The CyberWire Daily Briefing 2.25.19

Cyber Attacks, Threats, and Vulnerabilities

Russian embassy in Austria detects cyber attack on its computers (TASS) The embassy received numerous complaints from citizens, who claimed that it was only possible to book an appointment several months ahead

Iranian Hackers Drew Worryingly Close to Israel's Missile Alarm (Bloomberg) Global effort needed against Iran cyber attacks: cyber chief. Israel’s cyber defense focused largely on Iran and its proxies.

Warning Issued Over Attacks on Internet Infrastructure (SecurityWeek) Key parts of the internet infrastructure face large-scale attacks that threaten the global system of web traffic, the internet's address keeper warned.

ICANN: There is an ongoing and significant risk to DNS infrastructure (ZDNet) Recent rash of DNS hijacking attacks has spurred ICANN to urge the industry for a more rapid DNSSEC adoption.

Iran fingered as warning issued over attacks on key infrastructure of internet (Times of Israel) Analyst cites Tehran as likely source of assaults on system that routes traffic to intended online destinations, with targets mostly located in Europe, Middle East

New flaws in 4G, 5G allow attackers to intercept calls and track phone locations (TechCrunch) A group of academics have found three new security flaws in 4G and 5G, which they say can be used to intercept phone calls and track the locations of cell phone users. The findings are said to be the first time vulnerabilities have affected both 4G and the incoming 5G standard, which promises faste…

BIND 9 Contains Serious Memory Leak (Decipher) Some versions of BIND 9 contain a severe memory leak that can exhaust the memory resources on a vulnerable server.

B0r0nt0K Ransomware Wants $75,000 Ransom, Infects Linux Servers (BleepingComputer) A new ransomware called B0r0nt0K is encrypting victim's web sites and demanding a 20 bitcoin, or approximately $75,000, ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows.

Popular Apps Cease Sharing Data With Facebook (Wall Street Journal) Popular health and fitness apps scrambled to stop sending sensitive personal information to Facebook after The Wall Street Journal reported Friday many were transmitting detailed information about topics including their users’ weight and menstrual cycles.

You Give Apps Sensitive Personal Information. Then They Tell Facebook. (Wall Street Journal) Millions of smartphone users confess their most intimate secrets to apps, including personal health information. Unbeknown to most people, in many cases that data is being shared with someone else: Facebook.

Fake Jobs: Campaigns Delivering More_eggs Backdoor via Fake Job Offers (Proofpoint) Proofpoint researchers describe recent campaigns leveraging multi-step attacks and sophisticated social engineering.

LinkedIn Messaging Abused to Target US Companies With Backdoors (BleepingComputer) A series of malware campaigns that push the More_eggs backdoor via fake jobs offers are targeting employees of US companies which use shopping portals and similar online payment systems.

Will This Vulnerability Finally Compel Bitmain to Open Source Its Firmware? (Bitcoin Isle) As if Bitmain’s year hasn’t been rough enough, having posted big losses and laying off entire departments, its flagship product now has a firmware vulnerability.

Once hailed as unhackable, blockchains are now getting hacked (MIT Technology Review) More and more security holes are appearing in cryptocurrency and smart contract platforms, and some are fundamental to the way they were built.

Bank of Valletta: €13M Cyberattack Highlights Bitcoin's Strength (Bitcoinist.com) Yet another financial institution, Malta's Bank of Valletta, has fallen victim to a cyber attack, rendering many clients, both individuals, and Malta's Bank of Valletta, has fallen victim to a cyber attack, rendering many clients, both individuals, and businesses, unable to access their funds.

Phishing Scam Cloaks Malware With Fake Google reCAPTCHA (Threatpost) Phishing emails target a bank's users with malware – and make their landing page look more legitimate with fake Google reCAPTCHAs.

UCI, UCR scientists eavesdrop on DNA synthesizer to steal genetic blueprint (UCI News) Research shows vulnerability of sensitive procedure to acoustic side-channel attack

Advertisers flee YouTube after video comments get even more disgusting (Naked Security) Can YouTube ever keep video comments under control, or it is time to kill off comments altogether?

YouTube hijacked by anti‑vaxxers (Times) YouTube has become such a hotbed for medical conspiracy theories that it can take only three clicks for an innocuous search to lead users to a stream of anti-vaccination propaganda. A Sunday Times...

Surveillance firm asks Mozilla to be included in Firefox's certificate whitelist (ZDNet) Mozilla caught between a rock and a hard place on the issue of DarkMatter root certificates.

This is bad: the UAE's favorite sleazeball cybermercenaries have applied for permission to break Mozilla's web encryption (Boing Boing) This is bad: the UAE's favorite sleazeball cybermercenaries have applied for permission to break Mozilla's web encryption

Cyber-Mercenary Groups Shouldn't be Trusted in Your Browser or Anywhere Else (Electronic Frontier Foundation) DarkMatter, the notorious cyber-mercenary firm based in the United Arab Emirates, is seeking to become approved as a top-level certificate authority in Mozilla’s root certificate program. Giving such a trusted position to this company would be a very bad idea. DarkMatter has a business interest in...

How to remove DarkMatter Certificates from Firefox (gHacks Technology News) Cyber-security company DarkMatter, based in the United Arab Emirates, applied to become a top-level certificate authority in Mozilla's root certificate program recently.

RTM Banking Trojan hits more than 130,000 users in 2018 (Saudi Gazette) Training your employees, particularly those who are responsible for accounting, to pay special attention to phishing attacks

Cybercriminals Promise Millions to Skilled Black Hats: Report (SecurityWeek) Cybercriminals say they are willing to pay over a million dollars per year to individuals with network management, penetration testing, and programming skills willing to put on a black hat, a new report reveals.

Cybercrime is learning from business, and earning trillions doing it (Raconteur) Organised cybercrime is cheap to set up and can yield great dividends, and businesses need to be wise to the very real threats.

The Marriott Starwood Breach: An Analysis (Infosecurity Magazine) Kathryn Pick looks back at the attack on the Marriott International hotel chain, one of the biggest data breaches to hit headlines in 2018.

How a simple credit card scam can kick off a 'perpetual cycle' of identity theft (CBC) It starts with what sounds like a promising phone call: For a one-time fee, you can lower the interest rate on your credit card. But the person on the other end of the line isn't with your bank or credit card company. And what they're really after is your identity.

Are Law Firms Wising Up To Conveyancing Scams? (Today's Conveyancer) As law firms and clients wise up to fraud, cyber criminals are having to find new avenues to use their old scamming tricks to intercept money transfers.

Sensitive personal and business data makes law firms attractive to hackers (Daily Record) Whether they are large or small, law firms tend to be targets for hackers for many reasons. They have personal identifiable information and possibly confidential medical records, business, trade secret or proprietary information and classified government documents. “All of which is really valuable especially in the wrong hands,” said Matthew Esworthy, partner at Bowie and Jensen ...

Payroll Provider Gives Extortionists a Payday (KrebsOnSecurity) Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company’s customers for nearly three days.

Don't Take the Bait! How to Steer Clear of Tax Time Scams (McAfee Blogs) For cybercriminals tax time is the most wonderful time of the year. They are in the shadows giddy, eager, and methodically setting a variety of digital Phishing emails, malicious links, and phone calls demanding payment — all of these scams are designed to gain access to your tax refund or your data. Here's some insight on how to safeguard your family agains tax time scams.

Cisco licensing mess could make call centres go dark (CRN Australia) Software shouldn’t have shipped with expiring licenses, but did.

Security Patches, Mitigations, and Software Updates

Facebook lets Android users block location tracking (Naked Security) Facebook announced it’s tweaking its Android version, which was tracking your location even when the app wasn’t in use.

Researcher Earns $10,000 for Another XSS Flaw in Yahoo Mail (SecurityWeek) A researcher has discovered a third critical XSS vulnerability in Yahoo Mail that earned him $10,000. The flaw can be exploited to steal messages and attach malicious code to outgoing emails.

Cyber Trends

International Cyber Benchmarks IndexTM (Neustar) The International Cyber Benchmarks Index is an initiative of the Neustar International Security Council which assesses the international cybersecurity landscape from the vantage point of security professionals across the EMEA and US regions

83 percent of US organizations have accidentally exposed sensitive data (Egress) According to a national survey commissioned by Egress, 83 percent of security professionals believe that employees have accidentally exposed customer or business sensitive data at their organization.

Accidental data breaches are often compounded by a failure to encrypt (Help Net Security) Accidental data breaches often compounded by an organizational failure to encrypt data prior to it being shared, both internally and externally.

Businesses believe they should be patching their Android devices more frequently (Help Net Security) On average, 72% of tablets and handheld devices in businesses (excluding mobile telephones) use the Android operating system.

Facebook Tamed the Feral Internet—and That’s Too Bad (WIRED) At least we still have Twitter.

Deepfakes and the New Disinformation War (Foreign Affairs) Thanks to the rise of “deepfakes”—highly realistic and difficult-to-detect digital manipulations of audio or video—it is becoming easier than ever to portray someone saying or doing something he or she never said or did, with potentially disastrous consequences for politics.

The Imperfect Truth About Finding Facts in a World of Fakes (WIRED) It used to make sense to believe something until it was debunked; now, it makes sense to assume certain claims are fake—unless they are verified.

NATO Group Catfished Soldiers to Prove a Point About Privacy (WIRED) With $60 and a few fake Facebook accounts, researchers were able to identify service members in a military exercise, track their movement, and even persuade them to disobey orders.

Marketplace

Move over unicorns — here are the Bay Area's 21 'minotaurs' who have raised more than $1B in funding (San Jose Business Journal) There is a relatively new beast in the region that has been dubbed a minotaur. It is a venture-backed company that has raised $1 billion or more in venture funding.

How Cybersecurity Experts are Leading Companies into a New Era of Security (AP NEWS) Investorideas.com, a leading investor news resource covering defense and security stocks issues a snapshot looking at the current...

Entrust Datacard lined up to unburden Thales of nCipher biz as price for Gemalto buyout (Register) Profitable secure SIM firm in the bag by March, Thales hopes

Perspecta CEO: Army cyber contract is 'proving the thesis statement' (InsideDefense.com) Perspecta's win of a new Army Cyber Command task order marks the “first full Perspecta bid” that takes advantage of all of the company's capabilities, Perspecta's chief executive said today.

Huawei speeds up efforts to address security concerns as Trump leaves door open to US market (The Telegraph) Huawei is speeding up its $2bn (£1.

The record shows I took the blows, and did it... Huawei: IT titan will start tackling GCHQ security gripes from June (Register) The iceberg has begun to change course

ZTE aims to regain lost glory with 5G technologies at MWC 2019 (TelecomLead) ZTE announced it will showcase its 5G technologies at the Mobile World Congress (MWC 2019). ZTE is trying to expand its 5G network solutions to global telecom markets at a time when US is trying to block Huawei from 5G network deals. US President Donald Trump said on Friday that he doesn’t seek to artificially …

NTT Security opens security operations centre in North Sydney (iTWire) Security firm NTT Security has opened a security operations centre in North Sydney to cater to its Australian clients and help them assess and mitigate...

Cyber-security giant aims to expand business in Turkey (Yeni Şafak) Turkey is an important market for Kaspersky, says CEO of Moscow-based company

Military solidifies interest in Austin innovation by taking over part of Capital Factory (Austin Business Journal) The entire eighth floor of the tower is now dedicated to helping the military absorb some of Austin's innovation.

Booz Allen hires former AWS exec DiGammarino (Washington Technology) Booz Allen Hamilton adds to its leadership team Frank DiGammarino, a former executive from Amazon Web Services and White House senior adviser.

Products, Services, and Solutions

Arceo flies into US cyber insurance space (FinTech Futures) Start-up wants to bridge the insurance and cybersecurity worlds.

Imperva Makes Major Expansion in Application Security (Imperva) When Imperva announced in 2018 it would acquire the application security solution provider Prevoty, a company I co-founded with Julien Bellanger, I knew it would be a win-win for our industry. Prevoty’s flagship product, Autonomous Application Protection, is the most mature, market-tested runtime application self-protection (RASP) solution (as proof, Prevoty was just named a Silver …

Pulse Secure Unveils Software Defined Perimeter Solution (SecurityWeek) Pulse Secure unveils Software Defined Perimeter (SDP) solution designed to help enterprises securely access their applications and resources.

Volkswagen ropes in Trustonic to secure connected car Passat keyless access system (Tech Observer) Volkswagen will use Trustonic Application Protection (TAP) platform to secure its connected car Keyless Access system which is available in Volkswagen Passat.

Afilias Launches DeviceAssure to Close Security Gaps from Counterfeit Mobile Devices (PR Newswire) Launched today at Mobile World Congress, DeviceAssureSM https://deviceassure[.]com is a new solution...

Sectigo releases Zero-Touch deployment email encryption and digital signing solution (Help Net Security) Sectigo has released the industry’s first Zero-Touch deployment email encryption and digital signing solution to use the S/MIME protocol.

Guardtime, KPMG sign agreement on developing global business platform (Baltic Times) Guardtime, a cyber security company of Estonian origin, has concluded an agreement with the network of auditing and consulting c...

ISARA updates tools to protect sensitive data and systems from the quantum threat (Help Net Security) ISARA updates tools to easily test and implement crypto-agility and quantum-safe cryptography directly into existing systems.

Trustonic & Huawei disrupt application shielding market with partnership to introduce first multi-TEE security platform for mobile app developers (Trustonic) In an industry-first innovation, Trustonic Application Protection (TAP) is enabling app developers to utilize strong security across multiple Trusted Execution Environments.

Polyverse polymorphic versions of Linux available to customers of VMware Cloud on AWS (Help Net Security) Polyverse, a leading cybersecurity company that protects government and enterprise organizations from cyberattacks, released polymorphic versions of Linux.

Cyber Deception platform 5.0 release from PacketViper includes enriched capabilities (Help Net Security) PacketViper, a leading provider of cybersecurity deception solutions, announced version 5.0 of their active, threat facing deception platform.

Blocking compromised passwords from the Collection leak (Help Net Security) Besides compromised and weak passwords, vulnerabilities such as stale administrative accounts or users with expired passwords can pose security risks.

Technologies, Techniques, and Standards

Here's how GCHQ scours Huawei hardware for malicious code (WIRED UK) After reports emerged that Huawei infrastructure was behaving unusually in 2010, GCHQ took the unprecedented step of setting up a factory to check every Huawei device destined for use in the UK

Got Critical Infrastructure? Then You Should Know How To Protect It (SecurityWeek) ICS security is critical and will take an evolving approach to handle effectively. Ensure you’re ready and avoid the repercussions that could arise if your industrial systems are compromised.

The growing importance of risk transfer and cyber insurance (Financial Director) Tom Turner, CEO of cyber security consultancy BitSight, outlines the challenges that can arise for organisations trying to purchase the right cyber insurance policy.

How to combat delivery ramifications after a data breach (Help Net Security) The legal ramifications of a data breach and the notifications that might need to be sent to past unsubscribed users could be significant.

DNC unveils new security checklist to protect campaigns from cyberattacks (TheHill) The Democratic National Committee (DNC) on Friday unveiled an updated security checklist aimed at helping cam

The Problem with Your Password? Everything (Infosecurity Magazine) When 100% of online fraud occurs after the user is authenticated, it's obvious that passwords are not doing the job.

American firms need to be aware of GDPR guidelines (Daily Record) A recent $57 million fine of Google for alleged violations of personalized data is the best reason yet for U.S. organizations to finally pay attention to the EU’s new General Data Protection Regulation (GDPR), according to Rick Arthur, chief information technology and security officer at Hartman Executive Advisors in Timonium.

Collaboration – the race that’s never won (CSO) While there’s no silver bullet in cyber security, we do as businesses have access to artillery and air support in the form of collaboration.

Security Analysts Are Only Human (Dark Reading) SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.

Why Startups Should Consider A Cyber Resilience Strategy (Entrepreneur) The Middle East offers enormous opportunities for startups but as new businesses grow, so does the opportunity for cybercriminals.

Academia

Surrey Uni and NCC Group Team Up on Space Infosec (Infosecurity Magazine) Partnership promises high-impact research into evolving satellite threats

Legislation, Policy and Regulation

GCHQ Director calls for international cyber pact (Electronics Weekly) Ultimately cyber-security will only come from international agreement on a system of ethics and standards for operating in cyber-space, said the director o

Digital gangsters threaten to kill democracy (Times) The main news of the past week was not the splintering of our calcified political system. It concerned attacks on it from outside. A devastating report from a Commons committee looking at...

Trump says Huawei charges on the table in China trade talks (POLITICO) This isn’t the first time Trump has used penalties on a Chinese company as a tool to advance his trade agenda.

Huawei And The Mounting Costs Of Trump's Inconsistencies (Forbes) The President’s improvisational, details-lite approach to negotiating can strain U.S. alliances, leave the U.S. in a weaker position globally, and expose the President to real trouble from the legislature.

Analysis | The Cybersecurity 202: On Huawei policy, it's Trump vs. the Trump administration (Washington Post) The president might have scuttled a long-planned ban on the Chinese company in 5G networks.

China Will Likely Corner the 5G Market—and the US Has No Plan (WIRED) China is on track to deploy high-capacity fiber-optic cable across much of Eurasia and lock out American companies. The US sorely needs a way to compete.

Here’s How U.S. Intel Could Warn Russia Against Hacking 2020 (The Daily Beast) U.S. intelligence officials are looking to Washington-Moscow hotline as a last-ditch crisis channel that might just prevent a cataclysmic online showdown.

Summit cautions against misuse of cyber space by anti-state elements (Daily Times) Speakers at a summit on cyber security Friday said that internet is a popular part of daily life and an amazing resource of information, connectivity and entertainment, but at the same time it is also a breeding ground for criminal and terrorist activities where one’s every move can be monitored and information compromised. The summit …

Two US Committees Ready to Talk Privacy Regs (Infosecurity Magazine) Pressure continues to mount for a federal framework for privacy regulations.

Litigation, Investigation, and Enforcement

A legal way out of the Huawei debacle (Newsroom) Dr Gehan Gunasekara argues for a principled approach to the Huawei problem as opposed to crude realpolitik.

Russia Seeks 20 Years for Cyber-Cops in U.S.-Linked Treason Case (Bloomberg) Security service alleges U.S. intelligence has ties to accused. Kremlin denies case connected to alleged U.S. election hacking.

Kremlin Accused Her of Being a U.S. Spy. She Offered to Go to Moscow. (The Daily Beast) They accused her in a secret trial of being an American agent. So she did the unthinkable, and called their bluff.

House Democrats will subpoena Mueller if report is not made public, Schiff says (Washington Post) The chairman of the House Intelligence Committee said Democrats will also go to court if necessary.

Analysis | Even if Mueller’s probe concludes soon, things are far from over (Washington Post) The Mueller report is anticipated in the coming weeks, but experts predict this is just the beginning of criminal investigations.

Cuomo Calls for Probe Into Facebook’s Collection of Sensitive Data from Apps (Wall Street Journal) New York Gov. Andrew Cuomo ordered an investigation into how Facebook accesses people’s personal information in response to an analysis by the Journal that showed the social-media giant collects sensitive data from smartphone apps.

Governor Cuomo Directs New York Department of State and Department of Financial Services to Investigate Report That Facebook is Secretly Accessing Personal Information (Governor Andrew M. Cuomo) Governor Cuomo directs New York Department of State and Department of Financial Services to investigate report that Facebook is secretly accessing personal information.

Equifax Expects U.S., Canada Watchdogs to Press Cases Over 2017 Breach (Wall Street Journal) Equifax said regulators in the U.S. and Canada intend to press forward their cases against the consumer credit reporting agency over a 2017 breach that exposed personal information of more than 140 million people.

Coast Guard lieutenant used work computers in alleged planning of widespread domestic terrorist attack, prosecutors say (Washington Post) Christopher P. Hasson is detained while the government weighs additional charges on accusations he amassed weapons preparing for attacks on politicians and journalists.

Russian national, author of NeverQuest banking trojan, pleads guilty (ZDNet) NeverQuest (Vawtrack) author Stanislav Lisov faces up to five years in prison. To be sentenced in June.

Russian Hacker Who Used Neverquest Malware To Steal Money From Victims’ Bank Accounts Pleads Guilty In Manhattan Federal Court (US Department of Justice) Geoffrey S. Berman, the United States Attorney for the Southern District of New York, and William F. Sweeney Jr., Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (“FBI”), announced that STANISLAV VITALIYEVICH LISOV, a/k/a “Black,” a/k/a “Blackf” (“LISOV”), pled guilty today to conspiring to deploy and use a type of malicious software known as NeverQuest to infect the computers of unwitting victims, steal their login information for online banking accounts, and use that information to steal money out of the victims’ accounts.

One in Four Children Victim of Cyber Bullying (Total Croatia) An expert conference was held in Zagreb earlier this week on the unacceptable behaviour of young people on social media and the Internet, hearing the challenges experts face in everyday work with children and youth as a result of their use of digital technologies, because of which one in three children in Croatia is exposed to inappropriate content and abuse, while many are exposed to cyber bullying.

What Are The Laws Around Cyber Abuse In Australia? (10 daily) Cyber-bullying is here to stay and the laws surrounding it are changing, so how does the law apply to different kinds of cyberbullying?

Vulnerable set to help others stay safer online (Worcester Observer) Vulnerable adults at risk of cyber-crime are to receive training to help safeguard them and help others from being targeted.

ICANN urges DNSSEC adoption. B0r0nt0K ransomware outbreak. CAs and surveillance vendors. Bots are no-shows.