The CyberWire Daily Briefing, 10.28.19

Cyber Attacks, Threats, and Vulnerabilities

Security tightened in Delhi after intel warns of Jaish threat on Diwali (DNA India) Security tightened in Delhi after intel warns of Jaish threat on Diwali - Security is at the highest level in markets which see higher footfalls in festive season.

Cozy Bear Is Back in the Spotlight; Notorious Russian Hackers Caught Spying on EU and Eastern European Nations (CPO Magazine) Turns out that the APT group Cozy Bear that became internationally infamous in 2016 for high profile hacks never really went away. The Russian hackers have hit at least three European nations since it supposedly went underground in 2016.

Investigating Information Operations in West Papua: A Digital Forensic Case Study of Cross-Platform Network Analysis (Bellingcat) These findings were made by BBC open source investigator Benjamin Strick and Elise Thomas, a researcher with the International Cyber Policy Centre at the Australian Strategic Policy Institute. A new open source investigation has analysed a well-funded and co-ordinated social media campaign aimed at distorting the truth about events in the restive Indonesian province of...

New FuxSocy Ransomware Impersonates the Notorious Cerber (BleepingComputer) A new ransomware has been discovered called FuxSocy that borrows much of its behavior from the notorious and now-defunct Cerber Ransomware.

Raccoon Malware-as-a-Service Gains Momentum (SecurityWeek) Raccoon malware-as-a-service features like an easy-to-use automated backend panel, bulletproof hosting, and 24/7 customer support in both Russian and English

Here's Why 'Raccoon' Infostealer Is Popular With Criminals (BankInfo Security) The "Raccoon" infostealer, first spotted in the wild earlier this year, is rapidly gaining in popularity on underground forums due to its low cost and

Govt warns of new 'Emotet' malware campaign (CRN Australia) Australian Cyber Security Centre escalates to “significant cyber incident”.

City of Johannesburg has until 5pm to pay ransom demand - or personal data of citizens will be released (Computing) 'We have dozens of back doors inside your city. We have control of everything,' warn City of Johannesburg hackers

Hackers shut down Johannesburg’s networks once again (MIT Technology Review) Johannesburg, South Africa, is an alpha city on a booming continent—a financial powerhouse and one of the most important cities in the world.

City of Johannesburg hit by ransomware, again (ZDNet) South Africa's largest city falls prey to ransomware for the second time in four months.

City of Joburg slowly resumes services after cyber attack (News24) Some of the City’s customer service centres have resumed service, with remaining services expected to be back online by the end of the weekend.

SA banks hit by ransom attacks (Fin24) The South African Banking Risk Information Centre has confirmed a "wave of ransom driven" attacks on the banking industry.

UniCredit hit by data breach of Italian client records (Reuters) UniCredit said on Monday its cyber security team had identified a data breach in...

How 18 Malware Apps Snuck Into Apple's App Store (Wired) Sing it loud: The App Store's not perfect. Especially when it's up against click fraud code this clever.

Lazy Privilege Escalation: Abusing Dell's DUP Framework, CVE-2019-3726 (CyberArk) It's easy to abuse the DUP installation framework. We walk through CVE-2019-3726, a privilege escalation vulnerability that was patched in September.

Phishers strike at mobile wellness app company (Naked Security) What were the phishers after? People’s login details for Office 365.

Researchers Analyze North Korea-Linked NukeSped RAT (SecurityWeek) Fortinet security researchers took a deep dive into NukeSped malware samples that share multiple similarities with other malware families used by North Korean threat actors

Older Bugs in Software Add to Security Debt (Decipher) In the rush to fix newer vulnerabilities, the older ones are left unaddressed. The resulting security debt increases the organization’s risk of a breach, Veracode warned.

Could lighting your home open up your personal information to hackers? (Help Net Security) Researchers at UTSA have conducted a review of the security holes that exist in popular smart-light brands, the smart bulb being the next prime target.

New Way Found to Use Alexa, Google to 'Voice Phish' and Eavesdrop on Users (Threatpost) Developer interfaces used by Security Research Labs researchers to turn digital home assistants into ‘Smart Spies’.

Highlands on the road to recovery from cyber attack (Las Vegas Optic) New Mexico Highlands University is moving along in its recovery from the cyber attack that shut down campus for two weeks. Classes resumed Monday, and the ITS department, along with several others, has gotten the network up and running for instructional operations, though some computers still need to be rebuilt.

Luzerne County cyber attack expenses over $500K (Times Leader) Luzerne County has paid $563,196 to date recovering from a Memorial Day weekend cyber attack, although officials are expecting insurance to cover most of the expense. The figure is buried in the…

Security Patches, Mitigations, and Software Updates

Firefox Privacy Protection makes website trackers visible (Naked Security) Mozilla has added another privacy tweak to Firefox version 70 – the ability to quickly see how often websites are tracking users.

Cyber Trends

The scariest hacks and vulnerabilities of 2019 (ZDNet) This year's biggest and scariest security incidents, data breaches, and vulnerabilities.

How Are 5th and 6th-Generation Cyberattacks Different From Previous Ones? (Forbes) How are 5th and 6th generation cyberattacks different from previous ones? This question was originally answered on Quora by Gil Shwed.

Blacklisted apps increase 20%, attackers focus on tax-branded key terms (Help Net Security) For the second-consecutive quarter, blacklisted apps increased with a 20% spike, accounting for over 2% of all apps in RiskIQ’s telemetry.

Security pros like their job, yet many struggle with burnout and work-life balance (Help Net Security) Exabeam gained insight on trends in the salaries of security professionals, as well as education levels, job satisfaction and attitudes toward technologies.

The 2010s Have Broken Our Sense Of Time (BuzzFeed News) The rhythms of American life changed in the 2010s. How everything from TV to Trump to Instagram messed with your head just enough that time feels like it melted.

Marketplace

Picus Security Raises $5 Million In Series A Funding Led By Earlybird To Accelerate Global Expansion (PR Newswire) Picus Security, the leading platform for Breach and Attack Simulation, today announced that it has raised $5 million...

Aviatrix Raises $40 Million in Series C Funding (West) CRV Leads Latest Round of Investment

Huawei Consumers Want To Ignore Trump’s Blacklist—That Just Got Harder (Forbes) Huawei has maintained consumer confidence despite the U.S. blacklist, but is that about to change?

On same day U.S. warns Europe about Huawei, firm expands in Ireland (Big News Network.com) On the same day the US was again urging European countries to avoid doing business with Chinese telecommunications companies Huawei Ireland opened a new office in Dublin

ARM will continue to license chip architecture to Huawei after all (The Verge) ARM has decided that its technology is of UK origin, not US.

Trump's tough China stance pushed ZTE to pay up, US tech CEO says (Fox Business) InterDigital and ZTE had battled in court for much of the last decade over the Chinese firm’s refusal to pay royalties for use of wireless technology in its devices.

General Dynamics lands $325M U.S. emergency telecomm contract Industries (Virginia Business) Your default description here

Palo Alto Networks Blames Tariffs for Firewall Price Hikes (SecurityWeek) Network security firm Palo Alto Networks will increase the price of its hardware products by a 5%, citing impact from recent tariffs for imported components.

UAE-based cybersecurity firm in talks over stake sale (TahawulTech) UAE-based DarkMatter Group’s founder and MD Faisal Al Bannai has announced plans to divest his entire stake in the company by the end of this year.

Vista Equity Seeks to Sell Forcepoint Cybersecurity Stake (MSSP Alert) Cybersecurity provider Forcepoint, owned by Raytheon & private equity firm Vista Equity Partners, may be for sale, depending on how you read Raytheon CFO remarks.

Beowulf Offers HackerOne $100,000 Bounty to Break Its Blockchain Layer (TokenPost) Decentralized cloud network Beowulf has enlisted the services of cybersecurity firm HackerOne to attempt to hack the companys blockchain layer. By inviting hackers to join a bounty to hack Beowulfs system, the blockchain...

KILL Optiv Canada Federal and SailPoint Awarded Software Licensing Supply Arrangement (SLSA) with Canadian Federal Government (Global Banking & Finance Reviews) Optiv Security requests that their press release NewsItemId: 20191024005168 Optiv Canada Federal and SailPoint Awarded Software Licensing Supply Arrangemen

Imperva CEO Chris Hylen Resigns (CTECH) Hylen stepped down on October 21, two months after the information security company disclosed a data breach

Lockheed Martin Elects Debra Reed-Klages to Board of Directors (PR Newswire) Lockheed Martin (NYSE: LMT) announced today that its board of directors has elected Debra Reed-Klages to the board...

Warring Nutanix and VMware execs meet on a plane ... (CRN Australia) ... and stage a love fest as Dheeraj Pandey and Sanjay Poonen show respect.

Products, Services, and Solutions

New infosec products of the week: October 25, 2019 (Help Net Security) Delta Risk ActiveEye 2.0 eliminates more than 95% of false positives With a focus on advanced security automation, the ActiveEye 2.0 platform eliminates

wolfSSL Version 4.2.0 is Now Available! (wolfSSL) The release of wolfSSL version 4.2.0 is now available! Many exciting new features were added in this release along with optimizations and some fixes. wolfSSL has spent 10,000 hours worth of engineering on creating the code for this release. We’ve added new features, ports, and made it more robust. For a full list of fixes, […]

Introducing Facebook News (Facebook Newsroom) We're introducing Facebook News to give people more control over the stories they see and the ability to explore a wider range of news interests within the Facebook app.

Operation “Shields Up”: Web Isolation in the U.S. Military (Authentic8 Blog) Shields Up: How a military unit simultaneously increased web access and decreased cyber risk using remote cloud browsing technology.

Analysis | The Cybersecurity 202: This company wants Democrats to tackle political disinformation with counterterrorism strategy (Washington Post) Main Street One's technology targets voters with other persuasive messages.

Eset unveils new security solutions for home users (GDN Online) Eset, a global IT security company, has released the...

Technologies, Techniques, and Standards

Authenticity poses new challenges for intelligence community (Federal News Network) The pace of technological change has impacted the lives of populations everywhere in one way or another.

ESET: Firms Need MSP's Help Around California’s New Data Privacy Law (CRN) California businesses large and small are turning to MSPs for help understanding the ins and outs of the state’s new privacy law, said ESET’s Rachel Globus.

What’s going on with Cyber Command’s Unified Platform (Fifth Domain) One of the first big milestones for Cyber Command's Unified Platform program will be fully building its software factory.

How to protect your company's backups from ransomware (Emsisoft | Security Blog) Backups are an important part of any ransomware disaster recovery plan - but how do you keep your backups safe?

The Ransomware Superhero of Normal, Illinois (ProPublica) Thanks to Michael Gillespie, an obscure programmer at a Nerds on Call repair store, hundreds of thousands of ransomware victims have recovered their files for free.

National Governors Association Selects 4 States for Assistance in Energy Security Exercise (National Governors Association) The National Governors Association (NGA) competitively selected four states – Colorado, Hawaii, Idaho and Maryland – to participate in a focused technical assistance project to enhance their experiences in the GridEx V energy security exercise and support the states’ …

9 tips for not getting spied on while traveling (Yahoo) Many IT departments suggest not bringing devices with sensitive personal or corporate information to certain countries.

Design and Innovation

Google just got better at understanding your trickiest searches (Fast Company) A new machine learning algorithm is helping Google tell which words in queries matter most—and how they relate to each other.

Why Keybase Doesn't Offer Two Factor Authentication (Wired) Keybase exists to keep things safe online. And it doesn't use 2FA to do it.

Legislation, Policy and Regulation

With ISIS leader dead, Donald Trump loves the intelligence community – some of them anyway (USA TODAY) In announcing the death of ISIS leader Abu Bakr al-Baghdadi, Trump praised the work of intelligence officials, a marked departure from his repeated criticism of the intelligence community.

Security services fear the march on universities of Beijing’s spies (Times) MI5 and GCHQ have warned universities to put national security before commercial interest as fears grow over state theft of research and intellectual property from campuses. The agencies are...

China amends minor protection law to include cyberspace (TechNode) The draft law focuses on anti-addiction and data privacy.

China adopts law on cryptography (Xinhua) China's top legislature on Saturday voted to adopt a national law on cryptography. Lawmakers approved the law at the closing meeting of a bimonthly session of the Standing Committee of the National People's Congress, which started Monday.

China passes law regulating data encryption (Engadget) It's supposed to improve security, but it might not matter in a surveillance state.

China's Congress Passes Cryptography Law, Effective Jan. 1, 2020 (CoinDesk) While China still bans cryptocurrency trading, cryptography could be key to the country’s national push to be more competitive in the blockchain industry.

In Flying Flags, Emoji Become Political (Wired) Adding a new flag to the emoji keyboard now means getting tech companies' support—and that could be an issue if China is involved.

Johnson set to grant Huawei access to UK’s 5G network — and open rift with Trump (Times) Boris Johnson is preparing to allow controversial Chinese firm Huawei to win access to Britain’s future 5G telecoms network — endorsing the Theresa May decision that sparked a cabinet crisis.

US lawmakers are starting to give TikTok the Huawei treatment (Quartz) TikTok is the first Chinese app to be truly popular in the US—and that's getting it the kind of scrutiny that could put the brakes on its growth.

Pakistan to Install Nationwide Web Monitoring System (Sputnik) New Delhi (Sputnik): Reports of the Pakistan government installing the Web Monitoring System (WMS) first came to light when questions related to its set-up were raised in the Senate.

Pakistan moves to install nationwide 'web monitoring system' (Coda Story) Pakistan’s outsourcing of web monitoring to a controversial California-based company raises concerns about censorship

Jack Dorsey Criticizes Zuckerberg Over His Free-Speech Argument (Bloomberg) Twitter Inc. Chief Executive Officer Jack Dorsey called out his counterpart at Facebook Inc., saying Mark Zuckerberg has a “major gap and flaw” in his argument for free speech on social media.

Jack Dorsey Sees a “Major Gap and Flaw” in Mark Zuckerberg's Free Speech Argument (Vanity Fair) The Twitter CEO also takes issue with Zuckerberg's revised Facebook origin story—and isn't signing on to Libra anytime soon.

Congress Is Pretty Peeved That Blizzard Suspended Blitzchung (Wired) The 'Hearthstone' pro, also known as Chung Ng Wai, was blocked from competing after voicing support for protesters in Hong Kong.

NSA: 'We know we need to do some work' on declassifying threat intel (CyberScoop) One of the goals for the National Security Agency’s Cybersecurity Directorate’s is quickly share information on adversarial threats with the private sector.

Ted Lieu pens letter to Mulvaney demanding answers on White House cyber departures (Axios) "A White House data breach would give our adversaries an untold advantage" in policy and security matters.

Dingell Sends Letter to Google and Amazon Demanding Answers on Security Vetting Process Failures (U.S. Representative Debbie Dingell) Today, Congresswoman Debbie Dingell (MI-12) sent a letter to Google and Amazon demanding answers on how German cybersecurity company Security Research Labs was able to create apps that passed through both Google and Amazon’s security vetting process for apps designed for smart speakers with background listening capabilities.

Ohio governor signs into law measure to increase cybersecurity of elections (TheHill) Ohio Gov. Mike DeWine (R) on Friday signed into law legislation that will increase cyber protections for election systems and enhance the overall cybersecurity posture of the state.

Ohio beefs up cyber security with new response unit (Cleveland.com) Ohio is moving to strengthen its cyber defenses by creating a new unit tasked with responding when local governments are digitally attacked, under a new law signed on Friday by Gov. Mike DeWine.

State’s cyber corps expands despite critical audit report (Grand Rapids Business Journal) Cybersecurity requires constant updates and reviews, experts say — and a group of Michigan volunteers that provides rapid response to attacks on government data just got one of its own.

Why We Must Act Now to Secure Upcoming Elections (Computer Business Review) "The organisations and supply chains involved aren’t necessarily prepared to defend against a complex cyberattack." To secure upcoming elections we...

Litigation, Investigation, and Enforcement

Lankan spy chief sat on Easter bomb attack intel? (The Asian Age) Incidentally, it was the same time when the Indian defence secretary was visiting the Island country and security was on a high due to his visit.

Encrypted Phone Company Helped Plan Crime Blogger’s Murder, Cops and Source Say (Vice) MPC, an encrypted phone company Motherboard revealed as being created by organized crime, "put him on a plate for the Moroccans to pull the trigger."

Uncle Sam demands summary judgement on Snowden memoir: We're not saying it's true, but no one should read it (Register) We really needed to take a look before you published

The Hapless Shakedown Crew That Hacked Trump’s Inauguration (Wall Street Journal) Days before the big event, hackers seized control of almost all the capital’s street surveillance cameras and demanded a ransom. Then everything spiraled out of control.

The FTC Fosters Fake Reviews, Its Own Commissioners Say (Wired) A leaked email revealed that executives at a skin-care firm showed employees how to post fake reviews. But the FTC settled without a fine or admission of guilt.

Barr’s Review of Russia Probe Now a Criminal Investigation (Wall Street Journal) Attorney General William Barr’s expanding review of the Russia probe has evolved into a criminal investigation, giving a federal prosecutor who is leading the inquiry the ability to subpoena witnesses and use a grand jury.

FBI agents manipulated Flynn file, as Clapper allegedly urged ‘kill shot’: court filing (Fox News) An explosive new court filing from Michael Flynn’s legal team alleges that FBI agents manipulated official records of the former national security adviser’s 2017 interview that led to him being charged with lying to investigators—in their latest attempt to get the case thrown out.

Ex-intel bosses Brennan, Clapper may become trial witnesses in 'origins' probe, Andrew McCarthy says (Fox News) Former Assistant U.S. Attorney Andy McCarthy reacted Friday to the latest news that U.S. Attorney John Durham's ongoing probe has transitioned into a full-fledged criminal investigation.

Democrats must question possible political surveillance (TheHill) Democrats should back the Lee-Leahy bill that would end bulk collection of Americans’ data, strengthen protections and curb surveillance overreach.

Missing-server conspiracy theories are a convenient smokescreen (The News-Herald) The impeachment drama is already a three-ring circus, with a full complement of clowns to the left and the right.

Major Florida Health System Fined $2M for HIPPA Breach (SecurityWeek) Jackson Health System in Florida must pay over $2 million after federal officials determined its HIPPA compliance program was in disarray for years.

Keylogging data vampire pleads guilty to bleeding two companies (Naked Security) He drained data from firms working on hot new technology, sneaking in with a fake access badge, planting hardware and software keyloggers.

Facebook’s Encryption Makes it Harder to Detect Child Abuse (Wired) Opinion: The social network needs to develop better ways to stop the spread of millions of harmful images.

Exclusive: How A BlackBerry Wiretap Helped Crack A Multimillion-Dollar Cocaine Cartel (Forbes) A wiretap on BlackBerry Messenger collected communications of a drug cartel for years, helping cops catch one $25 million shipment.

Skripal Poisoner Attended GRU Commander Family Wedding (Bellingcat) In a series of investigative reports in 2018 and this year, Bellingcat and its media partners disclosed the existence of an elite unit within Russian military intelligence (GRU) engaging in clandestine overseas operations. This unit consists of approximately twenty graduates of elite Russian military schools, most having received hands-on combat experience in the wars in...

Crooks threaten to expose stolen Johannesburg data. Legal case management software hit by ransomware. ISIS after al-Baghdadi.

Bring your own context.