The CyberWire Daily Briefing, 9.18.19

Cyber Attacks, Threats, and Vulnerabilities

Blue and White experiences cyber attack worth tens of thousands of shekel (The Jerusalem Post) Blue and White reported that the party is experiencing a very powerful cyber attack from abroad on Tuesday evening, as less that 4 hours were left until voting stations close.

Cybersecurity: New hacking group targets IT companies in first stage of supply chain attacks (ZDNet) 'Tortoiseshell' hacking group is identified by a custom form of malware, say researchs - and new the campaign isn't currently thought to be linked to any other cyber operations.

Robocalls now flooding US phones with 200m calls per day (Naked Security) According to a new report, nearly 30% of all US calls placed in the first half of 2019 were garbage, as in, nuisance, scam or fraud calls.

Massive Gaming DDoS Exploits Widespread Technology (Threatpost) The attack — the 4th-largest the company has ever encountered — leveraged WS-Discovery, the same exploit used in the 2016 Dyn incident.

Overseas trolls targeting veterans on social media: Report (Military Times) The overseas agitators are impersonating veterans groups in an effort to confuse and divide the community, investigators found.

Doubts raised over Simjacker security flaw (Computing) Simjacker exploit takes advantage of a legacy feature of the SIM card, according to researchers, that most telcos don't use

Experts Commentary On 1 Billion Mobile Users Vulnerable To Ongoing ‘SimJacker’ Surveillance Attack (Information Security Buzz) Researchers on Thursday disclosed what they said is a widespread, ongoing exploit of a SIM card-based vulnerability, dubbed “SimJacker.” The glitch has been exploited for the past two years by “a specific private company that works with governments to monitor individuals,” and impacts several mobile operators – with the potential to impact over a billion …

Prevent SIM-Swapping Hackers From Stealing Your Phone Number—and the Rest of Your Identity (Lifehacker) You know what’s worse than having your password stolen? Having your phone number stolen. SIM-swapping, a type of identity theft, is a means for scammers to get access to your phone number and all of the personal accounts secured through it.

Emotet Ends Four-Month Hiatus With Malspam Campaign Targeting Polish-, German-Speaking Users (Security Intelligence) The actors behind the Emotet botnet ended a four-month hiatus by launching a malspam campaign targeting Polish- and German-speaking users.

Advantech WebAccess (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess Vulnerabilities: Code Injection, Command Injection, Stack-based Buffer Overflow, Improper Authorization 2.

Siemens SINEMA Remote Connect Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Information Exposure, Cross-Site Request Forgery, Use of Password Hash with Insufficient Computational Effort 2.

Honeywell Performance IP Cameras and Performance NVRs (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: Performance IP Cameras and Performance NVRs Vulnerability: Information Exposure 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to view device configuration information.

This Company Built a Private Surveillance Network. We Tracked Someone With It (Vice) Repo men are passively scanning and uploading the locations of every car they drive by into DRN, a surveillance database of 9 billion license plate scans accessible by private investigators.

In new ‘technical support’ scam, scammers pose as Singtel staff or 'cyber-crime' police (TODAYonline) The police are alerting the public to a new type of scam, in which scammers pose as technical support employees from Singtel or the Singapore Police Force and ask victims to download software that would help them gain access to the victims’ bank accounts.

Cyber Trends

Are Organizations Ready for New Privacy Regulations? (Internet Society) Based on 1,200 privacy statements, many are not prepared for coming regulations.

Netwrix survey: 27% of financial organizations migrated data to the cloud for no clear reason (Netwrix) The study finds that almost one third of IT teams in the financial sector initiated a cloud migration without an express business-supplied reason.

BMC Reveals Key Trends Shaping the Next Wave of Mainframe Success in 14th Annual Mainframe Survey (BMC Software, Inc.) BMC , a global leader in IT solutions for the digital enterprise, today announced the results of its 2019 Mainframe Survey, which shows both continued confidence in the platform's potential for growth and enthusiasm for mainframe modernization efforts across a broad spectrum of respondents.

Lull in major cyber breaches no reason for federal agencies to relax (Federal News Network) Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne. You might have heard the widely reported fact that the…

EfficientIP and IDC Data Reveals: Education sector Not Taking $7,370,0 (PRWeb) EfficientIP, specialists in DNS security for service continuity, user protection and data confidentiality, revealed the education sector is one of the most

Why this is the age of continuous intelligence (TechHQ) Continuous computing at the front-end user level is not possible without always-on monitoring— the industry calls this Continuous Intelligence.

Marketplace

Facing US ban, Huawei emerging as stronger tech competitor (ABC News) Facing ban on access to U.S. technology, Chinese telecom equipment giant Huawei is showing it increasingly can do without American components and compete with Western industry leaders in pioneering research

Strider Raises $2 Million to Combat Economic Espionage from DataTribe (Business Insider) Strider, the world's first risk intelligence platform leveraging proprietary datasets, machine learning and ...

BigID Launches Momentum Value Added Reseller Partner Program to Expand Reach Globally (Yahoo) New reseller program provides streamlined infrastructure and engagement avenues for current and prospective resellers to capitalize on global privacy market opportunity

Mimecast aims to capitalise on Symantec sale and grab customers (ITWire) Email security provider Mimecast has gone in hard in a bid to capitalise on the proposed sale of Symantec's enterprise division to Broadcom, offering customers of Symantec's MessageLabs email security cloud free email security risk assessments and other discounts.

ThreatQuotient Expands Support for Rhino Conservation in Honor of World Rhino Day (BusinessWire) ThreatQuotient Expands Support for Rhino Conservation in Honor of World Rhino Day

CynergisTek Continues Growth of Security and Privacy Leadership Team (Yahoo) CynergisTek, Inc. (NYSE AMERICAN: CTEK), a leader in information security, privacy, and compliance, today announced that it has appointed Benjamin Denkers as its Senior Vice President of Security and Privacy Services. In this position, Denkers will be responsible for the delivery of consulting, managed

Products, Services, and Solutions

Firewall Management News | Network & Cloud Security News (FireMon) Read the latest Firewall Management, Cloud & Network Security news at FireMon. Get access to articles, industry reports, white papers, videos and more!

Capsule8 Protect Earns HIPAA Compliance Certification (Capsule8) Capsule8’s Comprehensive Linux Protection Platform Exceeds Standards for Access, Intrusion Detection and Prevention Systems, and File Integrity Monitoring Requirements NEW YORK, New York – September 17, 2019 – Capsule8 today … Read of "Capsule8 Protect Earns HIPAA Compliance Certification"

New nCipher HSM as a Service Delivers High-Assurance Security for Organizations Adopting Cloud-First Strategies (Yahoo) nCipher Security, an Entrust Datacard company, announces nShield as a Service, a cloud-based hardware security module (HSM) service that allows organizations to protect sensitive data and applications and helps meet compliance mandates – simply and efficiently, using on-demand cryptography. “Organizations

Aryaka SmartConnect Managed SD-WAN Is Integrated With Oracle Cloud and Now Available in the Oracle Cloud Marketplace (SYS-CON Media) Aryaka®, a leading end-to-end managed SD-WAN provider and Silver level member of the Oracle PartnerNetwork (OPN), today announced that its SmartConnect SD-WAN has achieved “Integrated with Oracle Cloud” status and is now available in the Oracle Cloud Marketplace, offering added value to Oracle Cloud customers.

Social Media Investigations | #ICORP Investigations (ICORP Investigations) Our social media investigators have been able to uncover accounts that were initially thought to be dead-ends in a social media investigation.

Texas Manufacturing Assistance Center at SwRI offers cybersecurity support to federal contractors (Southwest Research Institute) The Texas Manufacturing Assistance Center (TMAC) South Central Region is announcing a program to enhance DFARS cybersecurity compliance for companies required to meet NIST cybersecurity protocols when manufacturing for the federal government.

IBM Works With City of Los Angeles to Combat Cybercrime (Yahoo) Launches New Services to Bring Enterprise Threat Intelligence to Cities and Municipalities; Launches Three Complimentary Cyber Preparedness Training Sessions for U.S. Cities Combating Ransomware CAMBRIDGE, ...

Ideagen launches new software for environment, health and safety (EHS) legislation and compliance (Ideagen) Q-Pulse Law – a modular enhancement to Ideagen’s flagship quality, safety and compliance software solution, Q-Pulse – provides regulatory information management capabilities for global EHS compliance.

Cyberinc partners with InfiniVAN to offer the first local Web Isolation Cloud in the Philippines (PR Newswire) Cyberinc, a leading cybersecurity start-up based in California, today announced the selection of InfiniVAN as...

blueAPACHE scores major infosec accreditation (CRN Australia) Celebrates achieving ISO 27001 compliance.

Zscaler Extends Cloud Capabilities to Deliver Secure Access to B2B Applications (BusinessWire) Zscaler announces Zscaler B2B, a unique solution that reduces the attack surface introduced by customer-facing applications exposed on the internet.

Technologies, Techniques, and Standards

Endace | New Research from Enterprise Management Associates Confirms Importance of Packet Capture for Cyber Defense (RealWire) One of the significant findings from Enterprise Management Associates’ (EMA) recent report, Unlocking High Fidelity Security 2019 is that organizations using full packet capture are better prepared to battle cyber threats

Former hacker warns against password reuse (Naked Security) Kyle Milliken is back from jail, and he has some advice for you: Do. Not. Reuse. Your. Passwords.

U.S. Coast Guard Flexes Cyber Muscles (Wall Street Journal) The Coast Guard might be the smallest of the nation’s armed forces, but when it comes to cybersecurity, it believes it can punch above its weight.

After recent hacks, tighten up iPhone security the easy way (Cult of Mac) Google's surprising report on the iPhone's vulnerability to website hacks dented Apple's reputation for bulletproof smartphone security.

What startup CSOs can learn from three enterprise security experts (TechCrunch) How do you keep your startup secure? That’s the big question we explored at TC Sessions: Enterprise earlier this month. No matter the size, every startup is an enterprise. Every startup will grow in size as it builds out. But as a company expands, that rapid growth can lead to a distraction …

Information warfare should be treated like call-for-fire missions, Army Cyber says (Army Times) “It’s 2019. It still can’t be true that it’s easier to drop a bomb on somebody than to send them a leaflet or an email,

How the Army’s new multidomain forces could help (Fifth Domain) The Army unveiled details about one of its newest units designed to help the service compete with adversaries below the threshold of war.

Virtual training ground in the works as Army pushes ahead with cyberwarfare plan (Stars and Stripes) The U.S. Army is adding more cyber defense teams and intensifying the training required of its high-tech operators to better equip them to take on 21st-century adversaries, the head of U.S. Cyber Command said.

Design and Innovation

AI helped Facebook identify and ban 200 white supremacist groups (VentureBeat) Facebook revealed in a blog post that its automated systems helped to identify and ban 200 white supremecist groups from its platform.

Facebook’s ‘Supreme Court’ can overrule Zuckerberg, per new charter (The Verge) ‘The board’s decision will be binding, even if I or anyone at Facebook disagrees with it,’ says Zuckerberg

Edgeware blockchain launch gets hijacked by rival fork (Decrypt) An alternative version of the Edgeware chain took off from day one, leaving the original blockchain in the dust.

Research and Development

BotSlayer tool can detect coordinated disinformation campaigns in real time (Help Net Security) A new tool against online disinformation has been launched, called BotSlayer, developed by the Indiana University's Observatory on Social Media.

Academia

Cecil College designated NSA/DHS cybersecurity institute (Perryville, MD Patch) One of your neighbors posted in Schools. Click through to read what they have to say. (The views expressed in this post are the author’s own.)

Legislation, Policy and Regulation

U.S. considers more intel sharing with Saudi Arabia after attack:... (Reuters) The United States is considering increasing its intelligence sharing with Saudi ...

Trump ‘locked and loaded’ to strike Iran but waiting for smoking gun (Washington Examiner) DRUMS OF WAR: That rhythmic pounding sound you hear from Washington is the growing drumbeat for military action to punish Iran for the Saturday strikes on two Saudi processing facilities that cut the country’s oil production in half.

Trump leans against striking Iran (POLITICO) Confidants say the president may talk tough, but he’s deeply reluctant to drag the United States into a fresh war in the Middle East.

Russia and China Are Trying to Set the U.N.’s Rules on Cybercrime (Foreign Policy) At the United Nations General Assembly, the United States must push back against their agenda.

Xi Underlines Security, Openness in Cyberspace - All China Women's Federation (Women of China) President Xi Jinping has highlighted the necessity for a cyberspace environment that is safe and manageable as well as open and innovative.

U.S. Seeks to Heighten Scrutiny of Foreign Investment in Tech, Infrastructure, Data (Wall Street Journal) Foreign investors who want to put their money into U.S. businesses that rely on sensitive technology, infrastructure and data could face greater national-security scrutiny under proposed rules from the Trump administration.

Mate 30 Launch: Why Trump’s War On Huawei Could Now Seriously Backfire (Forbes) The Mate 30 Series launches this week, but for Huawei and Washington, the real interest will not be what's in the box.

Elections Canada confident in security measures ahead of federal election (iPolitics) Elections Canada is confident in the security of the 2019 federal election despite recent cases of foreign interference in elections in countries like the U.S., Canada’s elections administrator said Tuesday. Speaking to reporters at a press conference in Ottawa, chief electoral officer Stéphane Perrault said he’s confident in the security measures the elections agency he …

Hillary Clinton accuses Trump, McConnell of ‘abdicating their responsibility’ on election security (Washington Post) In remarks at a conference, the 2016 Democratic presidential nominee also took aim at Trump for his repeated claims about voter fraud.

Facebook and Twitter Aren’t Even Pretending to Take the FEC Seriously Anymore (Vice) Representatives for both companies all but ghosted an FEC-hosted discussion about what the platforms are doing to fight misinformation and foreign interference in 2020.

Self-Help in Cyberspace: A Path Forward (Lawfare) The United States should prudently explore acceptable domestic parameters for the practice of combating cyber threats in the private sector and engage other nations to harmonize these standards internationally.

U.S. cyber-offensive against ISIS continues, and eyes are now on Afghanistan, general says (CyberScoop) As loyalties among Afghanistan’s Islamic extremists continue to shift, the U.S. military may be poised to rely more heavily on offensive cyber capabilities to target one group in particular — the dispersed but still active membership of ISIS, according to one military cyber commander.

How Cyber Command can limit the reach of ISIS (Fifth Domain) Joint Task Force-Ares helps provide necessary intelligence to agencies that aid in tracking terrorists.

Army’s forthcoming data strategy comes with new standards, ‘ruthless’ enforcement (Federal News Network) The ink is dry on the Army’s new data strategy. Once it’s officially released, it will come with specific orders telling Army components to adhere to common data standards.

Litigation, Investigation, and Enforcement

Ecuador Investigates Data Breach of Up to 20 Million People (NYTimes) The trove of personal details was found on an unsecured server in Florida, though it was unclear whether anyone had gained access to the information.

Exclusive: Edward Snowden’s First Adventures in Cyberspace (The Nation) An excerpt from the whistleblower’s new memoir.

Edward Snowden: Germany a 'primary example' of NSA surveillance cooperation (Deutsche Welle) In his new book, Edward Snowden describes how US intelligence agencies collect vast amounts of data around the world. Foreign governments often help facilitate the collection, and Germany is no exception.

Edward Snowden says the government is in your phone, insists he only wanted to 'reform' the NSA (NBC News) Snowden in an interview from Russia with Brian Williams talked Trump, stealing classified information from the NSA and how cellphones are killing privacy.

Review: Edward Snowden and the Rise of Whistle-Blower Culture in “Permanent Record” (The New Yorker) In his memoir, he chronicles his life game by game, from Nintendo to the N.S.A.

Life After Snowden: US Still Lacks Whistleblowing Rules (BankInfo Security) Ahead of the release of Edward Snowden's memoirs chronicling his decision to bring illegal "big data" domestic U.S. surveillance programs to light, a former NSA intelligence specialist points out that the U.S. still lacks a whistleblowing law to protect intelligence workers who spot illegal activity.

Justice Dept. sues for proceeds from Edward Snowden’s book (Washington Post) The department alleged the former NSA contractor violated nondisclosure agreements in publishing “Permanent Record” without the necessary government approvals.

United States Files Civil Lawsuit Against Edward Snowden (US Department of Justice) The United States today filed a lawsuit against Edward Snowden, a former employee of the Central Intelligence Agency (CIA) and contractor for the National Security Agency (NSA), who published a book entitled Permanent Record in violation of the non-disclosure agreements he signed with both CIA and NSA.

Criminal investigation following college cyber attack (FE Week) Criminals have hacked into the personal data, and potentially bank details, of students and staff

Tortoiseshell threat actor in the IT supply chain. Simjacker update. Insider threats, RCMP and NSA style.

Bring your own context.