The CyberWire Daily Briefing, 8.28.19

Cyber Attacks, Threats, and Vulnerabilities

Cyber Threat Group LYCEUM Takes Center Stage in Middle East Campaign (Secureworks) The previously unobserved LYCEUM threat group targeted critical infrastructure organizations without being detected for more than 12 months.

Lyceum/Hexane Threat Group Uses Common Hacking Tactics (BleepingComputer) A recently reported threat group focusing on critical infrastructure organizations in the Middle East uses simple techniques to compromise victims and deploy post-intrusion tools.

The Middle East is already a cyberwar hotbed. Things just got worse. (MIT Technology Review) A hacking group with links to Iran is the latest threat that makes the Persian Gulf one of the world’s most active theaters of cyberwar.

How China Uses LinkedIn to Recruit Spies Abroad (New York Times) Western intelligence officials say Chinese agents are contacting thousands of foreign citizens using LinkedIn, including former government officials.

Dridex Operator Updates Tactics and Targets (SecurityWeek) The threat actor behind the infamous Dridex and Locky malware families has updated tactics and expanded its target list in recent campaigns, Trend Micro reports.

China Chopper still active 9 years later (Cisco Talos) Threats will commonly fade away over time as they're discovered, reported on, and detected. But China Chopper has found a way to stay relevant, active and effective nine years after its initial discovery.

Imperva Notifies Cloud WAF Customers of Security Incident (SecurityWeek) Imperva learned recently that information belonging to Cloud WAF (Incapsula) customers who had accounts through September 2017 was exposed as a result of a security incident.

Imperva discloses data breach affecting some firewall users (CRN Australia) Exposed email addresses, hashed passwords, API keys and SSL certificates.

Business VPN flaws exploited by hackers (TechRadar) Vulnerabilities presented at Black Hat hijacked by hackers

Attackers Targeting Vulnerability in Pulse Secure VPN (Decipher) The CVE-2019-11510 vulnerability in Pulse Secure VPN is drawing considerable attention from attackers now that an exploit is publicly available.

Hackers Could Steal a Tesla Model S by Cloning Its Key Fob—Again (Wired) The same researchers who figured out how to clone a Tesla Model S key fob have done it again, cracking the replacement that was meant to fix the problem.

Delta Controls enteliBUS Controllers (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Delta Controls Equipment: enteliBUS Controllers Vulnerability: Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker on the same network to gain complete control of the device’s operating system and allow remote code execution.

Datalogic AV7000 Linear Barcode Scanner (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Datalogic Equipment: AV7000 Linear Barcode Scanner Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication through issues in the HTTP authentication process.

Worried about cyber pirates hijacking autonomous ships? Focus on port cybersecurity first (Help Net Security) On average, the U.S. Coast Guard issues between ten and twenty safety alerts annually. Alerts tend to function more as a public service announcement

Robertson County jail computers also impacted in cyber attack (KBTX) A recent cyber-attack against the Robertson County Sheriff's Office also impacted their jail computers.

Security Patches, Mitigations, and Software Updates

Hostinger upgrades password security after 14m accounts breached (Naked Security) Millions of customers of web hosting company Hostinger have received emails bearing the bad news of a data breach.

Cyber Trends

McAfee Report Uncovers Ransomware Resurgence (McAfee) McAfee Labs sees 504 new threats per minute in Q1 2019; Data breaches facilitate attacks on large organizations; Majority of targeted attacks bet on victims’ unwitting compliance.

Lares Top 5 Penetration Test Findings For 1H 2019 (Lares) Lares® encounters a seemingly endless number of vulnerabilities when we conduct a penetration test or red team engagement, regardless of organization size or maturity.

Growing cloud adoption introduces visibility gaps and security complications (Help Net Security) More than half of the respondents expressed concerns about integrating data with analytics tools and combining data across cloud environments.

Survey: SMBs Continue to Struggle with IT Security Due to Budget and Workforce Limitations | Untangle (Untangle) The latest Untangle survey explores the current state and trends of IT security for more than 300 SMBs...

RiskSense Research Report Finds Attackers Weaponized More Security Vulnerabilities Last Year than Ever Before (RiskSense) Despite Decrease in Adobe Software Flaws, Number of Exploits in 2018 More than Doubled Compared to 2017

Privacy Fundamentalism (Stratechery) The current privacy debate is making things worse by not considering trade-offs, the inherent nature of digital, or the far bigger problems that come with digitizing the offline world.

Black Hat 2019: Majority of Security Experts Would Use Bots to Gain an Unfair Advantage (PerimeterX Bot Defender) Black Hat 2019 survey of 304 attendees revealed that majority of security experts would use bots to gain an unfair advantage during during online flash sales.

A lot of what is sold as AI is simply marketing, says Eugene Kaspersky (Live Mint) 'The safest region in the world is northern Europe, followed by other areas in Europe, Russia and India'.'Have good (internet) security installed... Even if you know the sender and find an unexpected mail, then call back (to verify)'

Deloitte’s survey shows disconnect in cyber strategies, budget allocation - ET CIO (ETCIO.com) Deloitte’s Future of Cyber Survey 2019 finds that only 4% of enterprises have cyber on their board agenda once a month.

Nearly Half of SMBs, Enterprises Still Using Windows 7: Kaspersky (SecurityWeek) Data collected by Kaspersky shows that nearly half of SMBs and enterprises are still using Windows 7, for which extended support will end in just a few months.

Marketplace

Ousting Huawei, Australia finishes laying undersea internet cable... (Reuters) The final piece of Australia's A$137 million ($92.53 million) undersea cabl...

Every telecom company can be hacked and "everybody should be suspect," Huawei USA’s chief security officer says (Vox) Andy Purdy talks with Kara Swisher about the pending ban on US companies doing business with Huawei.

Digital tax fears to blame for faltering tech deals (The Telegraph) For a country worried about losing its technology champions by having them snapped up too soon, it might seem like good news.

Axonius, a cybersecurity asset management startup, raises $20M in Series B (TechCrunch) Cybersecurity asset management startup Axonius has raised $20 million in its second round of funding this year. Venture capital firm OpenView led the Series B, joining existing investors in bringing $37 million to date following the startup’s $13 million Series A in February. The security sta…

Cybersecurity Firm McAfee Prepares for a Possible IPO (Fortune) The owners, including Intel and TPG, are hoping for a value of at least $8 billion.

Carbon Black SVP: VMware Will ‘Leapfrog’ Cisco, Palo Alto Networks (CRN) The combination of Carbon Black and VMware will leapfrog cybersecurity competitors Cisco and Palo Alto Networks, according to one exective.

Can VMware become a leading cybersecurity vendor? (CSO Online) VMware's recent acquisition of Carbon Black gives the company a strong security foundation to build on.

Experian just invested in a location data company, which is a little creepy (Fast Company) Experian is going to know a lot about you.

Northrop Grumman Awarded Army Secure Network Radio Contract (ClearanceJobs) ClearanceJobs is your best resource for news and information on security-cleared jobs and professionals. Learn more with our article, "Northrop Grumman Awarded Army Secure Network Radio Contract ".

Gemalto part of group awarded contract for 15 million biometric passports by Thailand (Biometric Update) Thailand’s Ministry of Foreign Affairs (MOFA) has awarded a contract for the supply of 15 million biometric e-passports over the next seven years to a consortium including Gemalto, according to a c…

The Pentagon Wants to Bolster DIU’s Cyber Defenses (Nextgov.com) The department is looking for penetration testers, red teams and cyber training to protect its startup incubator from online attacks.

The Army wants these new defensive cyber tools (Fifth Domain) The Army outlined what capabilities it wants for its defensive cyber operators.

3 Tech Stocks with High Upside for Under $15 (Yahoo) With Amazon (AMZN) and Google (GOOGL) vacuuming up the reputation and the hype and the sky-high stock valuations, it sometimes seems that the tech sector isn’t for the budget-minded investor. Even the more staid stocks, like Microsoft (MSFT) can have share prices well above $100. So, what do you do if

Nixu Corporation’s growth ambition for 2020-2024 (Cision) European cybersecurity company, Nixu has announced today its growth ambition for the next five years, 2020 to 2024.

Centrify joins multiple working groups within Cloud Security Alliance (Intelligent CIO Africa) Centrify, a leading provider of cloud-ready zero trust privilege to secure modern enterprises, has announced that several of its executive leaders have joined

XM Cyber Chosen for Swiss Kickstart Innovation Program (PR Newswire) Breach and Attack Simulation Leader Joins Other Top Startups to Promote Tech Innovation in Switzerland

Louisiana plans new cybersecurity center in Baton Rouge (The Center Square) Louisiana state government plans to establish a “major cybersecurity center” in Baton Rouge alongside LSU experts and a private defense contractor, Gov. John Bel Edwards said Tuesday.

Products, Services, and Solutions

VMware AppDefense Breaks Down Silos in Latest Release (VMware vSphere Blog) (by Tom Corn, SVP & GM of Security products at VMware) It’s an exciting time for the VMware AppDefense team. We are making tremendous progress in our mission to help secure our customers’ data centers, and today we have great news to share. First, I’m proud to announce that we have released new functionality in

US Signal Unveils Managed Website and Application Security Solution (PR Web) Builds on existing DDoS protection to deliver unparalleled defense against malicious attacks on websites and applications

Shared Assessments Announces Assessment and Monitoring Module of Third Party Risk Management (TPRM) Framework (SYS-CON Media) The Shared Assessments Program, the member-driven leader in third party risk assurance, today announced an important new addition to its Third Party Risk Management (TPRM) Framework covering the subjects of periodic assessments and continuous monitoring.

DefenseStorm to Unveil New Fraud Monitoring Product at 2019 CUNA Tech (DefenseStorm) DefenseStorm FI CyberFraud reduces fraud-related costs and improves risk management of banking applications

Announcing Our First European Data Center (Backblaze Blog) We have big news. Starting today, our first European data center, in Amsterdam, is open and accepting customer data!

VMware Delivers Industry’s Only Complete Software-Defined Networking and Security Stack Built for the Multi-Cloud Era (VMware) VMware networking and security portfolio delivers greater automation, compliance, visibility, and scale across the data center, cloud, branch and edge

VMware Expands Telco and Edge Cloud Portfolio to Enable Better Connectivity and Automation for Communication Service Providers and Enterprises (VMware) VMware, Inc. (NYSE: VMW), a leading innovator in enterprise software, today announced that it has expanded its Telco and Edge Cloud portfolio to drive real-time intelligence for telco networks, as well as improved automation and security for telco, Edge and IoT applications. Already serving as a key infrastructure provider for most communications service providers and enterprise customers around the world,

Veristor and Synack Partner to Apply Ethical Hackers and AI Technology to Deliver Crowdsourced Security Vulnerability Identification (Veristor) #Veristor and #Synack perform comprehensive penetration testing using human and machine intelligence for smart #security testing at scale.

Fortinet Extends Support for VMware to Boost Cloud Security (Yahoo) With the extension of partnership, Fortinet (FTNT) will provide consistent security and monitoring for East-West traffic in addition to the already existing North-South traffic.

ReversingLabs Titanium Platform Finds Destructive Objects Existing Security Investments Miss (Beloit Bulletin) Reversing Labs, a leading provider of enterprise-scale file analysis, threat hunting, and malware intelligence solutions,

Technologies, Techniques, and Standards

The mind of the payment crook provides clues for the fight (PaymentsSource) There are several ways attackers take advantage of payment systems. Understanding that is part of the battle, according to Bill Horne of Intertrust Secure Systems.

Scammers are targeting your calendar—here's how to stop them (Popular Science) It's simple to tweak the settings in your Google calendar to stop spam from appearing in your schedule.

Design and Innovation

'Dangerous' AI offers to write fake news (BBC News) An AI that allows anyone to write fake news or rewrite old jokes such as "a man walked into a bar".

Your Pa$$word doesn't matter (TECHCOMMUNITY.MICROSOFT.COM) Every week I have at least one conversation with a security decision maker explaining why a lot of the hyperbole about passwords – “never use a password that has ever been seen in a breach,” “use really long passwords”, “passphrases-will-save-us”, and so on – is inconsistent with our research and wi...

Research and Development

Social Data Initiative (Social Science Research Council) For nearly a century, the Social Science Research Council has supported researchers as they pursue vanguard and rigorous scholarship for the public good. In keeping with this tradition, the Social Media and Democracy Research Grants program—a collaboration with a diverse group of eight philanthropic organizations, Social Science One, and Facebook—is an effort to make privacy-protected data available to social researchers to examine Facebook’s impact on elections and democracy.

Legislation, Policy and Regulation

Cyber attack on NHS would trigger full Nato response, says alliance's general secretary (The Telegraph) A cyber strike similar to the computer hack that crippled NHS hospitals in 2017 could trigger a revenge attack from all Nato allies, its general secretary has warned.

We will hack back if you tamper with our shiz, NATO declares to world's black hats (Register) Starting a war over stopped trams? Unlikely, says intelligence boffin

Mikko Hyppönen Discusses When It's OK to Respond to a Cyber Attack with Missiles (TechSpective) Mikko Hyppönen joins me on the Inner Circle to chat about whether it's appropriate to respond to a cyber attack with missiles.

Seoul urged to tighten vigilance against North Korean hackers (Korea Times) South Korea should raise its guard against cyberattacks from North Korea, as it has been increasingly vulnerable to Pyongyang's tech-driven cyberwarfare, experts said Tuesday. They added that the international community should take North Korea's fast-advancing, cyber manipulation tactics more seriously, as cyberattacks are becoming an easier, more cost-effective alternative to nuclear and missile threats.

China’s Spies Are on the Offensive (The Atlantic) China’s spies are waging an intensifying espionage offensive against the United States. Does America have what it takes to stop them?

The Internet Freedom League (Foreign Affairs) Democratic states needs to split the Internet before Beijing and Moscow do.

On the offense: How federal cybersecurity is changing (GCN) A safer, more expansive cybersecurity infrastructure empowers the nation's defend-forward strategy, allowing government to mediate emerging threats from across the globe.

UK to make Huawei 5G decision 'by the autumn' (BBC News) Nicky Morgan told the BBC that the UK would make a decision over Huawei before the end of the year.

The Huawei challenge: Not ‘politics vs. economics,’ but balancing politics, economics, and national security (AEI) The decision over whether to ban Huawei from 5G networks is a question of what price countries are willing to pay for national security.

Trump should drop efforts to allow Patriot Act snooping on citizens and immigrants (Chicago Sun-Times) The Fourth Amendment protects the rights of the people from unreasonable searches and seizures of property.

DoJ opposes Google-backed undersea cable (Seeking Alpha) The U.S. Department of Justice wants to block the Pacific Light project backed by Google (GOOG,GOOGL), Facebook (NASDAQ:FB), and China's Dr. Peng Telecom & Media Group, according to Dow Jones sources.

Litigation, Investigation, and Enforcement

Microsoft faces new GDPR privacy investigation over Windows 10 telemetry (Computing) Ireland's Data Protection Commission to investigate claims of new, potentially unlawful uses of personal data harvesting by Windows 10

Former Google Engineer Charged With Stealing Trade Secrets (Wall Street Journal) Anthony Levandowski was charged by federal authorities with 33 counts of trade-secret theft.

Former star Google and Uber engineer charged with theft of trade secrets (Silicon Valley Business Journal) Anthony Levandowski, a former Google engineer and co-founder of the self-driving truck company Otto, in San Francisco, May 16, 2016. Levandowski was charged by federal prosecutors on Aug. 27, 2019 with 33 counts of theft and attempted theft of trade secrets from Google.

Doorbell-camera firm Ring has partnered with 400 police forces, extending surveillance reach (Washington Post) The home-security firm has made it easier than ever for local police to request homeowners' video. “If the police demanded every citizen put a camera at their door and give officers access to it, we might all recoil,” one legal expert said.

Court squeezes $1 million back from convicted phisher (Naked Security) Prolific phishing scammer Grant West has been sentenced to 10 years, 8 months, and reimbursement for victims.

Hundreds of pages of emails show Nellie Ohr researched Trump-Russia connections (Washington Examiner) Newly uncovered FBI documents show how Nellie Ohr fits into the Trump-Russia saga, documents that also paint an increasingly clearer picture of the Clinton-linked opposition research firm Fusion GPS's central role in 2016 and beyond.

Is Nigeria Really The Headquarters of CyberCrime in the World? (Guardian) “The key (to Cybercrime) really is the lack of law enforcement environment, the feeling that you can do almost anything and get away with it. They were able to grow and evolve into organized enterprises.”

LYCEUM hits Middle Eastern energy sector targets. China uses LinkedIn to recruit agents. Cloud WAF issue. TA505 ups its game.

Bring your own context.