The CyberWire Daily Briefing, 10.30.19

Cyber Attacks, Threats, and Vulnerabilities

Customers report Bank of America outage; cards declined, ATMs unavailable (KTVU FOX 2) Bank of America outages reported

Bank of America Down? Service Status, Map, Problems History - Outage.Report (Bank of America) See if Bank of America is down or it's just you. Check current status and outage map. Post yours and see other's reports and complaints

Georgia ‘I’ll Be Back’ Cyber Attack Terminates TV, Takes Down 15,000 Websites (Forbes) As a massive cyber-attack defaces websites and stops TV stations from broadcasting, the question is: whodunnit?

Voting machines still easy prey for determined hackers (FCW) A security exercise to demonstrate voting machine vulnerabilities has captured the attention of some in Congress, but one Democratic chairman said 'it's all for naught' if Republicans aren't on board.

As Russia makes 2020 play, Democratic campaigns say they are in the dark, and experts fear U.S. elections are vulnerable (Washington Post) Campaigns targeted by Russian interference on Facebook-owned Instagram were not alerted by the tech giant.

Who benefits from the use of kompromat in American politics? (Military Times) The main weapon of a hybrid warfare is a deception, and one of the main tasks of this deception is to convince the enemy that there is no war, says the author of this commentary.

Microsoft Says Russians Hacked Antidoping Agency Computers (New York Times) The Russians were supposed to turn over their own computer data to avoid further penalties. Then they went on the offensive.

Inside the Discovery of Sandworm, the World’s Most Dangerous Hackers (Vanity Fair) In his new book, Sandworm, Andy Greenberg describes how researchers who discovered the group were alarmed by its reach—and the looming danger it represented.

New 'unremovable' xHelper malware has infected 45,000 Android devices (ZDNet) Factory resets aren't helping. Neither are mobile antivirus solutions. Malware keeps reinstalling itself.

Joker's Stash Lists 1.3 Million Stolen Indian Payment Cards (BankInfo Security) The notorious Joker's Stash cybercrime marketplace, which specializes in selling stolen payment card data, has a new listing for 1.3 million credit and debit cards,

New Adwind Variant Targets Windows, Chromium Credentials (Threatpost) A new version of the typically platform-agnostic Adwind trojan has been spotted targeting Windows applications and systems and Chromium-based browsers.

PHOENIX CONTACT Automation Worx Software Suite (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Phoenix Contact Equipment: Automation Worx Software Suite Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise the availability, integrity, or confidentiality of an application programming workstation.

MikroTik router compromise exploit detailed (SC Magazine) Researcher details the fascinatingly winding path from DNS request to root access on MikroTik routers

Info security body finds no evidence of infection at Swiss banks as a result of “Sharpshooter” campaign (FinanceFeeds) Switzerland’s Reporting and Analysis Centre for Information Assurance is in touch with a number of banks but no evidence of infection has been found.

Mimecast Outage: CEO Says "Very Sorry", Blames Firewall Issues (Computer Business Review) Mimecast blames intermittent service disruptions on network/firewall issues and says it is urgently working on a permanent fix. A Mimecast outage...

Mimecast CEO Blames Service Issues On Firewall Challenge (MediaPost) Mimecast is working to reduce disruption time and mitigate the impact, Peter Bauer says in a video.

Notice of Potential Payment Card Incident (Krystal) The Krystal Company would like to advise guests that our company is actively investigating a security incident that involves one of the payment processing systems that services some of our restaurants.

State of Stolen Credentials in the Dark Web from Fortune 500 Companies (Immuniweb) Millions of stolen corporate credentials available in the Dark Web are exploited by cybercriminals for spear-phishing and password re-use attacks against the largest global companies.

How games like 'Fortnite' and 'Counter-Strike' are used to launder money (Mic) Despite being released over seven years ago, Counter-Strike: Global Offensive remains one of the most popular games in the world. Counter-Strike boasts more than 500,000 concurrent players at any given time and hit its highest active player account…

Kurdish spy played key role in locating Baghdadi (Times) President Trump said that Abu Bakr al-Baghdadi’s likely replacement as Islamic State’s leader was “terminated by American troops” as further details emerged of the role played by Kurdish...

Is your security opening up a bag of worms? (TechNative) Despite the headlines, cryptocurrency is still very much on the scene, especially as big names like Facebook try to crack the industry However, while there are many companies trying to do good things with bitcoin, there are also people looking to exploit it. Unsurprisingly, over the last few years, there has been an increase in crimes related to cryptocurrency. While some cyber criminals hold people’s digital assets ransom in return for cryptocurrency, others take a somewhat less upfront approach. In fact, a popular form of crime surrounding the new currency is cryptojacking. Mining for bitcoin takes a serious amount of

Security Patches, Mitigations, and Software Updates

Major vulnerability patched in the EU's eIDAS authentication system (ZDNet) Exclusive: Vulnerability would have allowed attackers to pose as any EU citizen or business.

PHP team fixes nasty site-owning remote execution bug (Naked Security) The PHP development team has fixed a bug that could allow remote code execution in some setups of the programming language.

Cyber Trends

Is the enterprise on the brink of a global web supply chain attack? (Help Net Security) We have seen enough examples of a web supply chain attack to know that there still isn’t enough being done to actually mitigate these attacks.

2019 EnergyTech/Information Security Summit Conference – the gap between IT/OT networking and domain experts (Control Global) There has effectively been an exclusion of domain experts (in industry and manufacturing – the engineers/Operations; and in finance - the economists) in control system cyber security. This exclusion of domain experts has also led to the exclusion of control system devices from adequate cyber security considerations. The disconnect between domain experts and networking is very much alive and needs to be addressed.

Are utilities keeping up with cyber threats? (Smart Energy International) Caught in the Crosshairs: Are Utilities Keeping Up with the Industrial Cyber Threats? – details the industry’s vulnerability to cyber risk and its readiness to address them

Nastiest Malware 2019 (Webroot Community) It’s that time of year again. The leaves have changed, ghouls and goblins are about to take to the streets demanding tricks or treats, and Webroot is shining the light on the nastiest malware threats lurking online in 2019. It’s not names like Jason or Freddy that should curdle your blood this Octob...

NTT Report Finds Digital Natives Don’t Prioritize Cybersecurity (BusinessWire) In today’s multigenerational workforce, professionals over 30 are more likely to adopt cybersecurity best practices than their younger colleagues.

Investigations are an unfortunate fact of life for most corporations (Help Net Security) H5 survey reveals corporate investigations are expected to increase over the next three years, intensifying strain on internal resources.

Companies unprepared to deal with mobile attacks, synthetic identity fraud, CCPA compliance (Help Net Security) Businesses see costly decline of consumer trust as a result of large-scale data breaches according to annual IDology Fraud Report.

Employers view worker training, policies as key to data security (HR Dive) For many companies, the importance of cybersecurity has grown, but a lack of talent to fill necessary roles may be making it difficult for businesses to keep up with demand.

Guests: Hotels are not investing enough in cybersecurity (Hotel Management) Nearly half (46 percent) of respondents said their trust in a hotel’s cyber defenses influences if they book a stay at a particular hotel.

Marketplace

The future of cybersecurity VC investing with Lightspeed’s Arif Janmohamed (TechCrunch) There are two types of enterprise startups: those that create value and those that protect value. Cybersecurity is most definitely part of the latter group, and as a vertical, it has sprawled the past few years as the scale of attacks on companies, organizations, and governments has continuously ex…

DISA Is Looking to Buy AI-Powered Cyber Defenses (Nextgov.com) The tools would use automation and machine learning to respond to common cyberattacks without any human intervention, freeing personnel to focus on more complex intrusions.

7 Ways Industry is Supporting National Cybersecurity Awareness Month (Bricata) From "champions" to free training – here are some different ways the private sector is supporting National Cybersecurity Awareness Month (NCSAM)

Major Employers Commit to Build a Stronger Cybersecurity Workforce Pipeline (The Aspen Institute) Major Employers Commit to Build a Stronger Cybersecurity Workforce Pipeline Date: 10/30/2019 By: John Carlin Chair, Cyber & Technology Program, The Aspen Institute For the past four years, the Director of National Intelligence has named cyber threats to critical infrastructure as the top national security concern. Attacks on Atlanta, Baltimore, Louisiana, Florida, Texas show how, …

How Microsoft Tapped the Autism Community for Talent (Wall Street Journal) The software giant says it had to alter its hiring process, including eliminating the initial phone screening.

Fortinet Gains on Cisco, Palo Alto Networks with enSilo Acquisition (Channel Futures) Fortinet's acquisition of enSilo quickly helps Fortinet gain ground on Palo Alto Networks specifically, but also Cisco, and Sophos in the midmarket.

New cyber coordination center aims to make Louisiana a cybersecurity leader (Baton Rouge Business Report) When Gov. John Bel Edwards announced in August that a new Louisiana Cyber Coordination Center would be established at the Water Campus, near downtown Baton Rouge, he said it was a step towards establishing the state as a global leader in cybersecurity. But what kind of work will the center—to be shared by the Louisiana …

Cybereason Named a Forbes ‘2019 Next Billion-Dollar Startup’ (PRWeb) Cybereason, creators of the leading Cyber Defense Platform, today announced it was named a Forbes 2019 Next Billion-Dollar Startup. For the past five years, Forbes

Facebook Needs to Shut Up (Wired) Opinion: Since 2017, nearly every time Mark Zuckerberg has tried to sound thoughtful, he sounds unprepared, shallow, and full of hubris. Time to zip it.

Cyber attack on Asia ports could cost $110 billion: Lloyd's (Reuters) A cyber attack on Asian ports could cost as much as $110 billion, or half the to...

Norsk Hydro's cyber insurance has paid just a fraction of its breach-related losses so far (CyberScoop) Norsk Hydro received an insurance payout of $3.6 million following a highly publicized cyberattack earlier this year, the company revealed in its third quarter earnings report. The insurance payout represents about 6% of the $60 million to $71 million in costs created by the incident through the third quarter, the company said.

Microsoft funded firm doing secret Israeli surveillance on West Bank (NBC News) Microsoft committed to protecting democratic freedoms. Then it funded an Israeli facial recognition firm that secretly watched West Bank Palestinians.

FireEye CEO: I’m Thinking About How We Execute, Not How To Exit (CRN) FireEye CEO Kevin Mandia said he’s laser-focused on building the best possible security company despite media reports that all or part of FireEye might be acquired.

Threat intel firm to open new office, add 130 jobs in the Boston area (Boston Business Journal) The threat intelligence company is opening a second office in addition to its current headquarters at 363 Highland Avenue in Somerville, with the goal of building a “campus” in the Davis Square area, according to CEO Christopher Ahlberg.

Eversheds Sutherland Adds Cybersecurity & Privacy Counsel Paul McCulloch-Otero (Eversheds Sutherland) Eversheds Sutherland is pleased to announce that Paul D. McCulloch-Otero has joined Eversheds Sutherland’s Cybersecurity & Privacy Practice Group as counsel in the New York office. With his extensive background in cybersecurity, privacy, information technology, risk and compliance, he will counsel clients across industries, particularly bolstering Eversheds Sutherland’s FinTech, RegTech and InsurTech teams.“Cybersecurity and privacy remain top concerns for our clients,...

Protegrity Appoints Rick Farnell as Chief Executive Officer (BusinessWire) Data-first security solution provider Protegrity announced that Rick Farnell will join the company as its new CEO, effective immediately.

Products, Services, and Solutions

HITRUST Compliance with Tripwire (Tripwire) The HITRUST CSF helps healthcare organizations comply with various standards like NIST, CIS, HIPAA by providing a single overarching framework. Now, with Tripwire Enterprise, organizations can automate the HITRUST CSF and reduce the burden of compliance.

Netskope Partners with SailPoint to Deliver Expanded and Detailed Visibility into Enterprise Application Risk (Netskope) Netskope, the leader in cloud security, today announced a new certified integration with SailPoint Technologies, Inc., the leader in enterprise identity governance, to advance the precision and automation of end-to-end security and compliance. This integration enables joint customers to: Automate access governance tasks and workflows in …

Cynash Enhances Its Analytics Appliance for Industrial Control System (PRWeb) Cynash Inc., a leading developer of industrial control system (ICS) cybersecurity solutions for critical energy, water and transportation, announces a new...

KnowBe4 Launches Initiative to Strengthen Organizational Security Culture (West) Security Awareness Proficiency Assessment and Security Culture Survey Now Available

Baffle Unveils Data Masking and Exfiltration Control to Mitigate Data Breach Risks (Baffle.io) Learn more about data protection in our latest post "Baffle Unveils Data Masking and Exfiltration Control to Mitigate Data Breach Risks". Baffle provides end-to-end access control and AES encryption that protects data in use, in memory, in the search index and at-rest to protect against modern day data breaches.

Talkdesk receives new security and business continuity certifications, leads contact center industry (Talkdesk) Talkdesk sets the bar as first to achieve security certification for Business Continuity Management

Cisco offers all-in-one managed security for MSPs (CRN Australia) Developed alongside US-based Perch Security.

How being hacked inspired a comic book series (Infosec Resources) Gary Berman, creator of "The Cyberhero Adventures: Defenders of the Digital Universe" comic book series, and Cyber Work host Chris Sienko discuss Berman's

The 4 number-one ways to protect your game from hackers (VB Live) (VentureBeat) Learn how to protect your game and users from threats without impacting game performance and effectively thwart cybercriminals in this VB Live event.

Microsoft launches ‘911’ on-demand service for emergency security threats (ZDNet) Top cybersecurity experts are now part of Microsoft's Advanced Threat Protection service.

Thycotic Introduces Customer Community Engagement Platform to Facilitate "Secrets of Success" (PR Newswire) Thycotic, provider of privileged access management (PAM) solutions to 10,000 organizations worldwide, including 25...

Zero Trust platform from Pulse Secure is enhanced (App Developer Magazine) Pulse Secure introduces new secure access management and threat mitigation features within its Zero Trust Platform, enabling enterprise and service provider organization.

HPE Takes On VMware With AI-Powered HCI (SDxCentral) The next phase of software-defined and hyperconverged infrastructure is AI-powered HCI, according to Hewlett Packard Enterprise.

VMware Helps Customers Across EMEA Manage Multi-Cloud Cost, Complexity and Risk to Drive Digital Transformation (West) CloudHealth by VMware and VMware Secure State Simplify and Help Secure Operations Across Public Clouds

Visium Technologies Unveils Cygraph at .Next Conference (West) Copenhagen Conference for European, Middle East, and Africa Region draws over 4,000 attendees across all industries

NSA Certifies General Dynamics Battlefield Encryptor (New Kerala) Business World: FAIRFAX, Va: General Dynamics Mission Systems announced today that the National Security Agency NSA has certified its new TACLANE- Nano KG-175N network encryptor to secure voice, video and data information classified Top Secret/SCI and below traversing public and private IP networks.

Switching from Symantec to Sophos just got even easier (Sophos News) Replacing Symantec Endpoint Protection? Step up to Sophos Intercept X.

BIO-key Advances Passwordless Authentication with Windows Hello and WebAuthn Multi-Factor Authentication Solutions at Microsoft Ignite 2019 (West) Offering Several Compliance Options for September FBI Private Industry Notice

Flying solo with mobile payments: Why choose HCE? (FIME) Mobile payments, HCE, smartphone, banks, issuers, Giant Pays, security, Host Card Emulation, payment apps, Android device, implementation plan, mobile device, cloud server, Google, UX, user experience, development services, security certification, functional certification, SE-based solution, Rich OS, security-centric approach

Technologies, Techniques, and Standards

How to negotiate with hackers (Financial Times) When your files are held to ransom, there are ways to get them back safely and securely

Why New Privacy Regulations Are a Business Enabler, Not an Enemy (Netwrix) Privacy legislation is often seen as a big stumbling block for business. In this blog, find out five ways that privacy regulations can help boost your business.

Cybersecurity summit urges companies to share hacking woes (TMJ4) About 60% of small businesses have been hit by a cyber attack.

MKE Cybersecurity Summit focuses on hacking risk for those who work from home (FOX6Now.com) Cyber attackers are constantly coming up with new ways to steal your information. Business leaders across the area teamed up on Monday,

Don’t Respond to Suspicious Emails (PhishLabs) It is important to remember that these scammers are in fact criminals and engaging with them is like catching a tiger by the tail.

Design and Innovation

Collaboration Required to Improve Connected Medical Device Security (HealthITSecurity) A report from Booz Allen and eHI dives into common challenges healthcare providers face in addressing the risk connected medical devices pose to patient safety and the overall healthcare ecosystem.

New Facebook AI fools facial recognition (Naked Security) The technology – which Facebook won’t use in its own apps – subtly distorts face images so they’re still recognizable, but not to machines.

Mimecast CEO Unveils Vision for Future of Email Security at Cyber Resilience Summit in Dallas (West) Organizations Need to Expand From Perimeter Email Security to Pervasive Email Security to be Resilient in the New Digital Risk Reality

This man is running for governor of California so he can run false Facebook ads (CNN) A San Francisco man is going to extreme lengths to call out Facebook's controversial policy of allowing politicians to run false ads on its platform. On Monday morning, he registered as a candidate in California's 2022 gubernatorial election -- not with the primary goal of becoming governor, but so he can run false Facebook ads of his own.

Team develops a detector that stops lateral phishing attacks (Techxplore) Lateral phishing attacks—scams targeting users from compromised email accounts within an organization—are becoming an increasing concern in the U.S.

Pentagon preparing first electronic warfare report for Congress (C4ISRNET) The Pentagon’s newly created cross functional team for electronic warfare is gearing up to submit its first report to Congress.

What to do with an electronic warfare problem like Syria? (C4ISRNET) An Army tool is being considered as a potential military-wide solution for commanders to visualize and understand the electromagnetic spectrum.

Academia

Best colleges to face-off at international offensive cybersecurity competition finals at RIT (RIT) The winners of the world’s largest collegiate offensive-based cybersecurity competition will be crowned at the Collegiate Penetration Testing Competition finals Nov. 22–24 at RIT.

Okemos High School Cyberchiefs A Wins High School Cyber Challenge (Iosco County News Herald) High School teams from across Michigan came to the 2019 North American International Cyber Summit (NAICS) at TCF Center in Detroit on October 28,

Legislation, Policy and Regulation

Playing with fire: Global offensive cyber operations (TheHill) Nation-states — including the U.S. — are operating in cyberspace without any serious deliberation regarding potential outcomes.

China Eases Restrictions on Foreign Cryptography Products (Bloomberg Law) China’s National People’s Congress has liberalized the regulation of commercial cryptography and forbidden forced technology transfers for those products.

German Spy Chief Says Huawei Can’t Be ‘Fully Trusted’ in 5G (Bloomberg Law) Germany’s spy chief said Huawei Technologies Co. “can’t fully be trusted,” signaling security hardliners in Chancellor Angela Merkel’s government want to keep the Chinese technology giant out of the country’s fifth-generation networks.

Trump says U.S. will cooperate with 'like-minded' nations on 5G networks (Reuters) U.S. President Donald Trump said in a letter Monday the United States plans to c...

Congress Still Doesn't Have an Answer for Ransomware (Wired) As data hijackers continue to target local governments and hospitals, legislators remain stymied over how best to address the problem.

Warren Would Shut the Government-to-Tech ‘Revolving Door’ (Wired) Warren's latest plan would prohibit large companies from hiring senior government employees right out of office—and she comes out swinging against Facebook.

FCC plans Huawei/ZTE ban, may require ripping out existing network gear (Ars Technica) Ban on Chinese vendors would affect recipients of Universal Service funding.

FCC proposal targeting Huawei garners early praise (TheHill) The Federal Communications Commission (FCC) is moving aggressively to ban companies from using federal subsidies for equipment from Chinese telecommunications groups Huawei and ZTE, and earning initial praise from lawmakers and industry groups.

UNITED STATES : NGA takes steps to avoid more Snowden style leaks (Intelligence Online) The National Geospatial Intelligence Agency (NGA) launched a consultation in October for a full-scale audit of its computer security and

16th Air Force to streamline cyber weapon systems (U.S. Air Force) Launched on July 1, 12N12 aims to replace, reduce and consolidate the tools, systems and applications operators and analysts employ within the cyberspace security and defense mission area by July 1,

Blue Dog Democrats push Congress to fund state election security (TheHill) Leaders of the Blue Dog Coalition on Tuesday urged House and Senate leaders to provide states with election security funds as part of the ongoing appropriations process.

Significant Pennsylvania election law changes headed to governor’s desk (Mcall.com) Election reform legislation headed toward the governor's desk in Pennsylvania on Tuesday would deliver the biggest changes to state election laws in decades and provide aid to counties for much of the cost of new voting machines as a bulwark against hacking in next year's presidential election.

Florida elections chief: State systems prepared for hackers (Washington Post) Florida’s secretary of state is reassuring voters that elections officers across the state are prepared for attacks from hackers despite continuing concerns about the integrity of the state’s voting systems

Australia Proposes Face Scans for Watching Online Pornography (New York Times) As a government agency seeks approval of a facial recognition system, it says one use for it could be verifying the age of people who want to view pornography online.

Litigation, Investigation, and Enforcement

Security | Questions the alleged cyber-incident at Kudankulam Nuclear Plant raises (Moneycontrol) If indeed a breach has occurred at the Kudankulam Nuclear Power Project, evidence shows that it could be a human problem, and not a network one, and KNPP's diagnostic and denial does little to restore confidence.

Facebook Sues Israel’s NSO Group Over Alleged WhatsApp Attack (Wall Street Journal) Facebook filed a lawsuit against Israel’s NSO Group, alleging the cybersecurity company infected the phones of some users with spyware it delivered through the WhatsApp messaging platform.

WhatsApp accuses Israeli firm of helping governments hack phones of journalists, human rights workers (Washington Post) WhatsApp on Tuesday accused the Israeli surveillance company NSO of helping governments hack into the mobile devices of more than 100 people worldwide, including journalists and human rights workers.

Facebook sues Israeli surveillance vendor over WhatsApp zero-day (ZDNet) Facebook says NSO Group developed WhatsApp zero-day used in May 2019 attacks against attorneys, journalists, human rights activists, political dissidents, diplomats, and government officials.

WhatsApp files complaint against NSO over alleged cyber attack using service (Times of Israel) The WhatsApp messaging app says it thwarted “a highly sophisticated cyber attack” by Israel-based NSO Group which exploited its video calling feature in May.

A WhatsApp hack used Israeli spyware to target Rwandan dissidents (Quartz Africa) Facebook lawsuit alleges the Israeli spyware firm NSO was hacking journalists, human rights activists and political activists.

WhatsApp: Scores of activists targeted with NSO spyware (Amnesty) Responding to a statement by WhatsApp on Tuesday that spyware produced by the Israeli firm NSO Group was used to target more than 100 human rights activists, Danna Ingleton, Deputy Director of Amnesty Tech, said:

The Mueller Report and ‘National Security Investigations and Prosecutions’ (Lawfare) A new edition of a treatise on national security law has much to say about the Mueller investigation and L’Affaire Russe.

GDPR fines were meant to rock the data privacy world. They haven't (WIRED UK) GDPR hasn't heralded the swarm of huge fines that was predicted. But that doesn't mean the fines so far haven't been influential

Nigerian military using surveillance technology to spy on Nigerians - CPJ (Premium Times Nigeria) The Committee to Protect Journalists (CPJ) has accused the Nigerian military of using surveillance technology to spy on ordinary Nigerians and the press.

Coalfire Objects to All Charges Pending in Cybersecurity Trespass Case (PR Newswire) Coalfire, a provider of cybersecurity advisory and assessment services, today announced that charges were...

Kamala Harris Defended Representative Katie Hill and Called Out "Cyber Exploitation" (Yahoo Lifestyle) Senator Kamala Harris defended Representative Katie Hill after the U.S. Rep. resigned. Intimate photos of Hill with a staffer had been published without her consent.

LARA: Editor's Comment: New competition, cyber war and Comac (HMG Aerospace) On 24 October, the fifth prototype of China’s home-built narrowbody passenger jet, a C919 (coded 105), completed its first flight from Shanghai Pudon International Airport....

Australia Accuses Google Of Misleading Consumers Over Location Data (NPR.org) The Australian Competition and Consumer Commission said that Google purposefully misled Android users into thinking their personal data were not being collected.

Uber threatens to sue Los Angeles, as the fight over scooter data escalates (The Verge) LA wants Uber’s location data, but the ride-hailing company says it’s worried about privacy.

Bring your own context.