The CyberWire Daily Briefing, 10.18.19

Cyber Attacks, Threats, and Vulnerabilities

500+ Million UC Browser Android Users Exposed to MiTM Attacks. Again. (BleepingComputer) The highly popular UC Browser and UC Browser Mini Android apps, with a total of over 600 million Play Store installs, exposed their users to MiTM attacks by downloading an Android Package Kit (APK) from a third party server over unprotected channels.

'The Dukes' (aka APT29, Cozy Bear) threat group resurfaces with three new malware families (Computing) The cyber gang has largely remained in dark since breaching the systems of Democratic National Committee in 2016.

Russian Cyber Unit That Went Dark After Hacking DNC Is Still Spying (The Daily Beast) The hackers, also known as Cozy Bear, who are linked to Russian intelligence have been using Twitter and Reddit forums to send coded messages.

Eager iOS jailbreakers tricked into click fraud (iTnews) Checkrain fake jailbreak site borrows pics of real researchers.

European Airport Systems Infected With Monero-Mining Malware (BleepingComputer) More than 50% of all computing systems at a European international airport were recently found to be infected with a Monero cryptominer linked to the Anti-CoinMiner campaign spotted during August 2018 by Zscaler.

Unpatched Linux bug may open devices to serious attacks over Wi-Fi (Ars Technica) Buffer overflow can be triggered in Realtek Wi-Fi chips, no user interaction needed.

New Amazon Echo Warning As Wi-Fi Cyberattack Risk Confirmed (Forbes) Security researchers have confirmed that millions of Amazon Echo and Kindle devices could be vulnerable to the so-called KRACK attack. Here’s what you need to know…

A malicious Tor browser is helping scammers steal bitcoin, researchers say (CyberScoop) Thieves are using malware that masquerades as Tor, the anonymizing internet browser, to steal money from Russian-speaking people on the dark web, researchers said Friday.

This Credential Phish Masks the Scam Page URL to Thwart Vigilant Users (Cofense) The Cofense Phishing Defense Center (PDC) has observed a phishing campaign that aims to harvest credentials from Stripe, the online payment facilitator handling billions of dollars annually, making it an attractive target for threat actors seeking to use compromised accounts to gain access to payment card information and defraud consumers.

Popular app Snaptube accused of ad fraud, say researchers (TechCrunch) A popular video downloader app for Android has been found generating fake ad clicks and unauthorized premium purchases from its users, according to a security firm. Snaptube, which boasts some 40 million users, allows users to download videos and music from YouTube, Facebook and other major video s…

Secure-D uncovers non-human clicks and subscriptions from popular Android app Snaptube (Upstream) Upstream’s security platform Secure-D has detected and blocked more than 70 million suspicious mobile transaction requests coming from the Android app Snaptube in just six months. Snaptube has been delivering invisible ads, generating non-human clicks and purchases, then reporting them as real views, clicks and conversions to the advertising networks that serve them. The ads …

Researcher releases PoC rooting app that exploits recent Android zero-day (Help Net Security) Researcher built on PoC exploit for CVE-2019-2215 and released a PoC rooting app that exploits the recently flagged Android privilege escalation flaw.

Pen testers find mystery black box connected to ship’s engines (Naked Security) It had an Ethernet connection to the ship LAN but was also connected to a Windows console on the bridge which was so bright at night the crew had covered it up. The assumption had been that it was …

Pixel 4 Face Unlock works if eyes are shut (BBC News) Google confirms its new security system may unlock a person's device even if their eyes are shut.

Samsung says will soon patch Galaxy S10 fingerprint recognition problem (Reuters) Samsung Electronics Co Ltd said on Thursday it will soon roll out a software pat...

The most popular ransomware strains targeting UK businesses (IT PRO) What threats you're likely to face can significantly depend on the region in which you operate

Malware targets individual healthcare employees, not always VIPs (Healthcare Dive) Malicious emails most often used URLs (77% of cases) rather than attachments to deliver infected code, according to a report from cybersecurity vendor Proofpoint.

Job applicants worried as hundreds of thousands of CVs exposed online (Sky News) "I am worried about the fact that my address is out there and my phone number," an affected person told Sky News.

Attribution is hard: the incredible skullduggery used to try to blame the 2018 Olympic cyberattack on North Korea (Boing Boing) Wired has published another long excerpt from Sandworm, reporter Andy Greenberg’s (previously) forthcoming book on the advanced Russian hacking team who took the US-Israeli Stuxnet program to…

Inside Olympic Destroyer, the Most Deceptive Hack in History (Wired) The untold story of how digital detectives unraveled the mystery of Olympic Destroyer—and why the next big cyberattack will be even harder to crack.

Microsoft Ending Support for Windows 7 and Windows Server 2008 R2 (CISA) On January 14, 2020, Microsoft will end extended support for their Windows 7 and Windows Server 2008 R2 operating systems.[1] After this date, these products will no longer receive free technical support, or software and security updates. Organizations that have regulatory obligations may find that they are unable to satisfy compliance requirements while running Windows 7 and Windows Server 2008 R2.

AVEVA Vijeo Citect and Citect SCADA (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: AVEVA Equipment: Vijeo Citect and Citect SCADA Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION The IEC870IP driver for Vijeo Citect and Citect SCADA has a buffer overflow that could cause a server-side crash.

Horner Automation Cscape (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low skill level to exploit Vendor: Horner Automation Equipment: Cscape Vulnerabilities: Improper Input Validation, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed, which may allow the attacker to access information and execute arbitrary code.

Vic cyber attack recommendations ignored (Newcastle Herald) Two years after a cyber attack compromised Victoria's road safety cameras a series of "urgent recommendations" to fix vulnerabilities still haven't been done.

Beware the square: how to spot malicious QR codes (Sophos News) QR codes can help you buy tickets, speed up logins and streamline software installation. But, when you scan one, how can you be sure that it’ll take you to a legitimate website?

Security Patches, Mitigations, and Software Updates

Cisco fixes serious flaws in enterprise-grade Catalyst and Aironet access points (Help Net Security) Cisco has released another batch of security updates, the most critical of which fix several risky Cisco Aironet vulnerabilities.

VMware patches critical bug in Harbor Container Registry for PCF (SC Magazine) VMware issues security advisory acknowledging a critical 'broken access control' vulnerability found in VMware Cloud Foundation and Harbor Container Registry for Pivotal Cloud Foundry

Cyber Trends

The System is Broken — 55% Believe their PII is already in the hands of Criminals (Medium) Imagine that you arrive at your home after a relaxing dinner with your family. You get to your front door and you realize that it’s wide…

Executives are not actively engaged in ensuring the effectiveness of cybersecurity strategy (Help Net Security) There's a clear lack of accountability, especially among C-suite executives, and a lack of confidence in determining the efficacy of security technologies.

How to make money with 5G? Surveillance! (CRN Australia) Outdoor cameras are the main market until 2023 when cars will take over, says Gartner.

20 Data Security Risks Your Company Could Face in 2020 (IT Security Central - Teramind Blog) This piece was originally published in Hackernoon. Today, data security is top of mind for companies, consumers, and regulatory bodies. After years of unfettered participation in the data-driven digital age...

Marketplace

Defiant Zuckerberg Says Facebook Won’t Police Political Speech (New York Times) In an address at Georgetown University, the Facebook chief executive called for more free speech — not less — as his company has been assailed for allowing lies and falsehoods to appear.

Mark Zuckerberg signals Facebook won't return to China as he calls on tech firms to defend free speech (The Telegraph) Facebook has effectively given up on bringing its services to China, its chief executive Mark Zuckerberg has confirmed, signalling a decisive end to the social media giant's ambition to enter that market.

Apple's Good Intentions on Privacy Stop at China's Borders (Wired) As pro-democracy protests continue in Hong Kong, the tech giant’s troubling relationship with an authoritarian regime has come into focus.

Splunk investing big in data startups with new Splunk Ventures (ITWire) Machine data aggregator and analytics software company Splunk has announced a $US150m fund to invest in data startups.

Avast boosts cyber security sales to $218m (CityAM) Avast posted growing sales in its third quarter despite shedding off its managed workplace and business divisions, it reported today.

Lookout App Defense penetrates global markets with new customers and strategic partnerships, helping customers prevent data compromise in mobile apps (Lookout) App Defense helps enterprises protect their customer facing apps from data compromise and fraudulent transactions. Breaches can have a significant impact on brands as hackers can compromise consumers credentials, steal PII data and initiate account takeovers.

LoginRadius Joins Cloud Security Alliance (CSA) (Technuter) LoginRadius announced their membership with Cloud Security Alliance (CSA). CSA is a not-for-profit organization that attracts a diverse and extensive network of 80,000 cybersecurity experts. CSA’s activities, knowledge, and global platform provide members with tools for creating and maintaining a robust and trusted cloud ecosystem.

Remember When I Said Buy CrowdStrike Dips? This Looks Like One of Those Times (The Motley Fool) The hot cybersecurity IPO has reversed course and is back where it started.

Axonius Appoints Lenny Zeltser As Chief Information Security Officer (PRWeb) Axonius, the cybersecurity asset management company, today announced Lenny Zeltser has been named Chief Information Security Officer (CISO). Previously serving a

CyberX Appoints Ron Zoran to Board of Directors (CyberX) Experienced Security Executive Joins Board of Fast-Growing IoT/ICS Security Firm

Products, Services, and Solutions

New infosec products of the week: October 18, 2019 (Help Net Security) New infosec products for this week include releases from the following vendors: Pradeo, Elastic, Symantec, CounterFlow AI and Trustwave.

Finnair, Finavia pilot biometric authentication in air travel (Paypers) Finnair and Finavia have tested the use of biometric authentication in air travel.

Privacy-focused Brave browser boasts 8M monthly active users (The Block) Privacy-focused internet browser Brave has hit 8 million-mark in terms of monthly active users. Announcing the news on Wednesday, Brave said daily active users, on the other hand, have surpassed the 2.8 million mark. The browser, with opt-in blockchain functionality, also compensates content creators, users and advertisers in its native Basic Attention Token (BAT) for …

AWS creeps closer to on-prem ops with VMware tie-up (CRN Australia) Cloud DBA tool RDS now runs in on-prem vSphere.

Trustwave Reimagines How Security Testing is Procured and Managed (BusinessWire) Trustwave Security Testing Services is comprehensive portfolio of security testing, scanning and vulnerability management offerings.

Technologies, Techniques, and Standards

Catalan Protesters Are Told to Avoid IPhone, Stick to Android (Bloomberg) Catalan independence activists looking for information on how to take part in the next protest against Spain can rely on a handy, two-day old app for details on when and where to go. The only catch: the app doesn’t work on iPhones.

Design and Innovation

Electronic warfare as easy as changing a light bulb (C4ISRNET) To avoid the dreaded

Academia

The Delicate Ethics of Using Facial Recognition in Schools (Wired) A growing number of districts are deploying cameras and software to prevent attacks. But the systems are also used to monitor students—and adult critics.

Legislation, Policy and Regulation

Reassessing U.S. Cyber Operations against Iran and the Use of Force (Just Security) "There is good reason to conclude the United States may have crossed the use of force threshold with this cyber operation."

We are at war in cyberspace and doing too little about it (Idaho Statesman) The recent public safety power shutoff by Pacific Gas and Electric (PG&E) has drawn critics far beyond the more than 700,000 homes or businesses that lost electricity in northern California. California’s top utility regulator said that the “scope, scale, complexity and overall impact to people’s lives, businesses and the economy cannot be overstated.”

Analysis | The Cybersecurity 202: Huawei looks to Europe to counter U.S. claims it can’t be trusted (Washington Post) Europe has rebuffed U.S. entreaties to ban Huawei from 5G networks.

NBA-China controversy shows why US needs to be careful about Huawei, FCC commissioner says (CNBC) "This NBA issue ... shows how China can leverage all sorts of different levers to exert and have people toe its own political line," Brendan Carr says

Confronting cyber threats to businesses and personal data (GOV.UK) British businesses and the public are set to be better protected from hostile cyber-attacks and online threats like disinformation and cyber-bullying.

Russia says it is starting to resume U.S. cyber cooperation: TASS (Reuters) Russia and the United States are gradually starting to resume cooperation on cyb...

Palapa Ring Launch; Jokowi Calls for Halt to Social Media Hatred (Tempo) In the launch of the Palapa Ring project, President Jokowi calls on the public to stop spreading hate, slanders, hoaxes, and fake news.

Facebook’s Mark Zuckerberg Defends Free Speech Amid Calls for Tighter Controls (Wall Street Journal) In a rare policy speech that could have ramifications for the U.S. presidential campaign and social movements world-wide, the Facebook CEO asserted his commitment to free speech amid call for tighter controls.

Facebook CEO Mark Zuckerberg says in interview he fears ‘erosion of truth’ but defends allowing politicians to lie in ads (Washington Post) Facebook chief executive Mark Zuckerberg said in an interview with The Washington Post that he worries “about an erosion of truth” online but defended the policy allowing politicians to peddle ads containing misrepresentations and lies on his social network, a stance that has sparked an outcry during the 2020 presidential campaign.

Space Industry Seeks Designation as Critical Infrastructure (Air Force Magazine) A new industry group set up to share intelligence about cyber threats to space-based assets like satellite communications will be lobbying the Trump administration to designate commercial space systems as critical national infrastructure.

Opinion | Robert C. O’Brien: Here’s how I will streamline Trump’s National Security Council (Washington Post) To achieve these policy staffing goals, we will eliminate existing vacancies and consolidate duplicative positions.

What’s new in the Army’s data strategy? Security (Fifth Domain) A new data strategy for the Army that could help the service's artificial intelligence task force is under review by senior leaders.

Litigation, Investigation, and Enforcement

U.S. Helped Moscow Foil Recent Terror Plot With Intel, FSB Says (The Moscow Times) “We pay them back and provide assistance and support," Russia's security chief said.

Ninth Circuit Restricts Immunity for Filtering Objectionable Content (Cooley) Companies that make anti-virus and similar software that helps internet uses guard against dangerous online content must now think twice about whether they can be sued for their decisions about wha…

ENIGMA SOFTWARE GROUP USA, LLC, Plaintiff-Appellant, v. MALWAREBYTES, INC., Defendant-Appellee. (United States Court of Appeals for the Ninth Circuit) The panel reversed the district court’s dismissal, as barred by § 230 of the Communications Decency Act, of claims under New York law and the Lanham Act’s false advertising provision.

How to Address Newly Revealed Abuses of Section 702 Surveillance (Just Security) Last week's FISA Court opinions provide even more evidence that the current system fails to adequately protect Americans’ privacy.

Pentagon Unclear on Extent of Environmental, Cyber Threats to Military Bases (USNI News) The DoD doesn't know the cost or scope of the threats posed by severe weather and cyber attacks to its bases, the Pentagon’s top property manager said.

Facebook co-founder and critic Chris Hughes spearheads a $10 million ‘anti-monopoly’ fund (Washington Post) Hughes and his allies are putting new money toward a new "anti-monopoly" fund, hoping to harness heightened interest around big tech into a broader movement to analyze, regulate or dismantle behemoths in agriculture, healthcare and other industries where he says competition is lacking and consumers feel the pain.

Trojanized TOR browser. Key reinstallation attacks. Snaptube and clickfraud? Free speech online. Russo-US cooperation?

Bring your own context.