The CyberWire Daily Briefing 4.11.19

Cyber Attacks, Threats, and Vulnerabilities

Finland Detects Cyber Attack on Online Election-Results Service (Bloomberg) Finnish police are probing a cyber attack on a web service that publishes vote tallies less than a week before national elections.

US government publishes details on North Korea's HOPLIGHT malware (ZDNet) DHS and FBI publish their sixteenth report on North Korean malware.

Lazarus rises: Warning over new HOPLIGHT malware linked with North Korea (Computing) The new malware is thought to be the work of North Korean state-linked hacking group HIDDEN COBRA, aka Lazarus Group

Malware Analysis Report (AR19-100A) MAR-10135536-8 – North Korean Trojan: HOPLIGHT (US CERT) This Malware Analysis Report (MAR) is the result of analytic efforts between Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. Government partners, DHS and FBI identified Trojan malware variants used by the North Korean government. This malware variant has been identified as HOPLIGHT. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.

Taj Mahal and SneakyPastes: Kaspersky reveals pair of attacks menacing Asia, Middle East (Register) Fresh round of targeted operations unearthed

Gaza Cybergang Group1, operation SneakyPastes (Securelist) Gaza Cybergang(s) is a politically motivated Arabic-language cyberthreat actor, actively targeting the Middle East North Africa region. Group1 is the least sophisticated of the three attack Gaza groups.

'MuddyWater' APT Spotted Attacking Android (Dark Reading) Cyber espionage attack group adds mobile malware to its toolset.

New Cyberattack by Group Behind TRITON/TRISIS Reported (POWER Magazine) Cybersecurity firm FireEye has uncovered and is responding to a new intrusion at an unnamed critical infrastructure facility that it suggests in an April

Two in Three Hotel Websites Leak Guest Booking Details and Allow Access to Personal Data (Symantec) Hospitality services’ websites may leak your booking details, allowing others to view your personal data or even cancel your reservation.

Security flaws in WPA3 allow attackers to hack passwords (Computing) Vulnerabilities in WPA3 enable attackers to take control of Wi-Fi networks and crack encrypted passwords

What's The Best Name? ThreadJacking or Man-in-the-Inbox Attacks? (KnowBe4) We are seeing a new type of attack popping up more and more. Bad guys send a phishing attack and steal the credentials of your employee. But they stay under the radar and lurk for a while to understand the email traffic and the people the compromised account regularly talks to.

Mailgun hacked part of massive attack on WordPress sites (OODA Loop) Threat actors on Wednesday launched a massive hacking campaign targeting WordPress websites that use the Yuzo Related Posts plugin, a recently discontinued plugin that is vulnerable to a cross-site scripting (XSS) attack. The flaw allows

Google Play app "Peel Smart Remote" leaks users' pictures (Pradeo) Last week, the Pradeo Security engine alerted its users about severe security issues found in the app’s 10.7.3.3 version. It has been found that the App was collecting and leaking users’ pictures to a server that does not belong to the app publisher.

ESET warns users of fraudulent e-mail messages (IT News Africa) ESET has recorded a wave of multi-lingual e-mail based extortion scams scaring victims into paying. The attacker in the email claims they have hacked the

The Risk of Credential Stuffing to the Smart Home (The State of Security) With breaches happening often and aggregated data from previous breaches circulating, the greatest threat in the smart home is probably credential stuffing.

Security Patches, Mitigations, and Software Updates

Google Wants To Block Potentially Risky Non-Secure Downloads (BleepingComputer) Google proposed the addition of automatic blocking of high-risk downloads from non-secure websites in future versions of its Chrome web browsers as revealed by a proposal from Google Chrome security engineer Emily Stark in the World Wide Web Consortium (W3C) public mailing list.

Microsoft finally killed Windows XP this week (CRN Australia) Support ended for Windows Embedded POSReady 2009 on 9 April.

Verizon patches FiOS routers to fix three security flaws (Engadget) A security researcher discovered flaws that could let attackers take over certain Verizon FiOS routers, and a patch has already rolled out.

Cyber Trends

It's Not Just You They're After -- It's Your Supply Chain Too (Forbes) Cyber attackers are looking to expand and diversify. They're not after just a single victim, but that victim's entire supply chain as well, through techniques like "island hopping" and "counter-incident response.

Cybersecurity is a science, not an art, says Fortinet CISO (SiliconANGLE) The current explosion of data has been compared to the oil boom of the 1900s, and the analogy holds true in more ways than as a catalyst for wealth and power.

Marketplace

Women paid more than men in senior IT roles (Computing) Men outnumber women in technology leadership roles, with only 16 per cent of roles being filled by women, according to recruitment firm Michael Page

Cybersecurity firm Cofense says Pamplona to sell stake after U.S.... (Reuters) U.S. cybersecurity firm Cofense Inc said on Wednesday that buyout firm Pamplona ...

U.S. Officials Pressure Russia-Linked Buyout Firm to Sell Stake in Cybersecurity Company (Wall Street Journal) U.S. national security officials told a private-equity firm partly backed by a Russian billionaire named in the Steele dossier to sell its stake in cybersecurity firm Cofense.

Israeli cybersecurity company Tufin prices IPO at $14 a share (MarketWatch) Tufin Software Technologies Ltd. priced shares at $14 in its initial public offering Wednesday evening, setting up the Israeli cybersecurity company for a...

Nasdaq and Tel Aviv-Listed Cyber Company Safe-T Acquires Proxy Network Startup NetNut (CTECH) Safe-T offers anti-hacking services to financial institutions, mainly Israeli government and academic entities, as well as commercial companies

Provenance.io Blockchain Raises $20 Million in Security Token Offering (PR Newswire) Provenance Blockchain, Inc. ("PBI"), the administrator for the Provenance.io blockchain, announced it has...

High-Tech Bridge is now ImmuniWeb® (BusinessWire) High-Tech Bridge, a global provider of application security testing and risk scoring, is now ImmuniWeb.

California cybersecurity firm expanding in Northern Virginia (Washington Business Journal) California-based FireEye Inc. is expanding its Northern Virginia presence.

Applied Insight adds to leadership team, moves HQ to Tysons Corner (Technical.ly DC) Previously headquartered in Ashburn, Va., the tech company made some major moves through a pair of acquisitions, and hiring.

Netography Adds Bill Magnuson to Board, Gus Cunningham to Management Team, Receives Additional Funding (BusinessWire) Netography, an autonomous network security platform, adds Bill Magnuson to its board, Gus Cunningham to management team, receives additional funding

RackTop Systems Bolsters Federal Sales Team with Key Hires of IT Industry Veterans (Benzinga) RackTop Systems, the pioneer of CyberConverged™ data security, a new market that fuses data storage with advanced security and...

Products, Services, and Solutions

Security Industry Association Announces Winners of the 2019 SIA New Product Showcase Awards (Security Industry Association) IPVideo Corporation took the top honors in SIA’s annual award program recognizing innovative security products at ISC West.

Pulse Secure Announces Collaboration with New Strategic Authorized Education Partners (West) Pulse customers and partners now able to gain recognition as a Certified Technical Expert

Kudelski Security Partners with BTblock to Deliver Secure Blockchain and DLT Deployments (PR Newswire) Kudelski Security, the cybersecurity division of the Kudelski Group ...

When is a phone not a phone? When it's an Android security key (Register) Google Cloud product deluge spans security, analytics and AI

Cavirin Showcases Google Cloud Closed-Loop Security and Security Command Center Integration at Google Cloud Next ‘19 (BusinessWire) Cavirin Systems, Inc., the only1 company providing risk, cybersecurity and compliance management for the enterprise hybrid cloud, will be demonstratin

Indian media mogul turns to Darktrace cyber defence technology (BusinessWeekly) Network 18 has deployed Darktrace’s AI technology to safeguard its intellectual property from sophisticated cyber attacks. As one of India’s largest media corporations, Network 18 manages a holistic business, including 73 broadcast channels, as well as leading online news portals and publishing brands. Network 18 runs the biggest news broadcast network in India through its

Syncsort Launches Assure Security to Address Increasing Sophistication of Cyber Attacks and Expanding Data Privacy Regulations (AiThority) Syncsort, the global leader in Big Iron to Big Data software, announced Assure Security, combining access control, data privacy, compliance monitoring and risk assessment into a single product.

Technologies, Techniques, and Standards

Security Think Tank: Incident response vital to guard against catastrophic cyber attack (ComputerWeekly) How should businesses plan to survive a potential cyber attack extinction event?

IBM Study: More Than Half of Organizations with Cybersecurity Incident Response Plans Fail to Test Them (IBM News Room) Yet Use of Automation Improved Detection and Containment of Cyberattacks by nearly 25%

The National Guard decodes how to beat encrypted attacks (Fifth Domain) Cyber Shield 19 aims to train National Guardsman on best practices in cyber detection while building industry partnerships.

CISA Partners with Secure Community Network to Hold Incident Response Exercise (Department of Homeland Security) Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) hosted a tabletop exercise in collaboration with the Secure Community Network (SCN). The exercise brought together Jewish community leaders from across the nation, along with federal and state law enforcement and interagency partners to examine how they would act in a notional event focused on threats of violence including scenarios based on current events.

Hometown Security (Department of Homeland Security) The U.S. Department of Homeland Security’s (DHS) most important mission it to protect the American people. As part of this mission, DHS fosters collaboration between the private sector and the public sector to mitigate risk and enhance the security and resilience of public gathering sites and special events.

Busting the myths of working in a secure operations centre (CRN) 'People would be surprised at how much talking we do', NTT Security threat intelligence manager tells CRN sister publication Channel Partner Insight during an all-access tour of one of its ten global SOCs

4 ways to minimize IoT cybersecurity risk (GCN) Despite the security threats posed by internet-of-things devices, agencies can take basic steps to protect themselves from their cyber vulnerabilities.

Design and Innovation

With over 54 mn users in India, LinkedIn focusses on AI to remove fake profiles (ETCIO) India is the fastest growing market, outside the US, for the networking site.

Google Could Get Tons of Data From Its Gaming Platform (OneZero) Stadia sounds great, but don’t forget Google is a research company

PC gone mad? Google bans the word 'no' and makes guests promise not to sexually pester or make inappropriate jokes (The Telegraph) Google famously based its early corporate culture on the motto:

Verizon’s approach to 5G security (Verizon) The security of our networks is as important to us as their reliability and speed.

Academia

Southern University to open cybersecurity center near Quantico, nation’s capital (KSLA) Southern University will take part in the high-demand cybersecurity industry by opening up a center near the nation’s capital.

UNCW hopes to prepare 'Cyber Warriors' to combat future cyber threats | WilmingtonBiz (WilmingtonBiz) With an increasing threat of cyberattacks on financial, health and other institutions, the University of North Carolina Wilmington is looking ahead with the goal of preparing students in the information technology and cyber defense field. That was one main message from UNCW officials and featured speakers at the annual WITX (Wilmington Information Technology eXchange) conference this week.

Legislation, Policy and Regulation

For NATO, China is the new Russia (POLITICO) Beijing, rather than Moscow, is the top concern as the alliance gathers in Washington this week.

Japan allocates 5G spectrum to carriers, blocks Huawei and ZTE gear (VentureBeat) Lagging behind South Korea and the United States in 5G deployments, Japan has allocated spectrum to four top carriers while saying no to Chinese 5G gear.

Huawei's surveillance system in Serbia threatens citizens' rights, watchdog warns (ZDNet) The Chinese giant's Safe City Solution for Belgrade is raising questions about its use of personal data.

Subsea cable plan for Australia-China link leaves Huawei trailing (CRN Australia) SubCom wants to lay a link from Australia to Hong Kong through PNG.

Australia is vulnerable to a catastrophic cyber attack, but the Coalition has a poor cyber security track record (The Conversation) Scott Morrison has bragged about 'stopping the boats', but his government has failed to do anything meaningful to bolster cyber security and stop the malware.

Detour Act Final | Informed Consent | Internet (Scribd) U.S. Sens. Mark R. Warner (D-VA) and Deb Fischer (R-NE) have introduced the Deceptive Experiences To Online Users Reduction (DETOUR) Act, bipartisan legislation to prohibit large online platforms from using deceptive user interfaces, known as “dark patterns” to trick consumers into handing over their personal data.

Dark Patterns: How Weaponized Usability Hurts Users (GovInfo Security) Dark patterns are out to get you. The term describes the practice of abusing usability norms to create user interfaces that trick users into divulging their

Will DHS leadership upheaval affect CISA? (FCW) As the Department of Homeland Security scrambles following the abrupt departures of Secretary Kirstjen Nielsen and number of top officials, the newly formed Cybersecurity and Infrastructure Security Agency could get caught up in the chaos.

SECNAV: Navy Must Take Lead In Providing Industrial Base Cybersecurity (USNI) Securing the vast data-sharing network used by the Department of the Navy and its industrial base will require a significant investment of time and expertise from the department, Secretary of the Navy Richard V. Spencer told lawmakers on Wednesday.

Safe Harbor Programs: Ensuring the Bounty Isn't on White Hat Hackers' Heads (Dark Reading) As crowdsourced security-testing surges in popularity, companies need to implement safe harbor provisions to protect good-faith hackers -- and themselves.

Litigation, Investigation, and Enforcement

DHS, FBI say election systems in all 50 states were targeted in 2016 (Ars Technica) Joint Intelligence Bulletin issued in March says Russian hacking efforts were wide-ranging.

Julian Assange booted out of Embassy of Ecuador in London - and arrested by Metropolitan Police (Computing) Ecuador expels WikiLeaks' founder Assange after seven years in Ecuador's London embassy

Assange accused of conspiring with Chelsea Manning in 2010 WikiLeaks release, says unsealed U.S. indictment (Washington Post) He faces charges in Britain for jumping bail in 2012 — and an extradition request from the United States, according to British and U.S. officials.

Blackmailers threaten release of Assange embassy ‘sex secrets’ (Times) Blackmailers threatened to reveal sexual secrets of Julian Assange’s life insidethe Ecuadorean embassy as part of a €3 million extortion attempt, it was claimed yesterday. Security footage and...

Just and Unjust Leaks (Foreign Affairs) Revealing official secrets and lies involves a form of moral risk-taking. And drawing the line between the right and wrong kinds of disclosures has grown harder than ever in the Trump era.

Attorney general says he believes ‘spying did occur’ in campaign probe of Trump associates (Washington Post) Law enforcement officials have defended their handling of the Russia investigation, and they have denied they engaged in political spying.

Barr seems to embrace GOP talking points on Mueller Russia probe (NBC News) Analysis: Barr appeared to endorse a widespread GOP view that the Mueller probe may have involved inappropriate surveillance of the Trump campaign.

William Barr Sends Troubling Signals Ahead of Mueller Report Release (WIRED) Attorney general William Barr will have tremendous sway over how much of the Mueller report the public can see. Right now, it doesn't look promising.

Eric Holder rebukes William Barr: It’s called 'investigating' not 'spying' (Washington Examiner) An Obama-era Justice Department chief took issue with Attorney General William Barr saying Wednesday that "spying did occur" on President Trump's 2016 campaign.

Gregory Craig, ex-Obama White House counsel, expects to be charged in relation to Ukrainian work with Manafort, his lawyers say (Washington Post) Craig has been scrutinized as part of a foreign lobbying investigation spun out of special counsel Robert S. Mueller III’s probe into Russian interference in the 2016 presidential election.

Two robocallers fined $3m for Google listings scam (Naked Security) The robocall scammers were defrauding small businesses who were scared of seeing their Google search listings drop off.

Two teens charged with jamming school Wi-Fi to get out of exams (Naked Security) They’re facing charges of computer criminal activity after allegedly disrupting the network at the request of their friends.

Pyongyang's HOPLIGHT backdoor Trojan. Operation SneakyPastes. DDoS in Finland. Assange in custody. The importance of rehearsal.