The CyberWire Daily Briefing 2.5.19

Cyber Attacks, Threats, and Vulnerabilities

Facebook bans four armed groups in Myanmar (TechCrunch) Facebook is taking action in Myanmar, the Southeast Asian country where the social network has been used to incite racial tension and violence, after it banned four armed groups from its service. The U.S. company said in a blog post that it has booted the groups — the Arakan Army (AA), the My…

A "Malicious Hack" Accessing MPs' Phone And Email Contacts Is Being Investigated By Parliament (BuzzFeed) Exclusive: "I've been hacked," one member of the government confirmed.

Security researchers discover new Linux backdoor named SpeakUp (ZDNet) SpeakUp backdoor trojan can run on six different Linux distributions, and even on macOS.

ExileRat Targeting Tibetan Supporters via Malicious PowerPoint Docs (BleepingComputer) A targeted attack against pro-Tibetan supporters has been discovered that installs the ExileRat remote access Trojan through malicious PowerPoint attachments. Once infected, the RAT will allow attackers to retrieve information, execute commands, and steal data from the infected computers.

ExileRAT shares C2 with LuckyCat, targets Tibet (Talos Blog) Cisco Talos recently observed a malware campaign delivering a malicious Microsoft PowerPoint document using a mailing list run by the Central Tibetan Administration (CTA), an organization officially representing the Tibetan government-in-exile.

SpeakUp: A New Undetected Backdoor Linux Trojan (Check Point) Check Point Research has discovered a new campaign exploiting Linux servers to implant a new Backdoor Trojan.

New cryptocurrency malware SpeakUp hits Linux & Mac devices (HackRead) The IT security researchers at Check Point have identified a new malware called SpeakUp targeting Linux and macOS – The new findings prove that there has been a surge in malware attacks against Linux and Apple devices.

Crooks Continue to Exploit GoDaddy Hole (KrebsOnSecurity) Godaddy.com, the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains.

New Botnet Shows Evolution of Tech and Criminal Culture (Dark Reading) Cayosin brings together multiple strands of botnet tech and hacker behavior for a disturbing new threat.

Why vaporworms might be the scourge of 2019 (Help Net Security) It still remains to be seen how prevalent vaporworms will become. Every organization must now be prepared to defend against these attacks.

Wikipedia Articles as part of Tech Support Scamming Campaigns? (SANS Internet Storm Center) Caleb, one of our readers has reported that Wikipedia articles have been "primed" and are being used actively in the various fake tech support phone campaigns.

Physics issues such as Aurora are not understood by many ICS cyber security experts – this can be an existential miss (Control Global) It is the physics issues, such as Aurora, that cause long-term damage and require engineering expertise. Consequently, there is a need to have both network cyber security and engineering expertise to properly address ICS cyber security, particularly from physics issues which are existential issues.

YouTube recommended self-harm videos to children as young as 13 (The Telegraph) YouTube has been recommending dozens of videos featuring graphic images of self harm to users as young as 13, The Daily Telegraph has found.

Huddle House Suffers POS Malware Attack (Infosecurity Magazine) Customers may have been exposed for over 17 months

Dark Overlord advertises for software designers and systems engineers… (The Irish News) WE all know that hacking has become a mainstream problem for businesses and consumers.

Raleigh high school will get extra security Tuesday due to online shooting threat (News & Observer) Extra Raleigh police officers and Wake County school security will be at Leesville Road High School in Raleigh on Tuesday, Feb. 5, 2019 following a threat of a school shooting posted on social media. Threats have been rising since Parkland.

Kids Smart Watch Recalled Over Security Concerns (Infosecurity Magazine) European Commission issues RAPEX alert

Security Patches, Mitigations, and Software Updates

Microsoft Authenticator App Now Delivers Security Notifications (BleepingComputer) The Microsoft Authenticator app has been updated to deliver security notifications when important events such password changes, unusual sign-in activity, or phone number and email address changes happen.

Chrome’s hidden lookalike detection feature battles URL imposters (Naked Security) Chrome now checks for misspellings of popular URLs and will display a link to the site that it thinks the user might have wanted to visit.

Cyber Trends

3 ways state actors target businesses in cyber warfare, and how to protect yourself (TechRepublic) State-sponsored groups are leveraging weaknesses in IoT devices to build botnets, and attacking private industry and public infrastructure in attacks, according to a Booz Allen report.

Top 8 Cybersecurity Trends for 2019 (Booz Allen Hamilton) Get expert insights into the blockbuster attacks and threat landscape shifts that could change the face of cybersecurity this year.

Exposed Consumer Data Skyrocketed 126% in 2018 (Dark Reading) The number of data breaches dropped overall, but the amount of sensitive records exposed jumped to 446.5 million last year, according to the ITRC.

Super Bowl Ads Tackle AI and Cyber Security (Security Boulevard) Super Bowl LIII just concluded and the Patriots are now tied for the most Super Bowl victories in NFL history alongside the Pittsburgh Steelers. And Tom Brady is now the oldest quarterback to ever win... The post Super Bowl Ads Tackle AI and Cyber Security appeared first on CyberArk.

Famed investor Roger McNamee once advised Facebook. Now he’s certain it’s destroying our democracy (TechCrunch) A year ago, renowned investor Roger McNamee had much of Silicon Valley baffled. McNamee had made his name as a tech investor in the ’80s and ’90s before cofounding the private equity firm Silver Lake Partners, then cofounding the venture capital firm Elevation Partners with singer Bono.…

The APT Name Game: How Grim Threat Actors Get Goofy Monikers (Threatpost) How do advanced persistent threat groups such as Double Secret Octopus and Anchor Panda get their ridiculous names?

Marketplace

RSAC Innovation Sandbox 2019: Cloud, identity, application security take center stage (CSO Online) Take note of these startups. In the last five years, Innovation Sandbox finalists received $1.5B in funding. In the past ten years, a whopping 42 percent of them were acquired.

Telecoms groups stand by Huawei despite scrutiny (Financial Times) Banning Chinese equipment could delay 5G by years and create duopoly in some markets

The US government shutdown cost Booz Allen Hamilton $20 million in revenue (Quartz) “It's hard to say...whether we'll completely make it up,” said CFO Lloyd Howell.

Backed by Benchmark, Blue Hexagon just raised $31 million for its deep learning cybersecurity software (TechCrunch) Nayeem Islam spent nearly 11 years with chipmaker Qualcomm, where he founded its Silicon Valley-based R&D facility, recruited its entire team and oversaw research on all aspects of security, including applying machine learning on mobile devices and in the network to detect threats early. Islam …

IPKeys announces acquisition of SigmaFlow to accelerate delivery of comprehensive cyber security services and technology to utilities and municipal public safety organizations (PR Newswire) IPKeys Power Partners (IPKeyspowerpartners.com) announced today the completion of the acquisition of SigmaFlow...

Mobile security startup Guardsquare raises $29 million investment (CISO MAG) The company claims that its technology is already embedded in more than quarter of Android apps and its software products are used across various industries, like financial services, e-commerce, public sector enterprises, telecommunication, gaming, and media.

Palo Alto Networks rewards partners selling full portfolio (CRN Australia) Partners would be more profitable than those reselling traditional firewall.

Famed WhiteHat Security Founder Joins SentinelOne (InternetNews.) What do you do after starting a successful security vendor? Apparently you go help a new startup.

Falk Herrmann appointed new CEO of Rohde & Schwarz Cybersecurity (Rohde & Schwarz) On January 1, 2019, Dr. Falk Herrmann became the new CEO of Rohde & Schwarz Cybersecurity GmbH. Prior to taking on this position, the internationally experienced manager was CTO of the Security global business unit of Bosch Sicherheitssysteme GmbH.

Symantec Announces Appointment of Debora Beachner Tomlin as Chief Marketing Officer (BusinessWire) Symantec Corp. announced that Debora B. Tomlin will join Symantec as Chief Marketing Officer (“CMO”), effective Feb. 22.

Symantec CFO to Leave on a High Note (SDxCentral) Symantec announced that its CFO would be leaving the company on the same day that it announced positive Q3 financial results.

Products, Services, and Solutions

Netsurion Introduces BranchSDO for Retail, Restaurant, and Hospitality Businesses (GlobeNewswire News Room) Next-generation SD-Branch solution increases network agility and security while reducing complexity and cost

BitDam Announces BitDam 3.0 Expanding Its Proactive Content Security (PRWeb) BitDam, provider of cybersecurity solutions that protect enterprise communications from advanced content-borne threats, today an

Masergy Launches Secure Wi-Fi and Extends Award-Winning Network Management and Cybersecurity Protection into the Customer LAN (BusinessWire) Masergy, a leading provider of secure hybrid networking, cloud communications and managed security solutions, has launched Masergy Secure Wi-Fi as the

CrowdStrike Opens Its Endpoint Protection Platform to Third-Party Applications to Reinvent Enterprise Security - Press Release - Digital Journal (Digital Journal) CrowdStrike Store, the first cloud-native security solution that

Interset UEBA and CrowdStrike Partner to Advance Endpoint Protection (Interset) Customers can now find and remediate internal and external threats faster and more effectively.

Banco del Bajio, S.A., Selects Guardicore Centra™ Security Platform To Protect Data Center (PR Newswire) Guardicore, a leader in internal data center and cloud security, today announced that Banco...

BioCatch Explains How Behavioral Biometrics Can Stop Vishing Fraud (FindBiometrics) BioCatch recently announced a new platform designed to prevent authorized push payments and vishing fraud, and has detailed some benefits in a blog post.

A New Google Chrome Extension Will Detect Your Unsafe Passwords (WIRED) “Password Checkup” isn’t a password manager but a simple tool that warns you if you’re using a password that’s been exposed in data breaches.

RocketCyber Adds AlienVault and VirusTotal Threat Intelligence Integra (PRWeb) RocketCyber, a cybersecurity platform for managed service providers, today announced the general availability and integration of threat intelligence feeds from pr

Leading SOAR Provider Siemplify Launches Channel First Sales Model wit (PRWeb) Siemplify, the leading innovator in Security Orchestration, Automation and Response (SOAR), today launched its “Partner First” worldwide channel program.

Technologies, Techniques, and Standards

NIST narrows field of post-quantum crypto contenders (GCN) For the second round of its competition, the National Institute of Standards and Technology has chosen 26 algorithms that may help protect electronic information from attack by quantum-enabled computers.

Relationship between DevOps and Cybersecurity (Bricata) The relationship between cybersecurity and DevOps is more important than ever, yet just 34% of security professionals indicate a solid relationship.

Why the culture of cybersecurity is broken–and how to fix it (Fast Company) For too long the industry has cultivated a “dark arts” reputation that discourages diversity and undermines effective communication. A cybersecurity CEO offers a three-step course correction.

Abusing Bias Part One: Infrastructure (Posts By SpecterOps Team Members) I think about my social engineering skills as a byproduct of living a rebellious life. My friends were busy when I wanted to travel the…

Unraveling the Quandary of Access Layer versus Storage Layer Security (Infosecurity Magazine) How to ensure security and data access which is flexible enough for regulatory compliance.

6 Security Tips Before You Put a Digital Assistant to Work (Dark Reading) If you absolutely have to have Amazon Alexa or Google Assistant in your home, heed the following advice.

Safer Internet Day: What is does it mean and how can I keep my children safe (BT.com) Join people from 100 countries around the world on social media and unite for a safer more responsible internet for all.

The Teams Who Test US Cyber Defenses Aren’t Being Tough Enough: Pentagon Report (Defense One) Overworked trainers and penetration testers can’t properly simulate the worst real-world threats, leaving operators “overconfident.”

How will the Army use electronic warfare? The Pentagon’s weapon tester wants to know (C4ISRNET) The Army needs to create more clarity on how it will use its electronic warfare forces.

Design and Innovation

UK Launches £6m IoT Security Competition (Infosecurity Magazine) Government is looking for innovative ideas from British firms

To protect users’ privacy, iOS 12.2 will limit Web apps’ access to iPhone’s sensors (Ars Technica) The latest iOS beta defaults Web access to motion sensors to "off."

AI won't solve all of our cybersecurity problems (Help Net Security) AI is already supporting businesses with tasks ranging from determining marketing strategies, to driverless cars, to providing personalized film and music

Research and Development

Fire (and lots of it): Berkeley researcher on the only way to fix cryptocurrency (Ars Technica) Nicholas Weaver says bitcoin and other digital coins recapitulate 500 years of failure.

Legislation, Policy and Regulation

What Is NATO Really Doing in Cyberspace? (War on the Rocks) Two years ago, I received orders to NATO and arrived at Supreme Headquarters Allied Powers Europe in Mons, Belgium in July 2017, thinking this would be my

Internet Practice Code To Curb Cyberspace Crimes Underway (Leadership) The Nigerian Communications Commission (NCC) will soon establish an internet industry code of practice to curb cyberspace crimes in the country.

PH needs better cyber defense (Philippine Canadian Inquirer) There is a pressing need to improve the country’s cyber security, Department of National Defense (DND) Secretary Delfin Lorenzana said Monday.

Norway Intelligence Service Adds Huawei on National Security Threat List (The Nordic Page) The police security service (PST) believes that state-owned computer network operations will pose a persistent threat to Norway, and warns against companies such as the telegigant Huawei. PST chief Benedicte Bjørnland presented PST’s annual threat assessment on Tuesday with Minister of Justice Tor Mikkel Wara . At the press conference, Bjørnland draws particular attention to …

China says it is not a threat to Norway, denies cyber espionage (Reuters) A Norwegian intelligence assessment that China posed a threat to the Nordic coun...

Upcoming report from UK's Huawei handler will blast firm for unresolved security issues (Register) GCHQ limb tight-lipped but we can read between the lines

U.K. Government Officials Were Warned of Huawei's National Security Threat in 2013—Report (Fortune) But the red flags were "wholly ignored."

The Huawei Dilemma: Insecurity and Mistrust (The Diplomat) Telecommunications networks are a strategic asset, and a vulnerable one.

America's Misbegotten Cyber Strategy (The Atlantic) The Trump administration’s National Cyber Strategy rests on a pair of convenient fictions.

Statement for the Record: Worldwide Threat Assessment of the US Intelligence Community (Senate Select Committee on Intelligence) Chairman Burr, Vice Chairman Warner, Members of the Committee, thank you for the invitation to offer the United States Intelligence Community’s 2019 assessment of threats to US national security.

Opinion | The Democratic disinformation debacle proves companies and Congress need to take action (Washington Post) Companies and Congress should put controls in place to prevent bad behavior.

DoD tightens enforcement of cyber regulations on contractors to protect data (Federal News Network) After years of preparing companies for stricter cybersecurity requirements, DoD is finally cracking down on violations of cyber regulations.

Bipartisan lawmakers, industry make competing cybersecurity claims in debate over export control criteria (Inside Cybersecurity) Cybersecurity is the rope in an apparent tug of war between cyber leaders in Congress and industry over how to define criteria in a proposal on controlling the export of certain emerging and foundational technology in the interest of national security.

The government is whittling down its security clearance backlog (Federal Times) The National Background Investigation Bureau's backlog is down over 20 percent from its April 2018 peak amid efforts to streamline and transfer the background investigation process to the Department of Defense.

GPO Has No Disaster Recovery Plan for Its Tech, Watchdog Says (Nextgov.com) If its IT infrastructure is taken offline, the agency could lose access to critical data.

Litigation, Investigation, and Enforcement

Huawei Sting Offers Rare Glimpse of the U.S. Targeting a Chinese Giant (Bloomberg) Diamond glass could make your phone’s screen nearly unbreakable—and its inventor says the FBI enlisted him after Huawei tried to steal his secrets.

Google faces ICO investigation over GDPR violation claims (Computing) Google could be fined four per cent of its $136.8 billion global annual turnover

Bangladesh Bank Sues Filipino Lender in U.S. Court Over Hack Heist (Wall Street Journal) The central bank of Bangladesh has filed a federal lawsuit accusing Manila-based Rizal Commercial Banking Corp. and others of facilitating the theft of $81 million from its account at the New York Fed.

Analysis | The Cybersecurity 202: A bank wants to recover the $81 million North Korea allegedly stole. It won't be easy. (Washington Post) A complex lawsuit illustrates the challenges for cybercrime victims.

FBI burrowing into North Korea’s big bad botnet (Naked Security) The FBI revealed that it joined the Joanap botnet and started chewing it up from the inside.

Apple Says Its Storing Some Russian User Data on Russian Servers (Bloomberg) Apple Inc. detailed the user data it’s storing in Russia to comply with a local law that took effect in 2015, according to a recent filing with the Russian government.

Общество с ограниченной ответственностью «Эппл Рус» (ФЕДЕРАЛЬНАЯ СЛУЖБА ПО НАДЗОРУ В СФЕРЕ СВЯЗИ, ИНФОРМАЦИОННЫХ ТЕХНОЛОГИЙ И МАССОВЫХ КОММУНИКАЦИЙ) с целью: - осуществления и выполнения возложенных законодательством на ООО «Эппл Рус» функций, полномочий и обязанностей;

Denmark expels Huawei staff as Norway warns of espionage risk (South China Morning Post) Copenhagen police said the expulsions were not related to spying and came about as a result of a ‘routine check’ at Huawei’s offices

Selling fake likes and follows is illegal, rules New York (Naked Security) A groundbreaking settlement in New York finds that selling fake likes and followers is illegal.

Man who stole $5M in cryptocurrency via SIM swap pleads guilty (Ars Technica) Prosecutors: Joel Ortiz tricked mobile firms, fraudulently transferred phone numbers.

Prosecutors: Two men used SIM swapping to extort cryptocurrency (Ars Technica) A third suspect was found to have a file on his computer: "Hacker Sh—t!"

Boy arrested for “joking” about shooting up school on social media (Ars Technica) Screenshot showed Siri suggesting nearby schools—cops say threat wasn't credible.

Cyber-attacks and the civil liability of the carrier (Lexology) Given the strategic importance of the sector and its dependence on technology, the coming years will witness an increase in transport related…