The CyberWire Daily Briefing, 11.14.19

Cyber Attacks, Threats, and Vulnerabilities

Sri Lankans fear violence over Facebook fake news ahead of election (the Guardian) Facebook’s decision to allow politicians to promote content already rated false by factcheckers has been widely condemned

Labour suffers second cyber-attack in two days (the Guardian) Party understood to be subject of second distributed denial of service (DDoS) attack on Tuesday afternoon

Facebook reports it took action against tens of millions of posts for breaking rules on hate speech, harassment and child exploitation (Washington Post) Facebook took action against tens of millions of posts, photos and videos over the past six months for violating its rules that prohibit hate speech, harassment and child sexual exploitation, illustrating the vast scale of the tech giant’s task in cleaning up its services from harm and abuse.

Community Standards Enforcement Report, November 2019 Edition (About Facebook) We’re publishing the fourth edition of our Community Standards Enforcement Report, detailing our work for Q2 and Q3 2019.

Facebook Transparency Report | Community Standards (Facebook Transparency) Facebook regularly publishes reports to give our community visibility into community standards enforcement, government requests and internet disruptions...

China's Belt and Road Initiative can drive cyber espionage in 2020 (Business Today) The report, 'The road ahead: Cyber security in 2020 and beyond', states that recent cyber espionage activities related to the BRI have targeted many governments, transportation, energy, defense, space, media and telecommunications sectors.

China’s messaging against the Hong Kong protests has found a new outlet: PornHub (Quartz) Unwelcome on Twitter and YouTube, resourceful Chinese patriots are putting their videos condemning Hong Kong protesters on another extremely popular platform.

WannaMine v4: Analysis & Remediation (CrowdStrike) This blog provides deep insight into the world of mineware through an in-depth discussion of one of the most notorious mineware variants, WannaMine v4.

More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting (TrendLabs Security Intelligence Blog) The threat group APT33 is known to target the oil and aviation industries aggressively. Our recent findings show that the group uses about a dozen live Command and Control (C&C) servers for extremely narrow targeted malware campaigns against organizations in the Middle East, the U.S., and Asia.

TPM-FAIL Security Flaws Impact Modern Devices With Intel CPUs (BleepingComputer) Researchers discovered two new vulnerabilities known as TPM-FAIL in Intel firmware-based TPM (fTPM) and STMicroelectronics' TPM chips that could be used by hackers to steal their targets' cryptographic keys.

WPI researchers discover vulnerabilities affecting billions of computer chips (ScienceBlog.com) Worcester Polytechnic Institute (WPI) security researchers Berk Sunar and Daniel Moghimi led an international team of researchers that discovered serious

New ZombieLoad v2 Attack Affects Intel's Latest Cascade Lake CPUs (The Hacker News) ZombieLoad variant 2 of the side-channel MDS vulnerabilities affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown, Foreshadow and other MDS variants (RIDL and Fallout)

Unconventional PureLocker ransomware attacking enterprise servers discovered by researchers (Computing) The PureLocker ransomware appears to have links with a malware-as-a-service provider

PureLocker Ransomware Can Lock Files on Windows, Linux, and macOS (BleepingComputer) Cybercriminals have developed ransomware that can be ported to all major operating systems and is currently used in targeted attacks against production servers.

Researchers discover massive increase in Emotet activity (Help Net Security) Emotet, a modular banking Trojan, had a 730% increase in activity in September after being in a near dormant state, Nuspire discovered.

Lateral phishing makes for dangerous waters, here's how you can avoid getting caught in the net (Help Net Security) Lateral phishing techniques are highly effective. When hackers impersonate someone that the recipient knows, said recipient tends to lower her or his guard.

Facebook admits iOS 'bug' that enabled its app to access iPhone cameras (Computing) It was a complete mistake, honest, swears Facebook

Apple pulls Instagram-watching app from store (Naked Security) Apple has yanked an app from its iTunes App Store that allowed Instagram users to follow their friends’ activities on the social network.

How much does it cost to launch a cyberattack? (CSO Online) Just like in regular business, cyber criminals have a cost of operation and a return on investment to worry about. Unfortunately, a new report from Deloitte has found the cost of committing cyber crime is incredibly low.

Hackers Deploying Analytics for Better Phishing Aim (Credit Union Times) Cyberattackers often make use of commercially available tools and techniques as well as their dark web kits.

UK Home Office app for EU citizens easy to hack (Financial Times) Phone numbers, addresses and passport details of more than 1m are vulnerable, say researchers

Perth agent targeted in $70k scam (PerthNow) Scammers have stolen $70,000 in two separate rip-offs by cloning a Perth settlement agent’s email during a real estate transaction.

Security Patches, Mitigations, and Software Updates

Intel releases updates to plug TPM-FAIL flaws, foil ZombieLoad v2 attacks (Help Net Security) Intel has patched a slew of high-profile, dangerous vulnerabilities in their chips and drivers - TPM-FAIL flaws, ZombieLoad v2 attacks.

Adobe squashes critical vulnerabilities in Illustrator CC, Media Encoder (ZDNet) The worst bugs resolved this month can result in code execution.

Cyber Trends

Proficio Announces Results from Survey of CHIME CIOs on the State of Cybersecurity in Healthcare (West) Nearly Half of Respondents Do Not Have Executive Dashboards Showing Their Overall Security Posture

2019 Trust Report (Synack) In today's world, consumers are demanding trust from the products that they love, and security has become a core piece of providing consistent, positive customer experiences.

Financial Institutions on the Hook for Data Breaches this Holiday Shopping Season (PR Newswire) Fears of data loss, identity theft and fraud are leaving American consumers on edge this holiday season, and they're prepared to hold their...

Cyber Security Cloud Survey 2019 (CloudVector) Cyber Security & Cloud Expo Survey: Cloud Adoption Soars, but Security Struggles Cloud migration has become ubiquitous and most organizations are

Healthcare Malware Infections Soar 60% from 2018 (Infosecurity Magazine) Healthcare Malware Infections Soar 60% from 2018. Malwarebytes warns of Trojan deluge

Education sector worst hit by cyber threats from July-Sept: Seqrite (The Economic Times) Targeting the education sector indicates a major shift in the sector-wise priorities amongst cybercriminals and underscores a willingness to exploit the weaker security infrastructures at educational institutions to create maximum disruption. Other industries that remain at high risk include manufacturing, BFSI, media and entertainment, and professional services.

Marketplace

Hampleton Partners | Race to lock down cybersecurity vendors intensifies as more technologies at risk, says Hampleton Partners’ M&A report (RealWire) IoT network expansion grows potential entry points for cyber-attackersLondon, 14 November 2019 - The cybersecurity sector’s largest ever deal, Broadcom’s landmark acquisition of Symantec for $10

Tech Data to be acquired by private equity firm for $5.4bn (CRN) Rich Hume will continue in role as CEO as distie taken into private ownership

Cybrary Lands $15 Million Series B Round to Train Cybersecurity Workforce (EdSurge) Ryan Corey remembers when his business plan would get him and his team laughed out of a room with potential investors. Back in 2015, when the Cybrary ...

Mimecast Announces Acquisition of DMARC Analyzer (Financial Buzz) Mimecast Limited (NASDAQ: MIME), a leading email

Capstone Headwaters Advises GC&E Systems Group on its Acquisition by Bristol Bay Native Corporation | Capstone Headwaters (Capstone Headwaters) Capstone Headwaters, a leading international investment banking firm, advised Atlanta-based GC&E Systems Group (“GC&E”) on its acquisition by Bristol Bay Native Corporation (“BBNC”), headquartered in Anchorage, Alaska. Terms of the deal were not disclosed.

WSJ News Exclusive | Carl Icahn Makes Case for Xerox-HP Union (Wall Street Journal) Activist investor Carl Icahn is pushing for the proposed merger of Xerox and HP. He revealed a stake in HP that could increase pressure for a tie-up.

Airbus Launches Human-Centric Cybersecurity Accelerator (Infosecurity Magazine) Airbus will work in collaboration with the NCSC on the new initiative

It's official: Microsoft's regional artificial intelligence hub has a home in Louisville (The Courier-Journal) According to a recent report from the Brookings Institution, Louisville ranks eighth among metropolitan areas in risk of losing jobs to automation.

Twitter spy scandal a wake-up call for companies to clean up their data access acts (CSO Online) Two Twitter employees accessed user data on behalf of the Saudi government. Neither should have had access, and this is a sign of a bigger problem at all companies.

Resignation at GitLab Highlights Concerns Over Corporate Espionage (Wall Street Journal) Candice Ciresi resigned from her position as director of global risk and compliance at the San Francisco-based software-development startup following a brouhaha that began last month over how the company handled client concerns about data privacy.

Products, Services, and Solutions

Tech Data Opens Cyber Range to Champion Cybersecurity Training, Demonstration and Engagement (BusinessWire) Tech Data Opens Cyber Range to Champion Cybersecurity Training, Demonstration and Engagement

StackRox – Unique Innovations for Hardening Kubernetes · StackRox: Cloud-Native, Container, and Kubernetes Security (StackRox) StackRox Kubernetes Security Platform upgrade enables customers to better harden Kubernetes and container environments

BehavioSec Accelerates Authentication and Usability Performance in Latest Behavioral Biometrics Platform Release (BusinessWire) BehavioSec today announced enhanced performance features as part of the newest release of the BehavioSec Behavioral Biometrics Platform.

Brave Launches Next-Generation Browser that Puts Users in Charge of Their Internet Experience with Unmatched Privacy and Rewards (Brave Browser) Brave Software, makers of the innovative Brave browser which combines privacy with a blockchain-based digital advertising platform, today announced the official launch of Brave 1.0.

Blue Cedar Accelerator for Microsoft Leverages Microsoft Intune Integration to Speed Security Injection for Enterprise Mobile Apps (BusinessWire) Blue Cedar, the company that provides rapid, no code mobile app security integration to enterprises and independent software vendors (ISVs), today ann

Neone Launch Makes Social Media Fun, Safe and Private Again (BusinessWire) Neone Inc, a company on a mission to make social media fun, safe and private again, today launched a private, secure and ad-free social media service

Portnox Introduces Okta SAML Integration for Cloud-Delivered Network Access Control Platform (BusinessWire) Portnox, which supplies network access control, visibility and device risk management to organizations of all sizes, today announced its newest integr

Technologies, Techniques, and Standards

‘GridEx’ offers stiff security test for an industry that welcomes the challenge (CyberScoop) Every two years, power-grid authorities throw the kitchen sink of digital and physical mayhem at electric utilities and government organizations across North America.

AI Is Not Real: How Intelligent Is Artificial Intelligence? (International Business Times) Despite its popularity both in consumer technology and in popular fiction, experts believe that AI is not real.

IRS to Mount Epic Cyber-Safety Campaign (Infosecurity Magazine) Cyber Monday will mark the beginning of an extensive cybersecurity campaign by the IRS

Design and Innovation

China’s Lead in the AI War Won’t Last Forever (Bloomberg) Artificial intelligence will be very useful in controlling a police state. But a police state may not be very good at controlling artificial intelligence.

EXCLUSIVE Pentagon’s AI Problem Is ‘Dirty’ Data: Lt. Gen. Shanahan (Breaking Defense) The military has all the data it needs to train machine learning algorithms for war – somewhere. Now the Joint AI Center has to find it all and clean it up. The goal: AI Ready data.

Research and Development

DHS Awards Funds for Blockchain Security Technology (SIGNAL Magazine) The Department of Homeland Security Science and Technology Directorate has a contract to develop blockchain security technology to prevent credential fraud.

IARPA Awards Contract to Company that Harvests Social Media Text, Data (The Sociable) IARPA awards a research contract for extracting data from text to Raytheon BBN, which harvests the text of social media postings and other data.

Legislation, Policy and Regulation

French government forms cybersecurity pact with major French companies (Reuters) The French government signed on Thursday a three-year cybersecurity pact with ei...

Why agencies need to work together to defend forward (Fifth Domain) The Department of State has demonstrated that it can help the Department of Defense in cyberspace.

House panel mulls new election tech specs (FCW) The House Science, Space and Technology Committee will mark up new legislation Nov. 14 that would mandate new research into voting machine cybersecurity vulnerabilities and update the way the government certifies such equipment.

Report: Election vendors are 'prime targets,' need oversight (WHAM) The private companies that make voting equipment and build and maintain voter registration databases lack any meaningful federal oversight despite the crucial role they play in U. S. elections, leaving the nation's electoral process vulnerable to attack, according to a new report. The Brennan Center for Justice on Tuesday issued the report, which calls on Congress to establish a framework for federal certification of election vendors.

The USPTO wants to know if artificial intelligence can own the content it creates (The Verge) Can an algorithm create copyrightable work?

Chad Wolf sworn in as acting Department of Homeland Security chief, Ken Cuccinelli to be acting deputy (Washington Post) Wolf, the fifth person to hold the top DHS job under Trump, was opposed by Democrats for his role in family separations at the U.S. southern border.

Litigation, Investigation, and Enforcement

Internet Society Deeply Concerned about Interim Injunction Ordered by Hong Kong High Court (Internet Society) The Internet Society and the Internet Society Hong Kong Chapter are deeply concerned about the recent interim injunction (High Court Intended Action 202/2019) ordered by the Hong Kong High Court and the effects it might have on the operation of Internet infrastructure and online communications. The Internet Society is troubled by actions like this that …

Analysis | The Technology 202: Disinformation campaigns targeting veterans are in the spotlight on Capitol Hill today (Washington Post) One group's spokesman says it's acting as 'unpaid consultant' to Facebook

Google: You can trust us with the medical data you didn’t know we already had [Updated] (Ars Technica) Google has 50M people's medical records but won't merge them with other Google data.

Analysis | The Cybersecurity 202: Schiff hammers Trump’s Crowdstrike conspiracy theory at impeachment hearing (Washington Post) The GOP didn't name check the firm, for once.

U.S. demands for Facebook user data are at record levels (TechCrunch) Facebook’s latest transparency report is out. The social media giant said the number of government demands for user data increased by 16% to 128,617 demands during the first half of this year compared to the second half of last year. That’s the highest number of government demands it ha…

Breach affecting 1 million was caught only after hacker maxed out target’s storage (Ars Technica) Hacker's data archive file grew so big that the target's hard drive ran out of space.

Orcus RAT Author Charged in Malware Scheme (KrebsOnSecurity) In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT, a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme.

Russian man charged with running money-back-guaranteed criminal marketplace (Ars Technica) Cardplanet offered 150,000 cards and defrauded US holders of >$20 million.

Russia Fails to Stop Alleged Hacker From Facing US Charges (Wired) The repercussions over custody and extradition of Aleksei Burkov have set off a geopolitical maelstrom.

Google fires staffer, suspends two others, amid rising workplace tensions (Ars Technica) Workplace political battles are steadily eroding Google’s open culture.

One Google Staffer Fired, Two Others Put on Leave Amid Tensions (Bloomberg) Employee terminated for leaking names, details to media. Rifts with management roiling company known for openness.

Whistle-blower Edward Snowden slams China censorship of his book (South China Morning Post) References to China’s military cyber intelligence, Great Firewall and the Arab spring missing from simplified Chinese edition of his memoir Permanent Record.

Bring your own context.