The CyberWire Daily Briefing 2.7.19

Cyber Attacks, Threats, and Vulnerabilities

China-linked hacker group has gone quiet, but DHS expects resurgence (FCW) A hacking group behind a widespread cyber espionage campaign against IT service providers has gone quiet since two of its members were indicted but remains an active threat to American businesses.

China hacked Norway's Visma cloud software provider (ZDNet) APT10 hacker group breaches Visma cloud provider, a US law firm, and an international apparel company, a report published today says.

Attribution of cyber campaign to APT10 questioned (iTWire) A security researcher has questioned the attribution of a cyber-espionage campaign to the group known as APT10, which has long been suspected to be op...

Report: State-Sponsored Hackers Are Getting Better at Hiding Their Identities (Nextgov.com) Security researchers also warn Iran might be gearing up to target U.S. companies with information warfare.

Lifesize Team, Room, Passport & Networker Remote OS Command Injection (Trustwave) While working on various vulnerability research projects, I encountered multiple Authenticated Remote OS Command Injection vulnerabilities in four Lifesize products:

Power Company Has Security Breach Due to Downloaded Game (BleepingComputer) South African energy supplier Eskom Group has been hit with a double security breach consisting of an unsecured database containing customer information and a corporate computer infected with the Azorult information-stealing Trojan.

How Hackers and Scammers Break into iCloud-Locked iPhones (Motherboard) In a novel melding of physical and cybercrime, hackers, thieves, and even independent repair companies are finding ways to "unlock iCloud" from iPhones.

IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites (Security Intelligence) The X-Force research team investigated the IcedID Trojan's two-step injection attack that enables it to steal access credentials and payment card data from e-commerce customers in North America.

Phishing Attacks Against Facebook / Google via Google Translate (Akamai) When it comes to phishing, criminals put a lot of effort into making their attacks look legitimate, while putting pressure on their victims to take action. In today's post, we're going to examine a recent phishing attempt against me personally....

Clever Phishing Attack Enlists Google Translate to Spoof Facebook Login Page (Threatpost) A tricky two-stage phishing scam is targeting Facebook and Google credentials using a landing page that hides behind Google's translate feature.

Weaponized emails are top APTs infection vector in today malware landscape (Difesa e Sicurezza) Yoroi-Cybaze cyber security experts: cybercrime and state-sponsored hackers use simple social engineering tricks to lure users to enable the malicious Macros.

Microsoft Confirms Serious ‘PrivExchange’ Vulnerability (Threatpost) The elevated privilege flaw exists in Microsoft Exchange and would allow a remote attacker to impersonate an administrator.

Researcher Declines to Share Zero-Day macOS Keychain Exploit with Apple (BleepingComputer) Security researcher Linus Henze demoed a zero-day macOS exploit impacting the Keychain password management system which can store passwords for applications, servers, and websites, as well as sensitive information related to banking accounts.

MacOS Zero-Day Exposes Apple Keychain Passwords (Threatpost) A researcher who discovered a flaw letting him steal passwords in MacOS is not sharing his findings with Apple without a macOS bug bounty program.

Exclusive: Scammers Hit Thousands With Sophisticated Fake Norton Scans (Forbes) In recent years tech support scammers stalked their victims through the phone lines. Now they're turning back the clock and tricking people into paying good money for bad apps.

Some Airline Flight Online Check-in Links Expose Passenger Data (Dark Reading) Several airlines send unencrypted links to passengers for flight check-in that could be intercepted by attackers to view passenger and other data, researchers found.

Big Telecom Sold Highly Sensitive Customer GPS Data Typically Used for 911 Calls (Motherboard) A Motherboard investigation has found that around 250 bounty hunters and related businesses had access to AT&T, T-Mobile, and Sprint customer location data.

Jack’d dating app is showing users’ intimate pics to strangers (Naked Security) A clear and present danger: Anyone with a web browser who knows where to look can access Jack’d users’ photos, be they private or public.

Attacks on Automotive Systems Feared Likely (Dark Reading) Yet few engineers feel empowered to do anything about them, a survey shows.

A Grim Gap: Cybersecurity of Level 1 Field Devices (POWER Magazine) Industrial control system cybersecurity is today largely focused on securing networks, and efforts largely ignore process control equipment that is crucial for plant safety and reliability, leaving it woefully Industrial control system cybersecurity is today largely focused on securing networks, and efforts largely ignore process control equipment that is crucial for plant safety and reliability, leaving it woefully vulnerable, an expert warns.

Many popular iPhone apps secretly record your screen without asking (TechCrunch) Many major companies, like Air Canada, Hollister and Expedia, are recording every tap and swipe you make on their iPhone apps. In most cases you won’t even realize it. And they don’t need to ask for permission. You can assume that most apps are collecting data on you. Some even monetize…

Just two hacker groups are behind 60% of stolen cryptocurrency (Naked Security) Chainalysis found that two groups, which it calls Alpha and Beta, are responsible for stealing around $1 billion in funds from exchanges.

Digital signs left wide open with default password (Naked Security) One thing the world doesn’t need: hackers who can broadcast to billboards of any size, be they PC monitor- or Godzilla-sized.

Massive Data Leak (The Poly Post) Human error caused a massive leak of personal information of all active students in the College of Science. On Jan. ...

Nest issues cryptic warning — spoiler alert, it’s about strangers peeking your cameras (The Verge) It’s a lose-lose situation for Google’s Nest

Man hacks Texas couple's security camera, asks Alexa to play 'Despacito' (Springfield News Sun) A Texas couple lying in bed last month was startled to hear a stranger’s voice in their apartm...

Security Patches, Mitigations, and Software Updates

Google Tackles Gmail Spam with Tensorflow (Dark Reading) Tensorflow, Google's open-source machine learning framework, has been used to block 100 million spam messages.

Safari Removing Do Not Track Support (Decipher) Apple is eliminating the Do Not Track feature from its Safari browser in version 12.1 and making several other security and privacy changes, as well.

Upcoming Firefox version to offer fingerprinting & cryptomining protection (HackRead) There is very good news for Mozilla Firefox users. After improving the user experience with tracking protection function offering content blocking features and other changes in Firefox 63, Mozilla is aiming for another significant update in the upcoming version of the browser.

Cyber Trends

The hidden truth about cyber crime: insider threats (Information Age) John Andrews, VP, Centrify, explores cyber crime in the UK and the rising tide of privilege access management attacks

Cybersecurity: Billions Pour In, Basics Languish (Infosecurity Magazine) 2018’s headlines only underscored the need for robust data security with over 2 billion records stolen.

The impact of cyber-enabled economic warfare escalation (Help Net Security) The Chertoff Group and the FDD unveiled the results of a recently conducted tabletop exercise on cyber-enabled economic warfare with physical implications.

Teens Don't Use Facebook, but They Can't Escape It, Either (WIRED) Gen Z appears mostly indifferent to Facebook, but they can't escape the social network; it’s their parents who are doing most of the posting.

Customers Blame Companies not Hackers for Data Breaches (Security Boulevard) RSA Security latest search reveals over half (57%) of consumers blame companies ahead of hackers if their data is stolen.

Add cybersecurity to Doomsday Clock concerns, says Bulletin of Atomic Scientists (CSO Online) The Doomsday Clock, once a ritual feature of the Cold War, warns that cybersecurity issues like IoT and cyber-enabled information warfare endanger humanity.

Which countries have the worst (and best) cybersecurity? (Comparitech) With so much of our information (including incredibly personal data) being found online, cybersecurity is of the utmost importance. So just where in the world are you cyber safe – if anywhere? Our study looked at 60 countries and found huge variances in a number of categories, from malware rates to cybersecurity-related legislation. In fact, …

Marketplace

Huawei offers to build cyber security centre in Poland (CRN Australia) Following arrests of Huawei employee and former Polish security official.

New eSecurityPlanet.com Survey Shows Majority of Businesses Plan to Accelerate IT Security Spending and Hiring (GlobeNewswire News Room) Highly publicized data breaches, increasing vulnerabilities, and new privacy regulations globally are pushing companies to increase spending on trusted IT security tools, staff, and hiring

VMware acquires remote device management vendor AetherPal (CRN Australia) Boosting capabilities of VMware's Workspace ONE platform.

HelpSystems Buys Core Security Assets to Grow Infosec Portfolio (Dark Reading) Acquisition will enable it to provide threat detection, pen testing, and other security tools to customers.

Twitter’s Push for Healthier Discourse Pays Off With Revenue Jump (Wall Street Journal) Twitter reported record quarterly revenue and its first full year of profitability, signs that its efforts to promote healthy interactions on the social-media platform appear to working.

Is it Time to Buy This Transforming Tech Stock? (The Motley Fool Canada) BlackBerry Ltd. (TSX:BB)(NYSE:BB) continues to transform rapidly. Is it the type of investment for you?

TWOSENSE.AI Awarded DoD $2.42M Security Contract for Behavioral Biometrics (AP NEWS) Today TWOSENSE.AI announces it has been awarded a $2.42M contract through Other Transaction Agreement (OTA) by the Army Contracting Command (ACC) to deploy deep neural networks for continuous multifactor authentication.

Why Augusta deserves to be home to a cyber army (Fifth Domain) The U.S. Army, the city of Augusta and the state of Georgia are well on the way to validating the decision to make Augusta a cyber hub.

Facebook’s Top PR Exec Is Leaving the Toughest Job in Tech (WIRED) Caryn Marooney is the latest in a series of high-profile departures from Facebook's communications department at a time when the company is perpetually under siege.

Daniel Stenberg, founder and Chief Architect of cURL, joins wolfSSL (Help Net Security) wolfSSL announces integration with cURL. As part of the integration, Daniel Stenberg, founder and Chief Architect of cURL, will join the wolfSSL team.

SentinelOne Elevates Nicholas Warner to COO, Daniel Bernard to CMO, and Efraim Harari to CCO as SentinelOne Continues to be the Industry’s Fastest Growing Cybersecurity Company (BusinessWire) SentinelOne, the autonomous endpoint protection company, today announced that Nicholas Warner, the company’s Chief Revenue Officer, has been promoted

Former Cyber Command Deputy Joins E3/Sentinel Board of Directors (Washington Examiner) Retired Lt. Gen. J. Kevin McLaughlin, former deputy commander of U.S. Cyber Command, has joined E3/Sentinel‘s board of the directors, the company announced.

SAIC Names Nathan Rogers as New Chief Information Officer (AP NEWS) Feb 6, 2019--Science Applications International Corp. (NYSE: SAIC) announced today that Nathan G. Rogers will assume the role of chief information officer effective Feb. 2, reporting to SAIC CEO Tony Moraco. Rogers succeeds Bob Fecteau who retires from the company in April. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20190206005042/en/ Nathan Rogers, former Engility CIO, named new CIO for SAIC. (Photo: Business Wire)

Zendesk President of Products Adrian McDermott Joins FireEye Board of Directors (AP NEWS) FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today announced that Adrian McDermott has been appointed to the FireEye board of directors. McDermott is currently President of Products at Zendesk, a global company that builds software for customer service and engagement. McDermott brings 25 years of business experience across a number of technology markets. McDermott has led the product management and engineering teams for Zendesk since 2010. In his role, McDermott is responsible for defining and leading global product strategy and product development for the publicly-traded, web-based customer service software leader.

Products, Services, and Solutions

SecurityScorecard Launches Project Escher to Support Non-Profit Organizations in Fight to Understand Third Party Risk (PR Newswire) SecurityScorecard, the leader in security ratings, announced today the launch of Project Escher, which provides...

Veriato to Offer Cerebral - A Complete Insider Threat Intelligence Platform to Combat Insider Data Breaches (PR Newswire) Veriato, an innovator in actionable User and Entity Behavior Analytics (UEBA) and a global leader in...

Fortinet Introduces Intent-Based Next-Gen Firewalls - SDxCentral (SDxCentral) Fortinet today released a family of next-generation firewalls that feature intent-based segmentation to provide a granular level of security.

Facebook will reveal who uploaded your contact info for ad targeting (TechCrunch) Facebook’s crack down on non-consensual ad targeting last year will finally produce results. In March, TechCrunch discovered Facebook planned to require advertisers to pledge that they had permission to upload someone’s phone number or email address for ad targeting. That tool debuted i…

Remote wipe SAN and EFI computers with BCWipe Total WipeOut by Jetico (Help Net Security) Jetico, leading developer of approved DoD wipe software, announced the release of version 4 of BCWipe Total WipeOut to erase hard drive data.

Zettaset releases XCrypt Archive for Pivotal Cloud Foundry to automate encryption (Help Net Security) Zettaset announced that Zettaset XCrypt Archive for Pivotal Cloud Foundry (PCF) is now available on the Pivotal Services Marketplace.

Retarus adds WF-500 appliance of Palo Alto Networks to email security portfolio (Telecompaper) German information logistics provider Retarus said it is partnering with Palo Alto Networks to add the WF-500 appliance to its e-mail security portfolio.

NTT DATA chooses Exabeam to consolidate security solutions - (Enterprise Times) NTT DATA chooses long term cybersecurity partner Exabeam to help consolidate all of the SIEM solutions spread across the business

Technologies, Techniques, and Standards

NIST Round 2 and Post-Quantum Cryptography (part 1) (Private Internet Access Blog) NIST has announced the projects that have advanced through the 2nd round of the search for a new quantum resistant cryptography standard.

Making the Case for Cybersecurity Investment (Infosecurity Magazine) Business leaders are yet to fully embrace the value of cybersecurity.

There's No Good Reason to Trust Blockchain Technology (WIRED) Opinion: Cryptocurrencies are useless. Blockchain solutions are frequently much worse than the systems they replace. Here's why.

Lookalike domains: Artificial intelligence may come to the rescue (Help Net Security) In the world of network security, hackers often use lookalike domains to trick users to unintended and unwanted web sites, to deliver malicious software

Japan targets complacency with cyber attack on citizens (The Straits Times) Last November, when Japan's 68-year-old minister for cyber security admitted he had never used a computer and was "not very familiar" with cyber security issues, it was, of course, hilarious.. Read more at straitstimes.com.

Inside NATO's cyber defence centre (Sky News) Inside NATO's cyber defence centre

CNO Wants More Cyber, IW in Navy’s Wargames (Breaking Defense) The Navy needs to increase both the number and complexity of its wargames, the service’s top admiral said Wednesday, citing rapid advances being made by competitors in cyber and information warfare tactics that will muddy and confuse future battlefields.

Citizen surveillance: What does the US Government know about you? (Privacy.net) How much information does the US government have about you, an average US citizen? I attempt to cover all the ways that the feds can track you down.

Design and Innovation

Fabula AI is using social spread to spot ‘fake news’ (TechCrunch) UK startup Fabula AI reckons it’s devised a way for artificial intelligence to help user generated content platforms get on top of the disinformation crisis that keeps rocking the world of social media with antisocial scandals. Even Facebook’s Mark Zuckerberg has sounded a cautious note…

Can learning ham radio make for better engineers and software developers? (C4ISRNET) Employees from the Naval Air Warfare Center Weapons Division took a week-long class in amateur radio as a way to better understand radio frequency (RF) propagation that can be essential to engineering and software development.

Research and Development

Attacking Artificial Intelligence: How To Trick The Enemy (Breaking Defense) “Autonomy may look like an Achilles’ heel, and in a lot of ways it is” – but for both sides, DTRA's Nick Wager said. “I think that’s as much opportunity as that is vulnerability. We are good at this… and we can be better than the threat.”

AI could think for itself by 2050, cybersecurity expert predicts at Colorado Springs seminar (Colorado Springs Gazette) The first artificial intelligence capable of thinking for itself could be a reality as soon as 2050, according to a speaker in a panel discussion Wednesday at the Rocky Mountain

Legislation, Policy and Regulation

How Australia and Germany tamed the tech giants and what Britain can learn from them (The Telegraph) When Ian Russell accused Instagram of ‘helping to kill’ his 14-year-old daughter it provoked an outpouring of public anger, the reverberations of which have been felt from Westminster to Silicon Valley.

Regulators Are Figuring Out How to Make Google and Facebook Sweat (Medium) The Wild West era may be drawing to a close for tech corporations like Facebook and Google. New scrutiny from regulators abroad — and some closer to home — is resulting in fines that portend more…

Exclusive: Huawei needs 3-5 years to resolve British security fears... (Reuters) A $2 billion effort by China's Huawei to address security issues raised in ...

Huawei likely faces 5G ban in Canada, security experts say (South China Morning Post) Analysts and former diplomats doubt Huawei will be allowed a role in Canada’s next-generation networks, but China’s ambassador warns of repercussions if the firm is banned

Analysis | The Cybersecurity 202: Huawei's access to 5G could expand China's surveillance state, cyber diplomat warns (Washington Post) Chinese telecom companies should be banned from next-generation networks, Rob Strayer says.

Using Huawei technology is a matter of faith (Deutsche Welle) What role can Chinese network supplier Huawei play in building Germany's 5G network? It's a question of faith, but not only — so Berlin is taking its time to give a definitive answer.

Turkcell defends Huawei against 'uncorroborated' security allegations (Totaltelecom) Turkcell has joined a growing number of European telcos who are calling for authorities to find a way to work with Huawei on 5G network security

Marco Rubio Continues to Swing Away at ZTE (Sunshine State News) This week, U.S. Sen. Marco Rubio, R-Fla., who sits on the U.S. Senate Foreign Relations Committee, brought back a proposal taking aim at ZTE, a telecommunications company run by the Chinese government.

Huawei, ZTE Parts Weaken Rural Networks, Sens. Told (Law360) Chinese telecom equipment makers Huawei and ZTE continue to be threats to the security of U.S. networks, but some small and rural broadband providers are still pressured to buy the foreign-made components because they're the least expensive, the full Senate Commerce Committee heard Wednesday.

Former Cyber Command leader details security threat from China's tech expansion, calls for private-sector regulation (Inside Cybersecurity) The former number-two official at the military’s Cyber Command buttressed the cybersecurity case against the global commercial expansion of Chinese information and communication technology, and suggested a need for requirements on the private sector in defending against the threat associated with Beijing.

Valuable, messy and contentious: How big data became 'new oil' (Federal News Network) While agency IT officials recognize the Foundations for Evidence-Based Policymaking Act and OPEN Government Data Act present opportunities to get more value out of their data, they also see challenges in preparing the workforce to manage all that data.

Cisco Calls for US Federal Privacy Legislation—Leveling the Privacy Playing Field (blogs@Cisco - Cisco Blogs) Irony alert: Even as every day we become more dependent on the internet and its wealth of information to simplify our lives, we ask ourselves more and more: can we trust the way our own personal information is handled?

DHS prioritizes restart of election security programs post-shutdown (CNN) Since the shutdown ended, the Department of Homeland Security has prioritized the resumption of its election security programs, some of which were forced to go on hiatus during the lapse in government funding, according to Cybersecurity and Infrastructure Security Agency Director Chris Krebs.

SOCOM needs to step up its propaganda game, Pentagon deputy says (Military Times) The Pentagon is pushing it’s special operations forces to move beyond the traditional leaflets-and-loudspeakers approach to information warfare, a senior Pentagon official said this week.

What is the California Consumer Privacy Act? (OTRS) Last year, the EU implemented the GDPR, countries around the world began implementing their own data protection laws, as did the United States with the CCPA.

Litigation, Investigation, and Enforcement

Australia prohibits billionaire Chinese ‘spy’ Huang Xiangmo from returning (Times) A Chinese billionaire who has been resident in Australia for eight years and who has donated generously to political parties has been denied the right to return to the country amid concerns about...

House Intelligence Committee says it will expand inquiry beyond Russian meddling (San Diego Union Tribune) The House Intelligence Committee voted Wednesday to send special counsel Robert Mueller transcripts from closed-door interviews in the Russia investigation.

What Robert Mueller Knows—and Isn't Telling Us (WIRED) The special counsel's indictments have so far stopped short of tying Trump and his associates to a broader conspiracy, blanks that will eventually get filled in.

More Alleged SIM Swappers Face Justice (KrebsOnSecurity) Prosecutors in Northern California have charged two men with using unauthorized SIM swaps to steal and extort money from victims. One of the individuals charged allegedly used a hacker nickname belonging to a key figure in the underground who’s built a solid reputation hijacking mobile phone numbers for profit.

Court Finds Cybersecurity-Related Claims Sufficient in Securities Class Action (The National Law Review) In the aftermath of Equifax&rsquo;s data breach, a federal court recently found that allegations of poor cybersecurity coupled with misleading statements supported a proper cause of action.&nbsp;In it

Over 59,000 Breaches Have Been Reported to GDPR Regulators (Infosecurity Magazine) DLA Piper warns fines could reach into the hundreds of millions this year

Some banks still adrift from GDPR compliance, warn regulatory experts (IBS Intelligence) Some banks still adrift from GDPR compliance, warn regulatory experts

The plot to revive Mt. Gox and repay victims’ Bitcoin (TechCrunch) It was the Lehman Brothers of blockchain. 850,000 Bitcoin disappeared when cryptocurrency exchange Mt. Gox imploded in 2014 after a series of hacks. The incident cemented the industry’s reputation as frighteningly insecure. Now a controversial crypto celebrity named Brock Pierce is trying to …

A Crypto Exchange CEO Dies—With the Only Key to $137 Million (WIRED) Customers of QuadrigaCX are out as much as $190 million after CEO Gerry Cotten died; Cotten reportedly was the only one with the key to retrieve the money.

Bank IT Manager Gets 10 Years for ATM Exploit (Infosecurity Magazine) Huaxia Bank employee stole $1m from cashpoints

Court upholds conviction of girl who urged suicide with texts and calls (Ars Technica) "You're just making it harder on yourself by pushing it off," one message said.

APT10 or APT31? Google Translate used to phish. macOS Keychain 0-day. Scam mimics Norton system scan. Suspicion of Huawei, ZTE.