The CyberWire Daily Briefing 3.5.19

Dateline

If an organization has been breached, it's more likely to be targeted again (Help Net Security) The 2019 Mandiant M-Trends report shows that no industry is safe from threats, but breach response times improvements are visible.

An Alphabet Moonshot Wants to Store the Security Industry's Data (WIRED) Alphabet-owned Chronicle has announced Backstory, an effort to store network intelligence data and help trace cybersecurity incidents back to their roots.

Chronicle: Can I Get The Backstory? (Medium) Chronicle is launching Backstory today. In a nutshell, Backstory is the first global security telemetry platform designed for a world that…

nCipher Security Enables Organizations to Keep Pace with Expanding Cloud and IoT Security Requirements (BusinessWire) RSA Conference 2019 – nCipher Security, the provider of trust, integrity and control for business critical information and applications, announces enh

Tripwire Debuts Penetration Testing and Industrial Cybersecurity Assessment Services, Strengthening Organizational Security (Tripwire) Tripwire Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced the debut of its penetration (pen) testing and industrial cybersecurity assessment services.

Garland Technology Announces the Release of New EdgeLens® Inline Security Packet Broker at RSA Conference (PR Newswire) Garland Technology, a leading provider of network test access point (TAP) and packet broker solutions, today announced, ...

Spirion and Bitglass Partner to Provide Intelligent Security for Cloud and Mobile (Morningstar) Joint solution identifies and controls high-value data from cloud to device in an easy-to-deploy, agentless architecture

Virsec Delivers First Application Memory Firewall to Stop Fileless Attacks During Code Execution (BusinessWire) Virsec, a cybersecurity company delivering a radically new approach to stopping advanced attacks, announced today the launch and availability of its n

PolySwarm Launches VirusTotal Replacement, Invites Companies To Try Fr (PRWeb) Last year cybersecurity startup PolySwarm raised over $26 million, and there is a good reason for that: Its threat detection ‘marketplace’ re-envisions...

Ziften Announces Rapid Adoption of its Cloud-Delivered Endpoint Protection Plus Visibility and Hardening Platform (EPP+) (PR Newswire) Ziften, a leader in endpoint protection plus visibility and hardening, today announced the rapid ...

Spirent launches CyberFlood Data Breach Assessment solution (Help Net Security) With Spirent CyberFlood, organizations can assess their ability to stop data breaches, cyberattacks, and malware infections.

Fortanix launches Rust-based SDK for Intel SGX applications (Help Net Security) Fortanix launched its Enclave Development Platform (EDP) which provides a native Rust-based SDK to write Intel SGX enclaves.

CipherCloud streamlines secure access to cloud applications (Help Net Security) CipherCloud, a leader in cloud security, announced the availability of its new Secure SaaS Workspace solution as part of its award-winning CASB+ platform.

Unisys Announces Availability of Unisys Stealth® 4.0 Security Software, the First Product with Dynamic Isolation™ Capabilities to Quickly Isolate Users and Devices at the First Sign of Trouble (Unisys) New version of award-winning software adds protection to help clients implement Zero Trust networks that actively isolate malicious users and devices within minutes of identification

Alert Logic Extends Attack Surface Coverage for Endpoint, Multi-Cloud, and Dark Web (PR Newswire) SAN FRANCISCO, March 5, 2019 /PRNewswire/ -- Alert Logic, the SIEMless Threat Management™ company, announced at the RSA Conference that it has added a new...

Unisys Launches Stealth(identity)™ Biometric Identity Management Software for Establishing Trusted Human Identities (Unisys) New software defends against identity fraud through fingerprint, face, voice and iris recognition.

Cyber Attacks, Threats, and Vulnerabilities

Automated Malware Analysis - Malicious Documents: The Evolution of country-aware VBA Macros (Joe Security LLC) Lately, we have seen an increase of evasive VBA macros in Excel sheets. We have monitored new samples of the same group over a period of four months and analyzed how the macros changed over time.

Firefox maker fears DarkMatter 'misuse' of browser for hacking (Reuters) Firefox browser-maker Mozilla is considering whether to block cybersecurity comp...

APT40: Examining a China-Nexus Espionage Actor (FireEye) We provide details on APT40, a state-sponsored Chinese cyber espionage operation.

SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability (Register) 'Leakage ... is visible in all Intel generations starting from first-gen Core CPUs

Software supply chains increasingly under cyber attack (Supply Chain Dive) Microsoft's latest Security Intelligence Report reveals bad actors are increasingly targeting the update and build processes for software.

Indo-Pak tensions play out in cyberspace, websites hit (Hindustan Times) After successive waves of attacks were thwarted, the government advised all departments to not violate “Standard Operating Procedures” and be on the alert. The exact nature and extent of India’s offensive operation, and the agencies behind this aren’t known.

Jackson County cyber-attack (FOX 5 News) Officials confirm a cyber-attack in Jackson County on Monday.

Chinese Hackers Target Universities in Pursuit of Maritime Military Secrets (Wall Street Journal) Chinese hackers have targeted more than two dozen universities in the U.S. and around the globe as part of an elaborate scheme to steal research about maritime technology being developed for military use.

Chinese hackers use phishing emails to target engineering, transport and defence companies (ZDNet) Researchers at FireEye detail operations by a hacking group targeting firms as part of long-running espionage campaign.

Ransomware attack on Israeli users fails miserably due to coding error (ZDNet) Hackers failed to trigger the ransomware download due to a coding error but still managed to deface thousands of sites.

Hack Brief: Google Reveals 'BuggyCow,' a Rare MacOS Zero-Day Vulnerability (WIRED) Google's Project Zero researchers find a potentially powerful privilege-escalation trick in how Macs manage memory.

Bad news: Google drops macOS zero-day after Apple misses bug deadline. Good news: It's fiddly to exploit (Register) Step one: Run malware on your victim's machine. Step two: Mount some storage...

Project Zero Discloses High-Severity Apple macOS Flaw (Threatpost) Google Project Zero researchers detailed a new high-severity macOS flaw after Apple failed to patch it by the 90-day disclosure deadline.

That's a nice ski speaker you've got there. Shame if it got pwned (Register) If you own Outdoor Tech's CHIPS, there's a live vuln in your winter sports headset

Google temporarily shuts down Android TV photo sharing after privacy bug (Ars Technica) A user was apparently able to see hundreds of Google Photo accounts.

The Overlooked Security Threat of Sign-In Kiosks (WIRED) New research from IBM shows that several visitor management systems had a rash of vulnerabilities.

How malware traverses your network without you knowing about it (Help Net Security) A report has been released which reveals the command-and-control and lateral activities of three highest-volume malware, Emotet, LokiBot, and TrickBot.

Eyeing Russia, EU Girds for Cyberthreats to Parliament Vote (SecurityWeek) With campaigning for May's European Parliament elections shifting into high gear, security officials are preparing for potential attempts by Russia-linked hackers to sway the vote -- and potentially deepen divisions in the bloc.

Hackers Sell Access to Bait-and-Switch Empire (KrebsOnSecurity) Cybercriminals are auctioning off access to customer information stolen from an online data broker behind a dizzying array of bait-and-switch Web sites that sell access to a vast range of data on U.S. consumers

When 2FA means sweet FA privacy: Facebook admits it slurps mobe numbers for more than just profile security (Register) 'This isn’t a mistake now, this is clearly an intentional product choice' says ex-CSO Stamos

Quarter of Firms Suffer Breach via Open Source Components (Infosecurity Magazine) Security breaches linked to open source software components have risen by 71% over the past five years, as securing applications continues to be a challenge for many organizations, according to Sonatype.

UK banking was struck by one IT fail every day for most of 2018 (Register) May we suggest your mattress as an alternative?

Vulnerability Summary for the Week of February 25, 2019 (US-CERT) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Are employees the weakest (cybersecurity) link? Sometimes (SC Media) The weakest link in cybersecurity, it’s often said, is the occupant of the space between the chair and keyboard.

Is the world ready for the next big ransomware attack? (CSO Online) WannaCry and NotPetya brought major companies to their knees and cost billions to remediate. A new report from Lloyds of London warns another similar ransomware attack would still be devastating.

Security Patches, Mitigations, and Software Updates

Microsoft Rolls Out Spectre Variant 2 Mitigations for Windows 10 (SecurityWeek) Microsoft is rolling out a new software update for Windows 10 devices to enable the Retpoline mitigations against Spectre attacks.

YouTube disables comments on millions of videos of children (Naked Security) After big brands pulled ads, YouTube banned millions of comments, closed hundreds of accounts, and sped up development of a predator filter.

Cyber Trends

Winter (in cyberspace) is coming (TheHill) The very foundation of trust on the internet is under attack.

Huawei and the Tech Race: US National Security and Defense Strategy (The Diplomat) Insights from Timothy R. Heath.

AI Efforts at Large Companies May Be Hindered by Poor Quality Data (WSJ) Poor quality data could be keeping large firms from leveraging artificial intelligence and other digital tools to cut costs, boost revenue and stay competitive, according to a PricewaterhouseCoopers survey.

CEOs face test of resilience in 2019 as geopolitical cyber activity picks up (PwC) PwC explains what you need to know and do as cyber geopolitics increase the costs for businesses and nations.

Who Faces Biggest Financial Risks From Cyberattacks? (BankInfoSecurity) Four business sectors – hospitals, banks, securities firms and market infrastructure providers - potentially face the most significant financial impact from

Traditional cybersecurity staff retention tactics becoming less effective (Help Net Security) The recipe for improving your organization's ability to hire and retain cybersecurity professionals is relatively straightforward (if not easy).

Missing: Qualified cybersecurity pros (SC Media) People who need people aren’t the luckiest people in the world, at least not in the cybersecurity world where a skills shortage yawns wider each year

An artificial intelligence solution to the cyber labor squeeze (SC Media) Can hype-scarred cybersecurity pros dare to be hopeful about artificial intelligence as a means to ease the acute information security labor shortage?

Attack traffic up 32 percent in 2018 (BetaNews) Levels of attack traffic observed by F-Secure's network of decoy honeypots in 2018 increased by 32 percent over the previous year, and increased fourfold in the latter half of 2018 compared with the first half of the year.

Orgs detecting breaches quicker, attackers more persistent (SC Media) Although attackers are more persistent than ever, organizations are getting better at detecting breaches – on average discovering the intrusions about a week earlier.

Phishers shift efforts to attack SaaS and webmail services (Help Net Security) APWG phishing q4 2018 report says users of software-as-a-service (SaaS) systems and webmail services are being increasingly targeted by phishers.

Ninety Percent of Banks Lag in Ability to Authenticate Customers and Step-Up Security, Survey Reveals (GlobeNewswire News Room) Respondents’ top challenges include legacy solutions and processes tied to user name/password technology

Threats Posed by Careless or Malicious Insiders and Foreign Governments at an All-Time High according to Federal Cybersecurity Survey (GlobeNewswire News Room) Agencies with strong IT security training programs are more likely to detect and prevent insider threats

Marketplace

Comcast Buys AI Cybersecurity Firm BluVector (PYMNTS.com) Comcast announced Monday (March 4) that it has acquired BluVector, a company that uses advanced artificial intelligence and machine learning to provide cybersecurity protection to companies and government agencies.

Verizon Boosts Network Detection With ProtectWise Buyout (Zacks) In a concerted effort to expand its product offering and augment cybersecurity platform, Verizon Communications Inc. recently completed the acquisition of ProtectWise, Inc. for an undisclosed amount.

eSentire Raises $47 Million to Provide AI-Powered Managed Detection and Response (PR Newswire) Category creator and leader driving MDR innovation with human expertise at machine scale CAMBRIDGE, Ontario and SEATTLE, March 4, 2019 /PRNewswire/ --...

Juniper Networks buys Mist Systems for $405 million (ZDNet) Juniper plans to use the purchase to bolster its software-defined enterprise portfolio and multicloud offerings.

Comcast buys BluVector, an AI cybersecurity firm (ZDNet) BluVector uses AI and machine learning to fend off cyberthreats. Comcast will aim to broaden BluVector's base.

BluVector startup acquired by telecom giant (Washington Business Journal) Comcast has acquired Arlington cybersecurity startup BluVector for an undisclosed amount.

CACI International buys LGS Innovations from MDP and CoVant (Army Technology) CACI International has acquired LGS Innovations from Madison Dearborn Partners (MDP) and CoVant Management in a deal worth $750m.

Santa Clara-based DataStax may seek over $1B valuation in IPO (Silicon Valley Business Journal) DataStax was valued at about $967 million after its last funding round in September 2014, according to PitchBook Data.

Juniper to pay over $400M to buy ex-Cisco execs' Cupertino startup (Silicon Valley Business Journal) Mist Systems CEO Sujai Hajela (left) and CTO Bob Friday (right) co-founded the wireless networking business with fellow Cisco Systems veteran Brett Galloway in 2014. Their Cupertino business is being acquired by Juniper Networks for $405 million.

Cybersecurity investor Alex Doll on the sector's big opportunities, challenges (Silicon Valley Business Journal) Alex Doll co-founded Burlingame-based Ten Eleven Ventures in 2015 with a single-minded focus on backing cybersecurity startups.

EVOTEK Expands Cybersecurity Presence in Denver, Adds Matt Shufeldt as Chief Information Security Officer (PR Newswire) EVOTEK (www.evotek.com), the nation's premier enabler of digital business, announced today that it has appointed Matt...

Two Top Palo Alto Networks Americas Sales Execs Depart: Sources (CRN) Two of Palo Alto Networks’ highest-ranking Americas sales leaders - SVP and GM Patrick Blair and VP, Enterprise Accounts Rich Wenning - have both left the company in recent weeks, sources told CRN.

Products, Services, and Solutions

Kaspersky Lab partners with ThreatConnect to help customers bolster cyber security (Channel Pro) The platform collates data from lots of cyber threat data sources to protect businesses from attacks

Keeper Security to Provide Infosec Administrators with Greater Ability to Prevent & Detect Security Events (PR Newswire) CHICAGO, March 4, 2019 /PRNewswire/ -- Keeper Security, Inc., (RSA Conference, South Expo Hall, #1366) which offers leading zero-knowledge, cybersecurity...

Raytheon delivering mobile surveillance system to secure Middle Eastern nation (PR Newswire) DULLES, Va., March 4, 2019 /PRNewswire/ -- Raytheon Company (NYSE: RTN) will provide advanced surveillance towers to a Middle Eastern nation to help protect...

CQC Unveils the World's First Commercially-ready Certifiable Quantum Cryptographic Device (PR Newswire) CAMBRIDGE, England, March 4, 2019 /PRNewswire/ -- Cambridge Quantum Computing ("CQC"), a leader in quantum computing technologies, will be demonstrating...

NSFOCUS Unveils New DDoS Mitigation Solution with Contextual Analysis (Business Wire) NSFOCUS, a leader in holistic hybrid security solutions, today unveiled Attack Threat Monitoring, which provides real-time insights and contextual awa

AppGuard's TRUSTICA Mobile Enables Ultra Secure Messages and Data Sharing and Safeguards Voice/Video Calls on Employee Devices (PR Newswire) CHANTILLY, Va., March 4, 2019 /PRNewswire/ -- AppGuard, Inc., the pioneers of zero trust cybersecurity software for endpoints, servers, and mobile platforms,...

CenturyLink Introduces Black Lotus Labs for Further Threat Research, Operations (SVG) Furthering its dedication to helping protect the internet from malicious actors, CenturyLink is sharing intelligence on the Necurs botnet uncovered by ...

Fortinet Introduces FortiInsight for Enhanced Insider Threat Protection (Security Boulevard) Following the acquisition of ZoneFox Limited at the end of last year, Fortinet is today introducing FortiInsight to help organizations mitigate insider threats.

Palo Alto Networks introduces open and integrated, AI-based continuous (Networks Asia) Palo Alto Networks has introduced three significant advancements aimed at harnessing the power of advanced AI and machine learning to transform how security will be managed in the future.

Forcepoint launches new converged cybersecurity solutions (IT Brief Australia) Forcepoint is addressing the need for consolidated, cloud-based security solutions in a deployment-agnostic delivery model.

Tripwire Launches Industrial Cybersecurity Assessment Service (SecurityWeek) Tripwire launches Penetration Testing Assessment and Industrial Cybersecurity Assessment services to help organizations find vulnerabilities in their systems.

CrowdStrike Launches EDR Solution for Mobile Devices (SecurityWeek) CrowdStrike Falcon for Mobile is an enterprise endpoint detection and response (EDR) solution that provides visibility into enterprise app behavior on Android and iOS devices.

Vendor risk management (SC Media) The SC Labs team this month took a deep dive into vendor risk management (VRM) solutions.

General Dynamics Mission Systems Partners with Bitglass to Deliver Best-in-Class Next-Generation Cloud Security (General Dynamics Mission Systems) General Dynamics Mission Systems has entered into an OEM agreement to integrate the Bitglass solution into commercially available software-as-a-service and on-premises offerings of the General Dynamics Route 66 Cyber Cloud Access Security Broker (CASB).

LogRhythm Introduces Solution to Address Advanced Network-Borne Threats (Business Wire) LogRhythm NDR is a new automated network security solution for detecting, qualifying, investigating and responding to advanced network-borne threats.

Aqua Security Introduces Industry’s First Serverless Function Assurance for Securing Serverless Environments (Aqua) serverless security incl. a full chain of controls to discover functions across clouds, vulnerabilities scanning, excessive permissions detection and more.

Humio Brings Data Observability To Chaos Engineering (PR Newswire) Humio, the only solution enabling live observability through fast, efficient and easily scalable log...

FEITIAN Technologies Expands FIDO and FIDO2 Certified Security Keys (PRLog) FEITIAN Technologies Expands FIDO and FIDO2 Certified Security Keys. Company increases offerings up to eighteen certified products.

Block Collider Launches an Unstoppable Decentralized Marketplace (ChipIn) Over the next 24 hours BORDERLESS will be released and available to download. BORDERLESS will begin in Safe mode to protect new users as they learn the system.

TrueVault's new solution automates critical GDPR tasks (Help Net Security) TrueVault launched TrueVault Atlas, the solution designed to introduce efficiency and give businesses confidence by automating critical GDPR tasks.

FireMon offers cloud visibility, security and anomaly detection for hybrid enterprises (Help Net Security) FireMon announced Lumeta CloudVisibility, proven cloud visibility, security and anomaly detection for hybrid enterprises.

BlackBerry Cylance Delivers First Proactive Behavioral Analytics Solution with CylancePERSONA (PR Newswire) Newest Addition to Leading Native AI Platform Provides Continuous User Authentication Across the Organization Using the Cylance Trust Score WATERLOO, Ontario,...

Blackpoint Cyber Partners with Colliers International to Provide Managed Cyber Security to Commercial Properties (PR Newswire) ELLICOTT CITY, Md., March 5, 2019 /PRNewswire/ -- Today, Blackpoint Cyber and Colliers International announced a partnership to provide cyber security for...

Infoblox Now Supports Google Cloud and Single Sign-On in Latest Version of NIOS (PR Newswire) SANTA CLARA, Calif., March 5, 2019 /PRNewswire/ -- Infoblox Inc., the leader in Secure Cloud-Managed Network Services, today announced new updates to its...

Technologies, Techniques, and Standards

How you can protect your business from a cyber attack (Baltimore Post-Examiner) If you ran a shop on the high street, there would be certain security measures you would never go without. You would have a metal shutter to protect the doors and windows when you left work, you would only give […]

Why CISOs must get better at connecting to the rest of the company (CyberScoop) Corporate security experts need to emerge from behind their physical cubicles and their digital firewalls to ensure that new technologies don’t create new vulnerabilities that could threaten their jobs, according to two executive-focused panels Monday at the RSA cybersecurity conference in San Francisco.

The Challenges of Implementing Next-Generation IAM (BankInfoSecurity) Identity and access management is more complicated when organizations rely on a cloud infrastructure, says Brandon Swafford, CISO at Waterbury, Connecticut-based Webster Bank, which is implementing a new IAM system.

Still Room To Improve Data Breach Readiness (Infosecurity Magazine) C-suite engagement and employee training will help prepare for data breach, study says.

ACSC to deploy protective DNS service for govt, critical infrastructure (iTnews) Initially for up to 15 Aussie organisations.

The patterns of elite DevSecOps practices (Help Net Security) Organizations with elite DevSecOps practices are automating security earlier in the development lifecycle and managing software supply chains.

Data Privacy & Employee Monitoring (IT Security Central - Teramind Blog) How to ensure insider threat prevention with a privacy-friendly business culture Today’s technology landscape is undoubtedly powered by data. It’s the lifeblood of the digital ecosystem, making it at once...

Design and Innovation

Is a Facebookcoin in the works? (Naked Security) Facebook, Signal and Telegram are all planning cryptocurrencies. But why these companies, why now, and will they be successful?

DARPA Highlights 10 Focus Areas for Innovative Small Businesses (Nextgov.com) The agency also stood up an in-house startup accelerator to propel the most promising tech to the commercial market.

If extremists want a platform for hate speech, they should build their own (Times) Perhaps you have never heard of Mark Meechan, otherwise known as Count Dankula, and if so I can only apologise for changing that. Dimly, though, you may remember him as the Scottish YouTube...

Research and Development

Quantum Physics Could Protect the Grid From Hackers—Maybe (WIRED) If you measure the polarization of a photon, you instantly change it. Utility companies could use this fact to detect snoops trying to invade the system.

Legislation, Policy and Regulation

EU must learn from Brexit and reform, says Emmanuel Macron (Guardian) French president sets wide-ranging plans to overhaul EU in response to UK’s vote to leave

US is plotting to cripple us, warns Russian general (Times) Russia must increasingly threaten its enemies in the West or risk being attacked by the United States, according to President Putin’s military chief. Valery Gerasimov, chief of the general staff of...

A GDPR ripple effect will help bring internet privacy back from the dead, Jon Callas predicts (CyberScoop) Despondent internet users who love the convenience smartphones have brought but regret losing control of their data have reasons to be optimistic, according to a veteran technology industry executive who left Silicon Valley to work for the American Civil Liberties Union.

More time given for security clearance modernization ideas (Federal News Network) In today's Federal Newscast, more time has been given for companies to come up with new ideas for the security clearance process.

California Privacy Legislation Update (Cooley) With the promulgation of the California Consumer Privacy Act of 2018 (“CCPA”), California has continued its role in pushing bleeding edge privacy and data security legislation. From the first data…

Federal CIO: Agencies Already Tracking Future Cyber Reskilling Graduates (Nextgov.com) Agencies are already interested in hiring the future graduates, according to Suzette Kent.

Litigation, Investigation, and Enforcement

Ex-Trump Associate Sater Sued for Hacking Ex-Friend’s Computers (Bloomberg) Hollywood agent says Sater got unauthorized access in 2017

Disputed N.S.A. Phone Program Is Shut Down, Aide Says (NYTimes) A disclosure about a troubled surveillance program could upend a pending battle in Congress over security and privacy.

Law Expert: Chinese Government Can’t Force Huawei to Make Backdoors (WIRED) The vice president of the Law Institute at the Chinese Academy of Social Sciences says fears that Huawei is helping the government spy on others are unfounded.

US Lawyers Don’t Buy Huawei’s Argument on Chinese Hacking (WIRED) Huawei says Chinese law prohibits the government from ordering it to install backdoors for spying. US lawyers say a law's text isn't always the final word in China.

Royal family warns social media trolls: We’ll report you to police (Times) The royal family has issued new rules on how to behave on its social media channels, vowing to block trolls who post abusive or offensive messages. Individuals who write comments that are...

TikTok to pay record fine for collecting children’s data (Naked Security) It’s been a predator’s playground, where children’s photos have been public by default and trolling adults could message them.

Defending Nationwide Breach Class Actions (New York Law Journal) The 50-state cybersecurity class action is here to stay. How to defend against it!

Google rejects more ACCC oversight (CRN Australia) Ad giant rebuts regulator, says claims of market power exaggerated.

The Criminal Element Gets Its Due (SC Media) Attribution is difficult and sometimes it seems that cybercriminals are beyond the long arm of the law. But hackers – some even foreign nationals – were increasingly brought to justice on both sides of the Atlantic in 2018 for various cybercrimes.