The CyberWire Daily Briefing, 12.17.19

Cyber Attacks, Threats, and Vulnerabilities

Russian disinformation network said to have helped spread smear of U.S. ambassador to Ukraine (Washington Post) Five days after false reports of a "do not prosecute list," a fake image of the list appeared online. It was spread by a campaign attributed to Russia.

Lazarus pivots to Linux attacks through Dacls Trojan (ZDNet) The Trojan is able to infect both Windows and Linux machines.

Report: African Mobile Internet Users Exposed in Huge Data Leak (vpnMentor) Led by cybersecurity analysts Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach in a database belonging to South Africa ICT company,

This WhatsApp bug could allow hackers to crash the app and delete group chats forever (ZDNet) Researchers detail security flaw that allowed hackers to crash WhatsApp and permanently delete contents of group chats - and urge users to update the app to protect against attacks.

Destroyed: A method of destroying Whatsapp group chats forever, say infosec bods of vuln patch (Register) Good news for Check Point; less so for blabbermouths with regrets

Report: Popular Online Retailer Exposes Customers in Worldwide Data Leak (vpnMentor) Led by cybersecurity analysts Noam Rotem and Ran Locar, vpnMentor’s research team discovered a leak in a database belonging to the online retailer

Android vulnerable to cyberattack: Union Home Ministry (The Hindu) A bug, ‘StrandHogg’, allows malware applications to pose as genuine applications

Explained: What is the 'StrandHogg' bug? (The Hindu) The vulnerability allows sophisticated malware attacks without the need for a device to be rooted to the Android operating system.

Encryption weaknesses in RSA certificates leave IoT devices vulnerable to attack (Computing) Researchers find one-in-172 RSA certificates using a common factor to generate keys

SQL Server 2019 Security Tool Inadvertently Reveals Where Sensitive Data is Stored (Imperva) The first step in protecting your data and ensuring your database is compliant with security benchmarks and privacy regulations such as SOX, PCI, HIPAA, and GDPR is to understand what sensitive information resides in that database. Microsoft’s SQL Server 2019 introduces a new tool SQL Data Discovery & Classification. Built into SQL Server Management Studio …

Removing the Human From the Machine Can Doom Cyber Resilience (Security Magazine) If your cyber risk management efforts remove key human elements from the “machine,” you might accomplish compliance but not resilience.

Radware issues warning over 'Jingle Bots' eCommerce disruption (Mobile Marketing Magazine) As consumers head online to get the best deals in the run up to Christmas and during the January sales, research from Radware , a web application security firm, reveals it could be in vain, thanks to so called ‘Jingle Bots’ playing havoc. An in-depth analysis of internet traffic on Cyber Monday and Black Friday carried out by the firm reveals that only a third of shoppers were real people. The rest were automated bots designed to disrupt the smooth running and revenues of eCommerce sites by jamming them with fake shoppers so genuine shoppers give up or shop elsewhere. Nick-named ‘Jingle bots’, these internet bots disguised as bona fide shoppers because they behave just as people would, made...

Acer Quick Access - DLL Search-Order Hijacking and Potential Abuses (CVE-2019-18670) (SafeBreach) SafeBreach Labs discovered a new vulnerability in Acer Quick Access software.

ASUS ATK Package - Unquoted Search Path and Potential Abuses (CVE-2019-19235) (SafeBreach) SafeBreach Labs discovered a new vulnerability in the ASUS ATK Package which is pre-installed on ASUS computers.…

Intel Rapid Storage Technology Service - DLL Preloading and Potential Abuses CVE-2019-14568 (SafeBreach) SafeBreach Labs discovered a vulnerability in Intel(R) Rapid Storage Technology Service.

Maze Ransomware Gang Dumps Purported Victim List (BankInfo Security) The gang behind Maze ransomware has begun publicly identifying its victims and listing data that it exfiltrated from systems before leaving them crypto-locked. The intent is clear: By naming and shaming victims, the Maze gang is trying to compel them to pay.

Maze behind Pensacola ransomware attack (SC Media) Maze was behind the ransomware attack on the City of Pensacola that began early Saturday morning, and its operators have demanded a $1 million ransom to

Mayor: Progress in Ending Pensacola 'Cyber-Battle' (WUWF) Still no word from Pensacola officials, on the cyber-attack involving the city’s computer systems. But Mayor Grover Robinson did have an update of sorts,

How bad was the cyberattack against Pensacola? The city hired a firm for $140K to find out (Pensacola News Journal) Pensacola has hired Deloitte for $140,000 to evaluate the extent of a cyberattack that crippled the city's computer systems for several days.

New Orleans cyber attack updates: Officials confident data can be recovered, but no ETA yet (NOLA.com) New Orleans Mayor LaToya Cantrell said in a press conference Monday that the current recovery procedures are working in response to the citywide cyber attack on public computers Friday.

After New Orleans cyber attack, here's what agencies will and won't be affected this week (NOLA.com) The effects of a cyber attack that left City Hall paralyzed on Friday will continue to have its impacts felt into the coming week, with officials saying Sunday night that

Baton Rouge Community College computers targeted in ransomware cyberattack; State Police called in (The Advocate) Two days before commencement ceremonies, Baton Rouge Community College leaders learned that its computers were cyberattacked by ransomware.

Ransomware 'Crisis' in US Schools: More Than 1,000 Hit So Far in 2019 (Dark Reading) Meanwhile, the mayor of the city of New Orleans says no ransom money demands were made as her city struggles to recover from a major ransomware attack launched last week.

Hackensack Meridian Health pays attackers to thwart ransomware incident (CyberScoop) New Jersey’s largest hospital system said last week it paid an extortion fee to hackers who had disrupted medical facilities with a ransomware attack.

Epilepsy Foundation Was Targeted in Mass Strobe Cyberattack (New York Times) Hackers sent images of flashing strobe lights to the foundation’s thousands of Twitter followers in several attacks.

Voting-Machine Parts Made by Foreign Suppliers Stir Security Concerns (Wall Street Journal) A voting machine that is widely used across the country contains some parts made by companies with ties to China and Russia, researchers found, fueling security questions.

Navy letter shows military worried about unknown vulnerabilities in DJI drones (CyberScoop) Weak encryption protocols and limited supply chain visibility had the Navy warning its members about using DJI drones, according to an internal letter.

Official Navy memo on DJI drones noted cheap cost, risk (C4ISRNET) A Navy memo was basis for the Army's 2017 moratorium on the use of DJI drones.

1-in-3 computers dealing with biometric data face hacking attempts: Kaspersky report (CRN - India) One in three computers (37 per cent) engaged in collecting biometric data globally faced hacking attempts in the third quarter of this year, a new report said. The devices — servers and workstations — use to collect, process and store biometric data (such as fingerprints, hand geometry, face, voice and iris templates). Overall, a significant …

Vladimir Putin 'still uses obsolete Windows XP' despite hacking risk (the Guardian) Official photos seem to show president using unsupported OS at Kremlin and residence

Facebook's Tor Site Down for Over a Week Due to Expired TLS Cert (BleepingComputer) Facebook has announced that its Tor gateway will be down for one to two weeks due to an expired TLS certificate. This is a bit strange as it normally should not take two weeks to renew a certificate.

Royal Mail text scam offering free iPhone 11 Pro could let fraudsters rinse your bank account ahead of Christmas (The Sun) BRITS are reporting that they’ve been the target of a convincing scam message purporting to be from Royal Mail. Cyber criminals are using the fake texts to trick victims into handing over the…

Security Patches, Mitigations, and Software Updates

Google pauses Chrome 79 rollout on Android after bug wipes data in some apps (Android Police) Chrome 79 started rolling out on desktop and mobile platforms a few days ago. Unfortunately, a bug has cropped up that wipes data in certain apps that use

Cyber Trends

Valimail Research Finds Security Professionals are Skeptical About Cybersecurity Vendor Claims (Valimail) Survey Shows More Than 50% of Enterprise IT Pros Say Cybersecurity Vendors Use Unclear and Ambiguous Data to Peddle Products

NordVPN Interview: Regional Tensions Drive Increased VPN Usage (PreciseSecurity.com) Ruby Gonzalez, the Head of Communications at NordVPN talked to PreciseSecurity.com about the cybersecurity market and how the industry is moving forward.

Financial Services Get Hooked, Experience 147% Increase in Phishing Clicks (Menlo Security) According to JPMorgan Chase CEO Jamie Dimon, “The threat of cyber security may very well be the biggest threat to the US financial system.”Reports show a 56% year-over-year increase in digital threats targeting the sector, and according to new research, phishing is a key threat vector

Mac threat detections on the rise in 2019 (Malwarebytes Labs) For the first time ever, Mac threats broke into Malwarebytes' top five overall detections of 2019. See how our data shows Mac malware on the rise.

New Tactics Emerge as Phishing Evolves (Decipher) Recent phishing campaigns uncovered by Microsoft are using custom 404 error pages and search result poisoning to fool victims.

Marketplace

EfficientIP receives $11m Series B funding from Jolt Capital to accele (PRWeb) EfficientIP, the network security and automation specialist, today received an $11 million Series B investment from Jolt Capital to support its continued internati

Satori Cyber Raises $5.25 Million to Deliver Industry’s First Secure Data Access Cloud, Accelerating Data-Driven Innovation (BusinessWire) Satori Cyber, the Israeli startup revolutionizing data protection and governance, today announced $5.25 million in seed funding led by YL Ventures. Fo

CrowdStrike: Strike While Its Iron Is Hot (Seeking Alpha) CrowdStrike shares are down more than 50% from their peak. The company just announced another blow-out quarter that has compressed valuation metrics substantially.

Google and YouTube moderators speak out on the work that gave them PTSD (The Verge) They scrub the internet of violent and disturbing content, and it haunts them forever.

Booz Allen Opens New Colorado Office (ExecutiveBiz) Booz Allen Hamilton has inaugurated a new office in Aurora, Colo., that will function to support federal government customers from the intelligence and defense sectors, Denver Post reported Friday.

Forcepoint Names Lisa Schreiber Newly-Created Chief Customer Success Officer Driving Delivery of World-Class Customer Experience (Forcepoint) Technology and customer focused business leader to turn customer experience into a key differentiator

Defense Industry Executive Boyd Brown Joins TrapX Security As Its Deception Strategy Officer (PR Newswire) Boyd Brown is a defense industry executive with over 20 years of experience building and leading teams of Information Warfare and Deception...

Bill Cull Joins Cellebrite as SVP for Federal (GovCon Wire) Bill Cull, former vice president for IBM’s (NYSE: IBM) public sector arm, has been named senior vice

Tenable Appoints Marty Edwards as Vice President of Operational Technology Security (Tenable®) Longest-serving Director of ICS-CERT joins Tenable following its acquisition of industrial security leader Indegy Tenable®, Inc., the Cyber Exposure company, today announced the appointment of Marty Edwards, a globally recognized expert in cybersecurity for industrial control systems and operational technology (OT), as Vice President of OT Security.

Products, Services, and Solutions

Bugcrowd Launches CrowdStream and In-Platform Coordinated Disclosure (Bugcrowd) Security is a team sport. The information held by fellow security practitioners and researchers has the power to affect how and when we respond to adversarial t

Fortinet Tightens Partnership with Google Cloud to Provide Advanced Cloud Security and Accelerate the Cloud On-Ramp (West) Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced extended integration of its cloud security portfolio with Google Cloud to offer customers migrating to Google Cloud Platform (GCP) advanced security for their workloads and applications.

ForgeRock Joins Google Cloud Platform Partner Advantage Program at Premier Level (West) Recently-Announced ForgeRock Identity Cloud Built on Google Cloud

Qualys Partners with Google to Natively Embed the Qualys Cloud Agent into the Google Cloud Platform (Qualys) One-click integration automatically installs the Qualys Cloud Agent and reports vulnerabilities directly into the Google Security Command Center

Exabeam Signs Multi-Year Agreement to Run SaaS Cloud Offering on Google Cloud (Exabeam) Exabeam, the Smarter SIEM™ company, has announced a multi-year agreement to[...]

Google Cloud and Palo Alto Networks Expand Strategic Partnership (Security Boulevard) Companies partner to introduce new threat detection solutions and security solutions

In new security push, Google Cloud adds a raft of integrations and partner tie-ups (SiliconANGLE) In new security push, Google Cloud adds a raft of integrations and partner tie-ups

Microsoft received a key provisional security nod. Here's what that means for JEDI. (Washington Business Journal) The new authorization comes as the company is staffing up to take on the DOD's massive cloud contract.

CipherTrace Launches Crypto Risk Intelligence Products for Banks (BusinessWire) CipherTrace, the global leader in cryptocurrency intelligence, today announced the launch of CipherTrace Crypto Risk Intelligence, its comprehensive c

Fortinet Secure SD-WAN Chosen by Over 21,000 Global Customers, Supports Enterprises with up to 100,000 Sites (West) Fortinet’s Security-driven Networking Approach to SD-WAN Continues to Gain Momentum in Supporting WAN Edge Transformation

ShiftLeft Advances DevOps with Industry’s Most Developer-Friendly Automated Application Security Platform (StreetInsider.com) New Offering Enables Developers to Secure up to 200,000 Lines of Code and Perform 300 Scans Per Year at No Cost

SecureSky Cyber Threat Center Increases Its Threat Intelligence Capabilities with Microsoft Security Response Center (MSRC) and Active Protections Program (MAPP) Partnership (PR Newswire) SecureSky today announced a partnership with Microsoft to strengthen its threat intelligence capabilities and provide customers with proactive...

Technologies, Techniques, and Standards

Microsoft: We never encourage a ransomware victim to pay (ZDNet) Microsoft advocates for organizations to take preemptive measures. Says companies should treat cyberattacks "as a matter of when" and not "whether."

CISA Hosts First Annual President’s Cup Cybersecurity Competition (CISA) WASHINGTON – The first annual President’s Cup Cybersecurity Competition wrapped up yesterday. The competition began in September and drew more than 1,000 individuals and 200 teams. After two qualifying rounds, 10 individual finalists and five team finalists came to the Washington, D.C. area for the final round at the CISA Cybersecurity Lab.

Medical device cyber security risks are essentially the same as for industrial control systems and still have gaps (Control Global) I participated in the 2nd Medical Device Cyber Security Summit December 11-12 in San Francisco. As the medical device industry has not been my primary focus, it was a very interesting meeting.

Huawei - What is threat modeling for 5G cybersecurity? (RCR Wireless News) A key step in cybersecurity best practice and staying a step ahead of bad actors is engaging in what’s called threat modeling.

It’s time to disconnect RDP from the internet | WeLiveSecurity (WeLiveSecurity) ESET has released a free utility to check if your system running Windows is susceptible to the BlueKeep (CVE-2019-0708) vulnerability.

4 tips on how to evaluate enterprise security risk and prepare for potential threats (SecurityInfoWatch) An intelligent security software solution is key to managing a complex information environment

DNC releases tips for campaigns, public to fight disinformation online (TheHill) The Democratic National Committee (DNC) released tips Monday for campa

How a Password Manager Protects You From Phishing Scams (How-To Geek) Password managers make it easy to use strong, unique passwords everywhere. That’s one significant benefit to using them, but there’s another: Your password manager helps protect you from imposter websites trying to “phish” your password.

Horrors of an unsafe internet: Cyber crime cops and experts explain how you can protect your family (The News Minute) With dangers lurking in every corner of the internet, how can you protect your family’s digital life? Hear from these policemen and experts.

You Are A Cyber Threat To Your Mother In Retirement, Here’s How (Forbes) Smart technology, or Internet-of-Things, now provides a critical role in supporting caregivers and the wellbeing of older adults living in retirement. But, these technologies also provide opportunities to hackers. Caregivers now have a new job, ensuring the cyber security of their older loved ones.

Design and Innovation

Instagram to now flag potentially offensive captions, in addition to comments (TechCrunch) Earlier this year, Instagram launched a feature that would flag potentially offensive comments before they’re posted. Now, the social media platform is expanding this preemptive flagging system to Instagram’s captions, as well. The new feature will warn users after they’ve written…

How Google applies Europe's Right to Be Forgotten (Help Net Security) Since 2014, Google received some 3.2 million requests to delist URLs, from approximately 502,000 requesters, and decided to delist 45% of those URLs.

Perspective | What does your car know about you? We hacked a Chevy to find out. (Washington Post) Our privacy experiment found hundreds of sensors and an always-on Internet connection. Driving surveillance is becoming very hard to avoid.

Research and Development

Avanan Granted Another Cybersecurity Patent for Email-Based Shadow IT Discovery (West) USPTO recognizes unique capability for cloud services discovery and monitoring

Legislation, Policy and Regulation

India’s Internet shutdown in Kashmir is the longest ever in a democracy (Washington Post) Authorities say the blackout, now more than four months old, is due to security concerns.

Germany Says Security Alone Will Define Decision on Huawei in 5G (Bloomberg) Comments come after Chinese envoy threatens consequences. ‘Industry considerations’ won’t play role in 5G decision.

Analysis | The Cybersecurity 202: Pressure still on McConnell after $425 million election security deal (Washington Post) Democrats and activists vow to keep fighting for security mandates.

Closing a Critical Gap in Cybersecurity (Lawfare) A new proposal improving the Cybersecurity and Infrastructure Security Agency’s ability to identify and issue notifications regarding vulnerabilities connected to the public Internet would help the agency improve American critical infrastructure cybersecurity.

Emotion-detection in AI should be regulated, AI Now says (Naked Security) It’s built on junk science, yet it’s being used to determine who gets hired, fired, insured, medicated and more, the research institute says.

London's Met Police splash the cash on e-learning 'cyber' training for 4k staffers (Register) Getting tooled up for future crimes

Michigan’s volunteer cyber corps expands despite critical audit report (City Pulse) Cyber security requires constant updates and reviews, experts say — and a group of Michigan volunteers that provides rapid response to attacks on government data just got one of its own.

Litigation, Investigation, and Enforcement

Russia Faced No Major Cyberspace Incident Damaging Govt Entities In 2019- Security Center (UrduPoint) Russia has not faced any major cyberspace incident capable of damaging government entities in 2019 thanks to experts effort to remove security vulnerabilities, the deputy head of the National Coordination Center for Computer Incidents said on Monday.This year, 182 notifications about vulnerabiliti ..

Julian Assange’s extradition fight could turn on reports he was spied on for CIA (MSN) Julian Assange’s fight against extradition to the US could last years, and his argument could hinge on reports he has been illegally spied upon and his sensitive information given to the CIA. 

Is using TikTok a national security risk? (Fifth Domain) The chairman of a national security subcommittee in the House of Representatives is worried that federal employees who use TikTok, Grindr and other mobile applications owned by foreign governments could be susceptible to blackmail or become national security vulnerabilities.

Nginx founders complain over Russian police raid over alleged copyright violation (Computing) Police raid on Nginx came after Russia's Rambler Group filed a copyright violation case against Nginx earlier this month - nine months after the company was sold to F5 Networks

“Dig up his body,” say creditors of deceased cryptocurrency player (Naked Security) Apparently, dead men *can* tell tales… especially when millions and millions of cryptocoins are missing.

2 former Haverford College students sentenced to probation for attempted Trump tax hack (Philadelphia Inquirer) U.S. District Judge Cynthia Rufe said her probationary sentences were intended to make an impression on Andrew Harris and Justin Hiemstra and “on anyone out in the public” who would seek to “abuse privileges and privacy of others.”

Lazarus Group's new Trojan. RSA keys for IoT. WhatsApp users should update. Ransomware in Florida and Louisiana. Mr. Assange's extradition.

Bring your own context.