The CyberWire Daily Briefing, 8.9.19

Dateline

How uncertainty in the cyber domain changes war (Fifth Domain) Attack attribution and deterrence become much harder in cyberspace.

Why North Korea is a different kind of cyberthreat (Fifth Domain) North Korean hackers go beyond spying and sabotage.

IntSights Exposes Dark Side of Russia at Black Hat U.S.A. (Yahoo) IntSights, the threat intelligence company focused on enabling enterprises to Defend Forward™, announced today the release of the company's latest threat intelligence report, The Dark Side of Russia: How New Internet Laws & Nationalism Fuel Russian

Black Hat: Lessons Learned from the Equifax Data Breach (Channel Futures) Regular communication and interaction with the board of directors is important to ensuring an organization is secure. In addition, organizations should initiate crisis management tests with the involvement of the board of directors.

Privacy law 'hack' exposed fiancee's personal data (BBC News) One in four firms holding a test subject's data released it to her partner without her permission.

Project Zero Wants You To Help Make 0-Day Hard (Decipher) The Google Project Zero team is encouraging public attack research teams to form a coalition to collaborate and share data.

How a 10-Year-Old Desk Phone Bug Came Back From the Dead (WIRED) Avaya patched a problem hackers could exploit in phones. But the bad code never went away.

Whatsapp flaw could allow hackers to alter and manipulate messages (The Telegraph) WhatsApp has refused to fix a security flaw that allows hackers to spoof messages and make it look as if they are coming from someone else, almost a year after a cybersecurity company warned that it could permit the spread of misinformation and fake news.

Facebook leaves flaw in WhatsApp unresolved for a year (Financial Times) Hackers found way to change message content and sender

Researchers Find Vulnerabilities in Boeing 787 Firmware (SecurityWeek) Security researchers have discovered a series of vulnerabilities and attacks that they believe could be possible on Boeing's 787 Dreamliner.

Security Researcher Says He Cracked 787 Airliner, But Boeing, FAA Disagree (PCMAG) A controversial talk at the Black Hat security conference revealed several possible attacks on the Boeing 787, but the airplane manufacturer disputes the claims.

Black Hat: The Future of Securing Power Grid Intelligent Devices (Security Boulevard) Today at Black Hat USA we’re presenting an innovative power grid cyber security solution that greatly improves monitoring of intelligent electronic devices (IEDs). Using the IEC 62351 standard for monitoring industrial networks, we demonstrate how four types of hard-to-detect attacks are readily identified. The post Black Hat: The Future of Securing Power Grid Intelligent Devices appeared first on Nozomi Networks.

'Dupe' there it is: SAML authentication bypass threatens Microsoft (SearchSecurity) At Black Hat 2019, researchers from Micro Focus Fortify demonstrated a technique called dupe key confusion, which bypasses SAML authentication in Microsoft technologies such as .NET.

Black Hat USA 2019: IBM X-Force Red Reveals New 'Warshipping' Hack To Infiltrate Corporate Networks (Forbes) Atherton Research's Principal Analyst and Futurist Jeb Su looks back at the IBM X-Force Red revelation at the Black Hat cybersecurity conference this week of a new type of remote cyberattacks dubbed "warshipping".

How Often Can One Program Infect Another? Let Us Count the Ways (PCMAG) At Black Hat, experts from SafeBreach report on the many different ways a malicious program could infect another process with its own code. Spoiler alert: it's a lot.

Virtru Developer Hub integrates data protection capabilities and ensures privacy of sensitive data (Help Net Security) Virtru announced the Virtru Developer Hub, a single development portal to integrate data protection capabilities and ensure the privacy of sensitive data.

NSA's reverse-engineering malware tool, Ghidra, to get new features to save time, boost accuracy - CyberScoop (CyberScoop) Just five months ago at the RSA conference, the NSA released Ghidra, a piece of open source software for reverse-engineering malware. It was an unusual move for the spy agency, and it’s sticking to its plan for regular updates — including some based on requests from the public.

Tel Aviv U and Technion researchers wrest control of one of world's most secure PLCs (Eurekalert) Rogue engineering station instigated 'hostile intervention"' of Siemens programmable logic controller that runs industrial processes

Microsoft names top security researchers, zero-day contributors (ZDNet) Yuki Chen of Qihoo 360's Vulcan team named top bug hunter. Palo Alto Networks named top zero-day reporter.

#BlackHatUSA Empathy is Key to Hiring and Retaining Women in Cybersecurity (Infosecurity Magazine) #BlackHatUSA Empathy is Key to Hiring and Retaining Women in Cybersecurity

The Black Hat cybersecurity conference app has a cybersecurity problem (Mashable) Not a great look.

Black Hat USA 2019 Cybersecurity Conference: Day 3 News (MSSP Alert) Black Hat USA 2019 conference news spans MSSPs, AT&T Cybersecurity, BlackBerry, CrowdStrike, Digital Defense, enSilo, Jask, ManageEngine, Ping Identity, Proficio, Qualys, Tenable, ThreatConnect & more.

From Vegas: A scoop, zero-days and cyber weapons (POLITICO) Huawei rule is here — ‘Long-lining’ supply chain attacks

Spotlight: Black Hat USA 2019 conference focuses on new trend in cybersecurity (Xinhua) Tens of thousands of the world's best cybersecurity professionals gathered in Las Vegas this week for the Black Hat USA 2019 cybersecurity conference, which focuses on latest development and new trend in cybersecurity.

Photo gallery: Black Hat USA 2019 (Help Net Security) Black Hat USA 2019 is underway in Las Vegas. Here are a few photos from the Business Hall and the Arsenal. Featured companies: Qualys, Anomali, Vectra,

Photo gallery: Black Hat USA 2019, part two (Help Net Security) Black Hat USA 2019 is underway in Las Vegas. Here are a few photos from the Business Hall and the Arsenal. Featured companies: Bugcrowd, Sumo Logic, Devo

Cyber Attacks, Threats, and Vulnerabilities

U.S. Intel Officials Eye Disinformation Campaign Targeting John Bolton’s Family (The Daily Beast) Cybersecurity experts say an effort to implicate Bolton in a global drug trafficking ring bears hallmarks of past Iranian influence operations.

Exclusive: Critical U.S. Election Systems Have Been Left Exposed Online Despite Official Denials (Vice) The top voting machine company in the country insists that its election systems are never connected to the internet. But researchers found 35 of the systems have been connected to the internet for months and possibly years, including in some swing states.

New Windows Process Injection Can Be Useful for Stealthy Malware (SecurityWeek) Researchers have catalogued most known Windows process injection techniques and discovered a new one, which they say is stealthy and can bypass all Microsoft protections.

Online Account Origination Fraud: When New Users Are Bad News (NuData Security) Your online company is getting lots of new online customers, but you don’t understand why revenue numbers don’t add up. OAO is probably to blame.

Wind River VxWorks (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Wind River Equipment: VxWorks Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Condition or Modification, Null Pointer Dereference, Argument Injection or Modification 2.

Twitter may have shared your data with its ad partners without your permission (Naked Security) Some user data, such as country and device type, was exposed to some advertisers for over a year.

Microsoft Says It 'Listens' to Conversations Only With Permission (SecurityWeek) Microsoft says its contractors listen to conversations to hone voice translation features offered by Skype and its digital assistant Cortana, but only when obtaining user permission.

Vulnerability in Kubernetes Allows Access to Custom Resources (SecurityWeek) A vulnerability (CVE-2019-11247) in the Kubernetes container orchestration system could allow users to read, modify or delete cluster-wide custom resources.

Hackers Can Use Rogue Engineering Stations to Target Siemens PLCs (SecurityWeek) Hackers can use rogue engineering stations to take control of Siemens PLCs while hiding the attack from the engineer monitoring the system, researchers demonstrate.

F-Scrack-mimikatz – A bundle of tools (Avast Threat Labs) Recently when analyzing samples which attempt to bypass various applocking techniques we revisited an older bundle of various tools with the sole purpose to make money for the operators. Although the campaign seems to be long inactive it illustrates that creating malware capable of making money takes little to no writing original code and all …

DanaBot Banking Trojan (Infoblox) On 19 April, security researcher Brad Duncan reported a malicious spam campaign that used compressed Windows link files (LNK) to deliver DanaBot malware.1 DanaBot is a relatively advanced banking trojan with a modular design that allows for multiple vectors of attack.

Banking Trojans: What Financial Services Institutions Need to Know and How to Stay Protected (Infoblox) Fewer than 100 years ago, people had to physically walk to the bank to pay their bills and had no choice but to carry around loose change. Thanks to innovations in technology, banking services have come a long way since then. Consumers today can conduct almost all of their banking activities from co...

Serious security issue in F5’s BIG-IP could lead to cyber breaches en masse (Finextra Research) Cyber security provider F-Secure is advising organizations using F5 Networks’ BIG-IP load balancer, which is popular amongst governments, banks, and other large corporations, to address security issues in some common configurations of the product.

Exclusive: Kaspersky Software Lingers On Sensitive Government Systems 2 Years After U.S. Ban (Forbes) New research shows that Kaspersky Lab's antivirus software remains active on sensitive U.S. government networks two years after it was banned as a potential security risk by the Trump Administration.

Huawei Firmware Analysis Reveals Security Problems (InfoQ) Finite State located significant security issues in Huawei firmware images, including memory corruption, hardcoded encryption keys, and unsafe functions used in place of the secure alternatives.

Researchers uncover over 35 vulnerabilities in six leading enterprise printers (Help Net Security) Researchers have uncovered significant vulnerabilities in six commonly used enterprise printers, many of which allowed full compromise of machines.

BEC Attacks: A Closer Look at Invoice Scams (PhishLabs) Why do Invoice Scams, a form of phishing attack, constantly bypass email security technology? The lack of attachments and links.

Valve's Steam hit by privilege escalation zero-day vuln (Bit-Tech) Researcher releases findings without a fix.

Security bod uncovers 'severe' zero-day flaw in Steam's Windows client (Inquirer) Vuln was rejected by Valve for being 'out of scope',Security ,Valve Software,hackerone,Steam,Security

Chap uncovers privilege escalation vuln in Steam only to be told by Valve that bug 'not applicable' (Register) Exploit allows any app to run with full local admin rights on Windows

New Trojan Records Your Screen When on Sex Related Sites (BleepingComputer) A new Spambot Trojan targeting French people has been discovered that records a victim's screen when they are using sites related to sex, pornography, and known pornographic sites.

Group sex app leaks locations, pics and personal details. Identifies users in White House and Supreme Court (Pen Test Partners) We've seen some pretty poor security in dating apps over recent years; breaches of personal data, leaking users locations and more. But this one really takes

Security Patches, Mitigations, and Software Updates

Update your iPhone – remote control holes revealed by researchers (Naked Security) You might not think your phone is as exposed as an internet server – but it’s handling plenty of untrusted data from unknown sources!

Cyber Trends

The Exxon Valdez of cyberspace (The Economist) If data are the new oil, data breaches should be treated like oil spills

US Accounts for More than Half of World's Ransomware Attacks (BleepingComputer) The threat of ransomware is more prevalent in the U.S., with more than half of the global detections originating from this country, a new report informs.

Marketplace

Broadcom to Acquire Symantec Enterprise Security Business for $10.7 Billion in Cash (Seeking Alpha) Accelerates Broadcom's Efforts to Build One of the World's Leading Infrastructure Technology Companies

Broadcom Buys Cybersecurity Business As Symantec Exits Enterprise Market (Investor's Business Daily) Chipmaker Broadcom (AVGO) agreed to buy cybersecurity firm Symantec's (SYMC) division that serves large business customers for $10.7 billion in cash, the companies said Thursday. Broadcom stock and Symantec stock gained in extended trading.

$10.7B Broadcom-Symantec Enterprise Deal Creates Software Titan (CRN) Broadcom has agreed to purchase Symantec's enterprise business in a massive $10.7 billion deal that will break up the world's largest pure-play cybersecurity vendor.

ManTech Acquires H2M Group To Beef Up Geospatial, Intelligence Analysis Capabilities (CRN) About 40 percent of ManTech's business comes from the intelligence community.

Privacy Platform Provider Securiti.ai Emerges From Stealth With $31 Million Funding (SecurityWeek) Securit.ai has emerged from stealth with $31 million in funding to launch its platform that uses artificial intelligence to understand the nature and use of companies' stored personal data.

DHS Is Building A Contract To Manage All Its Cybersecurity Operations Centers (Nextgov.com) The single contract will likely have multiple awardees, each capable of managing the entirety of operations at each of the department’s 17 security centers.

The Navy is gauging its cyber risks (Fifth Domain) A contract has been awarded to perform assessments for Naval Air Systems Command in California.

Huawei’s new operating system is called HarmonyOS (The Verge) For everything from smart speakers to wearables.

Huawei Unveils Android Replacement Following U.S. Ban (Wall Street Journal) Chinese technology giant Huawei’s new operating system, called HarmonyOS, is intended to run on all of its consumer gadgets, as it races to develop backups to U.S. technology following its U.S. blacklisting.

Huawei doesn't see open source as the fix for spying accusations (but they should) (TechRepublic) The closed-source, opaque operation of network equipment makes spying accusations difficult to disprove. This could be solved by opening the software stack, but Huawei CSO Andy Purdy disagrees.

Apple Will Give You $1 Million For Finding Security Flaw In iOS, And MacOS (Gizbot) Apple increases the bug bounty reward to $1 million for security researchers. All you need to know.

Randall and Watkin-Child join CIP advisory board (CIO) Cybersec Innovation Partners (CIP) are delighted to announce the appointment of Don Randall MBE and Andy Watkin-Child (CSyP, CEng) as advisory board members who will provide expertise and strategic advice to support the company’s growth plan.

Products, Services, and Solutions

Arkose Labs Deploys Major Enhancements to its Fraud and Abuse Defense Platform (BusinessWire) Arkose Labs, the platform that bankrupts the business model of fraud and abuse, today announced key enhancements to its patented technology. These enh

Code42’s New Data Loss Detection and Response Capabilities Spot Data Theft When Employees Quit (Yahoo) Code42, the leader in data loss protection, announced its Code42® Next-Gen Data Loss Protection solution now includes advanced exposure dashboards and expanded alerting functionality to help companies protect data from loss when employees quit. Code42 also introduced an integrated offering for IBM Resilient

Dragos Platform Covers Cyber Defense and Threat Intelligence (ARC Advisory) ARC Advisory Group recently discussed the requirements for continuous asset and network monitoring with executives from Dragos, an industrial cybersecurity company with a large staff of experts in industrial/OT cyber defense and threat intelligence.

Cybersecurity companies bring advanced encryption and quantum tech to Aus (Security Brief) “This is an outstanding example of world leading Australian cyber security research and development being commercialised to our domestic market and demonstrating its importance to export markets.

New technology makes GPS more secure and reliable for military systems (PR Newswire) Raytheon (NYSE: RTN) received security certification for new GPS modules and receivers from the Global...

Technologies, Techniques, and Standards

GM Cruise Releases Automated Firmware Security Analyzer to Open Source (SecurityWeek) FwAnalyzer is designed to provide continuous firmware security analysis. It was built for Linux-based devices, including Android, but can setup to work on similar platforms.

How to Detect a Cyber Attack Against Your Company (IndustryWeek) This article is the third installment in a five-part series outlining best practices when it comes to "Cybersecurity for Manufacturers." These recommendations follow the National Institute of Standards and Technology (NIST) cybersecurity framework, which has become the standard for the U.S. manufacturing sector.

How provider organizations can protect against credential stuffing and data scraping (Healthcare IT News) With protected health information such a juicy target for cybercriminals, both data theft techniques are on the rise in healthcare.

Design and Innovation

Employees must monitor AI at work for sexist and racist bias, warns CBI (The Telegraph) Employees have been encouraged to monitor the use of artificial intelligence (AI) in the office to make sure that it doesn’t become racist or sexist.

Research and Development

'Zero Trust' Lab Will Explore the Future of Pentagon Data Security (Defense One) Once upon a time, U.S. Cyber Command and DISA could act like no one got past their passwords. Those days are over.

Academia

Carnegie Mellon's prestigious computer science school has a new leader (Pittsburgh Post-Gazette) Martial Hebert is known among colleagues as a top researcher in the areas of computer vision, robotics and artificial intelligence.

PDX Cyber Camp trains teens as vanguard of digital defense (Portland Tribune) Cyber security is a booming field where six figure jobs go unfilled. One teen camp aims to change that.

Legislation, Policy and Regulation

Kazakhstan halts introduction of internet surveillance system (Reuters) Kazakhstan has halted the implementation of an internet surveillance system crit...

Did Mohammed bin Salman Just Give Jihadis the World’s Greatest Terrorist Recruiting Tool? (Foreign Policy) Anger at the presence of U.S. troops on sacred Saudi soil led Osama bin Laden to found al Qaeda and wage jihad on the West.…

Strategy or Straitjacket? Three Reasons Why People Are Still Arguing About the National Defense Strategy - War on the Rocks (War on the Rocks) “It feels so weird to not intervene in the Middle East. I know we’re trying to avoid getting sucked in, but it’s hard to say no.” These were the words my

U.S. Holds Off on Huawei Licenses as China Halts Crop-Buying (Bloomberg) China stopped U.S. farming purchases after new tariff threat. Trump said he’d ease Huawei restrictions before tensions rose.

New Russia Sanctions: Justified, But Feeble and Awkward (Atlantic Council) Late on August 2, under pressure from the US Congress and nearly seven months later than the law allows, the Trump Administration imposed additional sanctions on Russia for its attempted assassination-by-nerve-gas of a former Russian intelligence...

Trump names retired Navy SEAL vice admiral new acting director of national intelligence via Tweet (C4ISRNET) In a one two punch, President Donald Trump announced via Twitter both that the nation’s number two intelligence official would be resigning and that he had named a new acting director of national intelligence―current National Counterterrorism Center Director Joseph Maguire.

Sue Gordon has resigned as deputy director of national intelligence (CNBC) President Donald Trump confirmed that Gordon would be leaving on Twitter this evening, not long after Bloomberg News was the first to report her departure.

Litigation, Investigation, and Enforcement

FBI and Facebook Potentially at Odds Over Social-Media Monitoring (Wall Street Journal) An effort by the FBI to more aggressively monitor social media for possible threats sets up a clash with Facebook’s privacy policies and its attempts to comply with its recent FTC settlement.

Facebook loses facial recognition appeal, must face privacy class... (Reuters) A federal appeals court on Thursday rejected Facebook Inc's effort to undo ...

How Amazon is becoming indispensable to America’s police (NBC News) Dozens of law enforcement agencies have used Amazon-powered technology to modernize crime fighting — but critics raise fears of privacy abuses.

Apple is under formal antitrust probe in Russia (TechCrunch) Make way for another antitrust investigation into big tech. Step forward Russia’s Federal Antimonopoly Service (FAS), which has opened an official probe of Apple — following a complaint lodged in March by security company Kaspersky Labs. Kaspersky’s complaint to FAS followed a cha…

Voting machines more connected than believed? Boeing, FAA say 787 firmware is secure. Monitoring social media. Notes from Black Hat.

Bring your own context.