The CyberWire Daily Briefing 2.1.19

Cyber Attacks, Threats, and Vulnerabilities

Russian DNC Hackers Launch Fresh Wave of Cyberattacks on U.S. (The Daily Beast) Despite our best efforts at deterrence, the hits have kept coming even as the 2020 election approaches.

CoAP Attack in the Wild (NETSCOUT Threat Intelligence) Attackers have recently begun launching CoAP reflection/amplification DDoS attacks, a protocol primarily used today by mobile phones in China, but expected to grow with the explosion of Internet of Things (IoT) devices.

ShapeShifter-3PC: An Adaptive Malware Campaign Hits Alexa 500 Sites and Visitors Using iOS (The Media Trust) This article was authored by Pat Ciavolella, Director of Digital Security & Operations at The Media Trust.

Apple punishes Google for data collection app (The Telegraph) Apple pulled important app-development tools from Google after the iPhone maker decided the internet giant broke its rules, according to people familiar with the matter.

Apple restores Google’s internal iOS apps after certificate misuse punishment (TechCrunch) Apple has blocked Google from distributing its internal-only iOS apps on its corporate network after a TechCrunch investigation found the search giant abusing the certificates. “We’re working with Apple to fix a temporary disruption to some of our corporate iOS apps, which we expect will be r…

Apple reactivates Facebook’s employee apps after punishment for Research spying (TechCrunch) After TechCrunch caught Facebook violating Apple’s employee-only app distribution policy to pay people for all their phone data, Apple invalidated the social network’s Enterprise Certificate as punishment. That deactivated not only this Facebook Research app VPN, but also all of Faceboo…

Apple kicks Facebook’s snoopy Research app out of the App Store (Naked Security) It was paying people, including teens, up to $20 to install an app that got root access for “nearly limitless access,” encryption or no.

We dismantle Facebook’s memo defending its “Research” (TechCrunch) Facebook published an internal memo today trying to minimize the morale damage of TechCrunch’s investigation that revealed it’d been paying people to suck in all their phone data. Attained by Business Insider’s Rob Price, the memo from Facebook’s VP of production engineering…

Why Facebook’s Banned ‘Research’ App Was So Invasive (WIRED) Until Apple revoked its privileges Wednesday, Facebook was paying iOS users $20 a month to download and install the data-sucking application.

'Tone deaf' Mark Zuckerberg still hasn't got to grips with his privacy problem (The Telegraph) If you were designing a weird and creepy plot to secure world domination, possibly while stroking your white pussycat in an underground lair, you might well call it Project Atlas.

Facebook removes hundreds of accounts linked to fake news group in Indonesia (TechCrunch) Facebook said today it has removed hundreds of Facebook and Instagram counts with links to an organization that peddled fake news. The world’s fourth largest country with a population of over 260 million, Indonesia is in election year alongside Southeast Asia neighbors Thailand and the Philip…

Facebook nukes hundreds of “inauthentic” accounts “tied to Iran” (Ars Technica) "We're not in a position to directly assert who the actor is in this case."

2018 U.S. midterm elections review (Twitter) Today, we’re sharing a comprehensive review of our efforts to protect the integrity of the public conversation on Twitter regarding the 2018 U.S. midterm elections.

Twitter follow bots cut off from API, as accounts disabled for spreading misinformation from Iran and elsewhere (Graham Cluley) ManageFlitter, Statusbrew, and Crowdfire have had their access to the Twitter API revoked for allegedly helping users abuse the service, aggressively and repeatedly following and unfollowing large numbers of other accounts - a tactic frequently employed by Twitter spammers. Meanwhile, Twitter and Facebook share details of the accounts they have shut down after finding they were spreading misinformation in the run-up to the US midterm elections.

Twitter cuts off API access to follow/unfollow spam dealers (TechCrunch) Notification spam ruins social networks, diluting the real human interaction. Desperate to gain an audience, users pay services to rapidly follow and unfollow tons of people in hopes that some will follow them back. The services can either automate this process or provide tools for users to generat…

UAE senior diplomat denies hacking Americans (Reuters) A United Arab Emirates senior diplomat denied on Thursday the country had target...

Report: iPhone hacked by 'Karma' attack just by receiving a text via iMessage (CSO) State sponsored hackers from the US working in the Middle East reflect on the joys of having a fresh exploit for iPhones.

Criminals Are Tapping into the Phone Network Backbone to Empty Bank Accounts (Motherboard) Motherboard has identified a specific UK bank that has fallen victim to so-called SS7 attacks, and sources say the issue is wider than previously reported.

Indian state government leaks thousands of Aadhaar numbers (TechCrunch) A lapse in security has led to the leaking of over a hundred thousand Aadhaar numbers, TechCrunch can reveal. One of the web systems used to record attendance of government workers for the Indian state of Jharkhand was left exposed and without a password as far back as 2014, allowing anyone access …

It's Shodan embarrassing: Red-faced Rubrik blames public-facing DB on developer ballsup (Register) Sandbox test environment door left wide open

SQL Slammer 16 years later: Four modern-day scenarios that could be worse (CSO Online) Nothing has ever come close to the speed at which the SQL Slammer worm took down networks. These very possible scenarios might beat it in terms of speed and damage.

Researchers Discover Malware That Targets Apple Mac Computers and Cryptocurrency Exchanges (Fortune) Remember to clear your cookies when you check bitcoin's price.

This Hacker Showed How a Smart Lightbulb Could Leak Your Wi-Fi Password (Motherboard) The “moderate to severe” vulnerabilities discovered by the hacker LimitedResults have since been fixed, according to the smart bulb company LIFX.

Airbus investigates cyber attack on its data system (Business Insider) Jet manufacturer insists hackers did no commercial damage

14k HIV+ records leaked, Singapore says sorry (Naked Security) Singapore’s Ministry of Health said the HIV status of 14,200 people, plus confidential data of 2,400 of their contacts, is in the possession of somebody who’s not authorized to have it …

Sextortion: Follow the Money Part 3 - The cashout begins! (SANS Internet Storm Center) There hasn't been much to update in the several months since the Sexploitation

Cyber risks creep up on the unwary (Port Strategy) John Bensalhia finds out why bulk terminals are just as vulnerable to attack as container hubs

Prospect optometry office victimized by cyber attack (Republican-American) Ransom. The word filled the screens of the 25-unresponsive computer monitors at the optometry offices of Dr. Thomas DeLuca, Dr. Anthony Marciano & Associates. “My heart f…

Security Patches, Mitigations, and Software Updates

Update now! Chrome and Firefox patch security flaws (Naked Security) Google and Mozilla are tidying up security features and patching vulnerabilities in Chrome and Firefox for Mac, Windows, and Linux.

Tripwire Patch Priority Index for January 2019 (The State of Security) Tripwire's January 2019 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, and Oracle. First, on the patch priority list this month are patches for Microsoft's Browser and Scripting Engine.

Cyber Trends

People Will Trade Personal Data for Convenience and Security: Experian (Mobile ID World) Experian's Global Identity and Fraud Report found that growing privacy concerns have not soured people on the overall potential of the digital experience

Employees report 23,000 phishing incidents annually, costing $4.3 million to investigate (Help Net Security) Account takeover-based (ATO) attacks now comprise 20 percent of advanced email attacks, according to Agari's Q1 2019 Email Fraud & Identity Deception

Is your organization ready for the data explosion? (Help Net Security) Starting in 2019 and beyond, organizations need to evolve to be able to accommodate the data explosion - or risk falling behind.

Marketplace

Orange acquires SecureData to increase its international reach and expertise in cybersecurity (Orange) Orange announces the acquisition of 100% of SecureData Group, and its consulting subsidiary SensePost.SecureData is the largest independent cybersecurity service provider in the UK, the largest market in Europe.This acquisition is yet another step toward establishing Orange’s position as a leading player in the European cybersecurity market.

Sophos snaps up second security start-up in a month (ARN) Sophos has unveiled plans to acquire a second security-focused start-up within the space of the month, through the buyout of DarkBytes.

Cisco To Buy Network Analytics Provider Singularity Networks (CRN) Cisco plans to acquire privately held network analytics provider Singularity Networks to deepen network insight for its service provider customers and MSP partners.

WISeKey opens its Geneva Blockchain Center of Excellence Headquartered at the World Trade Center II Geneva (GlobeNewswire News Room) The Geneva Blockchain Center of Excellence will be officially inaugurated in April 2019, marking the celebration of WISeKey's 20th Anniversary.

Siemens Canada joins Canadian Institute for Cybersecurity (Benzinga) Siemens Canada has announced its corporate membership with the Canadian Institute for Cybersecurity (CIC) housed at the University of New...

‘I created a firm to change the rules on cybersecurity’ (Times) For Paul Vixie, security on the internet is akin to warfare. The chief executive and founder of Farsight Security, a cyber consultancy based in California, is one of the internet’s pioneers having...

Symantec CEO Credits New Leadership For Enterprise Security Success (CRN) ‘This is definitely helping us as we go forward,’ says Symantec CEO Greg Clark. ‘We have very focused and concentrated energy on the product side and also on the field side.’

Report: San Antonio's cyber, IT firms hurting for trained workers (ExpressNews.com) SA Works, part of the San Antonio Economic Development Foundation, surveyed more than 30 local organizations that either provide cybersecurity and IT services or have staff dedicated to these areas.

Seasoned Cyber Security Industry Executive Madhav Sonthalia Joins Zimperium as Chief Product Officer (BusinessWire) Zimperium today announced Madhav Sonthalia has joined the company as Chief Product Officer.

Intel names Robert Swan as new CEO (Computing) CFO Swan had been interim CEO of Intel for more than six months while the company searched for a replacement to Brian Krzanich

Products, Services, and Solutions

Deloitte launches new proprietary solution to help manage records disclosure and data privacy (Help Net Security) Deloitte's disclosure solution is designed to help Deloitte clients manage information requests, create FOIA responses and reports and manage data privacy.

Dynetics selects NeoNova as exclusive cybersecurity partner (PR Newswire) NeoNova, subsidiary of NRTC and leader in network technologies and help desk services for rural telcos and service ...

Check Point and Ericom Software join forces to tackle browser-based attacks (Help Net Security) Ericom Shield RBI integrates with Check Point Advanced Network Threat Prevention for security solution that fights browser-based attacks.

Syncurity partners with SentinelOne to accelerate alert triage and orchestrate incident response (Help Net Security) Syncurity and SentinelOne partnership enables customers to accelerate alert triage and automatically orchestrate response to threats across all endpoints.

QuantLR partners with PacketLight Networks to secure next-generation networks (Help Net Security) QuantLR LTD and PacketLight Networks partner to form a more secure optical network by jointly developing an integrated QKD solution.

Ixia launches new software for management of visibility solutions (Help Net Security) Ixia Fabric Controller Centralized Manager delivers zero-touch provisioning and visualization of network packet brokers, taps and bypass switches.

An App That Promoted Cyberbullying Shifts to the Workplace (WIRED) Sarahah was banned from app stores because it became a vehicle for cyberbullying. Its creators are introducing Enoff, for anonymous workplace feedback.

Technologies, Techniques, and Standards

EFF has an encryption plan for the entire internet (CSO Online) Spurred by government surveillance of data, the Electronic Frontier Foundation is making progress toward its goal of encrypting all internet traffic using technology and scorecards.

Ethics of Disclosure: Chinese Hacking of EU Diplomatic Cable Traffic (Security Boulevard) As the EU's COREU network's diplomatic cable traffic is published in The New York Times, questions abound regarding ethics of disclosure.

Fortify Your Human Firewall Against Tax Fraud (Revolutionary Security) Are you training your organization to recognize phishing activity? Tax time is prime time for increased criminal activities and your employees could be a target. Review some quick tips and share this @Habitu8 video with your team to impress the importance of positive cyber behaviors this tax season.

How to defend Office 365 from spear-phishing attacks (CSO Online) A recent successful zero-day Flash attack began with a spear-phishing email. These Windows 10 and Office 365 settings could have prevented it.

8 Cybersecurity Myths Debunked (Dark Reading) The last thing any business needs is a swarm of myths and misunderstandings seeding common and frequent errors organizations of all sizes make in safeguarding data and infrastructure.

TruSTAR’s Paul Kurtz Talks To Executive Director of IT-ISAC About the Benefits of Intelligence Fusion (TruSTAR) In IT-ISAC’s new Firewall Chat Podcast TruSTAR CEO Paul Kurtz sat down with Executive Director of IT-ISAC Scott Algeier about how IT-ISAC members can leverage Intelligence Fusion concepts into their security operations.

Cisco Router Vulnerability Gives Window into Researchers' World (Dark Reading) The research around a recent vulnerability shows how researchers follow leads and find unexpected results.

EU GDPR Data Breach Notification Resource Map (BakerHostetler) Baker & Hostetler LLP publications are intended to inform our clients and other friends of the firm about current legal developments of general interest. They should not be construed as legal advice, and readers should not act upon the information contained in these publications without professional counsel.

Safeguarding your data from human error and phishing attacks with the cloud (Help Net Security) IT security is an arms race and the public cloud providers have access to the latest technology and top experts, according to AODocs.

Program continues operational development of Army information warfare capabilities (DVIDS) Since 2015 U.S. Army Cyber Command (ARCYBER) has been defining and developing cyberspace operations capabilities to support Army maneuver elements through the Cyberspace Electromagnetic Activities (CEMA) Support to Corps and Below (CSCB) program created in response to a directive by the Chief of Staff of the Army to build unit cyber capacity and help the Army to operationalize cyber.

Are Data Hacks Pushing People Towards Secure Blockchain Identity Systems? (Forbes) Data has become a prized currency of the internet world, but users are starting to demand back control after the likes of Facebook have proven they need more security. Blockchain secure Identities are on the rise.

Design and Innovation

TikTok Can't Save Us from Algorithmic Content Hell (Motherboard) TikTok is not immune from engagement-hungry algorithms that dominate the internet as we know it.

Academia

ISI Program to Develop Grant-Funded Social Media/Dark Web Analysis Curriculum, Cyber Competitions (Ferris State University) Ferris State University’s Information Security and Intelligence program has received a $130,000 National Security Agency grant to establish a social media/dark web analysis curriculum concentration that is focused on security and intelligence. It will also equip ISI faculty with the necessary training and classroom tools.

Legislation, Policy and Regulation

Sanction-hit Iran ready to launch state cryptocurrency (Asia Times) The 'crypto-Rial' will reportedly be for banks and institutional transactions and will be followed by a cryptocurrency that will be for mainstream use

European Parliament recognizes Venezuela's Juan Guaido (Deutsche Welle) The European Parliament has urged EU member states to recognize opposition leader Juan Guaido as acting president. The EU has so far said it will take "further actions" if Venezuela does not hold fresh elections.

Don't let China control your networks, US envoy tells Europe (Luxembourg Times) US ambassador to EU warns China seeks control of Western data, networks

‘It’s too dangerous:’ Cybersecurity specialist warns Canada against Huawei 5G (Global News) In 2016, a Chinese telecommunication company secretly diverted Canadian internet traffic to China, says an Israeli cybersecurity specialist who is warning Canada against allowing Huawei to build a 5G network.

Analysis | The Cybersecurity 202: U.S. should counter Russia and China hacking with its own influence operations, think tank says (Washington Post) The Foundation for Defense of Democracies says nothing else is working.

Midterm Assessment The Trump Administration’s Foreign and National Security Policies (Foundation for the Defense of Democracies) In this midterm assessment, FDD experts and scholars evaluate the Trump administration’s efforts to advance and protect U.S. vital interests.

Experts: Cyber Threat Being Met With Same Apathy As Terrorism Before It (The Media Line) Western countries are ignoring the severity of the threat posed by cyberattacks in the same way they initially failed to tackle the scourge of terrorism.

Cornyn proposes expanding cyber authority to Energy Dept. for pipelines, LNG (Houston Chronicle) Texas Sen. John Cornyn introduced legislation Thursday that would extend authority over the cybersecurity of oil and natural gas pipelines, as well as liquefied natural gas facilities, to the Department of Energy.

Litigation, Investigation, and Enforcement

How Russia Is Strong-Arming Apple (Foreign Policy) Moscow is demanding control over users’ personal data.

The doorbells have eyes: The privacy battle brewing over home security cameras (Washington Post) Police want to register — and even subsidize — connected home security cameras. That’s just the start of the ethical challenges ahead.

Phone cloner gets 65 months in jail (Naked Security) A US court has sentenced a man to over five years for his part in a massive telecommunications fraud involving stolen cellphone accounts and reprogrammed phones.

Facebook, Google, released from time-out. Social media take down inauthentic accounts. Info ops. Current attacks.