The CyberWire Daily Briefing, 2.13.20

Cyber Attacks, Threats, and Vulnerabilities

Hamas-linked hackers exploit current events to spy on rival Palestinian officials, researchers say (CyberScoop) Hackers associated with Hamas, the Islamist militant group that rules the Gaza Strip, are combining new malware with a timeless trick in an espionage campaign against Palestinian officials, private-sector researchers said Thursday. Like many attackers before them, they’re sending emails on enticing topics, ranging from the U.S. killing of Iranian general Qassem Soleimani to the Trump administration’s Middle East peace proposal. The messages come with malicious PDF files that contain a new remote access trojan (RAT), code that gives them a foothold onto a computer, according to Boston-based security company Cybereason.

Israeli cyber company uncovers Hamas campaign against PA (The Jerusalem Post) Hamas cyber-cells used Trump's plan and Soleimani's assassination to target PA officials.

State of the Hack: Spotlight Iran — From Cain & Abel to Full SANDSPY (FireEye) On this episode of State of the Hack we talk about activities coming out of Iran and mitigations against these threats. 

Huawei, 5G and the UK: What is the real risk for enterprises? (CSO Online) Secret backdoors might not be the biggest worry when it comes to 5G. Here's what you need to know about security risks around Huawei and 5G in general.

If China did hack Equifax, these Americans may have more reasons to be concerned (MarketWatch) Federal prosecutors charged Chinese military personnel with stealing the personal information of nearly 150 million Americans in 2017.

OTORIO Identified a Vulnerability in Siemens Devices Used for Critical Infrastructure (OTORIO) The newly-identified vulnerability lays in the implementation of the Profinet stack with implications for a variety of industrial verticals

Loda Trojan revitalized with stealthy upgrade, new exploits (ZDNet) The RAT has graduated from infancy and is fast becoming a threat that should be taken seriously.

A dirty dozen of Bluetooth bugs threaten to reboot, freeze, or hack your trendy gizmos from close range (Register) Over the air? More like over the aarrrggghhh

Sextortion Scams Delivered by Emotet Net 10 Times More Than Necurs Sextortion — Here's Why (Security Intelligence) Recent spam campaigns from Emotet featured sextortion content very similar to emails previously sent by the Necurs botnet.

Hackers are demanding nude photos to unlock files in a new ransomware scheme targeting women (Fast Company) Security firm Emsisoft has released a decryption to circumvent a new ransomware variant that’s demanding explicit photos.

Critical vulnerability found in IBM ServeRAID Managet (SC Media) IBM has issued an advisory for a critical vulnerability in its now unsupported ServeRAID Manager product that could lead to arbitrary code execution.

Microsoft's corp.com default makes for a potential security disaster (Houston Chronicle) A default setting found in earlier versions of Windows could cause big security issues if the associated public internet domain goes live.

Google Chrome users left scrambling without access to their passwords (Express) Millions of Google Chrome users may have found themselves locked out of their passwords and other key login information earlier this week, following a misunderstanding with the Chrome Web Store.

Vulnerability Summary for the Week of February 3, 2020 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

The Cybersecurity 202: The 2020 Census could be the next big hacking and disinformation target (Washington Post) Lawmakers are growing increasingly alarmed about hacking dangers targeting the 2020 Census after a watchdog detailed dozens of high-risk cybersecurity problems that should have been fixed a long time ago.

House members fear Census IT ‘debacle’ similar to Iowa caucus rollout (Federal News Network) One month out from when the Census Bureau will roll out its internet self-response platform, GAO has flagged significant IT challenges.

Watchdog Warns 2020 Census Isn’t Ready (Wall Street Journal) The Census Bureau is behind schedule in recruiting workers and testing online systems that underpin the 2020 count that gets fully under way next month, a government watchdog said.

Voting on Your Phone: New Elections App Ignites Security Debate (New York Times) A start-up says it has developed a smartphone tool through which voters can cast ballots anywhere. But researchers say the app is riddled with security flaws.

MIT researchers disclose vulnerabilities in Voatz mobile voting election app (ZDNet) Researchers say Voatz security flaws could allow someone to alter, stop, or expose how an individual user has voted.

The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections (Internet Policy) In the 2018 midterm elections, West Virginia became the first state in the U.S. to allow select voters to cast their ballot on a mobile phone via a proprietary app called “Voatz.”

Voatz Response to Researchers’ Flawed Report (Blog @ Voatz) Voatz wishes to acknowledge the enormous effort it must have taken for the team of researchers, until this point anonymous to us, to produce “The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S Federal Elections”. Our review of their report found three fundamental flaws with their method of analysis, their untested claims, and their bad faith recommendations. First, the researchers were analyzing an Android version of the Voatz mobile voting app that was at least 27 versions old at the time of their disclosure and not used in an election. Had the researchers taken the time, like nearly 100 …

New York Times Profiles Voatz (PR Newswire) Voatz is honored to be featured in The New York Times this morning in a story written by Pulitzer Prize winning reporter, Matthew Rosenberg....

Medici Ventures Issues Statement in Support of Voatz, Creator of First and Only Blockchain-Based Mobile Voting App (Globe Newswire) Medici Ventures, the wholly-owned subsidiary of Overstock.com, Inc. (NASDAQ:OSTK), has released the following statement from Jonathan Johnson, CEO of Overstock and president of Medici Ventures, in the wake of today’s story in the New York Times around mobile voting...

Iowa Democratic Party chair resigns after caucus fiasco (NBC News) Troy Price became the face of the confusion that swirled around the Democrats' caucuses in Iowa.

EXCLUSIVE: PBC elections office hit by ransomware before 2016 election (The Palm Beach Post) Current Palm Beach County elections supervisor Wendy Sartory Link said she recently learned about a 2016 ransomware attack at the elections office.

Calls for review after council 'cyber attack' (BBC News) A "serious review" of IT systems is needed following the outage, a councillor warns.

Translink staff call in experts after hackers hold computer system ransom (The Irish Sun) TRANSLINK staff have called in experts from Microsoft and GCHQ after hackers locked down computer systems and demanded money. Experts have been battling for more than a week to regain control of No…

Cyber security expert ties Racine and Oshkosh ransomware attacks to Russian hackers (WISN) The hackers could have been stealing data for months.

Cyberattack postmortem reveals Florida city lost 6GB of data (Insurance Business) There is no evidence that personal information was compromised

Looking for Valentine's love online? Beware of scammers and cat phishing (TimesLIVE) With Valentine's Day fast approaching, hopeful romantics be warned - cat phishing and online romance scams could leave you heartbroken and broke

This is no sweetheart deal: How to shield yourself from cyber criminals' arrows on Valentine's Day (USA TODAY) Valentine's Day is the time of year that cyber criminals like to play Cupid, and you are the object of their affections, a security firm says.

It’s a match! More than 7,700 attacks by threats disguised as dating apps in Africa (Africanews) With Valentine’s Day approaching, singles and couples alike are under intensifying pressure to solidify their plans for this Friday. While choosing a right partner is

Security Patches, Mitigations, and Software Updates

Google: Efforts Against Bad Android Apps on Play Store Are Working (Threatpost) The tech giant acknowledged some achievements in efforts to bolster mobile app security but recognized more needs to be done.

Patch Tuesday Windows 10 update KB4532693 is borking user profiles (Computing) Cumulative update issued on Tuesday loads incorrect user profiles and resets desktop and Start menu

It's official: In May, Microsoft will close the door, lock the vault, brick over the entrance of dreaded Windows 10 1809 (Register) Now let us never speak of this again

Microsoft Alters Windows Extended Security Updates Requirements Yet Again (Redmondmag) Participants in Microsoft's Extended Security Updates (ESU) program for out-of-support Windows 7 and Windows Server 2008 machines faced new installation requirements on Tuesday.

Millions of Dell business PCs hit by troubleshooting bug (SC Magazine) Flaw in Windows-based troubleshooting program SupportAssist, pre-installed on nearly every new Dell PC

Critical XSS vulnerability patched in WordPress plugin GDPR Cookie Consent (ZDNet) The plugin is actively installed on over 700,000 websites.

Firefox six-weekly security fixes are out – get them now! (Naked Security) No zero-day bugs, so by updating promptly you are keeping ahead of the crooks, not merely catching up!

Mozilla issues final warning to websites using TLS 1.0 (Naked Security) From March, the Firefox, Chrome, Safari and Edge browsers will show warnings when users visit websites that only support TLS versions 1.0 or 1.1.

T-Mobile Galaxy Note8 & S10 Series Gets February Security Patch (ClickItorNot) The Galaxy Note 8 software update looks like that it is getting better now. The latest February security patch is now available for the T-Mobile.

SoundCloud Tackles DoS, Account Takeover Issues (Threatpost) Among other issues, the music platform didn't limit the number of login attempts someone could make.

Cyber Trends

Average tenure of a CISO is just 26 months due to high stress and burnout (ZDNet) Report: The vast majority of interviewed CISO executives (88%) report high levels of stress, a third report stress-caused physical health issues, half report mental health issues.

IBM X-Force Research: Hackers Weaponizing Stolen Records, Network Vulnerabilities (MSSP Alert) Nearly 66% of cyber network burglaries have exploited previously stolen credentials or known software vulnerabilities, IBM’s X-Force Threat Intelligence Index 2020 reports.

The State of E-Commerce Infrastructure Report 2019 (Webscale) A Survey of E-Commerce Professionals Regarding the Holiday Shopping Season in 2019

Marketplace

The world’s biggest phone show has been canceled due to coronavirus concerns (The Verge) MWC is no longer taking place due to health concerns over the coronavirus spread.

As WhatsApp Tops 2 Billion Users, Its Boss Vows to Defend Encryption (WSJ) WhatsApp has surpassed more than two billion active users, and its leader is vowing to defend its fully private form of messaging against mounting threats from governments around the world.

Newspaper Publisher McClatchy Files for Chapter 11 Bankruptcy (Wall Street Journal) The third-largest newspaper publisher in the U.S. by circulation said it has filed for chapter 11 bankruptcy as it seeks support from its key stakeholders for a reorganization plan.

Cybersecurity startup HyperQube nabbed an investment from CIT GAP Funds (Technical.ly DC) The Arlington company said it plans to use the funding to accelerate its software development, make some key hires and expand its marketing efforts.

Cybersecurity startup Deep Instinct raises $43M in new round (SiliconANGLE) Cybersecurity startup Deep Instinct raises $43M in new round

Paris-based CybelAngel raises €32.9 million Series B to help companies manage digital risk (EU-Startups) French startup CybelAngel, a digital risk management startup, has today announced closing a €32.9 million Series B funding round, from a consortium of European VCs and successful US based entrepreneurs.

Trend Micro Spin-Out Cysiv Gets $26M to Scale Cybersecurity Platform (Dallas Innovates) The Series A funding will help the Security Operations Center-as-a-Service provider address the challenges enterprises currently face in protecting their data.

Auctus Supports Cybersecurity and Microsoft Cloud Solutions Acquisition, Advises 5nine in Acronis Buyout (Auctus Capital Partners) Auctus Capital Partners is pleased to announce its role as exclusive advisor to leading global cloud

What is Applied Insight seeking with its latest purchase? Its CEO fills us in. (Washington Business Journal) With intelligence agencies turning more to cloud capabilities, Applied Insight is making moves to to get a bigger piece of the infrastructure market.

WhiteHat Security Expands Application Security Leadership into Australian Market (BusinessWire) WhiteHat Security today announced that it is expanding its presence and product offerings into the Australian market.

Netography Security Operations Platform Now Generally Available; Industry Luminaries Tom Reilly and Martin Roesch Join Advisory Board (BusinessWire) Netography announces general availability of its Security Operations Platform, and appointments of Tom Reilly and Martin Roesch as advisors.

Exabeam Names Jeff Romano Chief Customer Success Officer (BusinessWire) Exabeam, the Smarter SIEM™ company, today announced the appointment of Jeff Romano to chief customer success officer.

Nixu Leadership Team strengthens with international market and managed service leaders (News Powered by Cision) Nixu Corporation, Press release, February 13, 2020, at 8:25 AM EET Cybersecurity company Nixu has

Products, Services, and Solutions

iProov’s Cross-platform Biometric Technology Now Available Beyond Mobile (BusinessWire) iProov, a leading provider of biometric authentication technology, today announces that its Verifier product is now available to organisations needing

Tozny introduces encrypted identity tool as part of security service platform (TechCrunch) Tozny, a Portland, Oregon startup that wants to help companies more easily incorporate encryption into programs and processes, introduced TozID today. It is an identity and access control tool that can work independently or in conjunction with the company’s other encryption tools. “Basi…

Altitude Networks Launches New Features to Protect Enterprise Data From Malicious Third-party Applications (PR Newswire) Altitude Networks, the industry's first cloud-native DLP for SaaS collaboration, today launched rogue application detection to enable stronger...

Automate Continuous Compliance for Windows Server 2012 and Windows Server 2019 (SaltStack) The new version of SaltStack Comply includes CIS-certified content for Windows Server 2012 and Windows Server 2019 to automate continuous compliance.

Activate SecOps with Vulnerability Remediation Integrated with Tenable (SaltStack) Activate SecOps with automated vulnerability remediation integrated with Tenable. Get the new SaltStack Enterprise 6.2 release with SaltStack Protect.

SaltStack Infrastructure Automation Now Integrated with Tenable.io for Closed-Loop Vulnerability Remediation (SaltStack) SaltStack Protect 6.2 includes infrastructure automation now integrated with Tenable.io for closed-loop vulnerability remediation.

Thales strikes key cloud partnership to support Fujitsu services (Cloud Pro) The security firm’s tech will help Fujitsu launch a new PKI management platform

Perion Network Launches Privado Private Search Engine (Cynopsis Media) Perion Network announced that CodeFuel, its search technology division, has launched Privado Private Search Engine, aimed at protecting users’ rights to o

Elastic Security 7.6.0: Delivering visibility and threat protection through a unified interface (Help Net Security) Elastic announced the release of Elastic Security 7.6.0, which builds on the strengths of Elastic Endpoint Security and Elastic SIEM.

Technologies, Techniques, and Standards

Spearheading the defence against a cyber attack requires c-suite buy-in (Information Age) Spearheading the defence against a cyber attack needs the c-suite's involvement, according to Anthony Young, director at Bridewell Consulting

How ‘hunt forward’ teams can help defend networks (Fifth Domain) The Department of Defense wants to spend $11.6 million in fiscal year 2021 to buy systems that would help cyber operators perform “hunt forward” missions, where teams deploy to other countries to stop malicious cyber activity.

AHEAD Unveils Results of “State of Enterprise Digital Transformation” Survey, Revealing Six Contributing Factors to Transformation Success (AHEAD) A study of nearly 300 enterprise IT leaders shows new insights on infrastructure’s vital role in digital transformation.

Apple’s malware problem is getting worse (Vox) Macs aren’t as safe as they used to be. Here’s how to protect yourself.

Identifying Compromises Through Device Profiling (Active Countermeasures) Intro The Internet and our local networks have the ability to handle an amazing quantity of connections simultaneously. That strength leads to a …

Design and Innovation

Facebook starts fact-checking partnership with Reuters (Reuters) Facebook Inc said on Wednesday it has reached an agreement with news agency Reut...

Research and Development

Can you trust what you see? (Purdue University) A video on social media shows a high-ranking U.S. legislator declaring his support for an overwhelming tax increase. You react accordingly because the video looks like him and sounds like him, so certainly it has to be him.

Your phone talks about you behind your back. These researchers are listening in (CNET) They're keeping track by tracking the trackers that track you.

Academia

Purdue among select members of new space, cybersecurity organization (Purdue University) Purdue University, already known as the “Cradle of Astronauts,” is the first university to join a select group of space community leaders as a founding member of the newly formed Space Information Sharing and Analysis Center (ISAC).

In her own words: Pursuing a cybersecurity degree (The Redstone Rocket) Name: Amy Davis

Legislation, Policy and Regulation

Ofcom to be put in charge of regulating internet in UK (the Guardian) Web firm bosses could be fined or imprisoned if they do not protect users from harmful content

UK governments share data on who’s looking for alcoholism and poverty help online (Quartz) "A citizen should be able to engage with their local government without fear of private businesses surveilling the exchange," says one critic.

UK’s Huawei Choice: Impact on Transatlantic Relations (Diplomat) Insights from Meia Nouwens.

Pentagon set to back Huawei restrictions (POLITICO) The issue will be the subject of a meeting Wednesday among deputy-level officials from Commerce, Defense and other departments.

Agencies ordered to prepare for GPS outage (Federal News Network) The departments of Commerce, Defense, Transportation and Homeland Security are on the clock to secure systems that support global positioning satellites.

Kicking off a New Approach to Cyber Ethics at the Department of Defense (War on the Rocks) When I worked at the U.S. Army’s Cyber Command, I received an abundance of training meant to prevent unauthorized disclosures of classified information.

Republicans boycott House Intel hearing (POLITICO) “It is concerning that you prioritize publicity events rather than the more productive work that occurs in the committee’s classified spaces,” the Republicans wrote.

Justice CIO to retire after almost 40 years in government (Federal News Network) Joe Klimavicz, the Justice Department CIO and deputy assistant attorney general in the Justice Management Division, came to the agency in 2014 and has been vice chairman of the CIO Council since 2018.

Air Force designates new cyberspace, communications heritage center at SAFB (Belleville News-Democrat) The Air Force has designated its first-ever Cyberspace and Communications Heritage Center, dedicated to preserving and telling the story of cyber, communications and information systems personnel and missions.

Litigation, Investigation, and Enforcement

Exclusive: How the FBI combats China's political meddling (Axios) China is increasing its efforts to hold sway over local and state governments.

With Harsh Words, China’s Military Denies It Hacked Equifax (New York Times) The People’s Liberation Army said U.S. indictments accusing four of its members of stealing information from the credit data company amounted to “legal bullying.”

Pressure Mounts for Swiss Parliamentary Probe Into Spying Operation (New York Times) Senior members of the Swiss legislature are demanding a parliamentary investigation into a spying operation in which U.S. and German intelligence used a Swiss cryptography company as a front to eavesdrop on other countries.

Avast Under Investigation by Czech Privacy Agency (Dark Reading) The software security maker is suspected of selling data about more than 100 million users to companies including Google, Microsoft, and Home Depot.

Stood Up: Facebook Keeps Europe Waiting Over Dating Feature (Wall Street Journal) The move came after the Irish Data Protection Commission raised issues with the feature’s compliance with European Union data protection rules.

DPC statement on Facebook dating feature (Data Protection Commission) Facebook Ireland first contacted the Irish Data Protection Commission (DPC) in relation to its intention to roll-out a new Dating feature in the EU on Monday 3 February. We were very concerned that this was the first that we’d heard from Facebook Ireland about this new feature, considering that it was their intention to roll it out tomorrow, 13 February.

L.A. wins appeal in fight with Uber over scooter and bike data (Los Angeles Times) Uber says it will appeal the decision, which said L.A. had "properly suspended" the company's permit in dispute over real-time trip data.

After cyber attack, Dublin entrepreneur calls AG's lawsuit 'a slap in the face' (Columbus Business Journal) The founder of a Dublin business shut down by a cyber attack says the state's consumer complaint is hampering efforts to recover any assets to repay clients and creditors.

Hamas phishes Palestinian rivals? Iranian cyber capabilities. US Census worries. Mobile voting security. Emotet vs. Necurs.

Bring your own context.

Coming soon: CyberWire Pro.