If you haven't yet, take a look at CyberWire Pro, launched last week. A new subscription program, CyberWire Pro is designed for security professionals and all others who want to stay abreast of this rapidly evolving field. CyberWire Pro is a premium news service that will save you time and keep you informed.
More Signal. Less Noise.
Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
Offshoring trolling. COVID-19's implications for security. Out-of-band Microsoft patch. List of bad actors.
Announcements
CyberWire Pro is now available
Summary
Russian trolling has been off-shored, in part at least, to operators in Ghana and Nigeria, CNN reports. It's election-season influence, and it's very much in the Russian style: disruptive and racially themed.
The COVID-19 pandemic is generating two immediate security effects. First, it's dramatically increased the incidence of telework and this, as the Washington Post and others point out, brings with it an expanded opportunity for cyberattack and a relatively unfamiliar set of security challenges. Second, both criminals and nation-state intelligence services are exploiting public concern about the pandemic to send phishing emails. ZDNet offers a summary of Russian, Chinese, and North Korean organizations using coronavirus-themed vectors to install malware in their targets. Recorded Future reports that many criminal attacks arrive as convincing spoofs of trusted sources like the World Health Organization and the US Centers for Disease Control. And ransomware gangs are hitting public health agencies at a time when the availability of their services and information are in high demand: Mother Jones describes one such attack in Illinois.
Microsoft yesterday issued an out-of-band patch for a vulnerability hinted at but not addressed on Patch Tuesday. It fixes a server remote code execution issue in the way the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests.
Reporters Without Borders has published its selection of bad cyber actors, ranging from companies to gangs, to government agencies, to intelligence services, to semi-official political units. Infosecurity Magazine notes the announcement was made in conjunction with yesterday's World Day Against Cyber-Censorship.
Notes.
Today's issue includes events affecting Brazil, China, Ghana, India, Ireland, Democratic Peoples Republic of Korea, Russia, Ukraine, United Kingdom, and United States.
Bring your own context.
Some thoughts on changing the opposition's calculus. You're not going to reform them.
"We can't change the motives and the drives and the attacker. We can't even change what their skill sets happen to be. But what we can do is we can reduce their opportunity. We can neutralize that tendency to go from esteem to theft to conquest. We can be a very inhospitable environment for them to try to tiptoe into because we have eyes everywhere and we can see all of that. Risk and threat work in cybersecurity is a game of probabilities. What we can focus on, what we can put our attention on is lowering the probability of exploit. And the best way to do that is by seeing all those places where it could happen and mitigate any of the risks and exposures before they actually are hit. And I would just say that that's one of the things to really focus on. We can do a lot of work trying to interpret and understand an APT. We can look into nation-states, and we can imagine worst-case scenarios, but in reality, what ends up getting hit is the exposure you didn't see coming that was just opportunistically available for an attacker at the right time."
—Josh Mayfield of RiskIQ, on the CyberWire Daily Podcast, 3.11.20.
So think of deterrence through denial.
Georgetown University Part-Time Master's in Cybersecurity Risk Management
Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Learn more.
On the Podcast
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at CrowdStrike, as Thomas Etheridge talks about the impact of ransomware. Our guest is Josiah Dykstra from NSA, discussing cloud vulnerabilities from the viewpoint of Fort Meade.
Sponsored Events
"I love security agents!" Said no one, ever. (Online, March 13, 2020) Register today for Orca Security's March 13 webinar, Two CISOs explain why if you're using scanners or agents to secure AWS, Azure, and GCP, then you're doing it wrong. It's time for a BIG CHANGE.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
Analysis | The Cybersecurity 202: The federal government may be about to engage in the biggest telework experiment yet. But hacking and other cyber dangers pose serious challenges (Washington Post) The federal government has never attempted to work remotely on anywhere near this scale before.
Facebook, Twitter suspend Russian-linked operation targeting African Americans on social media (Washington Post) Facebook and Twitter have disabled a Russian operation designed to stoke racial tensions among African Americans in the United States, the companies announced Thursday, raising fresh alarms that the Kremlin may seek to interfere in the 2020 presidential election and divide American voters.
How Russian meddling is back before 2020 vote (CNN) Russian trolls have outsourced their disinformation campaigns to Ghana and Nigeria, focusing on racial issues in the US ahead of the presidential election.
State-sponsored hackers are now using coronavirus lures to infect their targets (ZDNet) Chinese, North Korean, and Russian government cyberspies caught using COVID-19-themed emails to infect victims with malware.
Hackers are seizing on coronavirus fears to steal data, researchers and U.S. regulators warn (Washington Post) Among the most sophisticated efforts has been a campaign by a group of Chinese hackers, researchers found.
Capitalizing on Coronavirus Panic, Threat Actors Target Victims Worldwide (Recorded Future) Insikt Group investigates how threat actors are using the global disruptions caused by the COVID-19 outbreak to further their cyber threat activities.
Cybercriminals, nation-states increasingly tailoring coronavirus spearphishing campaigns (CyberScoop) Cybercriminals and nation-state actors continue to exploit fears about the novel coronavirus, sending emails that look to be from legitimate health authorities to try delivering malware to victims, according to researchers at several different cybersecurity companies.
The Emergence of Coronavirus and Olympics Scams (Zscaler) The Zscaler ThreatLabz team has been actively monitoring scams and threat campaigns around the coronavirus health emergency and the Summer Olympics.
Hackers Posing as CDC, WHO Using Coronavirus in Phishing Attacks (BloombergQuint) Hackers Posing as CDC, WHO Using Coronavirus in Phishing Attacks
CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware (DomainTools) The security research team at DomainTools recently observed an uptick in suspicious Coronavirus and COVID-19 domains, leading them to discover CovidLock, a malicious Andr
Princess Cruises, hobbled by coronavirus, admits data breach (TechCrunch) The data breach occurred almost a year ago, a statement said.
Data of millions of eBay and Amazon shoppers exposed (Naked Security) Eight million customer records belonging to companies including Amazon, eBay, Shopify, PayPal, and Stripe were collected.
Facebook cookie-stealing trojans surface on Android devices (TechRepublic) The trojans are designed to gain control of Facebook user accounts by capturing browser cookies in Android, says Kaspersky.
Rockwell Automation Allen-Bradley Stratix 5950 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.7
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Rockwell Automation
Equipment: Allen-Bradley Stratix 5950
Vulnerability: Improper Access Control
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to write a modified image to the component.
ABB eSOMS (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.6
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: ABB
Equipment: eSOMS
Vulnerabilities: Use of Web Browser Cache Containing Sensitive Information, Improper Restriction of Rendered UI Layers or Frames, Improper Neutralization of HTTP Headers for Scripting Syntax, Sensitive Cookie Without ‘HttpOnly’ Flag, Protection Mechanism Failure, Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute, Exposure of Sensitive Information to an Unauthorized Actor, External Control of Critical State Data, Weak Password Requirements, SQL Injection, Cross-site Scripting, Cleartext Storage of Sensitive Information, Inadequate Encryption Strength
ABB Asset Suite (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.1
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: ABB
Equipment: Asset Suite
Vulnerability: Authorization Bypass Through User-Controlled Key
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker access to unauthorized information in the application by direct resource access.
Flawed eBay reviews dupe customers into buying shoddy goods (The Telegraph) Ebay shoppers are being misled into buying substandard and counterfeit goods due to a flaw in the online marketplace’s review system, a new investigation has found.
As Coronavirus rumors swirl, an Illinois public health agency's website is sidelined by hackers (Mother Jones) The ransomware outage could take weeks to fix.
C-U Public Health District's website held hostage by ransomware attack (The News-Gazette) It will be working with local governments to help push out vital information about the coronavirus on alternate websites and is urging the public to stay up to date by
Card data from the Volusion web skimmer incident surfaces on the dark webt (ZDNet) In September-October 2019, hackers planted malware to steal card data from 6,589 online stores.
Confessions app Whisper spills almost a billion records (Naked Security) Researchers say the exposure includes exact locations of users’ last posts, nicknames, age, and gender.
List of world's worst 'digital predators' stretches from India and Brazil to US (the Guardian) Freedom of expression group names and shames alleged offenders on online censorship and orchestrated repression
Security Patches, Mitigations, and Software Updates
Avast pulls plug on insecure JavaScript engine in its security software suite (Register) Code interpreter ran with admin-level access, not sand-boxed, potentially open to remote-code execution
Microsoft delivers emergency patch to fix wormable Windows 10 flaw (Ars Technica) Attackers got a head start when critical SMBv3 flaw details leaked 2 days ago.
Microsoft patches SMBv3 wormable bug that leaked earlier this week (ZDNet) Emergency out-of-band fix for CVE-2020-0796 is now rolling out to Windows 10 and Windows Server 2019 systems worldwide.
Out-of-Band Windows Updates Patch Wormable SMB Vulnerability (SecurityWeek) Microsoft has released out-of-band updates for Windows to patch a wormable SMB vulnerability tracked as CVE-2020-0796, CoronaBlue and SMBGhost
Microsoft discontinues RDCMan app following security bug (ZDNet) Microsoft recommends using the Windows in-box remote desktop client (MSTSC) instead.
Firefox 74 offers privacy and security updates (Naked Security) A month after shipping version 73 of its Firefox browser, Mozilla has released version 74 with a range of privacy and security enhancements.
Cyber Trends
Venafi Survey Results: Are We In a Permanent State of Cyber War? (Venafi) 485 IT security professionals were polled at RSA to garner their opinions on the seriousness of our current state of cyber warfare. The results may surprise you. Learn more.
Q1 Fraud and Abuse Report (Arkose Labs) In order to better understand the threat posed to businesses by the growing ease of cybercrime and ready availability of pre-built fraud tools, Arkose Labs teamed up with several customers and analyzed over 1.3 billion sessions. Download this report to learn more about The most commonly used methods by fraudsters to target online commerce during …
The 2020 Open Source Vulnerabilities Report (WhiteSource) Read WhiteSource's 2020 State of Open Source Security Vulnerabilities Report to gain insights on open source security’s weakest and strongest points.
Mobile Theft & Loss Report 2020 (Prey) The first edition of the Mobile Theft & Loss Report, which represented 2018’s theft statistics collected by Prey, marked the beginning of our company’s journey towards understanding theft and its evolution in the mobile landscape.
Marketplace
DisruptOps raises $9M with serial entrepreneur, cyber security veterans taming the cloud (Startland News) A fresh funding infusion is expected to help DisruptOps strengthen its team and its ability to react to threats in the cloud, said Jody Brazil.
Dimension Data unifies operations, becomes more client focused (IT-Online) Dimension Data is to operate under a single name as aims to deliver the changing technology needs of its clients. “As the market around us continues to evolve, we are conscious of the need to remain relevant by delivering products and services that enable our clients to meet the increasing demand for personalisation and customisation. …
Tanium Named One of the 2020 Best Workplaces in Technology by FORTUNE and Great Place to Work® (Yahoo) Tanium ranked 4 in the "medium company" category on the 2020 Best Workplaces in Technology by FORTUNE Magazine and Great Place to Work®.
The Army roughs out its $1B cyber training contract (Fifth Domain) The draft solicitation for the massive DoD cyber training contract, which contains the Persistent Cyber Training Environment (PCTE), has been released to industry.
Coronavirus impacts Cloud/Cyber Expo but the show goes on despite some absences (SC Magazine) Some major sponsors pulled out of attending cloud Expo 2020 leaving unmanned stands at the show, including Sophos, IBM, Tripwire, Neustar, Appgate, ISC(2), Crest & others - but the show went on.
Why Palo Alto Networks Shares Fell 21% Last Month (The Motley Fool) The network security expert's second-quarter revenue came in far below expectations, and the near future looks grim.
Bitcoin falls 40pc in one day as coronavirus strips it of its 'safe haven' tag (The Telegraph) The price of Bitcoin has plunged to its lowest level in 11 months, endangering hopes that it can serve as a safe haven asset during the worsening coronavirus pandemic.
Cybersecurity firm Rapid7 to create 200 jobs in Belfast (Silicon Republic) US-headquartered cybersecurity firm Rapid7 has announced plans to open a new office in Belfast and hire 200 additional staff.
World-leading cyber security company Rapid7 to base at Chichester House (The Irish News) BELFAST'S high-tech Chichester House is to provide office space to US-based cyber security firm Rapid7, which is set to double its staff numbers to almost 400 in the next two years.
Johns Joins Parsons' Cyber Leadership (Yahoo) Parsons Corporation (NYSE: PSN) today announced that it has hired John Johns as vice president account executive of the company's federal intelligence operating unit under the company's cyber and intelligence market.
Products, Services, and Solutions
Verizon’s networks stand ready for increases in data traffic (Yahoo) With recent increases in telecommuting and online learning, Verizon’s networks stand ready to serve customers at work, at home and remotely – including first responders and those protecting the public -- when critical connectivity is needed most. Since the emergence of the coronavirus (COVID-19), the
German Development Agency Chooses BlackBerry for Emergency Management Solution (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) announced today that the German Development Agency, Deutsche Gesellschaft für Internationale...
Castle Unveils Four Account Takeover Tactics Cyberattackers are Using to Successfully Exploit Users (Castle) Castle, the consumer identity protection company, today announced Identity-Aware Bot Detection, an industry-first product for protecting organizations against advanced bot attacks while maintaining the optimal customer experience.
VPN Company gives away free service to fight misinformation (Atlas VPN) Countries with internet restrictions leave citizens uninformed or misinformed about the virus. Atlas VPN stands for the free flow of information.
Odo Security Offers Free Remote Access Solution for Employees Working from Home During the Coronavirus Outbreak (AP NEWS) Odo Security, a leader in zero trust network access (ZTNA) and management, today announced it is offering free subscriptions to its market-leading secure remote access solution, OdoAccess, to companies for use by their employees based in countries impacted by the Coronavirus health crisis.
UAE firm picked to provide secure mobile network at Expo 2020 Dubai (ArabianBusiness.com) Esharah Etisalat Security Solutions is also the security network provider for the Government of Dubai
Technologies, Techniques, and Standards
‘Security Hygiene’ During Coronavirus Threat (Avast) Corporate remote-work rules can – and should – be stringent.
New to working from home? Here are 8 rules you should follow. (NBC News) We asked some of the country’s top digital security experts what precautions they suggest first-time telecommuters should follow.
Group Established To Share Cyber Threat Information With Campaigns (PR Newswire) U.S. CyberDome, a 501(c)(4) organization, now shares cyber threat information with political campaigns. "U.S. CyberDome is a non-partisan,...
FIRST releases updated Computer Security Incident Response Team (CSIRT) Services Framework – Version 2.1 (FIRST — Forum of Incident Response and Security Teams) The Forum of Incident Response and Security Teams (FIRST) has released an updated version of its Computer Security Incident Response Team (CSIRT) Services Framework
Companies Walk Fine Line on Employee Data Amid Coronavirus Outbreak (Wall Street Journal) As the coronavirus outbreak has turned into a pandemic, privacy lawyers say companies must be careful not to demand excessive personal information from workers, saying that could violate data-protection and employment laws in Europe and the U.S.
Back to the Future: A Threat Intelligence Journey (Dark Reading) Threat intelligence needs the problem solvers, the curious ones, the mission seekers, the analytical minds, the defenders, and the fierce -- whatever their gender.
Why a Telephone Might Be the Best Tool to Stem Third Party Cyber Risk (Accellion) Businesses that build strong relationships with their partners make fewer assumptions about cybersecurity preparedness. So, frequent communication is key.
GDPR - Keeping personal data safe and secure (ResponseSource) Protecting personal data is at the heart of the General Data Protection Regulation (GDPR) but there remains confusion between gaining permissions to hold and process this data, and protecting it from ...
Design and Innovation
Pentagon seeking 5G prototypes for smart warehouses (C4ISRNET) The Department of Defense plans to use Marine Corps Logistics Base Albany, Georgia, to test the viability of 5G-enabled smart warehouses, which could transform military logistics.
Academia
U.S. Air Force Sponsors Spy Movie-Style Physical Hacking Challenge (AP NEWS) The Air Force Research Laboratory is sponsoring an elite hacking challenge for N York City-area colleges and universities that will test students’ ability to hack into physical security systems.
Legislation, Policy and Regulation
Cyber Attack? Then We Fight Back: Sen. King (Breaking Defense) Amidst the usual calls for government reform and corporate responsibility, the Cyberspace Solarium Commission makes a surprisingly hard-headed case for old-school deterrence.
America needs to get its act together, warns cyber commission (Fortune) A bipartisan commission drafted 75 recommendations for U.S. cybersecurity policy, but it passed the buck on encryption.
Senators press EU to sanction Putin associate for election meddling (TheHill) A group of Democrats led by Senate Minority Leader Charles Schumer (D-N.Y.) on Thursday urged the European Union (EU) to sanction a top close associate of Russian President Vladimir Putin for meddling in U.S. elections.
Prime Minister calls for 'digital Dunkirk' in fight against coronavirus (Computing) Boris Johnson called on 30 UK tech firms to volunteer their resources to help UK response to COVID-19
Exclusive: France to allow some Huawei gear in its 5G network - sources (Reuters) France will authorize the use of some of Huawei's equipment in the rollout ...
Senate Fails to Approve Renewal of Domestic-Surveillance Powers (Wall Street Journal) The Senate’s failure to approve the legislation came amid doubts from President Trump that lawmakers had done enough to overhaul a surveillance system he has condemned
President Trump signs bill to help rural carriers replace Huawei gear (Engadget) This comes despite a lack of public evidence of spying.
FCC orders telecoms to inventory Chinese equipment (Alaska Journal) Nearly a year after the federal government labeled Chinese telecommunications companies Huawei and ZTE as potential national security threats, the Federal Communications Commission is looking for more complete information about which American companies are using their equipment.
Election commission hires cybersecurity expert to help states with 2020 infrastructure (CyberScoop) The federal agency that oversees funding for states to secure their election equipment is hiring a cybersecurity expert versed in voting technology as it prepares for the 2020 election. Joshua Franklin will start in the coming weeks in a top cybersecurity position at the Election Assistance Commission, according to multiple people familiar with the matter.
Iowa Senate acts on courthouse jurisdiction (The Gazette) Iowa senators voted overwhelmingly Wednesday to clearly put counties in charge of their courthouses after chastising Judicial Branch officials for conducting ill-conceived 'penetration tests' via a cybersecurity contractor in Dallas and Polk counties last year that resulted in arrests.
Litigation, Investigation, and Enforcement
Bhima Koregaon case: Malware on Rona Wilson's hard disk allowed remote access (Caravan Magazine) Among several other anomalies, Rona Wilson's hard disk contained a malware that allows remote access, which can be used to plant files on a system.
Homeland Security sued over secretive use of face recognition (Naked Security) As of June 2019, CBP had processed more than 20 million travelers using facial recognition, civil rights group ACLU says.
Israeli Court Orders Facebook to Unblock Account of NSO Group Employee (NDTV Gadgets 360) A lawsuit was filed by NSO employees in November against Facebook in Israel.
US judge frees Chelsea Manning from jail (BBC News) A judge rules that it is no longer necessary for her to testify in the inquiry into Wikileaks.
Industry Events
newly Noted Events
Black Hat USA 2020. (Las Vegas, Nevada, USA, August 1 - 6, 2020) Now in its 23rd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2020 opens with four days of technical Trainings (August 1-4) followed by the two-day main conference (August 5-6) featuring Briefings, Arsenal, Business Hall, and more.
upcoming Events
InfoSec Connect 2020 (San Diego, California, USA, March 15 - 17, 2020) InfoSec Connect is a high profile, interactive meeting of senior-level cybersecurity leaders from top credit unions, US banks, insurances, and financial services companies. It’s a forum built to share detailed discussions, source solutions/services from leading providers, and gain valuable insights on improving strategy. It covers discovering cutting-edge security approaches and managing risk in the ever-changing threat of the cybersecurity workforce.
SecureWorld Philadelphia (King of Prussia, Pennsylvania, USA, March 18 - 19, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.
National Cyber League (NCL) Spring Season (Various locations, March 19 - May 15, 2020) The National Cyber League (NCL) is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Individual Game and Team Game. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season closes March 20, 2020.
Inaugural Tampa Cyber Security Summit (Tampa, Florida, USA, March 20, 2020) C-Suite & Senior Level Executives: Register with Promo Code CYBERWIRE95 to receive $95 Admission (Standard Price is $350). Learn from renowned experts from the U.S. Dept. of Homeland Security, the U.S. Dept. of Justice, Darktrace, ExtraHop and more about the latest threats facing your company.
2020 Cipher Brief Threat Conference (Sea Island, Georgia, USA, March 22 - 24, 2020) The Cipher Brief Threat Conference brings together the expertise of one of the most trusted and relevant news sources for national security professionals around the globe. Attendees will engage with some of the top names in intelligence and global security involved in matters of cyber, defense and security. Combined with an invitation-only audience, The Cipher Brief Threat Conference provides a unique experience that no other event in the defense and national security space can match. For us, it's not just about who's on the stage, it's about who's in the room.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.