The CyberWire Daily Briefing, 11.13.19

Cyber Attacks, Threats, and Vulnerabilities

Exclusive: U.S. manufacturing group hacked by China as trade talks intensified - sources (Reuters) As trade talks between Washington and Beijing intensified earlier this year, sus...

Hackers hit UK political parties with back-to-back cyberattacks (Reuters) Hackers hit Britain's two main political parties with back-to-back cyberatt...

Labour Party's DDoS attack 'unsophisticated' and not even categorised by the NCSC (Computing) Cloudflare and the NCSC play down the scale of the 'large and sophisticated' DDoS attack on the Labour Party

Hostile nation state could be behind cyber-attack on Labour Party, ex-GCHQ chief says (The Independent) ‘Sophisticated actors will use basic DDoS attack as masquerade for other more sinister motives,’ Brian Lord warns

UK Conservative Party hit by cyber attack ahead of election: two sources (Reuters) Britain’s governing Conservative Party was hit by a cyber attack on Tuesday whic...

Cyber attack on Labour is just the beginning, experts warn (The Telegraph) Senior politicians and experts have warned cyber attacks on the Labour Party "won't be the last" in this election, amid calls for party staff to receive regular training to prevent such incidents in future.

How to hack a political party: The five attacks that Jeremy Corbyn and Boris Johnson should fear (The Telegraph) “It is a fact that political parties are routinely targeted by parties both domestic and overseas,” says James Chappell, cofounder of British cybersecurity company Digital Shadows.

Oil giant Pemex falls victim to $5m ransomware in attack linked to gang behind Dridex (Computing) Pemex falls victim to DoppelPaymer ransomware linked with same group that was behind Dridex and BitPaymer

Mexico's Pemex says operations normal after cyber attack (Reuters) Mexico's state oil firm Pemex said on Monday that attempted cyber attacks t...

Mexico's Pemex Oil Suffers Ransomware Attack, $4.9 Million Demanded (BleepingComputer) Mexico's state-owned oil company, Pemex, has suffered a DoppelPaymer ransomware attack that demanded $4.9 million USD in order to decrypt their files.

Pemex Faces Payment Problems After Cyber Attack Shut System (Bloomberg) Pemex is being forced to rely on manual billing amid attack. Pemex employees still don’t have access to emails and internet.

Resecurity discovered 0-day RCE vulnerability in Internet Explorer (Resecurity) Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and threat intelligence for large enterprises and government agencies worldwide. The company is headquartered in Los Angeles.

5G flaws let attackers track locations, spoof emergency alerts (TechCrunch) Some of the vulnerabilities call for "a reasonable amount of change in the protocol."

The persuasiveness of a remote job (Forcepoint) Advances in technology can be witnessed on different levels in our everyday life. Internet connected devices help us in virtually every aspect of the daily routine, providing tools and information on just about any subject that one can think of. Increasingly it is no longer necessary to commute to an office to fulfil a job as more companies embrace the advantages of home workers. But what if a seemingly perfect home-based job opportunity is not all that it seems?

Sextortionist whisks away sex tapes using just a phone number (Naked Security) The SIM-swap victim knew he was in trouble when he got a 3:30 a.m. message about his phone service being cut off.

ASP.NET hosting provider recovering from ransomware attack (Naked Security) With more than 440,000 customers, SmarterASP.NET is said to be one of the most popular ASP.NET hosting providers.

Cyber Adversaries Reincorporate Old-School Tactics to Catch Organizations Off-Guard Ahead of Busy Holiday Season (Yahoo) “Cybercriminals continue to attempt to be a step ahead of cybersecurity professionals. While they develop new malware and zero-day attacks, they also redeploy previously successful tactics to maximize opportunity across the entire attack surface. In addition to essential strategies like patching, segmenting

Sodinokibi Ransomware Targeting Asia via the RIG Exploit Kit (BleepingComputer) A new malvertising campaign being used on low quality web games and blogs is redirecting Asian victims to the RIG exploit kit, which is then quietly installing the Sodinokibi Ransomware.

Siemens SINAMICS (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINAMICS Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-227-04 Siemens SINAMICS that was published August 15, 2019, on the ICS webpage on us-cert.gov.

Vulnerability Summary for the Week of November 4, 2019 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

The FBI multi-factor authentication notification that should have never been (Help Net Security) While reviewing an FBI multi-factor authentication notification, I was floored at how these account takeover scenarios seemed completely preventable.

Facebook bug shows camera activated in background during app use (CNET) Some people have complained their cameras got turned on while they were looking through Facebook's app.

Sensitive data from 1,800 people may have fallen into hands of felon, Virginia town says (Washington Post) The potential breach occurred after the email inbox of Purcellville’s police chief was copied onto a thumb drive that later disappeared, officials said.

Security Patches, Mitigations, and Software Updates

Patch Tuesday, November 2019 Edition (KrebsOnSecurity) Microsoft today released updates to plug security holes in its software, including patches to fix at least 74 weaknesses in various flavors of Windows and programs that run on top of it.

Microsoft patches 74 vulnerabilities, including one zero-day, in November 2019 Patch Tuesday update (Computing) Thirteen vulnerabilities are rated as 'critical'

November 2019 Security Updates (Microsoft) The November security release consists of security updates for the following software...

Intel releases security updates to fix critical vulnerabilities in PMx driver (Computing) The bugs were discovered by firmware security vendor Eclypsium in August

Intel Fixes a Security Flaw It Said Was Repaired 6 Months Ago (New York Times) The chip maker patched several problems in May. Now it is issuing another fix, and researchers say the company hasn’t been straight about its issues.

Intel Failed to Fix a Hackable Chip Flaw Despite a Year of Warnings (Wired) Speculative execution attacks still haunt Intel, long after researchers told the company what to fix.

Nvidia patches graphics products and GeForce Experience update tool (Naked Security) The update fixes 11 mainly high-severity security flaws in Windows and GeForce graphics card drivers, including three in the program used to update them.

Magento Urges Users to Apply Security Update for RCE Bug (BleepingComputer) Magento's security team urged users to install the latest released security update to protect their stores from exploitation attempts trying to abuse a recently reported remote code execution (RCE) vulnerability.

Cyber Trends

Future Disrupted: 2020 technology trends (NTT) Connecting people and technology today for an intelligent tomorrow.

The Road Ahead: Cyber Security in 2020 and Beyond (FireEye) The end of the year is an important time. In our personal lives we have plenty of holidays to celebrate and we get to spend extra time with those who are most important to us. In our professional lives—and in the cyber security industry, in particular—we get a chance to pause and think about everything that happened throughout the year, what might happen in the coming year and what we could begin doing now to prepare ourselves for any obstacles we may face going forward.

State of the Firewall Report 2019: Zero-Touch Automation is More Headline than Reality, Network Complexity and Lack of Visibility Are Key Issues (FireMon) With data breaches on the rise and affecting every corner of every industry, from credit cards to medical testing companies, it poses the question about why these breaches keep occurring and what enterprises can do to prevent their most frequent causes – firewall misconfigurations. Did you know that misconfigurations are also code for human errors? Read more...

2019 State of the Firewall Report - FireMon (FireMon) Your definitive source for insights, best practices, benchmarks, facts and figures for everything firewall.

Cybersecurity Insiders Insider Threat Survey Report 2020 (Gurucul) Get the 2020 Insider Threat Report to learn how SIEM complexity, remediation latency and lack of cloud visibility places organizations at risk.

Top concerns for audit executives? Cyber risks and data governance (Help Net Security) Gartner conducted interviews and surveys from across its global network of client organizations to identify the top concerns for audit executives.

The password reuse problem is a ticking time bomb (Help Net Security) Organizations must reduce the risks from poor password hygiene, including the password reuse problem, or they will remain a ticking time bomb.

Nutanix Enterprise Cloud Index (Nutanix) 2019 Edition Application Requirements to Drive Hybrid Cloud Growth

New Study Shows Financial Loss from Multi-Party Cyber Incidents Is 13X Larger than Single-Party Incidents (BusinessWire) Today the Cyentia Institute published “Ripples Across the Risk Surface,” an in-depth study sponsored by RiskRecon that analyzes more than 800 cyber in

Marketplace

Huawei Chief Security Office Says U.S. Should Go After Nokia, Others, To ‘Be Fair’ (Forbes) Huawei U.S. doesn't want to be the only fall guy in Washington's sidebar tech war with China.

Senior official describes cyber workforce shortage as national security threat (TheHill) A senior cybersecurity official at the Department of Homeland Security (DHS) on Tuesday described challenges with recruiting cybersecurity workers to government as a “national security issue.”

What government must offer to be competitive for cyber talent (Federal Times) Agencies, industry and the think tank world are looking at how, exactly, the federal government can hire people to provide stability in an era of ever-present cyberthreats.

Want a $40K Signing Bonus to Work in Cyber and Intelligence? Work for Raytheon IIS (ClearanceJobs) ClearanceJobs is your best resource for news and information on security-cleared jobs and professionals. Learn more with our article, "Want a $40K Signing Bonus to Work in Cyber and Intelligence? Work for Raytheon IIS ".

High-Assurance Cybersecurity and Digital Collaboration Leaders Hotshot and HighSide Announce Merger, New Global Customer and Expanded Board (PR Newswire) Today, high-assurance security and mobile-first collaboration leaders HighSide and Hotshot Technologies announced their merger, and the signing...

Lantronix Announces Acquisition Funding (Lantronix) Term loan agreement provides $6 million of funding for acquisition. Company’s current line of credit increased from $4 million to $6 million. No change to current EPS growth guidance.

Renovate, an open source project for dependency updates, joins the WhiteSource family (Renvoate) Free WhiteSource Renovate solution automatically resolves outdated dependencies, saving developers’ time, reducing risk, and mitigating the impact of security vulnerabilities.

Nordic SMEs lack the money needed for cyber security (ComputerWeekly.com) Businesses organisations and governments in Denmark and Norway are working together to address a cyber security shortfall in the SME sectors in each country.

Juniper Guns for Cisco, Aruba With Mist AI (SDxCentral) Juniper rolled out Mist’s AI engine across wired and wireless networks. It’s the first step in what Juniper calls the “AI-driven enterprise.”

Juniper Targets VMware, Data Center Complexity With Contrail Insights (SDxCentral) Juniper's Contrail Insights promises to provide customers with historical and real-time visibility of their data center operations.

Booz Allen wins $116 million contract with Department of Energy (Consulting) Government-focused tech consultancy Booz Allen Hamilton has won a $116 million, 7-year contract with the Department of Energy (DOE) to provide cyber analysis and security services.

Fortinet Joins the Paris Call for Trust and Security in Cyberspace (Fortinet Blog) Learn more about the Paris Call for Trust and Security in Cyberspace, and Fortinet's commitment to global collaboration to combat cybercrime.…

Edwards commits $10 million in capital outlay to Cyber Innovation Center (Shreveport Times) Gov. John Bel Edwards announced the commitment of $10 million in capital outlay to build a new Louisiana Tech Research Institute in Bossier City.

BNamericas - Perfect storm set to bolster Brazil cybersec... (BNamericas.com) Factors range from the ever-growing sophistication of cyber criminals; the explosion of IoT connectivity enabled, among other things, by industry 4.0 and fut...

Wire Announces Key Hires in US and Europe as Company Sales Double (PR Newswire) Wire, the world's most secure collaboration platform, today announces three new senior hires as it looks to continue with its accelerated...

Veriff Hires a Top Executive from Stack Overflow and Opens an Office in New York (MarTechSeries) Online verification company Veriff hires Guy Zerega, a former Executive Vice President of Revenue of Stack Overflow. Zerega serves as

Former FBI Cyber Leader Jerry Bessette Joins Booz Allen (BusinessWire) Booz Allen Hamilton announced today that Jerry Bessette, a former senior cybersecurity official at the Federal Bureau of Investigation, has joined Boo

vArmour Appoints Rich Noguera as VP, Head of Security Services as it Continues Security Graph Rollout Worldwide (West) 20 Year Security and Cloud Veteran to Help Global Enterprises Realize the Value of the Security Graph to Reduce Hybrid Cloud Risks

NightDragon Security taps Kyauk as MD (PE Hub) NightDragon Security has named Morgan Kyauk as managing director. Also, the cybersecurity investment firm has added Jason Martin of FireEye, Dan Burns of Optiv, Matthew Gyde of NTT Security and Andrew Howard of Kudelski Security to its advisory council.

Imperva Expands Executive Leadership With New Technical Talent (BusinessWire) Imperva, Inc., the cybersecurity leader championing the fight to secure data and applications wherever they reside, today announced the appointment of

3 top Uber managers resign amid backlash from data breach and Waymo lawsuit (Stock Daily Dish) Three senior managers have resigned from Uber‘s international, business operations and physical security teams, amid a fresh wave of scrutiny over the company‘s data security and competitive practices, the company said.

Products, Services, and Solutions

The Chertoff Group and Dragos Form Strategic Partnership to Help Industrial Organizations Improve Risk Mitigation, Threat Detection and Incident Response (BusinessWire) The Chertoff Group and Dragos, Inc. today announced the formation of a unique alliance that will provide a holistic approach to cybersecurity risk man

One in Three Cloud Migrations Fail Because U.S. Businesses Do Not Make Cloud Part of Their Core Strategy - First Unisys Cloud Success Barometer™ (Unisys) More than one-third (37%) of American businesses say they have failed to realize notable benefits from cloud computing, largely because they have not integrated their adoption plan as a core part of their broader business transformation strategy, according to a new study by Unisys Corporation (NYSE: UIS).

Ping Identity Secures One of the Nation's First Government Issued Digital IDs in myColorado App (BusinessWire) Ping Identity (NYSE: PING), a pioneer in Intelligent Identity, today announced that the Ping Intelligent IdentityTM platform provides the identity ver

Jamf Launches Jamf Protect, Enterprise Endpoint Protection Purpose-Built for Mac (Jamf) Jamf Protect leverages native Apple security tools and on-device analysis to give security teams unprecedented visibility into their Mac fleet | Jamf

Bitglass Unveils Patent-Pending SmartEdge Network Security Solution (Yahoo) Revolutionary SASE architecture eliminates the high cost and high latency of legacy solutions

Sonatype Delivers Premium Open Source Controls to GitHub Users (DevOps.com) New Integrations Deliver Enterprise-Grade Open Source Governance and Dependency Management to Millions of GitHub Developers

Trend Micro Launches Comprehensive Smart Factory Security Solutions (Trend Micro Newsroom) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity solutions, today announced its complete smart factory security solutions, designed to provide enhanced visibility and protection for embattled industrial control system (ICS) environments.

Raytheon collaborates with Red Hat on flexible DevSecOps software development solution (Raytheon News Release Archive) 'Code low, deploy high' approach delivers faster capability

Densify and Veristor Partner to Help Customers Better Manage Complex Public Cloud Resources for Enhanced Performance & Cost Control (Veristor) Densify and Veristor announce a joint partnership to help customers optimize spend while achieving greater security and consistent performance from complex multi-cloud environments.

The Power of a Threat-Aware Network (Juniper Networks) Juniper Connected Security is more than just a marketing catchphrase or a nice metaphorical basket where all of Juniper Networks' information security products can be placed. It is an information security strategy, one focused on the importance of deep network visibility, multiple points of enforcem...

Cyber security training centre to fuel growing industry (The Lead SA) A cyber security training centre has opened in Adelaide, South Australia, to help provide the next generation of professionals to the growing industry.

Securonix Announces Transparent Software as a Service (SaaS) Pricing (West) Predictable and Transparent Hosting Cost with Multiple Deployment Options Removes Barriers in Adopting Securonix SaaS Platform

Meet NordLocker: Powerful Encryption Tool for Your Files NEWS | Mac Sources (Mac Sources) Creators of NordVPN Announce Launch of New Cybersecurity Product NordVPN, the world’s most advanced VPN service provider, is proud to announce the launch of its latest cybersecurity product — NordL…

NanoLock Security Joins with Mekorot to Deliver Cyber Protection for Water and Energy Utilities (PR Newswire) NanoLock Security, the market leader of flash-to-cloud, powerful security solution for Internet of Things (IoT) and connected edge devices, is...

Octarine Releases Continuous Kubernetes Security Solution to Protect Workloads Across Multi-Cluster Environments on Any Cloud (West) Octarine Infuses Agile Security and Compliance into CI/CD and DevOps Pipelines with Guardrails™ and Protects Workloads at Runtime with a Service Mesh Firewall

Nok Nok Labs Announces Optimized Integration with Security Key Pioneer Yubico (PR Newswire) Nok Nok Labs, the trusted leader in next-generation consumer authentication today announced optimized integration with Yubico, the leading...

Humio Adds Streaming Log Management Capabilities at Scale to IBM Cloud Pak for Multicloud Management (Humio) Observability is crucial for organizations running hybrid multicloud environments. This collaboration enables businesses of all sizes to gain instant visibility into their distributed systems while amplifying the IBM Cloud Pak for Multicloud Management at the operational level.

Juniper, Mist Systems Connect Wired, Wireless Environments With A Dash Of AI (CRN) Juniper Networks is adding AI into enterprise networks. The company introduced Mist Wired Assurance Service and Contrail Insights, a data center monitoring and analytics feature, at its 2019 NXTWORK partner and customer summit.

IT&E to bring quantum cryptography to the Marianas (The Guam Daily Post) IT&E, through its partnership with SK Telecom, will soon be equipped with quantum key distribution technology to strengthen the security of its 5G and LTE data transmission and reception.

Bitdefender GravityZone enhanced with new endpoint defense capabilities (Help Net Security) Bitdefender, a cybersecurity leader protecting over 500 million systems across 150 countries, announced new endpoint defense capabilities for GravityZone.

Technologies, Techniques, and Standards

Information Security Forum Analyzes the Security Implications of the Internet of Things (IoT) (PRLog) Information Security Forum Analyzes the Security Implications of the Internet of Things (IoT). According to the Information Security Forum (ISF), trusted resource for executives and board members on cyber security and risk management, the Internet of Things (IoT) has exploded into the connected world, promising the enablement of the digital...

How checking the dark web can help the Department of Education (Fifth Domain) The Department of Education is able to purchase open-source intelligence about their employees to discover shadow IT threats before they cause damage.

Penetration Testing: "Think Evil" (But Get that Scope Crystal Clear) (Computer Business Review) Many CISOs swear by penetration testing – simulated attacks on an organisation's infrastructure. But get your scoping agreements wrong and...

Design and Innovation

Removing the risk of AI bias in the public sector (Computing) What practical steps can be taken to drive ethical, unbiased AI use in the public sector?

Research and Development

AttackIQ Joins New Collaborative Research Program to Advance Understanding of Cyber Adversaries and Improve the Effectiveness of Defenses Against Cyber Attacks (BusinessWire) AttackIQⓇ, the leading independent vendor of continuous security validation solutions, today announced the company has joined a new research group for

MITRE Engenuity Announces the Center for Threat-Informed Defense (AP NEWS) Press release content from Business Wire. The AP news staff was not involved in its creation.

Academia

World’s most comprehensive student cybersecurity games announce winners of CSAW 2019 (Yahoo) CSAW, the world’s most comprehensive student-led cybersecurity competition, announced the winners of last week’s final rounds, which.

UC Santa Cruz collaborates on $14M project to advance cryptographic computing technologies (UC Santa Cruz News) Computer scientist Owen Arden will lead the UCSC effort in the Baskin School of Engineering.

Legislation, Policy and Regulation

Russia May Require PC, Phone Vendors to Preload Apps (ExtremeTech) The Russian government is likely to pass a law mandating the installation of specific applications on PCs, smartphones, and tablets.

EU unveils new cooperation projects in training, cyber operations, naval warfare (Defense News) The decision brings to 47 the number of projects that are currently in place under the Permanent Structured Cooperation, or PESCO, initiative.

India suggests a global regulation for open, safe and secure cyberspace (The Economic Times) "Four years ago, we launched the "Digital India”, the worlds largest, digital technology driven transformation programme. The central notion is that Digital infrastructure should be available as a utility to all citizens...We are excited about the opportunities, but also concerned about the threats from the cyberspace," Foreign Minister S Jaishankar said.

Stronger regulations could help protect against cyber attacks: Bank of Canada official (Reuters) Canada should consider strengthening regulations to safeguard the country's...

Here’s how Cyber Command is using ‘defend forward’ (Fifth Domain) U.S. Cyber Command is using new authorities to gain insights and access to foreign networks to help better inform defense.

How the government wants to secure industrial control systems (Fifth Domain) The Cybersecurity and Infrastructure Security Agency wants to work with partners as the agency enters its second year.

Here are some new tools coming to protect the supply chain (Fifth Domain) The Department of Defense CIO's office wants to create supply chain decision support tool as a service.

Sen. Chuck Schumer Raises Security Concerns About The Army Using TikTok To Try To Recruit Young People (BuzzFeed News) The Army has been using TikTok and other social media platforms to help with recruitment since earlier this year.

Texas Governance and Authorities for Cyberattack Response (Homeland Security Today) State and local entities are growing targets for cyberattacks within the U.S., calling for legislative changes, mutual aid, oversight, training and more.

Litigation, Investigation, and Enforcement

WSJ News Exclusive | Google’s ‘Project Nightingale’ Triggers Federal Probe (Wall Street Journal) A federal health regulator has opened a probe into Google and Ascension’s “Project Nightingale,” a partnership amassing the detailed information of millions of patients.

Google in deal to transfer full medical records from US healthcare company, claims whistleblower (Computing) Google denies whistleblower claims that it plans to mine patient information and sell or share data with third parties.

Iowa paid a security firm to break into a courthouse, then arrested employees when they succeeded (CNBC) A pair of security workers at a prominent cybersecurity company were contracted by the state of Iowa to conduct "penetration tests" of certain municipal buildings in September, particularly courthouses.

Analysis | The Cybersecurity 202: Arrested Iowa hackers spark alarm among security pros (Washington Post) ‘Organizations that do this kind of work…are kind of freaking out,’ a CEO says

Russian hackers who stole DNC emails failed at social media. WikiLeaks helped. (Washington Post) Military hackers had little success attracting attention to the documents they had stolen.

Federal Court Rules Suspicionless Searches of Travelers’ Phones and Laptops Unconstitutional (American Civil Liberties Union) In a major victory for privacy rights, a federal court in Boston today ruled that the government’s suspicionless searches of international travelers’ smartphones and laptops at airports and

Justice Dept. inspector general invites witnesses to review draft of Russia report, signaling public release is close (Washington Post) Several witnesses have been scheduled to review sections of the report dealing with their testimony in the next two weeks.

Alleged Russian scammer appears in U.S. court after extradition battle (CyberScoop) Alexsei Burkov, accused of hacking-related crimes, made his first public appearance in federal court Tuesday since being extradited from Israel.

URMC Agrees to $3M HIPAA Settlement Over Mobile Device Encryption (HITInfrastructure) URMC agreed to pay $3 million HIPAA settlement to OCR over mobile device encryption.

DDoS noise against UK political parties. Pemex recovers from DoppelPaymer. Google's Project Nightingale. Patched BlueKeep yet?

Bring your own context.