The CyberWire Daily Briefing 1.29.19

Summary

By the CyberWire staff

A FaceTime bug was disclosed early this morning. 9to5Mac reports that you can call someone using FaceTime and start hearing audio from their phone before they even pick up. The problem seems to affect iOS devices running iOS 12.1 or later. Apple has made the Group FaceTime server (where the bug is located) temporarily unavailable until Cupertino comes up with a permanent fix.

Deep Instinct announced this morning that a new variant of information-stealing FormBook is circulating in the wild. FormBook is now using DropMyBin, which Deep Instinct describes as a "malware-friendly" hosting service appearing in various criminal markets. The service appears to be operated at least in part from Russia, probably by Russian cybercriminals.

xDedic, the online marketplace that traded in hacked servers, has been taken down, ZDNet reports. The FBI announced that the illicit service's site had been seized pursuant to a US Federal warrant. The takedown was an international operation featuring substantial European support and cooperation. XDedic's infrastructure had been located mostly in Belgium and Ukraine. Cyberpolice Ukraine tweeted that they have three suspects in custody.

Europol is pursuing users of booter services, TechCrunch reports. The DDoS-for-hire service Webstressor having been taken down, the authorities are now tackling the demand side of this criminal market.

The US has filed more charges against Huawei: thirteen counts, the New York Law Journal says, involving fraud and money-laundering.

North Korea's Kim has announced ambitious financial goals, and CyberScoop says observers think them likely to prompt a surge in DPRK hacking.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Belgium, Canada, China, European Union, Germany, Iran, Ireland, Democratic Peoples Republic of Korea, Poland, Russia, Ukraine, United Kingdom, and United States.

Experiencing poor performance with your legacy antivirus? Try CB Defense.

Does your legacy antivirus slow down end user endpoints? Try Carbon Black's lightweight, next-generation antivirus + endpoint detection and response solution in your environment for free!

Compare CB Defense to your current solution using real-world scenarios, and see how operations transform across your security and IT teams. After you've finished your 15-day trial, you'll have everything you need to build a business case and make the switch. Gain superior protection, simplified operations, and actionable visibility today.

On the Podcast

In today's podcast, up later this afternoon, we speak with our partners at the Johns Hopkins University Information Security Institute, as Joe Carrigan describes legacy Twitter location data privacy issues. Our guest is Jamil Jaffer from IronNet Cybersecurity, with highlights from his recent Capital Hill briefing, “Nation-State Threats, Collective Defense, and Strategic Deterrence in Cyberspace: (How) Can We Get Better Fast?”

Sponsored Events

DreamPort Event: The Red Hat Ansible Tower Workshop (Columbia, Maryland, United States, Feb 7, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM is hosting the Red Hat Ansible Tower Workshop. This workshop will enable you to create playbooks, while building in security. Automation features will save time, empower junior staff, offload senior staff and automate your most tedious tasks!

Cyber Job Fair, Feb 13, San Antonio (San Antonio, Texas, United States, Feb 13, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber Job Fair, February 13 in San Antonio. Meet leading cyber employers including AF Civilian Service, CNF Tech, Lockheed Martin, and more. Visit ClearedJobs.Net or CyberSecJobs.com for details.

CYBERTACOS RSA (San Francisco, California, United States, Mar 4, 2019) Join us for ALL YOU CAN EAT FREE TACOS! What better way to start your week at RSA? On Monday, March 4, CYBERTACOS is coming back to San Francisco as part of RSA. Join us from 7:00-10:00pm for networking, food and drinks.

Global Cyber Innovation Summit (Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

EU agency says Iran likely to step up cyber espionage (Reuters) Iran is likely to expand its cyber espionage activities as its relations with We...

North Korea could accelerate commercial espionage to meet Kim's economic deadline - CyberScoop (CyberScoop) Perhaps more than any other nation-state, North Korea-linked hackers have shown no limits in what they will target – from a Hollywood entertainment company to a Bangladeshi bank.

Major iPhone FaceTime bug lets you hear the audio of the person you are calling … before they pick up (9to5Mac) A significant bug has been discovered in FaceTime and is currently spreading virally over social media. The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their …

Apple says it has taken Group FaceTime offline in attempt to resolve calling exploit (9to5Mac) Following the exposure of a major FaceTime security hole earlier today, Apple has now taken Group FaceTime completely offline. This comes after the company said a fix for the FaceTime calling bug i…

Apple Bug Enables Eavesdropping on FaceTime Users (Wall Street Journal) Apple scrambled to fix a bug in its FaceTime video-chat system that lets callers eavesdrop on users of iPhones, iPads, and Macs, an embarrassing setback for a company that has touted its commitment to privacy.

Apple FaceTime bug lets anyone eavesdrop on your private conversations (The Telegraph) An iPhone bug that allows users to spy on people by video calling them has been discovered.

Info-Stealer FormBook continues activity using a new file hosting service (Deep Instinct) Background FormBook is an info-stealer which first appeared on the scene as early as 2016. This malware has been marketed …

Apple to fix FaceTime bug that allows eavesdropping (Washington Post) Apple has made the group chat function in FaceTime unavailable after users said there was a bug that could allow callers to activate another user’s microphone remotely

UK cyber security agency investigates DNS hijacking (ComputerWeekly.com) NCSC is probing the large-scale DNS hijacking campaign that has reportedly affected government and commercial organisations worldwide, and has issued defence advice.

How my Instagram account got hacked (Naked Security) After years of embarrassment, I’m finally ready to admit how and why my Instagram account got hacked.

A sneak peek into recent IoT attacks (Zscaler) An analysis of recent attacks on IoT devices, including the RIFT botnet, Shaolin botnet, ThinkPHP, and D-Link router exploitation

Emotet: A veritable Swiss Army knife of malicious capabilities (Help Net Security) Formerly just a banking Trojan, Emotet is now one of the most dangerous and multifaceted malware out there - a Swiss knife of malicious capabilities.

Thieves’ names and descriptions made public on B&Q database (Naked Security) DIY giant B&Q reportedly suffered an Elasticsearch database breach this week that gave up information on around 70,000 shoplifters.

Hackers Target Cisco Routers via Recently Patched Flaws (SecurityWeek) Hackers have been scanning the Internet for Cisco Small Business RV320 and RV325 routers affected by recently patched vulnerabilities. Attacks started shortly after disclosure and release of PoC exploits.

BGP secure routing experiment ends in online row (Naked Security) An experiment to make the internet safer ended up breaking parts of it last week.

YouTube subscribers getting spammed by celebrity imposters (Naked Security) YouTube personality Philip DeFranco warned that the messages pretending to be from him and other top influencers are scams.

Twitter scammers jump in on real-time complaints to companies (Naked Security) ”Hi there,” said the polite (and fake) help desk, leading to a back-and-forth between a lying scammer and a lying security analyst.

Credential-stuffing attack prompts Dailymotion password reset (Naked Security) Dailymotion is resetting the account passwords of an unknown number of users after being hit by a “large-scale” credential stuffing attack.

Why America is not prepared for a Stuxnet-like cyber attack on the energy grid (CSO Online) The U.S. energy grid continues to be vulnerable to Aurora-like attacks that could cause blackouts lasting a year or more.

Pentagon cyber security capabilities trail growing capabilities of potential adversaries (Computing) Vulnerabilities in the latest F-35 aircraft remain unaddressed, while veterans' medical records systems are wide open to hackers,Security ,Pentagon's cybersecurity,weapons systems,US Defence Department,Robert Behler,Genesis,Dana Deasy,Defence Department Inspector General

France's Altran Tech says it was hit by cyber attack (CNBC) Jan 28- French engineering consulting firm Altran Technologies was the target of a cyber attack on Thursday that hit operations in some European countries, it said. Altran said on Monday it had shut down its IT network and applications and a recovery plan was under way. Britain's National Cyber Security Centre announced on Friday it was investigating a...

Even Microsoft can’t escape ‘reply all’ email storms (Naked Security) Of all the calamities that befall email users, few are more dreaded than the ‘reply all’ storm.

Exclusive: Snapchat weighs what was once unthinkable - permanent snaps (Reuters) Snap Inc is considering changes to its Snapchat app, known for disappearing phot...

Cyber Trends

Private Messages Are the New (Old) Social Network (WIRED) The sudden fall of Facebook sharing has led to the rise of something else: private messaging.

Boardrooms Are Still Not Singing the Security Song (SecurityWeek) While boards accept that cybersecurity should be a priority, a survey found that less than 50% of companies have a CISO position with a seat at the board.

Industry Reactions to Data Privacy Day (SecurityWeek) Industry professionals comment on Data Privacy Day, the international holiday whose goal is to raise awareness and promote privacy and data protection best practices.

Marketplace

IARPA announces Proposers’ Day for SAILS, TrojAI (Intelligence Community News) On January 25, the Intelligence Advanced Research Projects Activity announced a Proposers’ Day Conference for the Secure, Assured, Intelligent Learning Systems (SAILS) and Trojans in Artificial Int…

SIA Leads Security Industry Toward Data Privacy Awareness, Action (Security Industry Association) The Security Industry Association (SIA) is marking Data Privacy Day on Monday by continuing its efforts to help its members understand and manage the critical issue of protecting consumer data.

TPG scraps mobile network build due to Huawei ban (CRN Australia) No upgrade path to 5G.

Akamai Completes Acquisition Of CIAM Company Janrain Inc. (MarTechSeries) Akamai Technologies, the intelligent edge platform for securing and delivering digital experiences, announces the company has completed its acquisition of Janrain,

Demand for client assurance is propelling Hudson startup SubRosa (Crain's Cleveland Business) From Crain's Akron Business: Focusing on small- and midsize companies, the cybersecurity startup has been buoyed by its vendor risk and due diligence services, and has seen its business take off in the past six months.

RANK Software Ends 2018 with 111 Percent Revenue Growth (GlobeNewswire News Room) AI Cybersecurity Platform Provider Added Key Customers, Expanded Market Coverage, and Grew Platform Capabilities

BlackBerry taps former Cisco exec Bryan Palma for COO role (ZDNet) Palma is set to play a key role in integrating Cylance into BlackBerry's products.

Products, Services, and Solutions

State of Utah Projected to Save Millions of Dollars with Forescout’s Integrated ServiceNow Solution (GlobeNewswire News Room) Orchestrated security approach delivers improved asset intelligence through device visibility and real-time reporting for rapid time to value

SyncDog Inc. Enables Mobile Workforce Productivity Through Data Loss Prevention Application (BusinessWire) SyncDog Inc. Enables Mobile Workforce Productivity Through Data Loss Prevention Application.

Symantec Introduces Advanced EDR Tools and Fully-Managed Service to Stop the Most Dangerous Cyber Threats (BusinessWire) Symantec Corp. announces a new Managed Endpoint Detection and Response (MEDR) service and enhanced EDR 4.0 technology.

Symantec Delivers Advanced Protection and Hardening Capabilities with Complete Endpoint Defense (BusinessWire) Symantec Corp. announces new enhancements to its endpoint security portfolio with advanced endpoint protection and hardening capabilities.

nuPSYS & Cisco Sign Global Reseller Agreement to Deliver Data Center Automation & Visualization Solutions (PR Newswire) nuPSYS, an innovation leader in data center & 5G / cell site automation & visual tools, announced it has...

The SSL Store™ Announces All-in-One Cybersecurity Solution cWatch Web (PRWeb) The SSL Store™—the world’s largest premium SSL/TLS service, today announced a new addition to their reseller program—cWatch Web. This all-in-one cloud-

CIS launches new free self-assessment tool for the CIS controls (CIS) Free Web Application Tracks and Prioritizes Implementation East Greenbush, N.Y., January 28, 2019 CIS® (Center for Internet Security, Inc.®) today announced the launch of the CIS Controls® Self-Assessment Tool, or CIS CSAT, to enable security leaders to track and prioritize their implementation of the CIS Controls. “CIS CSAT helps organizations regardless of size or resources, …

CHEQ and RiskIQ Partner to Combine Autonomous Ad Verification with Digital-Threat Prevention for End-to-End Solution (PR Newswire) Military-grade ad-verification company CHEQ, and RiskIQ, the global leader in attack-surface...

InfoSec Global (ISG) to license AgileScan, ISG's Cryptographic Threat Management Solution to Entrust Datacard Customers (PR Newswire) InfoSec Global has licensed its AgileScan ...

Netcraft Launches Anti-Phishing Mobile App (SecurityWeek) Netcraft launches mobile app designed to protect users against phishing and other attacks. Android version available and iOS version coming soon.

Facebook Launches Privacy and Data Use Business Hub (SecurityWeek) Facebook marks Data Privacy Day with launch of Privacy and Data Use Business Hub, which should help businesses understand how they can protect private information.

Technologies, Techniques, and Standards

Where To Begin With MITRE ATT&CK Matrix (SecurityWeek) Cybersecurity teams frequently use the MITRE ATT&CK matrix as a framework to show where the organization has good visibility protections, and where identified weaknesses can be addressed.

Analysis | The Cybersecurity 202: Medical devices are woefully insecure. These hospitals and manufacturers want to fix that (Washington Post) But their new plan is purely voluntary.

Fileless Malware: What Mitigation Strategies Are Effective? (BankInfo Security) As the threat of fileless malware continues to persist worldwide, security professionals are devising targeted risk management strategies.. BankInfoSecurity

Why note cards can’t simulate a cyberattack (Fifth Domain) The Pentagon's rudimentary training methods to prepare for cyberwar have raised concern that the United States will not be prepared for future battles.

How the intel community could use machines and AI (C4ISRNET) The intelligence community's

How privacy and security concerns affect password practices (Help Net Security) Yubico announced the results of the company’s 2019 State of Password and Authentication Security Behaviors Report, conducted by the Ponemon Institute.

Design and Innovation

Facebook Opens New Fronts to Combat Political Interference (Wall Street Journal) Facebook is planning a dedicated effort to fend off interference in the European Union’s parliamentary election campaign this spring, part of a broader effort to defend against political interference.

Research and Development

Defending against cyberattacks by giving attackers ‘false hope’ (MU News Bureau) MU researchers develop artificial intelligence to quarantine cyberattackers until a more sophisticated defensive strategy can be devised

Inside the Pentagon’s race against deepfake videos (CNN) Advances in artificial intelligence could soon make creating convincing fake audio and video – known as “deepfakes” – relatively easy.

Academia

University of Tulsa takes lead in Cyber District vision (Tulsa World) The crux of the proposal is the creation of a Tulsa Enterprise for Cyber Innovation, Talent and Entrepreneurship, which will allow industry, federal agencies and TU to work together to

KnowBe4 CEO Stu Sjouwerman Joins University of South Florida Cybersecu (PRWeb) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced that its CEO Stu Sjouwerman has

Legislation, Policy and Regulation

Opinion | Strike Back Against Every Cyberattack (Wall Street Journal) The U.S. can keep foreign hacks at bay by showing its ability and will to retaliate.

Senate Dems Prepping Letter Questioning Shutdown’s Cybersecurity Impact (Meritalk) Senate Democrats are circulating among their offices text of a letter they may send to senior Federal cybersecurity leaders questioning the impact of the partial Federal government shutdown on the security of government networks, MeriTalk has learned.

Litigation, Investigation, and Enforcement

U.S. Authorities Unveil Sweeping Set of Charges Against China’s Huawei (Wall Street Journal) The Trump administration unveiled a sweeping set of criminal charges against China’s Huawei Technologies in its latest salvo against the telecom giant just days before U.S.-China trade talks are set to resume.

US Prosecutors Unveil Money Laundering, Fraud Charges Against Huawei | New York Law Journal (New York Law Journal) Federal prosecutors in Brooklyn have unsealed a 13-count indictment alleging Chinese telecommunications giant Huawei Technologies took part in a long-running scheme in which it deceived the U.S. government about its business dealings with Iran.

Huawei charged with bank fraud, stealing trade secrets by US (CRN Australia) Vendor accused of violating sanctions against Iran.

The Latest: China urges US to withdraw extradition request (ABC News) China's foreign ministry has called on Washington to withdraw its request for Canada to extradite a Huawei executive to face charges of lying to banks about possible dealings with Iran.

Authorities shut down xDedic marketplace for buying hacked servers (ZDNet) xDedic provided access to more than 85,000 hacked servers in its heyday.

The xDedic Marketplace, A Website Involved In The Illicit Sale Of Compromised Computer Credentials And Personally Identifiable Information, Shut Down (US Department of Justice) U.S. Attorney Maria Chapa Lopez, along with Special Agent in Charge Eric Sporre, FBI-Tampa Division, and Special Agent in Charge Mary Hammond, IRS-Criminal Investigation, today announced the seizure of the xDedic Marketplace, a website that operated for years and was used to sell access to compromised computers worldwide and to personally identifiable information of U.S. residents. The xDedic administrators strategically maintained servers all over the world to facilitate the operation of the website.

xDedic Marketplace Shut Down in International Operation (Europol) On 24 January, the U.S. Prosecutor’s Office for the Middle District of Florida, the FBI and the Internal Revenue Service (IRS) of Tampa (Florida), the Federal Computer Crime Unit (FCCU), the Federal Prosecutor’s Office and the Investigating Judge of Belgium, as well as the Ukrainian National Cyber Police and Prosecutor General’s office of Ukraine, with the support of the Bundeskriminalamt of Germany and Europol seized the xDedic Marketplace.

After seizing a major DDoS-for-hire site, Europol goes after its users (TechCrunch) Last year, Europol and its many law enforcement partners took down and seized webstresser.org, one of the most notorious “booter” sites for launching distributed denial-of-service (DDoS) attacks, which was claimed to have launched millions of attacks. But the coalition of feds isn&#8217…

Authorities across the world going after users of biggest DDoS-for-hire website (Europol) The takedown by law enforcement in April 2018 of the illegal marketplace webstresser.org as part of Operation Power OFF has given authorities all over Europe and beyond a trove of information about the website’s 151 000 registered users.

Privacy Groups Claim Online Ads Can Target Abuse Victims (WIRED) Complaints filed in Europe claim internet companies categorize users based on potentially sensitive browsing habits, and then use those labels to target ads.

Facebook ordered to explain how WhatsApp merger would avoid breaking data laws (The Telegraph) Facebook has been asked to urgently explain to European regulators how its proposed merger of Facebook Messenger, WhatsApp and Instagram into one service would avoid breaking data laws.

Appeals court to hear case of reporter alleging surveillance (Washington Post) A federal appeals court is set to hear arguments in a lawsuit filed by a former CBS News reporter alleging that Obama administration officials violated her constitutional rights by hacking into her computers and other electronic devices

Roger Stone to appear in DC federal court Tuesday (TheHill) Roger Stone, a longtime informal adviser to President Trump, will be arraigned in federal court in Washington, D.C., on Tuesday at 11 a.m.

Webcam Hacker Luis Mijangos (GQ) Every online scam begins more or less the same—a random e-mail, a sketchy attachment. But every so often, a new type of hacker comes along. Someone who rewrites the rules, not just the code. He secretly burrows his way into your hard drive, then into your life. Is he following your every move?

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cyber Security X Chicago (Chicago, Illinois, USA, Sep 25 - 26, 2019) Cyber Security X Chicago is part of the fastest growing cyber security event series, providing events that uniquely cover the entire security landscape. The event will offer invaluable security insight from industry experts on all facets of cyber security and risk mitigation, right in the center of Chicago. The Chicago area is home to more than 10,000 IT security professionals. Talent from universities and colleges, such as DePaul University & Illinois State University have become the main drivers of cyber security research in the state and are transforming the Chicago area into a cyber security hub. Cyber Security is the hottest topic in the technology market and needs to be taken seriously. Previously unimaginable cyber-attacks are occurring regularly and organizations need to become aware of the evolving threats to their IT environment. 2018 saw some of the largest cyber attacks to date, and 2019 is no exception. Ensure your team is equipped with the knowledge and latest advancements in threat protection to keep your business safe.

Cyber Security X Atlanta (Atlanta, Georgia, USA, Nov 20 - 21, 2019) Cyber Security X Atlanta is part of the fastest growing cyber security event series, providing events that uniquely cover the entire security landscape. The event will offer invaluable security insight from industry experts on all facets of cyber security and risk mitigation, right in the heart of Atlanta, Georgia. Atlanta is one of the fastest growing high-tech metro areas in the US, home to more than 115 information security companies accounting for 25% of the global security revenue market share. Cyber Security X Atlanta allows you to keep up to date with all things cyber security without having to travel to the West Coast. Cyber Security is the hottest topic in the technology market and needs to be taken seriously. Previously unimaginable cyber-attacks are occurring regularly and organizations need to become aware of the evolving threats to their IT environment. 2018 saw some of the largest cyber attacks to date, and 2019 is no exception. Ensure your team is equipped with the knowledge and latest advancements in threat protection to keep your business safe.

upcoming Events

CPX Americas 360 2019 (Las Vegas, Nevada, USA, Feb 4 - 6, 2019) CPX 360 promises to be the premier cyber security summit. CPX 360 is where you’ll receive up-to-the-minute intelligence about global threats and other vital topics from the world’s leading cyber security experts. In addition, you’ll enjoy getting hands on with cutting-edge security solutions from Check Point, networking with your peers, and celebrating with the world’s cyber security elite. If you attend one cyber security event this year, make it CPX 360.

QuBit Conference Belgrade 2019 (Belgrade, Romania, Feb 7, 2019) QuBit is a Cybersecurity Community Event connecting the East and West. We create a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and all carrier levels. We are collecting great feedbacks on past conferences so we would be glad to cooperate with you, too. QuBit Conference consists of one day (2 in Prague) full of educational presentations, keynotes, case studies and interactive panel discussions in QuBit way - community spirit and tons of great networking opportunities. Not to mention popular pre-conference hands on training held a day before conference.

NITSIG Meeting: Insider Threat Detection & Mitigation Using External Data Sources (Laurel, Maryland, USA, Feb 12, 2019) Gathering and analyzing Internal data sources is very important for Insider Threat Detection. Equally important is knowing what External data sources are also available to create the "Big Picture" of potential / actual Insider Threats. This meeting will focus on the many External data sources that are available from various companies, for organizations and businesses that want to be proactive in "Employee Threat Identification". This meeting will also provide insight into the possibility that your company's data may be "For Sale" on the Dark Web, and how to locate it.

National Security Technology Forum and Exposition (NSTFX) (San Diego, California, USA, Feb 12, 2019) AFCEA International and the University of California, San Diego are proud to host a new and innovative event entitled “The National Security Technology Forum and Exposition (NSTFX)”. NSTFX will bring a broad segment of the technology ecosystem together within the Southern California region for a discussion that will focus on all major commands and important operational units across all military services. These include the Research and Development activities at the Office of Naval Research, the Space and Naval Warfare Systems Command, and the Marine Corps Systems Command to advance the latest capabilities to meet national security needs.

3rd Next Generation Cyber Security for Utilities (Denver, Colorado, USA, Feb 13 - 14, 2019) With the value of damages caused by cyber-attacks growing rapidly every year, adopting a new and comprehensive approach to cyber security for utilities is more important than ever. Among essential facilities that feel this pressure, few feel it more than our utilities. Cyber incidents have the potential to bring regional economic growth to a grinding halt, especially when they target the lifeblood of our modern civilizations. With threats becoming more sophisticated and gaining better resources, security professionals must continue to adapt and develop their methods of defense and response to ensure the uninterrupted production of our power.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

FaceTime bug answers before you do. FormBook is back. Xdedic takedown. Police pursue booter users. More Huawei charges.