The CyberWire Daily Briefing 4.15.19

Cyber Attacks, Threats, and Vulnerabilities

Facebook, Instagram and WhatsApp working again after outages (CRN Australia) Really did make the world a better place, briefly.

Facebook Suffers Third Major Global Outage This Year (Bloomberg) Facebook, Instagram, WhatsApp and Messenger down for hours. Frustrated users took to Twitter to vent from across the world.

How Much Did WikiLeaks Damage U.S. National Security? (NPR.org) This question has been a source of debate since the group published hundreds of thousands of U.S. military documents and diplomatic cables in 2010, many related to U.S. wars in Iraq and Afghanistan.

North Korea could target Southeast Asia's vulnerable crypto sector, says defense think tank (CNBC) North Korea's cyber capabilities and financial networks pose a threat to Southeast Asia's growing, yet vulnerable, cryptocurrency sector, according to British defense and security think tank Royal United Services Institute.

Vladimir Putin Has A GPS Scrambler That Can Help Crash A Yacht Or Cheat At ‘Pokemon GO’ (The Inquisitr) The Russian government has been deliberately and systematically interfering with the global navigation satellite system (GNSS), a network that is the backbone of much of the global positioning system ...

Cybersecurity Researchers Rediscover an Old Flame (Infosecurity Magazine) It's ba-aaack. The Flame malware that shocked the world in 2012 never really went away

Internet Explorer zero-day lets hackers steal files from Windows PCs (ZDNet) Microsoft refused to patch issue so security researcher released exploit code online.

Microsoft admits to three-month long Outlook account hack (Computing) Only a limited number of accounts potentially compromised, claims Microsoft

Microsoft support agent's email hacked, customer emails compromised (CRN Australia) Unknown number of users affected.

Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support (Motherboard) Hackers abused a Microsoft customer support portal that allowed them to read the emails of any non-corporate account.

Microsoft: Hackers compromised support agent’s credentials to access customer email accounts (TechCrunch) On the heels of a trove of 773 million emails, and tens of millions of passwords, from a variety of domains getting leaked in January, Microsoft has faced another breach affecting its web-based email services. Microsoft has confirmed to TechCrunch that a certain “limited” number of peop…

Microsoft discloses security breach that impacted some Outlook accounts (ZDNet) Incident took place after hackers compromised a Microsoft support agent's account.

Gov’t warns on VPN security bug in Cisco, Palo Alto, F5, Pulse software (Network World) VPN packages from Cisco, Palo Alto, F5 and Pusle may improperly secure tokens and cookies, allowing nefarious actors an opening to invade and take control over an end user’s system.

Homeland Security warns of security flaws in enterprise VPN apps (TechCrunch) Several enterprise virtual private networking apps are vulnerable to a security bug that can allow an attacker to remotely break into a company’s internal network, according to a warning issued by Homeland Security’s cybersecurity division. An alert was published Friday by the governmen…

Homeland Security warns on enterprise VPN app bug (Seeking Alpha) The Dept. of Homeland Security has issued a warning about a security bug it says affects several enterprise virtual private networking apps.

VPN applications insecurely store session cookies (CERT Coordination Center) Multiple Virtual Private Network (VPN) applications store the authentication and/or session cookies insecurely in memory and/or log files.

Vulnerability in Multiple VPN Applications (CISA) The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting multiple Virtual Private Network (VPN) applications. An attacker could exploit this vulnerability to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#192371 for

AfterShock-3PC: Polymorphic malware attack on 200+ premium publishers (The Media Trust) This article was authored by Mike Bittner, Associate Director of Digital Security & Operations.

Malware Creates Cryptominer Botnet Using EternalBlue and Mimikatz (BleepingComputer) A malware campaign is actively attacking Asian targets using the EternalBlue exploit and taking advantage of Living off the Land obfuscated PowerShell-based scripts to drop Trojans and a Monero coinminer on compromised machines.

The correlation between DDoS attacks and cryptomining (Help Net Security) There is a correlation between cryptocurrency and DDoS attacks: as the price of cryptocurrency drops, hackers divert botnet resources to DDoS attacks.

RobbinHood Ransomware Claims It's Protecting Your Privacy (BleepingComputer) A new ransomware is in play called RobbinHood that is targeting entire networks and then encrypting all computers that they can gain access to. They then request a certain amount of bitcoins to decrypt a single computer or a larger amount to decrypt the entire network.

A security researcher with a grudge is dropping Web 0days on innocent users (Ars Technica) Exploits published over the past three weeks exposed 160,000 websites to potent attacks.

Attacker Offers Advice to Matrix.org After Hacking Its Systems (SecurityWeek) Matrix.org, an open source project for secure and decentralized communications, had its systems hacked and its website defaced. The hacker then revealed the security issues he found.

Internet Explorer security flaw allows hackers to steal files (Engadget) A vulnerability in Internet Explorer lets intruder swipe files even if you never touch the web browser.

New Internet Explorer Zero-day exploit can get you even if you use Chrome - MSPoweruser (MSPoweruser) A security researcher has found a new vulnerability in how Internet Explorer 11 handles .MHT saved web pages which would allow hackers to steal files on your PC. Crucially because Internet Explorer is the default handler for .MHT files the zero-day, unpatched exploit would still work even if you use Chrome as your default for …

Hackers publish personal data on thousands of US police officers and federal agents (TechCrunch) A hacker group has breached several FBI-affiliated websites and uploaded their contents to the web, including dozens of files containing the personal information of thousands of federal agents and law enforcement officers, TechCrunch has learned. The hackers breached three sites associated with the…

EU Citizens’ Hit by UK Government Data Leak (Infosecurity Magazine) Home Office can’t get the hang of bcc

FEMA leaked disaster survivors’ data to this previously unidentified company (Quartz) Only one US lodging contractor was involved in relief efforts for three hurricanes and the 2017 California wildfires: FleetCor's CLC Lodging.

‘Land Lordz’ Service Powers Airbnb Scams (KrebsOnSecurity) Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called “Land Lordz,” which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings.

Attackers Spoofing Known Tech, Security Brands (Infosecurity Magazine) Researchers discover attackers spoofing Microsoft, Barracuda Networks to steal credentials.

Genesee County ransomware attack more severe than originally thought (SC Media) Genesee County, Mich. officials are telling residents the ransomware attack it suffered has had a larger impact than originally thought and that many services are not likely to be quickly restored.

189 Australian financial services orgs under attack by SMS-borne malware (CRN Australia) 'Gustuff' malware includes fake logon screens and local targeting mechanisms.

2019 tax season phishing scams (Zscaler) Zscaler ThreatLabZ team is keenly observing 2019 Tax Season Phishing Scams. We are actively monitoring tax related phishing campaigns and ensuring that Zscaler customers are protected. We have seen various types of phishing campaigns where attackers are using various methods to deliver the phishing content. Read more.

Haven’t filed your taxes yet? Cyber scammers are working hard to gyp online tax filers waiting until the last minute (ConsumerAffairs) Here we are at tax season’s eleventh hour. If you haven’t filed your taxes yet, and you’re thinking about doing it using tax preparation software, heads up

Recent Breach Targeted MyPillow And Amerisleep Customer Data (neoRhino IT Solutions) If you've purchased bedding from either MyPillow or Amerisleep, your data may have been compromised. These companies are two popular mattress and bedding merchants operating in the US. This is according to a recent report coming to us from RiskIQ....

Social Engineering Hacks the Way You Think (Security Boulevard) What does “social engineering” mean? The term “social engineering” may sound arcane and intimidating, and in some ways, it is. But most of us have encountered some form of social engineering many times — on the internet, in our emails, and in newspapers and magazines. The email advance-fee scam, which most of us will remember as the Nigerian Prince email scams from years ago, is one form of social engineering — deceiving the victim into believing they have something to gain.

Facebook accidentally prints ‘inappropriate’ hidden messages on thousands of VR controllers like ‘Big Brother is Watching’ (9to5Mac) Facebook’s Head of VR Product today explained that the company accidentally printed what he called “inappropriate” hidden messages on its Oculus VR Touch Controllers like “T…

Facebook admits “supply chain data leak” in new Oculus headsets (Naked Security) One week out from Easter, and Facebook’s Oculus subsidiary has admitted a “hidden message Easter Egg” gone wrong. Coincidence? Or…

Security Patches, Mitigations, and Software Updates

VMware Patches DoS, Information Disclosure Flaws in Graphics Components (SecurityWeek) Patches released by VMware for its ESXi, Workstation and Fusion products address DoS and information disclosure vulnerabilities related to graphics components.

Microsoft publishes security configuration suggestions for the Enterprise (gHacks Technology News) Microsoft published a new security configuration framework for Windows 10 devices that it calls SECCON framework in April 2019.

Windows Update breaking PCs running popular security software (CRN Australia) Sophos, Avast and two other A-V vendors aren’t getting on with Windows.

Cyber Trends

Half of security pros would rather walk barefoot in a public restroom than use public Wi-Fi (OODA Loop) A new Lastline survey looks at the security habits and views of infosec professionals. The report shows not only that security experts avoid connecting to public Wi-Fi networks because these are hard to secure, but

Big Brother at the Mall (Wall Street Journal) Is facial recognition coming to a store near you? The privacy-protection debate in Congress is moving beyond e-commerce to bricks-and-mortar stores. Already, magic mirrors and in-store beacons log shoppers’ data.

Marketplace

Norsk Hydro's earnings delayed by five weeks due to March cyber attack (Reuters) Norsk Hydro, one of the world's largest aluminum makers, will postpone its ...

Huawei is 'open' to selling 5G chips to Apple for iPhones, marking a big shift in strategy (CNBC) 5G pioneer Huawei has has never sold its Balong 5000 chip to rivals — but now it's open to selling to Apple, company CEO Ren Zhengfei told CNBC.

IBM set to secure India against nation-state hackers (Business Standard) As chorus in India grows to safeguard key defence installations and organisations from nation-state cyber criminals, IBM with its enterprise-grade security solutions is ready to partner the government on cyber-proofing sensitive data on Cloud.

Eugene Kaspersky: Mistrust makes us stronger (Computerworld) As the drummers in LED-studded military uniforms exit the stage at the opening ceremony of Kaspersky Lab's Singapore summit, on walks Eugene Kaspersky in a blue linen shirt, jeans and trainers, an SLR camera slung round his neck.

Why bug bounty firms want to be penetration testing companies (CyberScoop) Bug bounty companies certainly seem to realize a shift is underway. A number of them have pivoted to offering penetration testing services.

Parsons makes $100M IPO filing public -- Washington Technology (Washington Technology) After months of SEC review, Parsons Corp. makes its registration for a $100 million initial public offering available for all to see.

Private equity firm acquires Augusta's EDTS (The Augusta Chronicle) A Pennsylvania-based private equity firm has acquired Augusta's EDTS and plans to merge the IT service provider into its Maryland-based Corsica

Provenance.io Completes $20 million Security Token Offering (Securities.io) Provenance.io has recently completed a successful round of funding, totaling $20 million. Visit securities.io to learn more about their STO!

2 Tech Stocks You Can Buy and Hold Forever (The Motley Fool) Investors can't go wrong with these technology businesses, as they will keep growing for a long, long time.

Zscaler: Valuation Seems A Bit Excessive Heading Into Earnings (Seeking Alpha) Revenue growth in Q2 was 65%, which actually accelerated from 59% in the previous quarter.

Okta now has over 100 million registered users, says CEO (Milbank Monitor) Okta now has more than 100 million registered users, a major milestone for the 10-year-old software company, Okta co-founder and CEO Todd McKinnon confirmed to CNBC in an exclusive interview.

Here are the winners of the 2019 Maryland Cybersecurity Awards (Technical.ly Baltimore) Awards for "defenders," "champions" and the like working in the growing local industry were presented at a ceremony on April 11.

Password manager Dashlane closes on $30M, adds former Spotify CMO to board (TechCrunch) Dashlane, a popular password manager and all-round identity management solution, has raised another $30 million in funding, the company announced today. The funding — this time a round of debt financing from Hercules Capital — follows prior investment from FirstMark Capital, Rho Venture…

Products, Services, and Solutions

Netwrix announces integration with ConnectWise (Netwrix) Netwrix Auditor enables MSPs to deliver advanced security services and gain a competitive advantage in the MSSP market

Flickr tackling online image theft with new AI service (Naked Security) Photo sharing website Flickr is trying to combat copyright infringement with a service that spots copies of its users’ images online.

Xperteks Partners with ADT Cybersecurity to Elevate their Managed Services Providership (MSP) to a Master Level for SMB's and Enterprise Clients (PR Newswire) Xperteks, a leading master technology services provider (MTSP), announced today that the company has finalized a...

Technologies, Techniques, and Standards

The principles of cyber risk management: What does good security look like? (PropertyCasualty360) Concern has shifted from dealing with data being stolen and sold to handling serious ransomware and destructive attacks.

How to tackle formjacking and avoid becoming Magecart's next victim (Computing) Netskope's Paolo Passeri explains why organisations need to systematically audit their ecommerce sites - regularly

How To Tighten Your Amazon Echo and Google Home Privacy (WIRED) With news that Amazon lets human employees listen to Alexa recordings, you might want to tighten up your smart assistant ship.

Is artificial intelligence intelligent? How machine learning has developed. (Washington Post) Understanding the human brain may help improve AI.

A New Perspective Aids Cyber Inspections Amid Mission Risk (SIGNAL Magazine) The Defense Department is employing a new design for its Next Generation (NEXTGEN) cybersecurity inspection that links the inspection to an organization’s operational mission.

How Ghost Army Tactics Can Help Federal Agencies Win the War on Hackers (Nextgov.com) Traditional strategies no longer suffice.

Design and Innovation

Data61 an international exemplar of public sector 'digital innovation' done right (The Mandarin) Data61 is pleased as punch to be presented as a world-leading example of how a public body can contribute to national "digital innovation" through a new OECD report.

IBM says automation is the next big step in cyber security (Information Age) The fourth IBM cyber security survey has revealed how unprepared companies are for a cyber attack. How can they remedy this?

Bill Gates on the potential (and dangers) of artificial intelligence (Ladders | Business News & Career Advice) As far Bill Gates is concerned, the technology is every bit as promising as it is dangerous, but if we're not careful things can get out of hand quickly.

Optimize Algorithms to Support Kids Online, Not Exploit Them (WIRED) Young people benefit from their online interactions. Locking them out of the internet isn’t the answer to commercial bad actors.

This researcher found a way to change what pixels you see on your PC monitor. That hack ended up on 'Mr. Robot' (StamfordAdvocate) Ang Cui, CEO of security firm Red Balloon, specialises in trying to make embedded systems more secure.

Academia

Does a university’s culture make it predisposed to cyber crime? (Times Higher Education) Higher education must reconcile its commitment to open access information with good cybersecurity principles, argues Martin Vincent

Legislation, Policy and Regulation

Thailand's Cyber Law Raises Fear Military Could ‘Cage’ the Internet (Bloomberg) Law would give state power to seize data and equipment. Critics concerned over possible abuse of cyber security law

Huawei: U.S. And Europe Divided As Germany Officially Rejects Washington's Demands (Forbes) Germany has now confirmed its decision to reject U.S. calls for a ban on Huawei's 5G equipment. The country's regulator has said that "no equipment supplier, including Huawei, should, or may, be specifically excluded." Where that leaves Washington's campaign is now unclear.

The Cybersecurity Threat Of GDPR (PYMNTS.com) The General Data Protection Regulation (GDPR) represented a new phase in data security and EU regulators’ approach to it. Designed to safeguard consumers with greater transparency into how, when and by whom their personal data is collected, GDPR, though based in EU, has a global reach and is likely to act as a blueprint for […]

Trump Announces 5G Plan as White House Weighs Banning Huawei (New York Times) President Trump has been considering an executive order that would ban Huawei and other Chinese telecom companies from building the next generation of wireless networks.

Adversaries are watching our American security leadership (TheHill) The sudden departure of top officials risks undermining the government agency we helped to create.

US lawmakers introduce a bill to require algorithms to be checked for bias (Computing) Algorithmic Accountability Act would require US tech firms to audit their algorithms before deployment

While You Were Offline: Is Homeland Security Being Purged? (WIRED) The department saw a lot of shakeups last week.

Welcome to the New, More Chaotic Homeland Security (WIRED) A leadership void at DHS means the White House is calling the shots where it wants to, cybersecurity experts warn, and other agencies can muscle in where it won’t.

Cops seeks Israeli tools to deal with cybercrimes (The Times of India) VISAKHAPATNAM: Owing to the increasing number of cybercrimes taking place in Andhra Pradesh, cybercrime police are seeking Israel-made tools to invest.

England and Wales Police Get Dedicated Cybercrime Units (Infosecurity Magazine) Every force now has its own cyber specialists

Heading off hackers: Ohio weighs Cyber Force (Dayton Daily News) Take heed, hackers: Ohio is getting ready

Scuttlebiz: Army Cyber Command mulls name change (The Augusta Chronicle) By any definition, "cyber" is a pretty broad term.But not broad enough for the Army, apparently.Unless you're an avid consumer of inside-

Litigation, Investigation, and Enforcement

Isis plans to copy Paris atrocity with fresh wave of carnage (Times) In Paris four years ago 130 people died when Isis terrorists stormed the Bataclan concert hall and attacked other soft targets across the city. In Manhattan two years later a pick-up mowed down...

China takes Australia's Huawei 5G ban to global trade umpire (Sydney Morning Herald) The Chinese complaint was made at a World Trade Organisation meeting in Geneva.

WikiLeaks questions remain after London arrest of ‘houseguest from hell’ (The Parallax) Experts worry that U.S. charges against WikiLeaks's Assange could scare whistleblowers—or cover up his relationships with Russia and Trump associates.

WikiLeaks Set 21st Century Model for Cyber-Leak Journalism (SecurityWeek) Using cryptography and virtual drop boxes, Julian Assange's WikiLeaks created a revolutionary new model for media to lure massive digitized leaks from whistleblowers, exposing everything from US military secrets to wealthy tax-dodgers' illicit offshore accounts.

What Does Julian Assange’s Arrest Mean for Journalists? (Observer) Wikileaks is undoubtedly a controversial organization.

Julian Assange: A Decade of Stunning Leaks of U.S. Secrets (SecurityWeek) Julian Assange's indictment on narrow charges of hacking conspiracy seems to concede that his activities, as damaging as they have been, could be protected by constitutional freedom of the press guarantees.

The Julian Assange I Met in 2010 Doesn't Exist Anymore (WIRED) When the author interviewed the WikiLeaks cofounder in 2010, what happened online still seemed remote and relatively unthreatening. Today it’s deadly serious.

Will Assange's 'physical proof' blow up the Dem Party's biggest lie? (Conservative News Today) Is Julian Assange about to blow the lid off a whole pack of lies told by the Democrats and the intelligence community since 2016? In the summer of 2017, California Republican Congressman Dana Rohrabacher went to London and met with Assange at the Ecuadorian embassy, where he was living after having been granted asylum by …

Barr’s spy talk emboldens Trump’s allies ahead of Mueller report’s release (Washington Post) The attorney general’s nod to conservative concerns about the Russia investigation’s origin elevates accusations that Democrats call a conspiracy theory.

Inside the Russian effort to target Sanders supporters — and help elect Trump (Washington Post) The Vermont senator “was central to their strategy,” a researcher says after a new examination of Twitter data.

More ISIS-inspired terror looms as Trump dismantles DHS (Quartz) The purge of top Homeland Security leadership poses a risk for America, counterterrorism experts say.

Google’s Sensorvault Is a Boon for Law Enforcement. This Is How It Works. (New York Times) Investigators have been tapping into the tech giant’s enormous cache of location information in an effort to solve crimes. Here’s what this database is and what it does.

Mar-a-Lago intruder told feds she came for an event; she knew it was canceled, source says (Herald-Mail Media) Yujing Zhang, the Chinese woman arrested trying to enter Mar-a-Lago, made an 8,500-mile journey to President Donald Trump’s private social club, saying she wished to attend a charity

Opinion | Mar-a-Lago is a counterintelligence nightmare (Washington Post) The winter White House is wide-open for spying.

Apple and Qualcomm’s Billion-Dollar Staredown (Wall Street Journal) The tech titans’ patent dispute has become one of the ugliest corporate battles in history. A frosty relationship between the companies’ CEOs, Tim Cook and Steve Mollenkopf, has deepened the divide.

The Bayrob malware gang's rise and fall (ZDNet) The story of how a talented computer science student and his friends created and ran a multi-million dollar botnet.

Sunnyvale firm to pay $545K to settle claims it sold Chinese-made equipment to U.S. government (The Mercury News) Federal prosecutors say Fortinet Inc. employee directed Chinese products to be r

Fortinet To Pay $545K To Settle Claim That Ex-Employee Defrauded Feds (CRN) Fortinet acknowledged in a settlement entered Friday that a former employee had product labels changed to make the items appear compliant with Federal procurement law.

Optus fined $25k for disclosing political donations only once (CRN Australia) Fine and costs are more than ten times the price of forgotten function tickets.

Cofense deal highlights strategy shift from US foreign investment watchdog (PitchBook) Pamplona Capital Management's investment in Cofense is the latest deal to be investigated by CFIUS, as concerns over foreign investment in the US continue to grow.

Senate IT Office Hit With ‘Housecleaning’ in Hassan Aide Scandal (Epoch Times) Senate Sergeant-at-Arms officials conducted a “general housecleaning” that resulted in “massive personnel changes” in the upper chamber’s information ...

Web portal for cybercrime reports ready by month-end (Jamaica Observer) A w eb portal for victims to report cybercrimes or cyb...