The CyberWire Daily Briefing 3.13.19

Cyber Attacks, Threats, and Vulnerabilities

Indonesia Says Election Under Attack From Chinese, Russian Hackers (Bloomberg) Cyber assaults try to manipulate content, create ghost voters. Authorities also launch probe into voter fraud allegations

Navy, Industry Partners Are ‘Under Cyber Siege’ by Chinese Hackers, Review Asserts (Wall Street Journal) The Navy and its contractors are “under cyber siege” by Chinese hackers who have stolen national security secrets in recent years, an internal review concluded.

North Korean Hackers Behind $571M Crypto Heists Says UN Report (BleepingComputer) North Korean backed hacking groups were behind multiple cyberattacks impacting financial institutions and cryptocurrency exchanges as detailed in a report issued by a panel of experts for the United Nations (UN) Security Council.

India's last election saw social media used as a tool. This one may make it a weapon (CNN) Can social media clean up its act in time for the world's biggest election? We're about to find out.

Venezuelan 'cyber-attack' possible but unlikely, experts say (Digital Journal) Venezuelan President Nicolas Maduro's government has accused the United States of "cyber sabotage" to knock out the country's central hydroelectric complex and leave the nation largely without electricity since Thursday afternoon.

Why It's So Hard to Restart Venezuela's Power Grid (WIRED) As it approaches a full week, Venezuela's national power outage shows just how hard it is to restart a grid from scratch.

Venezuela, blaming U.S. for six-day blackout, orders diplomats to... (Reuters) Venezuela ordered American diplomats on Tuesday to leave within 72 hours after P...

North Korea has $670 million in bitcoin and other currencies (The Independent) UN report reveals how North Korea is stockpiling cryptocurrency in order to circumvent economic sanctions

America’s Undersea Battle With China for Control of the Global Internet Grid (Wall Street Journal) Chinese company Huawei is embedding itself into cable systems that ferry nearly all of the world’s internet data.

From Fileless Techniques to Using Steganography: Examining Powload’s Evolution (TrendLabs Security Intelligence Blog) We noticed significant changes to some of the attachments in the spam emails embedded with Powload: the use of steganography and specificity in targets.

Nymaim config decoded (Proofpoint) Proofpoint researchers describe the unique bytecode config used by Nymaim malware.

Citrix admits attackers breached its network – what we know (Naked Security) On Friday, software giant Citrix issued a short statement admitting that hackers recently managed to get inside its internal network. According to a statement by chief information security officer …

Yatron Ransomware Plans to Spread Using EternalBlue NSA Exploits (BleepingComputer) A new Ransomware-as-a-Service called Yatron is being promoted on Twitter that plans on using the EternalBlue and DoublePulsar exploits to spread to other computer on a network. This ransomware will also attempt to delete encrypted files if a payment has not been made in 72 hours.

Email list-cleaning site may have leaked up to 2 billion records (Naked Security) The number of records exposed online by Verification.io email list-cleaning service may be far higher than originally anticipated.

This New Facebook Phishing Campaign Could Trick Even Vigilant Users (Forbes) A new campaign targets Apple’s iOS but could be adapted for Android. Here's how to avoid it

Exploitation of vulnerabilities in Moxa industrial switches could disrupt communication between ICS components (Help Net Security) A vulnerable switch can mean the compromise of the entire industrial network. Disruption of network interactions could even stop ICS operations entirely.

Study throws security shade on freelance and student programmers (Naked Security) A recent study shows that if you aren’t prepared to ask or pay for security, you probably won’t get it.

Island hopping: The latest security threat you should be aware of (IT PRO) Far from being part of an exotic holiday, island hopping is a hacking technique that could pose a serious threat to your business

Cyber attackers favouring stealthier attacks, says Darktrace (ComputerWeekly.com) Cyber attackers are moving away from ransomware to stealthier tactics, including banking Trojans and cryptojacking, an analysis of attack data reveals

Cyber AI Response: Threat Report 2019 (Darktrace) 7 case studies of attacks that were intercepted and neutralized by Darktrace Cyber AI within seconds.

Cyber Criminals Have Turned Social Media Cyber Crime Into a $3 Billion Business (CPO Magazine) The problem of social media cyber crime is growing at an astonishing rate and is now a $3 billion business. According to a recent report, nearly 1 in 5 organizations worldwide are now infected by malware distributed by social media.

How susceptible are hospital employees to phishing attacks? (Help Net Security) Cybersecurity threats are a rising problem in society, especially for healthcare organizations. Successful attacks can jeopardize patient data and care.

Plymouth weathers cyber attack (Republican-American) Mayor David V. Merchant said Tuesday the town’s municipal and police department computer systems are recovering well from last week’s cyber attack.The town has not lost…

Security Patches, Mitigations, and Software Updates

Patch Tuesday, March 2019 Edition (KrebsOnSecurity) Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer, Edge, Office and Sharepoint.

Microsoft Patches Two Win32k Bugs Under Active Attack (Threatpost) March Patch Tuesday updates include 64 CVEs, 17 of which are rated critical.

SAP Security Notes March ‘19: Critical Bug Affecting SAP HANA XSA (Onapsis) Our monthly report on how to improve your SAP security and take care of your most critical information by exploring the latest SAP Security Notes for March 2019.

EDS-405A Series, EDS-408A Series, EDS-510A Series, and IKS-G6824A Series Ethernet Switches Vulnerabilities (Moxa) EDS-405A Series, EDS-408A Series, EDS-510A Series, and IKS-G6824A Series Ethernet Switches Vulnerabilities

NSW Electoral Commission claims physical separation mitigates Swiss voting flaw (ZDNet) Using an air-gapped machine means the flaws discovered in the Swiss system do not impact NSW, the state electoral commission has claimed.

Siemens Industrial Products (Update M) (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.5ATTENTION: Remotely exploitable/low skill level to exploitVendor: SiemensEquipment: Industrial ProductsVulnerability: Improper Input Validation2. UPDATE INFORMATIONThis updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01 Siemens Industrial Products (Update L) published February 12, 2019, on the NCCIC/ICS-CERT website.

Siemens Desigo PXC (Update C) (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 9.8ATTENTION: Exploitable remotely/low skill level to exploitVendor: SiemensEquipment: Desigo PXCVulnerability: Improper Authentication2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-18-025-02B Siemens Desigo PXC that was published March 22, 2018, on the NCCIC/ICS-CERT website.

Siemens Licensing Software for SICAM 230 (Update A) (ICS-CERT) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: WibuKey Digital Rights Management (DRM) used with SICAM 230

Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module (Update C) (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.5ATTENTION: Exploitable remotely/low skill level to exploitVendor: SiemensEquipment: SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet moduleVulnerabilities: Missing Authentication for Critical Function, Inadequate Encryption Strength2.

Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software (Update G) (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.5ATTENTION: Exploitable remotely/low skill level to exploit.Vendor: SiemensEquipment: SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC SoftwareVulnerability: Improper Input Validation2.

Siemens SINUMERIK Controllers (Update A) (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 10.0ATTENTION: Exploitable remotely/low skill level to exploitVendor: SiemensEquipment: SINUMERIK ControllersVulnerabilities: Heap-based Buffer Overflow, Integer Overflow or Wraparound, Protection Mechanism Failure, Permissions, Privileges, and Access Controls, Stack-based Buffer Overflow, Uncaught Exception2.

Siemens SIMATIC S7 (Update A) (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 5.3ATTENTION: Exploitable remotely/low skill level to exploitVendor: SiemensEquipment: SIMATIC S7Vulnerability: Resource Exhaustion 2. UPDATE INFORMATIONThis updated advisory is a follow-up to the original advisory titled ICSA-18-317-05 Siemens SIMATIC S7 that was published November 13, 2018, on the NCCIC/ICS-CERT website.

Cyber Trends

Cyber threats invade the physical security world (www.SecurityInfoWatch.com) Expert discusses why organizations need to change their cybersecurity mindset at annual Converged Security Summit

30 Years On, Reports of the Web's Death Are Exaggerated (WIRED) It’s the 30th anniversary of Tim Berners-Lee’s notion of a “distributed hypertext system.” Today’s web employs the same technology but looks very different.

RSA Conference 2019 Recap and Summary (Bricata) 62 Articles, Blog Posts and Links that Summarize the 2019 RSA Conference. Read more here.

Cybersecurity Firms Issue Annual Threat Reports (JD Supra) CrowdStrike, FireEye and IBM Security recently released their annual threat reports. These reports contain a wealth of information on recent trends in...

Healthcare breaches down, but impacts more significant - Bitglass (IT Brief) Of the 11.5 million individuals affected by healthcare breaches in 2018, 67% had their information exposed by hacking and IT incidents..

Web Apps Are Becoming Less Secure (Dark Reading) Critical vulnerabilities in Web applications tripled in 2018, according to a new study.

First Canadian Threat Report from Cybersecurity Firm Carbon Black Finds That 83% of Surveyed Canadian Businesses Have Been Breached During the Last 12 Months (Globe Newswire) Surveyed businesses report phishing and ransomware are the most likely to spawn breaches

Cyber-Attacks Increasing for Canadian Orgs (Infosecurity Magazine) A new study finds 83% of participating businesses in Canada have been breached.

Marketplace

A Saudi Cybersecurity Company Tried to Buy Zero Day Exploits from Me (Motherboard) We recently got a rare look at how a company tried to source these exploits through private one-on-one deals—because the company came to us.

Data management challenges are having a severe impact on profitability (Help Net Security) Global organizations are scrambling to gain a competitive advantage in today's digital economy, but failure to effectively manage their data can end up

F5 acquires NGINX, enableing multi-cloud application services across all environments (Help Net Security) F5, the global leader in multi-cloud application services, acquires NGINX, an open source leader in application delivery.

Ex-NSA, Microsoft execs raise $3.5M for stealthy Seattle-area cybersecurity startup Cyemptive (GeekWire) Former executives from the National Security Agency, Microsoft, Hitachi, and other companies are behind a Seattle-area cybersecurity startup that just came out of stealth mode three years after it…

Contrast Security’s $65 Million Round Funding (Global Legal Chronicle) Gunderson Dettmer advised Contrast Security on the deal

It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job (Dark Reading) Meanwhile, organizations are looking at unconventional ways to staff up and train their workforce as technical expertise gets even harder to find.

The Neutrino Debacle Is an Important Ethics Lesson for Coinbase (Finance Magnates | Financial and business news) Neutrino's associations with human rights abuses are too egregious for the crypto community to ignore. What was Coinbase thinking?

SANS to Help Build San Diego's Pipeline of Skilled Cyber Security Practitioners (PR Newswire) SANS Institute, the global leader in cyber security training, today announced the agenda for SANS Security West...

Bitdefender opens fifth Romanian R&D center in Targu Mures (Business Review) Bitdefender opened a new office in Targu Mures, its fifth in Romania, in addition to those in Bucharest, Cluj-Napoca, Iasi and Timisoara. Bitdefender

SAIC's Moraco groomed his successor for two years (Washington Technology) Tony Moraco began grooming his replacement as CEO two years ago when he promoted Nazzic Keene to be chief operating officer.

Second Cylance channel boss departs following acquisition (CRN) Didi Dayton leaves following BlackBerry's acquisition of Cylance, following Tim Mackie out the door...

SCADAfence Strengthens Management Team to Meet the Increasing Demand for Scalable OT Security (PR Newswire) SCADAfence, the technology leader in providing cybersecurity and visibility solutions for Operational...

22 Year FBI Veteran Stacy Arruda to Lead the Florida Information Sharing & Analysis Organization (FL-ISAO) (EIN News) Stacy Arruda, 22-Year FBI Veteran to Lead the Florida Information Sharing & Analysis Organization to advance cybersecurity critical infrastructure protection.

NopSec Accelerates Enterprise Growth And Appoints Three Industry Veter (PRWeb) NopSec Inc, a leader in vulnerability prioritization, remediation workflow automation and breach prediction announces the appointments of three new Board of Adviso

EfficientIP Launches Enhanced North American Partner Program; Strength (PRWeb) EfficientIP, a leading provider of network security and automation solutions specializing in DDI (DNS-DHCP-IPAM), today announced it has appointed John Ricciar

Products, Services, and Solutions

Onapsis and Exabeam Partner to Bring ERP to the Security Operations Center (SCNow) Onapsis, the global leader in ERP cybersecurity and compliance, today announced a technology alliance and product integration with Exabeam, the Smarter SIEM™ company, to give security teams

Firefox Send Is an Easy Way to Share Large Files Securely (WIRED) Mozilla has made public an encrypted file-sharing service with a self-destruct twist.

Niagara Networks Releases SSL/TLS Decryption Platform (PR Newswire) Niagara Networks, the leading network and security visibility provider, has introduced the SSL/TLS...

SRT’s Managed File Transfer Server Continues to Offer Strongest Security Without Compromising Productivity (Globe Newswire) Cornerstone MFT version 2019 includes updates that keep customers ahead of security threats

Dimension Data introduces next-generation managed services (IT-Online) Dimension Data has announced the launch of its next-generation global managed services to help clients simplify the management and operation of their technology. Dimension Data’s Managed Services Platform now offers near real-time insight and reporting, managing over 9 000 IP networks and supporting over 13 million users across the globe. Meeting increasing client demands, the …

Prophix gets Information Security certification - (Enterprise Times) Prophix the CPM vendor has announced that its cloud service is not ISO27001 compliant. That it has made the effort to achieve the certification is notable.

AlgoSec introduces new integration with IBM Resilient to accelerate incident response (Continuity Central) The international business continuity management news, jobs and information portal

Diamond Key Security Aims to Make the Internet Safe for Everyone (PR Newswire) This has been a busy few weeks for the social media giant Facebook. In two separate articles Facebook's CEO, Mark...

Planbox Completes SOC 2 Type II Audit of its Security, Availability, & Confidentiality Controls (PR Newswire) Planbox, the pioneering provider of cloud-based AI-powered Agile Innovation solutions, announced today it successfully ...

Technologies, Techniques, and Standards

Die another day: the post-disaster post-mortem and how to perform one (Computing) The post-mortem is vital for establishing a culture of transparency and continuous improvement

More Resources Don’t Lead to Better or Faster Vulnerability Management, Kenna Security Report Finds (Globe Newswire) Research conducted by Kenna Security and Cyentia Institute reveals industry benchmark for patching strategy

There May be A Ceiling on Vulnerability Remediation (Dark Reading) Most organizations are doing all they can to keep up with the release of vulnerabilities, new research shows.

The 12 Worst Serverless Security Risks (Dark Reading) A new guide from the Cloud Security Alliance offers mitigations, best practices, and a comparison between traditional applications and their serverless counterparts.

Network performance requirements grow in the era of 5G: Are your security processes ready? (Help Net Security) 5G brings about new and sizable security risks, relative to what we have known even in recent times. It challenges to evolve the way we approach security.

The Must-Haves for Your Data Center Cybersecurity Checklist (Data Center Knowledge) Explaining the NIST Cybersecurity Framework, the most popular of its kind.

How Do Cryptographic/Digital Signatures in Bitcoin Work? | CaptainAltcoin (CaptainAltcoin) Digital signatures are a mathematical concept/technique used to verify the authenticity and integrity of information. In a manner similar to a handwritten signature or a stamped seal, digital signature is used to offer reasons to believe that a certain message/document was created by the designated sender. In many countries, including the United States, digital signatures …

Zero to Hero: Securing Your Business with Zero Trust (Infosecurity Magazine) How a business-driven approach addresses the challenges around the zero trust model

Silencing Cylance: A Case Study in Modern EDRs (MDSec) A Case Study in Modern EDRs

How the Army is getting its EW kit right for future battlefields (C4ISRNET) The Army is using a variety of prototyping efforts and soldier feedback to inform how it will equip electronic warfare units for the field.

Design and Innovation

NSA Software Can Help Secure the Supply Chain (Meritalk) The National Security Agency (NSA) and the Trusted Computing Group (TCG) industry consortium have come up with validation software that can be used with any device and could go a long way to securing the supply chain for computing devices.

Ethiopia crash of Boeing 737 Max might be latest example of backfiring safety efforts (USA TODAY) If software and sensors are to blame, then the Boeing accidents are another reminder that safety policies can have unintended and fatal consequences.

Proposing a 'Declaration of Digital Independence' (WIRED) Opinion: Larry Sanger, the cofounder of Wikipedia and chief information officer of Everipedia, suggests how to spark a decentralized social media movement.

Prospiracy Theories (Slate Star Codex) Last week I wrote about how conspiracy theories spread so much faster on Facebook than debunkings of those same theories. A few commenters …

Research and Development

How intelligent is artificial intelligence? (ScienceDaily) Scientists are putting AI systems to a test. Researchers have developed a method to provided a glimpse into the diverse 'intelligence' spectrum observed in current AI systems, specifically analyzing these AI systems with a novel technology that allows automatized analysis and quantification.

Quantum cryptography: no silver bullet, but could lift security (Computer World) In the arms race between white and black hats, the infosec industry looks to quantum cryptography and quantum key distribution (QKD)

The threat of quantum computers and the solutions that can protect us today (Help Net Security) Avesta Hojjati, Head of R&D at DigiCert, talks about the threat of quantum computers and the solutions that are available to protect us.

Harvard-MIT initiative grants $750K to projects looking to keep tech accountable (TechCrunch) Artificial intelligence, or what passes for it, can be found in practically every major tech company and, increasingly, in government programs. A joint Harvard-MIT program just unloaded $750,000 on projects looking to keep such AI developments well understood and well reported.

Academia

Top U.S. Universities Shun Cash From Huawei Under Trump Pressure (Bloomberg) Princeton, Berkeley avoiding research money from gear maker. Pressured by U.S. government over Huawei security risks

National Cyber Security Cluster ‘Cyber Ireland’ announced by IDA Ireland and Cork Institute of Technology (IDA Ireland) An initiative to establish a national cyber security cluster in Ireland has been announced today. Facilitated by Cork Institute of Technology (CIT), the national cluster will be called Cyber Ireland and is supported by IDA Ireland.

Legislation, Policy and Regulation

China Threat to EU Telecoms Flagged by European Parliament (Bloomberg) European Union assembly warns about risks to 5G networks. Initiative reflects growing Western anxiety about spying

America Is Losing The Room On Huawei (Forbes) Poor leadership, lack of evidence and hypocrisy in the marketplace are taking a toll.

US military steps up cyberwarfare effort (San Francisco Chronicle) (The Conversation is an independent and nonprofit source of news, analysis and commentary from academic experts.) Benjamin Jensen, American University School of International Service and Brandon Valeriano, Marine Corps University (THE CONVERSATION) The U.S. military has the capability, the willingness and, perhaps for the first time, the official permission to preemptively engage in active cyberwarfare against foreign targets. The first known action happened as the 2018 midterm elections approached: U.S. Cyber Command, the part of the military that oversees cyber operations, waged a covert campaign to deter Russian interference in the democratic process. It started with texts in October 2018.

'People Have a Right to Free Speech, But a Bot Doesn't' (Decipher) In the era of disinformation, manipulation and influence operations, platform providers, enterprises, and government agencies are working to find policy and technical solutions.

Barack Obama’s adviser calls for watchdog to tame Facebook (Times) Tech giants such as Google and Facebook are so dominant that the government needs new powers and a dedicated competition regulator to challenge them, a review has found. Experts led by Jason Furman...

Give consumers control over data to curb 'Big Tech', says Treasury review (The Telegraph) Britons should be handed more control over their online data to break the stranglehold that technology giants have on the digital economy, according to a landmark review for the Government.

Furman's proposals represent a potent threat to big tech companies (The Telegraph) Professor Jason Furman may have stopped short of calling for an outright break-up of the big tech giants, but make no mistake.

Analysis | The Cybersecurity 202: Republicans want Kaspersky, Huawei banned from sensitive university research projects (Washington Post) It's part of an all-out battle to block several Russian and Chinese companies from American secrets.

Congress Introduces Legislation to Augment IoT Cybersecurity | Digital Trends (Digital Trends) While the U.S. government has held a tight rein on security for networked devices like computers and cellphones, a bipartisan groups of legislators is now taking on the issue of cybersecurity for Internet of Things (IoT) devices by introducing a bill that would set new security standards.

IoT bill would require gov't use devices meeting cybersecurity standards (SC Media) If passed, the Internet of Things Cybersecurity Improvement Act of 2019, introduced in the Senate and House Monday, would compel the U.S. government to

7 funding priorities in the Pentagon’s cyber budget (Fifth Domain) Pentagon leaders asked for $2.8 billion to improve specific cyber skills.

DHS grapples with cyber enforcement (FCW) The Department of Homeland Security is increasingly using compulsory directives to spur federal agencies on cybersecurity improvements, but cyber enforcers are learning that success isn't built out of carrots and sticks.

Civil liberties advocate says Congress should revoke NSA authority to collect phone records (TheHill) Attorney Neema Singh Guliani told Hill.TV on Tuesday that Congress should revoke the National Security Agency's (NSA) authority to collect Americans' phone call and text message records, which was first implemented following the 9/11 terror a

John Oliver bombards the FCC with anti-robocall robocall campaign (Naked Security) The Last Week Tonight host launched an anti-robocalling robocalling campaign to force the FCC to put a stop to the pervasive, irritating calls.

Litigation, Investigation, and Enforcement

Georgia woman arrested for allegedly helping ISIS build ‘kill lists’ of US service members (Military Times) Kim Anh Vo, 20, was taken into custody Tuesday in Richmond County.

TPG’s Bill McGlashan is put on indefinite leave after being charged in a giant college admissions cheating scandal (TechCrunch) Bill McGlashan, who built his career as a top investor at the private equity firm TPG, has been put on “indefinite administrative leave, effective immediately,” says the firm after McGlashan was caught up in what the Justice Department said today is the largest college admissions scanda…

Marriott CEO reveals more details about the massive data breach (Help Net Security) Equifax CEO Mark Begor and Marriott CEO appeared before a US Senate subcommittee to testify about the massive data breaches their companies have suffered.

Facebook sues developers over data-scraping quizzes (Naked Security) Downloaded by 63K users, the quizzes promised answers to questions such as “What kind of dog are you according to your zodiac sign?”

Judge upholds verdict clearing Juniper of infringing Finjan patent (Reuters) A federal judge has upheld a jury's finding that cybersecurity company Juni...

Here’s why a Navy cyber chief faces court-martial (Navy Times) The chief cryptologic technician (collection) is slated to go to trial this May.