The CyberWire Daily Briefing, 11.7.19

Cyber Attacks, Threats, and Vulnerabilities

Researchers identify Chinese group behind cyberattacks on India (Republic World) Security researches have identified Chinese hacking group which had stolen confidential data from the government by attacking governments including India.

Amid NSA warning, attacks on Confluence have risen in recent weeks (CyberScoop) Attackers are using a vulnerability that Confluence warned about this spring, according to data from Trend Micro’s TippingPoint technology.

US officials say lead up to 2019 election was hack-free (Fifth Domain) With one year to go until Election Day 2020, officials said the ability to tally votes has not been compromised.

Shadow Brokers data dump tipped researchers off to a mysterious APT dubbed DarkUniverse (CyberScoop) Clues about a hacking group that carried out attacks against targets in countries including Syria, Iran and Russia were included in files leaked by a mysterious group known as the Shadow Brokers, according to new findings.

New Android Threat: Google Confirms Malicious Apps Removed From Play Store—Uninstall Now (Forbes) Just as Google announces its App Defense Alliance, another warning has been issued for Android users to delete dangerous apps installed from the Play Store.

Kaspersky uncovers zero-day in popular web browser exploited in the wild by threat actor (IT Security Guru) Kaspersky’s automated technologies have detected a new exploited vulnerability in the Google Chrome web browser.

Massive Web Defacement Attack in Georgia Raises New Concerns About Politically Motivated Cyber Attacks (CPO Magazine) Largest cyber attack in Georgia's history resulted in massive web defacement that affected nearly 15,000 websites and forced nearly 2,000 websites to go offline on 28 October.

This is how Google Analytics is abused by phishing scammers (ZDNet) Analytics markers can help fraudsters track victims and dupe them into visiting malicious domains - but can also light the way for defenders.

()

Influencers Pay Thousands to Get Back Into Their Hacked Instagram Accounts (Vice) A white hat hacker who used to help for free is now charging hacked influencers to help them regain access to their accounts.

Cybersecurity scam called 'formjacking' on the rise (WCNC) "Formjacking" is also known as e-skimming and leaves victims unaware of stolen information.

Ring Video Doorbell Pro Under the Scope (Bitdefender Labs) Bitdefender researchers have discovered an issue in Amazon’s Ring Video Doorbell Pro IoT device that allows an attacker physically near the device to intercept the owner’s Wi-Fi network credentials and possibly mount a larger attack against the household network. Vulnerability at a glance When...

Thousands affected by California DMV data breach | StateScoop (StateScoop) The personal information of about 3,200 people was made available to seven other federal and state agencies, including the Department of Homeland Security.

Billabong and Quiksilver are hit by a crippling cyber attack (Mail Online) Boardriders Inc, the US company which owns Quiksilver and Billabong - both founded in Australia - was attacked by international hackers two weeks ago.

Heads-Up: Malicious Actors Want to Join Your Team! (KnowBe4) Malicious actors are trying every way to phish - including joining your organization. See how you can stay safe from the bad guys.

We can’t resist the lure of getting rich quick (Times) Here’s one for the Annals of Human Frailty. Like hundreds of thousands of other people, I’ve been listening to a BBC podcast series, The Missing Cryptoqueen, that ended this week. It’s an...

St. James online government services impacted by cyber attack (WBRZ) Officials say a cyber attack over the weekend has interrupted government services in St. James Parish.

Ransomware attack at Brooklyn Hospital Center results in permanent loss of some patient data (FierceHealthcare) A ransomware attack hitting several computer systems at Brooklyn Hospital Center in New York City exposed patient data and caused permanent loss of some patients' information. The hospital discovered that malware had encrypted certain systems and disrupted the operation of certain hospital systems.

Cyber Trends

2019 Trust Report in Practice: Trust at Scale (Synack) With the quickening pace of cyber incidents, software delivery, and security alerts - and with limited resources - CISOs’ 2020 imperative is scale.

SANS 2019 Threat Hunting Survey: The Differing Needs of New and Experienced Hunters (SANS Institute) The 2019 SANS Threat Hunting Survey gathered current industry data from 575 respondents predominantly from small/medium to medium/large organizations that are working in the field of threat hunting or working alongside threat hunters.

Defending Against Ransomware: The Growth of Targeted Attacks (Security Magazine) Cybercriminals are moving away from mass-volume, opportunistic ransomware attacks. Instead, they are focusing on enterprises they believe will pay their ransoms. What are some security best practices to protect against ransomware?

BeyondTrust announces its top security predictions for 2020 and beyond (Intelligent CIO Middle East) BeyondTrust, a worldwide leader in Privileged Access Management (PAM), has announced its top security predictions for the New Year and into 2025.

Parks Associates: More Than 50% of New Security System Owners Self-Installed Their System (PR Newswire) New research from Parks Associates reports that 51% of security system owners who acquired their security system in the...

Marketplace

2019 Cybersecurity Workforce Study ((ISC)²) The (ISC)² Cybersecurity Workforce Study, 2019 is downloadable here. The study is conducted annually to assess the cybersecurity workforce or skills gap and how to recruit, build and strengthen cybersecurity staff or teams.

Delays in security clearances hit IT vendors in capital region the hardest, report says (FedScoop) The backlog in federal security clearances has a disproportionate effect on digital technology companies in and around the nation’s capital, according to a new report that gathers data on a process that has faced increased scrutiny from lawmakers, the Trump administration and industry.

How data breaches affect stock market share prices (Comparitech) A data breach incurs serious consequences no matter whether a company is big or small. Staff get fired, executives issue apologies, and entire systems are overhauled to ensure that it doesn’t happen again. They instill doubt in consumers, damage the company’s reputation, and the impact can last for years. A data breach can harm both …

This is Google’s plan to rid Google Play of bad Android apps (TechCrunch) Google has partnered with mobile security firms ESET, Lookout and Zimperium to combat the scourge of malicious Android apps that sneak into the Google Play app store. The announcement came Wednesday, with each company confirming their part in the newly created App Defense Alliance. Google said it&#…

'Chronicle Is Dead and Google Killed It' (Vice) Chronicle, Google’s moonshot cybersecurity startup that was supposed to completely change the industry, is imploding.

Rogue Device Mitigation Startup Sepio Systems Completes $6.5M Series A round led by Hanaco Ventures and Merlin Ventures (APN News) US and Israel-based cybersecurity company Sepio Systems, has raised a $6.5 million in Series A funding round led by Hanaco Ventures and Merlin Ventures, with the participation of existing investors Energias de Portugal (EDP), Mindset Ventures and Pico Partners.

Nightfall raises $20.3 million for AI that prevents sensitive data leaks (VentureBeat) Nightfall, a San Francisco-based startup developing an AI-powered platform that prevents sensitive data disclosure, has raised $20.3 million.

Huawei Founder Says Chinese Giant Doesn’t Need the U.S. (Wall Street Journal) Chinese telecom giant Huawei can survive without the U.S., CEO Ren Zhengfei said, dismissing Washington’s campaign against it as ineffective.

Bishop Fox acquires SoNeMo technologies; founder joins Barcelona, Spain office (PR Newswire) Bishop Fox, the largest private professional services firm focused on offensive security testing, announced today that it...

Cyxtera Technologies Announces Spin Out of Cybersecurity Business (BusinessWire) Cyxtera Technologies today announced its intention to spin out its cybersecurity business into a separate company to be called AppGate, Inc.

HP confirms approach from Xerox (CRN) Rumours of a takeover bid from Xerox emerged earlier this week

ESET Becomes Founding Member of App Defense Alliance; ESET to Proactively Protect Mobile Applications on the Google Play Store (BusinessWire) ESET Becomes Founding Member of App Defense Alliance; ESET to Proactively Protect Mobile Applications on the Google Play Store

Microsoft Lays Bare Cybersecurity Ambitions (Security Boulevard) Microsoft is securing Azure by extending its portfolio of cybersecurity offerings and enlisting the help of third-party security vendors.

VMware channel boss on why its 'antiquated' partner programme needed an overhaul (CRN) Programme changes will come into effect on 29 February 2020

Qualys Uses Free Products To Retain And Grow Subscribers (Seeking Alpha) Cloud-based security service provider Qualys continues to surge past market expectations.

Fortinet Is Winning Big in the Cybersecurity Wars (The Motley Fool) This legacy cybersecurity company is in a unique and enviable position.

Tenable is Number One in Zero-Day Research, Surpassing 100 Discoveries in 2019 (Yahoo) Tenable®, Inc., the Cyber Exposure company, today announced it is the first and only vulnerability management vendor to surpass 100 zero-day discoveries in a single year. Tenable Research leverages its deep vulnerability expertise to identify previously-undisclosed flaws to ensure organizations

Georgia business climate, Cyber Center attracting companies and jobs (The Augusta Chronicle) Georgia was named best business climate for a seventh year in a row by one magazine and Georgia Cyber Center's unique ecosystem is also attracting

Open-source software giants Tor and Python establish first New York City offices on NYU Tandon campus (West) The New York University Tandon School of Engineering announced today that pioneering open-source software nonprofits the Tor Project and Python Software Foundation (PSF) are the newest tenants at 370 Jay Street, a recently renovated addition to the University’s engineering and applied sciences programs in Downtown Brooklyn.

Guardsquare Opens North American HQ (Yahoo) Guardsquare, the leading mobile application security platform, today announced the opening of its North American headquarters in Boston, Mass. The new office will serve as the global home of the company’s sales and marketing operations and will be led by two new executives – chief revenue officer John

Vectra AI expands leadership team with addition of results-driven executives (PR Newswire) Vectra AI, the leader in network threat detection and response (NDR), today announced the addition of two...

Fast-Growing Network Security Startup Bricata Enlists New Chief Product Officer and Vice President of Sales (Bricata) Fast-Growing Network Security Startup Bricata Enlists New Chief Product Officer and Vice President of Sales Newest Additions to the Leadership Team Adds Decades of Experience in Product Innovation and

ThetaRay Appoints Moran Goldwein as SVP, Human Resources (PR Newswire) ThetaRay, a leading provider of AI-based Big Data analytics, today announced the appointment of Moran Goldwein to the...

vArmour Appoints Jeff Jennings as SVP of Engineering, Former Google VP and VMware SVP/GM (Yahoo) vArmour, the leader in centralized risk and control, today announced Jeff Jennings has joined the company as the new SVP of Engineering. With long-term roles at VMware and at Google for nearly the past two years, Jennings has been critical in helping

KnowBe4 Hires James McQuiggan as Security Awareness Advocate (PRWeb) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced the hiring of James McQuiggan a

IronNet Cybersecurity Appoints Donald Closser as Chief Product Officer (Newkerala.com News) IronNet Cybersecurity announced today that it has appointed Donald Don Closser as Chief Product Officer CPO reporting to Co-CEOs Bill Welch and GEN Ret. Keith B. Alexander, the former Director of the U.S. National Security Agency and Founding Commander of U.S. Cyber Command.

AI expert joins Darktrace's advisory board (Information Age) Cyber AI company, Darktrace, has announced that Professor Nick Jennings, CB FREng, has joined the company’s advisory board

Products, Services, and Solutions

Nozomi Networks Unveils Community Edition of its Cyber Security Platform (West) Helps security and risk management teams expand their security programs by providing visibility into OT and IoT assets

Leader in electronic components manufacture turns to Area 1 Security to reduce global cyber security risk (Area 1) Throughout the past 50 years, AVX Corporation has innovated, developed, manufactured, and supplied critical components and solutions for the global automotive, industrial, medical, military, consumer electronics, communications, and transportation markets, building a successful business with over $1.5 billion annual revenue.

Ostendio Launches MyVCM Auditor Connect (PR Newswire) Ostendio Inc., a leading provider of integrated risk management software, today announced the launch of a...

NordVPN Has Completed an App Security Audit (Economywatch) World, US, China, India Economy, Investment, Finance, Credit Cards

The Financial Data Exchange Reports Strong First-Year Growth; Now Protecting Online Financial Data for Five Million Consumers, Including Business Customers, Through 72-Member Network (PR Newswire) On the first anniversary of its launch, the Financial Data Exchange (FDX) is announcing widespread adoption of the...

Communiqué de presse - SafePost: A 100% confidential encrypted messaging service that puts an end to spam and fraudulent emails (24PRESSE) With the ever-present risk of personal data breaches on social media, not to mention the systematic analysis of the contents of our emails for advertising purposes and scams, SafePost offers a new way to exchange messages safely and confidentially.

Orca Tech and Brace 168 simplify cybersecurity (CRN Australia) Distie and MSP team to provide clients with defensive edge.

Place and Trace, a New Portable GPS Device, Offers Early Theft Detection, 24-7 Monitoring with Smartphone Notifications for Vehicles, and More (PR Newswire) Smart Chain Accelerator, (https://smartchainaccelerator.com), a division of Irvine-based Procon Analytics, is...

GNC Selects Kount’s Advanced AI-Driven Fraud Prevention Solution to Expand and Support Omnichannel Growth Strategy (Yahoo) New Customer-Centric Shopping Experience Will Enable New Revenue Channels and Minimize Fraud Losses

Brand Top-level Domain Owners Can Secure Company and Customer Data (PR Newswire) A new network security service protects enterprise data and keeps customers safe using the control capabilities and trust authority of a Brand Registry....

VMware bolsters security with in-house, Carbon Black tech (TechCentral.ie) VMware is moving quickly to meld its recently purchased Carbon Black technology across its product lines with an eye toward helping users protect their distributed enterprises. VMware just closed the $2.1 billion (€1.9 billion) buy of cloud-native endpoint-security vendor Carbon Black in October and in the process created a new security business unit that will target cybersecurity [&hellip

DataVisor and Experian Team Up to Help Businesses Reduce Digital Fraud Exposure (Yahoo) DataVisor, the leading fraud detection company with solutions powered by transformational AI technology, announced today it has teamed up with Experian to integrate its unsupervised machine learning powered transactional risk assessment capabilities into Experian’s CrossCore™ platform. The addition

NMU updates cyber product (Insurance Age) Product launched earlier this year also now includes cover for court attendance costs, service providers’ extensions and operational error.

The Best Cybersecurity Podcasts in 2019 (ClearanceJobs) With the rise of identity theft, data leaks, and financial breaches, cybersecurity is more important now than it ever has been. The problem with podcasts - there are a lot out there. So how do you separate the great ones from the ones you'll want to turn off right away? To make it easy, here's a list of what I believe are the best cybersecurity podcasts to listen to in 2019 and beyond.

Technologies, Techniques, and Standards

CISA Releases New ‘Cyber Essentials’ to Help Small Businesses, SLGs (MeriTalk) The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) today released its Cyber Essentials guide, which it describes as “a starting point for small businesses and government agencies to understand and address cybersecurity risk as they do other risks.”

Cyber Essentials (CISA) Your success depends on cyber readiness. Both depend on you. CISA’s Cyber Essentials is a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices.

Fugue Releases Best Practices Framework to Protect Against Advanced Cloud Misconfiguration Attacks (Fugue) Policy-as-code ruleset identifies critical cloud resource misconfigurations that have been exploited in recent data breaches

Phishing detection via analytic networks (Akamai) As mentioned in previous Akamai blogs, phishing is an ecosystem of mostly framework developers and buyers who purchase kits to harvest credentials and other sensitive information. Like many framework developers, those focusing on phishing kits want to create an efficient...

Inside the Microsoft team tracking the world’s most dangerous hackers (MIT Technology Review) From Russian Olympic cyberattacks to billion-dollar North Korean malware, how one tech giant monitors nation-sponsored hackers everywhere on earth.

Analysis | The Cybersecurity 202: Political campaigns are flocking to encrypted messaging apps. But they're not a panacea. (Washington Post) Wickr is providing its services to qualifying campaigns for half price.

Cyber security monitored closely during election night (WOLF) State and federal officials closely monitored cyber security across Pennsylvania yesterday. The department of homeland security helped reassure all voters it's working to make sure the integrity of this election is in place. With concerns over foreign interference it's important for voters to get their information from the secretary of state or their local election office. "Our mission, our goal, is to ensure that American elections are decided by Americans free of foreign interference.

Election security in Pennsylvania (WDVM 25) State officials in Pennsylvania are monitoring Tuesday’s election and assuring everyone that their votes are secure.

Election results from Texas’ largest county were delayed for hours. What happened? (The Texas Tribune) All Harris County election results had to be driven to downtown Houston with police escorts after state election officials objected to the county's practice of uploading memory cards through an encrypted network.

RIT gives tips, hints, and tricks to keep you safe in cyberspace (RochesterFirst) Computer security at home and at work is an on-going battle in cyberspace. Illegal hacking is an expensive endeavor nowadays, according to Robert Olsen with the Rochester Institute of Technology…

Design and Innovation

WSJ News Exclusive | Google Weighs Changes to Political Ad Policy (Wall Street Journal) Google is in discussions about changing its political ad policy, about a week after Facebook and Twitter publicly diverged on how to handle those ads.

Microsoft Aims Quantum-Computing Effort at Developers (Wall Street Journal) The tech giant has unveiled cloud-based quantum-computing tools that companies can use to speed up calculations on classical computers, among other things.

Here’s how the Army plans to visualize cyberspace (Fifth Domain) The Army wants companies to provide a tool for commanders in the tactical space to be able visualize and understand the cyber component to their battlespace.

Should the military treat the electromagnetic spectrum as its own domain? (C4ISRNET) Understanding and utilizing the electromagnetic spectrum is key to every branch of the military, but military experts are skeptical about the need to declare the electromagnetic spectrum a separate domain of warfare.

Research and Development

Google Unveils OpenTitan Secure Chip Project (Decipher) The OpenTitan chip project launched by Google and several partners will produce open-source designs for secure root of trust hardware.

Academia

NTT Research Partners with Simons Institute at UC Berkeley (Yahoo) NTT Research, Inc., a division of NTT (9432.T), today announced that it has entered into a three-year Industrial Partnership with the Simons Institute for the Theory of Computing at the University of California, Berkeley. A celebratory partnership signing event took place this morning at 11:15 a.m.

NJ high school girls encouraged to consider a cyber-security career (94.3 The Point) Jersey high school girls encouraged to consider a cyber-security career. An online competition will soon begin that offers fun, prizes and college scholarship money.

Legislation, Policy and Regulation

How AI and human rights became embroiled in US-China tech war (South China Morning Post) The US move to blacklist China AI champions threatens to cleave global technology into rival US and China camps.

The National Cybersecurity Strategy of the European Union (Analytics Insight) The European Commission proposed the Network and Information Security Directive (NIS Directive) in 2013, designed to enhance the EU Member States’ national cybersecurity capabilities, improving the cooperation between the Member States, the public and the private sector, while also requiring companies.

Ethiopia Needs Legal Cyber Security Auditing Framework: Expert (Walta Media) Ethiopia needs to develop a well-organized legal framework to tackle the ever-increasing cyber-attacks at the...

To Stop Fake News, Online Journalism Needs a Global Watchdog (Foreign Policy) Without regulations that push search engines and social media companies to prioritize reliable and truthful sources of information, propaganda and censored content will dominate digital…

Germany’s Online Crackdowns Inspire the World’s Dictators (Foreign Policy) An anti-hate speech law written in Berlin has been copy-pasted by authoritarian regimes from Caracas to Moscow.

Study: Russia's web-censoring tool sets pace for imitators (Star Tribune) Russia is succeeding in imposing a highly effective internet censorship regime across thousands of disparate, privately owned providers in an effort also aimed at making government snooping pervasive, according to a study released Wednesday.

Mozilla says ISPs are lying to Congress about encrypted DNS (Naked Security) Mozilla on Friday posted a letter urging Congress to take the broadband industry’s lobbying against encrypted DNS within Firefox and Chrome with a grain of salt.

Lawmakers Question Need to Renew Shelved Surveillance Power (1) (Bloomberg Law) A Trump administration push to renew its dormant authority to collect U.S. call detail records is running into bipartisan skepticism on Capitol Hill.

Germany could ban Huawei from 5G build-out, says defence minister (Euronews) Germany's defence minister Annegret Kramp-Karrenbauer said on Tuesday that it still hadn't ruled out whether to block Huawei from the country's 5G build-out.

China’s ZTE open to setting up a cybersecurity lab in India to allay security fears; calls for strong regulation (Economic Times) Chinese telecom gear maker ZTE said that it is open to set up a cybersecurity lab in India similar to its European labs to address the concerns raised..

Securing Our 5G Future (CNAS) Developing strong, pragmatic and principled national security and defense policies.

()

Letter from Senator Marco Rubio to Secretary of Defense Esper (Senator Rubio) Dear Secretary Esper: The threat of malicious Chinese technology to the United States...

New bill wants to map out federal cyber career paths (Fifth Domain) Congress has taken notice of the cybersecurity workforce shortage.

Nearly eliminated a year ago, now DISA has more responsibility (C4ISRNET) DISA will be responsible for running IT for several Fourth Estate agencies.

The National Guard’s new job? Dealing with ransomware (Fifth Domain) Responding to ransomware across states is a new mission for the National Guard and it doesn’t show signs of going away anytime soon.

Litigation, Investigation, and Enforcement

Former Twitter employees charged with spying for Saudi Arabia by digging into the accounts of kingdom critics (Washington Post) The case raises concerns about the ability of tech firms to protect users’ data from repressive governments.

U.S. Charges Former Twitter Employees With Spying for Saudi Arabia (Wall Street Journal) Federal prosecutors charged two former Twitter employees and a Saudi national with spying on users of the social-media platform who were critical of Riyadh and providing that information to the kingdom’s officials.

Three charged in US with spying on Twitter users for Saudi Arabia (AFP) Two former Twitter employees and a third man were charged in San Francisco Federal Court Wednesday with spying on Twitter users critical of the Saudi royal family, the US Justice Department announced.

No 10 ‘fears embarrassment of report into Russian influence’ (Times) Downing Street is suspected of suppressing a parliamentary report into Russian interference because it contains “embarrassing” disclosures about the Kremlin links of wealthy Russian donors to the...

If Russia meddled in the Brexit vote we need to know – before the election (Guardian) Boris Johnson should not delay the intelligence committee report. It risks undermining trust in our democracy, says Guardian columnist Gaby Hinsliff

California Probing Facebook’s Privacy Practices (Wall Street Journal) California is investigating Facebook’s privacy practices, the state’s attorney general revealed in a lawsuit that accuses the tech giant of failing to adequately comply with information requests that the company said it has satisfied.

Facebook executives planned 'switcharoo' on data policy change: court filings (Reuters) Facebook Inc began cutting off access to user data for app developers from 2012 ...

Attorney General Becerra Petitions Court to Compel Facebook to Comply with Outstanding Investigative Subpoena Issued by California (State of California - Department of Justice - Office of the Attorney General) California Attorney General Xavier Becerra today filed a petition in the San Francisco Superior Court requesting that the court order Facebook Inc.

Hacking fears: Before Pegasus, there was Galileo (Telegraph) Indian govt agencies were in talks with Italian spyware firm

Opinion | Whatever You Think of Facebook, the NSO Group Is Worse (New York Times) WhatsApp’s lawsuit against the spyware company NSO Group is a smart move for Facebook and an important defense of privacy and civil liberties.

Hacked Moroccan lawyer urges action against cyber spies (Reuters) A Moroccan human rights lawyer, who fled into exile after his phone was hacked, called for urgent international action to protect activists from the growing threat of cyber spies.

Morrisons: £55m payout over 2014 'grudge' leak of payroll data 'grossly unjust' (Computing) Morrisons tells Supreme Court that it should not be held vicariously liable for payroll data leak by senior IT internal auditor Andrew Skelton

Founders of ‘worthless cryptocurrency’ ATM Coin fined over $4.25m scam (Naked Security) Invest in “binary options,” they said, neglecting to mention the software set up to rig transactions so that customers lost the gamble.

US off-off-year elections apparently undisturbed by cyber ops, but threats remain. US charges three in Saudi spy case.

Bring your own context.

A note to our readers.