The CyberWire Daily Briefing, 9.9.19

Dateline

Could this cyber partnership help national security? (Fifth Domain) The Cybersecurity and Infrastructure Security Agency's director sees an opportunity in partnering with the new Cybersecurity Directorate at the National Security Agency to defend critical US infrastructure.

Director Neuberger outlines aims of NSA’s Cybersecurity Directorate. (The CyberWire) NSA's Cybersecurity Directorate will focus on threats from nation-states.

Cyber Strategy Protects Critical U.S. Infrastructure (U.S. DEPARTMENT OF DEFENSE) The Defense Department is protecting critical infrastructure in the homeland as a part of its new cyber strategy.

What a Federal CISO sees. (The CyberWire) Current and former US Federal CISOs explained what cyberspace looks like from their distinctive perch.

AI can deliver security, but it needs securing itself. (The CyberWire) Artificial intelligence has two sides with respect to cybersecurity: it's a tool used for cybersecurity, and the AI systems themselves need to be secured.

Cyber Attacks, Threats, and Vulnerabilities

Symantec finds a 'new' Chinese hacking group that has actually been around for a decade (CyberScoop) A Chinese cyber-espionage group that Symantec first exposed last June may actually be part of another group that has already been discovered, according to the company’s researchers.

U.S. Cyber Command appears to troll North Korea with malware release (Axios) The release came early morning on a North Korean holiday.

Exploit for wormable BlueKeep Windows bug released into the wild (Ars Technica) The Metasploit module isn't as polished as the EternalBlue exploit. Still, it's powerful.

Critical Windows Warning Gets Real As Wormable Exploit Weaponized (Forbes) If you've ignored repeated warnings from Microsoft, the U.S. Government and the National Security Agency (NSA) to update Windows or face a security threat on a par with WannaCry, now's the time to take action. A weaponized wormable exploit has just been released into the wild.

Metasploit team releases BlueKeep exploit (ZDNet) Metasploit BlueKeep module can achieve code execution, is easy to use.

Millions of Exim servers vulnerable to root-granting exploit (ZDNet) The internet's most popular email server impacted by second major bug this summer.

'Especially dangerous': Two easy steps to hack Trump’s Twitter account (Washington Examiner) President Trump's Twitter feed is vulnerable to being hacked by a foreign power or other adversary, according to a Washington Examiner investigation of cybersecurity measures in place to protect his account.

Kaspersky claims to have found malware in digital college textbooks (Notebookcheck) The online security company Kaspersky has reported the presence of dangerous programs in the digital versions of educational content for university students. These essays and texts were found to contain malware of varying severity and virulence. Some were described as capable of infecting whole networks from a single student's PC.

Think your iPhone is safe from hackers? That’s what they want you to think… (the Guardian) Forget Apple’s much-vaunted iOS safeguards – attackers have been quietly breaking and entering for years

Apple Defends iOS Security a Week After Hacking Campaign (Wired) In its first public statement since Google revealed a sophisticated attack against iOS devices, Apple defended its security measures.

Apple says Uighurs targeted in iPhone attack but disputes Google’s findings (NBC News) Google Project Zero researchers said last week that five security flaws led to a "sustained effort to hack the users of iPhones in certain communities over a period of at least two years."

A message about iOS security (Apple Newsroom) iOS security is unmatched because we take end-to-end responsibility for the security of our hardware and software.

Apple takes flak for disputing iOS security bombshell dropped by Google (Ars Technica) Apple statement alienates the security community when the company needs it most.

China Covertly Subverting Trump Reelection (Washington Free Beacon) China is conducting an aggressive disinformation and influence campaign designed to block the re-election of President Trump in 2020.

Fake PayPal Site Spreads Nemty Ransomware (BleepingComputer) A web page pretending to offer an official application from PayPal is currently spreading Nemty ransomware to unsuspecting users.

PsiXBot Now Using Google DNS over HTTPS and Possible New Sexploitation Module (Proofpoint US) Proofpoint researchers continue to describe updates to PsiXBot, now using Google DNS and a module that records victims’ screens when viewing adult material.

Warning Issued After Malware Is Found To Have Hijacked Bitcoin Blockchain (Forbes) Bitcoin's blockchain has been hijacked by a new strain of the Glupteba malware that uses the network to resist attacks, cyber security researchers have warned...

Akamai: Fortnite ransomware scams should force developers and gamers to think about security (VentureBeat) The game industry is often hit by cybercriminals, and it was no surprise to see the discovery of ransomware that attacks Fortnite players.

Malicious attack on Wikipedia—What we know, and what we’re doing (Wikimedia Foundation) Today, Wikipedia was hit with a malicious attack that has taken it offline in several countries for intermittent periods. The attack is ongoing and our Site Reliability Engineering team is working …

Wikipedia whacked in weekend DDoS attack (Computing) Wikipedia blames 'malicious attack' on 'bad faith actors'

Wikipedia not working as pages fail to load for some users (The Independent) Site back online after following cross-platform crash

In first, cyberattack takes Wikipedia offline; outages still reported across globe (Haaretz) Millions across the world could not access Wikipedia over the weekend in what some say was the first successful cyber attack against the online encyclopedia

Hong Kong exchange suffers cyber attack (Finextra) The chief executive of the Hong Kong Stock Exchange (HKEx) has conceded that the trading venue was subject to a series of cyber attacks this week but has insisted that an outage which brought derivatives trading to a halt was related to a software bug and not a hacker.

Money for Nothing: Ransomware Plagues Local Governments (Decipher) Ransomware infections have crippled local governments in several states recently, a trend that shows no signs of abating.

Ransomware Poses Tough Choices For State, Local Gov'ts (Law360) This year, more than 70 state and local governments have been targeted by ransomware attacks. Despite a flood of legislation aimed at the problem, many state and local government information technology leaders still lack the funding and cybersecurity talent they need, says Korey Clark of State Net Capitol Journal.

Town Avoids Paying Massive $5 Million Ransom In Cyberattack (NPR.org) New Bedford, Mass., was hit by an attack in July. Instead of paying up, the city opened communication with the attacker and bided its time until the data could be restored.

Update on Texas Local Government Ransomware Attack (Texas Department of Information Resources) Our mission is to provide technology leadership, technology solutions, and value to our customers in Texas state government, education, and local government entities. The services we provide focus on excellence in quality of service, responsiveness, innovation, professionalism, and teamwork. We operate in an open, ethical, efficient, and accountable manner with high regards to our customers.

New York School District Claims Victory Over Emotet Trojan with Malwarebytes (New Kerala) Malwarebytes, the leading advanced endpoint protection and remediation solutions, today announced the successful recovery of an Emotet outbreak for the East Irondequoit Central School District, which at one point had infected over 1,400 of the school districts endpoints.

Schools in Arizona's Flagstaff closed for second day due to cyberattack (TheHill) Schools in Flagstaff, Ariz., were closed for a second day in a row on Friday as the school district struggled to recover from a debilitating ransomware attack.

Flagstaff schools to reopen Monday after cyber-security issue (Arizona Central) A cyber attack shut down Flagstaff schools, but they will reopen on Monday.

Back-to-School Scams Target Students with Library-Themed Emails (Threatpost) Students should keep their eyes peeled for phishing emails purporting to be from their colleges, as well as online resources laced with malware, researchers warn.

Cyber-security incident at US power grid entity linked to unpatched firewalls (ZDNet) Hackers used a DoS flaw to reboot firewalls at an electric power grid operator for hours.

First Ever DoS Cyber-Attack On A US Power Grid Detailed In Startling Report (HotHardware) The age of cyber attacks on national utilities has begun.

Lesson Learned: Risks Posed by Firewall Firmware Vulnerabilities (E&E News) A vulnerability in the web interface of a vendor’s firewall was exploited, allowing an unauthenticated attacker to cause unexpected reboots of the devices.

The US electric grid has been cyber attacked for years yet NERC won’t acknowledge facts (Control Global) Malicious cyber incidents affecting the US grid from compromising control system vendors as well as the utilities themselves have been on-going for more than 15 years. Yet, NERC refuses to call cyber incidents “cyber”.

Fraudsters target Chinese students in UK visa scam (the Guardian) Universities warn that undergraduates are paying out huge sums for fear of being deported

DMVs Are Selling Your Data to Private Investigators (Vice) You gave them your data in exchange for a driver’s license. DMVs are making tens of millions of dollars selling it, documents obtained by Motherboard show.

Security Patches, Mitigations, and Software Updates

September 2019 Patch Tuesday forecast: Microsoft security update will be complete (Help Net Security) Chris Goettl from Ivanti offers his September 2019 Patch Tuesday forecast and tells us what we can expect from Microsoft, Mozilla and Adobe.

Google Calendar Spam Got You Down? A Fix Is on The Way (BleepingComputer) Google is working on a solution to stop spammers from abusing a Google Calendar feature designed to automatically add event invitations to its users' calendars after receiving countless reports about spam events over the last few months.

Cyber Trends

Pervasive Social Engineering Characterizes the Threat Landscape: Proofpoint Releases the Human Factor 2019 Report (Proofpoint US) Proofpoint researchers detail how threat actors exploit "The Human Factor" based on 18 months of data related to social engineering and key threat trends.

Alternate Cybersecurity Futures (Atlantic Council) Read the Publication (PDF) While cyberspace continues to enable tremendous commercial, humanitarian, and national security opportunities, it also breeds an expanded threat landscape of massive complexity. As innovation and new vulnerabilities...

Cold War Analogies are Warping Tech Policy (Wired) Opinion: Politicians and pundits' fixation with flawed Cold War metaphors have produced overly combative policies on emerging tech.

5 Key Insights From Absolute's 2019 Endpoint Security Trends Report (Forbes) Over 70% of all breaches are still originating at endpoints, despite millions of dollars spent by organizations every year. It’s possible to overspend on endpoint security and reduce its effectiveness, which is a key finding of the study.

Marketplace

Bug bounty platform HackerOne raises $36.4 million (VentureBeat) Bug bounty platform HackerOne has raised $36.4 million in a round led by Valor Equity Partners, taking its total funding past $110 million.

WSJ News Exclusive | Buyout Firms Seek to Acquire Symantec for More Than $16 Billion (Wall Street Journal) Symantec has received interest from a pair of private-equity suitors seeking to buy the cybersecurity firm after it agreed to a sale of a big chunk of its business.

Brazil-focused Valor Capital seeks $300m across two funds (Alt Assets) Valor Capital Group is aiming to raise $300m across its third venture fund and its first opportunity fund as it seeks the bridge the gap between the US and Brazilian technology markets.

VMware inches closer to Carbon Black buyout (CRN Australia) Cash offer for US$26 per share on the table.

Singapore’s SecureAge eyes US market (ComputerWeekly.com) The Singapore-based supplier of encryption and anti-malware tools has set up a new office in Greater Washington, DC as the next logical step in its global expansion plan

Products, Services, and Solutions

New infosec products of the week: September 6, 2019 (Help Net Security) The most important product releases of the week include releases from: ThousandEyes, Crossword Cybersecurity, Exabeam, Trustwave and Zeguro.

Exabeam Expands International Availability of Cloud-based SIEM to Help Organizations Modernize Security Operations - Exabeam (Exabeam) With Exabeam SaaS Cloud, security teams across Canada, Europe, Asia-Pacific and South America can now easily migrate security[...]

MacKeeper Continues Transformation Launching 24/7 Data Breach Monitoring (Yahoo) Mackeeper—a software known and used by over 1.4 million users for performance, protection and MAC optimisation—is continuing its transformation to offer a one-stop solution for MAC digital protection and privacy. Today the company is launching two new features:

Comcast Business beefs up cybersecurity with Fortinet and Akamai (FierceTelecom) Comcast Business is teeing up more cybersecurity options with Fortinet for mid-sized and enterprise customers that use its ActiveCore platform.

Jigsaw Academy launches India's First offensive Cyber-security Programme (ANI) Bengaluru (Karnataka) [India] Sept 06 (ANI/NewsVoir): Jigsaw Academy, a pioneer in emerging technologies and data science training, has signed a Memorandum of Understanding (MoU) with HackerU, one of the world's leading cyber security Training companies from Israel, to launch India's first 'Offensive' Cyber-security Certification Programme.

FIME adds EMV® 3DS services to new digital test platform (FIME) FIME’s EMV®* 3-D Secure (3DS) test platform and laboratory have been qualified by EMVCo for ACS component testing, protocol 2.1. The combination of an automated test platform and the expertise of FIME 3DS experts brings agility and efficiency for payment solution providers (PSPs), EMV 3DS vendors and banks while ensuring the compliance of new authentication implementations. With the platform, they can accelerate the testing and certification of their 3DS ACS solutions according to the EMV® 3-D Secure Specification.

Google's differential privacy library can now be used by anyone (Help Net Security) Google open-sourced a differential privacy library that powers some of its products. Diffential privacy keeps sensitive information usable but anonymized.

Technologies, Techniques, and Standards

Devo Guide to the Future Security Operations Center (SOC) (Devo.com) Learn about core capabilities and functions, technologies and platforms, and frameworks of the future security operations center.

Identity and Access Management: Preventing a Cyber Attack (EC-Council Official Blog) Digital identity is a significant component of any organization’s digital strategy. It ensures the delivery and security of systems, data, and applications. On the contrary, Identity and Access Management (IAM) is a framework designed for various business policies, processes, and technologies to manage digital identities. IAM framework enables IT managers to control user access to... Read More

Hardware Security Keys: A Seatbelt for the Internet?—Cyber Saturday (Fortune) Hardware security keys are seatbelts for the Internet, says Stina Ehrensvärd, CEO and cofounder of Yubico, a startup that makes online account-securing fobs.

Well-known ethical hacker describes recent cybersecurity and ransomware attack scenario (International Business Times) A few days ago experts from cybersecurity industry revealed that hackers who are behind ransomware attacks are responsible for driving up the price of Bitcoin.

After a cyberattack, the waiting is the hardest part (Fifth Domain) Cyberattacks on critical infrastructure may not have the payoff that an adversary wants.

Cybersecurity issues can't be solved by simply buying a product (Help Net Security) Year after year, data breach losses continue to rise and the cybercrime economy continues to thrive. What is the cybersecurity industry doing wrong?

Design and Innovation

Microsoft’s president chides Facebook, urges new approaches to combat weaponization of tech (Washington Post) Brad Smith critiques the tech industry for allowing thieves, terrorists and scoundrels to use technology for ill.

Who should manage the Pentagon’s AI data? DARPA’s director has a suggestion. (C4ISRNET) Artificial intelligence can't be

Apple made Siri deflect questions on feminism, leaked papers reveal (the Guardian) Exclusive: voice assistant’s responses were rewritten so it never says word ‘feminism’

Tests Show That Voice Assistants Still Lack Critical Intelligence (Forbes) Increasingly, devices we interact with have an audio conversational interface instead of buttons or screens to type or click. The dawn of the conversational computing age is here. However, are these devices intelligent enough to handle the wide range of queries that humans are asking?

ASIO anniversary minted into hard currency crypto coin (iTnews) Spruiks online cracking comp for collectible spyware.

Research and Development

Information gerrymandering in social networks skews collective decision-making (Nature) Network rewiring can alter perception of others’ voting intentions.

Opinion | How to Build Artificial Intelligence We Can Trust (New York Times) Computer systems need to understand time, space and causality. Right now they don’t.

Four scientists win China's 2019 Future Science Prize (Ecns.cn) The Future Science Prize announced on Saturday that four scientists will be crowned this year for their contributions to fields in science and technology.

Academia

Is China's network of cultural clubs pushing propaganda? (BBC News) China says its Confucius Institute is for language and culture, but critics say it has other aims.

Irish colleges' links with Chinese ‘cyber-spy’ universities spark concern (Times) The Department of Business, Enterprise and Innovation is financing a number of scientific collaborations between Irish colleges and Chinese universities which have been linked to espionage and...

Trinity Working With Chinese Universities Accused of Cyber Crime (University Times) The government is currently financing collaborative research involving Trinity, UCC and UCD and two Chinese universities accused of espionage.

Who’ll benefit from the Regis University cyberattack? The Denver school’s cybersecurity students. (The Denver Post) Two weeks before a “malicious threat” crippled Regis University’s information technology services — rendering the Denver campus’s phones, email and internet useless ju…

Students must spark interest in cyber studies, says NSA official (The Times of India) Education News: Josiah Dykstra, deputy technical director for cybersecurity operations at National Security Agency (NSA), USA, speaks to Education Times on why cybers

Saudi college, BAE sign cybersecurity agreement (Arab News) Prince Mohammed bin Salman College for Cybersecurity, Artificial Intelligence and Advanced Technologies has signed a memorandum of understanding with British aerospace and technical sciences company BAE Systems. Dr. Abdullah Al-Dahlawi, the dean of the college, explained that this strategic partnership with the world’s third-largest company for space, defense and security industries aims to activate training and technical cooperation between the college and the company.

HackerOne concludes its bug bounty challenge with the National University of Singapore (Help Net Security) HackerOne, the hacker-powered pentesting and bug bounty platform, successfully concluded its bug bounty challenge with the National University of Singapore.

Legislation, Policy and Regulation

Exclusive: US extracted top spy from inside Russia in 2017 (CNN) In a previously undisclosed secret mission in 2017, the United States successfully extracted from Russia one of its highest-level covert sources inside the Russian government, multiple Trump administration officials with direct knowledge told CNN.

Oxbridge grad who worked for GCHQ to run National Cyber Force of 3,000 hackers (Herald Publicist) Britain's high feminine spy is head of recent 'on-line SAS': Oxbridge graduate who labored for GCHQ will run Nationwide Cyber Pressure of three,000 hackers to

Italy mantains stance on Huawei, ZTE 5G scrutiny - Mobile World Live (Mobile World Live) A newly appointed Italian government offered no relief to Chinese equipment vendors Huawei and ZTE, ...

Mark Esper suggests Britain ban Huawei, Mike Pompeo should do the same with Israel (Washington Examiner) Visiting London on Friday, Defense Secretary Mark Esper made clear why the United States expects Britain to ban Chinese telecommunications firm, Huawei, from its networks.

Microsoft Says Trump Is Treating Huawei Unfairly (Bloomberg) Brad Smith, the company’s president, says the administration hasn’t adequately made the case for its moves against the Chinese company.

Microsoft: Trump's unfair treatment of Huawei is 'un-American' (Yahoo) Microsoft president and chief legal officer Brad Smith hit out at the trading ban between US firms and Huawei.

Law on cybersecurity developed in Turkmenistan (AzerNews.az) President of Turkmenistan Gurbanguly Berdimuhamedov has approved the bill on cybersecurity, Trend reports referring to the Turkmen government.

In the Race to Dominate 5G, China Sprints Ahead (Wall Street Journal) The super-fast wireless technology 5G is expected to revolutionize everything from driving to surgery, and everybody wants to be first. Beijing is using its authoritarian power to clear obstacles on the ground.

Regulator Weighs Disclosing Names of Utilities That Violate Grid Security Rules (Wall Street Journal) The Federal Energy Regulatory Commission is weighing whether to disclose the names of electric utilities that violate rules designed to protect the nation’s grid against cyber and physical attacks.

Facebook’s Mark Zuckerberg snubs fake news committee (Times) Mark Zuckerberg has declined an invitation to appear before an international committee on disinformation and fake news in Ireland this November. The grand committee was set up by Damian Collins...

The NSA prepares to defend 2020 elections, drawing lessons from 2018 (CBS News) "NSA really had to up its game," says Anne Neuberger, head of the new Cybersecurity Directorate

Will A Massive Effort To Secure The 2020 Vote End Up Superfluous Or Not Enough? (NPR.org) Officials at every level say they're changing their approaches to election security as the presidential race comes into view. One challenge, though, is not knowing exactly how to prepare.

Expansion of DHS Continuous Diagnostics Program Considered (BankInfo Security) Bills now being considered in the Congress would make the Department of Homeland Security's Continuous Diagnostics and Mitigation Program available to all federal

DHS looks to upgrade flagging info sharing program (FCW) A top cyber official at the Department of Homeland Security said the underutilized Automated Indicator Sharing program will be getting a facelift to improve quality and facilitate more complex defensive actions.

It may be time for the government to hire cyber folks without formal degrees (Federal News Network) Given the ongoing shortage of cybersecurity talent, government officials are thinking about hiring on skill, rather than specific degree.

Businesses Across the Board Scramble to Comply With California Data-Privacy Law (Wall Street Journal) The California Consumer Privacy Act was designed to make tech giants more transparent about how they handle consumer data—and now companies from Starbucks to the Gap also are racing to comply.

WHAT? Misread tweet sparks crypto fake news frenzy (Micky) Be warned: a crypto fake news frenzy, reported on by a dozen outlets, can start with a single, misread tweet.

Litigation, Investigation, and Enforcement

Australian Internet Providers Ordered to Block Eight Sites Found Hosting Christchurch Footage (Gizmodo) Australia’s eSafety Commissioner ordered the country’s internet service providers to block eight sites for purportedly hosting footage of the Christchurch massacre, the Guardian reported Sunday, protocol officials recently outlined at this year’s G7 leader’s forum.

Google receives demand for documents from Justice Dept., acknowledging federal antitrust scrutiny (Washington Post) Google said Friday it had received a legal demand for records from the Justice Department related to the tech giant's prior antitrust investigations, marking the company's first major acknowledgment that it's a subject of a federal competition probe.

8chan "has no intent of deleting constitutionally protected hate speech," owner will tell Congress (The Verge) The private testimony is slated for today.

Don’t Hack Back: Call The FBI & They’ll Call NSA (Breaking Defense) “The average time it takes to discover a data breach is about six months,” said Hickey, a deputy assistant attorney general at the Justice Department specializing in cybersecurity and China. By the time you realize you’ve been hacked, it’s too late to “hack back" and shut down your attacker.

Police: Man steals identity to buy iPhones (KTSM 9 News) A man who stole someone else’s identity in order to get two iPhones and Verizon phone service is being sought by Crime Stoppers of El Paso. The suspect walked in…

Bring your own context.