The CyberWire Daily Briefing, 12.13.19

Cyber Attacks, Threats, and Vulnerabilities

Cybersecurity: This password-stealing hacking campaign is targeting governments around the world (ZDNet) Researchers uncover a phishing campaign attempting to steal login credentials from government departments across North America, Europe and Asia - and nobody knows who is behind it

Over 100 Fake Sites Spotted in Government Phishing Campaign (Infosecurity Magazine) Over 100 Fake Sites Spotted in Government Phishing Campaign. Anomali claims phishers are targeting contractors and suppliers

Anomali Threat Research Team Identifies Widespread Credential Theft Campaign Aimed at U.S. and International Government Agency Procurement Services (Anomali) Hidden Adversary Ran Short Term Campaign

Mystery Russian Telegram Hacks Intercept Secret Codes To Spy On Messages (Forbes) More than a dozen Telegram accounts of Russian entrepreneurs have been hacked, but there's something even more sinister than run-of-the-mill snooping going on, according to researchers.

Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry (Trend Micro) We break down the digital attacks against the oil and gas industry and its supply chain.

Ever wonder how hackers could possibly pwn power plants? Here are 54 Siemens bugs that could explain things (Register) Arbitrary code execution in a controller, what could go wrong?

A look at the recent BuleHero botnet payload (Zscaler) Increase in adoption of lateral propagation modules in malware, deep insight into BuleHero botnet, lateral movement, Gh0st RAT, XMRig Miner

New Echobot Variant Exploits 77 Remote Code Execution Flaws (BleepingComputer) The Echobot botnet is still after the low hanging fruit as a new variant has been spotted with an increased number of exploits that target unpatched devices, IoT for the most part.

Michigan family says hacker was talking to them through security system in their home (WWMT) Some people put security cameras outside and inside their homes to protect themselves, but if you're not careful, tech experts said those cameras can actually give hackers an inside look. Multiple families across the country including one in Freeland, Michigan, have reported their security cameras inside their home were hacked. These families said the hackers are speaking to them through the security cameras. Some people put security cameras outside and inside their homes to protect themselves.

Inside the Podcast that Hacks Ring Camera Owners Live on Air (Vice) In the NulledCast hackers livestream the harassment of Ring camera owners after accessing their devices. Hundreds of people can listen.

Why Ring Doorbells Perfectly Exemplify the IoT Security Crisis (Wired) A new wave of reports about the home surveillance cameras getting hijacked by creeps is painfully familiar.

VISA Warns of Ongoing Cyber Attacks on Gas Pump PoS Systems (BleepingComputer) The point-of-sale (POS) systems of North American fuel dispenser merchants are under an increased and ongoing threat of being targeted by an attack coordinated by cybercrime groups according to a security alert published by VISA.

Philips IntelliBridge EC40/80 (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: IntelliBridge EC40 and EC80 Vulnerability: Inadequate Encryption Strength 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSMA-19-318-01 Philips IntelliBridge EC40/80 that was published November 14, 2019, on the ICS webpage on us-cert.gov.

Omron PLC CJ, CS and NJ Series (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Omron Equipment: PLC CJ, CS and NJ Series Vulnerability: Improper Restriction of Excessive Authentication Attempts 2.

Omron PLC CJ and CS Series (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Omron Equipment: PLC CJ and CS Series Vulnerabilities: Authentication Bypass by Spoofing, Authentication Bypass by Capture-replay, Unrestricted Externally Accessible Lock 2.

Advantech DiagAnywhere Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: DiagAnywhere Server Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution.

PLC Cycle Time Influences (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendors: ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO Equipment: Programmable Logic Controllers Vulnerability: Uncontrolled Resource Consumption 2.

Apple's new iPhone software is supposed to limit who your kid talks to, but a bug lets them get around it (CNBC) Apple's new iOS 13.3 software is supposed to have new parental controls, called "Communication Limits," that let you limit who your children can text, FaceTime or call. But a bug lets them call, FaceTime and text with anyone.

Maze Ransomware Behind Pensacola Attack, Data Breach Looms (Threatpost) Maze exfiltrates data as well as locks down systems. Officials said they don't know yet whether any residents' personal information has been breached.

City Of Pensacola Continues To Recover From Ransomware Cyber Attack : NorthEscambia.com (NorthEscambia.com) Local online newspaper for North Escambia County Florida, Pensacola, Walnut Hill, Bratt, McDavid, Molino, Century, Cantonment, Atmore, Flomaton, News

Maze Ransomware Demands $6 Million Ransom From Southwire (BleepingComputer) Maze Ransomware operators claim responsibility for another cyber attack, this time against leading wire and cable manufacturer Southwire Company, LLC (Southwire) from Carrollton, Georgia.

Ransomware: Cybercriminals are adding a new twist to their demands (ZDNet) Pay the ransom or we'll leak your data is the latest trend, warns cybersecurity company.

Louisiana Hit With Another Ryuk Ransomware Attack (CPO Magazine) Following the Ryuk ransomware attack on four school districts in July, Louisiana is again hit with another attack which impacts the state’s Office of Technology Services.

Spammers force Keybase to stop Stellar Space Drop cryptocurrency handouts (ZDNet) A rush of new fake accounts has forced Keybase to rethink its free Lumen drops.

The dark side of biometric authentication: Hackers using malware to steal fingerprints & sensitive data (The Economic Times) Biometric data has eased the burden of remembering passwords, but is it truly safe?

Security Patches, Mitigations, and Software Updates

Microsoft Security Essentials to Die with Windows 7 in January (HOTforSecurity) Microsoft says it doesn’t plan to provide security updates for the Microsoft Security Essentials component integrated into Windows 7 after the operating system reaches its end of life in a little over five weeks. The life of Windows 7 is set to...

Microsoft Fixes Windows Bug Under Active Attack (Decipher) Microsoft patched CVE-2019-1458 in Windows, a privilege escalation bug that is being used in active attacks.

Cyber Trends

Protecting People - Cybersecurity Threat Report (Proofpoint US) Read the Protecting People report from Proofpoint. Learn about today's cyber attacks, the most vulnerable industries and employees, and steps to help you build a defense.

DevOps Enterprise Summit Survey: DevOps Environments Still Prone to Certificate-Related Outages (Venafi) At the DevOps Enterprise Summit, 55% of respondents stated that their organization experienced a certificate-related outage in the past 12 months. That’s 55% too many. Read more.

WatchGuard: Equifax breach vulnerability surfaces as top network attack (TechCentral.ie) Network attacks and malware both increased in Q3 2019, according to WatchGuard Technologies Internet Security Report.

Global New Account Fraud Increased 28% in 2019, According to Jumio Holiday Fraud Report (BusinessWire) New data from Jumio, the leading AI-powered trusted identity as a service provider, reveals that new account fraud increased 27.8% worldwide YTD in 20

Consumers not willing to compromise when it comes to IoT security (Help Net Security) Nearly three quarters of consumers expect manufacturers of connected IoT devices to protect their devices from hacks, according to Karamba Security.

42 More Cybersecurity Predictions For 2020 (Forbes) From disrupting elections to targeted ransomware to privacy regulations to deepfakes and malevolent AI, here are additional 42 predictions from senior cybersecurity executives

Marketplace

Why the election result gives UK tech sector a silver lining in the Brexit cloud (The Telegraph) In a general election in which parties delivered their political messaging with memes and spent an unprecedented amount on digital ads, technology has unquestionably been front and centre of a bitterly-fought contest that looks set to see the Conservatives emerge victorious.

Offering software for snooping to governments is a booming business (The Economist) A flurry of lawsuits has drawn attention to a growing part of the cyber-security industry

Fortinet acquires security automation provider CyberSponse (ZDNet) CyberSponse is known for its Security Orchestration, Automation and Response (SOAR) platform.

Deloitte obtains blockchain services firm in Southeast Asia (International Comparative Legal Guides International Business Reports) Big Four professional services firm Deloitte Touche Tohmatsu Limited (Deloitte) has announced that the founders and employees of Singapore-based digital consultancy firm Practical Smarts have joined its risk advisory practice in Southeast Asia, forming part of the Deloitte Asia Pacific Blockchain Lab (the Lab).

Dallas-based mobile security company working to go public (Dallas Business Journal) The CEO of the mobile security company discusses aims for a public offering, billions in revenue and North Texas' venture capital ecosystem.

China’s Huawei may need two to three years to recover from U.S. trade ban, CEO says (Washington Post) In an interview at Huawei headquarters in southern China, Ren Zhengfei said the U.S. ban has had a “pretty big impact” on the company, forcing it to scramble to redesign products to try to eliminate U.S. parts.

Mimecast UK channel boss on 'luring' Symantec customers (ChannelWeb) Tom Corrigan opens up about battling the political and economic events affecting the email security vendor's UK growth

Facebook Won’t Change Web Tracking in Response to California Privacy Law (Wall Street Journal) Facebook maintains that it doesn’t need to make changes to its web-tracking services in order to comply with California’s new privacy law, setting up a potential early clash over the measure set to take effect Jan. 1.

Facebook Pledges $130 Million to Fund Content Oversight Board as It Hits Delays (Variety) Facebook announced an initial commitment of $130 million to launch its new Oversight Board, which is designed as a way for users to appeal the social giant’s content decisions, but the entity…

Bugs, bounties, and cherry browns (GitLab) Cheers, our bug bounty program is celebrating one year!

GDIT Wins Army IT, Cyber Support Contract (WashingtonExec) General Dynamics Information Technology has won an estimated $118 million contract to support the critical information network that is key to Army

Cyber Work podcast write-up: How to become a cybersecurity analyst (Infosec Resources) Introduction This article will explore some interesting details from an episode of Infosec’s information security career podcast, Cyber Work. This

Fidelis Cybersecurity Appoints Former NSA CISO as the Company's Chief Information Security Officer (IT Business Net) Cybersecurity expert Chris Kubic joins Fidelis to provide customers with cybersecurity best practices, assist with product strategy and lead internal security

Products, Services, and Solutions

Lastline Unveils Defender 9.0 to Enhance Public Cloud Workload Security (PR Newswire) Lastline®, the leader in AI-powered network detection and response, today announced the release of Lastline Defender 9.0 to secure public cloud...

DigiCert Launches CT Log Monitoring, Now Available in Secure Site Pro (PR Newswire) DigiCert, Inc., the world's leading provider of TLS/SSL, IoT and PKI solutions, today released a new CT log monitoring service for advanced...

Netskope Partners with Dell to Help Customers Reimagine Their Security Perimeter (Netskope) Today’s modern workforce is constantly on the move and employees consume thousands of web and cloud services via mobile and personal devices; both inside and outside the office. The rapid expansion of mobile devices means that users, applications, devices, and data exist outside of traditional perimeters more often than inside. As a result, the business …

FireEye rolls out threat intelligence platform for industrial systems (Security Brief) Now industrial control systems (ICS), operational technology (OT), internet of things devices, and other equipment used to manage interconnected physical processes, can be secured from cyber threats.

Bitdefender Integrates MSP Security Suite With Datto RMM (PR Newswire) Bitdefender, a global cybersecurity leader protecting over 500 million systems in 150 countries, today announced the integration of...

Land Securely on Regulatory Compliance with Thales Luna HSMs (Data Security Blog | Thales eSecurity) Security best practices for encryption key storage, management and protection is critical to protecting valuable data wherever it is located,...

ForgeRock partners Accenture for AI-powered identity governance (Digital Journal) ForgeRock announced new artificial intelligence powered governance capabilities to help simplify and speed deployment and management. These solutions are designed to solve critical issues connected with data governance.

Technologies, Techniques, and Standards

Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance (Electronic Frontier Foundation) It's time to shed light on the technical methods and business practices behind third-party tracking. For journalists, policy makers, and concerned consumers, this paper will demystify the fundamentals of third-party tracking, explain the scope of the problem, and suggest ways for users and legislation to fight back against the status quo.

Are penetration testing tools infosecurity's Jekyll and Hyde? (SC Magazine) The first time you got your hands on powerful penetration testing tools, you must have thought 'just think what I could do with this'. And that's just what the criminals think too - and then they do it.

3 Reasons Organizations Need an Email Policy and How to Build a Good One (Benzinga) A well-crafted email policy helps businesses tap into the benefits of email while mitigating the risks—in a new article from Messaging Architects...

Lessons from the NSA: Know Your Assets (Dark Reading) Chris Kubic worked at the National Security Agency for the past 32 years, finishing his tenure as CISO. He talks about lessons learned during his time there and what they mean for the private sector.

Design and Innovation

Hey @Jack Dorsey, decentralizing Twitter won’t solve hate speech problems (Digital Trends) Twitter CEO Jack Dorsey floated a compelling possibility on Wednesday: He wants to put together a team to explore decentralizing Twitter.

Facebook asks users for help in spotting deepfakes (Computing) The winner of Facebook's challenge will take home a $500,000 prize

AI expert calls for end to UK use of ‘racially biased’ algorithms (the Guardian) Prof Noel Sharkey says systems so infected with biases they cannot be trusted

Air Force to Decide Which Satellite to Offer for Test at Defcon Hacker Conference (Avionics) The United States Air Force plans to choose on Dec. 13 which satellite it will offer to a service-selected group of hackers to try to infiltrate at next August’s Defcon 2020 conference in Las Vegas, an Air Force official said on Dec. 11. Indeed, hackers are to be part of Air Force efforts to undertake …

How hackers breached an Air Force system (Fifth Domain) A top official wasn't surprised that ethical hackers, invited to crack actual operational systems, managed to get in. But he was surprised how.

Research and Development

GE Research Developing AI to Allow Safe Operation of Critical Energy Infrastructure through a Cyber-Attack (GE) GE researchers partnering with Intel, Florida State University and Baker Hughes on $5.2 M program with the US Department of Energy to develop new cyber protection capabilities

Academia

Young Women Invited to Tackle Statewide Cybersecurity Challenge (Maui Now) Hawai’i’s young women are encouraged to explore computer science by entering this year’s Girls Go Cyberstart program.

Legislation, Policy and Regulation

Conservatives win election: Tech industry reacts (Computing) Boris Johnson's party wins by a landslide, but what does the UK's IT industry make of the result?

Johnson: I will repay the trust of voters (BBC News) The PM meets the Queen to ask to form a new government, following the Conservatives' election victory.

Who will be the next UK Labour leader? (Quartz) Following a devastating loss, party members face a difficult decision in the weeks to come.

Senior China diplomat says U.S. seriously damaged hard-won mutual trust (Reuters) Senior Chinese diplomat Wang Yi said on Friday that the United States had seriou...

The race to secure 5G networks: Another Sputnik moment for the United States? (Atlantic Council) We admit that we have been slow to react to the emegence of 5G technology, but the battle is now joined. The bad news: we are behind.

Electrical Grid Cybersecurity Measure Advances (GovInfo Security) A proposal that won U.S. House approval Wednesday calls for crafting a strategy for securing the nation’s electrical grid. It also would create a two-year pilot

Senate bill would give DHS cyber agency subpoena powers (TheHill) Two senators unveiled bipartisan legislation on Thursday that would give the Department of Homeland Security’s (DHS) cyber agency the ability to subpoena internet service providers to increase transparency about cyber vulnerabilities.

New bill gives this Homeland Security agency authority to get ISP info (Fifth Domain) Senators, however, say the authorities are

Defense bill limits commerce secretary's ability to remove Huawei from Entity List (Inside Defense) The fiscal year 2020 defense authorization conference bill includes language requiring congressional notification before the commerce secretary can remove Huawei from the "Entity List" restricting sales of U.S. components to the Chinese telecom, a procedural hurdle added to the bill amid congressional concerns over the Trump administration's commitment to maintaining a hard line on the cyber threat from China.

Congress catches up on security clearance modernization efforts in NDAA (Federal News Network) Agencies have a specific goal now from Congress to move security clearance holders from periodic reinvestigations to continuous vetting programs. The goal is just one of several provisions aimed at…

The Defense Department Says It Needs the Encryption the FBI Wants to Break (Vice) A bipartisan coalition of lawmakers this week worked overtime to vilify encryption, oblivious to the fact that weakening encryption standards will put the public, and the internet, at risk.

Defense Department To Congress: 'No, Wait, Encryption Is Actually Good; Don't Break It' (Techdirt.) As Senate Judiciary Committee Chair Lindsey Graham has continued his latest quest to undermine encryption with a hearing whose sole purpose seemed to be to misleadingly argue that encryption represents a "risk to public safety." The Defense...

Navy Officials Break Ground for New Cyber Warfare Engineering Laboratory (Naval Sea Systems Command) Navy officials, including Naval Surface Warfare Center Dahlgren Division (NSWCDD) leadership, broke ground for a new Cyber Warfare Engineering Laboratory, Dec. 12.

No new foreign military students allowed in the US until better checks, says DoD spokesman (Military Times) No new international military students will come to the United States for training until new screening procedures are in place, the Pentagon said Thursday in the wake of the deadly shooting last week by a Saudi Arabian aviation trainee at a Florida Navy base.

When should the Pentagon update its rules on autonomous weapons? (C4ISRNET) A prominent group of national security thinkers is questioning if the Pentagon’s policy on developing autonomous weapons needs to be updated to more accurately reflects current technology and the greater role artificial intelligence is expected to play in future conflicts.

Litigation, Investigation, and Enforcement

Russian police raid NGINX Moscow office (ZDNet) Russian search engine Rambler.ru claims full ownership of NGINX code.

WSJ News Exclusive | FTC Weighs Seeking Injunction Against Facebook Over How Its Apps Interact (Wall Street Journal) Federal officials are considering seeking a preliminary injunction against Facebook over antitrust concerns related to how its products interact, according to people familiar with the matter.

Apple requested DMCA removal of iPhone security tweet (Cult of Mac) Apple recently filed a DMCA takedown request relating to information posted by an iPhone security researcher. Then changed its mind.

National Security Agency inspector general says some data not being deleted quickly enough (WGNO) The National Security Agency hasn't been deleting some of the material it collects as often as it should, according to an unclassified report summary from the agency's inspector general.

Pai on Huawei Suit: FCC Got Decision Right (Multichannel) Chinese telecom is suing over USF ban

Glenn Greenwald asks Washington Post national security reporter to admit he was wrong about FISA warrant (HotAir) "the contempt in which the media is held, as dangerous as that is, is fully deserved..."

The FBI didn't commit 'errors and omissions.' It abused its power (Washington Examiner) The FBI sought a warrant to wiretap a U.S. citizen and, in effect, a U.S. presidential campaign, based on a shoddy Democrat-funded pile of conspiracy theories known as the Steele dossier. The dossier's allegations against then-candidate Donald Trump were based on "multiple layers of hearsay upon…

Analysis | The Cybersecurity 202: Lawsuit seeks to force Pennsylvania to scrap these electronic voting machines over hacking fears (Washington Post) They already went haywire and called the wrong winner in one off-year vote.

Objector slams Equifax settlement as 'stiff the victims' deal (Atlanta Business Journal) The objection, received Dec. 5 by the U.S. District Court for the Northern District of Georgia, was filed by Christopher Andrews on his behalf and on behalf of all 147.9 million class members.

Someone's phishing for government credentials. Telegram compromises. BuleHero pivots. Crypto Wars. NSA IG reports.

Bring your own context.