The CyberWire Daily Briefing 1.31.19

Cyber Attacks, Threats, and Vulnerabilities

Experts warn against watching Super Bowl online (New York Post) While you’re watching the Patriots and Rams go head-to-head at this Sunday’s Super Bowl LIII, hackers will be ready and waiting to steal your sensitive data.

Iran Ups its Traditional Cyber Espionage Tradecraft (Dark Reading) Newly named APT39 hacking team exemplifies Iran's growing sophistication in nation-state hacking operations.

Iran’s Basij in cyberspace (AEI) The Islamic Republic of Iran remains of two minds about the internet. In 1993, Iran became only the second country in the Middle East (after Israel) to connect to the world-wide network and while Iranians culturally embraced it, the connection it afforded ordinary Iranians to outside cultures and ideas has become an increasing concern to Iran’s revolutionary authorities.

Kaspersky Lab Recorded Attempts to Hack Diplomatic Entities' Systems in Iran (Sputnik) Experts at cybersecurity firm Kaspersky Lab registered attempts to compromise the information systems of foreign diplomatic entities situated in Iran with the use of malware in the fall of 2018, the company said in a press release on Wednesday.

Russia, China Can Disrupt Critical Infrastructure: U.S. Intelligence Report (Industrial Control Systems (ICS) Cyber Security Conference) Russia and China are capable of disrupting critical infrastructure in the U.S., and Iran is not far behind, according to a report by the U.S. intelligence community.

TheMoon Illustrates Evolving Threat of IoT Botnets (PR Newswire) Botnets continue to find new ways to exploit the growing cache of internet-connected devices. According to new...

India’s largest bank SBI leaked account data on millions of customers (TechCrunch) India’s largest bank has secured an unprotected server that allowed anyone to access financial information on millions of its customers, like bank balances and recent transactions. The server, hosted in a regional Mumbai-based data center, stored two months of data from SBI Quick, a text mess…

Airbus warning over security breach (Computing) Plane maker admits breach of personal data, but claims that production has been unaffected

Hackers Are Passing Around a Megaleak of 2.2 Billion Records (WIRED) The so-called Collections #1–5 represent a gargantuan, patched-together Frankenstein of rotting personal data.

Black Cube Targets Cyber-Security NGO At Behest Of Leading Israeli Malware Maker – OpEd (Eurasia Review) The Israeli TV news magazine, Uvdah and the NY Times have collaborated on, and amplified a major story originally published by AP. It documents an elaborate, and ultimately unsuccessful sting opera…

Google gives teenagers Amazon vouchers to snoop on their phones (The Telegraph) Google has been quietly paying teenagers for unfettered access to their smartphone habits in return for Google devices and Amazon vouchers.

Google will stop peddling a data collector through Apple’s back door (TechCrunch) It looks like Facebook was not the only one abusing Apple’s system for distributing employee-only apps to sidestep the App Store and collect extensive data on users. Google has been running an app called Screenwise Meter, which bears a strong resemblance to the app distributed by Facebook Res…

Facebook, Google Draw Scrutiny Over Apps That Collected Data From Teens (NPR) In the latest revelation to raise privacy concerns, the Silicon Valley giants offered adults and teens gift cards for installing apps that would let the companies collect data on their smartphones.

Facebook has been quietly offering teenagers £15 a month to spy on their phones (The Telegraph) Facebook has been paying teenagers £15 ($20) per month to give it complete access to their mobile phones, including their emails, their browsing habits and their private messages in other apps.

Severity of FaceTime Bug Depends on Threat Model (Decipher) Apple is fixing the FaceTime bug, so it is clearly serious. But how bad it will impact users depend on their personal threat models.

New LockerGoga Ransomware Allegedly Used in Altran Attack (BleepingComputer) Hackers have infected the systems of Altran Technologies with malware that spread through the company network, affecting operations in some European countries. To protect client data and its assets, Altran decided to shut down its network and applications.

Matrix under the microscope: what a niche ransomware can teach us (Naked Security) The malware middle ground is full of journeymen, wallflowers and also-rans that’ll bite you hard, if you let them.

“Love you” malspam gets a makeover for massive Japan-targeted campaign (WeLiveSecurity) The latest “Love you” campaign was launched on January 28, 2019, almost doubling in size compared to the initial waves.

YouTube 'fake reward' scam tricked 70,000 people (The Telegraph) Scammers that impersonated YouTube stars to steal their fans' money have claimed 70,000 victims in less than a month, new research has found.

Trickbot with multiple changes via fake Chase JP Morgan incoming confirmation (My Online Security) Trickbot is back with a vengeance. I have seen a couple of mentions on Twitter earlier this week but haven’t actually been able to find any copies myself. However that all changed last night with…

Agari Research: One in Five Advanced Email Attacks Sent from Compromised Accounts (BusinessWire) Agari Q1 Threat Report reveals surge of IRS scams; emergence of ATO attacks

The D in SystemD stands for Danger, Will Robinson! Defanged exploit code for security holes now out in the wild (Register) Capsule8 demos takeover technique to help sysadmins check for vulnerabilities

Minnesota Department of Human Services reports data breach (AP NEWS) The Minnesota Department of Human Services says a data breach potentially exposed personal information on up to 3,000 people.

Security Patches, Mitigations, and Software Updates

Chrome 72 Released with 58 Security Fixes, Deprecates TLS 1.0 and 1.1 (BleepingComputer) Google has released Chrome 72 to the Stable desktop channel. This version removes support for HTTP-Based Public Key Pinning and TLS 1.0/1.1, and it will also no longer render resources from FTP servers.

Head of Android Security Says Locking Out Law Enforcement Is an ‘Unintended Side Effect’ (Motherboard) Google is taking steps to make it harder for someone to push a malicious update that disables the security features on an Android phone.

Cyber Trends

Offers and Promotions on Social Media Don't Influence Millennials (PR Newswire) There is a generational difference in the content that influences people to visit a company's website from social...

eCommerce credit card fraud is nearly an inevitability (Help Net Security) Riskified surveyed 5,000 US-based consumers aged 18 and older about their online shopping behaviors, experience with and prevalence of credit card fraud,

Marketplace

What do Cyber Command’s acquisition requests reveal? (Fifth Domain) The command wants to support its J9 advanced concepts and technology directorate.

Apple escalates war against Facebook and its privacy practices (Washington Post) Facebook shrugs off controversies and has record quarterly profits as well as growth in monthy active users. The company said it is shutting the app down for Apple users.

Apple May Be Facebook's Toughest Regulator (Fortune) In light of yet-another Facebook data privacy blunder.

Facebook profit leap shows there's no such thing as bad publicity (The Telegraph) Facebook last night showed that an onslaught of negative publicity surrounding user privacy and numerous government investigations at the end of 2018 were not enough to scare off users or advertisers, as it reported a leap in profit.

By Defying Apple’s Rules, Facebook Shows It Never Learns (WIRED) After almost two years of public and regulatory scrutiny, Facebook continues to brazenly skirt every rule and attempt at oversight put before it.

CACI buying LGS Innovations in $1B pair of deals (Washington Technology) CACI International has made a pair of deals worth nearly $1 billion, including $750 million for LGS Innovations, to add more capabilities around intelligence products and solutions.

Mimecast Buys Data Migration Startup Simply Migrate (CRN) The acquisition of London-based Simply Migrate will help reduce the cost and complexity associated with moving customers and prospects to the Mimecast Cloud Archive.

AI-platform Mimiro raises $30 million to tackle terrorist funding, money-laundering and fraud (Help Net Security) Mimiro (formerly ComplyAdvantage) has raised USD $30 million from investors to accelerate the global expansion of its machine-learning platform for

Fortanix raises $23M to meet the demand for runtime encryption solutions (Help Net Security) The funding will be used to expand all facets of Fortanix to meet the demand for its Self-Defending Key Management Service and Runtime Encryption platform.

WhiteHat Security Continues Application Security Market Leadership with Highest Customer Retention Rates to Date and Significant Company Growth (BusinessWire) Following Q4 2018, its biggest quarter in the company’s 17-year history, WhiteHat Security, the leading application security provider committed to sec

Arxan Growing At More Than 2X The Rate Of App Security Market (PR Newswire) Arxan Technologies, the trusted provider of application protection solutions, announced today the company...

Lastline CEO On Standing Out In A Crowded Cybersecurity Space (ChiefExecutive.net) John DiLullo, CEO of Lastline, on how the company is trying to stand out in the crowded cybersecurity space, recruiting tech talent and more.

Symantec Taps Acquisitions to Bolster Endpoint Security (SDxCentral) Symantec this week announced products and enhancements to its network endpoint security lineup using technology from recent acquisitions.

Innovative hackers keep Israeli tech giant CyberArk on its toes (The Jerusalem Post) Founded in 1999 when other technology companies focused on developing firewalls and other technologies to keep attackers out, CyberArk focused on protecting sensitive organizational data and assets.

Nick Clegg swaps Putney townhouse for £7million California mansion ahead of new Facebook role (The Telegraph) Former deputy Prime Minister Sir Nick Clegg has relocated to a £7million home in California as he prepares to start his new executive role at Facebook, it has been revealed.

Cyberbit Welcomes Amnon Bar-Lev to Its Board of Directors (MarketWatch) Former President of Check Point Software Technologies joins the fast-growing cybersecurity company as it gains global market momentum

Ice Miller Nabs Former Brown Rudnick, CIA Cyber Pro (Law360) Ice Miller LLP has lured Brown Rudnick LLP’s former cybersecurity chair, a onetime U.S. Central Intelligence Agency officer and U.S. Department of State diplomat who told Law360 on Wednesday that his experience handling cybersecurity issues stems from years working in environments that are “behind a door behind a curtain that nobody really knows about.”

Products, Services, and Solutions

Dell reinvents endpoint security portfolio through strategic collaborations with Secureworks and CrowdStrike (PR Newswire) News summary Dell combines premier managed security services, global threat intelligence and incident response ...

Device Authority and nCipher Security announce success in delivering trust for Medical IoT (nCipher Security) Device Authority, a global leader in Identity and Access Management (IAM) for the Internet of Things (IoT) and Blockchain, announces its partnership and joint customer success with nCipher Security, the provider of trust, integrity and control for business critical information and applications.

Radware Secures Cyber Defense Deal With Major Online Gaming Company (GlobeNewswire News Room) Radware® (NASDAQ: RDWR), a leading provider of cybersecurity and application delivery solutions, today announced it has secured a multi-million dollar contract with a leading global online gaming company to provide protection from next generation attacks and specifically encrypted attacks.

Cybeats IoT Security App Debuts on Palo Alto Networks (RTInsights) IoT Radar provides security, monitoring, and firmware lifecycle management of IoT devices for smart buildings, enterprise, medical, and critical infrastructure.

MSPAlliance Updates and Adds New Certifications for Cloud and Managed Service Providers (PR Newswire) The International Association of Cloud & Managed Service Providers (MSPAlliance®) today added several new...

Keysight Technologies introduces solution for PCI Express 5.0 technology (Help Net Security) Keysight’s PCIe 5.0 solution enables engineers with the tools necessary to achieve the speed and margins required to meet the standard.

Aislelabs Announces Partnership with Fortinet (GlobeNewswire News Room) Aislelabs is excited to announce they have partnered with WiFi hardware provider and cybersecurity experts Fortinet

Free training course material on network forensics for cybersecurity specialists (Help Net Security) ENISA has introduced a free training course material on network forensics The training includes the performance indicators and means.

Microsoft rolls out new tools for enterprise security and compliance teams (Help Net Security) Microsoft has announced a number of new capabilities and improvements for tools used by enterprise security administrators and compliance managers.

Technologies, Techniques, and Standards

Amsterdam toughens up cyber response (Port Strategy) The Port of Amsterdam has launched a cyber security programme to help protect itself from cyber-attacks and increase its ability to deal with digital threats.

Hacker Tests Prompt Pentagon to Remedy Vulnerable Health Files (Bloomberg Government) The Defense Department has created a group to remedy new cybersecurity vulnerabilities discovered last fall by a military hacker team.

Inside a key Hawaii intelligence outpost listening in on the Pacific (Yahoo News - Latest News & Headlines) The National Security Agency's Hawaii outpost, whose most notorious employee was the whistle-blower Edward Snowden, is focused on uncertainty in the Pacific region, from nuclear development in North Korea to China’s increasing aggression in the South China Sea.

Design and Innovation

Taking ethical action in identity: 5 steps for better biometrics (Help Net Security) The path towards creating and supporting better biometrics doesn’t just begin by writing some code or designing hardware.

Academia

New degree program will help address predicted global shortfall of cybersecurity professionals (The University of Alabama in Huntsville) The Department of Electrical and Computer Engineering at UAH and UAH’s Center for Cybersecurity Research and Education (CCRE) are pleased to jointly announce the launch of a brand-new Bachelor of Science in Cybersecurity program. This highly technical cybersecurity undergraduate degree is intended to prepare graduates for a career in cybersecurity engineering, secure software development, cybersecurity test and evaluation, offensive security, systems architecture, reverse engineering, and/or emerging cybersecurity problem-solving.

Agreement between USG and U.S. Army hopes to fill growing number of cyber jobs (The Sentinel) The University System of Georgia signed an agreement earlier this month with the U.S. Army Cyber Center that will allow active duty and reserve military members to work toward a degree in cyber fields at several of Georgia’s universities during their service.

Legislation, Policy and Regulation

Networks obliged to manage security risks, says Dept (RTE.ie) All telecoms operators in Ireland are statutorily obliged to manage risks to the security of their networks, according to a spokesperson for the Department of Communications.

Czech Tax Office Bars China’s Huawei as Europe Debates Espionage (Wall Street Journal) The ban is seen as the first in a succession of similar restrictions on the Chinese telecom giant and its rival ZTE likely to land in the Czech Republic as the U.S. pushes its European allies to restrict Huawei and ZTE from building internet infrastructure on the continent.

Slovakia has no evidence of Huawei security threat - prime minister (Reuters) Slovakia does not consider Chinese telecoms supplier Huawei as a security threat...

Is Huawei a Pawn in the Trade War? (Foreign Affairs) The company's troubles are linked to the politics of the global tech race.

Huawei is too great a security gamble for 5G networks (Financial Times) There is no proof that the telecoms equipment company helps China to spy but its loyalty is clear.

Analysis | The Cybersecurity 202: This is the Senate Homeland Security Committee’s top cyber priority this year (Washington Post) Talent is number 1, according to Sen. Ron Johnson.

Former NSA director offers his advice on deterring cyber attacks (CBS News) Adm. Mike Rogers (ret.) says the administration's rhetoric should better match its actions

Surprising ways the government shutdown actually boosted federal cybersecurity (Fifth Domain) New research shows how the shutdown did and didn't impact the government’s digital defenses.

DHS’ CISA on Deck for Voice in Counterterrorism Prevention (Meritalk) The House on Tuesday passed H.R. 769, the Counterterrorism Advisory Board Act of 2019, which would establish a board at the Department of Homeland Security (DHS) to coordinate and integrate departmental intelligence, activities, and policy related to counterterrorism.

Litigation, Investigation, and Enforcement

Mueller says discovery materials in case against Russian firm were used in a cyber-disinformation campaign (Washington Post) Nonsensitive information turned over to the defense team was allegedly altered and leaked despite a court order, the special counsel says in a court filing.

Justice Department Announces Court-Authorized Efforts to Map and Disrupt Botnet Used by North Korean Hackers (US Department of Justice) The Justice Department today announced an extensive effort to map and further disrupt, through victim notifications, the Joanap botnet – a global network of numerous infected computers under the control of North Korean hackers that was used to facilitate other malicious cyber activities. This effort targeting the Joanap botnet follows charges unsealed last year in which the United States charged a North Korean citizen, Park Jin Hyok, a member of a conspiracy backed by the North Korean government that carried out numerous computer intrusions. Those charges alleged that the conspiracy utilized a strain of malware, “Brambul,” which was also used to propagate the Joanap botnet.

New York Opens Investigation Into Apple FaceTime Bug (Wall Street Journal) New York state launched a probe into Apple’s response to a bug in its FaceTime video-chat system that allowed callers to eavesdrop on others using the technology giant’s devices, deepening the scrutiny of a security setback that has undermined the company’s privacy position.

Attorney General James And Governor Cuomo Announce Investigation Into Apple Facetime Privacy Breach (New York Attorney General) Attorney General Letitia James and Governor Andrew M. Cuomo today announced an investigation into Apple’s failure to warn consumers about the FaceTime bug and slow response to addressing the issue.

Judge won’t unseal criminal case against Julian Assange (Washington Post) The case in federal court in Virginia was mistakenly referenced in an unrelated file.

Treasury Department Adviser Pleads Not Guilty in Leak Case (Bloomberg) Comments come during New York arraignment of alleged leaker. Natalie Edwards pleaded not guilty to charges on Wednesday

Securities Commission fines Deloitte RM2.2m for breaches linked to 1MDB | Malay Mail (Maylay Mail) The Securities Commission Malaysia (SC) has reprimanded and imposed penalties on Deloitte PLT (Deloitte) for four breaches related to the RM2.4 billion sukuk murabahah programme issued by Bandar Malaysia Sdn Bhd (BMSB) in 2014. The commission said Deloitte was the statutory...

IOTA says bulk of $11 million stolen tokens found, hacker worked alone (Reuters) A top official at technology group IOTA Foundation said most of the roughly $11 ...

Bangladesh to Sue Philippine Bank Over $81M Cyber Heist (SecurityWeek) Bangladesh will soon file a lawsuit in New York against a Philippine bank over its involvement in one of the biggest-ever cyber heists, the country's central bank governor said.

Former Rusal Chair ‘Astonished’ U.S. Pushed Him Out (Wall Street Journal) The last-minute nature of the move offers insight into the fluid nature of negotiations between the Treasury and companies seeking to disentangle itself from blacklisted investors.

Court orders Palantir to let investor in U.S. fraud probe inspect... (Reuters) The Delaware Supreme Court on Tuesday gave an investor probing possible fraud an...

Collections #2-5. Google, Facebook paid to pwn. Special Counsel not hacked. US DoJ to hit Joanap botnet. FaceTime probe.