The CyberWire Daily Briefing, 10.17.19

Cyber Attacks, Threats, and Vulnerabilities

ISIS Is Already Rising From the Ashes (Foreign Affairs) Turkey’s invasion of Syria will fuel a jihadi resurgence.

How One Tweet Turned Pro-China Trolls Against the NBA (Wall Street Journal) After his tweet supporting Hong Kong’s protesters, Houston Rockets general manager Daryl Morey was the subject of a pro-China campaign.

“Debug mode” in popular webdev tool exposes credentials for hundreds of websites, including Donald Trump’s - Comparitech (Comparitech) Donald Trump's campaign website and hundreds of others failed to disable debug mode in Laravel, a popular PHP framework, exposing secret credentials on the web.

Ransomware: These are the most common attacks targeting you right now (ZDNet) An analysis of ransomware reporting over the past six months shows that while there's a big focus on big targets, going after individual users is still very popular.

New SDBot Remote Access Trojan Used in TA505 Malspam Campaigns (BleepingComputer) Researchers discovered two new malware strains distributed via phishing campaigns carried out by the TA505 hacking group during the last two months, a new downloader dubbed Get2 and an undocumented remote access Trojan (RAT) named SDBbot.

US 'carried out secret cyber attack' on Iran after Saudi oil attack (The Independent) Official says cyber operation affects 'physical hardware' as Tehran denies impact

Warning: Russian Hackers Break Into European Embassy In Washington (Forbes) Hackers who'd carried out the infamous breach of the Democratic National Committee have breached a European embassy in Washington, according to research released Thursday.

Russia’s Cozy Bear Hackers Resurface With Clever New Tricks (Wired) Largely out of the spotlight since 2016, Cozy Bear hackers have been caught perpetrating a years-long campaign.

WAV audio files are now being used to hide malicious code (ZDNet) Steganography malware trend moving from PNG and JPG to WAV files.

WAV files spotted delivering malicious code (Help Net Security) Attackers are embedding crypto-mining and Metasploit code into WAV audio files to stymie threat detection solutions, researchers have found.

Malicious Payloads - Hiding Beneath the WAV (ThreatVector) BlackBerry Cylance Threat Researchers recently discovered obfuscated malicious code embedded within WAV audio files. Each WAV file was coupled with a loader component for decoding and executing malicious content secretly woven throughout the file’s audio data.

'Graboid' Crypto-Jacking Worm Targets Docker Hosts (SecurityWeek) Researchers have identified what appears to be the first crypto-jacking worm that spreads using Docker containers.

Cryptojacking Worm Targets and Infects 2,000 Docker Hosts (Dark Reading) Basic and 'inept' worm managed to compromise Docker hosts by exploiting misconfigurations.

Chinese Hackers Use New Cryptojacking Tactics to Evade Detection (BleepingComputer) Chinese-speaking cybercrime group Rocke, known for operating multiple large-scale malicious crypto-mining campaigns, has now switched to new Tactics, Techniques, and Procedures (TTPs), including new C2 infrastructure and updated malware to evade detection.

Symantec Endpoint Protection Update Causes Many Devices to Crash (SecurityWeek) An intrusion prevention signature update delivered by Symantec to Endpoint Protection customers has caused many devices to crash and display a BSOD.

Intelligence Gathering on U.S. Critical Infrastructure (Industrial Control Systems (ICS) Cyber Security Conference) How Open Source Intelligence can be applied to reconnaissance on critical infrastructure.

Security Patches, Mitigations, and Software Updates

Adobe splats bucketful of bugs in Acrobat and Reader (Help Net Security) A week after Patch Tuesday, Adobe dropped security updates for several of its products, including Acrobat and Reader and the Download Manager.

WordPress 5.2.4 Patches Six Vulnerabilities (SecurityWeek) WordPress 5.2.4 patches six vulnerabilities, including XSS, unauthorized access, SSRF, and cache poisoning issues.

Oracle's October 2019 Critical Patch Update Includes 219 Fixes (SecurityWeek) Oracle this week announced the release of its last Critical Patch Update of 2019, which includes a total of 219 new security fixes across various product families.

Instagram’s latest security feature lets you better manage third-party app permissions (The Verge) See who has your data at a glance.

Instagram will give you more control over your third-party apps…in about six months (TechCrunch) Instagram is slowly rolling out a new feature that will help better protect your personal data from being accessed by your long-discarded, third-party applications — that is, any app you had once authorized to access your Instagram profile over the years. This may include websites you used fo…

Cyber Trends

Cost of Ransomware Related Downtime Increased More Than 200 Percent, an Amount 23 Times Greater Than the Ransom Request (BusinessWire) Datto, Inc., the leading global provider of IT solutions delivered through managed service providers (MSPs), today announced findings from its fourth

New Survey Finds Security Pros Concerned About PKI (Keyfactor) At SecTor, Canada’s premier IT security education conference, we conducted a survey to learn more about the challenges facing IT professionals working to manage their organization’s PKI.

IT Pros Believe Shadow IT Could Become a Competitive Advantage, Study Shows (BusinessWire) The new Entrust Datacard report, “The Upside of Shadow IT,” helps business and IT leaders balance enterprise security with employee productivity.

Fake mobile app fraud tripled in first half of 2019 (Help Net Security) In Q2 2019, RSA Security identified 57,406 total fraud attacks worldwide. Phishing attacks were the most prevalent (37%), followed by fake mobile apps.

APT actors up their game; is it only a government concern or do enterprises need to pay more attention? (SC Magazine) CISOs roll their eyes when they hear 'APT', or say they're not a real threat to most organisations, but they are on the rise, and their hacking techniques do pose a threat as they get weaponised by cyber-criminals.

Social Media OpSec Concerns Overstated, Army General Says (Military.com) A general, a lieutenant, a cartoonist and the administrator of a controversial community Facebook page walk onto a stage.

Marketplace

Corporate America's Second War With the Rule of Law (Wired) Opinion: Uber, Facebook, and Google are increasingly behaving like the law-flouting financial empires of the 1920s. We know how that turned out.

SailPoint Buys Two Cloud Security Startups For $37.5 Million (CRN) Identity governance provider SailPoint has purchased emerging vendors Orkus and OverWatchID to help customers better control access to applications in public cloud environments.

Austin's SailPoint poised to improve cybersecurity services for cloud-based systems (Austin American-Statesman) Austin-based SailPoint Technologies has acquired two startups — for a total of $37.5 million — in a bid to to improve its cybersecurity

DigiCert Acquisition by Clearlake Capital Group and TA Associates Closes (PR Newswire) DigiCert, Inc., the world's leading provider of TLS/SSL, IoT and PKI solutions, announced today that leading private...

Facebook Expands, Enhances Bug Bounty Programs (SecurityWeek) Facebook announces an expansion to its bug bounty program for third-party apps, as well as a series of bonuses for bugs in native products.

F-Secure weighs in on prpl Foundation security standards (Global Security Mag Online) F-Secure has joined the prpl Foundation to provide a more secure consumer experience when customers use their home Wi-Fi network and Internet of Things (IoT) devices.

Cybersecurity firm joins Microsoft Intelligent Security Association (The Hindu) Cybersecurity firm Ensurity Technologies has joined Microsoft Intelligent Security Association (MISA), a group of technology providers who integrated their solutions with Microsoft products to provide

7 Top Cybersecurity Stocks to Buy (The Motley Fool) Keeping digital data safe is a big business and getting bigger all the time.

How AI Battles Security Threats without Humans (WIRED) Housed in the historic city of Cambridge, the R&D facility of international cybersecurity firm Darktrace is unmistakably modern. Its stylish headquarters is all clean lines and gleaming glass, opening last year in honor of Cambridge-educated computer pioneer Maurice Wilkes—who helped design the electronic delay storage calculator, one of the world’s first computers, in the 1940s.…

Siemens moves its head office to Manchester (PES MEDIA) Siemens flagship building at Didsbury, Manchester has been designated the company’s new UK head office, replacing Frimley in Surrey.

TrueFort Unveils Board of Advisors Featuring Top Executives from Cyber Security, Financial and Telco (BusinessWire) Advisory Board comprised of C-level executives from AT&T, Bank of America Merrill Lynch, LPL Financial, Palo Alto Networks, Trend Micro and Zscaler.

Guidehouse hires NSA executive Marianne Bailey (Consulting) Management and technology consultancy Guidehouse has hired cyber expert Marianne Bailey to lead the firm’s cybersecurity practice.

Products, Services, and Solutions

Baltimore Cyber Range Shaping the Future (BaltimoreCyberRange) Baltimore Cyber Range (BCR) provides real world, hands-on Cyber security training. The BCR ultra-realistic threat training environment enables Cyber Security practitioners a secure environment for working with real world threats.

Global breakthrough, Pradeo launches a Private Secure Store solution to facilitate and expand safe BYOD usages for companies (Pradeo) After being awarded by Frost & Sullivan for best mobile security, Pradeo adds a new offer to its product line to address a strong mobile security need so far unanswered.

Denim Group Announces Integration with Snyk to Deliver Broad Vulnerability Management to Developers Leveraging Open Source (BusinessWire) Denim Group Announces Integration with Snyk to Deliver Broad Vulnerability Management to Developers Leveraging Open Source

CounterFlow AI Introduces ThreatEye – First-Ever AIOps Platform for Network Forensics (CounterFlow) Security analysts can now leverage AI for network intelligence and intelligent packet capture

Carousel Graduates Inaugural Class of Certified Ethical Hackers, Further Strengthening its Cybersecurity Expertise and Delivering More Value to Carousel Customers (Carousel Industries) Carousel Industries, a leading national IT, managed services, and cloud provider with

Lattice MachXO3D Secure Control FPGA Receives Security Certification from NIST (BusinessWire) Lattice Semiconductor (NASDAQ: LSCC), the low power programmable leader, today announced its MachXO3D™ FPGAs for secure system control received the Na

Podcast Recommendations (Medium) The number of podcast listeners in the U.S. increased sharply in 2019, with nearly one out of three people listening to at least one…

Akamai's got Comcast's back for small and mid-size businesses' cybersecurity (FierceTelecom) Comcast Business is the first service provider to boot up Akamai's new cloud-based Security and Personalization Services Secure Business solution. Comcast Business is using Akamai’s SPS Secure Business as part of its new Comcast Business SecurityEdge cloud-based internet cybersecurity solution for small businesses.

BlackBerry Cylance Announces Integration with Chronicle's Backstory (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) today announced integration of CylancePROTECT ® and CylanceOPTICS® with...

Cybereason and SecureLink Partner to Deliver New Security Services (AiThority) Cybereason, creators of the leading Cyber Defense Platform and SecureLink, one of Europe's most respected managed security service providers

Logicalis Ireland becomes first partner in Ireland to achieve new cloud security specialisation from Check Point Software Technologies (Irish Tech News) Logicalis Ireland, the Hybrid IT solutions and managed services provider, today announces that it is the first partner in Ireland to achieve the CloudGuard

Symantec Boosts Endpoint Security Portfolio With New Upgrade (Yahoo) Symantec's (SYMC) Endpoint Security solution features capabilities like new attack surface reduction, threat hunting, and breach analysis and prevention, to cater to the growing need for comprehensive enterprise security.

Tehama and Bitnobi Partner to Lay Foundation for a Data Trust Platform (West) Tehama, the leading SaaS solution to secure mission critical and data sensitive systems when granting access to global employees and third-party contractors, and Bitnobi, a startup that has created a privacy-protected data-sharing platform, are pleased to announce the signing of a contract with the Department of National Defence to demonstrate the workings of an innovative, integrated human resources data management platform.

Technologies, Techniques, and Standards

A Review of Cybersecurity Incidents in the Water Sector – a good start but with technical issues (Control Global) The report, “A Review of Cybersecurity Incidents in the Water Sector”, was published in the September 2019 issue of the Journal of Environmental Engineering. There are many technical gaps in the report. My concerns with these water cases are similar to gaps in other industries such as electric, oil/gas, and manufacturing. As these industries use the same or similar equipment from the same vendors, the information sharing gap is still very wide.

Congressional Panel Praises Illinois Election Upgrades (Government Technology) Lake County, Ill., received high marks from panelists and the chair of the Committee on Homeland Security, which talked to local, state and federal officials about potential threats to the Illinois elections system.

Analysis | The Cybersecurity 202: Cyber Command hacking contest aims to prep Election Day first responders (Washington Post) The conference marks a rare cooperation between Cybercom and ethical hackers.

CrowdStrike CEO: There's a 'real awakening' about the threat of 2020 election hacking (Yahoo) CrowdStrike co-founder and CEO George Kurtz weighs in on cybe threats pertaining to the 2020 presidential election.

Baltimore City now prepared in case of another cyber attack (WBAL) Baltimore City said it's now prepared in case of another cyber attack.

What Cyber Resilience is Not About … (Business2Community) Cyber resilience must not be used to legitimise window-dressing practices around cyber security Read more at https://www.business2community.com/cybersecurity/what-cyber-resilience-is-not-about-02249622

Cyber Command wants to work more closely with the energy sector (Fifth Domain) Cyber Command worked with the Department of Energy during a recent exercise to help bolster understanding and ensure greater defense of critical assets.

Design and Innovation

Introducing the New Advanced Credit Cards, where the CVVs will change every hour, a huge blow for the cyber-criminals. (LinkedIn) Imagine a world without credit card fraud. Impossible, you might say.

Research and Development

Cryptography without using secret keys (Phys.org) Most security applications, for instance, access to buildings or digital signatures, use cryptographic keys that must at all costs be kept secret. That also is the weak link: Who will guarantee that the key doesn't get stolen or hacked? Using a physical unclonable key (PUK), which can be a stroke of white paint on a surface, and the quantum properties of light, researchers of the University of Twente and Eindhoven University of Technology have presented a new type of data security that does away with secret keys.

DISA Wants a Pentagon-Wide Identity Management System (Nextgov.com) The Enterprise Identity Service would let Pentagon officials oversee the access credentials and online activity of every user who touches its networks.

Academia

Cyber security experts, colleges work together to encourage next generation of analysts (Route Bay City) With the growing use of technology in day-to-day business operations, more and more businesses are finding themselves in need of protection against cyber threats.

Registration open for new UMW cybersecurity certification program (Fredericksburg.com) The University of Mary Washington announced Wednesday that registration is now open for a new cybersecurity certification program.

Legislation, Policy and Regulation

People’s privacy must be completely protected in cyberspace: Rouhani (Mehr News Agency) Iranian President Hassan Rouhani has stressed protecting people’s security while ensuring cyberspace security, adding that People’s privacy must be completely protected.

China slams ‘arrogant and dangerous’ U.S. over Hong Kong democracy bill as city’s dysfunction deepens (Washington Post) Lawmakers disrupted a speech by Hong Kong’s leader, while Beijing said it rejects any foreign interference and accused Washington of harboring sinister intentions.

Government drops ‘porn block’ plan to stop children watching sex videos online (The Independent) The long-delayed measure – one of the first of its kind in any democratic country – had been plagued by legal and technical difficulties

Australian intelligence agency wants more resources to counter foreign interference (Reuters) Australia's national intelligence agency said in a report this week that it...

Australia shows small businesses how to protect themselves in cyberspace (Tech Wire Asia) Small businesses in Australia struggle with cybersecurity — but the good news is that the country's regulators are keen to offer support.

When it comes to cyber authorizations, plagiarism is just fine for DHS (Federal News Network) DHS CIO Dr. John Zangardi said he is streamlining the authority to operate (ATO) process to help components move applications to the cloud faster.

Senator proposes data privacy bill with serious punishments (CNET) If the bill were a law during Facebook’s privacy scandals, Mark Zuckerberg would face jail time, Sen. Ron Wyden says.

Mark Zuckerberg will stream a speech on ‘free expression’ Thursday (Engadget) You can watch what the Facebook CEO has to say at 1PM ET.

Army Cyber lobbies for name change this year, as information warfare grows in importance (Army Times) Army Cyber says the fight below the level of actual violence is already happening, and it needs greater authorities to combat threats,

Litigation, Investigation, and Enforcement

South Korean National and Hundreds of Others Charged Worldwide in the Takedown of the Largest Darknet Child Pornography Website, Which was Funded by Bitcoin (US Department of Justice) Jong Woo Son, 23, a South Korean national, was indicted by a federal grand jury in the District of Columbia for his operation of Welcome To Video, the largest child sexual exploitation market by volume of content. The nine-count indictment was unsealed today along with a parallel civil forfeiture action. Son has also been charged and convicted in South Korea and is currently in custody serving his sentence in South Korea. An additional 337 site users residing in Alabama, Arkansas, California, Connecticut, Florida, Georgia, Kansas, Louisiana, Maryland, Massachusetts, Nebraska, New Jersey, New York, North Carolina, Ohio, Oregon, Pennsylvania, Rhode Island, South Carolina, Texas, Utah, Virginia, Washington State and Washington, D.C. as well as the United Kingdom, South Korea, Germany, Saudi Arabia, the United Arab Emirates, the Czech Republic, Canada, Ireland, Spain, Brazil and Australia have been arrested and charged.

Inside the shutdown of the ‘world’s largest’ child sex abuse website (TechCrunch) Hackers found the dark web site just weeks after the U.S. government did.

MSPs turn to data watchdog over Sturgeon’s private emails (Times) Scotland’s information commissioner has been urged help MSPs who want to investigate Nicola Sturgeon for using a private email account for state business. Labour wrote to the first minister and...

Senate Intel chair: Whistleblower hasn't agreed to testify before panel (TheHill) Senate Intelligence Committee Chairman Richard Burr (R-N.C.) on Wednesday told reporters that a whistleblower at the center of the House impeachment inquiry hasn't yet agreed to meet with his Senate panel.

'Nothing similar': Ukraine whistleblower lawyer rejects Edward Snowden comparison (Washington Examiner) Edward Snowden, who leaked highly classified information and fled the United States in 2013, compared himself to the Ukraine whistleblower while promoting his new book.

Leading K-pop organization vow to wipe out 'cyber violence' after Sulli's death linked to online bullying (Newsweek) South Korean officials are taking a stronger stance to tackle the growing threat of "cyber terrorism" against K-pop culture celebrities, claiming "nothing will be forgiven, and strong action will be taken."

Accused Capital One hacker had as much as 30 terabytes of stolen data, feds say - CyberScoop (CyberScoop) Investigators probing the Capital One data breach say they have between 20 and 30 terabytes of data in their possession as they prepare for trial against the alleged hacker, Paige Thompson, according to court documents obtained by CyberScoop. The government now is parsing through millions of individual files, prosecutors said, as well as a spreadsheet agents say they found recently on Thompson’s computer, which contains aggregated information apparently stolen from Capital One.

Cozy Bear never left. Iran says the Americans are dreaming. Graboid worms through Docker hosts. Audio steganography. Hundreds charged with online child exploitation.

Bring your own context.