The CyberWire Daily Briefing, 8.15.19

Cyber Attacks, Threats, and Vulnerabilities

Huawei Technicians Helped African Governments Spy on Political Opponents (Wall Street Journal) Employees embedded with cybersecurity forces in Uganda and Zambia intercepted encrypted communications and used cell data to track opponents, according to a Wall Street Journal investigation. Huawei said it “rejects completely the unfounded and inaccurate allegations.”

Analysis | The Cybersecurity 202: How Huawei helped extend China's repressive view of Internet freedom to African nations (Washington Post) U.S. officials argue there's a global battle for web freedom.

Lazarus group behind recent cyberattack on South Africa - Kaspersky (Fin24) A recent North Korean cyberattack in which South Africa was apparently among 17 countries targeted, relates to the activity of the so-called Lazarus group, says a Kaspersky expert.

Use-After-Free (UAF) Vulnerability CVE-2019-1199 in Microsoft Outlook (Lares) How Lares R&D discovered the CVE-2019-1199 vulnerability in Microsoft Outlook recently patched in the August 2019 Security Update.

Back-to-Back Campaigns: Neko, Mirai, and Bashlite Malware Variants Use Various Exploits to Target Several Routers, Devices (TrendLabs Security Intelligence Blog) We uncovered three malware variants of Neko, Mirai, and Bashlite, which enlist infected routers to botnets that are capable of launching DDoS attacks.

Review of a Danabot Infection (H3 Collective) Proofpoint first identified DanaBot in May of 2018. Armed with basic Trojan and info stealing functionality, DanaBot works to gather sensitive banking information from unsuspecting users for fraud and other criminal activity. Since its inception, the Trojan has worked on adding affiliates, increasing its geotargeting, and expanding its functionality through modularity. In this blog, I’m …

New Malware Norman Uses Your PC to Secretly Mine Cryptocurrency (Tom's Hardware) Varonis security firm found a unique new strain of cryptoming malware that deploys sophisticated evading techniques to avoid getting caught.

Financial hacking teams FIN7, Cobalt Group update tactics to haunt banks and retail (CyberScoop) It’s starting to look like the global private sector might have a real problem on its hands. Despite international media attention and a series of high-profile arrests, some of the world’s most prolific cybercriminals only seem to be accelerating their hacking sprees.

Stronger Defenses Force Cybercriminals to Rethink Strategy (Dark Reading) Researchers see the rise of new relationships and attack techniques as criminals put companies' resilience to the test.

APIs are 'rich targets' for hackers, warn security researchers (Computing) Researchers at F5 Labs claim that APIs have become an easy target for hackers.

Credit Karma glitch exposed users to other people’s accounts (TechCrunch) Users of credit monitoring site Credit Karma have complained that they were served other people’s account information when they logged in. Many took to a Reddit thread and complained on Twitter about the apparent security lapse. “First time logging in it gave me my information, but as s…

TikTok Scammers Cash In On Adult Dating, Impersonation Tricks (Threatpost) Scammers are profiting from TikTok's younger audience with adult dating and account impersonation tricks.

Unsolicited Blank Emails Could Portend BEC Attacks (Infosecurity Magazine) Agari warns organizations to be on the lookout for reconnaissance efforts

New Potential Phishing Domains Targeting Top 50 Banks Rise 14% in First Half of 2019, New NormShield Research Finds (PR Newswire) Cyber criminals continue to use phishing to lure bank customers and steal personal and financial information,...

New Siemens Switch Vulnerability Discovered by Nozomi Networks Labs (Nozomi Networks) On August 13, 2019, the Siemens CERT Team, in collaboration with Nozomi Networks Labs, issued an Advisory concerning a vulnerability in Siemens SCALANCE switch devices.

Sophisticated Dropper Masqueraded as Fake DHL Invoice to Distribute Ursnif Malware (Security Intelligence) Digital attackers took a sophisticated dropper and disguised it as a fake DHL shipping invoice to distribute Ursnif malware.

Exit Scams Swindled $3.1 Billion From Crypto Investors in 2019: Report (CoinDesk) In total, investors, users, and exchanges have lost some $4.3 billion from illicit activity.

Coinbase explains background to June zero-day Firefox attack (Naked Security) A recent, highly targeted attack on cryptocurrency exchange Coinbase offers a glimpse into how sophisticated phishing attacks can be.

Password Spraying Hacker Attacks: Department of Homeland Security Warning (MSSP Alert) Password spraying attacks remain major cybersecurity issue, the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) warns.

How hackers could turn everyday objects into deadly cyber weapons (The Telegraph) It may seem like something straight out of a thriller:

This Counterfeit iPhone Is Riddled With Backdoors and Malware (Vice) Fake devices look real but are rife with unpatched operated systems, outdated kernels, and a universe of dodgy backdoors and malware, researchers have found.

The Underground Economy (Trustwave) The seeds of cybercrime grow in the anonymized depths of the dark web...

Cyberchology: the Human Factor (ESET) Every organisation is now a digital business. Driven by developments in technology, companies have digitised their services and offerings to meet the ever-growing demand from consumers. However, evolution also comes with its own risk, and in this case, it is a significant rise in cybercrime that is extremely diverse and unpredictable.

Sun of a breach: Don’t bring cyber risks back to work from the beach, urge cybersecurity experts - VanillaPlus - The global voice of Telecoms IT (VanillaPlus - The global voice of Telecoms IT) As people go on their annual holidays, could they be risking the cybersecurity of their workplaces? A new finding from the Palo Alto Networks Trust in the

Security Patches, Mitigations, and Software Updates

Serious flaws in six printer brands discovered, fixed (Naked Security) There are many ways to compromise company data, but IT teams often overlook one of the most serious: the humble printer.

Adobe security patch update tackles Photoshop, Acrobat, Reader, and more (ZDNet) A wide range of software and critical security issues are included this month.

Microsoft warns Windows 10 users to update immediately (CNN Business) Microsoft is warning Windows 10 users to update their operating system immediately because of two "critical" vulnerabilities.

Patch Tuesday, August 2019 Edition (KrebsOnSecurity) Most Microsoft Windows (ab)users probably welcome the monthly ritual of applying security updates about as much as they look forward to going to the dentist: It always seems like you were there just yesterday, and you never quite know how it’s all going to turn out.

Microsoft Patches 93 CVEs But No Zero-Days in August (Infosecurity Magazine) Admins urged to prioritize wormable bugs

August Patch Tuesday: Update Fixes ‘Wormable’ Flaws in Remote Desktop Services, VBScript Gets Disabled by Default (TrendLabs Security Intelligence Blog) While none of the vulnerabilities were listed as under active attack at the time of August Patch Tuesday release, a few of the bugs addressed this month fall under the “wormable” category, namely remote code execution (RCE) vulnerabilities in the Remote Desktop Services. This month's Patch Tuesday also disables the scripting language VBScript by default on Internet Explorer on Windows 7, 8, and 8.1.

Intel: Listen up, you NUC-leheads! Mini PCs and compute sticks just got a major security fix (Register) Chipzilla patches firmware, drivers, SDKs

Cyber Trends

The Economic Value of DNS Security (Global Cyber Alliance) Our research has shown that DNS firewalls could have mitigated one-third of the incidents we studied and could have prevented $10 billion in losses in those incidents.

Spear Phishing: Top Threats and Trends Vol. 2 (Barracuda Networks) Email account takeover and defending against lateral phishing attacks

Accenture Report Reveals New Cybercrime Operating Model Among High-Profile Threat Groups (BusinessWire) An Accenture report reveals a new cybercrime operating model among high-profile threat groups.

2019 Cyber Threatscape Report Executive Summary (Accenture) Learn five factors to improve your cybersecurity investment and defend against threat actors using ransomware and new technologies to commit cybercrime.

The changing face of DDoS attacks: Degraded performance instead of total takedown (Help Net Security) DDoS attacks in Q2 2019: The number of DDoS attacks might be getting higher, but they are not all massive nor do they always trigger DDoS defenses.

Security by Sector: Cyber-Attackers Targeting the Education System (Infosecurity Magazine) Education sector under threat from Adware, Trojans, ransomware and backdoors

Marketplace

Cyber Insurance: A Study In Fine Print (Forbes) The economic damage from cybercrime doesn’t always come in the form of bits and bytes.

Biz Talk: Acquisitions in Arlington’s Cybersecurity Space (ARLnow.com) This week's Biz Talk discusses the recent acquisitions of cybersecurity companies.

Pivotal Software stock spikes 72% on VMware acquisition plans (Silicon Valley Business Journal) VMware plans to acquire Pivotal, which has struggled since its 2018 IPO, for an 81 percent premium over its recent stock price.

Microsoft Admits Humans Listen to Skype and Cortana in Privacy Policy Update (Vice) The change comes after Motherboard found that Microsoft hired contractors to listen to some Skype phone calls.

Working on Microsoft’s Cortana Is Laborious and Poorly Paid (Vice) Leaked documents show that Microsoft’s contractors are paid between $12 and $14 an hour and are asked to transcribe as many as 200 audio clips per hour to train the Cortana virtual assistant.

Why chipmaker Broadcom is spending big bucks for aging enterprise software companies (TechCrunch) Last year Broadcom, a chipmaker, raised eyebrows when it acquired CA Technologies, an enterprise software company with a broad portfolio of products, including a sizable mainframe software tools business. It paid close to $19 billion for the privilege. Then last week, the company opened up its wall…

Five tech companies that split in half (and a big one that was nearly forced to) (CRN) After Symantec announced it would be splitting up its consumer and enterprise arms, we assess how other tech companies taking a similar approach have fared

Demand for Secure Access, Hybrid IT and Zero Trust Drive Pulse Secure to Double-Digit Growth (Pulse Secure) Pulse Secure, the leading provider of software defined Secure Access solutions, today announced that growing demand for hybrid IT and Zero Trust Secure Access, resulted in double digit deal volume growth in the first half of 2019.

The Startups Safeguarding Real Estate Against Schemers and Scammers (Wall Street Journal) Wire-transfer fraud cost 11,300 victims nearly $150 million last year, according to the FBI. These firms want to do something about it.

SAIC Wins $14 Million U.S. Marine Corps Cyberspace Operations Contract (Yahoo) Science Applications International Corp. (SAIC) won a $14 million contract with Naval Information Warfare Center Pacific supporting the U.S. Marine Corps Forces Cyberspace Command to provide full spectrum cyberspace support. “We are proud to continue our partnership with and help ensure our Marines

Nucleus Cyber Joins Microsoft Intelligent Security Association (WBOC TV 16) Validates integrations for more flexible conditional access and data protection.

Black Hat USA 2019 Closes Out Another Record-Breaking Event in Las Vegas (Yahoo) SAN FRANCISCO, Aug. 14, 2019 -- Black Hat, the world’s leading producer of information security events, today highlights the 2019 programming and new initiatives that helped.

Ransomware fighter on the run after costing hacker gangs millions (Micky) Security expert Fabian Wosar is in hiding after costing ransomware gangs hundreds of millions of dollars since 2012.

Programming Language Pioneer Gilad Bracha Joins Shape Security (PR Newswire) Shape Security, maker of the leading platform for bot and fraud mitigation for the world's largest...

PAS Welcomes Matthew Selheimer as Chief Marketing Officer (PAS) Leadership Team Addition Brings Two Decades of Experience in Cybersecurity and IT Operations

Products, Services, and Solutions

Cofense and CNA Strengthen Security Awareness Within Cyber Insurance I (PRWeb) Cofense™, the global leader in intelligent phishing defense solutions, announced its strategic relationship with CNA, one of the largest commercial property

ZeroFOX Launches Groundbreaking Election Protection Offering (Yahoo) AI-powered solution provides continuous protection across digital and social media channels; safeguards candidates, campaigns, and political organizations from threats targeting el

Carbon Black Open-Source Binary Emulator Eases Malware Analysis (MSSP Alert) Carbon Black, the endpoint protection software provider, unveils the Binee open-source binary emulator for real-time malware analysis at DEF CON 27.

SYNNEX Ties Up With Sophos to Strengthen Endpoint Security (Yahoo) SYNNEX (SNX) looks to boost its cybersecurity portfolio via partnership with Sophos.

CircleCI Adds Security Orbs to CI/CD Platform (DevOps.com) CircleCI has extended the reach of its automated package manager, known as orbs, to cybersecurity software that can be integrated into a pipeline

BlackBerry’s AI Intelligent Security Has Broad Implications (TechSpective) I’ve been working in and out of security and law enforcement for much of my life. The biggest exposures I’ve run into and the easiest ways through

A Novel Platform for Cybersecurity Assessments for Marketplaces (CIOReview) A Novel Platform for Cybersecurity Assessments for Marketplaces By CIOReview - Bugcrowd for Secure Marketplaces enables bulk adoption of crowdsourced security for marketplace and app store owners....

Technologies, Techniques, and Standards

Global Cyber Alliance Launches Cybersecurity Development Platform for Internet of Things (IoT) Devices (Yahoo) New AIDE Platform Enables IoT Device Manufacturers to Test Security, Identify and Mitigate Global Attack Risks, and Identify Vulnerabilities

More than One-third of Security Professionals’ Defensive Blue Teams Fail to Catch Offensive Red Teams, According to Exabeam Study (BusinessWire) A new study from Exabeam revealed that more than one-third of security professionals’ defensive blue teams fail to catch offensive red teams.

Meet Bluetana, the Scourge of Pump Skimmers (KrebsOnSecurity) “Bluetana,” a new mobile app that looks for Bluetooth-based payment card skimmers hidden inside gas pumps, is helping police and state employees more rapidly and accurately locate compromised fuel stations across the nation, a study released this week suggests.

Are federal agencies prepared for the end of free Windows 7 support? (Federal Times) Some federal agencies with older operating systems still have a way to go to mitigate potential risk exposure.

Why Managed Service Providers Need to Help with Passwords (Infosecurity Magazine) Bad password habits directly pose a threat to the defense of networks, devices and users

Developing personal OPSEC plans: 10 tips for protecting high-value targets (CSO Online) Attackers are increasingly targeting executives and employees who have access to sensitive enterprise data. Here's how to protect those individuals with personal OPSEC plans.

Design and Innovation

AT&T and T-Mobile will now verify phone calls between their networks (Engadget) AT&T and T-Mobile are rolling out cross-network call verification.

AI Startup Boom Raises Questions of Exaggerated Tech Savvy (Wall Street Journal) Engineer.ai says it uses artificial intelligence to help automate app-development. Current and former staffers say the company inflates its technical prowess to attract customers and investors.

‘Private’ and ‘hidden’ mean different things to Facebook (TechCrunch) Facebook’s leadership made a pretty heavy-handed indications this year that it believes Facebook Groups are the future of the app, they announced all of this alongside their odd declaration that “The future is private.” Now, Facebook is changing the language describing the visibil…

Amazon's tool that 'detects' fear in humans shows its on an irreversible path to dystopian surveillance (The Telegraph) In June 2018, a group of disgruntled Amazon workers - or Amazonians, as they referred to themselves - wrote a letter criticising their employer for selling of facial recognition technology to US law enforcement.

Research and Development

AI researchers launch SuperGLUE, a rigorous benchmark for language understanding (VentureBeat) Facebook AI Research, together with Google’s DeepMind, University of Washington, and New York University, today introduced SuperGLUE, a series of benchmark tasks to measure the performance of modern, high performance language-understanding AI.

Academia

Why the United States needs more cybersecurity experts — badly (EdScoop) Alan Paller, founder of the SANS Institute, says a “cyber pandemic” threatens national security and the only solution is to train more professionals.

Students learn about cybersecurity at Harford Community College’s GenCyber Camps (Baltimore Sun) Through a recently awarded National Science Foundation and National Security Agency grant, Harford Community College launched its first GenCyber Smart Camp for middle school students.

Hacking off the hackers: WVU programmed to fill cybersecurity jobs with NSF award (My Buckhannon) When West Virginia University first offered cybersecurity classes in 2003, the gravest fear of a casual Internet user might have been opening an infected email attachment that erased computer files or reset their homepage. And who could forget landing on some dodgy website that would generate a never-ending array of pesky popup windows Those problems …

University of Pennsylvania Launches Cybersecurity Boot Camp For Adults (Diverse) The University of Pennsylvania is launching a new cybersecurity...

DarkMatter teams up with UAE university to foster cybersecurity innovation (TahawulTech.com) DarkMatter Group has announced the Cybersecurity Research Award (CRA) – an award focused on innovative ideas against the cybersecurity threats.

Legislation, Policy and Regulation

Canada Launches Small Business Cybersecurity Certification Program (Infosecurity Magazine) Cyber-savvy businesses in Canada could get certification to prove they take care of customer data.

Task Force Takes On Russian Election Interference (NPR.org) In an exclusive interview with NPR, the head of the National Security Agency talks about how the online battle waged against ISIS is informing the fight against Russia ahead of the 2020 elections.

History Doesn't Repeat Itself in Cyberspace (Dark Reading) The 10th anniversary of the US Cyber Command is an opportunity to prepare for unknowns in the rapidly changing cybersecurity landscape.

The Fight Over Section 230—and the Internet as We Know It (WIRED) Mass shootings and executive orders have dragged the web's most consequential law back into the spotlight.

Has US security adviser John Bolton killed Huawei’s UK ambitions? (South China Morning Post) Bolton says British officials may order a full review of Chinese telecoms giant 5G role but US to wait until ‘after Brexit’ before exerting real pressure.

Huawei Covertly to Sell Smartphones in U.S. (Washington Free Beacon) China's Huawei Technologies, the world's No. 2 smartphone maker, covertly planned to sell its smartphones in the U.S. disguised as non-Huawei devices.

MICROCHIPS Act (The Office of US Senator Mike Crapo) The U.S. is involved in asymmetric warfare and what amounts to a technological space race with China, which is seeking to dominate an over $1.5 trillion electronics industry through state investment, subsidies and intellectual property (IP) theft.

A BILL To require a plan for strengthening the supply chain intelligence function, to establish a National Supply Chain Intelligence Center, and for other purposes. (US Senate) Mr. CRAPO introduced the following bill; which was read twice and referred to the Committee...

The question of 'patriotism' in U.S.-China tech collaboration (Los Angeles Times) Should "patriotism" play a role in the ethics of US-China tech collaboration?

Cybersecurity Letter to National Parties (Washington Post) [A letter from Senator Wyden, Democrat of Oregon, to officials of the Republican and Democrat Parties.]

Ex-CIA chief worries campaigns falling short on cybersecurity (TheHill) Democratic 2020 presidential campaigns say they are working to boost their cybersecurity, but experts worry those efforts may not be enough.

Time for a Cyber-Attack Exception to the Foreign Sovereign Immunities Act (Just Security) Only civil liability for sovereign cyberattacks can impose monetary costs - that requires a new exception to the Foreign Sovereign Immunities Act.

Opinion | They Stole Your Files, You Don’t Have to Pay the Ransom (New York Times) The F.B.I. should follow the example of European law enforcement and help victims of ransomware decrypt their data.

NYC has hired hackers to hit back at stalkerware (MIT Technology Review) A New York City government pilot program is bringing technologists and domestic abuse victims together for good.

Litigation, Investigation, and Enforcement

Capital One hacker took data from more than 30 companies, new court docs reveal (ZDNet) New court documents reveal the government is investigating the Capital One hacker for 30+ other breaches.

Prosecutors say accused Capital One hacker had stolen data from 30 other companies in her bedroom (Washington Post) Thompson is likely to face new charges related to the additional alleged data thefts, prosecutors said in the motion filed in federal court in Washington state.

Russia Suspected by Some in Giant Bulgaria Hack (New York Times) Whoever was responsible, experts say, the episode raised serious concerns about the state of Bulgaria’s cybersecurity.

4 ‘despicables’ jailed for running hidden worldwide child abuse forums (Naked Security) So much for trusting the Tor network to hide their tracks.

Did Zuckerberg Lie Under Oath About Facebook Eavesdropping On You? (The Federalist) Last April, Mark Zuckerberg told Congress that Facebook was not collecting user information over device microphones, but now the story is changing.

Action Fraud investigation: victims misled and mocked as police fail to investigate (Times) Call handlers working for the police insult victims of fraud and have been trained to mislead them into thinking their cases will be investigated when most are never looked at again. An undercover...

Bring your own context.