The CyberWire Daily Briefing 3.6.19

Dateline

Analysis | The Cybersecurity 202: U.S. officials: It’s China hacking that keeps us up at night (Washington Post) Russia hacking has Washington spooked. But security officials say China is the biggest long term threat.

Beijing Drops Contentious ‘Made in China 2025’ Slogan, but Policy Remains (WSJ) “Made in China 2025,” a government-led industrial program at the center of the contentious U.S.-China trade dispute, is officially gone—but in name only.

FBI director wants the Bureau to be a fixed answer in a world of blended threats (Fifth Domain) Partnerships with private industry are one way FBI Director Christopher Wray sees law enforcement uncovering the information it needs.

RSAC 2019: An Antidote for Tech Gone Wrong (Threatpost) As many ponder the big ethical questions around cyber, some are proposing public interest technologist as a solution.

RSAC 2019: Joomla! Mail Flaw Exploited to Create Mass Phishing Infrastructure (Threatpost) The Jmail Breaker attack leverages an old vulnerability in Joomla! along with a newly found flaw in the mail module.

RSAC 2019: Microsoft Zero-Day Allows Exploits to Sneak Past Sandboxes (Threatpost) Researchers say that Microsoft won't issue a patch for the issue.

TLS Markets Flourish on the Dark Web (Threatpost) The certificates are often paired with ancillary products, like Google-indexed “aged” domains, after-sale support, web design services and even integration with a range of payment processors.

RSAC 2019: Most Consumers Say ‘No’ to Cumbersome Data Privacy Practices (Threatpost) Consumer confidence in companies keeping their data safe is at an all-time low, but password hygiene and not reading EULAs and app permissions remain big problems.

RSA helps customers address digital transformation risks (Help Net Security) RSA announced enhancements to its Integrated Risk Management platform, RSA Archer, to help customers fundamentally transform their risk management function.

The NSA Makes Its Powerful Cybersecurity Tool Open Source (WIRED) No one's better at hacking than the NSA. And now one of its powerful tools is available to everyone for free.

AppViewX 2019.1.0 with Advanced Low-Code Elements and Certificate Reporting Capabilities Launched at RSA 2019 (GlobeNewswire News Room) The latest version of AppViewX’s Low-Code Automation Platform provides unparalleled agility

Armor Scientific makes authentication as easy as walking into a room (Help Net Security) Armor Scientific's new authentication platform is a converged hardware token and middleware suite aimed at law enforcement, govt, healthcare, etc.

Tripwire Launches Vulnerability Management as a Service (Tripwire) Expansion of Tripwire ExpertOps supports strong cybersecurity foundation, delivering personalized consulting and managed services to organizations

Anomali, Flashpoint, and Intel 471 Join Verodin to Launch Threat Actor Assurance Program (Verodin) Foundational Members Collaborate to Integrate Threat Intelligence into the Verodin Platform to Enhance the Effectiveness of Deployed Cybersecurity Controls

AttackIQ and BlackBerry Cylance Join Forces to Deliver Enterprise Endpoint Security Validation (AttackIQ) AttackIQ™, a leader in the emerging market of continuous security validation,today announced a partnership with BlackBerry Cylance BlackBerry Cylance, a business unit of BlackBerry Limited (NYSE:BB: TSX:BB), to enable organizations to validate that their endpoint security solutions are deployed correctly and conﬁgured optimally, ensuring continuous protection against the latest threats.

Bugcrowd and Secure Code Warrior Partner to Improve Security Training for Developers (PR Newswire) SAN FRANCISCO and SYDNEY, March 5, 2019 /PRNewswire/ -- Today, Bugcrowd, the #1 crowdsourced security company, and Secure Code Warrior, a global secure coding...

Trustwave Expands its Role as a Leading Cybersecurity and Managed Security Services Provider (Trustwave) Trustwave announced continued momentum coming off the heels of Singtel’s integration of cybersecurity resources, technologies and capabilities of Singtel, Optus, Trustwave and NCS into a single global corporate identity under the Trustwave brand.

Cyberinc Announces the First-Ever Hybrid Isolation Security Solution with the Launch of Isla 4.0 (PR Newswire) SAN RAMON, Calif., March 5, 2019 /PRNewswire/ -- Cyberinc, an isolation-based cybersecurity company that proactively stops web, email, and document-based...

Secure Video Calling Capability Available in Summer 2019 - SaltDNA (Dark Reading) Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.

Checkmarx Announces Enhancements to Software Exposure Platform (Business Wire) RSA Conference 2019 – Booth S1453 – Checkmarx, the Software Exposure Platform for the enterprise, today unveiled major advancements to accelerate adop

Pioneering cyber deception company CounterCraft presents fully MITRE integrated platform that tools up threat hunting teams (CounterCraft) CounterCraft attends RSA Conference San Francisco for the third year running, continuing to lead the global emerging cyber deception market with their advanced and groundbreaking platform

RSAC Day 1 Theme: People And Tech Are ‘Better Together’ (Cyber Security Hub) As the stage lighting turned up and the attendees settled down in their seats, there was a buzz of positivity in the air at the 2019 RSA Conference stage. The theme of this year’s conference is quite simply put as “Better.”

Adi Shamir couldn't get US visa to attend RSA Conference named for him (CNET) Israeli cybersecurity specialist Shamir is the "S" in RSA. He says he never heard back about his visa application.

Photo gallery: RSA Conference 2019 Expo (Help Net Security) Featured vendors include: Anomali, ObserveIT, Zero Fox, Corero Network Security, Aruba Networks, Century Link, Sumo Logic, Fasoo, and Netscout.

Cyber Attacks, Threats, and Vulnerabilities

Malcolm Turnbull warns Brits about letting Huawei build 5G network (The Sydney Morning Herald) Malcolm Turnbull says Australia's national security drove his decision to block the big Chinese technology company, and the British should also be wary.

Whitefly: Espionage Group has Singapore in Its Sights (Symantec) Group behind the SingHealth breach is also responsible for a string of other attacks in the region.

State-sponsored espionage group Whitefly behind major Singapore cyberattack -report (Reuters) The worst cyberattack in Singapore's history, in which the personal informa...

UPnP-enabled Connected Devices in the Home and Unpatched Known Vulnerabilities (Trend Micro) Many devices such as cameras, printers, and routers use UPnP to make it easy for them to automatically discover and vet other devices on a local network and communicate with each other for data sharing or media streaming. UPnP works with network protocols to configure communications in the network. But with its convenience comes security holes that range from attackers gaining control of devices to bypassing firewall protections. We looked into UPnP-related events in home networks and found that many users still have UPnP enabled in their devices.

Fake HSBC payment details delivers Agent Tesla (My Online Security) A compromised site we saw yesterday delivering Hawkeye keylogger /Infostealer is being used today in an Agent Tesla campaign. I am not 100% positive it is the same bad actors involved but the…

All Intel chips open to new Spoiler non-Spectre attack: Don't expect a quick fix (ZDNet) Researchers say Intel won't be able to use a software mitigation to fully address the problem Spoiler exploits.

SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability (Register) 'Leakage ... is visible in all Intel generations starting from first-gen Core CPUs'

Exposed Docker hosts can be exploited for cryptojacking attacks (ZDNet) A lack of trusted source security controls is leaving countless containers open to attack.

Iran-Linked Hackers Use Python-Based Backdoor in Recent Attacks (SecurityWeek) The Iran-linked Chafer threat group has used a new Python-based backdoor in November 2018 attacks targeting a Turkish government entity.

CryptoMix Clop Ransomware Says It's Targeting Networks, Not Computers (BleepingComputer) A new CryptoMix Ransomware variant has been discovered that appends the .CLOP or .CIOP extension to encrypted files. Of particular interest, is that this variant is now indicating that the attackers are targeting entire networks rather than individual computers.

All the ways Facebook hoovers up your information without letting you say no (The Telegraph) Sometimes it seems like Facebook just can't help itself.

Scammers Are Spoofing DHS Phone Numbers to Get Your Personal Info (Nextgov.com) Recipients also are being pressured for money to avoid arrest.

Microsoft Security reports a massive increase in malicious phishing scams (Digital Trends) Microsoft’s Security team analyzes more than 6.5 trillion security signals a day to identify trends that could affect the digital landscape that we all live in.

IDenticard PremiSys (Update A) (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 8.8ATTENTION: Exploitable remotely/low skill level to exploit/vulnerability details have been publicly disclosedVendor: IDenticardEquipment: PremiSysVulnerabilities: Use of Hard-coded Credentials, Use of Hard-coded Password, Inadequate Encryption Strength2.

Rockwell Automation RSLinx Classic (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 10.0ATTENTION: Exploitable remotely/low skill level to exploitVendor: Rockwell AutomationEquipment: RSLinx ClassicVulnerability: Stack-based Buffer Overflow2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the target device.

IoT automation platforms open smart buildings to new threats (Help Net Security) IoT automation platforms in smart buildings are presenting attackers with new opportunities for both physical and data compromise.

Companies are flying blind on cybersecurity (Naked Security) IT managers are flying blind in the battle to protect their companies from cyber attacks, according to a new Sophos survey.

Phishing alert: One in 61 emails in your inbox now contains a malicious link (ZDNet) Be careful when you click. That email might not be as innocent as it looks.

Exposed IoT Automation Servers and Cybercrime (Trend Micro) In our latest research we tested possible threat scenarios against complex IoT environments such as in smart homes and smart buildings. A significant part of it also involved a look into exposed automation platforms or servers.

CMS hackers focus on WordPress (SC Media) WordPress continued to be the most attacked content management system (CMS) attracting an even higher percentage of CMS centered cyberattacks in 2018

Medical Center Data Leak May Have Exposed 45K Patients (Government Technology) A file shared by an employee with one of Chicago Rush Medical Center’s billing processing vendors may have exposed the personal information of thousands of patients. The incident happened in May 2018.

Shared Code Creates Opportunity for Hackers, Expert Warns (Government Technology) Some app developers may not be malicious, just careless. But that's an important distinction when a federal employee uses a smartphone to access sensitive information.

Experian: More Than a Third of Companies are Unprepared to Respond to a Data Breach (OODA Loop) New research by Experian shows that companies are still falling short when it comes to cyber security disaster preparedness. The study found that just over one-third of business executives (36%) believes their organization is ready

How malware traverses your network without you knowing about it (Help Net Security) A report has been released which reveals the command-and-control and lateral activities of three highest-volume malware, Emotet, LokiBot, and TrickBot.

No More Stickups, Bank Heists Have Gone Cyber (Infosecurity Magazine) Banking Trojans lead to sleepless nights for CISO, says report.

Security Patches, Mitigations, and Software Updates

Update now! Critical Adobe ColdFusion flaw now being exploited (Naked Security) Adobe has issued an urgent patch for a critical flaw in the ColdFusion web development platform it says is being exploited in the wild.

BSides SF 2019: Remote-Root Bug in Logitech Harmony Hub Patched and Explained (Threatpost) Users of Logitech’s Harmony Hub get long-awaited answers about the critical bugs that left their home networks wide open to attack.

Security Researcher Changes Mind over Apple Bug (Infosecurity Magazine) Apple got access to information on a critical bug for nothing. Is that fair?

What is Mimikatz? And how to defend against this password stealing tool (CSO Online) Mimikatz is a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs and Kerberos tickets.

Cyber Trends

Government to British business: Not enough being done to improve cyber security awareness (Computing) 84 per cent of the boards of UK's biggest companies don't fully understand the impact of a cyber-attack on their businesses,Security ,FTSE 350 companies,Cyber Governance Health Check,National Cyber Security Strategy,Margot James,Security

4iQ 2019 Identity Breach Report Discovers the Long Tail of Small Breaches, Data Shows 424 Percent Increase in New Breaches in 2018 (PR Newswire) 4iQ, a leader in Identity Intelligence, today released the 4iQ 2019 Identity Breach Report, The Changing...

Mobile Theft & Loss Report 2018 (Prey Anti theft: Track & find your stolen phones, laptops & tablets) Know theft from the inside with Prey's latest statistics on mobile device theft and loss.

How Large Enterprises are Securing the Cloud [Q&A with Richard Stiennon, author of Secure Cloud Transformation] (Bricata) In his new book, Secure Cloud Transformation, cybersecurity industry analyst Richard Stiennon details how CTOs and CISOs are securely moving to cloud.

SOCs shift to threat detection and response: Gartner (ZDNet) Security operations centers are shifting focus in response to today’s numerous and complex threat alerts.

Survey: Cybersecurity Threats from Careless Insiders and Foreign Governments Reach All-Time Highs (Nextgov.com) A survey suggests risks have risen substantially over the last five years, but cyber professionals still feel agencies are doing a good job in IT security.

Cyberattack planning is still depressingly poor, even in big businesses (ZDNet) Most companies have a strategy, but fewer have the funds or detailed plans to back it up.

Users are too confident in their protection from threats (Help Net Security) Most users take some steps to protect their data, but some protection measures are too difficult and burdensome to implement.

Key 2019 cybersecurity industry trends (Help Net Security) Momentum Cyber revealed the most significant trends that will drive strategic activity in the cybersecurity industry in 2019.

Marketplace

Huawei, your way, whichever way. We're cool with being locked out, defiant biz insists (Register) Plus: Reagan's model doesn't apply today, says US CSO

Electronic Security Association and Security Industry Association Announce Coordination on Workforce Development Strategies (Security Industry Association) ESA and SIA will identify key areas of collaboration on new member resources to help members address workforce shortages.

RackTop Systems Secures $15 Million in Series A Funding to Accelerate the Growth of Its CyberConverged Data Storage and Security Platform (Business Wire) RackTop Systems, the pioneer of CyberConvergedTM data security, a new market that fuses data storage with advanced security and compliance into a sing

Hide yo' kids, hide yo' clouds: Zerodium offering big bucks for cloud zero-days (ZDNet) Exploit vendor offers up to $500,000 for zero-days in cloud virtualization software like Hyper-V and vSphere.

Products, Services, and Solutions

Keeper Security Wins Double Honors for its Password Management Leadership (PR Newswire) CHICAGO, March 5, 2019 /PRNewswire/ -- Keeper Security, Inc., (RSA Conference, South Expo Hall, #1366) which offers leading zero-knowledge, cybersecurity...

Gemalto Expands Cloud HSM On Demand Solutions (Financial Post) SafeNet Data Protection On Demand cloud platform now offers HSM On Demand to secure CyberArk Privileged Access Management, Oracle Transparent Data Encryption, and Hyperledger Blockchain Transaction…

Webroot Threat Intelligence to Deliver (Webroot) Webroot Delivers Integrated Security Awareness Training. How are you training your weakest links?

Cytegic and Phoenix Insurance Partner for Cyber Risk Underwriting (Business Wire) Cytegic Inc. and The Phoenix Insurance Company LTD today announced a partnership leveraging Cytegic’s platform to automate cyber insurance risk analys

High-Tech Bridge partners with Fortinet to accelerate DevSecOps and CI/CD for web applications (High-Tech Bridge) Joint solution enables seamless vulnerability detection, prioritization and agile virtual patching for web applications, web services and APIs...

NetGovern selects Clearswift SECURE as its next generation Email Security Gateway Technology. Strategic Partnership Will Offer Key Enhancements for DLP, Redaction & Email Encryption (PR Newswire) NetGovern (https://www.netgovern[.]com) recently made a strategic decision to focus its efforts on...

LogRhythm Introduces Solution to Address Advanced Network-Borne Threats (Business Wire) LogRhythm NDR is a new automated network security solution for detecting, qualifying, investigating and responding to advanced network-borne threats.

Basil Security Unveils Policy-as-Code Platform for Cybersecurity and Audits (Business Wire) Basil Security unveils policy-as-code platform with distributed, stateful policy enforcement for development, security and operations (DevSecOps)

vArmour Fortifies Security and Compliance for Microsoft Azure Environments (vArmour) vArmour is the industry’s first distributed security system that provides application-aware microsegmentation. vArmour microsegments each application by wrapping protection around every workload - increasing visibility, security, and operational efficiency.

VMware aims for security market, launches service defined firewall (ZDNet) VMware is taking its visibility into infrastructure, applications and cloud and applying it to the firewall market.

ThreatConnect Releases New Pricing and Packaging of its Intelligence-Driven Security Operations Platform (ThreatConnect) ThreatConnect Inc.® is proud to announce its new product packaging designed to bring value to all members of the security team.

vArmour Teams with VMware to Deliver Continuous Compliance and Enhanced Security for Hybrid Cloud Environments (vArmour) vArmour is the industry’s first distributed security system that provides application-aware microsegmentation. vArmour microsegments each application by wrapping protection around every workload - increasing visibility, security, and operational efficiency.

IBM X-Force Red launches blockchain security service (ZDNet) The new service has been established in response to the enterprise’s blockchain experiments.

Sheepl 2.0: Automating People for Red and Blue Tradecraft (Trustwave) When I first released Sheepl 0.1 in September 2018 as part of a talk, I wanted to showcase a different approach to user emulation, and the initial idea was well received. Security and IT professionals could see the potential and.....

Technologies, Techniques, and Standards

Why Smaller Businesses Need Comprehensive Security (BankInfoSecurity) Security incidents often result in damage, regardless of an organization's size. But for small and midsize firms, which often lack robust security defenses, the

Singapore now able to certify products under global cybersecurity standard (ZDNet) Now a Certificate Authorising Nation for the Common Criteria, Singapore is one of 18 countries that can assess and certify cybersecurity products under the technical standard, which it says will enable local developers to attain the certification more quickly and at a lower cost.

Singapore government conducts second HackerOne bug bounty program (CISO Magazine) During the three-week hacking challenge, more than 400 hackers globally were invited to look for security weaknesses in the Singapore Government’s digital assets. Hackers won $11,750 in exchange for reporting 26 valid security weaknesses to GovTech so they could be safely fixed.

The Common Security Pitfalls of Network Modernization (Infosecurity Magazine) What are the most common security pitfalls that can put SD-WAN deployments at risk?

Design and Innovation

How Amazon's Algorithms Curated a Dystopian Bookstore (WIRED) How gameable recommendation systems mislead customers about health information.

Research and Development

Whoever Predicts the Future Will Win the AI Arms Race (Foreign Policy) China, Russia, and the United States are approaching the long-term strategic potential of artificial intelligence very differently. The country that gets it right will reap…

Legislation, Policy and Regulation

Pelosi says Democrats to introduce bill to bring back net neutrality this week (TheHill) Speaker Nancy Pelosi (D-Calif.) announced Monday that Democrats will introduce a net neutrality bill to replace the open internet rules that were repealed in 2017.

Putin Wants His Own Internet (Bloomberg) A new law would create a single command post from which authorities can manage—and halt—information flows across Russian cyberspace.

France unveils plan to tax internet giants revenue (AP NEWS) The French government unveiled plans Wednesday to slap a 3 percent tax on the French revenues of internet giants like Google, Amazon and Facebook. The bill outlines how digital...

Google reportedly plans to ban political ads before Canada election (Business Insider) Alphabet Inc's Google is planning to ban political advertising on its platform before the Canadian federal election.

China’s “democracy” includes mandatory apps, mass chat surveillance (Ars Technica) Researcher discovers servers in China collecting data on 364 million social media profiles daily.

Huawei calls for common cybersecurity standards amidst concerns (iTnews) Urges for governments, telco industry and regulators consensus.

Disputed N.S.A. Phone Program Is Shut Down, Aide Says (NYTimes) A disclosure about a troubled surveillance program could upend a pending battle in Congress over security and privacy.

White House Establishes National Quantum Coordination Office (Nextgov.com) The new office will help coordinate quantum efforts across the government and private sector.

States Need Way More Money to Fix Crumbling Voting Machines (WIRED) “We are driving the same car in 2019 that we were driving in 2004, and the maintenance costs are mounting,” one South Carolina election official told researchers.

Litigation, Investigation, and Enforcement

House Probes Cambridge Analytica on Russia and WikiLeaks (WIRED) The Democrats’ sweeping new investigation into President Trump includes the now defunct consulting firm better known for misusing the Facebook data of tens of millions of Americans.

Canada allows extradition case against Huawei exec Meng Wanzhou to proceed (The Japan Times) Canada said Friday it will allow the U.S. extradition case against Chinese Huawei executive Meng Wanzhou to proceed. Canadian Department of Justice officia

Qualcomm Cites National Security Risk in Bid to Settle FTC Case (Wall Street Journal) Qualcomm is contending that national security could be undermined by a Federal Trade Commission case challenging its patent-royalty fees for smartphones—and it is getting an assist from some federal officials.

7 Scenarios for How the Mueller Probe Might 'Wrap Up' (WIRED) Reports say that the special counsel will be "wrapping up" his investigation soon. Here's what that might actually mean.

Japanese police charge 13-year-old for sharing 'unclosable popup' prank online (ZDNet) Police also searched the home of a 47-year-old man and are also investigating three other suspects.

Inaugural Launch Pad highlights three early-stage start-ups.

Cyber conflict, as seen from Fort Meade.

Cyber conflict, as seen from CISA.

And the difference between a hurricane and climate change.