The CyberWire Daily Briefing 1.25.19

Cyber Attacks, Threats, and Vulnerabilities

Everybody Does It: The Messy Truth About Infiltrating Computer Supply Chains (The Intercept) The danger of China compromising hardware supply chains is very real, judging from classified intelligence documents, even if a Bloomberg story on the matter is highly disputed.

Two suspected Russian hacking groups share tools and techniques, Kaspersky says (CyberScoop) Multiple groups of suspected Russian hackers have a relationship with one another that includes sharing malicious software code and hacking techniques, according to new research.

GreyEnergy’s overlap with Zebrocy (Securelist) We have identified an overlap between GreyEnergy, which is believed to be a successor to BlackEnergy group, and a Sofacy subset called “Zebrocy”. Both used the same servers at the same time and targeted the same organization.

Exclusive: Google Caught Hosting Hezbollah's Violent Android Games (Forbes) Google has kicked off two games created by Hezbollah, deemed a terror organization by the U.S. One depicted children deflecting bombs onto Israeli soldiers, the other saw the protagonist defend a holy site from ISIS soldiers.

Cisco uncovers critical vulnerability in SD-WAN Solution (CRN Australia) Issues a fix, but customers can't install it themselves.

Check Point ZoneAlarm Anti-Virus Exploit (illumant llc) Local Exploitation of WCF Services within ZoneAlarm Anti-Virus Software to Escalate Privileges General Overview Illumant has discovered a critical vulnerability in Check Point’s ZoneAlarm anti-virus software. This vulnerability allows a low-privileged user to escalate to SYSTEM-level privileges. A service endpoint within ZoneAlarm exposes powerful functionality, including the ability to start new processes as SYSTEM. Efforts...

PHP PEAR supply chain attack: Backdoor added to installer (Help Net Security) Some additional details have emerged about the recent security breach involving the PHP PEAR webserver, but much is still unknown.

Threat Spotlight: IoT application vulnerabilities (Barracuda) This Threat Spotlight investigates how attackers can use vulnerabilities in web and mobile applications to compromise IoT devices.

China Blocks Microsoft's Bing Due to Technical Error, Sources Say (Bloomberg) Microsoft Corp.’s search engine Bing was blocked in China due to an accidental technical error rather than an attempt at censorship, according to people familiar with the matter, and the search engine is once again accessible in the country.

Bing Went Down in China and No One Will Say Why (WIRED) It could be technical issues or the government blocking Microsoft's search engine. Regardless, the service is back online.

Microsoft's Bing is blocked in China as tensions between Beijing and Washington escalate (The Telegraph) Microsoft's Bing search engine has been blocked in China as tensions between Beijing and Washington escalate.

UK courts IT meltdown 'not caused by cyber attack' (Evening Standard) The Ministry of Justice said a massive IT meltdown which lawyers claim has brought the courts system “to its knees” was not caused by a cyber attack. Thousands of cases across England and Wales have been affected by a breakdown of the central computer system, which stopped working last week. The secure email system for lawyers and judges was also affected, prompting many to complain that they have been unable to prepare for hearings and trials.

Massive mortgage and loan data leak gets worse as original documents also exposed (TechCrunch) Remember that massive data leak of mortgage and loan data we reported on Wednesday? In case you missed it, millions of documents were found leaking after an exposed Elasticsearch server was found without a password. The documents contained highly sensitive financial data on tens of thousands of ind…

Google URL Inspection Tool flaw lets anyone inspect URLs without authorization (HackRead) Last year, Google launched its URL Inspection Tool for webmasters using Search Console. The purpose of this tool is to provide information about Google’s indexed version of a specific page.

ThinkPHP Vulnerability Abused by Botnets Hakai and Yowai (TrendLabs Security Intelligence Blog) We found a new Mirai variant we’ve called Yowai and Gafgyt variant Hakai abusing a ThinkPHP flaw for propagation and DDoS attacks.

You're an admin! You're an admin! You're all admins, thanks to this Microsoft Exchange zero-day and exploit (Register) Easily swapped hashed passwords gives Domain Admin rights via API call. Fix may land next month

Sneaky Malvertisers Target Apple Users with Hidden Malware (Infosecurity Magazine) VeryMal campaign uses steganography techniques

Voicemail Phishing Campaign Tricks You Into Verifying Password (BleepingComputer) A new phishing campaign is underway that utilizes EML attachments that pretend to be a received voicemail and prompts you to login to retrieve it. This campaign also uses a clever tactic of tricking you into entering your password twice in order to confirm that you are providing the correct account credentials.

Cyberattackers Bait Financial Firms with Google Cloud Platform (Dark Reading) A new wave of attacks abuses the Google Cloud Platform URL redirection in PDF decoys, sending users to a malicious link.

ThreatList: Phishing End Goal Credentials, Not Malware (Threatpost) Credential compromise emerged the main target for phishing campaigns in 2018 – rather than infecting victims' devices with malware.

Damaged Undersea Cable Causes Near-Total Internet Blackout in Island Nation Tonga (Motherboard) The island has just one submarine cable that provides internet access for the entire island.

Hacker cracks into Nest security cameras to demand that users subscribe to PewDiePie's YouTube channel (Computing) Hacker says he used credential stuffing technique to crack Nest surveillance camera passwords,

Hacker demonstrates how to remotely Jailbreak iPhone X (HackRead) A China-based security researcher associated with the Qihoo 360 Vulcan Team has published a proof-of-concept exploit for a kernel vulnerability, which he claims to be the second stage of an exploit chain that he was successfully able to jailbreak iPhone X remotely.

'Worst' ransomware attack hits Maryland police department (AP NEWS) A Maryland police department says it experienced its "worst computer network attack" in its history, after the attacker accessed its network through a longtime software vendor. Salisbury police Capt. Rich Kaiser tells The Daily Times of Salisbury the department's entire internal computer network was compromised Jan. 9 in a ransomware attack. He said negotiations with the attacker who asked for an undisclosed sum "quickly disintegrated."

DHSS cyber attack impacts more than 100,000 Alaska households (KTUU) A cyber attack in April has impacted more than 100,000 Alaska households. The Department of Health and Human Services says the breach applies to people who applied for programs through the Division of Public Assistance.

Security Patches, Mitigations, and Software Updates

Check Point Fixes Privilege Escalation Bug in ZoneAlarm Free (BleepingComputer) A security issue in Check Point's free edition of ZoneAlarm antivirus and firewall solution allowed a user with limited rights on the machine to inject and execute code with the highest privileges.

Running Sysmon 8.0.0? Update to 8.0.4 to Avoid a Memory Leak (BleepingComputer) A memory leak exists in recent version of the Sysmon utility that could cause a computer to run out of memory and crash if they routinely update its configuration file through a scheduled task or some other manner.

Cyber Trends

Cisco 2019 Data Privacy Benchmark Study Shows Organizations Gaining Business Benefits from Data Privacy Investments (PR Newswire) Organizations worldwide that invested in maturing their data privacy practices are now realizing tangible...

GDPR-ready organizations see lowest incidence of data breaches (Help Net Security) Organizations worldwide that invested in maturing their data privacy practices are now realizing tangible business benefits from these investments,

83% of global respondents experienced phishing attacks in 2018 (Help Net Security) Most experienced phishing attacks in 2018, and nearly 60 percent saw an increase in employee detection following security awareness training.

Why cyberwar is contributing to a potential doomsday (Fifth Domain) The rise of cyberattacks and information warfare is a contributing factor to an existential threat to humanity, according to the Bulletin of the Atomic Scientists

Seven Out of Every Ten Open Vulnerabilities Belong to Just Three Vendors (Computer Business Review) Seven out of every ten open vulnerabilities observed by customers belongs to just three vendors, Oracle, Microsoft and Adobe.

Scamming Grandma: Financial Abuse of Seniors Hits Record (Wall Street Journal) U.S. banks reported 24,454 suspected cases of elder financial abuse to the Treasury Department last year, more than double the amount five years earlier.

Crime stats show switch in focus by cyber criminals (ComputerWeekly.com) The latest crime statistics suggest that cyber criminals are turning their attention to organisations and social engineering attacks as they become more sophisticated

Marketplace

How the government shutdown is flushing away federal cyber-talent (Ars Technica) As some feds miss a second paycheck and contractors sit idle, a brain drain is imminent.

Enterprises turn to MSPs to mitigate huge skills gap concerns (Help Net Security) A huge skills gap coupled with security worries is driving IT decision makers to engage Managed Service Providers (MSPs) to handle their IT needs,

New report urges action against Huawei, ZTE (TheHill) A new report is urging the Trump administration to take action against a pair of Chinese telecommunication giants over the firms’ alleged misconduct, including claims that they work on behalf of the Chinese sta

Another Reason U.S. Fears Huawei: Its Gear Works and It's Cheap (Bloomberg) Trump administration has stepped up action on Chinese company. U.S. has long alleged Huawei equipment poses a security risk.

Palantir CEO rips Silicon Valley, accuses it of selling out America and failing to protect the country (CNBC) Alex Karp, CEO of the secretive data miner, is slamming the tech community for what he considers a breach of its social contract.

McAfee cuts 200 employees after eroding sales: report (CRN Australia) Could be gearing up for an IPO.

Apple lays off 200 staff from autonomous vehicle group Project Titan (Computing) Other staff will be moved to different projects,

Raytheon to maintain and cybersecure U.S. Air Force Global Hawk ground control stations (GuruFocus) Raytheon to maintain and cybersecure U.S. Air Force Global Hawk ground control stations, Stocks: NYSE:RTN, release date:Jan 23, 2019

You’d be surprised how many VPNs are owned by the same company (Qrius) The company with the most brands under its belt is AnchorFree

Christopher Kennedy Joins AttackIQ as CISO and Vice President of Customer Success (GlobeNewswire News Room) AttackIQ hires former Military, Federal, and Financial Security leader to round out its executive team

AttackIQ Taps Vinod Peris as Vice President of Engineering (MarketWatch) Former Cisco Executive Brings Deep Technology Leadership Skills to the AttackIQ Team

Data Privacy Innovator Virtru Appoints Neville Letzerich as Chief Marketing Officer (AP NEWS) Virtru , a leading innovator in enterprise data protection and data privacy solutions , has named Neville Letzerich as its new chief marketing officer (CMO). Letzerich brings more than 20 years of enterprise software marketing, sales and product experience to the role. He will support Virtru’s next phase of global expansion in the enterprise data privacy sector, scaling the reach and impact of the company’s brand and delivering world-class go-to-market execution.

Cisco Security Exec And Sourcefire Founder Martin Roesch Is Departing (CRN) Longtime tech executive Martin Roesch, founder and CTO of Sourcefire and current Cisco Security Business Group chief architect, says he's leaving the company.

Products, Services, and Solutions

New infosec products of the week: January 25, 2019 (Help Net Security) Threat Stack announces new API for streamlined DevOps and security workflows The new API will allow for the suppression and dismissal of alerts from

Pulse Secure Launches Access Now Partner Program to Accelerate Channel Sales and Service Opportunities (GlobeNewswire News Room) Pulse Secure, the leading provider of Secure Access solutions to both enterprises and service providers, today announced the global launch of their new Access Now Partner Program. Designed to offer partners the means to establish themselves as a go-to source with an industry-leading solution in Secure Access,

JFrog Xray Drives DevSecOps, Announces Inclusion of the Industry's Broadest Software Security Vulnerability Dataset via VulnDB (PR Newswire) JFrog, the DevOps technology leader known for enabling liquid software via Continuous Update flows, is...

Threat Stack announces new API for streamlined DevOps and security workflows (Help Net Security) Threat Stack's API endpoints enable SecOps teams to integrate Threat Stack Cloud Security Platform into existing DevOps and security workflows.

SIOS Protection Suite for SAP optimized on AWS available in AWS Solution Space (Help Net Security) SIOS Protection Suite for SAP optimized on AWS provides availability, data replication, and disaster recovery in a solution on AWS.

Cisco and AppDynamics unveil vision for the Central Nervous System for IT (Help Net Security) The Central Nervous System for IT gives enterprises the visibility into multi-cloud environments, delivers machine learning insights, and automates tasks.

Saudi Arabia and UAE to launch new banking crypto-currency (Asia Times) The Middle East is another region exploring the application of blockchain and private crypto-currencies to improve banking and cross border payments

Technologies, Techniques, and Standards

Hack, Jam, Sense & Shoot: Army Creates 1st Multi-Domain Unit (Breaking Defense) A new Army unit will hack and jam enemy networks and provide targeting data for both long-range missiles and missile defense.

Six Things to Consider Before CCPA Goes Into Force (PR Newswire) Netwrix, provider of a visibility platform for data security and risk mitigation in hybrid environments,...

The most effective security strategies to guard sensitive information (Help Net Security) With security as the biggest barrier to cloud and SaaS adoption, Ping Identity reveals the most effective security strategies for organizations.

NIST Guidance for Financial Services: Protecting Privileged Access is a Business Imperative (Security Boulevard) Success in today’s financial services market means constantly innovating to meet evolving customer expectations, such as enhanced personalization, mobile banking and cloud-based digital service options.

How a Security Vendor Tricked Social Media Phishers (Infosecurity Magazine) UK-based Fidus Information Security was targeted by angler phishing

Design and Innovation

Chinese ‘white hats’ strive to bring security to crypto (Asia Times) Token theft is a blockchain headache but security specialist SlowMist, often linked to the Chinese state, says it has the tech to stop the attacks

Hewlett Packard Enterprise launches interactive game teaching young girls critical cybersecurity skills (HPE Newsroom) HPE’s new cybersecurity game and curriculum to educate Girl Scouts on safely and defensively navigating the internet and social media

Research and Development

Researchers Create Algorithm to Protect Kids from Disturbing YouTube Videos (BleepingComputer) A team of researchers has developed a high accuracy deep learning-based classifier designed to detect YouTube videos with disturbing content for kids. This was done after finding that the current recommendation algorithm used by the platform to suggest related content is quite lacking.

Yes, “algorithms” can be biased. Here’s why (Ars Technica) Op-ed: a computer scientist weighs in on the downsides of AI.

Academia

U.S. universities unplug from China's Huawei under pressure from Trump (Reuters) Top U.S. universities are ditching telecom equipment made by Huawei Technologies...

Legislation, Policy and Regulation

Analysis | The Daily 202: 10 sobering quotes from the new National Intelligence Strategy (Washington Post) The intelligence community aims to increase transparency after sustained attacks from the president.

Poland set to exclude China's Huawei from 5G plans (Reuters) Poland is set to exclude Huawei from its future 5G network in favour of European...

Senior UK.gov ministers asked: So, are we going to ban Huawei or what? (Register) All our Five Eyes mates have shown them the door

Analysis | How Huawei Became a Target for the U.S. Government: QuickTake (Washington Post) Huawei Technologies Co., one of China’s most-global companies, is increasingly in the cross-hairs of the U.S. government and its Western allies, just as it’s pushing for a leadership role in the new wireless standard known as 5G. After years of tension, the telecommunications giant is facing multiple battles, including the arrest in Canada of its chief financial officer, possible criminal charges in the U.S. and the prospect of being shut out of new infrastructure projects around the world. The

Russia warns U.S. against military intervention in Venezuela (NBC News) "Venezuela is friendly to us and is our strategic partner," Vladimir Putin's deputy foreign minister said. "We have supported them and will support them."

Analysis | The Cybersecurity 202: Microsoft chief urges Trump administration to stand with democracies in cyberspace (Washington Post) The U.S. is notably absent from the "Paris Call" international cyber agreement.

McCaul & Engel Introduce Cyber Diplomacy Act of 2019 (Committee on Foreign Affairs) Today, House Foreign Affairs lead Republican Michael McCaul (R-TX) and Chairman Eliot Engel (D-NY) introduced H.R. 739, the Cyber Diplomacy Act of 2019, to ensure American leadership on the world stage in keeping the Internet open, reliable and secure. Ranking Member McCaul: “The threats to America’s security, economy, and the Internet itself …

Cyber Diplomacy Act of 2019 (US House of Representatives) A bill to support United States international cyber diplomacy, and for other purposes.

Shutdown Could Damage Homeland Security for ‘Months, if Not Years,’ Says Ex-DHS Chief (Nextgov.com) Efforts to strengthen the country’s cyber posture have come to a halt, and if a crisis were to strike, there wouldn’t be enough people to respond, former agency officials said.

Litigation, Investigation, and Enforcement

Trump, Huawei, and the Politics of Extradition (Foreign Affairs) Trump’s comments about the Meng case jeopardize the presumption of good faith and regular process that make cross-border law enforcement cooperation possible.

Longtime Trump adviser Roger Stone indicted by special counsel in Russia investigation (Washington Post) Stone, who has been under scrutiny for months by special counsel Robert S. Mueller III, was charged on seven counts.

United States of America v. Roger Jason Stone, Jr. (United States District Court for the District of Columbia) The Grand Jury for the District of Columbia charges...

One Man’s Obsessive Fight to Reclaim His Cambridge Analytica Data (WIRED) David Carroll has been locked in a legal war to force the infamous company to turn over its files on him. He’s won a battle, but the struggle continues.

Letter from 15 Senators to the FCC and FTC (US Senate) We write to urge the Federal Trade Commission and the Federal Communications Commission to broadly investigate the sale of Americans' location data by wireless carriers, location aggregators, and other third parties.

Data Broker That Sold Phone Locations Used by Bounty Hunters Lobbied FCC to Scrap User Consent (Motherboard) Zumigo, which sold the location data of American cell phone users, wanted the FCC to remove requirements around user consent.

Google to appeal €50m fine by French data protection regulator CNIL (Computing) Google claims it 'worked hard' to achieve GDPR compliance,Security,Cloud and Infrastructure ,Google,CNIL,GDPR,Coffin Mew,Guy Cartwright

Google doesn’t want employees to use work email to organize, per report (Ars Technica) Should workplace email be considered a "natural gathering place"?

Google pushed to curb employee protests while claiming to support walkouts, documents show (The Telegraph) Google is under fire from its own employees after it asked the US government to change rules which allow staff to plan activism on their work email accounts.

Lessons for Corporate Boardrooms From Yahoo’s Cybersecurity Settlement (New York Times) Shareholders haven’t been successful in holding companies accountable for data breaches. But that changed in the first month of 2019.

Bitcoin blues: This is how much cyptocurrency was stolen last year (ZDNet) Hackers targeting bitcoin, monero and other cryptocurrencies made a lot of money from hacking exchanges, businesses and consumers last year.

A glitch in the wall? Supply chain meddling. Fancy Bear sighting. Cyber ops go tactical. International norms and coming info ops.