The CyberWire Daily Briefing 2.20.19

Cyber Attacks, Threats, and Vulnerabilities

North Korea Turns Against New Targets?! (Check Point Research) Over the past few weeks, we have been monitoring suspicious activity directed against Russian-based companies that exposed a predator-prey relationship that we had not seen before. For the first time we were observing what seemed to be a coordinated North Korean attack against Russian entities. While attributing attacks to a certain threat group or... Click to Read More

Microsoft says it has found another Russian operation targeting prominent think tanks (Washington Post) Microsoft said it had found and attempted to disrupt a "spear-phishing" attack by Russian intelligence aimed at groups that had criticized Russia.

Russia-Linked Hackers Responsible for Vast European Cyber Attacks, Says Microsoft (Fortune) Microsoft vice president Tom Burt said the attacks "validate" warnings of potential Russian interference in the 2019 European elections

Microsoft Says Russian Hackers Targeted European Think Tanks (Bloomberg) Tech giant validates warnings ahead of European elections. Concerns grow that Russia will try to hack global elections.

Oleksandr Turchynov: Russia is going to use the entire arsenal, including cybernetic means, to influence the democratic will of the Ukrainian people - National Security and Defense Council of Ukraine (National Security and Defense Council of Ukraine) A meeting of the National Coordination Center for Cybersecurity was held under the chairmanship of Secretary of the National Security and Defense Council of Ukraine Oleksandr Turchynov.

CrowdStrike: Nation-state cyber operations gaining steam (FCW) Cyber operations have become even more integral to global powers, according to a threat report, even as the U.S. seeks to impose greater costs for bad behavior in the digital space.

Insights on modern adversaries and their tactics, techniques, and procedures (Help Net Security) CrowdStrike’s global observations with real-world case studies deliver deep insights on modern adversaries and their tactics, techniques, and procedures.

Here's how experts tell when a cyber attack is done by a state actor (ABC News) Whether it's hackers stealing files from defence contractors or Federal Parliament's computer network being undermined, Australia has for years come under attack by a variety of cyber thieves.

Huawei's founder denies presence of 'backdoors' for spying (The Bull) The founder of Chinese telecom giant Huawei has hit back at US efforts to blacklist the company and denied there are any

A hacker intercepted your WiFi traffic, stole your contacts, passwords, & financial data. (Hacker Noon) It’s so easy to monitor the public’s Internet traffic. WiFi isn’t as secure as you might think.

Major security issues found in popular password managers (TechRadar) But don’t stop using these security apps for 123456’s sake

Fortnite, Netflix and Uber accounts selling for just £8 on dark web (The Independent) Cyber crime researchers say high-profile data breaches have contributed to a thriving online black market

Ryuk: What does the helpdesk tell us? (Help Net Security) In the case of Ryuk we are dealing with a ‘targeted’ form of ransomware aimed at organizations as opposed to the simple ‘fire and forget’ approach.

92 Million MyHeritage Genealogy Accounts Breached. Now What? (Security Boulevard) The bad news is that previously 92 million MyHeritage user accounts were compromised.

Patients, health data experts accuse Facebook of exposing personal info (TheHill) A group of patients and health data experts is accusing Facebook of misleading users about how their personal health information can be manipulated and exposed without patients' explicit permission.

Phishing vs spear phishing vs whaling attacks (Security Boulevard) Learn more about the differences between phishing, spear phishing and whaling attacks, and find out how you can keep your business safe. The post Phishing vs spear phishing vs whaling attacks appeared first on Emsisoft | Security Blog.

Security Patches, Mitigations, and Software Updates

Microsoft's next patch is a must if you want future Windows 7 security updates (TechSpot) Windows 7 and Windows Server 2008 users will want to circle March 12, 2019, on their calendars as that date will be crucial should you want to continue receiving security updates from Microsoft.

Cyber Trends

AI Is Not Just Getting Better; It’s Becoming More Pervasive (Harvard Business Review) Advances in artificial intelligence (AI) software and hardware are giving rise to a multitude of smart devices that can recognize and react to sights, sounds, and other patterns—and do not require a persistent connection to the cloud. These smart devices, from robots to cameras to medical devices, could well unlock greater efficiency and effectiveness at organizations that adopt them.

Marketplace

15 Cybersecurity Stocks to Watch As the Industry Heats Up (InvestorPlace) These 15 cybersecurity stocks are shaping the future of digital security, and a few of them could turn into huge success stories.

Splunk pulls out of Russia with mysterious statement (ZDNet) Company to honor ongoing contracts, but the long term plan is to stop selling Splunk access to Russian companies.

Bandura Cyber Expands Funding Round to Over $10 Million (BusinessWire) Bandura Cyber today announced a Series A round of funding.

Palo Alto Networks to acquire Demisto for $560M (TechCrunch) Palo Alto Networks announced today that it intends to acquire security startup Demisto for $560 million. The company sees a tool that can help enhance the Palo Alto security portfolio by adding a higher level of automation. “The addition of Demisto’s orchestration and automation technol…

Senseon raises $6.4M to tackle cybersecurity threats with an AI ‘triangulation’ approach (TechCrunch) Darktrace helped pave the way for using artificial intelligence to combat malicious hacking and enterprise security breaches. Now a new U.K. startup founded by an ex-Darktrace executive has raised some funding to take the use of AI in cybersecurity to the next level. Senseon, which has pioneered a …

Cyber Risk Scorecard Provider NormShield Secures $3.5M in Seed Funding (PR Newswire) NormShield, provider of comprehensive, on-demand cyber risk scorecards for enterprises, today announced the close of ...

Apple acquires artificial intelligence voice startup PullString: report (ZDNet) Reports suggest the deal has been quietly signed for at least $30 million.

Coinbase buys blockchain intelligence startup to boost security and new asset discovery (TechCrunch) Coinbase, the world’s most valuable crypto company, is gearing up to add more cryptocurrencies to its exchange thanks to its latest acquisition. We already know the firm wants to offer a glut of new crypto assets, but today it announced it has snapped up blockchain intelligence startup Neutri…

Exclusive Group acquires SecureWave to advance global VAD reach (Help Net Security) Exclusive Group, the value-added services and technologies group, is acquiring SecureWave, one of Israel’s leading independent cybersecurity VADs.

Veteran-owned Ellicott City IT firm wins $45.5 million federal contract (Baltimore Business Journal) Veteran-owned IT firm Data Computer Corporation of America has won another federal contract, worth $45.5 million.

IBM inks $700M AI, blockchain deal with multinational bank (Becker's Hospital Review) IBM signed a five-year agreement with Madrid -based Banco Santander to enable the multinational commercial bank and financial services firm to accelerate its business transformation.

Lockheed Martin reorganizes around integrated cyber, electronic warfare and intelligence (C4ISRNET) Lockheed recently created a new business it's calling spectrum convergence.

No longer a 'big, fat, honking firewall': Cisco focuses on the network amid multicloud complexity (CIO Dive) Companies have a "more complicated environment than they had five years ago when they began this journey to simplification," said CEO Chuck Robbins.

Cybersecurity firm Jask makes Austin sole headquarters (Austin American-Statesman) Cybersecurity firm Jask, which previously announced it would split its headquarters between Austin and San Francisco, will make Austin its only

IBM to launch research center on Artificial Intelligence in Sao Paulo (MercoPress) IBM is set to launch a research center in the Brazilian city of São Paulo focused on development of solutions around artificial intelligence. The AI center will be the first Latin American institution of IBM's AI Horizons Network. It will be jointly run by the company and the São Paulo Research Foundation (FAPESP) to pursue “a disruptive research program”, with the potential to “promote paradigm shifts in AI.”

Cyber security pioneer, CipherTechs, enters the Boston/New England Market (PR Newswire) CipherTechs, a leading New York City-based cyber security company, announced it is expanding into northern New England...

NTT Security CEO Americas Elected to Board of Directors of Cyber Threat Alliance (The Progress ) NTT Security, the specialized security company of NTT Group, announces the appointment of CEO Americas, John Petrie, to the Board of Directors of the Cyber Threat

Hexagon adds CACI vet Rich (Washington Technology) Hexagon hires former CACI International programs lead Emma Rich as a senior vice president in the federal business.

Splunk Welcomes Carrie Palin as Chief Marketing Officer (Odessa American) Splunk Inc. (NASDAQ: SPLK), delivering actions and outcomes from the world of data, today announced it has appointed Carrie Palin as senior vice president, chief marketing officer (CMO). Palin joins from SendGrid where she served as CMO through the company’s acquisition by Twilio. At Splunk, she will oversee global marketing strategy reporting directly to Susan St. Ledger, president, worldwide field operations .

US Aussie Rules star scores CMO job with Carbon Black (CSO) Playing Aussie Rules "an amazing experience!"

Treliant adds Gerald R. Roop as Principal (Help Net Security) Gerald R. Roop has joined Treliant as a Principal, to develop sustainable compliance, risk, regulatory, and financial control programs.

Welcome Our New CEO, Mo Rosen (Digital Guardian) This is an exciting day for Digital Guardian. We’ve got a new CEO at the helm, Mo Rosen.

Products, Services, and Solutions

K2 Cyber Security Unveils the First Cloud Workload Protection Platform to Prevent Zero-Day Attacks in Real Time with No False Positives (BusinessWire) K2 Cyber Security, Inc. today announced the general availability of its cloud workload security platform, featuring two fundamental innovations that t

Kaspersky Lab Launches New Threat Intelligence Service (Computer Business Review) Kaspersky Lab has launched a new threat intelligence service, dubbed Kaspersky CyberTrace, which aggregates threat intelligence data feeds

Illusive Networks Introduces Interactive Cyber Intelligence to Better Defend Organizations Against Human Attackers (PR Newswire) Illusive Networks, the leader in human-driven cyberattack detection and response, today introduced the Illusive Attack...

With threats of cyberattacks looming over European elections, Microsoft expands AccountGuard cybersecurity program (GeekWire) European leaders are on high alert for potential cyberattacks ahead of major elections, and Microsoft reports hackers are also targeting groups focused on democracy, electoral integrity and public…

SK Telecom to launch quantum gateway for self-driving car security (ZDNet) SK Telecom will launch its Quantum Gateway Security solution that it says will prevent hacking of autonomous cars at Mobile World Congress.

Infocyte Partners With Check Point Software Technologies For Cloud-delivered Compromise Assessments, Proactive Threat Detection, Faster Incident Response (GlobeNewswire News Room) The partnership enables Check Point and their global partners to provide proactive detection across cloud, data center and endpoint environments

NTT Security re-builds Sydney SOC as demand grows (ARN) NTT Security has re-launched its security operations centre (SOC) in its Sydney headquarters on 19 February.

Baffle releases a data protection solution for serverless cloud workloads (Help Net Security) Baffle has released the first-to-market solution for data-centric protection of Amazon’s AWS Lambda, a pioneering serverless compute service.

Technologies, Techniques, and Standards

Ukraine Announces Joint Exercises with EU to Fend Off Russian Cyber Threats (BleepingComputer) Ukraine will organize a number of joint exercises in the near future with the European Union (EU) to develop appropriate response models to possible Russian cyber threats designed to interfere in Ukrainian presidential elections that will be held on March 31

European standards org releases consumer IoT cybersecurity standard (Help Net Security) A consumer IoT cybersecurity standard aims to establish a security baseline for IoT products and provide a basis for future IoT certification schemes.

Europol, Bitdefender Share GandCrab Ransomware Decryption Tool (HealthITSecurity) Europol's No More Ransom campaign and security firm Bitdefender just released a decryption tool for the latest version of GandCrab ransomware: a notorious variant with many healthcare victims.

Cyber Command’s 2019 plan for new tools (Fifth Domain) Cyber Command is moving out on several fronts to begin developing its own infrastructure and tools for cyber warriors.

Acknowledge, Apologize, Investigate: How Big Brands Combat Online Outrage (Wall Street Journal) If it feels like there is a steady stream of fresh outrage over consumer-brand gaffes, it may be because companies have become more adept at managing controversy than at pre-empting it.

CAST and Software Heritage Partner to Create World’s Largest Provenance Index of Publicly Available and Open Source Code (GlobeNewswire News Room) Software Intelligence lends unprecedented insight into IP license risk

7 Reasons to Move Away from Legacy AV (Security Boulevard) Why are businesses replacing their Legacy AV with Next-Generation Endpoint Security? Here's the top 7 reasons.

Design and Innovation

Making our strikes system clear and consistent (YouTube Creator Blog) We’re updating the way we give Community Guidelines strikes to a new, simpler system. We’ve worked with creators to understand what’s worki...

Who Puts the Ethics in AI? (Security Boulevard) Davos 2019, the annual meeting of the World Economic Forum, took place in January in its namesake city of Switzerland. Unsurprisingly, AI emerged as one of the leading topics of discussion (with 40 sessions dedicated to it, second only to US-China trade). Most of the conversation, however, centered on articulating abstract principles about the importance of ethics in AI, or, at best, calls for collaboration and research in this area.

RSAC Launch Pad enables companies to pitch high-profile venture capitalists (Help Net Security) At the RSAC Launch Pad, a panel of leading VCs will listen to pitches from startups competing for a chance to secure funding and expedite growth.

Research and Development

Detecting Trojan attacks against deep neural networks (Help Net Security) A group of researchers have been working on STRIP, a system for run time detection of trojan attacks on deep neural network models.

Analysis | Your friends’ social media posts are making you spend more money, researchers say (Washington Post) In the social media era, it's easier than ever to watch your friends and neighbors spend money. That "visibility bias" may be partly to blame for the falling savings rate, according to new research.

Congress bucks DHS on bid to move cyber research funding (FCW) Millions in cybersecurity research and development dollars will stay in DHS' Science and Technology directorate.

Legislation, Policy and Regulation

What Is Agreed Competition in Cyberspace? (Lawfare) The concept of agreed competition allows for robust academic and policy analysis that, hopefully, will allow competition in cyberspace to evolve into a stable arena of global politics.

GERMANY : FDP wants to deprive BND of zero-day vulnerabilities (Intelligence Online) Germany's liberal-democratic FDP party proposed a resolution to the Bundestag

5G security risks remain even if Huawei gets the all clear (The Telegraph) British intelligence has ruled that any risks from using equipment made by Huawei, a Chinese company accused of “dubious covert practices”, are manageable.

Former DHS cyber leader and a current FCC member suggest path for 5G security beyond simply banning Huawei and ZTE (Inside Cybersecurity) A former top cyber official at DHS and a current Democratic member of the Federal Communications Commission are suggesting a more sophisticated approach to securing next-generation networks -- possibly involving standards-based certification of U.S. telecom providers' equipment -- over the flat-out bans on products from Chinese companies like Huawei and ZTE that have gained

Analysis | The Cybersecurity 202: 'Sometimes the old stuff is the best.' Sen. King wants the U.S. to unplug parts of electric grid (Washington Post) It's a lesson from the Ukraine hack.

Harris on election security: 'Russia can't hack a piece of paper' (TheHill) Sen. Kamala Harris (D-Calif.) on Tuesday issued a call for states to focus on election security and possibly adopt paper ballot measures, telling a crowd of New Hampshire voters that paper ballots remain the securest way to cast votes.

Litigation, Investigation, and Enforcement

Facebook acts like a law-breaking ‘digital gangster’, says official report (Naked Security) Facebook considers itself to be “ahead of and beyond the law,” UK lawmakers said in a report about “disinformation and ‘fake news.'”

Synopsys Says Software Security Co. Abused Its License (Law360) Synopsys Inc., which makes software for testing and designing computer chips, accused Fortinet Inc., a security software company, in California federal court of routinely skirting its software access licensing agreement to gain unauthorized access to Synopsys services.

Booz Allen, other contractors hit with no-poach class action (HR Dive) The complaint, which alleges that the agreements restricted employee mobility and suppressed wages, seeks damages and injunctive relief.

Wendy's $50M cyberattack settlement signals growing threat to QSRs (Restaurant Dive) The chain's latest lawsuit reveals how costly cyberattacks can be for restaurants, which are facing hacks to POS systems and loyalty programs.

[Letter from Novalpina Capital to Citizen Lab] (Citizen Lab) Dear Professor Diebert, I write to you in my capacity as one of the founding partners of Novalpina Capital...

Open Letter to Novalpina Capital on Involvement in the Purchase of NSO Group - The Citizen Lab (The Citizen Lab) We appreciate your commitment—as stated in your letter of February 15, 2019—to “helping NSO Group become more transparent about its business.” As a first step, we ask that Novalpina Capital provide answers to the following questions regarding Novalpina Capital and NSO Group’s human rights due diligence and corporate social responsibility practices.

Open letter to Novalpina Capital, CC: NSO Group, Francisco Partners (Amnesty) We, the undersigned organizations, release this open letter to Novalpina Capital regarding the recent announcement of the buyout of NSO Group from Francisco Partners. We call on Novalpina to publicly address our serious concerns regarding accountability for NSO Group’s involvement in previously documented spyware abuses, Novalpina’s current approach to addressing human rights impacts associated with NSO Group’s products and services, and the future trajectory of the company.

Fancy Bear phishes think tanks. Lazarus Group targeting Russia? GandCrab decryptor. NSO Group update.