The CyberWire Daily Briefing, 9.27.19

Cyber Attacks, Threats, and Vulnerabilities

Masad Stealer: Exfiltrating using Telegram (Juniper Networks) Juniper Threat Labs discovered a new Trojan-delivered spyware that uses Telegram to exfiltrate stolen information. Using Telegram as a Command and Control (CnC) channel allows the malware some anonymity, as Telegram is a legitimate messaging application with 200 million monthly active users. Th...

Analysis | The Cybersecurity 202: U.S. voting machines vulnerable to hacks in 2020, researchers find (Washington Post) Democrats to use test results to scare "the living bejesus out of every member of Congress."

Beware! North Korean hackers are watching your ATM transactions (The Economic Times) Lazarus group, controlled by North Korea's primary intelligence bureau, is behind this malware affecting ATM machines.

Digital database of Hungarian Development Center destroyed by hackers (SpamFighter) Hungarian Development Center became victim of hackers and suffered from a massive cyberattack.

How The U.S. Hacked ISIS (NPR.org) In 2016, the U.S. launched a classified military cyberattack against ISIS to bring down its media operation. NPR interviewed nearly a dozen people who lived it.

Phishing attacks abusing appspot.com and web.app domains on Google Cloud (Zscaler) Zscaler ThreatLabZ researchers recently detected phishing campaigns that are abusing Google domains Appspot.com and Web.app. Using the domains' SSL certificates, the phishing pages, spoof leading business brands like Microsoft Office and attempt to steal user login credentials.

New WhiteShadow downloader uses Microsoft SQL to retrieve malware (Proofpoint US) New WhiteShadow downloader uses Microsoft SQL to retrieve malware

High-severity vulnerability in vBulletin is being actively exploited (Ars Technica) Devs push a fix for the flaw, but hackers are still hitting unpatched sites.

Attackers Are Quick to Exploit vBulletin’s Latest 0-day Remote Code Execution Vulnerability (Imperva) Imperva’s Cloud WAF has identified instances of a new 0-day vulnerability being exploited within a matter of hours of the exploit being published. On Monday 23rd September 2019, an exploit was published for a vulnerability found within vBulletin (versions 5.0.0 to 5.5.4), allowing malicious attackers to perform authentication-free Remote Code Execution on the origin server. …

Hackers tried to steal Airbus secrets via contractors: AFP (U.S.) A series of cyber attacks on Airbus in the past few months was conducted via the...

China's APT10 hacking group suspected of cyber attacks against Airbus suppliers (Computing) Four major attacks on Airbus's supply chain have been detected in the past 12 months

Airbus hit by series of cyber attacks on suppliers (France 24) Airbus hit by series of cyber attacks on suppliers

Airbus Counters Cyber Attacks Targeting Suppliers (Bloomberg) Aerospace company said it has detection methods, quick response. French authorities have warned about security risk at partners.

Chinese Hackers Suspected Of Airbus Cyberattacks—A350 Among Targets (Forbes) Another major cyberattack with Chinese state hackers as the prime suspects.

Alert to logistics and shipping as digital detectives unmask new cyber attack (Loadstar) Research shows hackers are targeting transport and shipping companies with a new trojan malware campaign.

DoorDash confirms data breach affected 4.9 million customers, workers and merchants (TechCrunch) DoorDash has confirmed a data breach. The food delivery company said in a blog post Thursday that 4.9 million customers, delivery workers and merchants had their information stolen by hackers. The breach happened on May 4, the company said, but added that customers who joined after April 5, 2018 ar…

Nodersok malware turns PCs into potential "proxy zombies" (SC Media) Fileless attacks use legitimate code to infect systems. The malware also uses computer's own LOLBins to infect machines

Why are cybercriminals disguising wipers as ransomware? (Emsisoft | Security Blog) We’ve seen an increase in cybercriminals disguising destructive malware as ransomware. What’s the motivation behind these attacks?

Illegal gambling apps snuck into Apple and Google stores (SC Media) Google and Apple recently removed hundreds of apps from their respective app stores after being informed they were actually fronts for gambling

Google Removed Dozens Of Android Apps From A Major Chinese Developer And Won’t Say Why (BuzzFeed News) This is the third time in recent months that Google has mass-removed apps from a big Chinese developer.

Scamelot: Phishing and Email Fraud at Wes (The Wesleyan Argus) Public Safety Lieutenant Paul Verrillo has seen all kinds of scams: voices on the phone impersonating the IRS, emails about job offers that pay hundreds of dollars a week for almost no work, and hackers offering false opportunities. Verrillo said that students report scams to him all the time, but usually it’s too late.

Hearing aid manufacturer hit by cyber attack slashes profits by $95 million (Graham Cluley) Demant, the manufacturer of Oticon hearing aids, has said that it expects losses of up to 650 million kroner (approximately $95 million) following a cyber attack earlier this month.

Singapore student events app Get in data breach; 30,000 users at risk (AsiaOne) An event ticketing and payment app popular with university students across Asia and backed by the venture capital arm of Singapore state investment firm Temasek has suffered a second data breach, potentially exposing the personal details of more than 30,000 users in the city-state.

Hackers target Minneapolis Mayor Jacob Frey with phishing scam (Star Tribune) The hack appears to be limited to the mayor's e-mail account, and does not include the rest of the City Hall network.

Official: Moorhead schools affected by data breach (INFORUM) news, sports, opinion, entertainment, business, lifestyle, milestones, obituaries and weather for Fargo, ND

Broken Arrow online payment system shutdown after possible data breach (KOKI) The system is currently down as experts investigate.

Woodstock cyber attack continues, affects other city institutions (Woodstock Sentinel Review) Networks and email are still down at the City of Woodstock as the administration continues to fight a cyber attack that began Saturday.

How Sparks, Nevada, is rethinking security after ransomware (StateScoop) Commentary: The city’s IT manager recounts a 2015 cyberattack and how managed detection and response has transformed the city’s security posture.

Lee County cyber attack probe may take months (The News-Press) Lee County officials say no money was stolen and no data was lost during the five-day disruption of the county computer system due to a cyber attack.

Security Patches, Mitigations, and Software Updates

Cisco Patches 13 High-Severity Router and Switch Bugs (Threatpost) One Cisco bug impacting its 800 and 1000 series routers had a CVSS severity score of 9.9.

Cyber Trends

Cybersecurity and Infrastructure Security Agency (CISA) (Department of Homeland Security) The Department of Homeland Security has a vital mission: to secure the nation from the many threats we face.

Venafi Study: How Much Do Global Consumers Worry About Private Data Protection? (Venafi) According to Venafi survey, global consumers do not trust governments or social media organizations with private data

Less capable than they think: No-one fully GDPR compliant & few truly secure (SC Media) Whether its down to cost or understanding, neither SMEs nor enterprises have any room for complacency about their cyber-defence capabilities according to a recent UK survey.

DoorDash is the latest to expose customers' data (CNET) Here's our list of every major data breach so far.

Enterprise ransomware threat shines spotlight on poor patch management (SC Magazine) Vulnerability scores from 2007 don't adequately measure risk in 2019; 31.5% of vulnerabilities exploited by ransomware could have been patched from 2015 or earlier but they're used as they're still successful;

Threat Spotlight: Inefficient incident response (Barracuda) Inefficient incident response to email attacks is costing businesses billions in losses every year. For many organizations, finding, identifying and removing email threats is a slow and manual process that takes too long and uses too many resources. As a result, attacks often have time to spread and cause more damage.

Marketplace

California's new labor law is going to impact bug bounty companies. By how much is unknown. (CyberScoop) AB5 is going to impact the way bug bounty companies deal with freelance hackers once the law goes into effect on Jan. 1, 2020.

Huawei CEO is considering licensing the company's 5G tech exclusively to a US firm (CNBC) Chinese tech giant Huawei is willing to exclusively license its 5G technology to one American firm to create a level playing field for competitors, CEO Ren Zhengfei said on Thursday.

Buying Huawei Technology ‘Like Buying Chinese Fighter Planes’, New Report Warns (Forbes) A new report claims mobile operators cannot afford to keep Huawei in their networks for security reasons, and the cost of replacement is much less than previously thought.

The real cost to rip and replace Chinese equipment from telecom networks (Strand Report) The Wireless Ecosystem, US vs. EU

CrowdStrike CEO says company is ‘nonpartisan,’ issues 2020 warning (Silicon Valley Business Journal) In an interview with CNBC, the Sunnyvale company's chief executive said that government work makes up the bulk of its revenue and it protects both Democrats and Republicans

Arceo.ai bags $37 mn in funding; cyber risk management on agenda (IBS Intelligence) US InsurTech Arceo.ai has secured $37 million in a recent funding round led by Lightspeed Venture Partners and Founders Fund.

HPE completes acquisition of Cray (Intelligence Community News) Hewlett Packard Enterprise of San Jose, CA announced on September 25 that it has completed the acquisition of supercomputing leader Cray Inc., earlier than the original target date. HPE paid $35.00…

Shares in Rheinmetall drop after company discloses malware attack (Reuters) German arms and car parts maker Rheinmetall said it had been hit by a malware at...

F-Secure joins ETIS to help Europe's telecom providers secure smart homes (Intelligent CIO Europe) Cybersecurity provider, F-Secure, has joined ETIS, an organisation that facilitates cooperation between companies working in the European telecommunications

Houston County schools seeking legal counsel on cyber-security contract (Dothan Eagle) The Houston County Schools system, which is still recovering from a criminal malware attack that downed servers in July and delayed the start of classes, put off moving on a

Renowned Gartner Analyst Joanna G. Huisman Joins KnowBe4 (PRWeb) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced it has hired former Gartner se

Cybersecurity and Military Intelligence Veteran Mark Willis Joins Bluescape® as Chief Information Security Officer (PR Newswire) Bluescape®, a leading visual collaboration platform, today announced that Mark Willis, cybersecurity and U.S....

Products, Services, and Solutions

SecureAge’s AI-Powered APEX Anti-Malware Engine Comes Out-of-Beta for SecureAPlus Users (SecureAge Technology) SecureAge announces Artificial Intelligence roll out amid UI overhauls and new tiered version structure for SecureAPlus antivirus.

OPSWAT Unveils New Critical Infrastructure Protection Cybersecurity Training and Certification Program (Yahoo) As unprecedented threats to mission critical organizations increase demand for highly skilled cybersecurity talent, OPSWAT Academy pioneers a more practical approach to CIP workforce development

Tripwire Launches Next Generation of Tripwire Connect (Tripwire) Tripwire Connect delivers enhanced visualization capabilities and comprehensive reporting layer to support cross-functional users at all levels

XMedius Launches New Version of XM Fax FoIP Software (West) Delivers Powerful New Security Features for Highly Regulated Industries

Celerium Announces New Cyber Defense Network Solution for Critical Supply Chains (PR Newswire) Celerium Inc., a leader in innovative cyber defense solutions, today announced its plans for Cyber Defense...

Cyber Insurer Coalition Expands Coverage to Businesses With Up To $1B in Revenue (Insurance Journal) Coalition, an cyber insurance company focused on small- and midsize-businesses, has expanded its cyber and technology errors and omissions coverage —

New encryption devices now available for Five Eyes partners (C4ISRNET) The United States government has approved new encryption devices developed by Viasat for broader use among Five Eyes partners.

Ministry of Defence, Singapore (MINDEF) Bolsters Security With Second HackerOne Bug Bounty Challenge (BusinessWire) HackerOne, the number one hacker-powered pentesting and bug bounty platform, has announced it will be conducting its second bug bounty program with th

Technologies, Techniques, and Standards

Defining "Reasonable" Security at (ISC)2 Security Congress (PR Newswire) The DoCRA (Duty of Care Risk Analysis) Council, a not-for-profit (501(C)(3)) organization that authors,...

Best Practices to Help Electro-Industry Improve Customer Cybersecurity (Electrical Construction & Maintenance (EC&M) Magazine) White paper identifies guidelines that electrical equipment manufacturers may consider

How Federal Agencies Can Be More Proactive About Cloud Security (Nextgov.com) For starters, agencies need a deep understanding of user behavior.

Tripwire Connect: Why Cybersecurity Pros Need to Be Good Storytellers (The State of Security) Whether you are a CISO or a security analyst, Tripwire Connect is designed to empower you with visuals that help you improve your cybersecurity posture.

Top 10 internal controls to mitigate cybersecurity risks in the family office (San Antonio Business Journal) With cybersecurity awareness month right around the corner, is your office prepared for potential threats? Cybersecurity risks do not just affect corporations and government entities but can be a common and very present danger to family offices and small businesses alike.

Design and Innovation

Microsoft, Mastercard Fund Initiative to Help Thwart Hackers (Bloomberg) CyberPeace Institute to aid dissidents, vulnerable groups. Focus on civilians who become ‘collateral damage’ of attacks.

Facebook tries hiding Like counts to fight envy (TechCrunch) If their post has lots of Likes, you feel jealous. If your post doesn’t get enough Likes, you feel embarrassed. And when you just chase Likes, you distort your life seeking moments that score them, or censor it fearing you won’t look popular without them. That’s why Facebook is of…

3 Ways To Prepare Now For Future Endpoint Defense (Cyber Security Hub) The traditional network endpoint was isolated to desktop PCs and laptop computers that attached to the organization’s network. A dramatic increase in mobile devices, cloud and IoT has broadened the definition. Security leader Kayne McGladrey weighs in on enterprise endpoint defense tactics.

Cyber security a road block to digital innovation (Government News) Cyber security doesn't have to be a road block to transformation, an industry expert says.

Research and Development

Why Google's Quantum Victory Is a Huge Deal—and a Letdown (Wired) When news leaked that Google scientists had achieved "quantum supremacy," researchers immediately clashed on its implications.

To Invent a Quantum Internet (Quanta Magazine) Fifty years after the current internet was born, the physicist and computer scientist Stephanie Wehner is planning and designing the next internet — a quantum one.

Academia

Texas Comptroller Continues Good For Texas Tour: Cybersecurity Edition (San Marcos Corridor News) Yesterday, Hegar touted the cybersecurity programs at The University of Texas at San Antonio as well as the university’s National Security Collaboration Center (NSCC), a national leader in cybersecuri

Legislation, Policy and Regulation

U.S., EU Start Formal Talks on Cross-Border E-Evidence Pact (Bloomberg) A U.S.-EU deal to help law enforcement exchange data across borders is inching closer, as officials began formal talks on an e-evidence agreement.

Defense report stresses space, cyber security (NHK WORLD) Japan's annual defense report stresses the importance of gaining superiority in new areas, including space and cyber security.

Big data expert takes over as China’s new cybersecurity chief (South China Morning Post) One of Wang Yingwei’s priorities will be overseeing the coming roll-out of a new regulatory regime.

At Least 70 Countries Have Had Disinformation Campaigns, Study Finds (New York Times) Governments are using “cyber troops” to discredit political opponents, bury opposing views and interfere in foreign affairs, according to Oxford researchers.

US lobby group calls for open standards to fight Huawei 'threat' (Register) There's an 'undeclared war' going on

New Group Looking to Ban Huawei Needs a Better Argument (Wccftech) We need more than innuendo about subsidies and hacking to build an effective argument against Huawei.

US senators green-light recruitment of crack infosec teams, both public and private (Register) Cyber-terrorists, your game is through, 'cause now you have to answer to: America, fsck yeah!

Should the National Security Council restore the cybersecurity coordinator role? (Help Net Security) Bolton’s departure from the White House has sparked the question of whether the National Security Council should restore the cybersecurity coordinator role.

Is Homeland Security prepared for its central role in cybersecurity? (Fifth Domain) A new DHS inspector general report found significant shortfalls in a workforce expected to secure federal networks.

GOP Lawmaker Calls for Fed to Detail Its Cybersecurity (Wall Street Journal) The top Republican lawmaker on an influential House committee wants the Federal Reserve to be more open about its cybersecurity preparations.

Cyber rules for self-driving cars stall in Congress (TheHill) Major automakers are moving full steam ahead with their plans to put self-driving cars on the road, even as lawmakers and regulators in Washington fall behind on creating a cybersecurity framework for those vehicles.

Why Ottawa needs to step up efforts to help shield small businesses from cyberattacks (The Hill Times) Small businesses face tough challenges for survival, and cyberattacks have a direct correlation with the viability of a small enterprise.

Courts to prep for Russian campaign of disinformation (Arizona Capitol Times) The CIA spoke and Dave Byers, the director of Arizona’s Administrative Office of the Courts, liste...

California Privacy Rights and Enforcement Act – CCPA 2.0? (Cooley) On Sept. 25, 2019, Californians for Consumer Privacy, a nonprofit group led by the real estate magnate who spurred passage of the California Consumer Privacy Act (CCPA) of 2018, filed a new ballot …

Houston County Schools tables vote on cyber security program (WTVY) The Houston County School Board continues to consider what action it wants to take after being hacked this summer.

Litigation, Investigation, and Enforcement

Trump’s Call With Zelensky Was Not Out of the Ordinary—for Trump (Foreign Policy) In this most transactional of presidencies, he’s always asking for a quid pro quo.

Analysis | The Cybersecurity 202: Trump’s CrowdStrike conspiracy theory shows he still doubts Russian election interference (Washington Post) This has officials and security experts irate.

Impeachment: Trump allies turn on Giuliani over Ukraine whistleblower crisis (Times) One name crops up repeatedly in the memo of the call between President Trump and his Ukrainian counterpart: Rudy Giuliani. The former mayor of New York, now personal lawyer to the president, has...

Trump’s Ukraine Intervention May Violate FCPA, Arms Export Laws: Experts (Breaking Defense) The president's personal intervention was "highly improper," one arms export expert says, concluding that the Foreign Corrupt Practices Act "appears to have been criminally violated here."

This is the US threat intel firm referenced in the Trump-Ukraine controversy (Fifth Domain) President Donald Trump brought up CrowdStrike in a phone call that has led to an impeachment inquiry in the House.

Whistleblower alleges White House coverup (CNN) A whistleblower's complaint about President Trump's communications with Ukraine has been declassified. Follow here for the latest news and updates on Joseph Maguire's testimony.

If This Whistleblower’s Identity Is Revealed, We Might All Regret It (POLITICO Magazine) A short history of retaliation against government truth-tellers.

What's in Trump's Super Classified Server and Why Is He Hiding Things There (Vice) Putting a politically-damaging phone call with Ukraine on the "codeword-classified" system is highly inappropriate and would give Trump "maximum control over who sees it."

Computer System Where Trump Document Was Reportedly Stashed Is Reserved for Biggest U.S. Secrets (Wall Street Journal) A highly secure computer system where aides to President Trump reportedly stashed the details of his call with Ukraine’s leader is so secretive that even top White House national-security aides don’t have regular access.

Attorney General Barr Seeks DOJ Facebook Antitrust Probe (Bloomberg) Facebook now target of two federal cases simultaneously. FTC already has separate Facebook investigation underway.

Facebook in Talks for Sandberg to Testify to House Next Month (Bloomberg) Sandberg likely to face questioning on Libra crypto project. July hearings drew bipartisan skepticism about Facebook’s plan.

Facebook Says Giant Data-Breach Suit Has No Legs to Stand On (Bloomberg) Company lawyers say only user still in case can’t back claims. ‘A few random spam emails cannot be the keys to federal court.’

Microsoft Just Lost A Big Fight With America’s Top Huawei Prosecutor (Forbes) In a previously-secret fight with the U. S. government, Microsoft has been told to hand over emails belonging to one of its unnamed enterprise customers.

Microsoft Is Still Rattled Over U.S. ‘Sneak-and-Peek’ Searches (Bloomberg) Company says it’s challenging ‘secrecy order’ on data demand. Enterprise customer targeted in warrant isn’t identified.

NY AG James Sues Dunkin' For Neglecting User Cybersecurity (Law360) New York's attorney general has hit Dunkin' Donuts with a lawsuit for failing to protect customers from cyber attacks, alleging the coffee chain barely acted in response to two data breaches in 2015 and 2018 that together compromised more than 300,000 customer accounts.

Schoolboy turns to cyber crime to avoid doing homework (BusinessCloud.co.uk) Merseyside student crashed school website in organised DoS attack to get out of doing his homework

Prosecutor: ‘Satanist’ soldier sought government’s overthrow (Army Times) A prosecutor alleged in federal court Thursday that an Army infantry soldier charged with distributing information about building bombs is a Satanist who plotted to overthrow the U.S. government, while his attorney said he's only an internet troll caught

Supply chain attack hits Airbus. Phishing spoofs Google Cloud services. vBulletin 0-day exploited in the wild. DoorDash hacked.

Bring your own context.