The CyberWire Daily Briefing 5.3.19

Dateline

Analysis | The Cybersecurity 202: Iran’s the scariest cyber adversary, former NSA chief says (Washington Post) Keith Alexander says the U.S. has fewer diplomatic levers to pull.

Cyber Attacks, Threats, and Vulnerabilities

Big Brother’s watching: Turkey secretly tracked US airmen, documents allege (Air Force Times) The fact that a host nation kept tabs on U.S. operations isn’t necessarily malicious, or surprising, U.S. officials said.

Chinese app tracks every move that Muslims make (Times) Chinese Muslims are unable to use their phone, fill up their car with petrol or even leave the house without being recorded by an unprecedented surveillance operation in the country’s far west...

Opinion | We Should Worry About How China Uses Apps Like TikTok (New York Times) Illiberal innovations created for China’s vast surveilled and censored domestic market are increasingly popular overseas.

ISIS’s New Target: South Asia (Foreign Policy) The Sri Lanka attacks should put the region on alert.

SECURITY: 'Denial of service' attack caused grid cyber disruption: DOE (E&E News) Details are emerging about an unprecedented "cyber event" reported this week that disrupted Western grid networks. But officials are keeping quiet about which utility was hit, and why.

An alarmingly simple cyberattack hit electrical systems serving LA and Salt Lake, but power never went down (CNBC) Cyberattackers successfully interrupted electrical systems in Los Angeles County and Salt Lake County in March, according to the Department of Energy.

‘Denial of service condition’ disrupted US energy company operations (TechCrunch) An energy company providing power in several western U.S. states experienced a “denial-of-service condition” serious enough to warrant reporting it to the government’s energy authority. The “cyber event” resulted in “interruptions of electrical system operations&…

2019: The Return of Retefe (Proofpoint) Proofpoint researchers describe recent updates to the Retefe banking Trojan and changes to related actor TTPs.

Mysterious hacker has been selling Windows 0-days to APT groups for three years (ZDNet) Hacker has sold Windows zero-days to the likes of Fancy Bear, FIN groups, and cyber-crime gangs.

A Hacker Is Selling Windows Zero-Days To World's Most Dangerous Hacker Groups (International Business Times) A shadowy hacker, going by the pseudonyms Volodya or BuggiCorp, was found selling Windows zero-day vulnerabilities to APT groups like the Fancy Bear, SandCat, and others.

Extortionists leak data of huge firms after IT provider refuses to pay (Naked Security) The data was published after “Boris Bullet-Dodger” failed to get Citycomp to cough up.

D-Link Cloud Camera Flaw Gives Hackers Access to Video Stream (Threatpost) Researchers warn customers to reconsider the use of the camera’s remote access feature if the device is monitoring highly sensitive areas of their household or company.

D-Link camera vulnerability allows attackers to tap into the video stream (WeLiveSecurity) ESET researchers have identified a series of security holes in a device that is intended to make homes and offices more secure.

Attackers actively exploiting Atlassian Confluence and Oracle WebLogic flaws (Help Net Security) Attackers are actively exploiting recently fixed vulnerabilities in Oracle WebLogic and Atlassian Confluence to deliver ransomware, mine cryptocurrency.

Sierra Wireless AirLink ALEOS (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 9.1ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are availableVendor: Sierra WirelessEquipment: AirLink ALEOSVulnerabilities: OS Command Injection, Use of Hard-coded Credentials, Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Cross-site Request Forgery, Information Exposure, Missing Encryption of

Orpak SiteOmat (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 9.8ATTENTION: Exploitable remotely/low skill level to exploit/public exploits availableVendor: Orpak (acquired by Gilbarco Veeder-Root)Equipment: SiteOmatVulnerabilities: Use of Hard-coded Credentials, Cross-site Scripting, SQL Injection, Missing Encryption of Sensitive Data, Code Injection, Stack-based Buffer Overflow2.

GE Communicator (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 8.1ATTENTION: Exploitable remotely/low skill level to exploitVendor: General ElectricEquipment: CommunicatorVulnerabilities: Uncontrolled Search Path, Use of Hard-coded Credentials, Improper Access Controls2.

Wipro Breach Looks a Case of Gift Card Fraud (Decipher) The attack on IT outsourcing giant Wipro appears to have been motivated by gift card fraud, not espionage or a supply-chain attack against another company.

50,000 companies running SAP installations open to attack via publicly released exploits (Help Net Security) Two exploits publicly released in late April at a security conference in Dubai could be leveraged to compromise a great number of SAP implementations.

New Exploits for Unsecure SAP Systems (US-CERT) The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this activity alert in response to recently disclosed exploits that target unsecure configurations of SAP components.

Why Hidden Malware May Be Potential National Catastrophe (eWEEK) SECURITY ANALYSIS: Command-and-control servers execute commands that could range from stealing personal information to ransomware attacks to pulling email (and getting insider information) to emptying accounts. This is a growing threat, and here's what some companies are doing about it.

Facebook Bans Louis Farrakhan, Alex Jones and Others as ‘Dangerous’ (Wall Street Journal) Facebook banned an array of personalities whose views it deemed too inflammatory to be shared on its social network, including Nation of Islam leader Louis Farrakhan, far-right talk-show host Alex Jones and conservative Jewish activist Laura Loomer.

Facebook bans Alex Jones and Laura Loomer for violating its policies (The Verge) Milo Yiannopoulos and Louis Farrakhan have been banned as well

Google spends hundreds of millions of dollars on content review:... (Reuters) Alphabet Inc's Google unit told a U.S. House panel it spends hundreds of mi...

The Existential Crisis Plaguing Online Extremism Researchers (WIRED) Chronicling the internet's worst impulses can be depressing, and every remedy only seems to make things worse.

Watertown Daily Times Experiences Another Cyber Attack (WWNY) The Watertown Daily Times says it's experiencing another cyber attack.

Newspapers to be published today, cyber attack be damned (Watertown Daily Times) The cyber attack that began at the Watertown Daily Times on Saturday reared its head again Thursday, but staff rallied to work without hard-wired internet to get the papers out.

Austrian construction group Porr hit by cyber attack (Reuters) Austrian construction company Porr detected a cyber attack on its communication ...

Security Patches, Mitigations, and Software Updates

Microsoft 365 updates for better enterprise data privacy (Help Net Security) Microsoft offers new privacy controls to Microsoft 365 enterprise customers: encrypted email access revokation, new data investigation capabilities, etc.

Cyber Trends

Atlantic Council 8th Annual International Conference on Cyber Engagement - Observations (Control Global) I attended the April 23rd Atlantic Council’s 8th Annual International Conference on Cyber Engagement. This was a policy, not technical, conference. As best as I could tell, there were very few “practicing” engineers that attended. The Atlantic Council should consider having more engineers participating to support the policy makers on the technical issues underpinning policy.

OneTrust-IAPP Research: Most US Companies are Not Ready for the CCPA (MarTechSeries) With Only Six Months Until the CCPA's Implementation Date, Research Reveals Less than Half Will be Prepared International Association of

Coinhive Dead but Browser-Based Cryptomining Still a Threat (BleepingComputer) Hacked routers running the Coinhive script for cryptocurrency mining have been injected with new code to mint digital coins after Coinhive service shut down.

No longer clicking: Online ad fraud has fallen in the past year (CyberScoop) Online advertising fraud will cost digital marketers $5.8 billion this year, down from $6.5 billion the year before, according to new research.

Marketplace

10 Hot IoT security startups to watch (Network World) With the internet of things growing unchecked, entrepreneurs are working to build security systems that can protect IoT infrastructure and the data it gathers. Here’s a look at 10 of them.

Facebook to create privacy oversight committee with Zuckerberg personally accountable for data privacy, claims report (Computing) Move comes as Facebook faces fine of up to $5bn over lackadaisical attitude to users' privacy

Digital Defense, Inc. Seeing Dramatic Partner Sales Growth (Digital Defense) Partners Increase Revenues by Helping Customers Transition to SaaS Security

Network Designs, Inc. (NDi) Opens Cyber Operations Office in the Georgia Cyber Center (PR Newswire) Network Designs, Inc. (NDi) announced today that it has opened the NDi Cyber Operations Office in the Georgia Cyber...

Security Intelligence Leader Exabeam to Open New East Coast Office in Atlanta (Exabeam) Exabeam, the Smarter SIEM™ company, today announced[...]

FireEye Secures Army Cyber Command Support Subcontract; Ron Bushar Quoted (ExecutiveBiz) FireEye has received a subcontract from Perspecta to support the U.S. Army Cyber Command's operations and global mission as part of a potential five-year, $905M task order.

Hacker-turned-CEO: Too much money is being thrown at Cybersecurity (Yahoo) Dug Song, co-founder of Duo Security which Cisco bought last year for $2.35 billion dollars, joins Yahoo Finance's Akiko Fujita, Dan Roberts, and Ethan Wolff-Mann. Song explains why cybersecurity isn't being fought in the most cost-efficient way. He highlights the biggest threats.

NSS Labs Appoints New Chief Executive Officer (NSS Labs, Inc.) NSS Labs, Inc., a global leader and trusted source for independent cybersecurity product testing, today announced that Jason Brvenik has been named Chief Executive Officer (CEO); he had been serving as Chief Technology Officer (CTO) since January 2017

JASK Fortifies Key Executive Positions as it Continues to Scale (Yahoo) JASK, the provider of the industry’s first cloud-native SIEM platform, today announced that it has made several key promotions to its leadership team in support of its rapid growth. Further strengthening its executive leadership, the advancements lay the groundwork for customer enablement and scalability

Lares appoints Andrew Hay as COO (Help Net Security) Lares, a global leader in security assessment, testing, and coaching, announced that veteran technology executive Andrew Hay has joined the company as COO.

Products, Services, and Solutions

CyberaVUE Brings Remote Network Operations into Clear Focus (WFMJ) Cybera network insight strategy delivers increased visibility and control for remote sites

Culinda and ecfirst Collaborate to Deliver Specialized Medical IoT Cybersecurity Solutions (PR Newswire) Culinda Inc., a medical IoT security company based in Irvine, CA, and ecfirst, a leading healthcare cybersecurity...

CyberaVUE Brings Remote Network Operations into Clear Focus (Cybera | Network Services Platform) Cybera has announced CyberaVUE, a new cloud-based management solution to extend network insights and provide customers with a comprehensive, real-time view of remote site networks. CyberaVUE is part of the company’s multi-tenant platform, CyberaONE...

Modus Launches Digital Earnest Money Deposit to Eliminate Wire Fraud Plaguing Home Buyers (Yahoo) Seattle based start-up Modus, a real estate technology company that applies cutting-edge software to title and escrow operations, announces the launch of its unique ...

SAP announces secure, scalable business-to-business solutions for marketers (Marketing Land) Software and technology provider SAP announced the launch of a new B2B software-as-a-service (SaaS) solution that will allow users to securely grant third parties access to first-party data, share sensitive information and manage regulatory compliance without the threat of exposure to security risks. Why we should care The experience economy is rapidly expanding as more …

Microsoft Declares 'General Availability' of Threat Experts Security Service (Redmondmag) Microsoft announced this week that part of its new threat-hunting service for organizations has reached the 'general availability' (GA) commercial release stage.

CrowdStrike tackles BIOS attacks with new Falcon features (SearchSecurity) CrowdStrike announced it is enhancing its endpoint security platform, Falcon, to provide organizations with the visibility needed to detect and protect against BIOS attacks.

Technologies, Techniques, and Standards

Venafi: Five Ways Organizations Use Machine Identities (Global Banking & Finance Review) On May 2, World Password Day reminds consumers to layer up their logins by enabling multifactor authentication on their devices and online accounts. Held a

Avira Password Security Report: Tidy up your digital life (Avira - Antivirus made in Germany) Avira is pleased to release its first Password Security Report, reinforcing our mission to protect people in the connected world. The report details how the increasing number of data breaches are impacting people’s digital lives and online behavior and includes tips on protecting personal data.

GAO urges Census Bureau to stay on track with cybersecurity to-do list (Federal News Network) The Government Accountability Office has urged the Census Bureau to step up its efforts to implement hundreds of action items on its cybersecurity to-do list.

Cybersecurity Experts Share Tips And Insights For World Password Day (Forbes) Cybersecurity experts weigh in for World Password Day with their thoughts on the current state of password security and their insights on best practices for better authentication security moving forward.

How To Safeguard Against Social Engineering Hacks (Forbes) The heightened awareness of cybercrime has opened up the space for a conversation about how hackers use social engineering to lure victims into their schemes.

Design and Innovation

Rafael uses puzzles to recruit algorithm specialists (Globes) The government defense company has devised an eight-stage puzzle to attract the attention of and select potential employees.

Research and Development

The solution to quantum computers cracking cryptography is already here (Quartz) It's a problem that doesn't exist yet—and it's already been solved.

Cybersecurity firm Forcepoint patents a blockchain cybersecurity solution (CRYPTONEWSBYTES.COM) Adaptive cybersecurity solutions need more and more data, and analytics. A new blockchain cybersecurity patent owned by Forcepoint can help in managing this high volume of data.

Academia

Spot the not-Fed: A day at AvengerCon, the Army’s answer to hacker conferences (Ars Technica) Army unit's effort brings hacker con culture to the home of military cyber.

Legislation, Policy and Regulation

Putin signs Russian internet isolation bill into law (Engadget) Russia will have even more control over the information shown to its citizens.

Russia's Controversial New Internet Law Stokes Censorship Fears (NDTV Gadgets 360) Putin on Wednesday signed into law a "sovereign internet" bill which will allow Russian authorities to isolate the country's internet, a move decried by rights groups.

Analysis: Russia’s Plans for a National Internet (New America) Much has been made of the Russian initiative to wall off its internet (the RUnet) from the global internet, but what's really going on?

The Growing Russian Challenge and What Should Be Done About It (Atlantic Council) All around the world, Russia is increasingly asserting itself, propping up dictators, and, in some instances, posing a direct challenge to US interests. Russian President Vladimir Putin held his first-ever meeting with North Korean leader Kim...

Venezuela thrust to forefront of US-Russia clashes (Military Times) The crisis in Venezuela has been thrust to the top of a list of long-simmering spats between the United States and Russia, with both sides entrenched in diametrically opposed positions from which they are unwilling to retreat.

Pentagon’s Shanahan, Dunford cancel overseas travel to plan for Venezuela contingencies (Washington Examiner) CHANGE OF PLANS: Acting Defense Secretary Patrick Shanahan and Joint Chiefs Chairman Gen. Joseph Dunford canceled plans to preside over a change of command ceremony today in Germany to remain in Washington to plan for military contingencies for Venezuela.

Maduro in show of loyalty with Venezuela’s military chiefs (Times) The “brutal repression” of Venezuelans by the Maduro regime must end soon, President Trump said yesterday as he tried to rally the country’s opposition, left despondent by their failed uprising.

Venezuela Is at a ‘Tipping Point’ (Foreign Policy) The former head of U.S. Southern Command says, despite the failed uprising, Maduro’s regime is crumbling.

Juan Guaidó’s Operation Freedom Gives Venezuela a Shot at Democracy (Atlantic Council) At dawn in Caracas on April 30, security personnel carried out two bold moves in support of the interim government—and in defiance of Nicolás Maduro’s regime. These developments mark the best chance yet for Venezuelans to begin the next wave of...

Global security officials to hammer out united 5G security approach (Reuters) Global cooperation is key to ensuring the security of 5G networks, cyber securit...

US pressure on UK after Defence Secretary dismissed in Huawei row (The National) Gavin Williamson sided with Washington to ban Chinese group

The Huawei Challenge (Atlantic Council) Despite an effort by the United States to persuade its friends and allies not to use 5G wireless communications technology developed by Huawei, many will find it hard to avoid doing business with the Chinese telecom giant altogether. Robert A....

Does Huawei really pose a security risk? A straightforward guide (The Telegraph) Huawei, a Chinese company once little-known outside of the technology industry, has found itself at the centre of a political firestorm that has already toppled one UK minister and triggered a row over the future of the security of the UK's telecoms networks.

Feds seek to up their cybersecurity game (Security Boulevard) Recent government cybersecurity initiatives assume that the federal government has a role to play in securing the IoT and critical infrastructure. Does it? The post Feds seek to up their cybersecurity game appeared first on Software Integrity Blog.

Is a sticky label the answer to the IoT’s security problems? (Naked Security) How can IoT security be improved? The UK Government just published new details of its surprising and unfashionable answer.

White House ramps up efforts to expand cyber workforce (Fifth Domain) A May 2 executive order will require agencies to plan for new cybersecurity workforce initiatives, both in and out of federal government.

DHS policies allow unlimited, warrantless device search (Naked Security) Newly revealed policies show border agents can search devices for pretty much any reason, including if some other agency asked them to.

Litigation, Investigation, and Enforcement

3rd ex-intelligence official this year guilty of conspiring with Chinese government (Federal News Network) In today’s Federal Newscast, another former member of the intelligence community was found to have conspired with Chinese intelligence services.

UK opposition leaders called for a criminal investigation into Huawei leak (Defense News) Britain’s former defense secretary ferociously denied allegations that he leaked details from private government discussions about a Chinese telecommunications company. Meanwhile, military analysts expect little fallout.

Snapchat admits age checks 'do not work' during grilling by MPs (The Telegraph) Snapchat has admitted its age verification process “do not work” as it told MPs children under 13 are able to use the site.

Exclusive: New privacy oversight on the table for Facebook, Zuckerberg (POLITICO) The terms of a potential settlement with the FTC would require Facebook to place an executive and a new committee in high-level privacy roles.

Potential Facebook Settlement With FTC Likely to Include WhatsApp (Wall Street Journal) Facebook potential settlement with federal regulators over breaches of consumer data privacy is nearing completion and will likely cover related services such as its WhatsApp messaging function.

Pelosi accuses Barr of the crime of lying to Congress (Washington Post) The speaker’s accusation escalated a feud with the nation’s top law enforcement officer, who was a no-show at a House hearing on Thursday.

WikiLeaks founder Julian Assange begins long court battle against extradition (Washington Post) He has been charged with conspiring to hack a U.S. Defense Department computer.

When Coding Is Criminal (WIRED) Opinion: Programmers whose code is used to commit a crime face new and perilous legal threats.

Germany shuts down 'Darknet' criminal trading platform, detains 3 (Reuters) German investigators have shut down the world's second largest criminal onl...

Notes from the Global Cyber Innovation Summit. Updates on a western state utility DDoS. Some encouraging trends.

Bring your own context.