Computing) The construction industry still hasn't got to grips with the IT security challenges of IoT devices embedded in buildings

Facebook fact-checker: fake news is very bad for your health (Times) If you’re having a heart attack, cough vigorously. Pregnant? Avoid some bath products. And if you’ve been stabbed, stem the blood with a tampon. These dubious pieces of health advice are among...

Staying Ahead of the Game: Cyber Wisdom is Rooted in Preparation (Infosecurity Magazine) We in IT are often guilty of conflating information with wisdom

Academia

Cyber-GuildTM Announces Golden Ticket (PR Newswire) To promote cyber security skills, knowledge, and engagement of entire communities Cyber-Guild, a pillar...

Legislation, Policy and Regulation

American Tech Shudders as China Cyber Rules Are Expected to Get Tougher (WSJ) U.S. businesses view proposed cybersecurity rules as new barriers to the Chinese market and they loom as a potential sticking point in coming trade talks.

Hong Kong protesters block trains as Beijing blames West (Times) China has blamed western powers for the protests in Hong Kong but has placed responsibility for dealing with the pro-democracy protests firmly on the shoulders of Carrie Lam, the chief executive.

Beijing Is Weaponizing Nationalism Against Hong Kongers (Foreign Policy) Hong Kong’s unique identity threatens Xi Jinping’s rhetoric of greatness.

How the West Got China's Social Credit System Wrong (WIRED) It occupies a spot next to 'Black Mirror' and Big Brother in popular imagination, but China’s social credit project is far more complicated than a single, all-powerful numerical score.

Justice Department Fills Fraud Section Post Long in Limbo (Wall Street Journal) Robert Zink was one of two prosecutors to occupy the position on an interim basis after the section’s former chief, Andrew Weissmann, joined special counsel Robert Mueller’s team in 2017 to investigate Russian interference in the 2016 presidential election.

Doubts emerge about Trump pick for US intelligence chief (Federal Times) Rep. John Ratcliffe’s dearth of relevant experience may especially matter at a time when current and former government officials expect Russia to interfere in the 2020 presidential election.

Litigation, Investigation, and Enforcement

Privacy group asks court to reconsider FTC’s $5 billion Facebook deal (Ars Technica) The settlement does nothing to address the underlying issues, EPIC says.

UK High Court rejects human rights challenge to bulk snooping powers (TechCrunch) Civil liberties campaign group Liberty has lost its latest challenge to controversial U.K. surveillance powers that allow state agencies to intercept and retain data in bulk. The challenge fixed on the presence of so-called “bulk” powers in the 2016 Investigatory Powers Act (IPA): A con…

Seattle Tech Worker Arrested for Data Theft Involving Large Financial Services Company (U.S. Attorney’s Office Western District of Washington) A former Seattle technology company software engineer was arrested today on a criminal complaint charging computer fraud and abuse for an intrusion on the stored data of Capital One Financial Corporation, announced U.S. Attorney Brian T. Moran.

United States of America , Plaintiff, v. Paige A. Thompson, a.k.a. "erratic," Defendant (United States District Court for the Western District of Washington) Before, the Honorable Mary Alice Theiler, United States Magistrate Judge, United States Courthouse, 700 Stewart Street, Seattle, Washington. Count One (Computer Fraud and Abuse)...

Capital One Reports Data Breach Affecting 100 Million Customers, Applicants (Wall Street Journal) Capital One said a hacker accessed the personal information for roughly 106 million credit card customers and applicants, one of the largest data breaches of a big bank.

Capital One says data breach affected 100 million credit card applications (Washington Post) A suspect, Paige A. Thompson, was arrested Monday and charged with computer fraud.

Two men arrested for allegedly attempting to join ISIS: ‘I want to be the beheading person’ (Washington Examiner) Two men who came to the U.S. from Somali as refugees were arrested after attempting to fly from Arizona to Egypt, allegedly with the intention of joining the Islamic State.

Watchdog Uncovers Cyber Gaps at Radioactive Waste Facility (Nextgov.com) The Energy Department failed to secure the site in line with federal cyber standards.

MoD Data and Device Losses Soar 300% (Infosecurity Magazine) Ministry in the dock for poor security

Capital One breach disclosed (a suspect is in custody). VxWorks patched. Brute-forcing NAS. LAPD hacked? Snooper's charter upheld in court.

Bring your own context.