The CyberWire Daily Briefing 2.21.19

Cyber Attacks, Threats, and Vulnerabilities

NATO troops got catfished & honeypotted on social media, revealing serious vulnerabilities (Military Times) Troops gave up all sorts of worrisome data to fake accounts NATO set up, until Facebook shut some of them down.

European cyberattacks signal more Russian election meddling: Microsoft (Washington Examiner) Recent cyberattacks discovered by Microsoft validate Europe's fears that Russia, already blamed for meddling in the U.S. presidential election and the Brexit campaign, is aggressively targeting its parliamentary elections this spring.

SNTP denounced cyberattack on several Venezuelan news portals (Infosurhoy) The freedom of expression organization reported that the attacks kept media websites offline, preventing the dissemination of content.

Toyota Australia hit by cyber attack (NewsComAu) Toyota Australia staff have been told to switch off their computers after the country’s No. 1 car brand was hit by a cyber attack.

Hackers 'scramble' patient files in Melbourne heart clinic cyber attack (Guardian) Federal agencies investigating breach, reported to be a ransom demand

Hard-to-detect credential-theft malware has infected 1,200 and is still going (Ars Technica) Separ's living-off-the-land approach bypasses many antimalware providers.

A New Wave of the Separ Info-Stealer is Infecting Organizations through “Living off the Land” Attack Methods (Deep Instinct) Our research team put together a list of the most interesting cybersecurity stories from the past week.

Ryuk, Exploring the Human Connection (McAfee Blogs) In collaboration with Bill Siegel and Alex Holdtman from Coveware. At the beginning of 2019, McAfee ATR published an article describing how the

The NoRelationship Attack Bypasses Office 365 Email Attachment Security (Avanan) By removing external links from the document.xml.rels relationship file in Word documents, hackers bypassed link parsers with URLs that were known to be malicious.

Password Manager Firms Blast Back at ‘Leaky Password’ Revelations (Threatpost) 1Password, Dashlane, KeePass and LastPass each downplay what researchers say is a flaw in how the utilities manage memory.

Formjacking Surpasses Ransomware and Cryptojacking as Top Threat of 2018 (BleepingComputer) A new year in review report from Symantec shows that formjacking accompanied by supply chain attacks were the fastest growing threats of 2018, while living-off-the-land (LotL) attacks saw a large boost in adoption from threat actors, with PowerShell scripts usage, for example, seeing a formidable 1000% increase.

Forget Phishing and Ransomware. Formjacking Is the New Favorite Hack of Cyber Crooks (Fortune) As older hacks show diminishing returns, hackers are turning to more sophisticated and lucrative attacks.

Researcher: Not Hard for a Hacker to Capsize a Ship at Sea (Threatpost) Capsizing a ship with a cyberattack is a relatively low-skill enterprise, according to an analysis from Pen Test Partners.

Sinking a ship and hiding the evidence (Pen Test Partners) Our earlier work on Voyage Data Recorder manipulation got us thinking about how a malicious individual or organisation might bring about the demise of a ship

Virus attack! Hackers unleash social media worm after bug report ignored (Naked Security) Is it ok to launch a benign proof of concept that you know will go wide, to bring a flaw to people’s attention, or should you stay quiet?

Monero Miner-Malware Uses RADMIN, MIMIKATZ to Infect, Propagate via Vulnerability (TrendLabs Security Intelligence Blog) We noticed a sudden increase in hack tool installation attempts from various industries in China, Taiwan, Italy and Hong Kong. We found a trojan combining RADMIN and MIMIKATZ to drop a Monero miner by exploiting MS17-010 for propagation, likely taking advantage of the Lunar New Year holidays.

Microsoft Edge Secret Whitelist Allows Facebook to Autorun Flash (BleepingComputer) Microsoft's Edge web browser comes with a hidden whitelist file designed to allow Facebook to circumvent the built-in click-to-play security policy to autorun Flash content without having to ask for user consent.

University of New Haven Researchers Discover Critical Vulnerabilities in Popular Virtual Reality Application (University of New Haven) Using Bigscreen, a popular virtual reality application, researchers at the University of New Haven were able to listen to users’ conversations and access their computers without their knowledge.

Tokyo company uncovers 2.7bn stolen passwords worldwide (Nikkei Asian Review) Emails at small businesses hacked and sold on darknet, Soliton finds

Flaw in mIRC App Allows Attackers to Execute Commands Remotely (BleepingComputer) A vulnerability was discovered in the mIRC application that could allow attackers to execute commands, such as the downloading and installation of malware, on a vulnerable computer.

Micro Focus Filr Multiple Vulnerabilities (SecureAuth) ...A vulnerability was found in the Micro Focus Filr Appliance, which would allow an attacker with regular user access to read arbitrary files of the filesystem. Furthermore, a vulnerability in the famtd daemon could allow a local attacker to elevate privileges...

Agent Tesla keylogger delivered inside a Power ISO .daa archive (My Online Security) We never fail to be astonished by the ingenuity and attempts from malware bad actors to get their malware delivered to their intended victims. However in many cases, like this one…

Siegeware: When criminals take over your smart building (WeLiveSecurity) Siegeware is what you get when cybercriminals mix the concept of ransomware with building automation systems and then abuse equipment control software.

Spectre bugs likely to 'haunt us for a long time' as software alone can't fix all of them, warn Google researchers (Computing) Spectre vulnerability affects microprocessors able to carry out branch prediction

Thousands of Android apps bypass Advertising ID to track users (Naked Security) Six years after it was introduced, it looks as if Android’s Advertising ID (AAID) might no longer be the privacy forcefield Google claimed it would be.

Android does not escape from ransomware: the most serious threats and how to avoid them (Symantec) Symantec helps consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. The Symantec Connect community allows customers and users of Symantec to network and learn more about creative and innovative ways to use Symantec products and technologies.

Millions of “private” medical helpline calls exposed on internet (Naked Security) Ever wondered what happens to helpline calls recorded “to ensure you get the service you deserve”? It can all go terribly wrong…

If you think your deleted Twitter DMs are sliding into the trash, you’re wrong (Naked Security) They’re never deleted, just erased from the UI. You can still see archived messages if you download your data.

How much does it cost to launch a cyberattack? (CSO Online) Just like in regular business, cyber criminals have a cost of operation and a return on investment to worry about. Unfortunately, a new report from Deloitte has found the cost of committing cyber crime is incredibly low.

Ransomware Revenue Earning Does Not Match Infection Decline (Infosecurity Magazine) Attackers in 2018 targeting businesses as they were more likely to pay ransom

Value of Stolen Card and Amazon Account Details Rockets (Infosecurity Magazine) Top10VPN report reveals surging dark web prices in some categories

ATM Hacking Has Gotten So Easy, the Malware's a Game (WIRED) A strain of ATM malware called WinPot turns the act of cashing out into something like a slot machine.

Facebook hoax? Can you sniff out gas station card skimmers using Bluetooth? (Naked Security) A viral post suggests (wrongly) that card skimmers always use Bluetooth. Anyway, just looking at nearby Bluetooth names doesn’t help much…

RiskIQ 2018 Holiday Shopping Snapshot (RiskIQ) Read the Report

Epic Games and Nestle pull ads from YouTube after they appear next to disturbing videos featuring children (The Telegraph) Epic Games and Nestle have pulled their pre-roll advertising on YouTube after ads for its videogame Fortnite appeared next to disturbing videos of children online.

What parents should know before sharing about your kids online (CBS News) A child's online footprint can begin before they are even born – starting when parents upload sonograms to social media

Swedish Privacy Snafu Affected More Companies (Infosecurity Magazine) Security vendor finds additional 120 exposed servers

‘Sustained and ongoing’ disinformation assault targets Dem presidential candidates (POLITICO) A coordinated barrage of social media attacks suggests the involvement of foreign state actors.

Truth is the casualty of America’s political war (Times) Oscars weekend is upon us and there’s the usual excited last-minute jockeying for attention among the Hollywood crowd. This year’s show will once again include solemn intonements to public virtue...

Security Patches, Mitigations, and Software Updates

Microsoft publishes security alert on IIS bug that causes 100% CPU usage spikes (ZDNet) Microsoft releases updates to fix bug that froze systems when IIS handled malformed HTTP/2 requests.

Facebook flaw could have allowed an attacker to hijack accounts (Naked Security) The CSRF bypass flaw has now been fixed, and the researcher who discovered it has netted $25,000.

Google has created a new browser API ‘Trusted Types’ to fight against DOM XSS attacks | Cyware Hacker News (Cyware) Security Features - Google has been working on a new Chrome browser API, that new feature fights against DOM-based XSS attacks. Check out to know more about this new feature!

Google’s working on stopping sites from blocking Incognito mode (Naked Security) Google Chrome’s Incognito mode hasn’t been an impenetrable privacy shield: For years, it’s been a snap for web developers to detect when Chrome users are browsing in private mode …

How to update Windows 10 for side channel vulnerability fixes (CSO Online) Since Spectre and Meltdown were discovered in 2018, other side channel vulnerabilities have emerged. These are the mitigations to consider for each of them.

Cyber Trends

Cybersecurity Perspectives 2019 (Scale Venture Partners) “Cybersecurity Perspectives 2019” is Scale's annual snapshot of the top issues facing enterprises navigating today's complex security landscape

BDO Cyber Threat Insights - Q4 2018 (BDO) Special focus: cyber threats and the public sector.

Report Details AI and ML Cybersecurity Arms Race (Dark Reading) Aite Group report finds that machine learning-powered cybersecurity solutions are becoming must-haves for threat detection and response.

How are businesses facing the cybersecurity challenges of increasing cloud adoption? (Help Net Security) Cloud services serve core functions essential to all aspects of business operations, but getting cloud security right is still a challenge for many.

Marketplace

Here are the big VC winners in Palo Alto Networks $560M purchase of McAfee vets' startup (Silicon Valley Business Journal) Demisto was figured to be worth about $218 million, according to PitchBook Data, when it raised $43 million of Series C venture funding in a deal led by Greylock Partners in October.

Cybersecurity Startup Armorblox Raises $16.5M, Launches Out Of Stealth (Crunchbase News) Investment into cybersecurity companies nearly doubled from 2016 to 2018, with investors pumping $5.4 billion into ventures addressing threat mitigation, according to Scale Venture Partners’ cyber report released today.

We’re simpler, faster and cheaper – Huawei (Telecoms.com) For years the Huawei message has been we’re better, but its MWC tag-line might have a slightly different look to it this year.

Apple’s executive shakeup suggests post-iPhone focus on services (Silicon Valley Business Journal) Apple CEO Tim Cook is reorganizing Silicon Valley’s most valuable company as it enters a new chapter in its history — one without a blockbuster hardware product on the horizon.

Britain's AI sector draws record funding even as 'brain drain' continues (The Telegraph) British artificial intelligence companies are attracting almost as much capital as the rest of Europe combined, figures have shown, even as experts caution the UK is suffering from a "brain drain" of its best talent.

Revolut to recruit hackers to secure its own IT infrastructure from potential data breaches and cyber-attacks (Computing) New recruits will scour the dark web for potential threats and test the company's own cyber defences

20 Can't-Miss Seminars, Sessions and Panels at #RSAC this Year (Bricata) The RSA Conference (RSAC) will bring together nearly 700 speakers across 500 sessions; we've gone through every description to recommend 20 "can't miss" sessions for 2019.

Perspecta Wins New $905 Million Program to Provide Cyberspace Operations Support to the United States Army Cyber Command (PR Newswire) Perspecta Inc. (NYSE: PRSP), a leading U.S. government services provider, announced today that it has been...

ECS clinches FBI cyber work after protest turmoil (Washington Technology) ECS Federal has been cleared to proceed with its cybersecurity work at the FBI after prevailing in a protest from a rival.

How cybersecurity firm Forcepoint plans to speed up India growth (Techcircle) Austin, Texas-based cybersecurity solutions provider Forcepoint is betting on its recently launched Next Generation Firewall (NGFW), part of its suite of network security solutions, to boost India revenue, a top company executive told TechCircle.

Hacking that Helps: Kevin Roh’s 120/120 Challenge (Synack) Personal resolutions and challenges crop up frequently at the beginning of a new year. Just like all humans, hackers love to set inspiring resolutions too. It’s cool to see our SRT hackers setting goals to be more active and successful on the Synack platform or even hackers not yet members of the SRT striving to …

Cybersecurity Brothers Join Billionaire Club (Celebrity Net Worth) It seems not a day goes by without a data breach or malware attack and that has been good for Ken and Michael Xie, the brothers who founded the cybers...

King & Union Appoints Christopher Clark as CTO (PR Newswire) King & Union, the provider of Avalon, the first collaborative cyber integration and analysis platform, today...

IronNet Cybersecurity Appoints Sean Foster as Chief Revenue Officer (PR Newswire) IronNet Cybersecurity announced today that it has appointed Sean D. Foster as Chief Revenue Officer reporting to...

Renowned Architecture and Threat Modeling Visionary Brook S.E. Schoenfield Joins IOActive World-Class Advisory Practice (IOActive) Industry Programmatic Security Expert Will Advise IOActive’s Global 1000 Clients with Strategic Security Programs

Onapsis Builds Global ERP Security Partner Ecosystem with Appointment of Darren Gaeta as VP of Worldwide Alliances (GlobeNewswire News Room) Onapsis, the global leader in ERP cybersecurity and compliance, today announced that it has appointed Darren Gaeta as VP of Worldwide Alliances.

Cyren’s Lior Samuelson To Exit CEO Job, Stay On As Chairman (CRN) Samuelson will be involved in the selection and on-boarding on his successor, and will continue to serve as chairman of Cyren's board of directors after he departs as CEO.

Products, Services, and Solutions

Netsurion First to Deliver Both EDR and SIEM Technologies as a Single Managed Security Service (GlobeNewswire News Room) Netsurion, a leading provider of managed network connectivity, security, and compliance solutions, today announced EventTracker EDR, the industry’s first managed endpoint threat detection and response (EDR) solution that is part of a unified SIEM platform and delivered as a managed security service.

Forescout Unveils the Industry's First Unified Device Visibility and Control Platform for IT and OT Security - Forescout (Forescout) Integrates SecurityMatters technology into its core platform to deliver true end-to-end situational awareness across IT and OT networks Extends visibility for multi-cloud, SDN and industrial environments through new integrations with Microsoft Azure, Cisco ACI and Belden switching portfolio Advances automation of controls for network segmentation and incident response through new integrations with Fortinet, Cisco DNA-Center …

XM Cyber Expands HaXM Automated Purple Team Platform With New Capabilities and Certifications (PR Newswire) XM Cyber, the multi-award-winning breach and attack simulation (BAS) leader, today unveiled new capabilities...

SiteLock Announces the Availability of New VPN Solution (SiteLock) Website security leader expands product portfolio to protect business and consumer data, empower safe internet browsing

K2 Cyber Security Unveils the First Cloud Workload Protection Platform to Prevent Zero-Day Attacks in Real Time with No False Positives (BusinessWire) K2 Cyber Security, Inc. today announced the general availability of its cloud workload security platform, featuring two fundamental innovations that t

AlgoSec Announces Support for Privileged Access Control to Enhance Security Management and Reduce Network Attack Surface (Global Security Mag Online) AlgoSecn has announced support for the CyberArk Privileged Access Security Solution. This enables joint customers to further enhance their organization’s security management processes with centralized control of device credentials and privileged accounts.

CRXcavator: Democratizing Chrome Extension Security (Duo Security) To provide users and IT teams with actionable intelligence about Chrome extensions, Duo Labs is excited to announce the public beta of CRXcavator (rhymes with “excavator”), a free service that analyzes Chrome extensions and produces comprehensive security reports.

Radware Launches Cloud Workload Protection Service (Nasdaq) Radware® (NASDAQ:RDWR), a leading provider of cyber security and application delivery solutions, today launches its Cloud Workload Protection (CWP) Service.

Elysium Analytics Launches First Cognitive SIEM (Elysium Analytics) Modern SIEM platform drives critical new SOC intelligence to counter polymorphic, advanced cybersecurity threats SANTA CLARA, CA – 8am ET, 20th February 2019 – Elysium Analytics, the cognitive cybersecurity business incubated by System Soft Technologies, today announced the availability of the industry’s first cognitive security information and event management platform (Cognitive SIEM). The Elysium …

Light Point Security Reveals Most Flexible Browser Isolation Platform With the Release of Its Clientless Version (PR Newswire) Light Point Security, the pioneer of Browser Isolation, today announced the launch of its clientless version included...

SANS Cyber Workforce Academy - Maryland Announces 2018 Success And 2019 Schedule (PR Newswire) At a time when the talent shortage in cybersecurity continues to challenge employers and individuals have...

Comodo Cybersecurity Debuts Partner Program In Channel-Only Push (CRN) The new Comodo Cybersecurity Partner Program will provide a 20 percent deal registration discount to all, and MDF and lead generation for larger solution providers.

StorageCraft optimizing OneXafe solution for healthcare providers (Help Net Security) StorageCraft optimized OneXafe solution — the industry’s first converged data platform for both primary and secondary data, and data protection.

Netskope extends its cloud security tools to Google's cloud (SiliconANGLE) Netskope extends its cloud security tools to Google's cloud

Trustwave and Cybereason Forge Alliance to Bolster Managed Endpoint Security (BusinessWire) Trustwave and Cybereason forge a strategic alliance to bolster managed endpoint security.

Symantec's Email Fraud Protection Offering Combats BEC (eWEEK) Symantec improves email security with fraud protection, and Azure Maps gets new SDKs, services and expanded features for mobility.

Technologies, Techniques, and Standards

What Does Winning Look Like to the Global Engagement Center? (TechNative) In February 2019, Lea Gabrielle has been appointed to lead the Department of State's Global Engagement Center, a hub for countering propaganda throughout the world

Endpoint Security is Tip of the Spear for DoD’s Cloud Plans (Meritalk) The Department of Defense’s recently released Cloud Strategy covers a lot of territory, from an emphasis on the multibillion dollar Joint Enterprise Defense Initiative as a foundation of its plans, to its description of seven strategic objectives it wants to achieve in the cloud.

Password Managers Have A Security Flaw -- Here's How To Avoid It (Forbes) A major issue is affecting password managers such as 1Password, Dashlane, KeePass and LastPass. Here's what to do

Prevent shadow IT: Companies need security covering multiple communication vectors (Help Net Security) There is a critical need for companies to adopt comprehensive and secure enterprise communications platforms to prevent shadow IT.

CISO's guide to an effective post-incident board report (Help Net Security) Itay Yanovski talks about what CISOs can learn from Marriott’s and British Airways’ response to these high profile cyber attacks.

Cyberattacks in a Global Supply Chain: How Compliance Officers Can Mitigate Risk (Security Boulevard) (The following is an article authored by Panorays CEO and Co-Founder Matan Or-El that was recently printed in Compliance & Ethics Professional.)

Why Modern Security Teams can no Longer Overlook Benefits of Orchestration (Infosecurity Magazine) Once IT teams have orchestration technologies supporting security processes, they can make an active impact to the efficiency of employees

Design and Innovation

Highlights & transcript from Zuckerberg’s 20K-word ethics talk (TechCrunch) Mark Zuckerberg says it might be right for Facebook to let people pay to not see ads, but that it would feel wrong to charge users for extra privacy controls. That’s just one of the fascinating philosophical views the CEO shared during the first of his public talks he’s promised as part…

Academia

Students and alumni test cyber skills in Cyber 2.0 challenge (University of North Georgia) Students and alumni from the University of North Georgia (UNG) were among the 58 competitors for a $100,000 prize in the USA Hackers Challenge hosted by UNG and Israeli cybersecurity company Cyber 2.0 on Feb. 14 at Georgia Tech Research Institute (GTRI).

Legislation, Policy and Regulation

UK spy chief tells telcos to improve cyber security (City A.M.) The UK needs higher standards of cyber security across the telecoms sector, a top spy boss said today, insisting no conclusion has been reached about

NCSC Boss: Huawei Security Concerns Aren’t About China (Infosecurity Magazine) But thinktank warns allowing firm to build 5G networks would be irresponsible

Britain says Huawei has not fixed ‘serious’ problems affecting network security (Washington Post) U.S. officials have raised concern with allies and foreign partners, including Britain, about allowing the Chinese company’s parts in their 5G networks.

U.K. Cybersecurity Chief Says No Decision Made on Huawei Ban (Bloomberg) Martin Says U.K. Huawei oversight is most ‘rigorous’ in world. Country of origin not key factor in assessing cyber risk.

As US pushes to ban Huawei, UK considers softer approach (WSB Radio) Britain can handle the security risks involved with using mobile networks made by China's Huawei, the cybersecurity chief said Wednesday, adding to a growing debate among countries on whether the company should be banned, as the U.S. wants.

Keeping Huawei Hardware Out of the U.S. Is Not Enough to Secure 5G (Lawfare) The Trump administration’s efforts to protect the security of fifth-generation, or 5G, wireless networks by limiting the deployment of Chinese technology both domestically and globally meld trade policy with cybersecurity policy. On both counts, it should not be considered sufficient.

China ditches 2015 cybersecurity pact with US (American Military News) China is not playing nice when it comes to cybersecurity. Analysts have determined that China has thrown out a mutual cybersecurity agreement made with the U.S. in 2015.

Trump Should Ignore Chinese Manufacturers' Phony Promises (Forbes) Chinese products may be cheap, but they cost Americans in our personal safety, national security, and industrial competitiveness.

White House Orders Agencies to Defend the Skies From Cyberattacks (Nextgov.com) In its National Strategy for Aviation Security, the Trump administration called on the government to be more proactive in spotting threats to U.S. airspace.

The cybersecurity legislation agenda: 5 areas to watch (CSO Online) The 116th Congress is only a few months old, but far-reaching cybersecurity bills to protect infrastructure and the supply chain, ensure election integrity, and build a security workforce are now being considered. Here’s the list.

Partisan Rift Threatens Federal Data-Privacy Efforts (Wall Street Journal) Congress set the stage last year to pass a sweeping consumer data-privacy law in 2019, but prospects for legislation are dimming amid sharpening divides among lawmakers over how far the federal government should go in reining in Big Tech.

Trump grows frustrated with Coats, leading some to fear he might be fired (Washington Post) Intelligence chief is “not loyal,” Trump said after testimony that contradicted the president.

Vermont CIO orders purge of Kaspersky and ZTE products (StateScoop) Following federal crackdowns on the Russian and Chinese firms over national security concerns, Vermont CIO John Quinn gives his state’s agencies 90 days to remove those companies’ products.

DoD’s network defenders get new deputy commander (Fifth Domain) Cyber defense hub Joint Force Headquarters-DoDIN is getting a new No. 2.

Army to get new leader for electronic warfare programs (C4ISRNET) The Army’s primary program office for electronic warfare and sensors is getting a new boss and it's a familiar face.

Litigation, Investigation, and Enforcement

US lawmakers seek Zuckerberg briefing over Facebook privacy concerns (Silicon Valley Business Journal) Members of Congress have written to Mark Zuckerberg demanding an explanation over allegations that Facebook leaked some of its users’ private health information.

7 Scenarios for How the Mueller Probe Might 'Wrap Up' (WIRED) New reports say that Robert Mueller will be "wrapping up" his investigation soon. Here's what that might actually mean.

Intellectual property theft part of 'a pattern of dubious tactics" by Huawei, claims report (Computing) New claims of intellectual property theft come two weeks after FBI sting was revealed

Zurich vs Mondelez: the vast costs of large-scale cyberattacks (Panda Security Mediacenter) It is estimated that Mondelez lost $100 million after the NotPetya cyberattack. Now the company's insurer Zurich claims that it has no obligation to pay up.

"Down The Rabbit Hole I Go": How A Young Woman Followed Two Hackers' Lies To Her Death (BuzzFeed News) Tomi Masters was a 23-year-old from Indiana who moved to California with dreams of making it big in the cannabis business. Then she met a hacker who introduced her to a dark new world of digital manipulation, suspicion, paranoia, and fear — one that swallowed her alive and left her floating in a river in the Philippines.

Police believe airport insider was behind Gatwick drone chaos (Times) The drone attack that brought Gatwick to a standstill before Christmas is believed to have been an “inside job”, according to Whitehall sources. Police think a current or former airport employee...