The CyberWire Daily Briefing 5.14.19

Cyber Attacks, Threats, and Vulnerabilities

Report: Iran-linked disinformation effort had personal touch (Washington Post) A new report from Canadian internet watchdog Citizen Lab is linking Iran with a fake Twitter account unmasked by The Associated Press

'Typosquatting' campaign imitated news outlets to spread propaganda for years, report says (CyberScoop) Researchers have uncovered a years-long disinformation campaign in which suspected Iranian operatives masqueraded as well known international media outlets and used fake Twitter accounts to amplify fabricated news articles.

WhatsApp discovers surveillance attack (BBC News) "An advanced cyber-actor" exploited a major flaw in the Facebook-owned messaging service, WhatsApp confirms.

WhatsApp Zero-Day Exploited in Targeted Spyware Attacks (Threatpost) WhatsApp has patched a vulnerability that allowed attackers to install spyware on victims' phones.

Report: WhatsApp Vulnerability Used to Secretly Infect Phones With NSO Group's Notorious Spyware (Gizmodo) Powerful spyware developed by Israeli cyber-intelligence company NSO Group exploited a vulnerability in encrypted messaging app WhatsApp to transfer itself to targeted devices, the Financial Times reported on Monday.

Israeli Firm Tied to Tool That Uses WhatsApp Flaw to Spy on Activists (New York Times) Researchers said the NSO Group had found a vulnerability, which was disclosed Monday, that was used to target the iPhone of a human-rights lawyer in London and perhaps others.

Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond (BleepingComputer) A report last week about Fxmsp hacker group claiming access to the networks and source code of three antivirus companies with offices in the U.S. generated from alleged victims statements that are disputed by the firm that sounded the alarm.

Antivirus Makers Confirm—and Deny—Getting Breached by Hackers Looking to Sell Stolen Data [Updated] (Gizmodo) Symantec and Trend Micro are among the list of leading antivirus companies that a group of Russian-speaking hackers allege to have compromised, Gizmodo has learned. It remains unclear to what degree the claim is true, if any.

New Details Emerge of Fxmsp's Hacking of Antivirus Companies (BleepingComputer) It is difficult to fathom that a threat actor may be able to breach the networks of a reputed security company. Yet, this is not only possible but also happened in the past; and it is not far-fetched to believe that it is the case with at least three antivirus makers, as reported by BleepingComputer earlier this week.

Trend Micro Admits Limited Breach by "Fxmsp" Hackers - Symantec Denies It (Computer Business Review) Trend Micro admits it was hacked, but says scope was limited.

Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear (ZDNet) Most Cisco gear is believed to be impacted. No attacks detected, as of yet.

A Cisco Router Bug Has Massive Global Implications (WIRED) Researchers have discovered a way to break one of Cisco's most critical security features, which puts countless networks at potential risk.

High-risk vulnerability in Cisco's secure boot process impacts millions of devices (Help Net Security) The vulnerability, codenamed Thrangrycat, is caused by a series of hardware design flaws within Cisco’s Trust Anchor module.

Twitter says bug gave ad partner access to iOS users' location information (CyberScoop) Twitter may have collected and shared location data from customers using Apple devices then shared that information with an advertising partner, the company announced Monday.

A bug impacting collection and sharing of location data on iOS devices (Twitter) You trust us to be careful with your data, and because of that, we want to be open with you when we make a mistake. We have discovered that we were inadvertently collecting and sharing iOS location data with one of our trusted partners in certain circumstances.

Boost Mobile says hackers broke into customer accounts (TechCrunch) Boost Mobile, a virtual mobile network owned by Sprint, has confirmed hackers have broken into an unknown number of customer accounts. The company quietly posted a notification of its data breach almost exactly two months after March 14, when Boost said the breach happened. “Boost.com experie…

Hackers are collecting payment details, user passwords from 4,600 sites (ZDNet) Same hacker group compromises Alpaca Forms and Picreel to deploy malicious code to thousands of sites.

200 million-record breach: Why collecting too much data raises risk (CSO Online) Avoid the siren song of big data and collect only what you need. This is the big takeaway from a 200-million record direct marketing list, including home address, telephone, religious affiliation and financial information now circulating on the grey market.

Bad Actors Using MitM Attacks against ASUS to Distribute Plead Backdoor (The State of Security) Researchers believe bad actors are using man-in-the-middle (MitM) attacks against ASUS software to distribute the Plead backdoor.

The trust crisis in web standards (InnovationsAus.com) New research from CSIRO’s Data61 unit has found that even the most popular and trusted websites are using chains of third-party scripts and services hidden from end users that make these sites prone to malicious activity.

Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution (BleepingComputer) Linux machines running distributions powered by kernels prior to 5.0.8 are affected by a race condition vulnerability leading to a use after free, related to net namespace cleanup, exposing vulnerable systems to remote attacks.

Incident Reporting System (US-CERT) As the number of organizations migrating email services to Microsoft Office 365 (O365) and other cloud services increases, the use of third-party companies that move organizations to the cloud is also increasing. Organizations and their third-party partners need to be aware of the risks involved in transitioning to O365 and other cloud services.

Korean APT Adds Rare Bluetooth Device-Harvester Tool (Dark Reading) ScarCruft has evolved into a skilled and resourceful threat group, new research shows.

North Korea-Linked 'ScarCruft' Adds Bluetooth Harvester to Toolkit (SecurityWeek) A North Korea-linked hacker group tracked as ScarCruft, APT37 and Group123 continues to evolve and it recently added a Bluetooth harvester to its toolkit.

Study finds Android smartphones riddled with suspect ‘bloatware’ (Naked Security) According to a new study, Android bloatware can create hidden security and privacy risks.

A look at Hworm / Houdini AKA njRAT (Security Boulevard) Hworm/njRAT is a Remote Access Tool (RAT) that first appeared in 2013 in targeted attacks against the international energy industry, primarily in the Middle East. It was soon commoditized and is now part of a constantly evolving family of RATs that pop-up in various new formats.

China: How Mass Surveillance Works in Xinjiang (Human Rights Watch) Chinese authorities are using a mobile app to carry out illegal mass surveillance and arbitrary detention of Muslims in China’s western Xinjiang region, Human Rights Watch said in a report released today.

ThreatList: Top 5 Most Dangerous Attachment Types (Threatpost) From ZIP attachments spreading Gandcrab, to DOC files distributing Trickbot, researchers tracked five widescale spam campaigns in 2019 that have made use of malicious attachments.

Vulnerability Summary for the Week of May 6, 2019 | US-CERT (US-CERT) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Antietam Broadband in Hagerstown is broken (Bent Corner) Antietam Broadband has had service problems since April 24, 2019. They're now blaming everything on a distributed denial-of-service attack. Is it true?

Security Patches, Mitigations, and Software Updates

Cisco patches IOS XE remote command injection flaw (iTnews) But a Secure Boot vulnerability is harder to fix.

NVIDIA Patches High Severity Bugs in GPU Display Driver (SecurityWeek) NVIDIA has patched High severity vulnerabilities (CVE‑2019‑5675 and CVE‑2019‑5677) its NVIDIA GPU Display Driver that could allow an attacker to escalate privileges or execute code on victim systems.

Remote Code Execution Flaw Found in Kaspersky Products (SecurityWeek) Kaspersky patched a serious remote code execution vulnerability affecting products with antivirus databases.

Cyber Trends

Quarterly Website Security Report (Sitelock) The SiteLock 2019 Website Security Report analyzes more than 6 million websites to determine the most prevalent cyberthreats websites face today.

IoT Spotlight (Bugcrowd) We are on the verge of a major technological revolution: interconnectivity at scale, anytime and anywhere. IoT has paved the way for smart cities, cities, improved productivity, the connected home, and ultimately more opportunities to connect with one another.

Report: Most Organizations Are Dissatisfied With Their Web Application Firewalls (WAFs) (Yahoo) Cequence Security, a provider of innovative software solutions that protect web, mobile, and API-based applications from cyberattacks, today released a new Ponemon Institute report - “The State of Web Application Firewalls”- showing that only 40% of organizations are satisfied with their WAF. The

Survey: 46% of organizations that store customer PII in the cloud consider moving it back on-premises due to security concerns (Netwrix) Netwrix study finds that only with a data security program can organizations completely address the security of customer data regardless of its location

DDoS attacks among top 5G security concerns (SearchSecurity) 5G security concerns are top of mind for mobile operators now that the new generation of wireless technology is a reality. Specifically, they're worried about bigger and more destructive DDoS attacks.

Digging Deep into the Verizon DBIR (Decipher) The Verizon Data Breach Investigations Report isn’t just full of interesting data breach statistics; it also offers enterprise defenders valuable insights on the kind of real-world threats they should be worrying about.

Exclusive research: Phishing outranks ransomware as top cyber-threat for 2019 (CRN) Some 17 per cent of IT decision makers polled in CRN research say they have been the victim of a ransomware attack

Health sector still plagued by breaches, according to latest OAIC report (CRN Australia) Many come down to human error.

Malicious Attacks Cause of Most Aussie Breaches (Infosecurity Magazine) An OAIC report marks the start of Privacy Awareness Week in Australia.

Retailers Are Under Siege from Botnets (Technology Solutions That Drive Business) For retailers competing to provide a seamless — and safe — online experience for consumers, bots pose a big problem. Hackers attempted a staggering 10 billion attempts to access retail sites between May and December 2018, according to a recent report by Akamai Technologies.

Marketplace

Respond Software Raises $20 Million to Meet Growing Demand for Robotic Decision Automation in Security Operations (Respond Software) Led by ClearSky Security, Financing to Ramp Sales and Customer Operations in 2019; ClearSky Managing Director Jay Leek Joins Respond Software Board of Directors MOUNTAIN VIEW, Calif.—May 14, 2019— Respond Software, innovators in Robotic...

Equifax Has Spent Nearly $1.4bn on Breach Costs (Infosecurity Magazine) Cautionary tale as credit agency pays heavily for 2017 incident

Huawei and the unraveling of globalization (The Japan Times) Cross-border investment and globalization is no longer seen as one of the major guarantors of international peace.

Huawei's economic impact on the UK revealed amid security fears (The Telegraph) A report claims Huawei boosted the UK annual GDP by £287 million in 2018, as the debate over the company's security continues.

IBM sacks 300 services staff; says it is looking to reinvent itself (ETCIO.com) A majority of these employees were in software services roles. They were let go as IBM focuses on emerging technology capabilities and reduces exposur..

Authentic8 Expands into Europe to Meet Growing Market Demand for Web Isolation Solutions (West) Step follows approval for participation in NATO bidding and procurement process

IT developer Miroslav Trnka first wanted to heal computers and then society (Slovak Spectator) Eset is now one of the leading cyber security companies in the world

Cubic names Northrop vet Amen to BD leadership post (Washington Technology) Cubic Corp. names 25-year defense market veteran Martin Amen to lead business development for a product line the company acquired earlier this year.

Bill Carroll Joins Bishop Fox as Chief Operating Officer (Yahoo) Bishop Fox, the largest private professional services firm focused on offensive security testing, announced today that Bill Carroll has joined the firm as Chief Operating Officer (COO), where he will be responsible for the day-to-day operations of the company. As

Products, Services, and Solutions

Mocana Introduces Cyber Protection Solution for Massive IoT, Smart Cities and Distributed Intelligence Networks (Mocana) Mocana announced the availability of a cyber protection solution for massive IoT, smart cities and distributed intelligence networks.

Rackspace and Telos Team Up to Accelerate the FedRAMP Journey (West) Next Generation Compliance Services to Simplify FedRAMP Processes

WhiteHat Security and RSI Partner to Offer First One-stop Solution for Identifying and Remediating Application Security Threats | WhiteHat Security (WhiteHat Security) WhiteHat Security, the leading application security provider committed to securing digital business, today announced that it has partnered with Rural Sourcing Inc., the leading provider of US-based IT outsourcing services, to offer the industry’s first one-stop solution to identify and remediate application level exposures. The two companies will combine the …

Versasec Releases vSEC:CMS S5.5 (Versasec) vSEC:CMS S-Series 5.5 identity and access management software also adds support for Identiv uTrust MD and Gemalto PIV 3.0 smart cards, and options for Oberthur PIV 8.1 smart cards

CyberScale™ Compliance And Risk Management Solution (Criterion Systems) While the cybersecurity threat environment is well known as a key challenge for Federal Departments and Agencies (D&As), there are other, equally important issues that need to be addressed when they seek to improve their cybersecurity and privacy (CS&P) programs.

ShorePoint, Inc. Expands Advisory Services Offering (ShorePoint, Inc.) ShorePoint, Inc. is a privately held cyber security services firm, serving both private and public-sector customers. Our executive team is comprised of cybersecurity experts who collectively bring more than 80 years of experience keeping government agency and company networks strongly secured from cyber threats.

CrowdStrike and InPhySec Team up to Tackle Growing Demand for Cyber Security Solutions in New Zealand (AP NEWS) CrowdStrike® Inc, the leader in cloud-delivered endpoint protection, and InPhySec Security Ltd., New Zealand’s leading cloud delivered managed security provider, are partnering to help address common cyber security issues in New Zealand and meet the increased demand for cyber security products.

LIFARS Announces an Alliance with eSentire to Deliver Advanced Cyber Detection and Response Services (PR Newswire) LIFARS, LLC, a New York City-based cybersecurity incident response and digital forensics firm, today announced a...

Technologies, Techniques, and Standards

The NSA knows its weapons may one day be used by its targets (CyberScoop) The idea that enemies will reverse engineer NSA exploits is one that military brass deals with every day. What's being done to prevent it from happening?

U.S. Govt Issues Microsoft Office 365 Security Best Practices (BleepingComputer) The Cybersecurity and Infrastructure Security Agency (CISA) issued a set of best practices designed to help organizations to mitigate risks and vulnerabilities associated with migrating their email services to Microsoft Office 365.

3 Ways Cloud Adoption is Changing the Role of CISO (Bricata) The enterprise adoption of the cloud is changing the role of the CISO, including the reporting structure, responsibilities and skill sets required for the job.

An Ode to CISOs: How Real-World Risks Became Cyber Threats (SecurityWeek) As innovative online attacks continue to expand the purview of cyber security, helping these CISOs means equipping them with equally innovative tools that stand a fighting chance.

The Need for Tiered Security at the Edge (SecurityWeek) Edge computing lets organizations analyze important data closer to the edge of the network in order to respond to events in near real-time – a requirement for many industries, including health care, telecommunications, manufacturing, and finance.

Tips to spring clean your company's social media and stay protected (Help Net Security) As attacks become more frequent and more pernicious, it’s vital for organizations to take the time to review their social media and digital risk processes.

How to avoid becoming a cryptojacking victim (Bitglass) Large-scale cryptojacking is a lucrative business due to the popularity and value of cryptocurrencies like Bitcoin and Ethereum.

HackerOne: Offer white hats a safe harbour (Digital News Asia) One in four vulnerabilities discovered by white hat hackers go unreported because researchers fear legal action.

How banks can climb to the top of NIST's cybersecurity maturity tiers (Tech Wire Asia) Deloitte, in a recent report Pursuing Cybersecurity Maturity in Financial Institutions outlines, from observation and evaluation, the characteristics of adaptive companies per the NIST's framework:

Design and Innovation

PwC opens scale-ups programme for cyber-security businesses (Consultancy) Two years ago, PwC launched a programme for supporting scale-ups.

Legislation, Policy and Regulation

New Commission Takes on U.S. Cyber Policy (SIGNAL Magazine) A group of legislators lead development of a national cyber doctrine.

Australia's innovative cyber diplomacy bridging foreign policy - technology divide (Mirage News) Showcasing our innovative approach to cyber diplomacy, Australia and Denmark brought together senior cyber and technology diplomats from 21 countries for...

Weaponizing Cyber Law (Project Syndicate) In recent years, autocratic regimes have increasingly relied on legal and bureaucratic tools – from restrictions on foreign funding to draconian sedition laws – to impede civic activism. Now, they are adding cyber legislation to their arsenals of repression.

How Tech Helped Unknown Staffers Change the US Way of War (WIRED) The National Security Council has gained enormous influence over the last few decades—thanks in no small part to better tech.

Marine Corps establishes Volunteer Cyber Auxiliary to Increase Cybersp (The Official United States Marine Corps Public Website) The Commandant of the Marine Corps, Gen. Robert Neller, announced last month the establishment of the Marine Corps Cyber Auxiliary (Cyber Aux), a volunteer organization aimed at increasing Marine

CIA Recruiting Comes Out Into The Open (NPR) Under CIA Director Gina Haspel, the spy agency is reaching out in very public ways it has never done before, from social media to superhero conventions.

Analysis | The Cybersecurity 202: This presidential contender wants to create a Cabinet-level cybersecurity department (Washington Post) John Delaney is trying to elevate the issue.

Litigation, Investigation, and Enforcement

Huawei's detained finance chief speaks out in letter to employees (CNN) Huawei's finance chief, detained in Canada since December, has written to the company's 188,000 employees to thank them for support she says has filled her "with power."

DOJ tries to disqualify ex-Obama official from defending China’s Huawei (Washington Examiner) The Justice Department is working to disqualify top Obama department official James Cole from defending the Chinese technology firm Huawei in a high-profile criminal case, according to a new heavily redacted federal court filing on Friday.

Apple Loses Bid to End App Antitrust Case in Supreme Court (Wall Street Journal) The Supreme Court ruled consumers can proceed with a suit challenging Apple’s control over the marketplace for iPhone apps, threatening the tech giant’s slice of billions of dollars in sales.

Sweden reopens rape case against WikiLeaks’ Julian Assange, wants extradition (Washington Post) The case was discontinued while Assange hid out for years in London’s Ecuadoran embassy.

AP source: Barr opens a second investigation of Russia probe (AP NEWS) Attorney General William Barr has appointed a U.S. attorney to examine the origins of the Russia investigation and determine if intelligence collection involving the Trump...

Rand Paul: Mueller probe 'politically motivated,' 'goes even back to the Clintons' (TheHill) Sen. Rand Paul (R-Ky.) said Sunday that the Robert Mueller's Russia probe is an example of why the U.S.

Rosenstein criticizes Jim Comey as ‘partisan pundit,’ defends handling of Mueller probe (Washington Post) The former deputy attorney general, in a speech Monday, offered one of his most thorough accounts of Comey’s firing as FBI director.

Opinion | What the Mueller report reveals about the media (Washington Post) The whole report broken down, quantified, analyzed — all from the perspective of its treatment of news organizations.

FCC Commissioners Say the Agency Won’t Tell Them About Phone Location Data Investigation (Vice) Ajit Pai’s FCC cares more about the privacy of its investigation than the privacy of consumers, one says.

Chemical Safety Board Needs to Consistently Follow Its Cyber Rules, Watchdog Says (Nextgov.com) Environmental Protection Agency’s Office of Inspector General said the agency’s lack of defined policies makes it susceptible to security incidents.

APNewsBreak: Defense say Navy SEAL prosecutors spied on them (Washington Post) Defense lawyers in the case of a Navy SEAL charged with killing an Islamic State prisoner in Iraq say prosecutors installed spying software in emails sent to them and to a reporter

Wyden seeks answers in Florida election hacking allegations (POLITICO) The FBI believes that voter registration software was hacked by the Russians in 2016.

Autonomy's former CFO Sushovan Hussain sentenced to five years in jail (Computing) Hussain given fives years in jail, fined $4m and subject to $6.1m 'forfeiture payment'

Verizon offering $10,000 reward in South Jersey network destruction spree (6ABC Philadelphia) Verizon is offering a $10,000 reward for information leading to the arrest of the person responsible for damaging the company's equipment.

Iranian influence campaign. WhatsApp bug used to install spyware. Fxmsp victims. Equifax breach costs $1.4 billion. Toxic data.

Bring your own context.