The CyberWire Daily Briefing 3.18.19

Cyber Attacks, Threats, and Vulnerabilities

Chancellery website suffered a “cyber attack” (Q Costa Rica) The official website of the Ministry of Foreign Affairs (Ministerio de Relaciones Exteriores) suffered a “cyberattack” that forced the take down of the site for most of Thursday. Well i…

New Zealand Mobile Carriers Block 8chan, 4chan, and LiveLeak (BleepingComputer) Following the Friday mass shooting in Christchurch, New Zealand, multiple internet service providers (ISP) in the country have blocked access to websites that distribute gruesome content from the incident.

Russia supplied Iran with advanced phone hacking tech — Israel TV report (Times of Israel) So-called 'zero-click' technology allows hackers to access victims' data without any action by the target; newspaper says it was used to hack Gantz's phone

‘Dirty tricks’ hit Binyamin Netanyahu’s rival Benny Gantz in Israel election (Times) Israel’s general election campaign was further soured yesterday by rumours about the personal life of the main opposition leader. It was reported on Thursday night that Benny Gantz’s personal phone...

No one knows what was on Gantz’s phone, but we know whom the scandal benefits (Haaretz) The phone hacking affair doesn't necessarily make Gantz vulnerable, but it does serve Netanyahu, who wants to create the impression that Iran has control over his rival

FBI Director on Cyber Threat: ‘It’s bigger than the government itself,’ (Townhall ) FBI Director on Cyber Threat: ‘It’s bigger than the government itself,’ - Julio Rivera: The United States entered 2019 under a partial government shutdown .03/18/2019 4:52:03AM EST.

Microsoft says there is no 'partnership' with tech firm that allegedly helps China track Muslims (CNBC) SenseNets, a Chinese company that makes facial recognition technology which is used by the government in Beijing, says Microsoft is a partner. But Microsoft says it has no connection with the controversial firm.

Spam Warns about Boeing 737 Max Crashes While Pushing Malware (BleepingComputer) A new malspam campaign is underway that is trying to utilize the tragic Boeing 737 Max crashes as a way to spread malware on a recipient's computer. These spam emails pretend to be leaked documents about imminent crashes that the sender states should be reviewed and shared with loved ones to warn them.

Recently Patched WinRAR Flaw Exploited in APT Attack (SecurityWeek) There are over 100 exploits targeting the recently patched WinRAR vulnerability CVE-2018-20250, and the flaw has also been exploited by some APT actors.

Round 4: Hacker returns and puts 26Mil user records for sale on the Dark Web (ZDNet) Gnosticplayers returns with new user records, most of which he obtained by hacking companies last month.

Your home WiFi could turn out to be the worst security nightmare (Gulf News) Cyber criminals can also infect smart devices connected to the home network

Australia's Commonwealth Games blocked 176,000 pieces of malware (iTnews) Network security numbers disclosed.

Google Took Down 2.3 Billion Bad Ads in 2018 (SecurityWeek) Google said it took down 2.3 billion bad ads in 2018, including 58.8 million phishing ads.

BART Borked: Weekend System Failure Invites Speculation (Bay City Beacon) Weekend commuters got a taste of a possible worst-case transit scenario when the entire BART system was shut down for most of the morning on Saturday, March 9th. While initial

You left WHAT on that USB drive?! (Naked Security) Nudies, taxes, and memos – oh, my! Research shows that even if we think we’ve deleted content on the sticks, we’re leaving all that and more.

Hackers move under the radar as banking trojans dominate (Intelligent CIO Middle East) New analysis from Darktrace has shed light on the evolving cyberthreat landscape, providing insights into the changing behaviour of cybercriminals in 2018. The research unveils that hackers are seeking profits by using more stealthy tactics, including banking trojans and cryptojacking over traditional methods such as ransomware. The data reveals that the incidence of banking trojans, […]

Why Mom and Pop Businesses Are a Danger to Your Data (OZY) Marriott and Equifax make headlines. But it's smaller businesses that might be a bigger threat.

Sextortion – what’s new, and what to do [VIDEO] (Naked Security) Share this video with your less tech-savvy friends and family to set their minds at rest about sextortion.

Security Patches, Mitigations, and Software Updates

WordPress 5.1.1 patches dangerous XSS vulnerability (Naked Security) Researchers have offered more detail on a recently patched vulnerability that would allow an attacker to take over a WordPress site.

Microsoft to fix 'novel bug class' discovered by Google engineer (ZDNet) Fixes to be included with Windows 10 19H1, scheduled for release in a few weeks.

EPIC Promises to Fix Game Launcher after Privacy Concerns (BleepingComputer) Epic Games has responded to multiple accusations saying that their Epic Games Launcher is scanning for and collecting users' Steam information without first requesting permission.

Cyber Trends

IBM’s photo-scraping scandal shows what a weird bubble AI researchers live in (MIT Technology Review) On Tuesday, NBC published a story with a gripping headline: “Facial recognition’s ‘dirty little secret’: Millions of online photos scraped without consent.

The Future of Cybersecurity is A.I. vs. A.I. (Fortune) "It's going to become a full-on war of algorithms."

Security fatigue leads many to distrust personal data protection, can you blame them? (Help Net Security) Identity is leading concern related to sharing personal data online. Two out of three (68 percent) Americans have this fear.

Rise in teen suicide connected to social media popularity: study (New York Post) CHICAGO — An increase in suicide rates among US teens occurred at the same time social media use surged and a new analysis suggests there may be a link. Suicide rates for teens rose between 2010 an…

Latest trends in automated threat intelligence-driven network security (Help Net Security) Since the earliest days of the Internet both network threats and network defenses have been evolving. In this Help Net Security podcast recorded at RSA

Meet the new generation of white hats (Help Net Security) The past two years have seen an explosion in the number of software vulnerabilities being published, jumping from 6,447 in 2016 to 14,714 in 2017. Seeing

Current phishing defense strategies and execution are not hitting the mark (Help Net Security) Phishing defense strategies and implementation are not hitting the mark. Strengthening these defense activities and improving outcomes is within reach.

Marketplace

Who Is Resecurity, The Mysterious Firm That Blamed Iran For The Citrix Hack? (Forbes) Resecurity CEO Charles Yoo breaks down the Citrix hack, Iranian group IRIDIUM and how the firm suddenly burst into the spotlight

The Russians Can Wait: Gemalto Sale Moves Ahead as Moscow Lags (Computer Business Review) Thales is waiving the requirement that approval be given by Russian competition regulators before the Gemalto sale proceeds, with shareholders told...

Irish arm of TNT in the red after global cyber-attack (Irish Examiner) Pre-tax losses at the Irish arm of logistics firm TNT Express more than doubled to €2.2m last year, after its parent group was hit by “a crippling” cyber-attack.

Facebook outage coincides with (or causes?) 3m new Telegram users (Naked Security) A worldwide, nearly day-long outage at Facebook led to Telegram having a busy, busy day.

Bitcoin billionaires Tyler and Cameron Winklevoss 'still doing better' despite crypto nosedive (The Telegraph) Tyler Winklevoss takes a seat in the Austin, Texas hotel where we’re meeting.

ERP Maestro Appoints Former KPMG Partner Kenneth S. Gabriel to Board of Directors (Morningstar) ERP Maestro Appoints Former KPMG Partner Kenneth S. Gabriel to Board of Directors, Read most current stock market news, Get stock, fund, etf analyst reports from an independent source you can trust – Morningstar

Products, Services, and Solutions

PAS Announces Risk Analytics for Continuous OT Endpoint Security (PAS) New Release of PAS Cyber Integrity Reduces the Attack Surface by Identifying, Prioritizing, and Remediating OT Cybersecurity Risks

Threat Stack provides full workload observability across all public cloud provider platforms (Help Net Security) Threat Stack, the leader in cloud infrastructure security, announced its multi-cloud support which extends security observability to containers.

AlertEnterprise launches AI-powered Identity Intelligence technology for automated threat protection (Help Net Security) AlertEnterprise launched its Identity Intelligence technology, available in the upcoming release of Enterprise Guardian and Enterprise Sentry software.

Netronome secures user data in Web 2.0 applications and prevents malicious attacks (Help Net Security) Netronome unveiled its Agilio CX 50GbE SmartNICs in OCP Mezzanine 2.0 form factor with line-rate advanced cryptography and 2GB onboard DDR memory.

Juniper Networks broadens commitment to open programmability with support of SONiC (Help Net Security) Juniper Networks, an industry leader in automated, scalable and secure networks, announced native integration of Juniper’s platforms with SONiC.

Using advanced AI to stay ahead of cybercriminals (Africanews) As the threat landscape continues to evolve rapidly, it now includes increasingly sophisticated, zero-day malware that traditional

42Crunch Announces Launch of First API Security Platform (PR Newswire) 42Crunch, the leading API security company, officially announced the release of the 42Crunch API Platform, the...

Technologies, Techniques, and Standards

VPN: A Big Misunderstanding? (Security Boulevard) Most VPN services fail to provide a level of data protection and anonymity that would pass professional-level muster. Part 3 of our VPN miniseries shows how confusion about this 20+ years old technology and its complexities has added new risks and threats. * In the first two posts, we focused on

Cybercrime Disruption: The Role of Threat Research (BankInfo Security) CenturyLink has opened Black Lotus Labs, which focuses on threat research used to share information with customers as well as initiate takedowns of networks used to

Despite reservations about NSA's Ghidra, experts see value (SearchSecurity) Early worries about using an NSA tool for reverse-engineering has mostly faded after the release of Ghidra as many experts say the powerful software should be valuable to security researchers.

How to make DuckDuckGo your default Chrome search engine (Naked Security) Good news for the privacy-conscious. Chrome 73, released Tuesday, now includes the DuckDuckGo search engine as an option.

Uncovering the Data Security Triad (SecurityWeek) Every part of data security matters — from secure data storage, transit, and processing to access control and effective key management.

2019 may be a record year for enterprise breaches, but secure collaboration tools could help (Help Net Security) Despite business executives agreeing that cybersecurity is a major challenge, businesses globally are severely unprepared for cyberattacks.

It's time to change our approach to grid security (Utility Dive) Relying on physical defensive techniques — software patching, anti-malware tools, creating strong perimeters and air-gapped networks — will not be enough to ward off future cyberattacks.

An Inside Look at New York State Government Cybersecurity (Security Boulevard) As part of a massive IT transformation and consolidation effort, the state of New York government has redesigned the way it protects constituent data over

Design and Innovation

Will the next version of Android get location privacy right? (Naked Security) Google has confirmed that improved control over location tracking is one of several new privacy features in the next version of its mobile OS, Android Q.

Research and Development

Quantum Computing is a Threat to Cryptocurrencies and Blockchain Cryptography: IBM Executives (Coindoo) Speaking at an interview, IBM executives have highlighted the threat quantum computing pose to cryptocurrencies and blockchain cryptography.

Legislation, Policy and Regulation

New Zealand attack exposes how little the U.S. and its allies share intelligence on domestic terrorism threats (Washington Post) The Christchurch shooting may force countries to refocus on people within their borders who threaten collective security, experts say.

Russia’s Next Land Grab Won’t Be in an Ex-Soviet State. It Will Be in Europe. (Foreign Policy) First he came for Georgia, then for Ukraine. Vladimir Putin’s next target is likely to be a non-NATO nation in the EU.

Venezuela's Maduro Asks Cabinet Ministers to Offer Resignations (Yahoo News) “President @NicolasMaduro has asked the entire Executive Cabinet to offer their charges for resignation for the purpose of a profound reorganization of the methods and operation of the Bolivarian government to shield the Homeland of Bolivar and Chavez from any threat,” Vice President Delcy Rodriguez

Ukraine ready to take on Russian election hackers (Yahoo News) At the headquarters of Ukraine's SBU security service more than a dozen local and Western security experts watch a simulated foreign cyber attack on several big screens ahead of this month's presidential vote. During the joint EU-Ukraine cyber security drills the Westerners pretend to be hackers

Is Huawei a security threat? Seven experts weigh in (The Verge) The Verge convened authorities to hear their opinions

China Does Not Ask Firms to Spy on Others: Premier (SecurityWeek) China will "never" ask its firms to spy on other nations, Premier Li Keqiang said Friday, amid US warnings that Chinese telecommunications behemoth Huawei poses security risks.

Analysis: Will new Chinese law truly protect US, overseas firms operating there? (WRAL TechWire) China claims it's about to create a level playing field for international companies, but many of them are still wary of expanding their presence in the world's second largest economy. Will it?

‘Huawei and Canada are victims of stand-off between US and China’ (South China Morning Post) Ren Zhengfei says US case against his daughter Meng Wanzhou should not damage his company’s relationship with Canada.

How can the US monitor the world if we all use Huawei? (Global Times) Why does the US government always crack down on Huawei? To achieve this, it even uses some disgraceful measures, including slandering the company by exerting its national power. The US moves have sparked questions as to why the US fears the Chinese company so much. Why does the company annoy the US?

We must stop at nothing to thwart Huawei, China in quest for dominance (TheHill) It is critical that the U.S. fight this influence campaign with all aspects of our national power: economic, political, communications, and even national security.

Internet experts reveal true intention behind US’ crackdown on Huawei (Global Times) At the beginning of the 21st Century, US intelligence agencies reportedly developed surveillance technology to monitor different products of the world's main communication companies.

Escalating battle with Huawei ensnares US allies (TheHill) The Trump administration’s standoff with Chinese tech giant Huawei is entering a new phase, one that could put existing intelligence-sharing agreements with U.S. allies at risk.

U.S. Campaign to Ban Huawei Overseas Stumbles as Allies Resist (New York Times) The Trump administration’s effort to ban Huawei from overseas wireless networks has suffered from questions over whether the Chinese telecom company poses a threat.

The renewed debate over the NSA-CYBERCOM split (Fifth Domain) Some members of Congress recently expressed their opinion on splitting the dual-hat arrangement between the NSA and Cyber Command at this time.

Trump spy agency nominee marooned in Senate standoff (POLITICO) The dispute has kept William Evanina from officially assuming a counterintelligence post for more than a year.

National conference lays focus on Cyber laws (UNI) Focussing on the increasing significance and need of strict cyber laws in view of growing importance of social media, the law experts underlined the role of governments in checking and enforcement of cyber laws to prevent encroachment on the privacy of individuals.

Litigation, Investigation, and Enforcement

Analysis | The Cybersecurity 202: Huawei is suing the U.S. to win -- in the court of public opinion (Washington Post) The Chinese telecom's true audience may be other countries considering 5G bans.

Why Tech Didn't Stop the New Zealand Attack From Going Viral (WIRED) Video from mosque shootings in Christchurch popped up on Facebook, Reddit, Twitter, and YouTube, showing the limits of social media moderation.

Facebook has removed 1.5 million copies of the mosque attack video. New Zealand says it needs to do more (CNN) New Zealand's prime minister is upping the pressure on Facebook and other social media platforms after they failed to stop the spread of the Christchurch mosque attack video.

New Zealand PM’s office received shooter’s ‘manifesto’ minutes before attack (FOX2now.com) New Zealand Prime Minister Jacinda Ardern's office received an email with the manifesto from the suspect behind the mass shootings at two Christchurch mosques, minutes before the attack began.

MI5 investigates New Zealand shooter (Times) A white supremacist who led a gun attack on mosques in New Zealand in which at least 49 people were killed is being investigated over possible links to right-wing extremists in Britain. Shortly...

Keeping big tech in check: Silicon Valley giants facing deconstruction (The Telegraph) On Wednesday, the music streaming service Spotify launched a remarkable ambush against one of its biggest partners.

App maker ordered to hand over emails relating to Facebook leak (The Telegraph) A Silicon Valley judge has accused the app makers who leaked secret internal Facebook emails to British MPs last year of conspiring with their lawyers in a systematic campaign to make the documents public.

Venezuela’s Power Grid Afflicted by Brain Drain, Corruption (Wall Street Journal) Hundreds of technicians have fled the country, leaving state electricity company Corpoelec badly in need of qualified professionals. Paired with corruption and a lack of maintenance, that means blackouts will only increase in number and length unless tens of billions of dollars in investments are made.

U.S. Peace Council delegation to Venezuela meets with President Maduro (Fight Back! News) Caracas, Venezuela - The U.S. Peace Council delegation to Venezuelan met with President Maduro for several hours at the Presidential Palace, March 15. President Maduro told the anti-war organizers that the U.S.

Maryland voter database no longer tied to Russian oligarch (WUSA) Maryland officials were previously unaware until July 2018 that Russian billionaire Vladimir O. Potanin had major investments linked to the state's election infrastructure.

How Russian hackers pried into Clinton campaign emails (Lakeland Observer) The hacking group known as Fancy Bear took a new tack, targeting top Clinton lieutenants at their personal Gmail addresses.

How Hackers Pulled Off a $20 Million Mexican Bank Heist (WIRED) Welcome to the world of fake accounts, phantom funds, and money mules.

Backstory: How Reuters uncovered Beto O'Rourke's teenage hacking days (Reuters) Reuters reporter Joseph Menn exclusively revealed on Friday that Democratic pres...

Donor linked to vice scandal pulls White House into China spy row (Times) It was an unlikely transformation. A Chinese-American businesswoman whose family established a massage parlour chain at the centre of prostitution allegations turned out to be a Donald Trump...

Utah man, a former federal intelligence officer, pleads guilty to trying to give classified military information to China (The Salt Lake Tribune) A Utah man who once served as a case officer for the Defense Intelligence Agency has pleaded guilty to trying to spy on the United States on behalf of China.

18-Year Old Arrested in Japan for Stealing $130k in Cryptocurrency (BleepingComputer) A Japanese 18-year-old from Utsunomiya, Tochigi, faces criminal charges for stealing $130,000 (around ¥15 million) worth of cryptocurrency after hacking the Monappy social media network and Monacoin web-based wallet.

Dutch hacker who DDoSed the BBC and Yahoo News gets no jail time (ZDNet) Hacker used a Mirai botnet to DDoS companies and ask for ransoms to stop attacks.

Romanian Vishing/SMiShing Threat Actors Plead Guilty (Security Boulevard) In May of 2018, we reported on three Romanian threat actors who were extradited to the U.S. for their involvement in a SMiShing and Vishing fraud scheme. At the time of reporting, the expected losses were listed around $18 million but have since risen to more than $21 million.

Investigation into Colchester Town Hall cyber attack nearly complete (The Bulletin) A Pennsylvania-based law firm has nearly completed its investigation into a data breach at the Colchester Town Hall, First Selectman Art Shilosky said

Difficulties of content moderation. Venezuela's grid begins to recover. NotPetya's cost still being reckoned. "A monopoly on evil."