The CyberWire Daily Briefing, 11.1.19

Cyber Attacks, Threats, and Vulnerabilities

Beijing constructs an “independence” plot for Hong Kong protests through information operations (Global Voices) Initial findings strongly suggest that the Chinese Communist party and state media outlets played a key role in spreading disinformation that framed the protests as a “pro-Hong Kong independence” movement.

Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources (Reuters) Senior government officials in multiple U.S.-allied countries were targeted earl...

Israeli spyware Pegasus has Android brother Chrysaor (Moneycontrol) The spyware tool, also known by the name of Q Suite and Pegasus Suite, can spy on pretty much every aspect of the infected device and its owner with capabilities to even access data stored on cloud services behind authentication walls.

No Israeli government involvement in alleged NSO-WhatsApp hack: minister (Reuters) The Israeli government on Friday denied any involvement in an alleged cyber- hac...

Pegasus malware explained: All you need to know about the spyware affecting high profile targets- Technology News, Firstpost (Tech2) Pegasus relies on three zero-day vulnerabilities which could be used to remotely jailbreak iOS devices.

APT 41 using MessageTap malware to gather SMS traffic (SC Magazine) Malware deployed by the Chinese hacking group APT 41 monitors SMS traffic and other mobile information en masse to target specific customer phone numbers

China-Linked Hackers Target Military, Government Texts, FireEye Says (Bloomberg) A state-linked Chinese hacking group is using malware to steal SMS text messages from high-ranking military and government targets, according to cybersecurity company FireEye Inc.

Hackers linked to China compromised telecoms network to monitor world leaders' messages (Computing) Chinese intelligence targeting 'upstream data entities', such as telecoms companies, in order to compromise world leaders' communications

()

MESSAGETAP: Who’s Reading Your Text Messages? (FireEye) MESSAGETAP is a new malware family used by APT41 that is designed to monitor SMS traffic.

40 million emoji-addicted keyboard app users left with $18m bill – after malware sneaks into Play Store yet again (Register) Bogus charges being racked up by Android tool

With one click, hackers can steal entire Horde inboxes (TechCrunch) A security researcher has found several vulnerabilities in the popular open-source Horde web email software that allow hackers to near-invisibly steal the contents of a victim’s inbox. Horde is one of the most popular free and open-source web email systems available. It’s built and main…

Esports tournaments facing huge cyberattack threats (TechRadar) Trend Micro research uncovers major threats facing esports industry

Current and Future Hacks and Attacks that Threaten Esports (TrendLabs Security Intelligence Blog) Cybercriminals will increasingly target the esports industry over the next three years. Many underground forums already have sections dedicated to gaming or esports sales, and the goods and services offered in these forums generate a lot of interest.

Trick or treating Android Emoji keyboard app makes millions of unauthorized purchases (Upstream) $18 million of fraudulent charges from the app blocked by malware security platform Secure-D

Google Hosted an Insecure App for Searching Personal Data of Palestinians (Vice) It’s possible to scrape the biographical data of thousands of Palestinians from an exposed server.

Researchers find hole in EU-wide identity system (Naked Security) The EU has fixed a flaw in the powerful yet complex eIDAS digital identification system that let people authenticate as someone else.

This aggressive IoT malware is forcing Wi-Fi routers to join its botnet army (ZDNet) Gafgyt has been updated with new capabilities, and it spreads by killing rival malware.

New Office 365 Phishing Scams Using Audio Voicemail Recordings (BleepingComputer) Ongoing phishing scams have been spotted targeting Microsoft Office 365 with partial audio voicemail messages to convince targets that they need to login to hear the full recording.

Crooks Use Clever Schemes to Get More Victims Over the Phone (NBC 6 South Florida) Unwanted robocalls seem random, but the next one you receive might not be random at all. NBC Responds exposes how today’s scammers tailor their calls to personally target you, and you might unknowingly...

New Chrome 0-day Bug Under Active Attacks – Update Your Browser Now! (The Hacker News) Google is warning Chrome users to update their browsers immediately due to a high-severity security bug that is being actively exploited in the wild and could let hackers hijack your computer.

Utah renewables company was hit by rare cyberattack in March (CyberScoop) A Utah-based renewable energy company was the victim of a rare cyberattack that temporarily disrupted communications with several solar and wind installations in March, according to documents obtained under the Freedom of Information Act.

Brewers hit by NSW container deposit scheme data breach (Brews News) Sensitive financial information about breweries has been released to their competitors in a data breach by the operator of the beleaguered New South Wales container deposit scheme.

Researchers fish out Fortune 500 companies' passwords from Dark Web. Guess the common one! (SC Magazine) Researchers have traced more than 21 million credentials linked to Fortune 500 companies that were traded in Dark Web marketplaces

Warning over QSnatch malware infecting QNAP NAS devices (Computing) After gaining access to a device, the malware injects malicious code into the firmware to gain persistence

Honeywell equIP and Performance Series IP Cameras and Recorders (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Honeywell Equipment: equIP series and Performance series IP cameras and recorders Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could result in unauthenticated access.

Honeywell equIP Series IP Cameras (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: equIP series IP cameras Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in denial-of-service conditions.

Honeywell equIP and Performance Series IP Cameras (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: equIP series and Performance series IP cameras Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in unauthenticated access.

Advantech WISE-PaaS/RMM (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WISE-PaaS/RMM Vulnerabilities: Path Traversal, Missing Authorization, Improper Restriction of XML External Entity Reference, SQL Injection 2.

MAR-10135536-8 – North Korean Trojan: HOPLIGHT (CISA) Notification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise.

()

A Maritime Cyber Attack Could Cost $110B, Cripple Global Supply Chains (Homeland Security Today) Ports would be unable to accommodate cargo and cruise ships. Heavy-haul trucks would be stranded and cause backlogs en route to ports.

Recovery Continues 3 Weeks After Carrollton Cyberattack (Dallas Observer) Cyber criminals struck again in Texas last month, this time in the Dallas suburb of Carrollton, where officials have grappled for weeks with the impacts of an attack that took out the city's website and paralyzed some municipal services. The attack took the city’s website and email servers offline, disabled...

Security Patches, Mitigations, and Software Updates

On Halloween night, Google discloses Chrome zero-day exploited in the wild (ZDNet) On Halloween, Google releases Chrome 78.0.3904.87 to patch a Chrome zero-day discovered by Kaspersky exploited in the wild.

()

Weblogic High Risk Vulnerability Threat Alert (NSFOCUS) Overview Recently, Oracle fixed two high-risk vulnerabilities in Weblogic (CVE-2019-2890 and CVE-2019-2891) in its October critical patch update.

Linux maintainer: Patching side-channel flaws is killing performance (Naked Security) Mirror, mirror on the wall, which is the worst side-channel vulnerability of them all?

Cyber Trends

Forget the season of goodwill – this will be one of brutal digital electioneering (The Telegraph) It’s more than 11,000 miles from Conservative Campaign HQ in Westminster but a low-key office on a quiet street in Auckland is set to play a key role in Boris Johnson’s election campaign.

Marketplace

35+ Initiatives to get more Women in Cybersecurity (Comparitech) We examine the gender gap and the challenges faced by women in cybersecurity, and highlight some of the initiatives dedicated to helping them.

Plixer Establishes Local Presence in APAC to Support Growth (West) Appoints Sanjiv Verma as Vice President of Sales for APAC

Luiz DaSilva Named Inaugural Executive Director for Commonwealth Cyber Initiative (Citybizlist) An internationally recognized expert in networks who currently leads an initiative that applies the expertise of 250 researchers

Products, Services, and Solutions

New infosec products of the week: November 1, 2019 (Help Net Security) The most important infosec products of the week come from the following vendors: HITRUST, Jetico, Baffle, Jumio and Moogsoft.

Snow Software Unveils Risk Monitor to Combat Security and Compliance Threats (CSO) Enhancements bridge the gap between IT and security data to provide a complete view of known vulnerabilities and applications containing personally identifiable information across the technology environment

Integris Software Partners with Cloudentity to Launch Industry-First Automated Data Privacy and Security Solution For API-based Services (PR Newswire) Cloudentity and Integris Software have formed a partnership to deliver the industry's first solution to address the data...

Censys Launches Attack Surface Visibility Platform (Censys) Automatic Attack Surface Monitoring and Real-time Alerts Protect Against Attackers and Data Breaches

LogicHub Automates Phishing Triage at Machine Speed (BusinessWire) LogicHub, the provider of the industry’s most complete security automation platform, today announced the release of LogicHub Autonomous Phishing Triag

Campaign Managers for Clinton, Romney Provide Help for Hacks (Bloomberg) Nonprofit offers candidate free or discounted cyberprotection. Both Mook and Rhoades have experience with election breaches

Nonprofit rolls out discounted cyber support for political campaigns (FCW) A Federal Elections Commission-sanctioned nonprofit group has announced partnerships with a number of companies to offer free or cheap cybersecurity services to candidates running for federal office.

Technologies, Techniques, and Standards

International Cyber Benchmarks Index (Neustar) The International Cyber Benchmarks Index is an initiative of the Neustar International Security Council which assesses the international cybersecurity landscape from the vantage point of security professionals across the EMEA and US regions.

5 Cybersecurity Questions To Ask Your CISO (Password Protected) We have identified 5 important cybersecurity questions and talking points you can use to start a meaningful cybersecurity conversation with your CISO.

How charities can protect themselves against phishing scams | UK Fundraising (UK Fundraising) Recent high-profile attacks against non-profit organisations reinforce the fact that no industry is immune to the rise in cyber crime. Charities Ed Macnair of Censornet advises that charities protect themselves against hackers and phishing scams to prevent donations to charity being stolen through cyber crime.

Design and Innovation

See, Facebook? Twitter Proves You Can Ban Political Ads (Wired) Twitter has decided to ban all political ads on its platform, while Facebook continues to allow even ones that lie.

Legislation, Policy and Regulation

Today Russia begins disconnection from the global Internet (Sc Magazine) Russia is to begin installing the tools to isolate the country from the Internet a precursor to creating Russia's own national internet network. Alex Henthorn-Iwane discusses the implications with SC Media UK

Analysis | The Cybersecurity 202: U.S. officials are working on a Huawei long game (Washington Post) They hope U.S. innovation can push Huawei out of 5G edge devices.

ICO to police: Live facial recognition 'raises serious concerns' (Computing) ICO calls for a statutory code of conduct to stop police misuse of live facial recognition technology

New federal guidelines could ban internet in voting machines (POLITICO) A long-awaited update to federal voting technology standards could ban voting machines from connecting to the internet or using any wireless technology such as Wi-Fi or Bluetooth.

Democratic lawmakers call on Barr to stop opposing encryption (TheHill) A pair of Democratic lawmakers sent a letter to Attorney General William Barr on Thursday urging him to stop government requests for encryption backdoors, which allow the government to obtain certain user information from tech

Litigation, Investigation, and Enforcement

India asks WhatsApp to explain privacy breach (Reuters) India, WhatsApp's biggest market with 400 million users, has asked the Face...

Code of Practice on Disinformation one year on: online platforms submit self-assessment reports (European Commission) Today, the European Commission published the first annual self-assessment reports by Facebook, Google, Microsoft, Mozilla, Twitter and 7 European trade associations under the Code of Practice on Disinformation. The reports by the signatories of the Code set out the progress made over

Interior Department grounds drone fleet over security concerns (Engadget) Fearing security risks, the Department of the Interior grounded its 800 drones.

Facebook denied financial services opportunities to women and older people, lawsuit alleges (CNN) Facebook is facing a proposed class action lawsuit for allegedly denying people financial services products based on age and gender.

()

Judge lambasts porn company for spewing copyright lawsuits (Naked Security) A US court shielded ISP account holders from a request for expedited discovery to see whose IP addresses were used to share pirated videos.

NJ 'Cyber Savvy Youth' campaign targets child predators on the 'cyber-playground' (MY CENTRAL JERSEY) The campaign to educate and test the cybersecurity knowledge of students was unveiled as New Jersey closes out Cybersecurity Awareness Month.

Giuliani needed Apple genius help to unlock his iPhone after being named Trump cybersecurity adviser (NBC News) Giuliani’s actions call into question his understanding of basic security measures, two former FBI cyber experts told NBC News.

Messagetap snoops on SMS. More Pegasus infestations. Russia starts disconnecting. Pyongyang's Hoplight. Bad keyboard app.

Bring your own context.