The CyberWire Daily Briefing 3.8.19

Dateline

RSAC 2019: International cyber conflict (The CyberWire) Nation-state threats, cooperative security, and persistent engagement.

RSAC 2019: Security and the unforeseeable consequences of technological advance (The CyberWire) Technological advance enables further innovation, and the consequences of such advance and the nature of the innovations that it makes possible are imperfectly predictable at best. 5G will provide an opportunity for governments and enterprises to think through security under conditions of uncertainty.

RSAC 2019: A look at the presentation of innovation. (The CyberWire) The annual Innovation Sandbox, the inaugural Launch Pad, and a walk through the Early Stage Expo.

Machine Learning Can Use Tweets to Spot Critical Security Flaws (WIRED) Researchers built an AI engine that uses tweets to predict the severity of software vulnerabilities with 86 percent accuracy.

Growing mobile cybersecurity incidents spur plans for increased security investment (Help Net Security) 1 in 10 RSA attendees report that their organization has experienced a mobile cybersecurity incident or breach in the past 12 months.

Scammer Gang Takes Aim at Boy Scouts, Salvation Army Nonprofts (Threatpost) A scammer ring, dubbed Scarlet Widow, has targeted nonprofits, schools and universities with an array of business email compromise (BEC) attacks over the past few months.

Tripwire Survey: 80 Percent of Security Professionals Say Skilled Workers are More Difficult to Find (Tripwire) Security teams are understaffed as cybersecurity skills gap worsens

Venafi Business Momentum Accelerates in 2018 (BusinessWire) Security leader increased subscription revenues over 50% while customer renewal rates remained above 95%

Awake Security introduces Ava, a privacy-aware security expert system (Help Net Security) Awake Security unveiled several new capabilities to its platform, including Ava, the world’s first privacy-aware security expert system.

Photo gallery: RSA Conference 2019 Expo, part four (Help Net Security) RSA Conference 2019 is underway at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Here

Cyber Attacks, Threats, and Vulnerabilities

Facebook finds UK-based fake news network (BBC News) Facebook removes more than 130 "inauthentic" accounts, pages and groups operated from the UK.

Analysis | The Cybersecurity 202: DNC security chief preaches basic security for 2020 campaigns (Washington Post) Bob Lord wants more security protections to be automatic.

Google Play Pulls MetaMask Crypto Malware After A Tip From A Cyber security Firm (BlockPublisher) Scams and fraudulent practices are a part of every business and industry. Now, according to cyber security firm Eset, for the first time, Google Play became a victim due to a sneaky malware that po…

Proper news, or propaganda? China’s social media manipulations exposed (The Daily Swig) A new study takes a deep dive into the extent of China’s disinformation campaigns

U.S. counters China cyberattacks (The Washington Times) American intelligence and military cyberwarriors have begun conducting counter-cyberattacks against Chinese intelligence and military targets, according to a U.S. official.

Tricks and COMfoolery: How Ursnif Evades Detection (Security Boulevard) Ursnif is one of the main threats that is effectively evading detection right now (at publication) The dropper uses a COM technique to hide its process parentage WMI is used to bypass a Windows Defender attack surface reduction rule Fast evolution of delivery servers means detection tools are left in the dark In February we The post Tricks and COMfoolery: How Ursnif Evades Detection appeared first on Bromium.

Attack Campaign Using Fake Browser Updates to Deliver Ransomware and Banking Malware (Security Intelligence) Researchers observed an attack campaign distributing fake browser updates to infect website visitors with ransomware and banking malware.

Mapping Communication Between Facebook Accounts Using a Browser-Based Side Channel Attack (Imperva) A now-patched vulnerability in the web version of Facebook Messenger allowed any website to expose who you have been messaging with. In a previous post, I showed how your Facebook likes, location history, and other metadata could have been extracted from your Facebook account using a side-channel attack I named “Cross-Site Frame Leakage,” or CSFL …

Investment scam targets Instagram users (Hanahan Herald) Victims aged in their 20s have each lost an average of £8,900 after falling for investment scams that appear on image-sharing platform Instagram.

Hackers can get into Macs with sneaky tricks, Crowdstrike experts say (CNET) The cybersecurity company says it's seen hackers get deep access into the Macs of regular users.

In the cyber break-in stakes, the champion is Russia (The Economist) Russian computer hackers are seven times faster than North Koreans

Hackers Exploit Critical Flaws In Car Alarm Apps - What Drivers Need To Know (Forbes) Security researchers put smart car alarms and their accompanying apps to the test and found them wanting. Everything from stopping the engine, immobilizing the vehicle and even snooping on in-car conversations was possible. Here's what you need to do...

Fake Paychex Tax verification documents delivers Trickbot (My Online Security) There are still using this new version of the Trickbot delivery system where Bitsadmin is used to download the payload in small sections to a victims computer where it is all joined together to make 1…

Study Finds Rampant Sale of SSL/TLS Certificates on Dark Web (SecurityWeek) SSL/TLS certificates and related services can be easily acquired from dark web marketplaces, according to an academic study sponsored by Venafi.

Egypt government used Gmail third-party apps to phish activists (ZDNet) Cairo government targeted local human rights defenders, media, and civil society organizations' staff.

A “serious” Windows zeroday is being actively exploited in the wild (Ars Technica) Unpatched flaw used in combination with Chrome exploit doesn't work against Win 10.

Monero cryptominers hijack hundreds of unpatched Docker hosts (Naked Security) A recently-disclosed vulnerability in the Docker containerisation platform is being exploited by cybercriminals to mine the Monero (XMR) cryptocurrency on hundreds of servers.

Backdoored GitHub accounts spewed secret sneakerbot software (Naked Security) Researchers have uncovered a network of GitHub accounts containing backdoored versions of legitimate software.

The Supreme Backdoor Factory (DFIR.it) Recently I was playing with VirusTotal Intelligence and while testing some dynamic behavior queries I stumbled upon this strange PE binary (MD5: …

Ultrasounds Lack Ultra Security, Research Shows (Infosecurity Magazine) Check Point researchers gain full-range access to an ultrasound's database of images.

800+ Million Emails Leaked Online by Email Verification Service (Security Discovery) Our Biggest Data Breach Discovery of 2019 a massive 800 million emails leaked online. This data breach uncovered how an email verification service uses spam

MongoDB Privacy Error Leaks 808m Records (Infosecurity Magazine) MongoDB Privacy Error Leaks 808m Records. Email validation service stored records in plain text with no password protection

809 million records exposed by email marketing giant (ZDNet) All you needed to access the records’ database was an Internet connection.

How to hack a smartcard to gain privileged access (CSO Online) Using smartcards in a Microsoft Active Directory environment makes them vulnerable to this privilege escalation attack.

Zero-day Chrome/Windows combo actively exploited in the wild (Help Net Security) Google Chrome zero-day (CVE-2019-5786) is being actively exploited in conjunction with a privilege escalation zero-day in Windows.

Windows Servers in danger of being compromised via WDS bug (Help Net Security) Checkpoint has released more details about CVE-2018-8476, a critical remote code execution vulnerability affecting all Windows Servers since 2008 SP2.

IoT devices using CoAP increasingly used in DDoS attacks (Help Net Security) IoT devices using the Constrained Application Protocol (CoAP) represent a growing part of global Distributed Denial of Service (DDoS) weapon arsenals.

Breaches and Leaks Soared 424% in 2018 (Infosecurity Magazine) Breaches and Leaks Soared 424% in 2018. 4iQ data finds hackers are targeting smaller companies in greater numbers

Security Patches, Mitigations, and Software Updates

Google Advises Upgrade to Windows 10 to Fix Windows 7 Zero-Day Bug (BleepingComputer) Google recommends users of Windows 7 to give it up and move to Microsoft's latest operating system if they want to keep systems safe from a zero-day vulnerability exploited in the wild.

Disclosing vulnerabilities to protect users across platforms (Google Online Security Blog) Posted by Clement Lecigne, Threat Analysis Group On Wednesday, February 27th, we reported two 0-day vulnerabilities — previously publicly-...

Users of Cisco switches, security appliances need to get patching (Help Net Security) Administrators of Cisco switches, firewalls, and security appliances are advised to take a look at the latest collection of security advisories.

Cyber Trends

'High-risk' GAO report highlights security clearance, census, cybersecurity concerns (ABC News) Security clearances, the 2020 census and national cybersecurity are just some of the issues the GAO flagged in its biennial high-risk report Wednesday.

Human error still a major security risk says new BAE report (TechRadar) Cybercriminals continue to prey on human nature

Organizations Not Positioned for Success in Tackling Cyber Demands: Deloitte (SecurityWeek) Organizations are tackling various aspects of security, such as data, application, identity, infrastructure and response, but are not doing well in aligning cyber initiatives to executive management's digital transformation priorities.

2018 Cybercrime Report (Threatmetrix) News has recently emerged of the first machine learning generated fingerprints.

The Challenge of Change: IT in Transition (Insight | Datalink | IDG) In this survey we seek to understand where enterprises are with respect to their IT transformation journey.

How are execs tackling cyber risk that comes with digital transformation? (Help Net Security) As organizations embrace digital transformation, simplifying technology infrastructure and outsourcing workload, they are also expanding their cyber risk.

For enterprises, malware is the most expensive type of attack (Help Net Security) The cost to companies from malware and “malicious insider”-related cyberattacks jumped 12 percent in 2018 and accounted for 1/3 of all cyberattack costs.

Marketplace

As Phones Get Harder to Hack, Zero Day Vendors Hunt for Router Exploits (Motherboard) Obtaining vulnerabilities for fully up-to-date mobile phones is getting harder. So companies that sell exploits to governments are increasingly looking for attacks that target internet routers instead, with one company paying up to $100,000.

Facebook says it will dramatically improve privacy. But it hasn’t fully delivered on past promises. (Washington Post) What Facebook's new vision for private communication means for its global business.

Facebook's reputation takes a hit in new survey (Axios) Its drop in the Axios-Harris Poll 100 is in a class of its own.

AT&T joins cyber security group co-founded by Singtel (The Straits Times) American telecoms giant AT&T has joined a global cyber security alliance co-founded by Singtel.. Read more at straitstimes.com.

CenturyLink Threat Research Reemerges as Black Lotus Labs (SDxCentral) CenturyLink renamed its Threat Research Labs as Black Lotus Labs and shared new research about the Necurs botnet.

Cybersecurity firm Uniguest acquires Touchtown (CISO Magazine) Nashville-based Uniguest, a cybersecurity specialist in public space technology, recently acquired Touchtown, the living community engagement technology provider based outside of Pittsburgh.

U.S. Navy awards Leidos contract to provide cyber mission engineering services U.S. Navy Awards Leidos contract to provide cyber mission engineering services (CISO Magazine) Technology firm Leidos, has been awarded a $962 million contract by the U.S. Navy’s Space and Naval Warfare Systems Center (SPAWARSYSCEN) Atlantic to provide engineering and information warfare services for cyber missions.

Transcript leak: Inside Facebook's secret crisis meeting, where Zuck and Sheryl race to save social network's rep (Register) Privacy, encryption, vaccines, fake news, er, Messenger themes, uh, emojis?

Mark Zuckerberg on Facebook's Future and What Scares Him Most (WIRED) The Facebook CEO chatted with WIRED's editor in chief about building a "privacy-focused" social network and the trade-offs he’ll need to make.

Cisco reboots: Can a Silicon Valley tech giant make the switch from hardware to software? (Silicon Valley Business Journal) One of Silicon Valley’s largest legacy companies is shifting its business model, and restructuring its staff and products. How will its multibillion-dollar bet work out?

Products, Services, and Solutions

BioCatch patents touchscreen pressure measuring method to extend behavioral biometric innovation (Biometric Update) BioCatch has patented a series of methods for determining or estimating the amount of force applied by a user to the touchscreen of an electronic device, which the company says will enable it to ex…

Fortinet’s FortiClient Blocks 100 Percent Malware in NSS Labs 2019 Advanced Endpoint Test Report (AP NEWS) John Maddison, executive vice president of products and solutions, Fortinet “Endpoint devices and applications play an increasingly important role in business and networking strategies

Researchers create system that predicts vulnerability severity from tweets (Help Net Security) Can users’ opinions about threat severity expressed online provide an early indicator to help prioritize threats based on their severity?

General Dynamics Mission Systems Partners with Vera to Deliver Next-Generation Enterprise Digital Rights Management (PR Newswire) Responding to the increasing need to protect documents inside and outside of the enterprise, General Dynamics...

Fidelis Cybersecurity Launches Threat Research Service to Provide Customers with Finished Intelligence and Tailored Countermeasures (BusinessWire) Fidelis Cybersecurity, a leading provider of threat detection, threat hunting, and response solutions, today announced the launch of Threat Research a

Fidelis Cybersecurity Delivers Major Innovations to Provide Full Visibility of the Cyber Terrain to Detect, Hunt and Respond to Advanced Threats (BusinessWire) Fidelis Cybersecurity, a leading provider of threat detection, threat hunting, and response solutions, today announced the latest release of the Fidel

RSA extends SIEM capabilities with expanded analytics, threat aware authentication (Help Net Security) RSA unveiled the newest version of its SIEM, RSA NetWitness Platform, which features machine learning models based on deep endpoint observations.

DFLabs introduces SOAR platform optimized for MSSPs and MDR providers (Help Net Security) DFLabs announced a new version of its DFLabs IncMan SOAR platform tailored for the needs of MSSPs and MDR service providers.

Technologies, Techniques, and Standards

Denver to test blockchain voting in mayoral election (StateScoop) The city’s deployed military and overseas voters will be offered the ability to use Voatz, the mobile-voting app that was tested in 2018 by West Virginia.

How to Fight Disinformation While Preserving Free Speech (Atlantic Council) There are solutions “within the framework of our traditions of freedom of speech and free expression” to counter the spread of disinformation online, Daniel Fried, a distinguished fellow at the Atlantic Council, said at the Council’s Disinfo Week...

How Do You Defeat Disinformation? Tackle Demand, Not Just Supply (Atlantic Council) “Disinformation is a cause of democratic deterioration, but it is also a symptom of a much deeper disease affecting liberal democratic society,” according to Ana Palacio, a former Spanish minister of foreign affairs. Comparing the fight against...

Cryptography techniques must keep pace with threats, experts warn (SearchSecurity) Cryptography techniques are effective for protecting personal data, but maintaining the integrity of encrypted data and ensuring encryption is used wherever necessary remain challenges for experts in the field, who discussed these and other challenges at RSAC 2019.

Businesses Go Passwordless into Cloud Security (Infosecurity Magazine) Gartner looks at 2019's top security and risk trends.

Europe’s Open Source Bug Bounty: A Wrong Start (Infosecurity Magazine) Is Europe's bug bounty for open source projects a step forward or back?

Does the Internet Have an Off Switch? (Network Intelligence Blog | ThousandEyes) Russia is planning an experiment to disconnect from the global Internet to test its independence. What can we expect?

Design and Innovation

‘Alexa, Can You Be Empathetic, All-Knowing and Funny?’ (WSJ) Rohit Prasad, head scientist of Amazon’s Alexa, on the quest for omnipresent, human-sounding AI assistants.

Academia

University of Colorado Boulder cybersecurity program nets attention of secretary of state (Longmont Times-Call) As Colorado becomes one of the county's leading technology hubs, the number of cybersecurity jobs is skyrocketing.

Legislation, Policy and Regulation

Italy rebuffs U.S.calls to bypass Chinese firms like ZTE, Huawei in ramp-up to 5G (MarketWatch) Italian officials on Thursday downplayed calls from U.S. counterparts to stop working with Chinese companies on next-generation “5G” wireless networks, saying they need to make sure they avoid missteps that would harm their economy or national security.

Cyber group calls for coordinated vulnerability disclosure policies (FCW) A group led by a former top federal cybersecurity official is seeking to make policies that enable outside researchers to work with organizations to find and mitigate IT flaws 'standard' in the public and private sectors.

Russia Passes Bill That Outlaws Disrespecting Russian Officials Online (BleepingComputer) The Russian State Duma passed a new and controversial bill which allows the authorities to jail people who disrespect the government and state officials online.

Huawei restrictions are warranted despite no clear 'smoking gun' (TheHill) Chinese companies carry an unavoidable risk because of their inherent connections to the Chinese government.

No 'smoking gun' evidence coming on Huawei, NSA official says (CyberScoop) Don’t expect U.S. officials to produce a “smoking gun” of public evidence that the Chinese government might be using telecommunications giant Huawei to further its interests in cyberspace, a senior National Security Agency official told CyberScoop. “Everybody is anxious for that smoking gun,” Rob Joyce, senior cybersecurity adviser at NSA, said in an interview. “It is not the case that you’re going to see people bring out and drop that smoking gun on the table … for all sorts of reasons about the way we understand the threat, the way we deal with the Chinese, the way we have to protect the ability to see and maybe defeat or deny that capability going forward.”

Treasury rejects privacy and ambiguity concerns over Consumer Data Right (ZDNet) The Australian government department responsible for the Consumer Data Right says there is sufficient consideration given to privacy and that the legislation isn't being rushed through.

GDPR: Still Plenty of Lessons to Learn (BankInfoSecurity) Nearly 10 months after the beginning of enforcement of the EU’s GDPR privacy regulation, organizations around the world are still learning plenty of compliance

Germany does not want to ban Huawei from 5G networks: minister (Reuters) Germany does not want to ban Chinese telecoms equipment maker Huawei Technologie...

Tech security at Equifax was so diabolical, senators want to pass US laws making its incompetence illegal (Register) Now Homeland Security committee sticks the boot in

Background Investigations Tech Team Reassigned from DISA to Defense Security Service (Nextgov.com) By mid-summer, the National Background Investigations Service technical team will be under a new office as part of major shifts in the security clearance process.

New FBI Director, Same Message on Encryption (PCMAG) FBI Director Christopher Wray reiterates that law enforcement should have access to encrypted data, but acknowledges that privacy advocates are not trying to weaken national security.

Pentagon’s Cyber Mission Force Needs Better Training Plan (Nextgov.com) A government watchdog found flaws in the Defense Department’s transition from building its Cyber Mission Force to maintaining it.

Litigation, Investigation, and Enforcement

Senate Report Highlights Equifax ‘Neglect’ Before Data Breach (1) (Bloomberg Law) Equifax Inc.’s years-long failure to prioritize cybersecurity left the company vulnerable to a data breach that exposed more than 145 million Americans’ personal information, a Senate subcommittee said in a bipartisan staff report.

Snap is going to be grilled by lawmakers following the horrific case of a murder victim's family being taunted over Snapchat (Business Insider) The family of Breck Bednar, a 14-year old murdered in 2014, received taunting messages on Snapchat purporting to be from his killer.

Victorian man arrested in connection to cryptocurrency-related drug syndicate (ZDNet) The 27 year-old has been charged with drug importation offenses, allegedly aided through the use of the 'dark net' and funded in part by cryptocurrency.

Man Admits to Hacking Minnesota Databases Over Cop Acquittal (SecurityWeek) A Minnesota man admitted that he hacked into state government databases in 2017 as an act of retaliation after the acquittal of an officer who fatally shot Philando Castile during a 2016 traffic stop

Hungarian Judge OKs Extradition of Portuguese Hacker (SecurityWeek) A Portuguese man linked to the publication of internal documents that embarrassed top European clubs and soccer officials in the Football Leaks case will be extradited to his home country, a Hungarian court has ruled.

Explainer: Huawei faces slim odds in new U.S. court fight (Reuters) Huawei Technologies Co Ltd has opened up a new front in its battle with the U.S....

Australia watchdog suspends two cryptocurrency exchanges for drug... (Reuters) Australia's anti-money laundering watchdog said on Friday it had suspended ...

No 'silent lambs': China supports Huawei's bid for U.S. legal redress (Reuters) The Chinese government's top diplomat, State Councilor Wang Yi, said on Fri...

IT guy at US govt fraud watchdog stole 16 computers from... US govt fraud watchdog (Register) How agents tracked down half-inched Surface Pro slabtops to eBay store