The CyberWire Daily Briefing 5.17.19

Cyber Attacks, Threats, and Vulnerabilities

Tenable Research Discovered a Download Hijack Vulnerability in Slack (Tenable®) Slack issues update but bad actors could have leveraged the flaw for corporate espionage or file manipulation Tenable®, Inc., the Cyber Exposure company, today announced that its research team discovered a vulnerability in the Slack Desktop Application for Windows that could have allowed an attacker to alter where a victim’s files are stored when the documents are downloaded within Slack.

Unsecured Survey Database Exposes Info of 8 Million People (BleepingComputer) An unsecured database has exposed the personal information of 8 million people from the U.S. who participated in online surveys, sweepstakes, and requests for free product samples.

Stack Overflow says hackers breached production systems (ZDNet) Stack Overflow said it detected a security breach over the weekend.

Intel MDS attack mitigation: An overview (Help Net Security) To remove or mitigate the danger MDS attacks present to users, the affected systems should get a microcode (firmware) update and a software update.

Supply Chain Attack Hits Best of the Web Website (Infosecurity Magazine) Best of the Web's seal was injected with keyloggers and more than 100 websites are still linked to it.

Bots Tampering with TLS to Avoid Detection (Akamai) Researchers at Akamai observed attackers using a novel approach for evading detection. This new technique - which we call Cipher Stunting - has become a growing threat, with its roots tracing back to early-2018. By using advanced methods, attackers are...

Hackers abuse ASUS cloud service to install backdoor on users’ PCs (Ars Technica) Computer-maker's WebStorage software tied to malware attack from the BlackTech Group.

Schneider Electric Modicon Controllers (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 5.4ATTENTION: Exploitable remotely/low skill level to exploitVendor: Schneider ElectricEquipment: Modicon M580, Modicon M340, Modicon Premium, and Modicon QuantumVulnerability: Use of Insufficiently Random Values2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow an attacker to hijack TCP connections or cause information

Fuji Electric Alpha7 PC Loader (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 3.3ATTENTION: Low skill level to exploitVendor: Fuji ElectricEquipment: Alpha7 PC LoaderVulnerability: Out-of-bounds Read2. RISK EVALUATIONSuccessful exploitation of this vulnerability could crash the device.3. TECHNICAL DETAILS3.1 AFFECTED PRODUCTSThe following versions of Alpha7 PC Loader, a motor controller, are affected:

What happens during a cyberattack on critical infrastructure? (PublicTechnology.net) A participant in cyber defence exercise run by NATO’s Allied Command Transformation analyses real-time threat information

SECURITY: Documents reveal DOE struggles in hacking whodunits (E&E News) The Department of Energy, home to the nation's nuclear stockpile and national labs, is fighting a growing number of hackers and cyber scammers, according to documents obtained by E&E News.

Red Cross website hacked in latest Singapore cyber attack (Phys.org) The Singapore Red Cross said Thursday its website had been hacked and the personal data of more than 4,000 potential blood donors compromised in the latest cyber attack on the city-state.

Forbes Site Up, Then Down Again after Magecart Attack (Infosecurity Magazine) Forbes.com was hit with credit card skimming malware.

Weaponized Documents: It’s Just a Matter of Time Before One is Opened (Security Boulevard) Protecting the enterprise from today’s increasingly sophisticated threats such as fileless documents and PDF ... The post Weaponized Documents: It’s Just a Matter of Time Before One is Opened appeared first on SlashNext.

Facebook Bans Israeli Entity For Creating Fake Accounts (BleepingComputer) Facebook announced that today it removed 265 Facebook and Instagram accounts, Facebook Pages, Groups and events for fake behavior originating from Israeli commercial entity Archimedes Group.

Exclusive: Canadian security agencies alarmed by gaps in parties'... (Reuters) Canadian security services are sounding the alarm about what they see as a poten...

Cyber-enabled election interference occurs in one-fifth of democracies (The Strategist) Cyber-enabled election interference has already changed the course of history. Whether or not the Russian interference campaign during the US 2016 federal election was enough to swing the result, the discovery and investigation of the ...

The Metro Bank hoax shows the immense power of fake news on WhatsApp (WIRED UK) Metro Banks' shares have slumped this year. Rumours being shared on WhatsApp haven't helped as customers attempted to remove from money their accounts

Fake news brought a British bank to its knees. How will we curb 'alternative facts' in the UK? (The Telegraph) It is rapidly becoming India’s next public health crisis.

Social Media Warriors: Leveraging a New Battlespace (Modern War Institute) While there is nothing new about the idea of waging political and …

Information Warfare Is Here To Stay (Foreign Affairs) States have always fought for the means of communication.

Disinfo Wars (Medium) A taxonomy of information warfare

Office 365 user security practices are woeful, yet it's still 'Microsoft's fault' when an org is breached (Register) As soon as defences are sold as a product, hygiene suffers

Baltimore creates cybersecurity review panel following ransomware attack (TheHill) Baltimore City Council President Brandon Scott announced the creation of a Committee on Cybersecurity and Emergency Preparedness on Thursday, as the city works to restore the systems taken down by a debilitating ransomware attack last week.

Security Patches, Mitigations, and Software Updates

Apple says these Macs may not be patched for future vulnerabilities similar to 'ZombieLoad' (AppleInsider) Several pre-2011 Macs could still be vulnerable to "ZombieLoad"-like security exploits, and Apple can't fix that because Intel won't release the necessary microcode updates.

Cyber Trends

Record level of vulnerabilities sparks cybersecurity innovation among global enterprises (PR Newswire) Dimension Data, the USD 8 billion global technology integrator and managed services provider for hybrid IT, has revealed ...

Vulnerabilities disclosed during the first three months of 2019 reach a Q1 all-time high (Risk Based Security) There were 5,501 vulnerabilities aggregated by Risk Based Security’s VulnDB that were disclosed during the first three months of 2019.

UK Fraud Complaints Surge 40% (Infosecurity Magazine) UK Fraud Complaints Surge 40%. APP fraud drives major losses for consumers

Angry Birds and the end of privacy (Vox) (Quartz) Seemingly simple mobile games made us all way too comfortable with giving away our personal information.

Identity theft victims could lead us to accept more security-improving friction (Help Net Security) Dealing with identity theft can be a burden. Those who have never been victims don't understand how devastating it can be for the victims.

The most stressful aspects of being a cybersecurity professional (CSO Online) Keeping up with IT, educating users, and working with the business top the list of the most stressful things of being a cybersecurity professional.

UK consumers want businesses to do more to protect their data (BetaNews) Protecting your digital footprint is growing more important and the results from a survey of 2,000 UK adults by Kaspersky Lab finds that people believe there is not enough business or state protection currently in place to defend it.

Marketplace

Why security needs to be involved early during mergers and acquisitions (CSO Online) M&A security can often be overlooked during deal making, leading to potential incidents down the line. Here's how UK newspaper Racing Post dealt with three acquisitions in three years, each with its own security requirements.

HP Enterprise Nears Deal to Buy Supercomputer Pioneer Cray (Bloomberg) Cray has market capitalization of about $1.2 billion. Purchase set to be HPE’s biggest since it was formed in 2015

The District plans to slash a popular tax incentive. But a much broader battle could be ahead. (Washington Business Journal) Yelp Inc.'s decision to establish a hub in the District was supported by D.C.'s Qualified-High Tech Company program, which would be cut under D.C. Council's proposed budget for 2020.

Leading API Security Platform, 42Crunch, Launches Partner Network, Signs Up New Resellers (Benzinga) Today at the European Identity & Cloud Conference (EIC) 2019, API security leader and creator of the industry's first API Firewall -...

This Air Force Veteran Built the Kind of Company She'd Want to Work For. It All Started With a Chili Dog (Inc.com) Air Force veteran Angie Lienert built her high-flying business around a great culture--after a chili dog changed her life.

Peter Thiel's stealth start-up Palantir has unlocked a new opportunity to sell to the US military as revenue tops $1 billion (CNBC) Palantir had a huge year, breaking through a government contract barrier that had held it back from lucrative Pentagon deals until now.

Macquarie Bank hiring those with fine arts degrees to help thwart cybercrime (ZDNet) The bank's CEO says it's also important for the industry, regulators, and government to combine powers to successfully counter cyber risks.

Cybersecurity firm awarded $75K grant to expand in Plainfield Township (Michigan Live) Vulnerability Discovery & Analysis Labs has opened its first headquarters at 5234 Plainfield Ave. NE

Products, Services, and Solutions

Akamai Enterprise Defender Simplifies Journey to Zero Trust for Businesses (Yahoo) New offering provides secure app access, malware prevention, application security and acceleration in a single solution CAMBRIDGE, Mass. , May 16, 2019 /PRNewswire/ -- Akamai (NASDAQ: AKAM), the intelligent ...

DataWalk And ShadowDragon Team To Enhance Investigative Capabilities (PR Newswire) DataWalk and ShadowDragon have formed a strategic technical alliance to facilitate more complete and...

New Product Bundle from Ping Identity Accelerates Cloud MFA and SSO Adoption for Enterprises (AP NEWS) Ping Identity, the leader in Identity Defined Security, today announced a cloud-based multi-factor authentication (MFA) and single sign-on (SSO) bundle, delivering security from identity-based attacks. Available today for a free 30-day trial, customers can protect applications, data and employees from pervasive security threats centered around phishing attacks, stolen credentials, and more.

Venafi and GlobalSign Partner to Expand Machine Identity Protection in DevOps Environments (BusinessWire) New integration offers automated PKI certificate management and addresses DevOps challenges

ExtraHop Joins IBM Security App Exchange Community (Yahoo) ExtraHop for IBM QRadar part of collaborative development to stay ahead of evolving threats

QuintessenceLabs to Provide Ongoing Support for RSA Data Protection Manager Software as Well as Migration Options (Yahoo) QuintessenceLabs has announced a partnership to allow customers of RSA® Data Protection Manager software (DPM) to receive extended support beyond the RSA DPM End-Of-Life date of September 30, 2019. As part of this agreement, QuintessenceLabs will provide the same level of enterprise-class support

Google Starts Tracking Zero-Days Exploited in the Wild (SecurityWeek) Google Project Zero has started tracking zero-day vulnerabilities exploited in the wild. A spreadsheet currently lists over 100 flaws seen since 2014.

New infosec products of the week: May 17, 2019 (Help Net Security) News infosec products of the week include releases from the following vendors: Alcide, Hysolate, Keysight Technologies, LogRhythm and Trend Micro.

Technologies, Techniques, and Standards

How machine learning can help prevent cyber attacks (Built In) Cyber threats continue to multiply. Is machine learning the key to preventing and repelling them?

You Can’t Defeat Tomorrow’s Terrorists by Fighting Yesterday’s Enemy (Foreign Policy) Countries from Sri Lanka and Israel to the United States and Norway have failed to prevent attacks because their intelligence agencies were fixated on the…

3 lessons the healthcare industry could learn from the intelligence community (FierceHealthcare) The intelligence community may offer healthcare leaders a better model for handling big data than the titans of tech.

Cyber Workforce Needs Continuous Education (SIGNAL Magazine) A cyber career requires curiosity and an ability to adapt.

Dashboards Don't Manage Risk – Difficult, Data-Driven Conversations Do (Infosecurity Magazine) Achieving risk management goals will not improve your risk posture

Cyber Command is decoding how to best (re)organize teams (Fifth Domain) The command is applying lessons learned to be more effective and sustain readiness.

Design and Innovation

JASK Applies Science Fiction, Gaming and Latest Design Principles to First-of-its-kind Heads Up Display for the SOC (BusinessWire) JASK unveiled a first-of-its-kind Heads Up Display (HUD) for security operations centers (SOCs) based on cutting-edge scientific design principles.

Legislation, Policy and Regulation

Trump tries to tamp down talk of war with Iran (Military Times) President Donald Trump said Thursday that he hopes the U.S. is not on a path to war with Iran amid fears that his two most hawkish advisers could be angling for such a conflict with the Islamic Republic.

Trump curbs hawks rushing towards conflict with Iran (Times) President Trump summoned the Swiss president to the White House yesterday to ask him to open a communications channel with Iran amid fears that hawkish senior advisers were leading the United...

Hunt backs Washington over Iran threat (Times) Jeremy Hunt declared yesterday that Britain and the US share “the same assessment of the heightened threat posed by Iran” following a public rift over the issue. The foreign secretary said London...

Hardliners target Iran's president as U.S. pressure grows (Reuters) Growing U.S. pressure on Iran has weakened pragmatic President Hassan Rouhani an...

Top Trump administration officials update Congress on Iran as lawmakers’ frustration grows (Washington Post) Democrats and many Republicans want clarity on the intelligence that has informed what some see as dramatic escalations by administration.

More Democrats Accuse Trump of Inflating Iran Intelligence (Foreign Policy) A new congressional letter raises fears of stumbling into war.

On Iran, Justified US Fury Without an Endgame (Atlantic Council) We’ve been here before. The Trump administration, like every US administration since Jimmy Carter was president, is dealing with a hostile Iran bent on undermining US and regional security interests across the Middle East and beyond. We had a brief...

Trump administration cracks down on giant Chinese tech firm, escalating clash with Beijing (Washington Post) The president also signed an executive order to protect U.S. networks from foreign espionage, a move that appears to target China.

Donald Trump declares national emergency over cyber threats against U.S. (CISO MAG) The executive order does not name any company, but it’s believed that the move is expected to precede a ban on U.S. firms doing business with Huawei.

Dial 911: Trump’s Telecommunications National Emergency (Atlantic Council) US President Donald J. Trump on May 15 declared a “national emergency” that gives his administration the power to prevent US companies from doing business with foreign suppliers, including, potentially, Chinese telecommunications giant Huawei. The...

How other countries are responding to Trump's Huawei threat (the Guardian) The US threatens allies with a ban on intelligence sharing for using Chinese 5G equipment

Huawei poses security threat to UK, says former MI6 chief (the Guardian) Report calling for 5G ban in UK comes as Netherlands said to be investigating Huawei espionage

Britain may have to follow US with restrictions against Huawei (Times) The US administration’s plan to restrict American companies from selling products to Huawei could compel Britain to levy the same restrictions on UK businesses, the government was told yesterday.

Huawei Threat Poses Grave Risk To Trade Deal (Podcast) (Bloomberg) Meredith Sumpter, Research Strategy & Operations Head at Eurasia Group, on how U.S threats against Huawei pose a grave risk to the company and to a trade truce.

Macron says it is not France's aim to block Huawei (Reuters) French President Emmanuel Macron said it was not the aim of France to block Huaw...

China criticizes US action against Huawei (AP NEWS) China vowed Thursday to "resolutely safeguard" Chinese companies after Washington labeled telecom equipment giant Huawei a security risk and imposed export curbs on U.S. technology...

Huawei blasts report questioning its security as Dutch authorities open investigation into espionage claims (Computing) Huawei supplies surveillance technology to China's government in Xinjiang, where one million people are interned for 're-education'

This is why there's been a decade-long disconnect between Huawei and the US, and it's unlikely to be fixed soon (CNBC) The U.S. has insisted Huawei and its equipment are pervasively unsafe. Huawei has long requested the chance to prove its equipment is safe.

Trump’s Huawei sanctions underscore U.S. dependency on China tech (Washington Post) We are about to find out just how heavily U.S. tech firms depend on this banned Chinese manufacturer.

Commerce Dept. bans Huawei, 70 affiliates from sourcing U.S. components (FierceWireless) The move comes one day after U.S. President Donald Trump declared a national emergency in relation to telecom equipment.

Silicon Valley Will Feel Sting of Export Restrictions Against Huawei (Wall Street Journal) The Commerce Department’s move to scrutinize U.S. exports to Huawei threatens to limit the Chinese company’s access to U.S.-made chips and other parts for its smartphones and 5G.

Trump Order Restricting Huawei Sharpens U.S. Lawmakers’ Focus on China (Bloomberg) Committee announces new ‘deep dive’ on Chinese tech maneuvers. Dems too absorbed by Russia-collusion claims, says Republican.

Rep. Harley Rouda introduces Bipartisan House Bill to Protect Rail and Bus Manufacturing from Chinese Threats (Representative Harley Rouda) Today Rep. Harley Rouda (D-CA), along with a bipartisan group of lawmakers, Reps. Rick Crawford (R-AR), Scott Perry (R-PA), Kay Granger (R-TX), Tim Ryan (D-OH), Eleanor Holmes Norton (D-DC), Randy Weber (R-TX), and John Garamendi (D-CA) introduced the Transportation Infrastructure Vehicle Security Act, a bill combatting Chinese efforts to undermine the U.S. economy and national security.

How Congress should tackle the Russian national security threat (TheHill) It is time for lawmakers to set aside politics and take aim at foreign meddling in our elections.

European telcos want the right to perform "deep packet inspection" on our data (Boing Boing) European telcos want the right to perform "deep packet inspection" on our data

The False Promise of “Lawful Access” to Private Data (WIRED) Opinion: As online extremism migrates to real-world violence, some suggest letting law enforcement intercept encrypted messages. But that’s a dangerous proposition.

Senate Dems introduce election security bill requiring paper ballots (TheHill) Sen. Ron Wyden (D-Ore.) and a group of 12 other senators introduced a bill Wednesday to mandate the use of paper ballots in U.S.

Senate panel approves bill enhancing DHS' ability to share threat intelligence with private sector (Inside Cybersecurity) The Senate Homeland Security Committee approved two bipartisan bills that would establish a structure for intelligence officials at the Department of Homeland Security to share information about cybersecurity threats with the private sector, and provide counterintelligence training for federal procurement officials to mitigate such threats.

The FCC's Plan to Stop Robocalls Sounds Awfully Familiar (WIRED) FCC chair Ajit Pai has proposed a set of rules to combat robocalls. Don't get your hopes up quite yet.

Cyber Workforce Exec Order: Right Question, Wrong Answer (Dark Reading) Shuffling resources, adding administrative process, and creating a competition and incentive system will do little to grow and mature the talent we need to meet the cybersecurity challenges we face.

Cyber Experts Call for More Collaboration, Training (Air Force Magazine) A new provision of the 2019 NDAA clears the way for fully fledged joint operations in cyberspace involving both military personnel and those from civilian agencies like the Department of Homeland Security, officials said Thursday.

Litigation, Investigation, and Enforcement

Dutch Spies Investigate Huawei 'Links To Chinese Espionage' From 'Hidden Backdoor' (Forbes) AIVD, the Dutch spy agency is investigating an alleged hidden back door in Huawei telecoms equipment, sources say they are also looking at links to Chinese espionage. Coming a day after President Trump signed his executive order, a bad week for Huawei just got a lot worse.

Secret tracking device found in Navy email to Navy Times amid leak investigation raises legal, ethical questions (Military Times) It appears that the Navy sought to secretly extract data from the Navy Times computer network.

What ‘arrest’ means for the Canadians detained in China — and the epic battle over Huawei (Washington Post) The move signals the start of a lengthy legal process that could deepen the U.S.-China dispute.

Rights Group Win Allows Courts to Scrutinize Spy Agencies (Infosecurity Magazine) Rights Group Win Allows Courts to Scrutinize Spy Agencies. Supreme Court ruling means decisions made by secret tribunal aren’t final

Global Takedown Shows the Anatomy of a Modern Cybercriminal Supply Chain (WIRED) Charges against 10 men across Eastern Europe associated with the Goznym malware crew reveal global law enforcement's reach—and its limits.

Feds Target $100M ‘GozNym’ Cybercrime Network (KrebsOnSecurity) Law enforcement agencies in the United States and Europe today unsealed charges against 11 alleged members of the GozNym malware network, an international cybercriminal syndicate suspected of stealing $100 million from more than 41,000 victims with the help of a stealthy banking trojan by the same name.

GozNym Cybercrime Group Behind $100 Million Damages Dismantled (BleepingComputer) Ten members of the GozNym cybercriminal group which used the Avalanche malware distribution network to launch malware attacks against businesses and financial institutions were indicted today for computer fraud conspiracy, wire and bank fraud conspiracy, and money laundering.

Hacking forums survive cybercrime dragnet as feds prioritize drug-market busts (CyberScoop) It might be more difficult these days to conduct an anonymous drug deal on the dark web, but not every online criminal enterprise is feeling the pinch of international law enforcement.

GDPR: Europe Counts 65,000 Data Breach Notifications So Far (BankInfoSecurity) European privacy authorities have received nearly 65,000 data breach notifications since the EU's General Data Protection Regulation went into full effect in May

Opinion | Bull Durham at Justice (Wall Street Journal) Bill Barr’s latest appointment reminds us how the department should operate.

Nellie Ohr deleted emails sent from husband's DOJ account (Washington Examiner) Nellie Ohr, the wife of Justice Department official Bruce Ohr, told her husband she was deleting emails sent from his government account.

Chelsea Manning sent back to jail for refusing to testify in Wikileaks investigation (Army Times) Former Army intelligence analyst Chelsea Manning was ordered back to jail Thursday for refusing to testify to a grand jury, even after telling a judge she’d rather “starve to death” than cooperate with prosecutors.

Bring your own context.