The CyberWire Daily Briefing, 12.16.19

Cyber Attacks, Threats, and Vulnerabilities

Iran 'foils second cyber-attack in a week' (BBC News) The hack targeted government computer systems, the country's telecommunications minister says.

Iran investigating third cyberattack in a week (The Jerusalem Post) The attack was repelled by the Islamic Republic's security shield, known as Dezhfa, as two other cyberattacks were reported last week.

Keyfactor Researchers Identify RSA Certificate Vulnerability, Successfully Break Nearly 250,000 Distinct RSA Keys (Yahoo) Keyfactor, the leader in securing digital identities, today announced research findings identifying a vulnerability across active RSA certificates. RSA certificates and the RSA algorithm are commonly used to securely transmit data to a remote source. Using minimal computing resources, researchers were

F-Secure Finds Major Vulnerabilities in Popular Wireless Presentation System (Yahoo) Consultants with cyber security provider F-Secure have discovered several exploitable vulnerabilities in a popular wireless presentation system. Attackers can use the flaws to intercept and manipulate information during presentations, steal passwords and other confidential information, and install backdoors

Ryuk Ransomware Likely Behind New Orleans Cyberattack (BleepingComputer) Based on files uploaded to the VirusTotal scanning service, the ransomware attack on the City of New Orleans was likely done by the Ryuk Ransomware threat actors.

NOLA officials label Friday's cyberattack as 'minimal' (WBRZ) Officials say no data was held for ransom and a recovery operation is getting underway in New Orleans after a Friday morning cyberattack prompted a shutdown of city government computers.

New Orleans mayor declares state of emergency in wake of city cyberattack (CNN) Suspicious activity was detected at 5 a.m. and an investigation revealed it was a cyberattack at 11 a.m.

Security expert: city's quick response to cyber attack may have been 'perfect' (WWLTV) "The City of New Orleans is under a cyber attack. Please power off your computers and unplug them immediately."

City Hall set to open Monday following cyber attack (WDSU) New Orleans officials say City Hall will open on Monday, but courts will remain closed.

New Orleans shuts off computers after cyberattack, following two big incidents in Louisiana this year (CNBC) After a series of widespread cyberattacks in Louisiana, which led to two statewide emergency declarations this year, New Orleans was hit on Friday.

New Orleans hit by ransomware, city employees told to turn off computers | ZDNet (ZDNet) After Atlanta and Baltimore, another major US city grapples with a ransomware attack.

Three Louisiana sheriff's offices targeted in weekend cyberattack (WBRZ) Louisiana officials say three sheriff's offices in Rapides, Washington and Orleans parishes were targeted by hackers in a suspected weekend cyberattack.

Largest hospital system in NJ forced to pay ransom in cyber attack (New Jersey 101.5) New Jersey’s largest hospital system said that a ransomware attack last week disrupted its computer network and that it paid a ransom to stop it.

Ransomware Took Out New Jersey Hospital Heath Network for Five Days (The Daily Beast) Hackensack Meridian Health would not say how much it paid the hackers to regain control of their system.

Inside ‘Evil Corp,’ a $100M Cybercrime Menace (KrebsOnSecurity) The U.S. Justice Department this month offered a $5 million bounty for information leading to the arrest and conviction of a Russian man indicted for allegedly orchestrating a vast, international cybercrime network that called itself “Evil Corp” and stole roughly $100 million from businesses and consumers.

Click Here to Kill (Harper's magazine) The dark world of online murder markets

Shaw informs customers of data breach six months after incident (Calgary Herald) Some Shaw customers received letters in the mail this week saying some of their customer information was breached six months ago, Postmedia has learned.The breach happened on June 22, 2019, when a …

Thief Stole Payroll Data for Thousands of Facebook Employees (Bloomberg) Some 29,000 current, former employees impacted by theft. Unencrypted hard drives were stolen from payroll worker’s car.

Microsoft and Intel: Replace your four-year-old PC or laptop (News | The CEO Magazine) Research by Techaisle for Microsoft and Intel claims that the cost of a PC four years or older is A$5,012 and the device is not equipped to withstand the cybersecurity issues now the norm in the business world

Security Patches, Mitigations, and Software Updates

Intel Fixes Dangerous Plundervolt Vulnerability (HOTforSecurity) Intel has quickly released a fix for the new and already infamous Plundervolt vulnerability found in Intel 6th, 7th, 8th, 9th, and 10th generation processors, alongside Xeon Processor E3 v5 and v6, and Xeon Processor E-2100 and E-2200. Security researchers... #ilnerability #intel #Plundervolt

Npm patches two serious bugs (Naked Security) JavaScript package users have been warned to update due to a bug that could enable an attacker to infect them with malicious applications.

Cyber Trends

The United States Made Information Free and Foreign Manipulation Possible (Foreign Affairs) How unrestricted broadcasting set the stage for a misinformation overload.

Bitglass 2019 Financial Breach Report: More than 60% of All Leaked Records in Past Year Exposed by Financial Services Firms (BusinessWire) Bitglass, the Next-Gen Cloud Security company, today released its 2019 Financial Breach Report: The Financial Matrix. Each Year, Bitglass analyzes the

2019 Fraud risk report (NuData Security) Billions of exposed user records are fueling mass-scale attacks daily, from the simplest automation-based to the most sophisticated fraud that emulates human behavior.

DDoS Threats Report 2019 Q3 (Nexusguard) While the ongoing implementation of DNSSEC continued to drive the growth of DNS Amplification attacks in the quarter, the sharp rise in TCP SYN Flood attacks is also worthy of considerable attention.

Marketplace

Imply Raises $30mm at a $350mm Valuation in Growth Round to Fuel Development of Its Cloud-native, Real-time Analytics Solution (BusinessWire) Imply, the real-time analytics company, announced today that it has raised $30 million in funding led by Andreessen Horowitz’s Late Stage Venture Fund

Accenture to Acquire Clarity Insights (Citybizlist) Accenture (NYSE: ACN) has announced that it has entered into an agreement to acquire Clarity Insights, a U.S.-based data consultancy

Apax to acquire Coalfire from Carlyle and Chertoff (PE Hub) Apax Partners has agreed to acquire Coalfire from The Carlyle Group and The Chertoff Group.

China's AI Unicorns Can Spot Faces. Now They Need New Tricks (Wired) Companies such as Megvii thrived on government contracts for facial recognition, but they face challenges from US sanctions to cheaper tech.

Huawei Loses Out As Trump And China Agree New ‘Phase One’ Trade Deal (Forbes) Huawei had been hoping a U.S. trade deal with China would provide a resolution to its ongoing blacklisting. But that hasn't happened—at least not yet.

Telenor says Huawei will still play role in 5G rollout (Reuters) Telenor reiterated on Sunday Huawei would be involved in building Norway's ...

Chinese tech firm Huawei's bullying attitude fails to win over hearts and minds (Hong Kong Free Press) A French academic, Valerie Niquet, a senior research fellow at the Foundation for Strategic Research, is being sued by Huawei France. The Chinese telecom giant has accused Niquet of libel, and, as @HuaweiFactsFR explained in a tweet on November 23 (in French): “In March 2019, #Huawei has filed three lawsuits for libel against a private individual. …

How Britain became dependent on Silicon Valley data mining company Palantir to help it fight terrorism (The Telegraph) You may not know a lot about Palantir, but you are one of its most valued customers.

NSA Vet Chris Kubic Joins Fidelis as Chief Information Security Officer (GovCon Wire) Chris Kubic, former chief information security officer of the National Security Agency, has been app

Rami Habal joins Abnormal Security as Chief Product Officer (Help Net Security) Abnormal Security, the platform that protects large enterprises from email attacks, announced the appointment of Rami Habal to Chief Product Officer.

WidePoint Appoints Kellie Kim as Chief Financial Officer (West) WidePoint Corporation (NYSE American: WYY), the leading provider of Trusted Mobility Management (TM2) specializing in Telecommunications Lifecycle Management, Identity Management and Digital Billing & Analytics solutions, has appointed Kellie Kim as the company’s new Chief Financial Officer (CFO).

Cipherloc Continues New Strategic Focus with Go-To-Market Leadership Hires (Yahoo) Ben Poernomo joins CipherLoc from Symantec Corporation's National Security Group, after a previous career in military, government and commercial cybersecurity roles. Ben will be based in the Washington, D.C. area and will lead the go-to-market strategy for CipherLoc's quantum-secure encryption

Products, Services, and Solutions

MyData Operator Network Enables Smooth Data Flow – User Consent Is the Key (News Powered by Cision) Cybersecurity company Nixu was involved in the implementation of the service pilot conducted in Finland by Vastuu Group and the Finnish Transport and Communications Agency Traficom.

Risk Management Practitioners Can Demonstrate Third Party Risk Management Program ROI with New Simplicity (BusinessWire) Risk Management Practitioners Can Demonstrate Third Party Risk Management Program ROI with New Simplicity

Censys Launches Universal Internet Data Set; Now Scanning The Most Ports In The Internet Security Industry (Censys) New Data Set Featuring Over 1000 New Ports Finds 35-50% More Hosts on Obscure Ports

ID.me Announces Secure Identity Verification Solution for California C (PRWeb) ID.me, the industry leader in secure online Identity verification, today announced an identity proofing and authentication solution for businesses required t

Factoring RSA Keys in the IoT Era (Keyfactor) Researchers Identify RSA Certificate Vulnerability, Keyfactor researchers successfully break nearly 250,000 distinct RSA keys. 1 in every 172 active RSA certificates are vulnerable to compromise or attack.

Telefonica’s cybersecurity unit adds CrowdStrike’s tech to its portfolio (Mobile Europe) Mobile Europe & European Communications is the leading B2B title for the telecoms industry, exploring operators' technology strategies and providing CTOs and their teams with news, analysis and opinion about the latest developments in the sector.

CyberX launches partner program in IoT security market (SearchITChannel) CyberX, a company that provides cybersecurity in the IoT and industrial control system sectors, has unveiled a channel program for managed service providers, consultants, integrators and technology providers. Learn more about the initiative.

Technologies, Techniques, and Standards

The importance of proactive patch management (Help Net Security) Proactive patch management is focused on protecting the systems and applications that are most important and reducing the overall attack surface.

Cyber security expert offers advice to keep hackers from breaking into home security cameras (WDRB) You also should never use the same username and password for multiple accounts and you should choose complicated and unique passwords for each account.

Design and Innovation

YouTube bans malicious insults, veiled threats, harassment (Naked Security) The new policy addresses how coordinated online abuse often happens in real life: poisonous drips spanning multiple videos/comments.

What facial recognition steals from us (Vox) A video explainer on the technology that’s changing the meaning of the human face.

Look How Easy It Is to Fool Facial Recognition—Even at the Airport (Fortune) An experiment by Kneron shows facial recognition is less secure than many think.

“Link In Bio” is a slow knife (Anil Dash) We don’t even notice it anymore — “link in bio”. It’s a pithy phrase, usually found on Instagram, which directs an audience to be aware that a pertinent web link can be found on that user’s profile. Its presence is so subtle, and so pervasive, that we barely

Research and Development

A Sobering Message About the Future at AI's Biggest Party (Wired) Leaders in artificial intelligence warn that progress is slowing, big challenges remain, and simply throwing more computers at a problem isn't sustainable.

Academia

How these Toronto sleuths are exposing the world’s digital spies while risking their own lives (The Star) Citizen Lab has found spyware being used to secretly infect mobile phones or computers of political dissidents, human rights activists, journalists and pro-democracy organizations.

Legislation, Policy and Regulation

The Case for a Mostly Open Internet (ITIF) Policymakers should seek to maximize the benefits of Internet openness while maintaining carefully designed guardrails that reduce the Internet’s most clearly harmful uses.

The Application of International Law to Cyberspace: Sovereignty and Non-intervention (Just Security) A new Chatham House Report discusses how these principles apply to cyber operations below the threshold of use of force and recommends how governments can make progress in reaching agreement.

India shuts down internet once again, this time in Assam and Meghalaya (TechCrunch) India maintained a shutdown of the internet in the states of Assam and Meghalaya on Friday, now into 36 hours, to control protests over a controversial and far-reaching new citizen rule. The shutdown of the internet in Assam and Meghalaya, home to more than 32 million people, is the latest example …

Why the US should increase cyber pressure against North Korea (Fifth Domain) To get North Korea back to the denuclearization table, a new report argues, the United States should employ a more robust information operations and cyber campaign.

ATO lands AU$151 million in MYEFO for storage and cyber resilience (ZDNet) Canberra finds money for the Australian Taxation Office, DTA digital identity program, and Department of Home Affairs visa processing systems.

China Threatens Retaliation Should Germany Ban Huawei 5G (Yahoo) China’s ambassador to Germany threatened Berlin with retaliation if it excludes Huawei Technologies Co. as a supplier of 5G wireless equipment, citing the millions of vehicles German carmakers sell in China.“If Germany were to take a decision that leads to Huawei’s exclusion from the German

Trump Agrees to Limited Trade Deal With China (Wall Street Journal) President Trump has agreed to a limited trade agreement with Beijing that will roll back existing tariff rates on Chinese goods and cancel new levies set to take effect Sunday as part of a deal to boost Chinese purchases of U.S. farm goods and obtain other concessions, according to people familiar with the matter.

Huawei Finds Some Friends in the U.S. Senate (Bloomberg) The Trump administration’s global campaign against the Chinese telecom giant runs into a domestic roadblock.

Dems want tougher language on election security in defense bill (TheHill) Democrats are complaining that the annual National Defense Authorization Act (NDAA) set for a Senate vote this week doesn’t go far enough to protect election security.

CISA Launches First Annual President's Cup Cybersecurity Competition (Dark Reading) Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.

Litigation, Investigation, and Enforcement

European Court of Justice Privacy Shield legal opinion to be published on Thursday (Computing) ECJ advocate general also considering whether EU's standard contractual clauses provide sufficient protection for European consumers

Cisco Wins Legal Challenge in Battle Against Chinese Counterfeits (Wall Street Journal) Cisco Systems has won a legal battle against counterfeit versions of key networking equipment, securing an injunction that requires big online marketplaces to halt the sale of some knockoffs.

FBI secretly demands a ton of consumer data from credit agencies. Now lawmakers want answers (TechCrunch) Now lawmakers want answers from Equifax, Experian, and TransUnion.

Police get “unprecedented” data haul from Google with geofence warrants (Naked Security) Investigators are using geofence warrants to get anybody and everybody who’s near a crime at a given time.

Political parties accused of 'gaming the law' on social media adverts (The Telegraph) Britain's dangerously antiquated electoral rules require urgent reform to cope with a surge in abuse by political parties using the personal data of voters to target them online, according to a new report.

Facebook Is Suing To Send A Message To Scammers — And Regulators (BuzzFeed News) The social media giant is trying to prove it can be trusted to police itself.

Weak account checks earn company $10.5 million privacy fine (Naked Security) The telecomms company violates the EU’s GDPR by allegedly failing to fully authenticate people phoning up to access their accounts.

Ex-Trump campaign aide Carter Page notches victory after inspector general hammers FBI for surveillance missteps (Washington Post) Working mostly without a lawyer, Page was the only one of four initial suspects in the Russia investigation who was never charged or convicted.

In election fraud case involving Giuliani associates, defense pushes for intelligence intercepts (Washington Post) A lawyer in the case involving Lev Parnas and Igor Fruman told a federal judge that intelligence files may exist on them and two co-defendants.

NSA Statement on NSA Inspector General Special Study (STL.News) NSA Statement on NSA Inspector General Special Study • STL.News • Read national news at STL.News. Please share STL.News.

Leak Secrets to Media, You Are Sure to be Prosecuted (ClearanceJobs) ClearanceJobs is your best resource for news and information on security-cleared jobs and professionals. Learn more with our article, "Leak Secrets to Media, You Are Sure to be Prosecuted ".

Man guilty of keeping defense secrets at home (The Daily News of Newburyport) A Massachusetts man has pleaded guilty to keeping classified national defense documents at his home without proper authorization, federal prosecutors said Friday.

Todd Leasure Sentenced For Submitting False Claims For Hours Worked For NSA Projects (CBS) A 45-year-old Alabama man was sentenced Friday to six months of home detention as part of five years' probation for making false statements regarding the hours he worked on a contract for the National Security Agency.

The Lawfare Podcast: Countering Chinese Espionage (Lawfare) Recently, former CIA officer Jerry Lee was sentenced to 19 years in prison for conspiring to share classified information with the Chinese government. During the time in which Lee was in touch with Chinese intelligence agents, dozens of CIA sources in China were arrested or killed—a catastrophe for CIA operations in the country. What's the connection between this disaster and the Lee case? And what do both mean for Chinese counterintelligence work overall?

Ex-UBS FA Fined After Allegedly Conned by Hacker to Disburse Client Funds (Financial Advisor IQ) Finra has suspended and fined a former UBS financial advisor who was allegedly duped by a hacker into disbursing half a million dollars from a UBS client’s account, the industry’s self-regulator says.

Iran says it thwarted a cyberespionage attack. More ransomware attacks in Louisiana and New Jersey.

Bring your own context.