The CyberWire Daily Briefing, 1.22.20

Cyber Attacks, Threats, and Vulnerabilities

Iran Conflict Could Shift To Cyberspace, Experts Warn (NPR.org) After the U.S. killed Iran's top military leader, government officials and security experts say Iran could retaliate with cyberattacks ranging from destroying data to defacing websites.

Saudi crown prince implicated in hack of Jeff Bezos’s phone, U.N. report will say (Washington Post) A United Nations investigation to be released Wednesday will report that Amazon founder Jeff Bezos’s cellphone was hacked in 2018 after he got a WhatsApp message that came from an account purportedly belonging to Saudi Crown Prince Mohammed bin Salman, according to a person with direct knowledge of the report.

Jeff Bezos hack: Amazon boss's phone 'hacked by Saudi crown prince' (the Guardian) Exclusive: investigation suggests Washington Post owner was targeted five months before murder of Jamal Khashoggi

Jeff Bezos' phone reportedly hacked via malicious WhatsApp message from Saudi prince (Computing) Bezos had shared his number with Crown Prince Mohammed bin Salman at a dinner in Los Angeles

Bezos’ Phone Was Likely Hacked by Chat Account Linked to Saudi Prince, Audit Finds (Wall Street Journal) Cybersecurity experts hired by the Amazon founder have alleged that his phone was probably hacked in 2018 by a WhatsApp account associated with Saudi Crown Prince Mohammed bin Salman, according to a person familiar with the matter.

Saudi Arabia: Bezos phone hack claim is ‘absurd’ (BBC News) The Saudi crown prince's WhatsApp account has reportedly been linked to the data breach.

Microsoft discovers new sLoad 2.0 (Starslord) malware (ZDNet) sLoad malware gangs makes a comeback after having operations exposed last month.

New NetWire RAT Campaigns Use IMG Attachments to Deliver Malware Targeting Enterprise Users (Security Intelligence) IBM X-Force researchers have discovered a new campaign targeting organizations with fake business emails that deliver NetWire remote-access Trojan (RAT) variants.

What do online file sharers want with 70,000 Tinder images? (Naked Security) A researcher has discovered thousands of Tinder users’ images publicly available for free online.

Report: Cannabis Users’ Sensitive Data Exposed in Data Breach (vpnMentor) Led by internet privacy researchers Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach in THSuite, a point-of-sale system in

Update: Curveball Exploit (CVE-2020-0601) Starts Making the Rounds (MarketScreener) On patch Tuesday for January 2020, Microsoft disclosed a critical vulnerability that had been discovered by the NSA, that has been dubbed CurveBall or ChainOfFools by the security research community.

Infiltrating Networks: Easier Than Ever Due to Evil Markets (BleepingComputer) Attackers don't always need to breach the networks of their victims themselves to plant malware as there are plenty of professional intruders offering their services on underground markets.

BitPyLock Ransomware Now Threatens to Publish Stolen Data (BleepingComputer) A new ransomware called BitPyLock has quickly gone from targeting individual workstations to trying to compromise networks and stealing files before encrypting devices.

Honeywell Maxpro VMS & NVR (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: MAXPRO VMS & NVR Vulnerabilities: Deserialization of Untrusted Data, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in elevation of privileges, cause a denial-of-service condition, or allow unauthenticated remote code execution.

N.O. Traffic and Municipal Court reopens after last month's cyber attack (WWL) Kenny Kuhn reporting...Traffic and municipal courts reopen tomorrow after weeks of delays due to a citywide cyber attack.

Researchers call Christmas cyberattack 'mostly preventable' (Glens Falls Post-Star) The security flaw that led to the town of Moreau and dozens of others being hacked on Christmas was used many times last year but firms didn't react.

Security Patches, Mitigations, and Software Updates

Citrix ships patches as vulnerable servers come under attack (Naked Security) Citrix has issued its first set of patches fixing a nasty vulnerability that’s been hanging over some of its biggest products.

Temporary patch issued to cover IE 11 security flaw being actively exploited in the wild (Computing) Third-party 'Micropatch' will provide protection for out-of-support Windows 7 and Windows Server 2008 r2 users

Antivirus vendors push fixes for EFS ransomware attack method (ZDNet) Signature-based software may not be enough to protect Microsoft’s Windows EFS against evolving ransomware families.

Cyber Trends

BitDam Study Exposes Unacceptable Threat Detection Miss Rates by Leading Email Security Products (PRWeb) BitDam, a leading provider of cybersecurity solutions that protect enterprise communications from unknown threats hidden in files and links, today announced...

Confidence in SD-WAN Shaken by Digital Transformation, Finds Cato Networks IT Survey (Cato Networks) Networking in 2020: Understanding Digital Transformation’s Impact on IT Confidence in Enterprise Networks

NPR Poll: Majority Of Americans Believe Trump Encourages Election Interference (NPR) More than 40% believe the U.S. is not very prepared to keep this year's election safe. The results paint a picture of a polarized electorate wary about what it reads and the fairness of elections.

Over $11 billion has been Hacked from Crypto Exchanges, New Timeline Reveals (InsideBitcoins) Over $11 billion worth of cryptocurrencies has been stolen in different cryptocurrency hacking incidents since 2011. The figures calculated by InsideBitcoins.com show that a significant amount was lost in cryptocurrency exchange hackings. Other affected platforms include cryptocurrency wallets and mining platforms.

Peter Cochrane: Technology is not a threat - people are! (Computing) Humanity faces a number of challenges that technology can overcome. Unfortunately, too many of the people in power are also the most ignorant.

Marketplace

Intezer raises $15M for its DNA-style ‘genetic’ approach to identifying and tracking malware code (TechCrunch) As the total cost of cybercrime reaches into trillions of dollars and continues to rise, an Israeli firm called Intezer — which has built a way to analyse, identify and eradicate malware by way of an ordering system similar to what’s used when mapping out DNA — has raised $15 mill…

FireEye Acquires Cloudvisory (BusinessWire) Through the acquisition of Cloudvisory, FireEye will add cloud workload security capabilities to FireEye Helix.

ActZero Announces Acquisition of IntelliGO to Build Cybersecurity Business of the Future (PR Newswire) ActZero, a Palo Alto-based artificial intelligence company, announced today that it has acquired IntelliGO Networks, a leading provider of...

VMware Announces Intent to Acquire Nyansa (Globe Newswire) VMware Continues Scope Expansion of SD-WAN with end-to-end monitoring and troubleshooting capabilities for LAN/WAN deployments. Combination of Nyansa and VMware will help customers better operate and troubleshoot the virtual cloud network and enable self-healing networks.

Varicent Software Acquires Augmented Intelligence Company Symon.AI (AP NEWS) Press release content from Business Wire. The AP news staff was not involved in its creation.

Deloitte Acquires Boutique Cyber Advisory Firm SecurePath (MSSP Alert) Deloitte acquires SecurePath, a Symantec & FireEye cybersecurity partner that specializes in security advisory & product enablement services.

12 Cybersecurity Stocks to Watch in 2020 (Investment U) Cybersecurity stocks are going to be increasingly important to the tech sector.

BakerHostetler Introduces Multidisciplinary Digital Assets and Data Management Practice Group to Help Clients With 'Everything Data' (BakerHostetler) Group integrates six service teams, including the internationally recognized Privacy and Cybersecurity and Advertising and Digital Media teams, to provide clients comprehensive risk legal solutions spanning the entire information life cycle

Forcepoint Appoints Nico Popp Chief Product Officer to Accelerate Company’s Cloud-First Security Strategy (Forcepoint) Industry veteran brings more than 15 years’ experience in cloud operations, product development and customer focus to advance adoption of Forcepoint’s Behavioral-Based Cloud Security Platform with customers worldwide

Products, Services, and Solutions

BlackBerry Cylance Integrates with SafeBreach to Deliver Automated Enterprise Endpoint Security Validation (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) announced today an integration with SafeBreach to help organizations improve their overall security...

STEALTHbits Includes New Efficiency and Automation Capabilities for Active Directory Rollback & Recovery in StealthRECOVER 1.5 (STEALTHbits) STEALTHbits Technologies, Inc., a cybersecurity software company focused on protecting an organization’s sensitive data and the credentials attackers use to steal that data, today announced the release of StealthRECOVER 1.5, their fine-grained rollback and recovery...

SpearTip Updates its Advanced Cyber Threat Detection and Response Platform, ShadowSpear® (BusinessWire) SpearTip, a leading cybersecurity and cyber counterintelligence firm, today announced advances that increase the speed and effectiveness of their prop

buguroo launches enhanced New Account Fraud prevention capabilities to stop fraudsters opening bank accounts (Buguroo) buguroo launches enhanced New Account Fraud prevention capabilities to stop fraudsters opening bank accounts. Extends capabilities of flagship anti-fraud solution, bugFraud.

Flashpoint - Flashpoint Introduces Compromised Credentials Monitoring, Helping Organizations Lessen Exposure from Breaches, Leaks (Flashpoint) Advanced Technology Quickly Processes Data and Collections to Provide Unmatched Protection against Account Takeover and Fraud Loss

Privafy Introduces New Technology to Challenge Traditional Network Security Infrastructure (Privafy) Privafy today unveiled a fundamentally new approach to data security that protects organizations against modern Data-in-Motion threats while disrupting the cost associated with complex, archaic network solutions. The company’s cloud-native application will secure Data-in-Motion as it moves across locations, clouds, mobile and the IoT. Additionally, the company announced it …

CenturyLink Wins Department of Defense Learning Network EIS Award (PR Newswire) CenturyLink, Inc. (NYSE: CTL) announced that it recently won a task order to provide secure connectivity to the U.S. Department of Defense...

Perception Point Launches Next-gen Internal Email Security Protecting Companies From In-house Threats (PR Newswire) Perception Point, a leading cybersecurity firm preventing file and URL based attacks in any content-exchange channel, today launched its...

Octarine Open Sources the Kubernetes Common Configuration Scoring System and kube-scan (Yahoo) Octarine, the continuous Kubernetes security company that simplifies DevSecOps, today announced the release of two new open source projects: the Kubernetes Common Configuration Scoring System (KCCSS), a new framework for rating security risks associated with misconfigurations, and kube-scan, a workload

Proofpoint Achieves FedRAMP Certification for Proofpoint Email and Information Protection Service and Targeted Attack Protection Solutions (Proofpoint US) Proofpoint, Inc., today announced it has achieved Federal Risk and Authorization Management Program (FedRAMP) certification for its flagship email security products: Proofpoint Email and Information Protection Service, which includes Email Data Loss Prevention (DLP), and Proofpoint Targeted Attack Protection (TAP).

Carahsoft and Secureworks Expand Partnership to Distribute Cybersecurity Solutions to Commercial Customers (Globe Newswire) New agreement makes managed network and endpoint security solutions from Secureworks available through Carahsoft to public and private sector customers

Parsons Awarded Cyber Space Engineering Contract (Yahoo) Parsons Corporation (NYSE:PSN) has been awarded a task order by the General Services Administration (GSA) to provide secure and resilient architecture development, systems engineering and integration, secure communications, and cyber risk and threat assessment for the enhancement and resiliency of weapon

Technologies, Techniques, and Standards

NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management (NIST) For more than two decades, the Internet and associated information technologies have driven unprecedented innovation, economic value, and improvement in social services.

How to Catch Data Exfiltration With a Single Tshark Command - Video Blog - Active Countermeasures (Active Countermeasures) Hey folks, I’m Chris Brenton and today I’m going to show you how to identify which of your internal systems are sending the largest amount of data out to the internet using a single TShark command.

PoC Exploits Do More Good Than Harm: Threatpost Poll (Threatpost) More than half of security experts think that the good outweighs the bad when it comes to proof-of-concept exploits, according to a recent Threatpost poll.

How one cyber expert is influencing day-to-day resilience (Fifth Domain) A cybersecurity expert who has helped develop security controls for federal agencies is leaving the Federal Information Security Modernization Act project after 17 years, but will continue contributing to best practices.

Design and Innovation

IBM’s debating AI just got a lot closer to being a useful tool (MIT Technology Review) A technique called argument mining lets machines comb through huge data sets to help us make decisions. It could supercharge voice assistants.

IBM proposes artificial intelligence rules to ease bias concerns (National Mortgage News) IBM called for rules aimed at eliminating bias in artificial intelligence to address concerns which range from identifying faces in security-camera footage to making determinations about mortgage rates.

Research and Development

Denim Group Awarded AFWERX SBIR Contract to Accelerate Distributed Software Delivery to Air Force Operators (BusinessWire) Denim Group awarded SBIR contract to accelerate software delivery to Air Force operators though vulnerability resolution platform, ThreadFix.

SecuLore wins DHS award to improve emergency communications infrastructure - Homeland Preparedness News (Homeland Preparedness News) SecuLore Solutions was awarded $750,000 by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) to improve the resiliency of the nation’s emergency communications infrastructure. SecuLore will work to eliminate cybersecurity attacks against emergency communications systems through its … Read More »

Academia

KnowBe4 Donates $250,000 to Stetson University College of Law (Yahoo) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced it will make a $250,000 donation to Stetson University College of Law, Florida’s first law school. “We see this donation as a great opportunity to contribute to and build our community

Legislation, Policy and Regulation

India likely to force Facebook, WhatsApp to identify the originator of messages (TechCrunch) New Delhi is inching closer to recommending regulations that would require social media companies and instant messaging app providers to help law enforcement agencies identify users who have posted content — or sent messages — it deems questionable, two people familiar with the matter t…

House of Lords introduces private member's bill to resurrect age verification plan (Computing) Baroness Howe of Idlicote's bill intended to force government into implementing the so-called porn block

Russia’s New Prime Minister Augurs Techno-Authoritarianism (Foreign Policy) Mikhail Mishustin used the art of surveillance to master the science of tax revenue collection. Now he may lend that expertise to enhance Putin’s authoritarian…

GOP rep introduces bill to block intelligence sharing with countries using Huawei for 5G (TheHill) Rep. Jim Banks (R-Ind.) introduced a bill Tuesday aimed at barring the United States from sharing intelligence with any countries that permit Huawei to operate their 5G networks.

Survey: Financial-Sector Agencies’ Policies for Sharing Cyber Threats Inconsistent (Nextgov.com) Respondents describe barriers ranging from a lack of resources to intelligence agencies’ classification decisions.

What new documents reveal about Cyber Command’s biggest operation (Fifth Domain) New documents received via the Freedom of Information Act reveal new details regarding Operation Glowing Symphony, Cyber Command's largest operation to date.

Cyber Command assessments considered anti-ISIS campaign successful (The Washington Times) Pentagon documents made public Tuesday show that U.S. Cyber Command viewed its campaign against the Islamic State terrorist group to be successful in spite of some setbacks.

Litigation, Investigation, and Enforcement

If intel analysts engage in criminal conduct, they should be held accountable (Washington Post) A prosecutor reviewing intelligence community conclusions (particularly about Russian interference in our elections) is indeed a grave threat to intelligence analysts, as Robert S. Litt and John E. McLaughlin noted in their Jan. 17 Friday Opinion essay.

Glenn Greenwald Charged With Cybercrimes in Brazil (New York Times) Mr. Greenwald is accused of being part of a “criminal investigation” that hacked into the cellphones of prosecutors and public officials.

Brazil accuses journalist who broke Snowden leaks (BBC News) Brazilian authorities are seeking to charge Glenn Greenwald over alleged cyber-crimes.

Brazil charges American journalist Glenn Greenwald for reports exposing alleged corruption (Washington Post) Brazilian prosecutors charged American journalist Glenn Greenwald on Tuesday with cybercrimes for his reporting last year on leaked cellphone messages that cast doubt on the impartiality of a corruption investigation that helped pave the way for the rise of Brazilian President Jair Bolsonaro.

The Cybersecurity 202: Glenn Greenwald says Brazil charges are part of a global trend to criminalize journalism (Washington Post) American journalist Glenn Greenwald says the Brazilian government's charges against him are the latest strike in a global campaign by governments across the world to use anti-hacking laws to punish and silence journalists.

EFF Statement on Glenn Greenwald Charges (Electronic Frontier Foundation) EFF is dismayed to learn of the decision by Brazilian prosecutors to charge journalist Glenn Greenwald under the country’s computer crime law.EFF has long warned that cybersecurity laws in the Americas have been written and interpreted so broadly as to invite misuse. Computer crime laws should...

U.S. Turns Up the Spotlight on Chinese Universities (Wall Street Journal) The Trump administration fears Chinese universities are exploiting ties to U.S. businesses and universities to promote Beijing’s economic and military goals. Chinese intelligence services are seeking specific pieces of technology that fill gaps in research.

Exclusive: Apple dropped plan for encrypting backups after FBI complained - sources (Reuters) Apple Inc dropped plans to let iPhone users fully encrypt backups of their devic...

Hong Kong protests: did police use Israel firm’s tech to crack phones? (South China Morning Post) A former Hong Kong police detective says the force has used Cellebrite’s data-extraction technology for about seven years.

Inside the $10 million cyber lab trying to break Apple’s iPhone (Fast Company) The Trump administration wants Apple to create a backdoor into the iPhone. District Attorney Cy Vance Jr. has spent millions trying to find other ways in.

China and US top user data requests in Apple transparency report (Naked Security) Most of the US and China’s requests had to do with investigations into fraud, suspected account access and phishing.

FBI Took Two Months to Crack Lev Parnas’s iPhone 11, U.S. Says (Bloomberg) It took the Federal Bureau of Investigation about two months to unlock the Apple iPhone 11 that was seized from Lev Parnas, the indicted associate of Rudy Giuliani.

High Court Won't Take Up Facebook Biometric Privacy Case (Law360) Facebook has lost its bid for the U.S. Supreme Court to consider whether users have constitutional standing to sue over its face-scanning practices, setting up a potential trial that could lead to billions of dollars in damages.

Schiff may have mischaracterized Parnas evidence, documents show (POLITICO) Unredacted material shows he may have referred to the wrong "Mr. Z."

Nadler's Russia Claim (FactCheck.org) Rep. Nadler went too far when he claimed that President Trump "worked with the Russians to try to rig the 2016 election." The special counsel investigation identified "multiple contacts" between the Trump campaign and those tied to the Russian government, but it "did not establish ... coordination" between the two.

FBI calls for collaboration with business in preventing cyber crimes (Boston Business Journal) During an event at the Ritz-Carlton on Tuesday, a top FBI official urged national and local companies to help the agency prevent cybercriminal threats, stressing the importance of businesses developing a relationships with the FBI before a data breach happens.

DDoS Mitigation Firm Founder Admits to DDoS (KrebsOnSecurity) A Georgia man who co-founded a service designed to protect companies from crippling distributed denial-of-service (DDoS) attacks has pleaded to paying a DDoS-for-hire service to launch attacks against others.

'Ashamed, embarrassed': Burnaby woman says she was paid $150 to support Meng Wanzhou outside court (NEWS 1130) It was presented to her as a quick way to make $150, but now, a Burnaby woman says she's horrified after seeing pictures of herself holding a Meng Wanzhou support sign go viral.

Bring your own context.

And the CyberWire Pro will be here soon.