The CyberWire Daily Briefing, 3.11.20

Cyber Attacks, Threats, and Vulnerabilities

How a Wikileaks dump alerted foreign hackers to U.S. tactics (FCW) A previously classified report from U.S. Cyber Command found the leaks would likely result in tactical changes by state-backed hacking groups to cover their tracks.

Energy Organizations Continue to be Compromised Globally (Dragos) Electric energy-associated organizations are at risk for network intrusions and continue to be compromised globally. Recent compromises at ...

Russia Exploits Global Pandemic for Economic Attacks (OODA Loop) The COVID-19 market disruption presents an attractive opportunity for Russia to have a disproportionate impact on U.S. economic strength by engaging in policies that amply existing conditions to further drive panic and algorithmic disfunction.

Exploiting the Coronavirus: The Spammers, the Scammers, and the Bad Guys (KnowBe4) Exploiting the Coronavirus: The Spammers, the Scammers, and the Bad Guys. Phishing, social engineering and security awareness training.

Cybercriminals leveraging coronavirus outbreak to execute ransomware attacks (Help Net Security) Cybercriminals are likely to leverage the global anxiety around the coronavirus outbreak to execute ransomware attacks against businesses.

Hackers Likely to Leverage Coronavirus Epidemic to Execute Ransomware Attacks, RiskIQ Predicts (AP NEWS) RiskIQ, the global leader in attack surface management, today issued an intelligence briefing assessing that cybercriminals are likely to leverage the global anxiety around the coronavirus outbreak to execute ransomware attacks against businesses.

Don’t Panic, Stay Calm: Legal Strategies for Addressing Coronavirus Phishing Scams in Hong Kong (Lexology) As COVID-19 or “coronavirus” spreads around the world, so are phishing scams or the infection of computer systems with malware through phishing…

Google bans all ads for medical face masks amid coronavirus outbreak (CNBC) The latest policy change comes as Google addresses misinformation on its platforms in the wake of the quickly spreading COVID-19 coronavirus. Medical experts have tried to warn against healthy people buying masks so it doesn't create an equipment shortage for medical workers.

Exclusive: Email crash impeded HHS response to coronavirus (POLITICO) Day-long IT snafu last month infuriated health officials, adding fuel to tensions among department leaders.

Intricate Phishing Scam Uses Support Chatbot to ‘Assist’ Victims (BleepingComputer) An intricate phishing scam is utilizing a "customer service" chatbot that walks its victims through filling out the various forms so that the attackers can steal their information, credit card numbers, and bank account information.

Attackers Use Fake HIV Test Results to Target Insurance, Healthcare, and Pharmaceutical Companies Globally (Proofpoint) Healthcare concerns drive us to do a lot of things like change our diet, work out more, and take medication. But they should never lead us to fall victim to phishing campaign. Threat actors regularly use purported health information in their phishing lures because it evokes an emotional response that is particularly effective in tricking potential victims to open malicious attachments or click malicious links.

Hackers are compromising vulnerable ManageEngine Desktop Central instances (Help Net Security) Upgrade your ManageEngine Desktop Central installation or risk falling prey to attackers who exploiting the recently disclosed CVE-2020-10189 flaw.

Bitdefender Researchers Discover New Side-Channel Attack (Business Insights) In 2018, two new types of microarchitectural side-channel attacks were disclosed: Meltdown and Spectre. in 2020, a new attack (LVI-LFB) discovered by Bitdefender allows an adversary to inject rogue values in certain microarchitectural structures to reveal secret, protected data across levels of privilege.

Load Value Injection in the Line Fill Buffers: How to Hijack Control Flow without Spectre (Bitdefender) In recent years, several researchers have discovered and disclosed a series of vulnerabilities named microarchitectural side channel attacks.

AMD CPUs Susceptible to Security Vulnerabilities (Tasnim News Agency) Researchers have detailed a pair of side channel attacks under the "Take A Way" name that can leak data from AMD processors dating back to 2011.

Phishing Victims From a CDN's Point of View (Akamai) Overview Being a Content Delivery Network (CDN) platform, sometimes you can see fractions of attacks on the wire. In this blog, we will focus on phishing websites that, while not being delivered by the Akamai platform, are referring to or...

Ransomware: These sophisticated attacks are delivering ‘devastating’ payloads, warns Microsoft (ZDNet) Ransomware attackers are using common tools to take down big enterprise with 'human-operated' attacks.

This ransomware campaign has just returned with a new trick (ZDNet) Paradise ransomware is back again - and the criminals behind it appear to be testing out new tactics ahead of what could be a more prolific campaign.

IRS scams during tax season target unsuspecting consumers (Help Net Security) IRS scams still a serious issue. Scam robocalls and phishing emails disguised as banks continue to trick consumers to put personal information at risk.

Malware Unfazed by Google Chrome's New Password, Cookie Encryption (BleepingComputer) Google's addition of the AES-256 algorithm to encrypt cookies and passwords in the Chrome browser had a minor impact on infostealers.

Google: You know we said that Chrome tracker contained no personally identifiable info? Forget we ever said that (Register) Chocolate Factory clarifies its header for monitoring browser field trials following The Register report

Critical Bugs in Rockwell, Johnson Controls ICS Gear (Threatpost) Bugs affecting programmable logic controllers (PLC) and physical access-control systems for facilities are rated 9.8 in severity.

Siemens PROFINET-IO Stack (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Siemens PROFINET-IO Stack Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-042-04 Siemens PROFINET-IO Stack that was published February 11, 2020, to the ICS webpage on us-cert.gov.

Siemens SPPA-T3000 (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SPPA-T3000 Vulnerabilities: Improper Input Validation, Deserialization of Untrusted Data, Improper Authentication, Cleartext Transmission of Sensitive Information, Unrestricted Upload of File with Dangerous Type, Heap-based Buffer Overflow, Integer Overflow or Wraparound, Out-of-bounds Read, Improper Access Control, Stack-based Buffer Overflow, SFP Secondary Cluster: Missing Authentication, Information Exposure

Siemens SIMATIC Products (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3.1 3.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC CP 1626; HMI Panel (incl. SIPLUS variants); NET PC software; STEP 7 (TIA Portal); WinCC (TIA Portal); WinCC OA; WinCC Runtime (Pro and Advanced); TIM 1531 IRC (incl. SIPLUS variant) Vulnerability: Exposed Dangerous Method or Function 2.

Rockwell Automation MicroLogix Controllers and RSLogix 500 Software (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: MicroLogix 1400 Controllers, MicroLogix 1100 Controllers, and RSLogix 500 Software Vulnerabilities: Use of Hard-coded Cryptographic Key, Use of a Broken or Risky Algorithm for Password Protection, Use of Client-Side Authentication, Cleartext Storage of Sensitive Information 2.

Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-1200 and S7-1500 CPU families Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Missing Support for Integrity Check 2.

Siemens PROFINET Devices (Update D) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: PROFINET Devices Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-283-02 Siemens PROFINET Devices (Update C) that was published February 11, 2020, to the ICS webpage on us-cert.gov.

Siemens Industrial Real-Time (IRT) Devices (Update C) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Real-Time (IRT) Devices Vulnerability: Improper Input Validation 2.

Siemens Industrial Products (Update E) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Integer Overflow or Wraparound, Uncontrolled Resource Consumption 2.

Siemens Industrial Products with OPC UA (Update F) (CISA) 1. EXECUTIVE SUMMARY CVSS v3.1 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SINEC-NMS, SINEMA, SINEMURIK Industrial Control Products with OPC UA Vulnerability: Uncaught Exception 2.

Siemens SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update G) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM Vulnerability: Out-of-bounds Read 2.

Siemens SIMATIC S7-1500 (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC S7-1500 CPU family Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-042-11 Siemens SIMATIC S7-1500 that was published February 11, 2020, to the ICS webpage on us-cert.gov.

Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS 7, SIMATIC WinCC, SIMATIC NET PC Vulnerability: Incorrect Calculation of Buffer Size 2.

Siemens S7-300/400 PLC Vulnerabilities (Update E) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-300 and SIMATIC S7-400 Vulnerabilities: Information Exposure, Improper Input Validation 2.

Johnson Controls Metasys (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Johnson Controls Equipment: Metasys Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability can allow a denial-of-service attack or disclosure of sensitive data.

Siemens SIMATIC S7 (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7 Vulnerability: Uncontrolled Resource Consumption (Resource Exhaustion) 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-042-05 Siemens SIMATIC S7 that was published February 11, 2020, on the ICS webpage on us-cert.gov.

Johnson Controls Kantech EntraPass (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Kantech, a subsidiary of Johnson Controls Equipment: EntraPass Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious code execution with system-level privileges.

SIMATIC S7-300 CPUs and SINUMERIK Controller over Profinet (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-300 CPUs and SINUMERIK Controller over Profinet Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the affected device to go into defect mode resulting in a denial-of-service condition.

Siemens Spectrum Power 5 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Spectrum Power 5 Vulnerability: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 2. RISK EVALUATION Successful exploitation of this vulnerability could affect the confidentiality or integrity of the data and programming of the device.

Siemens SiNVR 3 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SiNVR 3 Vulnerabilities: Path Traversal, Cleartext Storage in a File or on Disk, SQL Injection, Cross-site Scripting, Insufficient Logging Improper Input Validation, Weak Cryptography for Passwords 2.

Brazil: Millions of Records Leaked, Including Biometric Data (SafetyDetectives) The security research team at Safety Detectives has discovered a significant data leak in addition to other security flaws (such as lack of password protection)

Watch out for Office 365 and G Suite scams, FBI warns businesses (Naked Security) The FBI has warned users of Microsoft Office 365 and Google G Suite hosted email about Business Email Compromise (BEC) scams.

Hackers target City of Châteauguay in cyber attack (Montreal) Hackers have targeted the City of Châteauguay ostensibly holding part of their information systems hostage and preventing some employees from working.

Councils' parking app hit by ransomware attack (NZ Herald) Angry users have been demanding answers for five days.

Melbourne TAFE data breach exposes 55k student, staff files (iTnews) Sensitive financial, health data accessed.

‘Major’ firm with WA office in $30m hacker attack (The West Australian) A global company with offices in Perth has been forced to halt trading after cyber hackers demanded a $30 million ransom to unlock its computer system.

Perth Offices Hacked In $30 Million Ransomware Attack (10 daily) Cybercriminals are demanding a $30 million ransom after locking the computer system of an international company with an office in Perth.

Too soon to say if ransomware attack did damage: IT experts (Squamish Chief) In wake of ransomware attacks on the District of Squamish’s computer servers, IT experts are suggesting the municipality stay wary until a forensic analysis shows the full extent of the malware’s . . .

Google data puts innocent man at the scene of a crime (Naked Security) The man became a suspect because location data from his Android phone was swept up in a surveillance dragnet called a geofence warrant.

Opinion | What happens when Google Maps gets it wrong (Washington Post) Every day, users contribute more than 20 million pieces of information to Google Maps. There are bound to be errors.

Security Patches, Mitigations, and Software Updates

Security Notes March 2020: Two Critical Solution Manager Vulnerabilities Put Every SAP System at Risk (Onapsis) Today, SAP released its monthly patch updates with several fixes, including 22 new SAP Security Notes, 4 HotNews Notes and 5 High Priority Notes.

March 2020 Patch Tuesday: Microsoft fixes 115 vulnerabilities, Adobe none (Help Net Security) It's March 2020 Patch Tuesday and Microsoft has dropped fixes for 115 CVE-numbered flaws: 26 are critical, 88 important, and one of moderate severity.

Microsoft March 2020 Patch Tuesday Fixes 115 Vulnerabilities (BleepingComputer) Today is Microsoft's March 2020 Patch Tuesday and is always stressful for your Windows administrators, so be especially nice to them today.

March Patch Tuesday: LNK, Microsoft Word Vulnerabilities Get Fixes (TrendLabs Security Intelligence Blog) Following the unexpectedly long list of fixes included in last month’s Patch Tuesday, March brings an even longer one, albeit less eventful.

March 2020 Patch Tuesday – 115 Vulns, 26 Critical, Microsoft Word and Workstation Patches (Qualys Blog) This month’s Microsoft Patch Tuesday addresses 115 vulnerabilities with 26 of them labeled as Critical. Of the 26 Critical vulns, 17 are for browser and scripting engines, 4 are for Media Foundation…

Patch Tuesday: Here's what's new for Windows 7 and 8.1 (Neowin) As with every second Tuesday of the month, Microsoft is releasing cumulative updates for all supported Windows versions. They include Windows 10, 8.1, and Windows 7 for those on extended support.

Run an Exchange Server? Hurry Up and Patch This Vulnerability (Associations Now) A high-profile vulnerability recently disclosed in Microsoft Exchange is being exploited by state-level actors, warn security experts. Fortunately, there is a patch available.

Microsoft Leaks Info on Wormable Windows SMBv3 CVE-2020-0796 Flaw (BleepingComputer) Microsoft leaked info on a security update for a 'wormable' pre-auth remote code execution vulnerability found in the Server Message Block 3.0 (SMBv3) network communication protocol that reportedly should have been disclosed as part of this month's Patch Tuesday.

Windows 10 Alert: Critical And Unpatched Security Threat Confirmed (Forbes) Microsoft has confirmed a critical and unpatched security vulnerability impacting Windows 10 users.

Cyber Trends

New Osterman Survey on the Phishing Prevention Perception Gap Reveals Disconnect Between C-Suite and Cybersecurity Professionals (Dark Reading) Sponsored by IRONSCALES, study reveals that while phishing is a major concern for all organizations, decision makers are four times more likely than security practitioners to consider email security the highest priority.

Robust Email Security Requires Alignment Between Security Practitioners and Decision Makers (Osterman Research) Phishing is the leading concern among security decision-makers and influencers, and the vast majority of phishing comes through the email channel in most organizations.

WhiteHat Security Research Reveals Nearly 60% of Industry Professionals Trust Cybersecurity Findings Verified by Humans over AI (BusinessWire) WhiteHat Security today released the results of its

The AI and Human Element Security Sentiment Study (WhiteHat Security) How Two Powerful Forces Can Tackle Our Biggest Application Security Challenges

Multi-cloud and edge deployments threatened by security and connectivity problems (Help Net Security) Organizations face major infrastructure and security challenges in supporting multi-cloud and edge deployments, according to Volterra.

Marketplace

Two People Who Attended Cyber Event Contract Coronavirus (Bloomberg) Employees of California firm showed symptoms after conference. RSA gathering is annual cybersecurity event in San Francisco.

Arctic Wolf Raises $60 Million to Further Fuel the Company’s Exponential Growth (Arctic Wolf) This new round of funding will allow Arctic Wolf to introduce new service offerings, address new markets and further cement a leadership position in the Managed Detection and Response (MDR) market.

Identity Automation acquires Enboard to bolster education IAM market position (Biometric Update) Identity Automation has acquired Enboard, a company specializing in automated account management, single sign-on (SSO), smart account provisioning, rostering, and secure encryption technologies for…

Tessian's Opportunity in Cybersecurity Report 2020 (Tessian) Despite higher-than-average salaries and unlimited growth potential, the cybersecurity industry is suffering from a skills shortage and a gender gap. Why? Read Tessian’s Opportunity in Cybersecurity Report 2020 to find out why #TheFutureIsCyber #TessianResearch

Huawei confident it will supply core network technology to European operators (Yahoo) Chinese telecom equipment maker Huawei is confident some European telecoms firms will choose it to provide 5G technology for their core networks, the firm's chief representative to the EU, Abraham Liu, told Reuters on Friday.

Chinese-Owned TikTok Launches U.S. ‘Transparency Center’ to Counter Criticism (Wall Street Journal) The video-sharing app’s Los Angeles facility will allow outside experts to view how teams at the company moderate content, and eventually provide information on source code and data-privacy and security efforts.

Developer wanted for £400m Cyber Central project (Business Leader) A £400m cyber park development with ambitions to become a global cyber hub will be built in the West Country – once a developer is recruited to spearhead the project.

PerimeterX Closes Record Year (PerimeterX) Protect your web apps against account takeover, carding, denial of inventory, scalping, skewed analytics, digital skimming, Magecart, PII harvesting, scraping.

Qualys Wins Best Vulnerability Management Solution at SC Awards 2020 (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced that it was...

KnowBe4 Promotes Two Top Executives to the Roles of Co-President to Support the Organization’s Hypergrowth Strategy (KnowBe4) KnowBe4 Promotes Two Top Executives to the Roles of Co-President to Support the Organization’s Hypergrowth Strategy

Products, Services, and Solutions

StackRox Achieves AWS Container Competency Partner Status for Container and Kubernetes Security (Yahoo) StackRox, a leader in container and Kubernetes security, today announced that it has achieved Amazon Web Services (AWS) Container Competency Partner status for its StackRox Kubernetes Security Platform. StackRox received this designation for its ability to seamlessly integrate with AWS services and provide

Zettaset Releases XCrypt Container Encryption for Docker Enterprise from Mirantis to Provide Advanced Encryption for Containers with Negligible Performance Impact (BusinessWire) Zettaset, a leading provider of software-defined encryption solutions, today announced Zettaset XCrypt Container Encryption for Docker Enterprise from

Threat Stack Announces Ruby Support for Application Security Monitoring (BusinessWire) Threat Stack, the leader in cloud security and compliance for infrastructure and applications, today announced Ruby on Rails support for Threat Stack

Verizon expands security portfolio to combat cybercrime (TechCentral.ie) Verizon Business has expanded its security portfolio with several new offerings to better protect businesses against cybercrime. Its new solutions include Verizon Managed Detection and Response, Verizon Identity and Verizon Machine State Integrity. Additionally, the company has enhanced its Rapid Response Retainer service, which offers companies cyber intelligence and incident response capabilities directly from the Verizon [&hellip

Cygilant Enhances SOCVue Platform for Faster Threat Detection and Response (MarTechSeries) Latest Updates Help Speed-Up Delivery of Insights and Actionable Recommendations from Security Analysts

Beachhead Solutions Now Provides Businesses with Audit-Ready Compliancy Reporting to Prove Device Security Procedures (Globe Newswire) Integrated into SimplySecure 6.6, Compliancy Report enables businesses to provide auditors with straightforward records showing secure device encryption and access control

SaltMiner by Saltworks Automates Application Test Data Aggregation, Analysis and Reporting to Reduce Risk, Cost and Resources (BusinessWire) Saltworks unveils SaltMiner, an innovative enterprise application security management solution.

Technologies, Techniques, and Standards

How industry and government can partner for more secure systems (Fifth Domain) A top NIST official warned that industry needs to tell government how software security features are developed.

'Data localisation won't help with cyber security,' say cyber security professionals, researchers (MediaNama) When it comes to keeping data secure, data localisation is a largely futile effort, cyber security researchers at a panel at Nullcon said.

Information Risk Insights Study (IRIS 20/20): A Clearer Vision for Assessing the Risk of Cyber Incidents (Cyentia Institute) The Cyentia Institute and Advisen will soon release the 2020 Information Risk Insights Study. The “IRIS 20/20” aims to clear the fog of FUD (fear, uncertainty, and doubt) surrounding cyber risk and help managers see their way to better data-driven decisions.

Coronavirus as an Opportunity to Evolve Security Architecture (Global Security Mag Online) Self-quarantined employees are forcing organizations to allow access to critical data remotely. Coronavirus is presenting organizations with a unique opportunity to adopt modern security protocols and enable an efficient remote workforce.

Research and Development

Council Post: Don't Get Fooled By Post-Quantum Snake Oil: We Are Still Years Away From Being 'Quantum Proof' (Forbes) The word “quantum” will be used so often over the next few years that you’ll wish you’d bought stock in it. You’ll see it in marketing across multiple industries.

Legislation, Policy and Regulation

Cyber Solarium Commission proposes actions to strengthen nation’s defenses against foreign threats (Washington Post) Act now before a “cyber 9/11” forces change, the commission’s co-chairman urges.

Analysis | The Cybersecurity 202: Cyber Solarium Commission aims to avert a cyber 9/11 before it’s too late (Washington Post) ‘The threat is only going to be multiplied in coming years,' said Sen. Angus King,

Giant Report Lays Anvil on US Cyber Policy (Wired) Released today, the bipartisan Cyberspace Solarium Commission makes more than 75 recommendations that range from common-sense to befuddling.

U.S. Lacks Key Abilities to Avert Cyberattacks, Commission Says (Wall Street Journal) The U.S. government needs to adopt structural changes not seen since the aftermath of the 2001 terrorist attacks to confront proliferating cyber threats, a government commission has concluded.

Report Coming Soon (Cyberspace Solarium Commission) On March 11, 2020, the Cyberspace Solarium Commission will release its official report consisting of over 75 recommendations organized by six key pillars

[Report of the United States Cyberspace Solarium Commission] (US Cyberspace Solarium Commission via the Wall Street Journal) Our country is at risk, not only from a catastrophic cyberattack but from millions of daily intrusions disrupting everything from financial transactions to the inner workings of our electoral system.

Senate committee waves through Australia's AML/CTF amendments (ZDNet) The committee considers that the Bill includes important measures that will strengthen Australia's capabilities to address money laundering and terrorism financing risk, and has recommended its passage

Defence encourages women to consider a career in cyber (Mirage News) Following weekend celebrations around the world of International Women's Day, women from across Defence participated in a day of cyber-centric activities...

What’s Behind Singapore’s New Integrated Military Cyber Command Objective? (Diplomat) A closer look at the context behind the new move and its potential implications.

No evidence yet that Russia has taken steps to help any candidate in 2020, intelligence official tells Congress (Washington Post) But the carefully worded assertion does not conflict with an earlier assessment that Russia had developed a preference for President Trump.

British Parliament narrowly votes down measure to phase out Huawei from networks (TheHill) The United Kingdom’s House of Commons on Tuesday narrowly voted down a measure that would have effectively phased equipment made by Chinese telecom group Huawei out of British 5G networks by the end of 2022.

Commerce Gives Cos. 45 More Days To Work With Huawei (Law360) The U.S. Department of Commerce has again extended a deadline for U.S. companies to stop doing business with Chinese telecommunications giant Huawei, saying Tuesday it is taking public comment as to whether more extensions might be needed.

Match Group first tech company to back anti-online child abuse bill (Axios) Online dating giant breaks with Internet Association, which is worried about user privacy.

Lawmakers Push Revised Surveillance Law as Deadline Looms (Wall Street Journal) Key Democrats, with some GOP support, unveiled legislation to extend expiring surveillance powers, but it is unclear whether President Trump would sign it.

Voting by mail, already on the rise, may get a $500 million federal boost from coronavirus fears (Washington Post) Sen. Ron Wyden (D-Ore.) is proposing $500 million in federal funding to help states prepare for possible voting disruptions from the coronavirus outbreak in a bill that also would give Americans the option to vote by mail in case of a widespread emergency.

Phone carriers may soon be forced to adopt anti-robocall tech (Naked Security) US carriers haven’t been doing enough to block robocalls voluntarily. The Federal Communications Commission’s response? Fine – we’ll make you.

Oakland County introduces cybersecurity task force to help communities protect against ransomware (WDIV) On Tuesday Oakland County Executive David Coulter announced the formation of “Secure IT Oakland,” a cybersecurity and infrastructure task force to assist local communities prepare and defend themselves from cybercriminals and cyberattacks.

Litigation, Investigation, and Enforcement

Government Withholding Information In Data Breach (Scoop News) The Government has deliberately withheld information from the public around data taken in Prime Minister Jacinda Ardern’s Tuia250 data breach, National’s Data and Cybersecurity spokesperson Dr Shane Reti says. “Documents released under the ...

Microsoft orchestrates coordinated takedown of Necurs botnet (ZDNet) Microsoft and partners in 35 countries move to bring down Necurs, today's largest malware botnet.

Necurs Botnets Busted (Infosecurity Magazine) 11 botnets that infected over 9 million computers all over the world have been disrupted

A Botnet Is Taken Down in an Operation by Microsoft, Not the Government (New York Times) Employees had tracked the group, believed to be based in Russia, as it hijacked nine million computers around the world to send spam emails meant to defraud unsuspecting victims.

Facebook faces $1bn fine for breach of Australian privacy law over Cambridge Analytica scandal (Mumbrella) The Australian Information Commissioner (OAIC) has lodged Federal Court proceedings against Facebook over the Cambridge Analytica data breaches. Should the social media giant be found guilty, it faces a fine of over $1bn.The data of more than 300,000 Australians was exposed in the breach, which saw Cambridge Analytica gain access to personal data for election …

Wells Fargo’s culture was ‘broken,’ new CEO tells lawmakers (Washington Post) Charles Scharf faces his biggest challenge to date as he appears before the House Financial Services Committee.

Lance Lucas pleads guilty to bribery of former lawmaker Cheryl Glenn (Technical.ly Baltimore) Lucas, who founded Digit All Systems to offer IT certifications as a way to fight poverty in Baltimore, paid bribes to Glenn for actions on a cyber training program bill and medical marijuana licenses, according to federal authorities.

The 21 words uttered by FISA court that change the Russia collusion case forever (Just The News) Judge rules for first time FBI misled, rejecting years of excuse making and suggesting process reforms won't be enough.

DC Circ. Rules Dems Should Get All Mueller Grand Jury Docs (Law360) The D.C. Circuit on Tuesday ordered the Trump administration to give the House Judiciary Committee redacted portions of grand jury materials from former special counsel Robert Mueller's probe into Russian election interference.

Facebook Rips NSO Group's 'Gamesmanship' In Hack Suit (Law360) Tensions flared Monday in Facebook's lawsuit in California federal court accusing an Israeli software firm of hacking WhatsApp users' phones, as the tech giant accused NSO Group of "procedural gamesmanship" and NSO sought sanctions against Facebook's lawyers.

Israeli spyware firm NSO seeks court sanctions against Facebook (Reuters) Israel's NSO Group is asking a California judge to sanction Facebook Inc fo...

FBI Charges Man With Running Hacker Marketplace (PYMNTS) A Russian national suspected of being the man behind the Deer.io service, which trafficks in hacked information, was arrested this past weekend in New York.

University of Hertfordshire avoids data breach action by UK watchdog (ZDNet) The ICO is taking no further action despite student information being inappropriately shared.

Navigating New Federal, State Data Privacy Compliance Duties (Law360) Recent enforcement actions, such as Equifax's $575 million data breach settlement with multiple federal agencies and states, have highlighted new notification and reporting requirements, governance issues and compliance obligations that companies must address, say Mark Krotoski and Jill Harris at Morgan Lewis.

The US Cyberspace Solarium releases its report. COVID-19 scams flourish. Patch Tuesday notes.

Bring your own context.

CyberWire Pro is here.