The CyberWire Daily Briefing, 12.12.19

Cyber Attacks, Threats, and Vulnerabilities

Operation Gamework: Infrastructure Overlaps Found Between BlueAlpha and Iranian APTs (Recorded Future) Insikt Group uncovers evidence of an overlap in operational infrastructure between threat actor BlueAlpha and suspected Iranian nation-state activity.

Krampus-3PC: Persistent Malware Using Multiple Techniques Hits Online Readers in Time for the Holidays (The Media Trust) The Media Trust Digital Security & Operations team has uncovered an attack on 100+ publications around the world.

Fake Payroll Emails Used by Phishing Campaign to Deliver TrickBot (Security Intelligence) A phishing campaign is using payroll-themed emails to trick users into inadvertently infecting their machines with TrickBot.

This new ransomware is targeting companies across Europe and the US (ZDNet) Zeppelin ransomware is highly customisable and researchers believe the attacks are of Russian origin.

Report: French Postal Service App Exposes Small Business Owners in Data Leak (vpnMentor) vpnMentor’s research team discovered a breach on a database belonging to Genius, an Android app built by French postal service La Poste.

“Aw Snap!” Crash Makes a Comeback in Chrome 79 (BleepingComputer) Google Chrome users are complaining once more of "Aw Snap!" crashes as the Code Integrity feature got re-enabled in the latest version of the browser, released yesterday.

Cybereason Detected Credit Card Malware Attack That Stole Tens of Millions of Dollars (CTECH) The Israeli Cybersecurity company said the attack, which targeted the PoS systems of financial, manufacturing, and retail companies in Europe and the U.S., resembled previous attacks by cybercrime group FIN6

Exposed Data Shows Where Police Departments Fly Their Drones (Vice) Dronesense, which sells a platform for controlling drones to police, left customer data including flight plans exposed.

How Hackers Are Breaking Into Ring Cameras (Vice) After a hacker broke into a Ring camera in Tennessee and spoke to a child, Motherboard found hackers have made dedicated software for gaining access.

Cyber attack hits news stations across Washington and Montana (KULR-TV) A “very sophisticated” cyber attack is impacting our news stations in Washington and Montana. We're thinking outside of the box to continue to deliver local news for you. While things

News stations in 6 Montana towns coping with cyber attack (Montana Standard) News stations owned by Cowles Montana Media were "hit across the board" Sunday night in a cyber attack that continued to block access Wednesday to companywide operating software, their president

Maze Ransomware Behind Pensacola Cyberattack, $1M Ransom Demand (BleepingComputer) The operators behind the Maze Ransomware have claimed responsibility for the cyberattack affecting the City of Pensacola, Florida, but state that they are not affiliated with the recent shooting at NAS Pensacola.

Maze ransomware was behind Pensacola “cyber event,” Florida officials say (Ars Technica) Same ransomware hit security firm; operators stole data for "leverage" on ransom.

Pensacola is among dozens of cities hit by ransomware in 2019. Here's what 5 of them did. (Pensacola News Journal) The City of Pensacola has joined a growing list of state and local governments who have been the target of ransomware.

Ransomware attack teaches value of prevention to East Greenwich... (HOTforSecurity) A ransomware attack on East Greenwich has taught the town’s administrator that the costs of a serious breach far outweigh preventative investments. East Greenwich, an affluent town that serves as the seat of Kent County in the state of Rhode Island, is... #breach #citymanager #governmentinstitution

Warning over Zeppelin ransomware targeting healthcare and tech firms across Europe and US (Computing) Analysis of Zeppelin's code suggests that it was first compiled last month

Fraudsters almost swindled the Royal Canadian Mint with payroll 'spoofing' scam (CBC) The Royal Canadian Mint fell for what’s known as a spear phishing scam and almost forked a former employee’s pay cheque over to a malicious actor. The details of the breach were included in a recently obtained access to information request.

BMW fought off cyber attack by APT32 aimed at stealing trade secrets (Teiss) APT32 carried out cyber attacks against global automotive giants BMW with the backing of the Vietnamese government, German news agency BR have revealed.

Cybersecurity incident at metro Atlanta's 4th-largest private company disrupts manufacturing, shipping (Atlanta Business Journal) Carrollton-based Southwire Co. LLC is still investigating the incident. It began bringing critical systems back online Tuesday.

Potential data breach of unknown number of Alectra customers through Hamilton water bills (CBC) Hamilton is scrambling to get more information on a potential data breach that revealed customers' names, addresses and roll numbers for their water bills.

How Hackers Get Our CVV Numbers (Avast) Learn how to protect that code on the back of your credit card and other financial information in the busiest buying-season of the year.

How Hackers Are Breaking Into Ring Cameras (Vice) After a hacker broke into a Ring camera in Tennessee and spoke to a child, Motherboard found hackers have made dedicated software for gaining access.

Hundreds of Counterfeit Sneaker Sites Hacked to Steal Credit Cards (BleepingComputer) As the craze for the latest Off-White, Nike, and Adidas sneakers heats up, sites selling counterfeit kicks have popped up to capitalize on sneakerheads searching for the best deal. To make a bad deal even worse, hackers are now targeting these sites to install malicious Magecart scripts that also steal your credit card information.

She installed a Ring camera in her children’s room for ‘peace of mind.’ A hacker accessed it and harassed her 8-year-old daughter. (Washington Post) The faceless voice shouted the n-word at the girl and tried to get her to repeat it, and later told her that he was Santa Claus.

Amazon sells children's smartwatches that are so easy to hack strangers could track and talk to kids, security researchers say (Business Insider) These smartwatches are used by parents who want to track and talk to their kids, but they're so insecure that almost anyone can do the same.

Security Patches, Mitigations, and Software Updates

You had one job, Cupertino: Apple's Intelligent Tracking Protection actually gets tracking protection (Register) Gap in browser privacy tech embarrassingly detected by Google

December Patch Tuesday blunts WizardOpium attack chain (Naked Security) December 2019’s Patch Tuesday updates are out, including a fix for the Windows flaw used in recently discovered WizardOpium attacks.

Cyber Trends

The State of Ransomware in the US: Report and Statistics 2019 (Emsisoft | Security Blog) In 2019, the U.S. experienced a tsunami of ransomware attacks that impacted at least 948 government, healthcare providers and educational establishments. This report examines the effects, the costs the causes and actions that can be taken to combat the problem.

BIOS Security – The Next Frontier for Endpoint Protection (Dell Technologies) Today’s Threats Upend Traditional Security Measures

The big task for CIOs in 2020: Bringing security and IT operations together (CIO) Bridging the gap between these siloed teams pays off in improved visibility and better security.

ESET releases Australian Cyberawareness Index 2019 results (Security Brief) The survey covered the current state of technology adoption and what users are doing online as well as what they’re doing to protect themselves.

Experian expects deepfake content to create geo-political... (HOTforSecurity) Credit bureau Experian has rolled out the 2020 edition of its annual Data Breach Industry Forecast. The report predicts hackers will increasingly target the political scene and activists using deepfake content and other infamous cyber weapons. A top... #agency #creditbureau #creditreporting

Canadians ‘defeatist’ about security of private data: IBM (Canadian Manufacturing) Only 19% of respondents said they fully trust organizations to keep their personal information secure and not share it without permission

Atlantic Council releases new report: Aviation cybersecurity: Scoping the challenge (Atlantic Council) Report marks the first-ever global stakeholder survey on addressing cybersecurity issues in aviation sector

Marketplace

OPSWAT Acquires Leader in Network Access Control, Impulse, to Bolster Critical Infrastructure Protection Capabilities (Markets Insider) OPSWAT, a leader in critical infrastructure protection, today announced that it has completed ...

Veteran Assistance — WiCyS - Women in Cybersecurity (WiCyS - Women in Cybersecurity) The Veteran Assistance Program’s mission is to facilitate the WiCyS tribe to support our veteran community and grow the cybersecurity workforce by moving more women veterans into cybersecurity.

Chinese software firms to jointly develop new OS (Computing) The move comes as China looks to ban Microsoft Windows and other foreign software and hardware

Is Huawei About To Get Google Back, As P40 Pro Speculation Begins? (Forbes) As 2020 approaches and Huawei prepares its next product launches, will the company see the return of Google to new devices?

SentinelOne Launches SentinelLabs Research Division to Power New Threat Intelligence Platform (BusinessWire) SentinelOne, the autonomous endpoint protection company, today announced the launch of SentinelLabs, a research division designed to identify new atta

Quantemplate Partners with VirtusLab for Flexible Access to International Software Engineering Talent (Street Insider) Company continues international expansion efforts to increase global presence

Palo Alto Networks Stockholders Again Oppose Executive Pay Packages (CRN) Shareholders at Palo Alto Networks have once again taken the rare step of fiercely objecting to the pay packages given to the company’s top five executives in the 2019 fiscal year.

NeuVector Appoints Stephanie Fohn as President and Chief Executive Officer (West) Fohn brings extensive security industry expertise and strong track record of corporate leadership to NeuVector

Abnormal Security Appoints Rami Habal to Chief Product Officer (BusinessWire) Abnormal Security Appoints Former Amazon Alexa and Proofpoint Product Executive Rami Habal to Chief Product Officer

Google hires Homeland Security's former top cybersecurity official (CNET) Jeanette Manfra, who led the DHS' efforts on election security, is expected to start with Google Cloud in January.

TrapX Security Appoints Ori Bach as Chief Executive Officer (Yahoo) TrapX Security, the global leader in cyber deception technology, today announced that it has named Ori Bach as its new Chief Executive Officer. Mr. Bach who previously served as TrapX's Chief Product Officer and EMEA General Manager comes to his new role with more than two decades of senior cybersecurity

CyberX Launches XCELERATE Partner Program to Address Rapidly Growing IoT/ICS Cybersecurity Market (Valdosta Daily Times) CyberX, the IoT and industrial control system (ICS) security company, today announced the launch of its XCELERATE channel partner program to provide partners around the world with the resources they need to secure enterprise IoT/ICS environments and maximize their market share.

Products, Services, and Solutions

General Availability (GA) Announcement - Confluera Autonomous Detectio (PRWeb) Confluera Inc., the real-time cybersecurity company, today announced the General Availability of Confluera 1.0, the industry's first Autonomous Detecti

Ground Labs Delivers Powerful Updates to Flagship Solution for Sensitive Data Discovery (BusinessWire) Ground Labs, the global expert in sensitive data discovery, today announced a series of key updates to the latest version of its flagship solution, En

One Identity Extends Active Directory-Centered Provisioning and Deprovisioning to Several Cloud-Based Applications, including Salesforce, Google, ServiceNow and Workday (West) One Identity Active Roles 7.4 adds functionality to extend account administration beyond Active Directory (AD) and Azure Active Directory (AAD)

Bitdefender Integrates MSP Security Suite With Datto RMM (PR Newswire) Bitdefender, a global cybersecurity leader protecting over 500 million systems in 150 countries, today announced the integration of...

Siemplify Raises the Bar for Enterprise Readiness with Latest Security Operations Platform Release - Siemplify (Siemplify) Siemplify, the leading independent provider of security orchestration, automation and response (SOAR), today...

Netsurion Simplifies Cybersecurity Management for MSPs with IT Glue Integration (West) A single point of truth saves users precious time with one easy-to-use console

DOSarrest Adds AI to Their Ddos Protection for Infrastructure Service (PR Newswire) DOSarrest rolls out new advanced mitigation capabilities for their cloud based DDoS protection for infrastructure platform known as "Data...

Financial Services Firm Cutter, LLC Chooses ControlScan for Managed Security Threat Detection and Response (Yahoo) Cybersecurity risk reduction a prime motivator for Cutter, which holds multiple portfolios of small and mid-sized merchants.

Lastline Unveils Defender 9.0 to Enhance Public Cloud Workload Security (PR Newswire) Lastline®, the leader in AI-powered network detection and response, today announced the release of Lastline Defender 9.0 to secure public cloud...

Clario To Disrupt Digital Security Market With Fusion Of Personalized Features And Human Intelligence (Security Boulevard) See a Preview at CES Booth #12055 LONDON, Dec. 10, 2019 -- Clario Tech Ltd (https://clario.co/), a newly formed digital privacy and security company,

Safe-T Signs Partner Agreement with a Fortune 500 Affiliate for the Resale of its SDP Solution (AP NEWS) Press release content from Globe Newswire. The AP news staff was not involved in its creation.

Hyperproof, The First Compliance Operations Software-As-A-Service, Launches For Businesses (NBC Right Now ) Hyperproof, a trailblazer in cloud compliance software, today announced the availability of the first-ever compliance operations SaaS, designed to function as the system

NEC and Cybereason Sign Agreement to Provide Advanced Cybersecurity Solutions to Brazilian Market (Benzinga) "Cybereason is excited to partner with NEC, a globally trusted brand with a highly qualified expert team. The digital transformation era is expanding the attack surface and the...

GrammaTech Expands SAST Reach with new version of CodeSonar (Yahoo) GrammaTech, a leading provider of software assurance tools and cybersecurity solutions, today announces immediate availability of CodeSonar® 5.2. The features in this latest version of CodeSonar® provide software development organizations the capability to use a single tool to perform Static Application

Secure Technology Alliance Announces New TWIC Security Training and Certification Program (West) The Secure Technology Alliance announced today a new training and certification program for professionals responsible for implementing Transportation Worker Identification Credential (TWIC) security in the U.S.

Technologies, Techniques, and Standards

How the West struggled to combat digital foreign interference (POLITICO) As Britain heads to the polls, countries across Europe and North America are struggling to keep up with evolving tactics to manipulate voters.

Top three security tips for 2020 from the experts (Computing) 'Secure inbound email' advise the experts. Computing speaks to luminaries from end user and vendor organisations, and learns that it's not about 'patch management'

Design and Innovation

Cisco slips on a Tolkien ring: One chip design to rule them all, one design to find them. One design to bring them all... (Register) And in the darkness bind them – to next year's IT budgets

Twitter proposes open social network standard (ZDNet) Twitter CEO Jack Dorsey wants to replace Twitter's existing social networking platform with one based on an open, decentralized standard.

Signal Tests Upgraded Cryptography for Groups Function (Threatpost) Signal, the encrypted messaging platform, is planning to launch an upgraded secure group messaging and communities function. Signal’s groups are private, meaning that the service itself doesn’t keep a record of a user’s group memberships, group titles, group avatars or group attributes. But the way the privacy controls have been implemented have raised a few

Special Operations Command Made a Mind-Reading Kit For Elite Troops (Defense One) The experimental tool is among several that aim to combine sensors and AI to give U.S. operators a new edge.

Legislation, Policy and Regulation

Wassenaar targets cyber-warfare systems, communications surveillance with new rules (Jane's 360) Military-grade offensive cyber-warfare technologies given increased controls through addition to military list. Addition of offensive cyber-warfare technologies comes after significant concerns raised by private sector over impact on vulnerability assessments.

China Wants Your Personal Information, Trump's National Security Adviser Warns (WAMU) If some U.S. allies allow Chinese company Huawei into their 5G telecommunications networks, Robert O'Brien says China's communist government would have access to sensitive personal data.

The Pegasus fiasco: Privacy in peril (Frontline) The targeted snooping of WhatsApp accounts in India by malicious software raises concerns about privacy, data protection and citizens’ rights.

Britain’s antiquated election system can’t cope with social media’s many challenges (The Telegraph) Deep fakes, doctored videos and a string of other emerging technologies are taking the art of political misinformation in new and dangerous directions – the need for remedial action has never been greater.

Trump meets Russia’s top diplomat amid scrap over election interference (Washington Post) Secretary of State Mike Pompeo and Russian Foreign Minister Sergei Lavrov clashed during a news conference at the State Department before a White House meeting.

GOP senator blocks bill aimed at preventing Russia election meddling (TheHill) Sen. Mike Crapo (R-Idaho) on Tuesday blocked an attempt by Democrats to pass legislation meant to prevent Russia and other countries from interfering in elections.

Advisory group looks to redesign federal cyber response (FCW) The National Infrastructure Advisory Council wants new agencies to tackle 'existential' cyber threats.

Infrastructure Council Warns Trump That Chance to Thwart a Cyber 9/11 ‘Is Closing Quickly’Department of Defense Contracts for Dec. 10, 2019Report: Email Remains a Weak Link in U.S. Election Infrastructure (HS Today) The president’s National Infrastructure Advisory Council warned Donald Trump in a draft report this week that cyber threats need to be confronted with dire urgency, considering the grave risks posed to society’s most critical sectors from bad actors including Russia, China and Iran and the inability of private industry to fend off sophisticated attacks on their own

{Draft NAIC report on cyber risk] (NAIC) On September 5, 2019, the National Security Council tasked the President’s National Infrastructure Advisory Council (NIAC) to examine how the federal government and private industry can collaborate seamlessly to confront urgent cyber risks in the most critical and highly targeted private infrastructure.

Senators Don't Get Encryption (Fortune) U.S. lawmakers threatened tech companies like Facebook and Apple with anti-encryption regulation at a Senate Judiciary Committee hearing, ignoring the complexity of the issue.

Open Rights Group criticises government for demanding weaker encryption (Computing) The ORG believes such back-doors would endanger the security of internet users around the world,

Facebook turns down Attorney General's request for access to its messaging products (Computing) That would be a gift to hackers, criminals and repressive regimes, Facebook believes.

Senator Wyden Asks Avast Antivirus Why it Sells Users' Browsing Data (Vice) Wyden’s questions come after Mozilla removed Avast's and AVG’s extensions for harvesting user data.

CISA subpoena bill set to land (FCW) The legislation will make a number of changes from a proposal submitted by DHS, narrowing the scope of the authorities to critical infrastructure IT and only for cybersecurity purposes.

How Congress wants to help sync military cyber (Fifth Domain) New positions detailed in the annual National Defense Authorization Act will exist both with the Pentagon staff and at the services.

What the Defense Department’s Cyber Certification Will Mean for Small Businesses (Nextgov.com) The Pentagon lead for the Cybersecurity Maturity Model Certification program argued the move will be good for small contractors. And for those that don’t want to comply: Good riddance.

Republicans Condemn FBI’s Use of Surveillance Powers They Long Supported (Wall Street Journal) Republican senators expressed outrage Wednesday that the Federal Bureau of Investigation had committed errors in how it sought and obtained surveillance on a former Trump campaign adviser, a sharp pivot for several lawmakers.

House advances transportation security bill - Homeland Preparedness News (Homeland Preparedness News) The U.S. House of Representatives advanced Monday the Emerging Transportation Security Threats Act of 2019 (H.R. 3318). The bill, introduced by U.S. Rep. John Joyce (R-PA), creates a task force to analyze emerging threats to transportation security. It also requires …

Litigation, Investigation, and Enforcement

Leak of UK trade papers was well-planned, professional operation: sources (Reuters) Whoever leaked UK-U.S. trade papers online ahead of Britain's general elect...

Multistate voter database suspended in lawsuit settlement (Washington Post) A civil rights group says a database that checks whether voters are registered in multiple states has been suspended until security safeguards are put in place as part of a settlement of a federal lawsuit

Attorney general sharpens attacks on FBI’s Russia probe, dismaying some in his own department (Washington Post) In interviews Tuesday, William P. Barr said there had been “gross abuses” at the FBI.

ACLU sues Homeland Security agencies over phone spying practices (CNET) The suit calls on two border-control and immigration agencies to reveal how they use a controversial gadget that poses as a cell tower to suck up data.

Google Hands Feds 1,500 Phone Locations In Unprecedented ‘Geofence’ Search (Forbes) Feds tell Google to search four areas for suspected arsonists' phones. Google gives it 1,500 device IDs.

Apple Used the DMCA to Take Down a Tweet Containing an iPhone Encryption Key (Vice) Apple asked Twitter to take down a viral tweet posted by an independent iPhone security researcher. Then, the company backtracked and asked for the tweet to be re-posted.

Internal FAA Review Saw High Risk of 737 MAX Crashes (Wall Street Journal) U.S. regulators decided to allow Boeing’s 737 MAX jet to keep flying after its first fatal crash last fall even after their own analysis indicated it could become one of the most accident-prone airliners in decades without design changes.

FSB hijacks IRGC cyberattack kit. Pensacola ransomware identified. Krampus punishes iPhone users. Crypto Wars. TrickBot spam.

Bring your own context.