The CyberWire Daily Briefing, 11.8.19

Cyber Attacks, Threats, and Vulnerabilities

North Korea identified as potential source of cyber attack on Indian nuclear plant (The Straits Times) A recent sophisticated cyber attack on an Indian nuclear power plant aimed at ferreting out sensitive research and technical data could have originated in North Korea.. Read more at straitstimes.com.

Russia’s Gamaredon Group New Cyber Espionage Campaign Against Ukraine (MalCrawler) Ninja style techniques of hiding so well that only “1” AV vendor picked up Gamaredon malicious CVE 2017-0199 documents.

PerimeterX research team uncovers two new carding bots (PerimeterX) Thousands of e-commerce websites using top e-commerce platforms potentially at risk of new carding attacks. Find out how to block advanced carding attacks.

Legitimate TDS Platform Abused to Push Malware via Exploit Kits (BleepingComputer) Threat actors abused the legitimate Keitaro Traffic Direction System (TDS) to drive traffic to malware pushing RIG and Fallout exploit kits as part of both malvertising and malspam campaigns.

Microsoft warns users to stay alert for more BlueKeep attacks (ZDNet) Microsoft: BlueKeep exploit will likely be used to deliver payloads more impactful and damaging than coin miners.

Debunking The BlueKeep Exploit Hype – What You Should Know (Bitdefender) WannaCry is still fresh in our memory, reminding organizations of how distractive an unpatched vulnerability can be especially if weaponized as a wormable threat that delivers ransomware. BlueKeep has been estimated to have the same disruptive potential as WannaCry if sporting worm-like behavior, especially since RDP is a commonly used service in organizations, allowing IT and security teams to remotely dial into machines.

Australian Govt Warns of Active Emotet and BlueKeep Threats (BleepingComputer) The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) together with state and territory partners warns businesses and people of Emotet and BlueKeep threats being active in the wild.

TA542 Brings Back Emotet with Late September Spike (Dark Reading) Overall volumes of banking Trojans and RATs increased during the third quarter, when Emotet was suspiciously absent until mid-September.

Analysis | The Cybersecurity 202: Swing state election websites aren’t secure against Russian hacking, McAfee says (Washington Post) About half the county sites in Michigan and Wisconsin lack a key protection.

Google Alert: Hackers Downloading Malware To Your Chrome, Zero Day Vulnerability (International Business Times) Google Chrome users could be at serious risk of malware attack without them realizing.

A flaw in Amazon's Ring doorbells leaked customers' Wi-Fi credentials (CyberScoop) Internet-connected doorbells sold by Amazon’s Ring service contained a security vulnerability that would have made it possible for hackers to intercept a customer’s Wi-Fi username and password, then launch a larger attack on the network, according to findings made public Thursday.

Facebook scam steals famous faces and BBC branding (Naked Security) An email scam from earlier this year has resurfaced on Facebook – don’t fall for it!

Kaspersky Analysis Shines Light on DarkUniverse APT Group (Dark Reading) Threat actor was active between 2009 and 2017, targeting military, government, and private organizations.

WordPress sites hit by malvertising (Naked Security) An old piece of malware is storming the WordPress community, enabling its perpetrators to take control of sites and inject code of their choosing.

Trend Micro hit with insider attack (SC Magazine) Trend Micro was the target of an insider threat that saw information about 100,000 of its consumers being stolen, sold and used to make scam phone calls

Trend Micro Employee Sold Consumer Data to Scammers (BankInfo Security) A Trend Micro employee stole and then sold contact information for 68,000 of the company's consumer subscribers, which led to a raft of unsolicited tech support

Trend Micro Discloses Insider Threat Impacting Some of its Consumer Customers - (Trend Micro) We recently became aware of a security incident that resulted in the unauthorized disclosure of some personal data of an isolated number of customers of our consumer product. We immediately started investigating the situation and found that this was the result of a malicious insider threat. The suspect was a Trend Micro employee who improperly accessed the data with a clear criminal intent. We immediately began taking the actions necessary...

Trade Based Money Laundering - Part 1 (BAE Systems) There's a type of money laundering that banks struggle to identify - and it's massive.

Philips Tasy EMR (Update A) (CISA) 1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 7 --------- CVSS v3 4.3 ATTENTION: Low skill level to exploit --------- End Update A Part 1 of 7 --------- Vendor: Philips Equipment: Tasy EMR --------- Begin Update A Part 2 of 7 ---------

Mitsubishi Electric MELSEC-Q Series and MELSEC-L Series CPU Modules (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: MELSEC-Q Series and MELSEC-L Series CPU Modules Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability may prevent the FTP client from connecting to the FTP server on MELSEC-Q Series and MELSEC-L Series CPU module.

Medtronic Valleylab FT10 and FX8 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Medtronic Equipment: Valleylab FT10, Valleylab FX8 Vulnerabilities: Use of Hard-coded Credentials, Reversible One-way Hash, Improper Input Validation 2.

Medtronic Valleylab FT10 and LS10 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 4.8 ATTENTION: Low skill level to exploit Vendor: Medtronic Equipment: Valleylab FT10, Valleylab LS10 Vulnerabilities: Improper Authentication, Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to connect inauthentic instruments to the affected products by spoofing RFID security mechanisms.

Fuji Electric V-Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Fuji Electric Equipment: V-Server Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed; several heap-based buffer overflows have been identified.

Johannesburg says it’s back online after cyberattack and contractual dispute (Business Tech) The City of Johannesburg says that its online systems have been restored after being hit by a cyber-attack and contractual disputes.

Nunavut reels after ‘ransomware’ attack knocks out government services (The Globe and Mail) People forced to rely on faxed food vouchers as income-support payments disrupted

Breach at DNA-Test Firm Veritas Exposed Customer Information (Bloomberg) Startup says customer genetic information, health records not affected.

Mississippi school district falls victim to cyber attack (WKRG News 5) A Mississippi public school district says it has been the victim of a cyber attack.

Las Cruces school district to scrub 30,000 computers after cyber attack (Las Cruces Sun-News) Interim Superintendent Karen Trujillo gave a press conference Thursday with some details about how LCPS will recovery from cyber attack.

Boardriders Hit by Cyber Attack (Shop-Eat-Surf) Boardriders comments on the computer attack that led to slower shipments in several parts of the world.

Why Many People Got Mysterious Valentine’s Day Texts Today (Wired) The issue was reportedly caused by a maintenance update made to “messaging platforms of multiple carriers in the US."

Cyber Trends

Proofpoint Q3 2019 Threat Report — Emotet’s return, RATs reign supreme, and more (Proofpoint US) Proofpoint researchers provide a snapshot of threats that characterized the third quarter of 2019

Bitglass 2019 Cloud Adoption Report: Enterprise Cloud Adoption Nearly Triples Single Sign-On Adoption (BusinessWire) Bitglass, the Next-Gen CASB company, has just released “A for Adoption,” its 2019 Cloud Adoption Report. The study examines the rate of cloud adoption

Cybercriminals are testing exposed credentials for future account takeover attacks (Help Net Security) Fraud increased 30% overall in Q3 2019 and bot-driven account registration fraud is up 70% as cybercriminals test stolen credentials.

ESET: Organisations' Cybersecurity Readiness for New Regulations Still Low (Yahoo) ESET, developer of award-winning cybersecurity software, today released the results from its ESET Enterprise Survey 2019. The survey, which was commissioned to understand several countries' views on the importance of cybersecurity, revealed that organisations

Report Cites Urgent Need to Secure Connected Medical Devices (AAFP) The connected medical devices that are becoming so valuable to physicians and patients alike require a thoughtful approach to maintaining their security, according to a new report.

Tenable declares there are far worse security threats to fear than zero-day exploits (IT PRO) ‘If you’re scared of zero-days, you don’t know what you’re talking about’ claims Tenable

Sextortion cyberattacks remain high (Tri-City News) Email cyberattacks claiming to know people’s sexual proclivities continued to attack Canadians and people in other counties through 2019, a new report says. So-called “sextortion” is done via . . .

Marketplace

LogRocket lands $15M Series B, announces new tool to track customer metrics (TechCrunch) LogRocket is a startup on a mission to help companies root out and fix website app errors quickly and efficiently, and it seems to be going well. Today, the company announced a $15 million Series B investment led by Battery Ventures. The company also announced a new tool called LogRocket Metrics to…

Rogue Device Mitigation Startup Sepio Systems Completes $6.5M Series A Round Led by Hanaco Ventures and Merlin Ventures (PR Newswire) US and Israel-based cybersecurity company Sepio Systems, has raised a $6.5 million in Series A funding round led by Hanaco Ventures and Merlin...

Plurilock Awarded Federal US DHS, Canadian DND Contracts During Period (PRWeb) Plurilock this week announced that it has been awarded new contracts by the United States Department of Homeland Security (DHS) and the Canadi

Mobile security firms will help protect Google Play (Help Net Security) Google has partnered with ESET, Lookout and Zimperium to identify potentially harmful and unwanted apps before they are listed on Google Play.

Google is getting Play Store help from ESET, Lookout and Zimperium (TheINQUIRER) Mal-where?

Xerox confirms HP bid, says consolidation needed ASAP (CRN Australia) Thinks shareholders will do better if it moves faster.

All You Need To Know: UAE announces Middle East's biggest defense group (StepFeed) EDGE's various departments include cyber defense, mission support, missiles and weapons, platforms and systems, and electronic warfare and intelligence.

Huawei's focus on speed led to security flaws: carrier CTO (TechNode) This is the first time security is talked about this seriously in Europe, he said.

AP Interview: Huawei founder says US woes not hardest crisis (ABC News) The 75-year-old founder of Chinese tech giant Huawei says its troubles with President Donald Trump are hardly the biggest crisis he has faced while working his way from rural poverty to the helm of China's first global tech brand.

Synack Launches Veterans Day 2019 Hack to Support Our Nation's Heroes through The Bob Woodruff Foundation (Yahoo) Today, Synack and the Bob Woodruff Foundation announced a Veterans Day "hack" designed to raise awareness of the diverse cybersecurity skills of veterans while highlighting the need for nonprofits to be security-conscious

From embattled to embraced, Barracuda's CEO sees a different side of Microsoft (SiliconANGLE) From embattled to embraced, Barracuda's CEO sees a different side of Microsoft - SiliconANGLE

Top Capital One security officer moving to new role in wake of breach: report (TheHill) The top Capital One security officer is moving to a new role in the wake of the bank’s data breach, a spokesperson confirmed to The Hill.

Valimail’s Seth Blank Named Chair of M3AAWG’s Election Security Working Group (BusinessWire) Valimail, the leading provider of identity-based anti-phishing solutions, announced today that director of industry initiatives Seth Blank has been na

Plixer Appoints New Global Sales Leader (West) Plixer, the company that solves real-world security and network operations challenges, today announced that Chris Moulas has been named as Vice President of Global Sales for Plixer.

Ex-Symantec Consumer Business Taps Vincent Pilette As New CEO (CRN) Vincent Pilette has been promoted from CFO to CEO of the $2.41 billion former consumer division of Symantec, now known as NortonLifeLock.

Teradata Announces CEO Transition (BusinessWire) Teradata announced that Victor Lund has been appointed Interim President and Chief Executive Officer, effective immediately.

Products, Services, and Solutions

IGEL Enhances Award-Winning, Software-Defined Endpoint Management Platform (IGEL) IGEL Universal Management Suite (UMS) 6.03 features a number of enhancements designed to improve the speed, security and flexibility associated with managing up to 100,000 endpoints and beyond, at scale.

Booz Allen Hamilton launches AI ‘app store’ (Consulting) Government-focused tech consultancy Booz Allen Hamilton has launched an app store-type marketplace for artificial intelligence software products.

Technologies, Techniques, and Standards

Why all infrastructure systems are election systems (Axios) Messing with local infrastructure is an often overlooked means of meddling with the polls.

Why has a privacy app used by Edward Snowden hit the NBA, NFL and NCAA? (Yahoo Sports) From the underworld to the executive suites, Signal is playing an increasing role in how GMs, ADs, agents and players communicate.

The financial industry just finished its annual 'doomsday' cybersecurity exercise — here's what they imagined would happen (CNBC) This week, the Securities Industry and Financial Markets Association held the fifth in a series of exercises meant to simulate a catastrophic cybersecurity event in the banking sector, known as "Quantum Dawn."

Detecting Account Takeover Botnets (Imperva) A botnet is a network of compromised computers – known as bots – usually controlled by a command and control computer, that work together in coordination for a malicious purpose. In this blog post, we’ll discuss how to detect botnets used for attack takeover (ATO), an attack used to obtain the valid credentials of an …

How the Space Cybersecurity Working Group fosters communication (Fifth Domain) The group formed by the National Security Council is working to implement the Trump administration's cyber strategy in space.

Houston FBI leads new efforts to protect energy companies from cyber attacks (Houston Chronicle) The Houston FBI hosted a classified meeting on Wednesday afternoon to help energy companies to protect themselves from the growing threat of cyber attacks.

OSINT: How Lack of TOR Access Can Create Fatal Intelligence Gaps (Authentic8 Blog) Online forums accessible only through the TOR network serve as dissemination points for manifestos celebrating and inspiring terrorist attacks.

15 Nuggets Of Wisdom For Junior Tech Executives Facing A Devastating Hack (Forbes) Members of Forbes Technology Council share sage advice for young tech executives who find themselves facing a corporate security attack.

Opinion | Most Hackers Aren’t Criminals (New York Times) Professional hackers work to keep people safe by finding security vulnerabilities before criminals do.

How To Remove Spyware By Flashing The Firmware of Your Phone (The Quint) Flashing firmware is the only practical way of getting rid of spyware if your phone is infected with it.

Countering lies with truth: Battling terrorist propaganda in East Africa (Military Times) Terrorist organizations often spread disinformation and falsities as propaganda to bolster their destructive cause and to aid recruiting efforts.

169th Cyber Protection Team is capable and ready (Army.mil) Just a few miles beyond the bustling cyber hub surrounding Fort Meade, Maryland, is the Laurel Readiness Center, home to the Maryland National Guard's 169th Cyber Protection Team - the only full-time, fully operational cyber protection team in the A...

Design and Innovation

We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why? (Register) Infosec veteran Marc Rogers on why we need a better system to rate vulnerabilities

The promise and peril of post quantum computing (Help Net Security) In this Help Net Security podcast, Avesta Hojjati, Head of R&D at DigiCert, talks about the security implications of post quantum computing. Here’s a

Google looks to open source silicon to solve the root of trust conundrum (SC Magazine) A hardware vulnerability can have significant impact on software security as most software was designed around assumptions present in the hardware and subsequently compiled for a given hardware platform.

Blockchain Makes Inroads Into the Stock Market’s $1 Trillion Plumbing System (Wall Street Journal) Technology from the bitcoin world is coming to the trillion-dollar plumbing that underpins the U.S. stock market.

Academia

How Girl Scouts built a cyber challenge that made girls feel included | EdScoop (EdScoop) In computer science classes that are often mostly boys, girls say finding a place in STEM is tough. The Girl Scouts are asking students how to fix it.

Legislation, Policy and Regulation

In Saudi Arabia, Twitter Has Become a Tool to Crack Down on Dissent (Wall Street Journal) U.S. allegations that Saudi Arabia used Twitter employees to spy on social-media users are the latest evidence that authorities in the kingdom have used the platform’s popularity to crack down on critics.

China's New Cryptography Law: Still No Place to Hide (China Law Blog) The PRC National People's Congress on October 26 enacted the long awaited Encryption Law (密码法）, which will come into effect on January 1, 2020. The

U.S. official criticizes countries 'opening their arms' to Chinese 5G (Reuters) U.S. chief technology officer Michael Kratsios on Thursday criticized countries ...

India’s Role in Global Cyber Policy Formulation (Lawfare) India should have a significant role to play in the global debate on cyber policy. Where exactly does it stand on the issues and how can it ensure it has a seat at the global table?

'Revenge porn' victim fights back with Mexican law to stem digital violence (Reuters) When teenager Olimpia Coral Melo found a v...

The Future is Encrypted (Decipher) The move by Google and Mozilla to implement DNS over HTTPS in their browsers is drawing fire from ISPs, which rely on DNS visibility to gather user data.

Senators press NSA official over shuttered phone surveillance program (TheHill) Bipartisan members of the Senate Judiciary Committee on Wednesday sharply questioned a top National Security Agency (NSA) official over the federal government's shuttered phone surveillance program.

Leahy balks at NSA request to reauthorize bulk data collection (VTDigger) Sen. Patrick Leahy criticized the NSA for being opaque about its reasons for wanting a data collection program it no longer used reauthorized.

FISA Renewal Controversy: The Suddenly Very Conspicuous Foreign Intelligence Surveillance Act (Foreign Policy Research Institute) For quite some time now, it has been virtually impossible not to hear or read something about the Foreign Intelligence Surveillance Act (FISA), its use by the Federal Bureau of Investigation (FBI) to secure orders from the Foreign Intelligence Surveillance Court (FISC) authorizing the electronic surveillance of one-time Trump campaign…

FCC Moves to Protect Networks from National Security Threats (In Compliance Magazine) Ajit Pai, the Chair of the U.S. Federal Communications Commission (FCC) has reportedly shared with his fellow Commissioners a two-part proposal that would place significant restrictions on the use …

Sen. Wyden Presses FCC to Secure 5G Nets (Broadcasting & Cable) Said carriers haven't done enough on their own

National Guard Disrupts Cyberattacks Across U.S. (U.S. DEPARTMENT OF DEFENSE) The National Guard is ready to mobilize its cyberdefenses in case of a potentially devastating domestic attack.

Sen. Ron Wyden (D-Ore.) Letter Regarding Voatz (Washington Post) Dear Secretary Esper and General Nakasone: I write to ask you to conduct a security audit of Voatz...

Sanders Calls for Abolishing Department of Homeland Security as Part of New Immigration Plan | National Review (National Review) Sanders promises to break up the Department of Homeland Security, including the Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) agencies.

North Dakota IT department taps new cybersecurity head (Grand Forks Herald) Kevin Ford will begin his new role with the Department of Information Technology in two weeks.

Litigation, Investigation, and Enforcement

Alleged Saudi spy worked for Amazon after leaving Twitter (The Telegraph) A former Twitter employee accused of spying for Saudi Arabia worked at Amazon for three years after he left Twitter.

This New York Company Claimed Its Government Surveillance Tools Were ‘Made In The U.S.A.’—They Were Really Chinese Spy Tech, DOJ Says (Forbes) A Long Island surveillance company is accused of making millions of dollars by claiming it made its tools in America, when it was actually reselling Chinese spy tech to various agencies. The U.S. government is anxious such tech could be used by China for espionage on American critical systems.

Summary: WhatsApp Suit Against NSO Group (Lawfare) WhatsApp has filed a suit against Isreali technology company NSO Group after NSO spyware targeted WhatsApp users. What are WhatsApp’s specific grievances and what does the suit reveal about tech companies’ new posture toward spyware makers?

Facebook Feared WhatsApp Threat Ahead of 2014 Purchase, Documents Show (Wall Street Journal) Facebook executives’ emails indicate concern about the threat WhatsApp posed to the company’s core business before Facebook acquired the messaging app in 2014.

Ex-NSA official says more information should have been made public in Snowden incident (Herald Bulletin) If he could go back in time, J. Chris Inglis, former deputy director of the National Security Agency, said he would err on the side of giving the American public

EU's Vestager says Google's antitrust proposal not helping shopping rivals (Reuters) Alphabet unit Google's proposal to create a level playing field for price c...

Democratic lawmakers question FAA decisions on Boeing safety issues (NASDAQ) Two Democratic U.S. lawmakers said on Thursday the Federal Aviation Administration overruled agency technical specialists on two Boeing Co safety issues involving the 737 MAX and the 787 Dreamliner jets that they said could be "potentially catastrophic."

Tower Research to Pay $67 Million to Settle Spoofing Claims (Wall Street Journal) Tower Research agreed to pay $67 million to settle regulatory claims that its traders manipulated the price of stock-index futures.

The Project Jengo Saga: How Cloudflare Stood up to a Patent Troll – and Won! (The Cloudflare Blog) We don’t plan to settle, and if brought into such litigation again in the future, we think we have a pretty good blueprint for how to respond.

ICE refuses to turn over internal documents on facial recognition tech and detention tactics, lawsuit says (Washington Post) A group that monitors the actions of government agencies has accused U.S. Immigration and Customs Enforcement of failing to turn over records tied to the agency’s use of data collection and surveillance methods, including facial recognition.

Symantec Investor Files Suit Over 'Unjust' Officer Pay (Law360) A Symantec Corp. investor has filed a derivative suit in the Delaware Chancery Court against the cybersecurity giant and its officers, asserting certain executives were unjustly enriched to the tune of millions due to "manipulative accounting practices” that inflated the company’s finances.

Trial Date Set for Men Accused of Breaking Into Dallas County Courthouse (Raccoon Valley Radio) A trial date has been set for the two men accused of breaking into the Dallas County Courthouse in September. According to court documents, 29-year-old Justin Wynn of Naples, Florida, and 43-year-old Gary DeMercurio of Bothell, Washington

CEO Of Security Company Behind Unorthodox Penetration Tests Wants To Know Why His Employees Are Still Being Criminally Charged (Techdirt.) A couple of months ago, security researchers performing a very physical penetration test of an Iowa courthouse were arrested for breaking and entering. They were also charged with possessing burglar's tools, which they did indeed...

Army Recruiters Still Using TikTok Amid National Security Probe (Military.com) The U.S. military has not issued any warnings about using the highly popular Chinese-owned social media app TikTok.

Desire to join military large focus of leaked chats in infamous neo-Nazi forum (Military Times) A defunct neo-Nazi online forum linked to the white nationalist extremist Atomwaffen Division had its chat logs posted online Wednesday.

Bring your own context.

Notes to our readers.