The CyberWire Daily Briefing 3.1.19

Cyber Attacks, Threats, and Vulnerabilities

Taking Down Russian Trolls is My Kind of Cyber Attack (The Cipher Brief) Cipher Brief Cyber Expert Jason Healey points out why a recent offensive cyber operation signals the right thing for the USG to do...

Varonis Exposes Global Cyber Campaign: C2 Server Actively Compromising Thousands of Victims (Varonis Blog) The Varonis Security Research team discovered a global cyber attack campaign leveraging a new strain of the Qbot banking malware. The campaign is actively targeting U.S. corporations but has hit networks worldwide—with victims throughout Europe, Asia, and South America—with a goal of stealing proprietary financial information, including bank account credentials. During the analysis, we reversed this strain of Qbot and identified the attacker’s active command and control server, allowing us to determine the scale of the attack.…

Qbot banking malware is back – and cybersecurity vendors are infected (Verdict) There is a new strain of the Qbot banking malware that is spying on corporations around the world to steal their financial information.

Cyber spoofing attack hits Labor, Transportation Departments (Federal News Network) In today's Federal Newscast, the cybersecurity firm Anomali Labs says it's found a malicious server hosting two separate phishing campaigns targeting government contractors looking to do business with the Labor and Transportation departments.

Thunderclap: Apple Macs at risk from malicious Thunderbolt peripherals (Naked Security) Researchers have revealed how malicious Thunderbolt and PCI Express (PCIe) peripherals could be used to compromise computers running macOS, Windows, Linux and FreeBSD.

Kaspersky warns of new malware that wipe ATMs cash (Guardian) Kaspersky, a cybersecurity solutions provider, said it has discovered a malware used by cybercriminals to automatically dispense cash from Automatic Teller Machines (ATMs).

Hawkeye keylogger via fake Proforma Invoice that probably fails delivery (My Online Security) A marginally interesting malware campaign trying to deliver Hawkeye Keylogger/ Infostealer. The email is nothing special and is a typical fake invoice. Where the bad actor has gone wrong with this…

PSI GridConnect Telecontrol (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 8.5ATTENTION: Remotely exploitable/low skill level to exploitVendor: PSI GridConnect GmbH (formerly known as PSI Nentec GmbH)Equipment: Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security ProxyVulnerability: Cross-site Scripting2.

Kunbus PR100088 Modbus Gateway (Update B) (ICS-CERT) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Kunbus Equipment: PR100088 Modbus gateway

Topps.com Sports Collectible Site Exposes Payment Info in MageCart Attack (BleepingComputer) The sports trading card and collectible company Topps disclosed issued a data breach notification stating that it was affected by an attack, which possibly exposed the payment and address information of its customers.

MageCart Group Evolves Tactics To Better Steal Your Credit Cards (BleepingComputer) There are at least a dozen Magecart groups that try to plant their code for skimming payment card data on online stores, but not all of them are equally advanced. Group 4 has taken cybercrime activity to a professional level.

Fake Browser Updates Push Ransomware and Bank Malware (Security Boulevard) Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors. This is what a typical fake update request looks like: Users see a message box that says it’s an “Update Center” for your browser type (in my case it’s Firefox, but they also have such messages for Chrome, Internet Explorer and Edge browsers). The message reads: “A critical error has occurred due to the outdated version of the browser. Continue reading Fake Browser Updates Push Ransomware and Bank Malware at Sucuri Blog.

Xfinity irresponsibly using 0000 as default PIN, hacker steals customer’s phone number and buys a Mac (9to5Mac) In the latest episode of consumers affected by tech companies’ security flaws, Comcast’s Xfinity Mobile wireless service was found to be setting customer PINs by default to 0000. As rep…

Google Chrome Zero-Day Lets Hackers Harvest User Data (softpedia) Malicious PDF documents can steal user details

Vulnerability exposes location of thousands of malware C&C servers (ZDNet) An extra whitespace in a server response allowed a security firm to track a hackers' favorite tool for years.

Opinion: Beware of the 'man in the cloud' (Security Brief) Bitglass AU's David Shephard discusses the 'man in the cloud' attacks that are becoming increasingly popular - and effective.

Aurora school finances 'compromised' in cyber attack (Record-Courier) Aurora City School officials said Thursday that an undisclosed amount of money has been "recovered," while some remains "compromised"

Palisades Park recovers $200,000 after cyber attack (North Jersey) After losing nearly half a million through hacking, the borough received an advancement on its insurance claim to help prepare for the 2019 budget.

Cyber Trends

2019 Webroot Threat Report details (Webroot) 2019 Webroot Threat Report: are you protected against the latest threats?

Enterprises are blind to over half of malware sent to their employees (Help Net Security) Cybercriminals are increasingly using encryption to conceal and launch attacks, according to the 2019 Cloud Security Insights Threat Report.

DivvyCloud Releases State of Enterprise Cloud and Container Adoption and Security Report (GlobeNewswire News Room) Rate of Cloud Adoption on the Rise, Despite More than Half of IT Professionals Unaware of the Increased Risk of Misconfigurations in Public Cloud Compared to Traditional IT Environments

While The Majority Of Americans Are Still Worried About Identity Theft, It's Now Become A Global Concern - And Few Know How To Properly Protect Against It (PR Newswire) According to Generali Global Assistance's first global consumer survey conducted by LEXIS, 57 percent of Americans ...

New Report Shows Ticketing Industry Suffers From Continuous Automated Abuse, With 39.9 Percent of all Traffic Originating from Bots (Distil Networks) New Report from the Distil Research Lab shows ticketing industry suffers from continuous automated abuse and examines how bots prevent consumers from buying tickets.

Marketplace

The Uncharted Territory Of M&A Cyber Risks (PYMNTS.com) Merger and acquisition (M&A) activity continues to accelerate as 2019 progresses, both in terms of volume and value of M&A deals. Deloitte research found 79 percent of organizations expect merger activity to grow in the coming year, up from 70 percent that said the same for 2018. While corporate mergers can drive business growth, they […]

Contrast Security Closes $65 Million Series D Funding Round (PR Newswire) Contrast Security, the pioneer in embedding vulnerability analysis and exploit prevention directly into modern ...

KnowBe4 to Receive Significant Investment from KKR (KnowBe4) I'm excited to announce we have a new investor that values us at more than $800 Million.

Ionic Security Raises $40 Million from JPMorgan Chase, Google (Atlanta Inno) Atlanta-based software company Ionic Security Inc. has raised $40 million in Series E funding.

ManTech to Acquire Kforce Government Solutions (GlobeNewswire News Room) Acquisition Expands ManTech’s Federal Civilian and Health Presence and Adds Key IT Contract Vehicle to Portfolio

U.S. approves Thales takeover of Gemalto with condition (Nasdaq) The U.S. Justice Department said on Thursday it was requiring Thales SA to divest its general purpose hardware security module (GP HSM) business in order for Thales to proceed with its proposed acquisition of Gemalto NV.

Teen Becomes World’s First $1 Million Bug Bounty Hacker on HackerOne (BusinessWire) HackerOne, the leading hacker-powered security platform, announced today that bug bounty hacker @try_to_hack is the first to surpass $1 million in bou

@try_to_hack Makes History as First Bug Bounty Hacker to Earn over $1 Million (HackerOne) 19-year-old Argentinian @try_to_hack just made history as the first to earn over $1,000,000 in bounty awards on HackerOne. We connect with him to learn more about how he reached this impressive milestone. We hope you are just inspired as we are!

Bugcrowd Names Top Crowdsourced Security Programs and Hackers of the Yeat (Bugcrowd) Fourth annual Buggy Awards finalists include Atlassian, Fiat Chrysler Automobiles, Indeed, Netflix, NETGEAR, Outreach, and Zappos

HackerOne Reveals 100% Growth of Hacker Community in Annual Hacker Report (BusinessWire) HackerOne, the leading hacker-powered security platform, today announced findings from the 2019 Hacker Report, which reveals the hacker community has

2019 Hacker Report (HackerOne) Welcome to the age of the hacker. Hackers are heroes, they are in it for the good and there is more opportunity than ever before. We share some of their stories and celebrate their impact in this, the third annual Hacker Report.

Much Ado About the Cyber Skills Shortage (Council on Foreign Relations) Governments and industry like to talk about the 'cybersecurity skills shortage,' but does the shortage actually exist? And are countries adopting the right policies to address it?

Why Palo Alto Networks Has Spent Over $1 Billion on Acquisitions (The Motley Fool) The company is fast-tracking automation and AI-enhanced capabilities for the digital-first world.

BAE to Vie for Cyber Engineering Task Orders Under $898M IDIQ; Kris Busch Quoted (ExecutiveBiz) BAE Systems has landed a spot on a potential $898M indefinite-delivery/indefinite-quantity contract from the U.S. Navy to offer cyber engineering services to naval, joint and national agencies

Federal Council to create new cybersecurity competence centre (International Law Office) The Federal Council recently announced its intention to create a cybersecurity competence centre to provide a one-stop national point of contact for all cybersecurity issues. The plan is a response to requests from Parliament and the business community and is a step towards implementing Switzerland's national strategy for protecting against cyber risks.

Drilling down on the numbers behind Baltimore's tech and cyber jobs growth - Technical.ly Baltimore (Technical.ly Baltimore) "We have the oil": Tech leaders see a foundation in Maryland for cybersecurity and data science to drive even bigger job gains.

London cyber security innovation centre issues open invitation (ComputerWeekly.com) Government-backed cyber security innovation centre is calling for innovators to address key challenges facing the cyber security industry, offering a year of bespoke support to scale quickly.

NIST cyber framework manager Barrett resigns to join cybersecurity services firm (Inside Cybersecurity) The National Institute of Standards and Technology's Matthew Barrett, who led the first update of the landmark cybersecurity framework last year, has left NIST to join a private-sector cybersecurity services firm as its chief operating officer.

Products, Services, and Solutions

New infosec products of the week: March 1, 2019 (Help Net Security) SecBI launches new solution to help MSSPs maximize their productivity and scalability SecBI announced an automated threat detection and response solution

SecBI Launches Automated Threat Detection and Response Solution for MSSPs (Managed Security Service Providers) (SecBI) Offering to be Highlighted at @RSAConference, Along with Case Study Presentation by Industry Analyst Patrick Donegan on Making Telco Orange Poland a Cyber Innovator

Law firm secures sensitive data by reducing its risk exposure with Netwrix Auditor (Netwrix) Day Pitney enforces the least-privilege principle and continuously identifies and mitigates IT risks.

SonicWall Takes Aim at Evasive Cyber Threats Targeting Wireless Networks, Cloud Apps, Endpoints (BusinessWire) SonicWall today announced new platform offerings and enhancements for small, mid-sized and distributed businesses and enterprises to protect against t

Corelight Launches Corelight Fleet Manager for Seamless, Multi-Sensor Support and Administration for Enterprises with Large Deployments (GlobeNewswire News Room) Corelight, provider of the most powerful network visibility solution for cybersecurity, today expanded its product portfolio with the launch of the Corelight Fleet Manager, designed to accelerate the deployment, configuration, and ongoing administration of Corelight Sensors across the enterprise whether they are physical, virtual or cloud-based.

Forcepoint Unveils Digital Transformation Acceleration Strategy with New Converged Cybersecurity Solutions and Partner Ecosystem (PR Newswire) Global cybersecurity leader Forcepoint today announced the Forcepoint Converged Security Platform which...

Bugcrowd Brings Coverage Assurance to Crowdsourced Security (Bugcrowd) Latest release to Traffic Control and new platform integrations enable customers to find and fix critical vulnerabilities faster

Onapsis Technology to Be Used by IBM X-Force Red to Help Organizations Uncover Critical Vulnerabilities (Odessa American) Onapsis, the global leaders in ERP cybersecurity and compliance, today announced IBM Security’s team of veteran hackers, X-Force Red, will use its ERP technology to help organizations identify exploitable vulnerabilities in their business-critical applications. X-Force Red will use Onapsis’ ERP technology when performing vulnerability assessments and penetration testing against SAP and Oracle applications to help quickly uncover known and unknown vulnerabilities.

Ivanti Brings Together Leading Patch Management and Application Control Solutions with Release of Iv (Ivanti Brings Together Leading Patch Management and Application Control Solutions with Release of Ivanti Security Controls) Operating System and Application Patch Management, Dynamic Whitelisting and Granular Privilege Management Enabled for Physical and Virtual Servers and Desktops in a Single Solution

Microsoft announces Azure Sentinel and Threat Experts to analyse security data in the cloud (Computing) New tools inteded to reduce the level of noise and false positives security pros need to wade through every day.

Symantec drives collaboration to simplify cybersecurity (IT Brief) More than 120 partners including AWS, Box, IBM Security, Microsoft, Oracle, ServiceNow and Splunk Commit to Symantec’s Integrated Cyber Defense platfor.

Zeguro now offers “end-to-end” cyber insurance quotes for SMEs (Insurance Business) Small and medium-sized businesses can now easily receive quotes from insurtech’s website

Gurukul, A Cyber Security Tech Firm Introduces New Version of its ML-based Risk Analytics Platform (Tech) Gurucul, a behavior based security and fraud analytics technology firm, announced a new version of its Gurucul Risk Analytics (GRA) platform, which extends behavior based security analytics with pre-built machine learning models that span the entire IT stack. GRA version 7.0 unifies siloed analytics to provide real-time anomaly and risk detection...

AlgoSec Introduces New Integration with IBM Resilient to Accelerate Incident Response (GlobeNewswire News Room) AlgoSec’s incident response integration extends collaboration to add critical business context to incident information and automates threat remediation

QuintessenceLabs Releases Quantum Entropy Injector (BusinessWire) Simple and effective quantum entropy injector that feeds high-speed true random to entropy-limited applications.

()

CenturyLink Debuts Threat Research Division (Channel Partners) The mission of Black Lotus Labs is to use CenturyLink's network visibility to help protect customers and keep the internet clean, and it does this is by tracking and disrupting botnets like Necurs, a prolific and globally dispersed spam and malware distribution botnet which has recently demonstrated a hiding technique to both avoid detection and quietly amass more bots.

JASK Enhances Multi-Cloud Monitoring Capabilities in ASOC Platform (BusinessWire) JASK, the provider of the industry’s first Autonomous Security Operations Center (ASOC) platform, today announced new dynamic multi-cloud visibility a

Atomicorp to Host OSSEC Open Source Security Conference March 20-21, 2019 (PR Newswire) Atomicorp, a leader in automated protection for cloud, datacenter, and on-premise workloads, announced today that...

Technologies, Techniques, and Standards

Russia can be unplugged from World Wide Web, but it’s not quite ready – co-founder of Kaspersky Lab (RT International) By passing a draft internet law, Russia isn’t isolating itself from the rest of the world but is making sure that national networks don’t go down if they are disconnected from the outside, Kaspersky Lab co-founder told RT.

Be Careful: Gamification at Work Can Go Very Wrong (SHRM) Gamification is becoming known as a valuable technique that can change behavior and incentivize higher productivity, but HR managers should know that gamifying the workplace only succeeds when the game is thoughtfully designed to create many winners.

IBM security expert gives tips for protecting personal data from new threats (Fox Business) Hackers are pivoting to “cryptojacking” in order to get at your personal data, according to IBM Security VP Caleb Barlow

Academia

CrowdStrike Foundation Announces New Round of NextGen Scholarships and Small Grants Program (AP NEWS) This content is a press release from our partner Business Wire. The AP newsroom and editorial departments were not involved in its creation.

Nationwide Girls Go CyberStart competition (Terre Haute Tribune-Star) Indiana Gov. Eric J. Holcomb recently announced the 2019 Girls Go CyberStart challenge, a skills-based competition designed to encourage girls to pursue cyber-based learning and career opportunities. High school girls

Legislation, Policy and Regulation

The U.N. Hates Hate Speech More Than It Loves Free Speech (Foreign Policy) The U.N. Secretary General is going soft on one of the most fundamental human rights.

US pushed Russian troll factory offline during US midterm elections (Naked Security) The US blocked internet access to Russian trolls who, they say, were trying to spread FUD.

NSA’s Rob Joyce outlines how U.S. can disrupt and deter foreign hacking (CyberScoop) The United States will do more to disrupt the malicious cyber-activity that foreign adversaries are aggressively using to advance their interests, a National Security Agency official said Thursday.

What to Make of Cyber Command’s Operation Against the Internet Research Agency (Lawfare) Clarifying the art of the possible might be the operation’s real lasting success.

With New Laws and Some Help, Iraq Turned Around Anti-Money-Laundering Problems (Wall Street Journal) Iraq’s efforts to combat illicit finance have improved in recent years, and international watchdogs have taken notice.

Pompeo says world should have eyes wide open about Chinese tech risks (Reuters) U.S Secretary of State Mike Pompeo said on Friday that the world should be "..

Experts: US anti-Huawei campaign likely exaggerated (AP NEWS) Since last year, the U.S. has waged a vigorous diplomatic offensive against the Chinese telecommunications giant Huawei, claiming that any nation deploying its gear in next-generation wireless...

Huawei chairman accuses American critics of hypocrisy over NSA hacks (The Verge) A war of words

Trump’s Biggest China Test (Atlantic Council) The escalating U.S. global offensive against China's Huawei – the world's largest telecom equipment provider and second largest mobile phone manufacturer – provides an unsettling glimpse into the messy, high-stakes multibillion-dollar future of...

Kim Jong Un may not even need a nuclear deterrent anymore thanks to this stunning weapon (Fox News) The North Korean dictator has a stunning weapon that’s not even on the negotiating table: cyber, and an army of 6,000 hackers supported by China.

North Korea’s foreign minister says country seeks only partial sanctions relief (Washington Post) The talks collapsed unexpectedly amid a disagreement over economic sanctions.

Hanoi Summit: Two Cheers for Donald Trump (Atlantic Council) It’s disappointing that a deal was not reached in Hanoi, but it’s good that US President Donald J. Trump walked away rather than signing a one-sided agreement. Agreeing to a total lifting of UN sanctions in return for only limited steps on...

Is the U.S. Using Sanctions Too Aggressively? (Foreign Affairs) The United States’ use of sanctions has exploded over the past decade. An analysis by the law firm Gibson Dunn found that President Donald Trump’s administration added nearly 1,000 people, companies, and entities to U.S. sanctions lists during 2017, nearly 30 percent more than the number added during former President Barack Obama’s last year in office.

US House and Senate debate new data privacy law (Naked Security) A steady stream of hair-raising revelations about the treatment of users’ data by Facebook, et al. is pushing Congress to do *something.*

The Security Clearance Process Is About to Get Its Biggest Overhaul in 50 Years (Nextgov.com) Intelligence and human capital officials are about to make the rounds to show off Trusted Workforce 2.0, a framework to completely change how the government makes security clearance determinations.

ODNI, OPM planning series of sweeping updates to federal personnel vetting system (Federal News Network) Leadership within the Office of the Director of National Intelligence and Office of Personnel Management have agreed to a broad framework that's designed to reimagine the entire suitability, credentialing and security clearance process. New policies will be rolled out over the course of 2019.

Momentum builds for Congress restoring Office of Technology Assessment (Federal News Network) The legislative branch doesn't lack for watchdog offices, but as agencies continue to adopt emerging technology at an accelerating pace, lawmakers and good-government groups have reviewed their calls to bring back the Office of Technology Assessment.

()

Momo challenge advice: What are age restrictions for social media? (Express) THE MOMO challenge has caused major concern and fears for children’s safety online, but what are the age restrictions for social media?

Analysis | The Cybersecurity 202: Georgia election security fight tees up national debate on paper ballots (Washington Post) As states decide how to upgrade machines, it's paper ballots vs. paper trails.

Contractors Face More Stringent Cybersecurity Requirements (WashingtonExec) Key Takeaways for Executives Defense contractors are facing ever more-stringent cybersecurity requirements. Many of these are found in NIST (SP) 800-171.

Litigation, Investigation, and Enforcement

US offers $1 million reward for information on Hamza bin Laden (FDD's Long War Journal) The State Department announced today that it is offering a $1 million reward for information on Hamza bin Laden's whereabouts. Hamza is the genetic and ideological heir of al Qaeda's founder and he has been groomed for a leadership position within the organization.

Huawei pleads not guilty in Seattle case the day before Meng Wanzhou’s extradition deadlinw (Star) The two U.S. cases against the Chinese tech giant and its CFO Meng Wanzhou are part of “a larger effort to hold Huawei accountable,” says former federal prosecutor.

Huawei units plead not guilty to U.S. trade secret theft (Reuters) Huawei Device Co Ltd and Huawei Device USA Inc pleaded not guilty to U.S. fraud,...

FTC’s Bureau of Competition Launches Task Force to Monitor Technology Markets (Federal Trade Commission) Note: The FTC will host a conference call for media with Bureau of Competition Director Bruce Hoffman:Date: Feb.

Top Democrat threatens subpoena over Kushner security clearance (Washington Examiner) A top Democrat threatened to subpoena the White House if it does not turn over requested information regarding its security clearance process.

Harris: Gardaí needed abroad to tackle cyber crime (RTE.ie) The Garda Commissioner has said that more gardaí should be posted abroad to help tackle international fraud and organised crime.

Qbot continues to romp. Spoofing Labor, Transportation. A look at bug hunters. Cyber conflict, Russian, Chinese, and American style.