The CyberWire Daily Briefing, 11.6.19

Cyber Attacks, Threats, and Vulnerabilities

Malware attack on users: CERT-In alerted three days before WhatsApp pinged (The Economic Times) In Sept 2019, WhatsApp told CERT-In of attempts to target 121 Indians & around 20 may have been impacted.

The Islamic State Will Outlive Baghdadi. Afghanistan Shows How. (Foreign Policy) The Islamic State-Khorasan offers a powerful case study of the militant group’s ability to create autonomous affiliates that flourish and endure.

2020 election security ‘unprecedented,’ intelligence and law enforcement agencies say (The Washington Times) The heads of every U.S. intelligence and law enforcement agency issued a joint statement Tuesday vouching for the robust security measures deployed to prevent sabotage of the 2020 presidential election.

Feds warn that Russia, China and Iran will try to hack 2020 elections (Newsweek) On Tuesday, the DOJ, DOD, DHS, DNI, FBI, NSA, and CISA released a joint statement on 2020 election security, warning that "Russia, China, Iran, and other foreign malicious actors all will seek to interfere in the voting process or influence voter perceptions."

Joint Statement from DOJ, DOD, DHS, DNI, FBI, NSA, and CISA on Ensuring Security of 2020 Elections (FBI) Attorney General William Barr, Secretary of Defense Mark Esper, Acting Secretary of Homeland Security Kevin McAleenan, Acting Director of National Intelligence Joseph Maguire, FBI Director Christopher Wray, U.S. Cyber Command Commander and NSA Director Gen. Paul Nakasone, and CISA Director Christopher Krebs released a joint statement on election security.

Election manipulation using social media is at ‘crisis’ point, report warns (The Telegraph) Social media platforms such as Facebook and Twitter are in "crisis" due to increased electoral manipulation and mass surveillance on the platforms, according to a new report.

The Crisis of Social Media (Freedom House) What was once a liberating technology has become a conduit for surveillance and electoral manipulation.Internet freedom is increasingly imperiled by the tools and tactics of digital authoritarianism, which have spread rapidly around the globe.

2020 Voters Are Already Being Inundated by Fake News on Facebook (Vice) A year out from the election, the sharing of fake news is accelerating, and this time it's homegrown.

Simulation Shows Elections' Soft Security Underbelly (Security Boulevard) A simulation took place today in Washington, D.C., that showed how a cyberattack could impact Election Day without ever targeting voting machines. The

CBS 58 Investigates: Elections clerks at risk of cyber attack (CBS58) MILWAUKEE (CBS 58) -- Wisconsin elections officials will spend $1.1 million in election security grants to boost cybersecurity for clerks at the local level. A CBS 58 investigation found the money wi

Misinformation — not voting machine hacks — is biggest threat to 2020 election, FireEye CEO says (CNBC) The cybersecurity executive says targeted campaigns to sway voters' opinions is what worries him ahead of the 2020 election.

Facebook Discloses Privacy Breach Caused by Groups API Bug (BleepingComputer) Facebook said that private group member information such as names and profile pictures might have been accessed by approximately 100 developers of primarily video streaming and social media management apps.

Facebook: 100 developers may have improperly accessed users' data (Axios) Names and profile photos of people in specific groups may have been impacted, Facebook said.

Changes to Groups API Access (Facebook News for Developers) Since April of 2018, we’ve been reviewing the ways that people can use Facebook to share data with outside companies.

Tipped off by an NSA breach, researchers discover new APT hacking group (Ars Technica) DarkUniverse went undetected for at least 8 years. The NSA finally outed it.

DarkUniverse APT Uses Just-in-Time Malware Creation (SecurityWeek) The cyber threat actor known as DarkUniverse has been creating new malware samples just before delivering them to victims.

Disclosure Does Little to Dissuade Cyber Spies (Dark Reading) In the past, outing nation-state cyber espionage groups caused a few to close up shop, but nowadays actors are more likely to switch to new infrastructure and continue operations.

Actively exploited bug in fully updated Firefox is sending users into a tizzy (Ars Technica) Fraudulent tech-support sites cause Firefox to freeze while displaying scary message.

WordPress Admins Infect Their Sites With WP-VCD via Pirated Plugins (BleepingComputer) WordPress sites have been the target of a highly active malicious campaign that infects them with a malware dubbed WP-VCD that hides in plain sight and quickly spreads to the entire website.

Nikkei hit by BEC scammers, loses $29 million (Help Net Security) Japanese media company Nikkei Inc. is the latest organization to be fleeced by BEC scammers, to the tune of $29 million (approx. 3.2 billion Japanese Yen).

Fake ransomware named after Donald Trump tries to trick victims out of a buck (CyberScoop) Donald Trump can add ransomware to the list of things named after him, thanks to scammers who again have demonstrated how current events create opportunities to steal data. Security researchers from Cisco’s Talos threat intelligence team on Tuesday published findings explaining how hackers are using the likeness of the president, his predecessor and other political figures to dupe victims into paying up.

New Megacortex Ransomware Changes Windows Passwords, Threatens to Publish Data (BleepingComputer) A new version of the MegaCortex Ransomware has been discovered that not only encrypts your files, but now changes the logged in user's password and threatens to publish the victim's files if they do not pay the ransom.

Former Trend Micro employee enabled scam calls by stealing customers' personal data (CyberScoop) A former employee of Trend Micro stole the personal data of some customers with a “clear criminal intent” and then sold it to a third party earlier this year, the cybersecurity company disclosed Tuesday.

Office for Mac 2011 users warned about SYLK file format (Naked Security) Still running Office 2011 on a Mac? If so, there are at least two reasons why that might not be a good idea.

Omron Network Configurator for DeviceNet (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: Network Configurator for DeviceNet Vulnerability: Untrusted Search Path 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-134-01 Omron Network Configurator for DeviceNet that was published May 14, 2019, on the ICS webpage on us-cert.gov.

Interpeak IPnet TCP/IP Stack (Update C) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendors: ENEA, Green Hills Software, ITRON, IP Infusion, Wind River Equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Injection, Null Pointer Dereference

Omron CX-Supervisor (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Omron Equipment: CX-Supervisor Vulnerability: Use of Obsolete Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in information disclosure, total compromise of the system, and system unavailability.

Brooklyn Hospital Loses Patient Data In Ransomware Attack (BleepingComputer) A ransomware attack hitting several computer systems at the Brooklyn Hospital Center in New York caused permanent loss of some patient's data.

Boeing's poor information security posture threatens passenger safety, national security, researcher says (CSO Online) The aircraft maker failed to perform minimum due diligence in securing its networks, then tried to cover it up, security researcher Chris Kubecka tells Aviation Cyber Security conference attendees.

()

Ransomware attacks in Spain leave radio station in “hysteria” (Naked Security) A ransomware attack has ransacked at least two Spanish companies, leaving their employees without computer access.

First BlueKeep attacks in the wild may be dark portents (SearchSecurity) Security researchers saw the first known BlueKeep attacks occurring in the wild and experts suspect these exploits will not be the last targeting the BlueKeep vulnerability.

Florida city sends $742K to fraudsters as it bites the BEC hook (Naked Security) “Here’s our new bank account number,” the scammers said. When the real construction firm sent their invoice, payment was made to the crooks.

Long Island School District Hit With Cyber Attack (NBC New York) The small Sag Harbor school district had its server and computer systems disabled due to the hack. This isn't the first time this year a Long Island school district has been hit with a cyber attack, however. NBC New York’s Greg Cergol reports.

This woman who delivered flowers to your office was a hacker. Did you let her in? (SC Magazine) Stephanie Carruthers, chief people hacker with the IBM X-Force Red offensive security services team, explains the common security mistakes by companies and employees

Security Patches, Mitigations, and Software Updates

An Essential FEMA Digital Certificate Update Comes From DAS (Radio & Television Business Report) Emergency video communications provider Digital Alert Systems has just released an important update of Federal Emergency Management Agency (FEMA) digital certificates used to authenticate messaging fr

Cyber Trends

GTIC Monthly Threat Report (NTT) During the month of October, the Global Threat Intelligence Center (GTIC) analysed vulnerability-specific activity within current, global, GMSSP data.... The DevSecOps Approach for Driving Better Outcomes, Lead Analyst: Kashif Hafeez, Senior Director, Product Marketing, WhiteHat Security...

Fraud Attacks Increase 30% in Q3 2019, as Arkose Labs Report Forecasts Holiday Retail Cybercrime Spree Fueled by Major Data Breaches (BusinessWire) Fraud increased 30% overall in Q3 2019 and bot-driven account registration fraud is up 70% as cybercriminals test stolen credentials in advance of the

SCAM Alert: Consumers Need to Watch Out This Holiday Season – The Number of Fake E-Commerce Sites is Spiking (NormShield Cyber Risk Scorecard) NormShield Researchers Find Thousands of Potential Phishing Websites Designed to Look Like Top E-Retailers, and more are coming just in time for the holidays

The State Of E-Commerce Phishing 2019 (NormShield) As the holiday season ramps up, cybercriminals are launching new fraudulent e-commerce sites to trick consumers into handing over personal and financial

IoT is an ecosystem, as secure as its weakest link - Help Net Security (Help Net Security) Remember when, three years ago, several Mirai botnets hit DNS provider Dyn and caused part of the Internet to be unreachable for most users in North

Employees know vulnerabilities exist, but they can’t resolve them quickly enough (Help Net Security) IT professionals reveal scanning endpoints for vulnerabilities as their top cybersecurity challenge, according to Adaptiva.

Marketplace

Bristol cybersecurity training firm raises $40m (BusinessCloud.co.uk) A further expansion into North America is planned by the company which was founded by a former GCHQ instructor

Inside TikTok: A culture clash where U.S. views about censorship often were overridden by the Chinese bosses (Washington Post) The tensions inside TikTok's Beijing-based parent company highlight a growing challenge for the American Internet as Chinese tech giants race to expand and compete more directly with social media firms in the West.

Exclusive: Huawei calls hackers to Munich for secret meeting (TechCrunch) Chinese tech giant Huawei has asked some of the world’s best phone hackers to a secret meeting in Munich later this month as the company tries to curry favor with global governments, TechCrunch has learned. Sources with knowledge of the November 16 meeting said Huawei will privately present i…

WSJ News Exclusive | Xerox Considers Takeover Offer for HP (Wall Street Journal) Copier maker Xerox has set its sights on a takeover of personal-computer and printer maker HP, an audacious move that would unite two fading stars of technology.

FCC formally approves T-Mobile-Sprint merger (TheHill) The Federal Communications Commission on Tuesday formally confirmed its approval of the T-Mobile-Sprint merger along party lines, clearing the final hurdle for government approval.

DataTribe Announces Finalists of Second-Annual Cybersecurity Startup Challenge (Citybizlist) DataTribe, a global cyber foundry that invests in and co-builds next-generation cybersecurity and data science companies with nation-state experienced technical teams from the intelligence community, research labs, and industry-leading experts, announced today the three finalists of its second-annual DataTribe Challenge.

Forkast.Focus | HKFinTechWeek: Startups Capitalize on Cryptography in Medicine (Forkast.News) The increasing use of big data in the medical industry has left some concerned regarding their rights to privacy, though some companies are working on blockchain and cryptography applications to address the issues. California-based startup blockdoc is one such digital health and security company that is using advanced cryptography. Another is Blue Cross (Asia-Pacific) Insurance, …

QOMPLX Appoints Industry Veteran Andrew Jaquith As Chief Information Security Officer And General Manager Of Cyber Business Unit (PR Newswire) QOMPLX™, an intelligent decision platform provider, today announced the appointment of Andrew Jaquith to the role of...

Symantec Enterprise Sales Head Exits In Wake Of Broadcom Deal (CRN) Symantec Enterprise global sales leader Marc Andrews left the company following news of the division’s $10.7 billion sale to Broadcom, according to his LinkedIn page.

Products, Services, and Solutions

Trustwave Launches Advanced Threat Detection and Response Services for Microsoft Azure (Trustwave) Trustwave announced the launch of services to bolster threat monitoring, detection and response natively in Microsoft Azure. As a preferred global managed security services provider (MSSP) partner, Trustwave is offering consulting and professional services and advanced threat detection and response services for Microsoft Azure to help enterprises address growing complexities securing cloud and multi-cloud environments.

RedSeal Expands Hybrid Network Modeling Capabilities to Include Google Cloud Platform (West) Organizations can see access and prioritize vulnerabilities across network environments

STEALTHbits Technologies Continues to Offer Advanced Detection of Active Directory Threats and Automated Responses to Negate Them with StealthDEFEND Version 2.2 (STEALTHbits) STEALTHbits Technologies, Inc., a cybersecurity software company focused on protecting an organization’s sensit...

Webroot Announces Business Endpoint Protection Integration with SyncroMSP (PR Newswire) Webroot, a Carbonite (NASDAQ: CARB) company, announced a new integration with SyncroMSP to give managed service...

Unisys Launches Stealth(identity)™ Software-as-a-Service, New Cloud-Based Offering for Secure Biometric Identity Management (Unisys) Unisys Corporation (NYSE: UIS) today announced the availability of Unisys Stealth(identity)™ Software-as-a-Service (SaaS), a new cloud-based version of the company's biometric identity management software.

Untangle Extends the Network to the Edge with the Release of Untangle SD-WAN Router and New eSeries Appliances (Untangle) Improving Network Performance and Business Continuity for Branch Offices

IGEL, Citrix and Ingram Micro Offer Combined Solution to Simplify Access to Azure-Delivered Cloud Workspaces - IGEL (IGEL) IGEL, provider of the next-gen edge OS for cloud workspaces, today announced the launch of a new bundle, available through Ingram Micro Inc., that combines best-in-breed products from IGEL and Citrix to simplify the delivery of high performance end user computing with “anywhere access” in the cloud. Ideal… Read More »

The Evolution from Network Access Control to Network Segmentation (Forescout) For the past 20 years, the principles of network access control have remained mostly the same. Organizations would implement NAC in a super binary way. Devices were either allowed on the network or they were blocked. They either got corporate-level access or they were restricted to guest. Those were the options. But the technology landscape …

VMware Unveils Advanced Technology Offerings, Spotlights Customers and Reinforces Commitment to Tech for Good at VMworld 2019 Europe (West) VMworld 2019 Europe -- This week at VMworld 2019 Europe, VMware, Inc. (NYSE: VMW) reinforced its vision of a software architecture that enables any app, on any cloud, to any device with the introduction of significant new technology offerings and strategic partnerships.

Exostar and Ivis Technologies to Partner on DoD Supply Chain Security and Cybersecurity Maturity Model Certification (CMMC) (Arizona Daily Star) Relationship Extends Exostar’s Risk Management Solution Suite, Supports Industry’s Adoption of CMMC

ExtraHop Joins the Microsoft Intelligent Security Association to Defend Against Cybersecurity Threats (BusinessWire) ExtraHop Joins the Microsoft Intelligent Security Association to Defend Against Cybersecurity Threats

Un service gratuit de Threat Intelligence signé OPSWAT (Global Security Mag Online) L'éditeur de solutions de sécurité OPSWAT annonce la disponibilité de la nouvelle version de son service en ligne d'analyse des menaces. Le nombre de requêtes par jour est limité à 100.

Cofense Teams Up with AwareGO to Expand Security Awareness Training (Yahoo) The partnership further strengthens Cofense's market-leading position in intelligent phishing defense solutions.

Technologies, Techniques, and Standards

Thycotic Offers Free Cyber Security "Election Protection Toolkit" (PR Newswire) Thycotic, a provider of privileged access management (PAM) solutions to 10,000 organizations worldwide, including 25...

Free Tools Boost 2020 Election Security, but Not Enough (Wired) More companies than ever are offering low-cost security services for election bureaus and campaigns. It’s still not clear how much they’ll actually help.

Cyber security monitored closely during election night (WOLF) State and federal officials closely monitored cyber security across Pennsylvania yesterday.

The National Guard is shoring up to fight 2020 election hacking (Military Times) The National Guard is preparing for 2020 election night hacking. In the mean time, some states have been dealing with their own breaches.

How to Tell if Your Network Firewall is at Risk (Monroy IT Services) There is no single solution for protecting your private network from intrusions like viruses, data theft, or targeted attacks. However, your network firewall is your first line of defense and requires regular maintenance. If you haven’t thought about your network...

MSPs must put their own cyber security first (NS Tech) In December 2018, the United States Department of Justice unsealed an indictment charging two Chinese nationals with intellectual property theft. Over the course of 12 years, the defendants alleged

'Intelligent' honey pot helps John Muir Health defend its network from bad actors (Healthcare IT News) The network-based cybersecurity technology acts as an early warning system, giving the CISO and his team a high degree of visibility into network activity.

UK Launches Cyberhood Watch (Infosecurity Magazine) Neighbourhood Watch starts community cyber-safety initiative

Design and Innovation

Facebook to expand encryption drive despite warnings over crime (Reuters) Facebook will outline on Wednesday plans to expand encryption across its Messeng...

Facebook’s Zuckerberg holds line on political ads, but microtargeting could change (NBC News) Banning microtargeting has the support of Ellen Weintraub, chairwoman of the Federal Election Commission, which regulates how money is raised and spent in elections.

Academia

China tries to gag UK universities (Times) The Chinese government has attempted to curb criticism on British campuses of its regime by pressuring universities into limiting academic freedom, MPs have said. “Alarming” evidence of Chinese...

Legislation, Policy and Regulation

Inside the BlizzCon protests over China's grip on gaming (The Telegraph) Among the lavish orc and wizard costumes donned by attendees to BlizzCon 2019, the annual gaming fanfest hosted by World of Warcraft maker Blizzard, outfits of a different kind appeared in the halls of the Anaheim Convention Center.

After Brexit, Europe wants cybersecurity pact with UK (ZDNet) A joint response to security threats will be a key part of the future relationship says Europe's chief Brexit negotiator.

UAE may lift ban on WhatsApp calls, head of country's cybersecurity authority says (CNBC) Most voice over Internet Protocol (VoIP) services – including Skype, FaceTime and WhatsApp – which enable free voice and video calls via the internet, are illegal in the UAE.

TikTok faces lawmaker anger over China ties (TheHill) The massively popular social media app TikTok is struggling to assuage lawmakers’ concerns over its ties to the Chinese government and allegations that it is amassing data on U.S. users for Beijing.

FCC Wants to Know if Huawei Gear Is Near U.S. Military Bases (Bloomberg) Agency chief Ajit Pai speaks in interview with Bloomberg News. Pai has proposed barring use of U.S. subsidies for Huawei gear.

Senate Republican raises alarm on Apple and TikTok's China ties: "Americans deserve answers" (Axios) "What's happening to our data when we use the app?"

What FEMA is to disaster response, CISA should be for cyber response (Federal News Network) The head of the Cybersecurity and Infrastructure Security Agency said recent ransomware attacks on a city and states highlight the need for better responses.

Senators introduce cybersecurity workforce expansion bill (TheHill) Four members of the Senate Commerce, Science and Transportation Committee from both sides of the aisle introduced a bill Tuesday to expand America's cybersecurity workforce.

Silicon Valley lawmakers introduce tough privacy bill to regulate top social media platforms (TheHill) A pair of California Democratic lawmakers on Tuesday introduced a tough privacy bill that would significantly curtail Silicon Valley's control over all Americans' personal information.

IBM: Face Recognition Tech Should be Regulated, Not Banned (SecurityWeek) IBM said that instead of banning all facial recognition technology, policymakers should employ "precision regulation" in cases where there is "greater risk of societal harm."

Anti-Deepfake Law in California Is Far Too Feeble (Wired) Opinion: While well intentioned, the law has too many loopholes for malicious actors and puts too little responsibility on platforms.

Litigation, Investigation, and Enforcement

Inside the FBI's quiet 'ransomware summit' (CyberScoop) To help stop ransomware attacks, the FBI quietly convened the country’s top ransomware experts in an unprecedented, closed-door conference in September.

Accused Vault7 leaker Joshua Schulte argues Espionage Act charges are unconstitutional (CyberScoop) A former CIA employee accused of giving U.S. secrets to WikiLeaks is asking a judge to toss some charges against him, asserting they are unconstitutional.

The WhatsApp-NSO Group Lawsuit and the Limits of Lawful Hacking (Lawfare) A recent lawsuit by WhatsApp against a spyware company may signal the beginning of the end for lawful hacking as a solution to the problem of law enforcement access to encrypted data.

LinkedIn Data Scraping Case Shows 9th Circ. Shift On CFAA (Cooley) When may a company legally scrape data from another company’s website? Does it matter whether the website is open to the public or only to logged-in users? This is a contested area of law under the…

Singtel, Ninja Van fined by privacy watchdog over separate data breaches (The Business Times) TELCO Singtel has been fined S$25,000 for a data breach involving its My Singtel mobile app, according to a decision released on Monday from the Personal Data Protection Commission (PDPC), Singapore’s official privacy watchdog and enforcer of the Personal Data Protection Act. Read more at The Business Times.

Police interrogate Alexa for clues in fatal spear-stabbing (Naked Security) A friend heard a couple arguing but couldn’t make out what it was about. Police hope that Alexa might have a better idea.

Man said hacker stole Instagram account and demanded ransom (KGTV) The hacker demanded money in Bitcoin.

US agencies claim "unprecedented" election security. Disinformation. DarkUniverse described. Facebook's Groups App bug.

Bring your own context.