The CyberWire Daily Briefing, 11.15.19

Cyber Attacks, Threats, and Vulnerabilities

'Kardashian jokes and then a really racist tweet': How Russian social media trolls snared Americans (SC Magazine) Graphika chief innovation officer Camille Francois recounts how Russian trolls crept in and disrupted the US electorate views

Google Chrome experiment crashes browser tabs, impacts companies worldwide (ZDNet) In what looks to be the Chrome team's biggest misstep, companies report massive outages caused by unannounced Chrome experiment.

Eleven flaws found in 5G protocol that could enable real-time location tracking (Computing) Researchers have yet to receive a response from the GSMA over their security claims

Warning over new Bluetooth security vulnerability (Computing) Devices become vulnerable when they are initially paired to a mobile app

When one isn’t enough: This shady malware will infect your PC with dual Trojans (ZDNet) Low detection rates and the drop of not one, but two Trojans, spells trouble.

Double Trouble: RevengeRAT and WSHRAT (Fortinet Blog) Learn more about a new Revenge RAT sample recently captured in the wild by our FortiGuard Labs team. …

AnteFrigus ransomware leaves C alone, goes after other drives (SC Magazine) Security researchers nab oddly behaving ransomware variant that bypasses the victim's C drive, instead targeting the device's other drives

Strange AnteFrigus Ransomware Only Targets Specific Drives (BleepingComputer) A new and strange ransomware called AnteFrigus is now being distributed through malvertising that redirects users to the the RIG exploit kit. Unlike other ransomware, AnteFrigus does not target the C: drive, but only other drives commonly associated with removable devices and mapped network drives.

Threat actor impersonates German, Italian and American gov't agencies to spread malware (SC Magazine) Threat actor has been impersonating governmental agencies in phishing emails designed to infect American, German and Italian organisations with various forms of malware

TA2101 plays government imposter to distribute malware to German, Italian, and US organizations (Proofpoint) Proofpoint researchers describe campaigns from TA2101, an actor currently using tax and public entity-themed lures to socially engineer its victims to install malware

Malware on GitHub wants your Crypto-Currencies (Deep Instinct) Deep Instinct recently detected and prevented an unknown dropper infection that was found to be attempting to download a file from GitHub.

Gaping 'hole' in Qualcomm’s Secure World mobile vault leaked sensitive data (ZDNet) Researchers found a “gaping hole” in what was thought to be an extremely secure area in our mobile devices.

Intel is still struggling with the truth about its processor security flaws (The Verge) Intel claimed issues were fixed, but they weren’t

Linux vs. Zombieland v2: The security battle continues (ZDNet) Another day, another Intel CPU bug. Here's what Red Hat and other Linux vendors are doing about it.

UK's official Brexit documentation app is porous (SC Magazine) Researchers find that the UK Home Office's Brexit Android app lacks basic security, allowing hackers to steal passport information and facial IDs

Officials warn about the dangers of using public USB charging stations (ZDNet) Travelers should use only AC charging ports, use USB no-data cables, or "USB condom" devices.

Transcription Site Rev Leaves Customer Data Out in the Open (Medium) Gig workers warn that more than 40,000 transcribers could access private customer information, including job details

Philips IntelliBridge EC40/80 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: IntelliBridge EC40 and EC80 Vulnerability: Inadequate Encryption Strength 2.

Siemens S7-1200 CPU (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: S7-1200 CPU Vulnerability: Exposed Dangerous Method or Function 2. RISK EVALUATION Successful exploitation of this vulnerability could expose additional diagnostic functionality to an attacker with physical access to the UART interface during boot process.

Siemens PROFINET Devices (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: PROFINET Devices Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-283-02 Siemens PROFINET Devices that was published October 10, 2019, on the ICS webpage on us-cert.gov.

Siemens Industrial Products (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Integer Overflow or Wraparound, Uncontrolled Resource Consumption 2.

ABB Power Generation Information Manager (PGIM) and Plant Connect (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: Power Generation Information Manager (PGIM) and Plant Connect Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication and extract credentials from the device.

Omron CX-Supervisor (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Omron Equipment: CX-Supervisor Vulnerability: Use of Obsolete Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in information disclosure, total compromise of the system, and system unavailability.

Siemens Mentor Nucleus Networking Module (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: Mentor Nucleus Networking Module Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to affect the integrity and availability of the device.

Mexican minister says Pemex oil firm unaffected by cyberattack, workers disagree (Reuters) A cyberattack on computer networks of the Mexican national oil company Pemex is ...

Try as they might, ransomware crooks can't hide their tells when playing hands (Register) Sophos sees common behavior across various infections

Silly Phishing Scam Warns That Your Password Will be Changed (BleepingComputer) A silly phishing campaign is underway where the attackers state that your password will expire and be changed unless you login and confirm that you want to keep it the same.

Siemens Desigo PX Devices (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Desigo PX Devices Vulnerability: External Control of Assumed-Immutable Web Parameter 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the device’s web server, requiring a reboot to recover the web interface.

How ransomware attacks (Naked Security) A new report reveals what defenders should know about the most prevalent and persistent malware families.

Cyber Security Today: Phone scam at Canadians, email Post Office scam at Americans and more (IT World Canada) Phone scam to scare Canadians, email Post Office scam hits the U.S., get ready for holiday online sales and more Welcome to

Residents still haven't heard updates about the cyber attack on Lee County (NBC 2) As tax notices go out and people have to pay them, some said they're worried about how vulnerable their sensitive information is.

Nunavut government computer systems returning to normal after cyber attack (Times Colonist) The Nunavut government is slowly returning to normal nearly two weeks after its computer systems were paralyzed by a cyber attack.Dean Wells, the territory's chief information . . .

Opinion | Saudi spies hacked my phone and tried to stop my activism. I won’t stop fighting. (Washington Post) I used to work closely with Jamal Khashoggi against the Saudi troll army on Twitter. That's why I've been targeted.

Security Patches, Mitigations, and Software Updates

Intel Fixes 77 Vulnerabilities in Patch Tuesday, Announces New Appointment to Top Suite (CISO MAG) Intel fixes 77 vulnerabilities in its latest Patch Tuesday. Of the 77 vulnerabilities, 67 were detected by internal teams with 22 of them deemed critical.

Safari gets support for hardware security keys with iOS 13.3 (The Next Web) Apple's iOS 13.3 update comes with a new nifty feature that allows Safari users to use hardware security keys for two-factor authentication.

Google to restrict advertiser access to user data over privacy concerns (Computing) The search giant has decided against including contextual content categories in the bid requests it sends to buyers

Cyber Trends

Survey Finds Nearly 3 in 4 Retailers Have Been Attacked by Cybercriminals (PR Newswire) The online threats facing retailers are becoming more complex and threatening, new research from the Ponemon Institute finds. The 2019 Global...

Smarsh Survey Underscores Need for Financial Firms to Embrace Social, Mobile and Collaboration Technologies in Order to Compete and Grow (BusinessWire) Smarsh®, helping customers get ahead – and stay ahead – of the risk within their electronic communications, today released its ninth annual Electronic

Cybersecurity Research Reveals Risk is Shifting to Midsized Businesses (PR Newswire) Coalfire, a provider of cybersecurity advisory and assessment services, today released its second annual Penetration Risk Report. The research,...

Fortinet Releases Threat Landscape Report for Q3 2019 (Fortinet Blog) Learn about the threat trends revealed in Fortinet's latest Threat Landscape Report, which include attacks on edge services, the growth of Malware-as-a-Service, and more.…

Network complexity and lack of visibility contribute to misconfigurations and increased risk (Help Net Security) The lack of automation, coupled with increasing network complexity and lack of visibility contribute to costly misconfigurations and increased risk.

Fraud rates increasing as criminals become more sophisticated (Help Net Security) Fraud rates have been increasing, with 90 voice channel attacks occurring every minute in the U.S., a Pindrop report reveals.

The Real Fight for the Future of 5G (Foreign Affairs) Who will patrol the borders of a new network?

The New Masters of the Universe (Foreign Affairs) Paul Starrs reviews Shoshana Zuboff's new book about technology firms, power, and privacy.

Cybersecurity biggest tech priority for foodservice industry in 2020 (Verdict Foodservice) According to research from Softcat cybersecurity is the biggest priority in technology for the foodservice industry for 2020.

5 Cybersecurity Trends to Watch for 2020 (Irish Tech News) With the number of cyber-incidents on the rise, the need to be on top of IT security is more important than ever. In this article, we look at the new innovations and emerging technologies trends

Marketplace

INKY Announces Additional $6 Million in Funding Led by ClearSky (INKY) INKY today announced the company has raised an additional $6 million in funding led by ClearSky Security.

Plixer Acquires Great Bay Software (West) The combined solution delivers automated network detection and response (NDR)

Five Points Acquires GrammaTech (Citybizlist) Five Points Capital, a leading independent private equity manager, announced it has acquired GrammaTech, Inc.,

The channel reacts to mammoth Tech Data acquisition (CRN) As news settles of the distie giant's $5.4bn purchase by private equity house Apollo Global, CRN gauges channel opinion on the move.

MITRE Engenuity Announces the Center for Threat-Informed Defense (AP NEWS) MITRE Engenuity™, a tech foundation for public good, announced today the Center for Threat-Informed Defense™, a collaboration with industry to improve cyber defense at scale through collaborative research and development.

Garrett Jones Joins IronNet to Lead Global Channel Organization (PR Newswire) IronNet Cybersecurity, the global leader in Collective Defense and advanced Network Traffic Analysis, today announced the appointment of...

WhiteHat Security Names Former Appthority, FlawCheck CEO Anthony Bettini Chief Technology Officer (BusinessWire) WhiteHat Security today announced that former Appthority and FlawCheck Founder & CEO Anthony Bettini has been named chief technology officer (CTO).

Products, Services, and Solutions

New infosec products of the week: November 15, 2019 (Help Net Security) New infosec products for this week of November 2019 include the following vendors: Sysdig, HiveIO, Jamf, ZeroNorth and Bitglass.

Data Privacy - The Best Podcasts in English 2019 (Boxcryptor) The Boxcryptor team likes podcasts, for entertainment but also for educational purposes. Here is our comparison of our favorite privacy podcasts in English.

Allianz UK unveils Cyber Select (Insurance Business) New offering caters to mid-corporate businesses

Fugue Open Sources Fregot to Support Developers Working with the Rego Policy Language (Fugue) Fugue open sourced the Fugue Rego Toolkit (Fregot) for working with the Rego policy language. Fregot enables developers to evaluate Rego expressions, debug code, and test policies.

Updated Netwrix Auditor extends access security and governance to Office 365 (Netwrix) More visibility into Office 365, VMware and Active Directory will empower organizations to mitigate the risk of data breaches and audit findings.

Enzoic Enhances Automated Password Monitoring in Active Directory (SYS-CON Media) Enzoic, a leading provider of compromised credential screening solutions, today released the latest version of Enzoic for Active Directory.

XMedius File Exchange Solutions Achieve PCI DSS Compliance (West) Organizations Can Now Leverage XM Fax and XM SendSecure in Their PCI DSS Compliant Business Practices

Persona Identity Verification Rebrand Highlights Unique People-First, Privacy-Centered Approach (BusinessWire) Persona, the all-in-one online identity verification (IDV) startup, rebrands with privacy-centric, people-first approach.

Juniper Security Extended To 'Every Port Of Connection On The Network' (CRN) Juniper Security Intelligence framework (SecIntel) is now being extended to Juniper's EX Series and QFX Series switches so every port of connection on the network, including routers, switches, access points or firewalls can be threat aware, the company announced at NXTWORK 2019.

SpearHead partners Zerofox on social media security (My Joy) ICT Security Solutions provider and Zerofox, a cyber-security company based in Baltimore (Maryland) have organised a seminar on social media security and digital risk monitoring.

Davos Networks Announces Partnership with Check Point Software (Benzinga) Davos Networks, a Swiss-based company providing comprehensive Cyber Security and Network Solutions, has today announced that it...

This App Will Tell You if Your iPhone Gets Hacked (Vice) A security firm has released a new app that promises to detect when your iPhone has been targeted by hackers, but there are caveats.

Cynet Videos Take CISO/Security Vendor Relationships to the Extreme (PRWeb) Cynet (http://www.cynet.com) today announced a new video series by the company as part of a larger campaign to introduce Chief Information Security Officers (CI

Firewalla Gold: Multi-Gigabit Cyber Security (Indiegogo) Next-generation smart firewall for home and business, that's simple to use, powerful and affordable | Check out 'Firewalla Gold: Multi-Gigabit Cyber Security' on Indiegogo.

Technologies, Techniques, and Standards

How the Linux kernel balances the risks of public bug disclosure (Naked Security) A serious Wi-Fi flaw shows how Linux handles security in plain sight.

DHS wants better coordination on ICS security (FCW) A top cyber official at the Department of Homeland Security said the agency is looking across industrial sectors and federal agencies when it comes to protecting critical infrastructure from cyber and physical threats.

The Executive’s Guide To Quantum Safe Security: Take these steps to make your enterprise quantum proof (OODA Loop) The steady progress in quantum computing is resulting in exciting developments that will one day bring new capabilities to a wide range of use cases.

FCC Plans to Scrap Defective System Used to Post Fake Net Neutrality Comments (Gizmodo) After years of so-called “upgrades” that have failed to allay oversight lawmakers’ concerns about the integrity of its public comment system, the Federal Communications Commission has apparently decided to scrap and replace the system entirely, multiple sources told Gizmodo.

Automated systems: Flag smarter, not everything (Help Net Security) Cybersecurity pros are constantly receiving a large number of security alerts from these automated systems – most of which are near-to-useless information.

Organizations Still Can't Grasp the Shared Responsibility Model for Cloud Security, Says Centrify Report (My TechDecisions) Survey finds that risk continues to be widespread despite security being identified as the top challenge with cloud migrations

To improve incident response, you need to consider 3rd party solutions (Help Net Security) To better understand insights and to improve incident response, you need to consider third-party solutions and leverage an integrated security strategy.

Adding a Cybersecurity Plan to the Business Plan: Cybersecurity and IP Considerations for Startups (IPWatchdog.com | Patents & Patent Law) By allocating even limited funds to assessing your data privacy risks, implementing a protection plan and creating an incident response plan, a startup can significantly improve its chances of surviving a cyberattack.

Minimizing internet outages on the battlefield (C4ISRNET) As a way to ensure network resilience, edge-based systems must understand the nature of disruptions and then decide how to best fix those interruptions.

Design and Innovation

How does fact-checking work when we can’t agree on the truth? (Columbia Journalism Review) Last month, Facebook announced that it would exempt political advertising from the fact-checking standards imposed on the rest of its platform. The move was controversial. More than ever before, social media users are finding ways to debunk disinformation, yet the volume of inaccuracies and outright falsehoods never seems to diminish, thanks in large part to […]

The Influencer Scientists Debunking Online Misinformation (Wired) A lot of the hacks and diets on social media are bogus, or even dangerous. These fact-checkers are using YouTube and Instagram to battle bad info.

How Google Interferes With Its Search Algorithms and Changes Your Results (Wall Street Journal) Pressed by businesses, interest groups and governments, the internet giant uses blacklists, algorithm tweaks and an army of contractors to shape what you see.

This Bank Had the Worst Password Policy We've Ever Seen (Vice) A European bank makes customers pay to change their passwords, and suggests they Google their password to check if it is secure.

Telegram, Signal Won't Shield Your Chats from Hackers: Report (NewsGram) So you have decided to open a Telegram account in the wake of the WhatsApp-NSO group spyware incident that affected 1,400 select users globally.

Research and Development

DHS Announces FY20 Small Business Innovation Research Topics (Newswise) Topics for the new DHS Small Business Innovation Research (SBIR) 20.1 Pre-Solicitation have been released. The Pre-Solicitation contains 11 topic descriptions, nine from the DHS S&T and two from CWMD Office.

Genetic Evasion: using genetic algorithms to beat state-level internet censorship (Boing Boing) Geneva (“Genetic Evasion”) is a project from the University of Maryland’s Breakerspace (“a lab dedicated to scaling-up undergraduate research in computer and network securit…

Academia

YSU and IBM forge training partnership (Vindicator) Youngstown State University and IBM are launching YSU’s Workforce Accelerator, designed to create a series of pre-apprenticeship programs positioning students and others to obtain needed skills for careers of the future. The program is both for career track and non-career track students, as well as those simply needing to update their skills for […]

New Professors Expand Jonsson School’s Research in Emerging Areas (UTD News) The Erik Jonsson School of Engineering and Computer Science has continued a period of rapid growth at The University of Texas at Dallas. To keep pace with the increased demand, the school has hired seven tenured or tenure-track professors this fall to continue building its research programs in emerging areas, including additive manufacturing, artificial intelligence and data science.

Legislation, Policy and Regulation

Russia and China may not be the top cyberthreats (Fifth Domain) While Russia and China pose significant threats, especially in the cyber domain, one expert worries that lesser known actors might be a more immediate concern.

Should free internet access be considered as a human right? (Help Net Security) Free internet access must be considered as a human right, as people unable to get online can't influence those shaping their everyday lives.

Labour pledges free broadband for all (BBC News) Labour would part-nationalise BT to deliver the policy and tax tech giants to help cover the £20bn cost.

Labour plan to nationalise BT Openreach and provide 'free' fibre broadband for all (Computing) TalkTalk pulls sale of FibreNation business and BT shares fall following new Labour giveaway offer

Pope tells tech companies they are responsible for child safety (Reuters) Pope Francis said on Thursday that technology company executives and investors m...

Audience with the participants in the Congress on “Promoting Digital Child Dignity – From Concept to Action” (Holy See Press Office) This morning, in the Vatican Apostolic Palace, the Holy Father Francis received in audience the participants in the Congress on “Promoting Digital Child Dignity – From Concept to Action”, taking place from 14 to 15 November 2019 in the Vatican, in the Casina Pio IV, seat of the Pontifical Academy for Social Sciences.

Analysis | The Cybersecurity 202: States and cities make cybersecurity pledge after Trump administration rejects it (Washington Post) Virginia, Colorado and Washington state all endorsed the French-led pledge

The NSA has stopped collecting location data from US cellphones without a warrant (The Verge) Changes were disclosed in a letter

DOD Looks to Increase Cybersecurity from Commercial Satellite Providers (Air Force Magazine) Commercial satellite providers seeking to sell their services to the US military will soon have to get third party certification that they are meeting cybersecurity standards, according to Air Force officials and industry executives.

Bipartisan bill to secure election tech advances to House floor (TheHill) The House Science, Space and Technology Committee on Thursday unanimously approved legislation intended to secure voting technology against cyberattacks.

Litigation, Investigation, and Enforcement

Latest cyber attack on Parliament thwarted as cause of January hack revealed (ABC News) Security prevented an attempted hack on the parliamentary network a fortnight ago, as it's become clear that a small number of users visiting a compromised website resulted in an attack on the IT system in January.

I'm the Google whistleblower. The medical data of millions of Americans is at risk | Anonymous (the Guardian) When I learned that Google was acquiring the intimate medical records of 50 million patients, I couldn’t stay silent

Impeachment hearing reveals major White House phone security fail (Ars Technica) Diplomat's testimony of Sondland-Trump call just the latest apparent OPSEC lapse by administration.

US charges men with cryptocurrency theft, SIM-swapping attacks (ZDNet) Hundreds of thousands of dollars in cryptocurrency was allegedly pilfered from victim wallets.

Divergent views of Pemex hack. TA2101 phishing. Two Trojans in one dropper. AntiFrigus ransomware skips C-drives. BLE bug.

Bring your own context.