The CyberWire Daily Briefing, 9.30.19

Cyber Attacks, Threats, and Vulnerabilities

Hackers break into Lebanese Ministry of Finance website (Arab News) A hacker group claimed it had hacked the Lebanese Ministry of Finance’s website for about an hour on Friday afternoon. The Anonymous—LEB group, which said it had carried out the attack, addressed the Ministry through a post on its Facebook page saying: “Dear Lebanese Government: If you think we forget, you are mistaken !!! We have all ministry of finance data, to be leaked soon! WE DON’T LEAVE OUR PEOPLE

Malicious sites pushed via Google Alerts (SC Magazine) Cyber-criminals have found a way to use Google Alerts to hook victims into scams or push malware.

Hacker Steals Over 218 Million Zynga 'Words with Friends' Gamers Data (The Hacker News) A Pakistani hacker stole over 218 million 'Words With Friends' Zynga mobile gamer users account data.

New SIM Card Attacks: Both Android And iOS Impacted—Are You Vulnerable? (Forbes) SIM-based spyware attacks can target phones with invisible SMS messages. And all brands are vulnerable—including Androids and iPhones.

New SIM card attack disclosed, similar to Simjacker (ZDNet) There's now an app to test your phone's SIM card for both Simjacker and WIBattack

Researchers Think They Know How Many Phones Are Vulnerable to 'SIMjacker' Attacks (Vice) They also created a tool to determine whether your phone's SIM card is vulnerable.

New Checkm8 jailbreak released for all iOS devices running A5 to A11 chips (ZDNet) New jailbreak will work on iPhones 4S up to iPhone 8 and X.

Got a pre-A12 iPhone? Love jailbreaks? Happy Friday! 'Unpatchable tethered Boot ROM exploit' released (Register) Coder claims iThings older than two years can be unlocked from Apple's clutches

Cyber-Attacks Hit Defense Contractors in Europe and North America (BleepingComputer) Defense contractors Rheinmetall AG and Defence Construction Canada (DCC) were hit this month by cyber-attacks that impacted and disrupted their information technology systems.

Defence Construction Canada hit by cyber attack – corporation's team trying to restore full IT capability (Ottawa Citizen) The Crown Corporation that manages Defence department projects and infrastructure has been hit with a cyber-attack.Industry sources say an attack earlier this month disrupted Defence Construction C…

Scammers Find More Opportunities on Internet Marketplaces (Wall Street Journal) A new study of consumer behavior found that scammers are far more likely to succeed in stealing money from potential targets by using websites and social media than through the phone calls and emails they have long used.

Dating app suffers data leak exposing its entire userbase (Includes interview) (Digital Journal) Online dating app Heyyo left a server exposed on the Internet without a password. This leaky server, an Elasticsearch instance, exposed the personal details belonging to nearly 72,000 users. Eve Maler of ForgeRock weighs in.

TikTok censored talk of Northern Ireland ‘independence’ (Times) The social network TikTok banned “highly controversial” topics such as “inciting the independence of Northern Ireland”. This is understood to be a clunky reference to users discussing the prospect...

The 'Queen' Begins Bitcoin Phishing to Save the UK Economy (BeInCrypto) An unknown attacker is mailing out letters claiming to be from Buckingham Palace, trying to scam people out of their Bitcoin investments.

North Florida OB-GYN patient information may have been breached (WJXT) Patients of North Florida OB-GYN may have had their personal information breached via a virus cyberattack at the medical office earlier this year.

How an Irish hurling fan out-scammed a scammer (The Irish Times) ‘Solomon Gundi’ thought he was on to a good thing when he emailed a 22-year-old Limerick student

Shoppers stunned as pornography plays on large TV screen for hours (The Independent) Explicit videos broadcast from large screen on busy street for two hours until staff retake control from hackers

Woodstock cyber attack continues, affects other city institutions (Woodstock Sentinel Review) Networks and email are still down at the City of Woodstock as the administration continues to fight a cyber attack that began Saturday.

Governments, schools under cyber attack (Rockford Register Star) The latest trend in cybercrime targets cities, counties and schools nationwide, including Rockford Public Schools

Security Patches, Mitigations, and Software Updates

Apple users, patch now! The ‘bug that got away’ has been fixed (Naked Security) Apple has now patched the patch that Google said didn’t patch the hole it was supposed to.

Linux to get kernel 'lockdown' feature (ZDNet) New Linux kernel "lockdown" module to limit high-privileged users -- even root -- from tampering with some kernel functionality.

Cloudflare now supports HTTP/3 (Help Net Security) Cloudflare announced support for HTTP/3, the new standard of the web that will make the Internet faster, more secure, and more reliable, for everyone.

Cyber Trends

Many organizations are careless with sensitive paper documents. It's increasing the risk of data breaches (FierceHealthcare) It doesn't take the stealth of a cyberattacker to cause a healthcare data breach. Typical workplace occurrences like leaving a sensitive document on a printer tray also can lead to data breaches. And in healthcare organizations, it happens more than you think.

Vietnam world’s third largest source of DDoS cyberattacks: report (VnExpress International – Latest news, business, travel and analysis from Vietnam) The number of DDoS attacks coming from devices in Vietnam was the world’s third highest in the second quarter of 2019, after the U.S. and China.

Marketplace

New Cybersecurity Companies Have Their Heads In The Cloud (Forbes) Privacy has become a big deal. Government regulators are moving to squash indiscretions and protect consumers while preserving constitutional liberties … a tall task.

Google boss Sundar Pichai exclusive interview: ‘We’re sticking with our motto – ‘Don’t be evil’ (The Telegraph) Google's global headquarters has the uncanny feel of a carnival.

Spyware company introduces unprecedented human rights policy (The Varsity) U of T’s Citizen Lab researcher likens NSO Group’s reforms to “tokenism”

USCYBERCOM awards mission-critical Cloud contract to Stratus Solutions (Army Technology) The US Cyber Command (USCYBERCOM) has awarded a mission-critical cloud contract to Applied Insight’s subsidiary Stratus Solutions to deliver secure...

BIO-key Receives Nasdaq Notification Regarding $1.00 Minimum Closing Bid Price Requirement - Has 180 Days to Regain Compliance (West) BIO-key International, Inc. (NASDAQ: BKYI), an innovative provider of biometric authentication and security solutions, today announced it has received a continued listing deficiency notice from The Nasdaq Stock Market LLC because its share price has not met the $1.00 minimum closing bid price requirement for 30 consecutive trading days - Nasdaq Listing Rule 5550(a)(2) and 5810(c)(3)(A). This notice has no immediate effect on the Company’s Nasdaq listing or the trading of its common stock.

VMware and Carbon Black Announce Extension of Tender Offer (West) VMware, Inc. (NYSE: VMW) and Carbon Black, Inc. (NASDAQ: CBLK) have announced that VMware has extended the offering period of its previously announced cash tender offer to purchase all of the outstanding shares of common stock (the “Shares”), of Carbon Black for a price of $26 per share (the “Tender Offer”).

Products, Services, and Solutions

Nerds CyberSecurity Team Thwarts Full Scale Attack for Multi-National Client (Yahoo) Nerds On Site Inc. ("NERDS" or the "Company") (NERD.CN) (3NS.F) (NOSUF), a mobile IT solutions company servicing the SME marketplace, provides an update on its cyber security services deployment. "NERDS has committed significant resources toward

Tripwire unveils new version of Tripwire Connect (Help Net Security) Tripwire, a global provider of security and compliance solutions for enterprises and industrial orgs, announced the next generation of Tripwire Connect.

Technologies, Techniques, and Standards

How FIs Can Win Escalating Cybersecurity Battle (PYMNTS.com) Samuel S. Visner, director of National Cybersecurity FFRDC, tells PYMNTS how FIs and others can wage effective battle against cyberattacks by nation-states.

Zink: Cybersecurity — what to do if your business is attacked (Gainesville Sun) What would you do if your technology systems were hacked, shut down with ransomware or infected with tech time bombs set to go off in the future?

Don’t feed the phish (Education Executive) Cyber-attacks pose a big threat to schools and many have already been targeted. Matt Britland, director of IT and digital strategy at Alleyn’s School in London, explains the importance of ensuring staff and students can identify phishing emails

Design and Innovation

Ahead of 2020, Facebook Falls Short on Plan to Share Data on Disinformation (New York Times) The social network says it has struggled to get the information to researchers because it also wants to protect its users’ privacy.

Pi-hole drops support for ad blocklists used by browser-based ad-blockers (ZDNet) The ad-blocking landscape is in line for some standardization, starting with the blocklists' synthax.

Research and Development

DoE to develop next-generation cybersecurity tools for utilities (Smart Energy International) The DoE, Idaho National Laboratory and New Context have extended their collaboration on research and development of next-generation cybersecurity tools.

This Single Tweet Sent the Cryptocurrency Space Into a Fake News Frenzy (BeInCrypto) A Tweet made about the NSA developing 'quantum resistant crypto' turned into fake news about NASA creating its own cryptocurrency.

Academia

NSA, DHS recognize Germanna’s cyber defense education (Fredericksburg.com) NSA and DHS name Germanna Community College a National Center of Academic Excellence in Cyber Defense Education, one of Virginia’s relatively few such institutions.

Legislation, Policy and Regulation

An Overview of International Humanitarian Law in France's New Cyber Document (Just Security) France's positions explained on key issues like the meaning of "attack" and the application of the principles of distinction and proportionality in cyberspace.

Iran oil industry must be alert to physical, cyber threats: minister (Reuters) Iran's oil minister told the petroleum industry on Sunday to be on alert to...

Saudi crown prince warns of escalation with Iran, prefers political solution (Reuters) Saudi Arabia's crown prince warned in an interview broadcast on Sunday that...

The U.S.-Iran Standoff Is Militarizing Cyberspace (Foreign Policy) Trump is keen on cyberattacks to retaliate against Tehran, but that could open Pandora’s box.

America Needs a New Strategic Triad to Face the 21st Century (Time) An emerging triad was illustrated by the drone strikes on key Saudi oil fields

Russia starts rolling out DPI filtration tech that might finally block Telegram (Meduza) Russia’s federal censor has started testing new digital filtration equipment that could finally make it possible to block access to the instant messenger Telegram.

Norway will not ban Huawei from 5G mobile network: minister (Reuters) Norway does not plan to block China's Huawei Technologies[HWT.UL] from buil...

No more 90-day reprieves for Huawei's U.S. supply chain warns Trump administration official (Phone Arena) A member of the Trump administration says that the current 90-day reprieve granted to some of Huawei's U.S. suppliers will probably be the last when the three month period expires in November.

U.S. Steps Up Scrutiny of Airplane Cybersecurity (Wall Street Journal) Concerns that planes could be targeted in cyberattacks are re-energizing efforts to identify airliners’ vulnerability to hacking.

US Senate Passes Bill in Response to Rampant Ransomware, CyberAttacks (BleepingComputer) The U.S. Senate passed the 'DHS Cyber Hunt and Incident Response Teams Act' (S.315) to authorize the Department of Homeland Security (DHS) to maintain cyber hunt and incident response teams to help private and public entities defend against cyber-attacks.

6 Cyber Bills You Might Have Missed (Nextgov.com) The bills aim to strengthen the Homeland Security Department’s cybersecurity efforts and help the energy sector improve its digital defenses.

The Strange Career of ‘National Security’ (The Atlantic) When the two-word phrase became a national obsession, it turned everything from trade rules to dating apps into a potential threat to the United States.

CyberPeace Institute to Support Victims Harmed by Escalating Conflicts in Cyberspace (STL.News) CyberPeace Institute to Support Victims Harmed by Escalating Conflicts in Cyberspace • STL.News

Air Force steps up efforts to combat insider threats (WHIO) The Air Force is stepping up its efforts to deter, detect and mitigate insider threats. An

This is the Navy’s new top cybersecurity official (Fifth Domain) The Navy has tapped a former senior adviser to the Defense Department’s chief information officer as its new CIO.

Michigan’s volunteer cyber corps expands despite critical audit report (Spartan Newsroom) Cyber security requires constant updates and reviews, experts say — and a group of Michigan volunteers that responds to attacks on government databases just got one of its own.

Litigation, Investigation, and Enforcement

Stunned authorities find dozens of encrypted computers in alleged spy's home (CBC) The RCMP intelligence director who now stands accused of preparing to leak secrets to a foreign entity or terrorist group kept a large number of encrypted computers at his home, making the investigation harder to crack, CBC News has learned.

Bulletproof Hosting Service in Former NATO Bunker Goes Down (BleepingComputer) Authorities in Germany this week shut down the services of a bulletproof hosting provider set up in a former NATO bunker that went five floors underground.

German Police Raid Data Center and Alleged Cybercrime Hub Based Out of Former NATO Bunker (Gizmodo) German authorities raided a data center based out of “former NATO bunker that hosted sites dealing in drugs and other illegal activities,” the Associated Press reported on Friday, resulting in seven arrests.

Google Draws House Antitrust Scrutiny of Internet Protocol (Wall Street Journal) Antitrust investigators are scrutinizing plans by Google to use a new internet protocol in a way that some say could make it harder for other companies to access consumer data.

Google reportedly under antitrust scrutiny for new internet encryption protocol (CNET) New standard aims to improve security and privacy by encrypting internet traffic.

Police can access suspects’ Facebook and WhatsApp messages in deal with US (Times) WhatsApp, Facebook and other social media platforms will be forced to disclose encrypted messages from suspected terrorists, paedophiles and other serious criminals under a new treaty between the...

Baltimore IT department uses ‘mind-boggling,' outdated data storage method, audit finds (Baltimore Sun) A new audit of Baltimore’s information technology department says the agency lost key data during May’s ransomware attack because some in the agency used an outdated method for storing files: their individual hard drives.

State Dept. Investigating Email Practices of Hillary Clinton’s Former Staff (New York Times) The inquiry is examining whether the employees used secure channels and the proper classification designations for what appeared to be routine emails at the time.

Why Trump asked Ukraine’s president about ‘CrowdStrike’ (Washington Post) Why Trump asked Ukraine’s president about ‘CrowdStrike’

Trump whistleblower agrees to testify in Congress (Times) The whistleblower whose complaint over a White House phone call triggered impeachment proceedings against President Trump has agreed to testify to Congress, the Democrat leading the inquiry said...

Trump Was Repeatedly Warned That Ukraine Conspiracy Theory Was ‘Completely Debunked’ (New York Times) Thomas P. Bossert, President Trump’s first homeland security adviser, said he was “deeply disturbed” that Mr. Trump had urged Ukraine to investigate Democrats.

Whistleblower painstakingly gathered material and almost single-handedly set impeachment in motion (Washington Post) Trump said the whistleblower is “almost a spy.” Others said, “He’ll be remembered as a truth-seeker.”

Ukraine Holds More Surprises for Biden (Bloomberg) He’ll face questions about a lot more than what Trump has already brought up.

Solomon: These once-secret memos cast doubt on Joe Biden's Ukraine story (TheHill) Hundreds of pages of never-released memos and documents – many from inside the American team helping Burisma to stave off its legal troubles – conflict with Joe Biden’s narrative about the controversy in Ukraine.

Senate Democrats Face Questions After Letter Resurfaces of Them Asking Ukraine to Investigate Trump in 2018 (IJR) The Democratic senators who sent a letter to the Ukranian prosecutor general asking them to investigate President Donald Trump are facing some questions.

Ex-Trump Homeland Security adviser rips Giuliani, calls claim Ukraine hacked DNC a 'conspiracy theory' (TheHill) A former Homeland Security adviser in the Trump administration said Sunday that the unsubstantiated claim that Ukraine was responsible for the hack of the Democratic National Committee (DNC) in 2016 is a "conspiracy theory" with "no validity."

Matt Drudge played a major role in the Clinton impeachment. Now he’s back for another round. (Washington Post) The Drudge Report has been generally supportive of conservatives and Trump but has been playing up impeachment news in recent days.

Ocasio-Cortez Set to Testify in Lawsuit Challenging Blocking of Twitter Follower (New York Law Journal) U.S. Rep. Alexandria Ocasio-Cortez, D-New York, was sued over the management of her @AOC Twitter account the same day that the 2nd U.S. Circuit Court of Appeals affirmed a trial judge's ruling that President Donald Trump violated the First Amendment by blocking people from his @realDonaldTrump Twitter account.

Match knowingly puts people at risk from scammers, FTC charges (Naked Security) Match.com allegedly put users on its free version at risk – by not filtering out communications that it knew were from fake accounts.

Most victims still not reporting cyber crimes: survey (The Daily Star) Though a year has gone by since the Digital Security Act was passed in the parliament, 80 percent of cyber crime victims do not report the cases to law enforcement agencies, according to a recent survey conducted by Cyber Crime Awareness Foundation.

Attacks on industrial IT systems. SimJacker detector. Bulletproof host raided. Gnosticplayers. E.R. isn't really into alt-coin.

Bring your own context.