The CyberWire Daily Briefing 3.4.19

Dateline

Analysis | The Cybersecurity 202: Commerce Department's pitch at RSA: Companies should publish 'ingredients' for their technology (Washington Post) The government wants to sell industry on software transparency.

RSAC 2019: An Antidote for Tech Gone Wrong (Threatpost) As many ponder the big ethical questions around cyber, some are proposing public interest technologist as a solution.

RSA Security Conference: The race to plug a $6 trillion security hole (ZDNet) The world's largest security conference is coming up -- but the security hole becomes larger every year.

Cybersecurity is still really hard. Full stop. (Marketplace from APM) But spending more doesn't always mean more protection.

2019 RSA Conference Preview: An Insider's Guide to What's Hot (eSecurity Planet) Wondering what to see at the 2019 RSA Conference? Our preview of the world's largest cybersecurity conference will point you in the right direction.

10 Vendors Set to Innovate At RSA Conference 2019 (eSecurity Planet) Hundreds of vendors exhibit at the annual cybersecurity event, but only 10 are finalists in the 2019 Innovation sandbox contest. Find out who they are.

20 Can't-Miss Seminars, Sessions and Panels at #RSAC this Year | Bricata (Bricata) The RSA Conference (RSAC) will bring together nearly 700 speakers across 500 sessions; we've gone through every description to recommend 20 "can't miss" sessions for 2019.

RSAC 2019: New Operation Sharpshooter Data Reveals Higher Complexity, Scope (Threatpost) New look at server data behind a previously-identified espionage campaign shows that it has exceeded researchers’ expectations in complexity, scope and breadth.

Spirent Announces Availability of CyberFlood Data Breach Assessment Solution at RSA Conference 2019 (Global Banking & Finance Review) Spirent Communications plc (LSE:SPT), the industry leader for test, measurement, assurance, and analytics solutions for next-generation devices and networks, today announced availability of its CyberFlood Data Breach Assessment solution.

FireMon Announces Lumeta CloudVisibility (BusinessWIre) FireMon introduces Lumeta CloudVisibility, proven cloud visibility, security and anomaly detection for hybrid enterprises.

CompTIA and Immersive Labs Issue Penetration Testing Challenge (CompTIA) CompTIA provides the media with unbiased insights into the myriad of issues affecting the industry including trends in technology, research, legal issues, public policy, workforce training, and business trends.

Cyber Attacks, Threats, and Vulnerabilities

People Reported Fake News About Moldovan Politics To Facebook For Three Years Before It Took Action (BuzzFeed News) "It shouldn't be that hard."

Container Escape Hack Targets Vulnerable Linux Kernel (Threatpost) A proof-of-concept hack allows adversaries to tweak old exploits, have code jump containers and attack underlying infrastructure.

Unprotected MongoDB databases expose details of millions of accounts on six social platforms in China (Computing) Databases are believed to be part of China's online surveillance programme, collecting profile-related data from six online services.

Google’s Project Zero reveals zero-day macOS vulnerability to the public (ZDNet) The copy-on write vulnerability has not been patched.

Researchers uncover ring of GitHub accounts promoting 300+ backdoored apps (ZDNet) GitHub ring consisting of 89 accounts promoted 73 repos containing over 300 backdoored apps.

As Trump and Kim Met, North Korean Hackers Hit Over 100 Targets in U.S. and Ally Nations (NYTimes) McAfee researchers watched, in real time, as the North Koreans attacked the networks of companies in the United States and around the globe.

McAfee Research Gives Rare Look Inside Command and Control of Nation-State Cyber Espionage Campaign (McAfee) Command-and-control server data and code analyzed by McAfee reveals inner workings of global cyber espionage campaign

Researchers obtain a command server used by North Korean hacker group (TechCrunch) In a rare move, government officials have handed security researchers a seized server believed to be used by North Korean hackers to launch dozens of targeted attacks last year. Known as Operation Sharpshooter, the server was used to deliver a malware campaign targeting governments, telecoms, and d…

Flawed visitor check-in systems let anyone steal guest logs and sneak into buildings (TechCrunch) Security researchers at IBM have found, reported and disclosed 19 vulnerabilities in five popular visitor management systems, which they say can be used to steal data on visitors — or even sneak into sensitive and off-limit areas of office buildings. You’ve probably seen one of these visitor …

Emotet Giving Ransomeware A Run For Its Money As Biggest Security Threat (CRN) Emotet is used to gain access to a machine, allowing the adversary to do anything from inserting ransomware to stealing intellectual property, Sophos leaders said at XChange University: IT Security.

Ransomware Pretends to Be Proton Security Team Securing Data From Hackers (BleepingComputer) A recent variant of the GarrantyDecrypt ransomware has been found that pretends to be from the security team for Proton Technologies, the company behind ProtonMail and ProtonVPN.

Phisher Announces More Attacks Against Hedge Funds and Financial Firms (BleepingComputer) A new phishing campaign called "Beyond the Grave" targeted international hedge funds on January 9th, 2019. In a statement posted to BleepingComputer, the attackers have stated that they will continue to target banking and financial institutions in the future.

Exposed Docker Control API and Community Image Abused to Deliver Cryptocurrency-Mining Malware (Trend Micro) We uncovered notable activities of cryptocurrency miners deployed as rogue containers using a community-contributed container image published on Docker Hub.

Bug in Cobalt Strike pentesting tool used to identify malicious servers (Help Net Security) An extraneous space in the HTTP responses of webservers run by a variety of malicious actors allowed researchers to identify them pretty easily.

Half of business leaders say a breach could end their business, others remain unaware (Help Net Security) A majority of executives at SMBs are more concerned about suffering a major data breach than a flood, a fire, a transit strike or even a physical break-in.

Putin’s spies woo British Establishment through Imperial Orthodox Palestine Society (The Sunday Times) A leading courtier to the Queen, a cousin of Prince Charles and other members of the aristocracy dined in the heart of London’s clubland to celebrate the UK launch of an organisation accused of...

40% of malicious URLs were found on good domains (Help Net Security) Legitimate websites are frequently compromised to host malicious content. To protect users, cybersecurity solutions need URL-level visibility.

Malfunction or cyber attack – the impact is the same and it may not be possible to know the difference (Control Global) It is important to do a root cause analysis of a “malfunction” whether the incident was malicious (physical or cyber) or unintentional since you may not be able to tell the difference. The root cause team should include representatives from engineering as well as network security.

Scammers con kids into paying for “free” Fortnite concert (SC Media) Scammers took advantage of the first live concert ever streamed through the massively popular video game Fortnite to sell non-existent tickets to gullible game players.

UN Aviation Agency Concealed Serious Hack: Media (SecurityWeek) The United Nations aviation agency reportedly concealed for months a hack of its computers and allowed malware to spread throughout the airline industry.

China's APT27 Hackers Use Array of Tools in Recent Attacks (SecurityWeek) Over the past two years, a well known China-linked cyber-espionage group has used an array of tools and intrusion methods in attacks on political, technology, manufacturing, and humanitarian organizations, Secureworks reports.

Retail industry endures new point-of-sale cybercrime spree (ZDNet) The harvest of sensitive data is at hand, but it is not certain who is behind the campaign.

Magecart Hackers Change Tactics Following Public Exposure (SecurityWeek) A hacking group operating under the "Magecart" umbrella has changed its tactics following a November 2018 report exposing their activity.

MAR-17-352-01 HatMan - Safety System Targeted Malware (Update B) (ICS-CERT US) This updated malware analysis report, MAR-17-352-01 HatMan - Safety System Targeted Malware (Update B), is a follow-up to the previously updated malware analysis report titled MAR-17-352-01 HatMan - Safety System Targeted Malware (Update A) that was published April 10, 2018, on the ICS-CERT website. This updated report includes an updated YARA signature to identify a custom,

Disgruntled dev blames crypto-wallet for losing cryptocoins (Naked Security) Warith Al Maawali is blaming wallet vendor Coinomi for the loss of $65,000 in bitcoin. Coinomi countered by blaming him for blackmail.

The Momo Challenge urban legend – what on earth is going on? (Naked Security) Why you shouldn’t worry about the Momo Challenge, and what we can learn from it.

The “Momo challenge” – why it’s time to stop the hype [VIDEO] (Naked Security) What’s the real deal with the “Momo challenge”?

Owning the Smart Home with Logitech Harmony Hub (Tenable TechBlog – Medium) Critical remote root vulnerabilities discovered in Logitech’s new smart home hub allow attackers to control all systems in a smart home

Kissinger Warns of AI Dangers at MIT Conference (Government Technology) The former U.S. Secretary of State delivered a speech as part of Massachusetts Institute of Technology’s 3-day celebration of the opening of the school’s new $1 billion computing facility.

Security Patches, Mitigations, and Software Updates

Update ColdFusion Now, Critical Zero-Day Bug Exploited in the Wild (BleepingComputer) Adobe today released emergency updates that fix a critical vulnerability for the ColdFusion web app development platform. The bug can lead to arbitrary code execution and has been exploited in the wild.

Cyber Trends

State of Cybersecurity 2019 (ISACA) For five years, ISACA has talked to cybersecurity leaders across the globe to discuss what they’re seeing and experiencing when it comes to hiring, budgets, threat landscape and more.

How the Dark Web Data Bazaar Fuels Enterprise Attacks (Threatpost) What does the age of near-ubiquitous data breaches, deep fakes, and fallible biometric authentication mean for enterprise security?

IT teams are struggling with network infrastructure challenges caused by the cloud (Help Net Security) IT teams are often siloed and do not agree on who is responsible for the deployment and ongoing management of the public cloud network.

Human behavior can be your biggest cybersecurity risk (Help Net Security) Changes in user behavior are increasingly blurring the lines between personal and business. Trends like Bring Your Own Device (BYOD) and flexible working

Identity and Access Management: Who Are We Online? (Government Technology) As cybersecurity risks continue to grow across government agencies, the little-known world of identify and access management still receives scant attention — but services can't move forward without it.

Beyond Data: Function Is the New Cyber Attack Surface (New York Law Journal) The profound changes deriving from IT/OT convergence require us to take a fresh look at legal and regulatory norms that have stood for decades since the Industrial Era. We are in a radical new environment where exponential benefits and risks are now reality.

Apologising is the ultimate social media sin (Times) Whenever someone is attacked on social media I am reminded of the Jurassic Park franchise. In these films, the villains Spielberg wishes to dispatch always suffer from the same terrible handicap...

Marketplace

Cisco CEO Suggests Fear of Huawei 5G Dominance Is Overblown (Bloomberg) China will continue to be in the mix, Robbins tells CNN.

Federal Cyber Reskilling Academy Draws 1,500 Applicants (Nextgov.com) A lot of federal employees with non-technical backgrounds appear interested in making the shift to cyber defense analysts.

Phoenix-Based Security Testing Company Bishop Fox Secures $25 Million (Pulse 2.0) Phoenix, Arizona-based private professional services company Bishop Fox has raised $25 million in Series A funding from ForgePoint Capital.

Cequence Security Secures $17 Million in Series B Funding (SecurityWeek) Application security startup Cequence Security has raised $17 million in Series B funding round. To date, the company has secured $30 million in funding.

Verizon acquires ProtectWise, Inc., expanding network detection and response services for business customers (Verizon) Verizon today announced that it closed its acquisition of ProtectWise, allowing Verizon to expand its product offering in Network Detection and Response.

Exclusive: DataTribe is back with $50M to fund more companies (Washington Business Journal) The investment comes with a much more hands-on approach.

U.S. Government Says Thales Must Divest HSM Business Before Acquiring Gemalto (SecurityWeek) The U.S. Department of Justice requires Thales to divest its General Purpose Hardware Security Module (GP HSM) business before it can proceed with the proposed purchase of Gemalto for $5.67 billion.

Himalayas-Born Cyber Tycoon Climbs Into World's Richest Club (Bloomberg) Zscaler’s Chaudhry, Fortinet’s Xie brothers are billionaires. Shares of Zscaler have more than tripled since March IPO.

Former Intel R&D Head Amir Faintuch Leaves Intel Capital (CRN Australia) Chip giant's investment arm now loses leader.

Products, Services, and Solutions

Mocana Adds New Funding to Meet Strong Demand for its TrustCenter™ IoT Device Security Management Platform (GlobeNewswire News Room) Mocana’s IoT Device Security Platform Gains Wider Adoption as Alternative IT and OT Security Solutions Fall Short

ReversingLabs Ups Ante in the Fight to Detect Advanced Malware (GlobeNewswire News Room) New Releases Improve Malware Detection Accuracy for Threat Hunters and Incident Responders while Optimizing Workflows for Security Analysts

WALLIX becomes the new European challenger on the North American market for cybersecurity (Actusnews Wire) WALLIX, the European PAM[1] expert, opens their offices in Boston, Massachusetts, taking a new step in the implementation of their international development strategy announced in the “Ambition 21” Plan. The American team will present the "Bastion", WALLIX's flagship access security solution, from March 4th to 8th in San Francisco at the RSA Conference, which brings together international experts in cyber security.

TrueVault Launches Solution To Automate the Daily Grind of GDPR Compliance (GlobeNewswire News Room) New solution is the only product that automates the day-to-day compliance tasks of GDPR and the upcoming California Consumer Privacy Act (CCPA).

Forcepoint introduces Converged Cybersecurity Solutions, Partner Ecosystem (CRN - India) Forcepoint has launched Forcepoint Converged Security Platform which accelerates enterprise and government agencies’ digital transformation journey by enabling secure migration of data, applications, and business operations to the cloud. Through the new converged security platform, Forcepoint is addressing CISOs business-critical need today for consolidated, cloud-based security solutions in a deployment agnostic delivery model. The first solution …

Windows Exploit Suggester Lists Known Exploits for Your Windows Install (BleepingComputer) A program called Windows Exploit Suggester - Next Generation, or WES-NG, has been released that will list the known vulnerabilities affecting a Windows installation, any exploits that are available, and what security updates are needed to patch the bugs.

Tech Giant Microsoft Launches Cloud-based Artificial Intelligence Cybersecurity Tools (Analytics Insight) Microsoft unveiled Azure Sentinel and Threat Experts, two cloud-based Artificial Intelligence (AI) cybersecurity tools. The tools use AI to assist security professionals to respond to immediate risks rapidly. Azure Sentinel is created to attract a huge quantity of data from other cloud-based services.

Wireshark 3.0.0 Released (SecurityWeek) Wireshark 3.0.0 has been released and one of the most important changes is that WinPcap has been replaced with the Npcap packet sniffing library.

Technologies, Techniques, and Standards

Here are Microsoft's tips on how to protect yourself from the latest cyberthreats (Komando.com) We can't go more than a day without hearing about another malware attack, data breach, sextortion scam, or any variety of cybercrimes. It seems that Microsoft might want to help with that. It has come out with some tips and tricks you can start us…

A strong security posture starts with application dependency mapping (Help Net Security) Advanced application dependency mapping won’t just rely on data collected from sensors or agents, but automatically import metadata from other platforms.

How cloud storage providers can preempt cyber attacks with business continuity (Help Net Security) Cloud storage is now an integral part of every enterprise infrastructure and security has become a crucial element of any cloud storage operation.

How Government Agencies Can Build Cyber Trust in 2019 (Nextgov.com) For all the damage that can come as the result of cyberattacks, the cost of severed trust is almost always the highest.

Businesses need to rethink security priorities due to shifting trends (Help Net Security) Businesses should be aware of a substantial growth in phishing, cryptocurrency mining and BEC attacks, consequently rethinking security priorities.

ENISA provides recommendations to improve the cybersecurity of EU electoral processes (Help Net Security) ENISA provides concrete and forward-looking recommendations to improve the cybersecurity of electoral processes in the EU.

Four States Work Toward a Single Log-In Credential (Government Technology) As they grapple with security and data access, Utah, Michigan, Pennsylvania and Indiana explain how they are leveraging identity and access management to achieve their single sign-on goals for both staff and citizens.

Navy Cyber Defense Operations Command Hosts Defensive Cyberspace Operations Summit (DVIDS) Navy Cyber Defense Operations Command (NCDOC) hosted a Defensive Cyberspace Operations (DCO) Summit, made of up subject matter experts, action officers, and stakeholders in Suffolk, Va. Feb. 4-5.

Legislation, Policy and Regulation

Thailand passes controversial cybersecurity law that could enable government surveillance (TechCrunch) Thailand’s government passed a controversial cybersecurity bill today that has been criticized for vagueness and the potential to enable sweeping access to internet user data. The bill (available in Thai) was amended late last year following criticism over potential data access, but it passed…

Thailand defends cybersecurity law amid concerns over rights, abuse (Reuters) Thailand on Friday defended a controversial cybersecurity law approved this week...

Berlin: We've had no recent talks with Beijing on cybersecurity (Reuters) The German government has not held talks with Beijing about cybersecurity issues...

Rep. Rogers, new top Republican on Homeland Security: Government still must get 'ahead of curve' on cyber (Inside Cybersecurity) New House Homeland Security ranking member Mike Rogers (R-AL) sees improving the cybersecurity workforce and addressing election security as top priorities for the committee, while adding in an exclusive interview that neither Congress nor the executive branch have “been able to get ahead of” evolving cyber threats.

Litigation, Investigation, and Enforcement

Rubio, Warner Ask Intelligence Community for Public Report on Chinese Role In Setting 5G Standards (Press Releases - U.S. Senator for Florida, Marco Rubio) U.S. Senators Marco Rubio (R-FL), a member of the Senate Select Committee on Intelligence, and Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, urged Director of National Intelligence Dan Coats to issue a comprehensive and unclassified report on China’s participation in the international standard setting bodies (ISSBs) for fifth-generation wireless telecommunications technologies (5G).

‘Cryptocurrency’ Founder Indicted Over Alleged $6m Scam (Infosecurity Magazine) ‘Cryptocurrency’ Founder Indicted Over Alleged $6m Scam. My Big Coins were sold as gold-backed digital currency

Revealed: Facebook’s global lobbying against data privacy laws (Guardian) Social network targeted legislators around the world, promising or threatening to withhold investment

Facebook asked George Osborne to influence EU data protection law (ComputerWeekly.com) Sheryl Sandberg, chief operations officer at Facebook, invited then chancellor of the exchequer George Osborne’s 11-year-old son to Facebook’s offices in 2013, as she sought to influence politicians and policy-makers over European plans to introduce tougher privacy and data protection laws.

Govt urged to clarify claims of lobbying by Facebook (RTE) The Government has been urged to provide clarification following claims in a British newspaper that Facebook lobbied leading politicians in several countries on its behalf.

Huawei to be arraigned in U.S. fraud case in New York on March 14 (Reuters) Huawei Technologies Co Ltd and two affiliates will be arraigned on March 14 in U.S. District Court in Brooklyn, New York, on accusations the company committed bank and wire fraud and violated sanctions against Iran, according to a court filing on Friday.

Facebook sues over sales of fake accounts, likes and followers (Reuters) Facebook Inc said on Friday that it filed a lawsuit along with Instagram in U.S. federal court against four companies and three people based in the People’s Republic of China for promoting the sale of fake accounts, likes and followers.

Canada approves Huawei extradition proceedings, China seethes (Reuters) The Canadian government, as expected, on Friday approved extradition proceedings against the chief financial officer of Huawei Technologies Co Ltd, prompting a furious reaction from China.

Canada Allows Extradition Hearing Against Huawei CFO Meng Wanzhou (Wall Street Journal) Canada said the U.S. had presented enough evidence to proceed with the extradition hearing of a Huawei Technologies top executive, clearing the way for a case at the center of tensions between the U.S., China and Canada.

Mystery Navy tweeter unmasked in court filings alleging unlawful command influence (Navy Times) Prosecutors say that any damage to their court-martial case against a lieutenant can be mitigated later by a military judge.

Chelsea Manning subpoenaed to testify before grand jury in Assange investigation (Washington Post) Prosecutors have been pursuing a case against the WikiLeaks founder.

Two days in July: As Republicans convened in Cleveland, did Trump receive a heads-up about WikiLeaks? (Washington Post) Trump confidant Roger Stone denies discussing WikiLeaks with him, but Michael Cohen alleges such a conversation occurred days before the group released internal Democratic Party emails.

Lawyer: Russian Cybercrime Suspect on Hunger Strike (SecurityWeek) Alexander Vinnik, who suspected of bitcoin fraud and wanted by three countries, is reportedly having health issues due to a hunger strike.

Ireland's Data Protection Commission Reports Multiple GDPR Investigations on Tech Giants (SecurityWeek) Ireland's Data Protection Commission received 2,864 privacy complaints since GDPR has come info force.

Hacking Attorney-Client Documents Gets TransPerfect Co-founder's Assault Case Tossed (New York Law Journal) The Appellate Division, First Department has decided that co-founder Philip Shawe’s improper and willful discovery misconduct that happened during litigation focused on control of the New York-based company means that his assault lawsuit against her cannot stand.

RSA notes. Operation Sharpshooter connected to DPRK's Lazarus Group. CFO Meng's extradition hearing. Facebook & data protection.