Cyber Attacks, Threats, and Vulnerabilities
Suspected Chinese meddling focus in Taiwan presidential vote (Washington Post) Taiwan’s ruling party is crying foul over alleged Chinese attempts to sway the self-governing island’s presidential election on Saturday
Iranian Hackers Have Been ‘Password-Spraying’ the US Grid (Wired) A state-sponsored group called Magnallium has been probing American electric utilities for the past year.
Iranian hackers hit Bahrain oil company, target US power utilities (SiliconANGLE) Iranian hackers hit Bahrain oil company, target US power utilities
Teen hackers are defacing unsuspecting US websites with pro-Iran messages (The Verge) "I don’t really know how to respond to that," one victim said after learning his website had been defaced.
Iran airstrike hasn’t elevated network activity in D.C., officials say (StateScoop) District officials have been vigilant since the death of general Qassem Soleimani, but told reporters network surveillance traffic from Iran has stayed consistent.
Congressman Cleaver Concerned Iran Could Launch Cyberattacks On U.S. Financial Institutions (KCUR) U.S. Rep. Emanuel Cleaver, D-Kansas City, is calling on financial regulators to strengthen protections against a possible cyberattack from Iran. In a
ICS Security in the Spotlight Due to Tensions with Iran (IoT World Today) Iran-affiliated hackers pose a threat to industrial control systems (ICS) security as well as ordinary businesses.
In the Midst of Tensions With the US, What Is the Risk of Iranian Cyber Attacks? (CPO Magazine) There is still an elevated threat of serious Iranian cyber attacks on US targets even as the potential for an all-out war seems to have simmered down for the moment as Iran is known to act through asymmetric warfare.
Threat of Iran cyberattack remains high even as Trump backs away from potential war (The Hour) Government and industry officials are still on high alert for bruising cyberattacks from Iran even though President Donald Trump and Iranian leaders stepped back from the brink of a broader military conflict.
Is an Iran cyber attack imminent — and who is at risk? Here’s how to prepare yourself (Miami Herald) Experts and government officials have warned of possible cyber attacks as tensions escalate between the U.S. and Iran.
Expert: Iran cyber attack more likely for military, AU (The Augusta Chronicle) Iran could launch a cyber attack in retaliation for the killing of a top general but it would likely be at military targets or affiliates like Augusta
Iran Is Expanding Its Online Disinformation Operations (Defense One) Tehran isn’t as practiced as Moscow at purveying propaganda online, but they’re no slouches.
‘Chaos Is the Point’: Russian Hackers and Trolls Grow Stealthier in 2020 (New York Times) While U.S. cyberdefenses have improved since 2016, many of the vulnerabilities exploited four years ago remain. And attacks are getting more sophisticated.
()
TrickBot Gang Created a Custom Post-Exploitation Framework (BleepingComputer) Instead of relying on premade and well-known toolkits, the threat actors behind the TrickBot trojan decided to develop a private post-exploitation toolkit called PowerTrick to spread malware laterally throughout a network.
TrickBot Group Adds New PowerShell-Based Backdoor to Arsenal (Dark Reading) PowerTrick is sort of a custom-version of PowerShell Empire and can be used to download additional malware, SentinelOne says.
Trickbot gang uses fileless backdoor on high-value targets (SC Magazine) A Russian cyber-crime gang has developed a new hacking tool called PowerTrick in a bid to move around target networks undetected
U.S. Funds Program With Free Android Phones For The Poor — But With Permanent Chinese Malware (Forbes) Android phones for low-income households are preinstalled with tools that download apps without permission and throw up annoying ads. Is privacy only for the rich?
Unremovable malware found preinstalled on low-end smartphone sold in the US (ZDNet) Malwarebytes said it found malware pre-installed on Unimax U673c handsets, sold by Assurance Wireless (Virgin Mobile) in the US.
Google scolded for depriving the poor of privacy after Chinese malware bundled on phones for hard-up Americans (Register) To make matters worse, uninstalling it could cause even more pain
United States government-funded phones come pre-installed with unremovable malware (Malwarebytes Labs) A US-funded government assistance program is selling budget-friendly mobile phones that come pre-installed with unremovable malicious apps.
Google Removed Over 1.7K Joker Malware Infected Apps from Play Store (BleepingComputer) Roughly 1,700 applications infected with the Joker Android malware (also known as Bread) have been detected and removed by Google's Play Protect from the Play Store since the company started tracking it in early 2017.
Google details its three-year fight against the Bread (Joker) malware operation (ZDNet) Google says it removed more than 1,700 Android apps infected with Bread (Joker) malware since 2017.
Drake's "In My Feelings" Lyrics Were Found in Malware Attack (TechDator) Latest finding by AppRiver discloses an attacker referencing Drake's song lyrics in his malicious code while stealing data.
Hacker Uses Drake's "Kiki Do You Love Me" In Malware Attack (Fossbytes) The hacker in question going by the alias name "Master X" uses drops either Lokibot malware or Azorult malware depending upon the user he's targeting. Lokibot is an information stealer, whereas, Azorult is a remote access trojan (RAT) that infects computers.
Cyber Attacks Against State and Local Governments Surge (CyberArk) Over the past year, state and local governments have been hit with an unprecedented number of cyber attacks. 2020 looks to continue, or escalate, the trend.
Travelex 'negotiating' with Sodinokibi ransomware group threatening to release or sell personal data (Computing) Travelex reportedly negotiating $6m ransom as group threaten to release personal data Travelex claims hasn't been compromised
()
Amazon Takes a Swipe at PayPal's $4 Billion Acquisition (Wired) The retail giant warned holiday shoppers that Honey, a popular browser extension, was a “security risk.” Honey denies the claim.
This Secretive Surveillance Company Is Selling Cops Cameras Hidden in Gravestones (Vice) Special Services Group also offers cameras hidden in child carseats and vacuum cleaners.
Central Bank issues fraud warning about fake news report (Times of Malta) A phishing attempt has been identified from a website promoting Bitcoin, the Central Bank said.
It said in a statement the completely fake report purported to be from an actual news website, Net News, and featured a quote from Central Bank of Malta governor Mario Vella, as well as from former TVM...
New Office 365 Phishing Attack Targets OAuth Apps Instead of Credentials (KnowBe4) Trying to steal your username and password is so “yesterday.”
Skype audio graded by workers in China with 'no security measures' (the Guardian) Exclusive: former Microsoft contractor says he was emailed login after minimal vetting
Microsoft contractors in China listened to Skype recordings with woefully bad levels of cybersecurity, report reveals (Business Insider) A Microsoft contractor told the Guardian he had incredibly insecure access to sensitive recordings while working from his personal laptop in Beijing.
City of Las Vegas said it successfully avoided devastating cyber-attack (ZDNet) Security breach took place on January 7, but the city said it detected the intrusion in time to prevent any damage.
Las Vegas systems appear undamaged following cyberattack (Smart Cities Dive) The breach occurred Tuesday as CES kicked off in the city, but local leaders said the following day that normal operations had resumed.
Las Vegas Suffers Cyberattack on First Day of CES (Dark Reading) The attack, still under investigation, hit early in the morning of Jan. 7.
Nobel laureate Paul Krugman said he likely fell for a phishing scam. Here's how phishing scams work and how to avoid them. (Business Insider) Krugman tweeted that he received a phone call indicating that hackers downloaded child pornography on his WiFi network.
Retired Jacksonville officer warns of social security scam targeting the First Coast (WTLV) Charles Griffin runs a private investigation agency, but before that, he was a detective with the Jacksonville Sheriff's Office chasing scammers.
Tax season brings wave of dangerous tax scams (Fox Wilmington WSFX-TV) As tax season approaches, scams are back in full force.Tax scams can be some of the most devastating for consumers, Alex Guirakhoo, strategy and research analyst at cybersecurity services company Digital Shadows, told Fox News. This is due in large part to the amount of critical personal data th ...
Venafi: The Three Major Cyber Attacks of 2020 (BusinessWire) Security professionals should expect to see more attacks targeting machine identities in the year ahead
Security Patches, Mitigations, and Software Updates
Browser zero day: Update your Firefox right now! (Naked Security) Firefox has issues an emergency 72.0.1 patch to fix a zero day vulnerability.
U.S. Government Confirms Critical Security Warning For Firefox Users (Forbes) The United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has issued a notification that "encourages" users and administrators to update the Mozilla Firefox web browser.
Ding-dong: Cisco delivers your Patch Tuesday warm-up with WebEx, IOS fixes for a few irritating security holes (Register) The main event is next week
AWS urges customer businesses to renew security certificate (SC Magazine) Amazon Web Service urges businesses to download and install new SSL/TLS certificates; five-year cycle too long, say security expert.
()
Cyber Trends
Analysis: 'Orwellian' Surveillance in 2020 (BankInfo Security) The latest edition of the ISMG Security Report discusses "Orwellian" surveillance activity in 2020 via the ToTok app. Also featured: the controversy over
Companies: Lean into consumer privacy to win (Help Net Security) The advent of the CCPA and other similar regulations marks a sea change in how companies need to manage data and consumer privacy.
Marketplace
Cybersecurity acquisitions run rampant this week: Who has bought what? (ZDNet) As a new year unfolds, so do portfolio changes and acquisition deals in the cybersecurity sector.
Iran Tensions Boost Cybersecurity Shares (Wall Street Journal) Shares of cybersecurity companies have outperformed the broader market in the week since fresh tensions erupted between the U.S. and Iran.
AWS security faces challenges after a decade of dominance (SearchAWS) AWS security has long been a powerful component of Amazon's cloud dominance, but the cloud provider has been forced to deal with lingering security issues and increasing pressure from Microsoft Azure.
Facebook Is Forcing Its Moderators to Log Every Second of Their Days — Even in the Bathroom (Vice) “People have to clock in and clock out even when going to the toilet and explain the reason why they were delayed, which is embarrassing and humiliating.”
Private equity firm Insight Partners to acquire Veeam for $5 billion (Computing) Veeam deal is expected to be closed in March 2020 and will take the company's HQ from Switzerland to the US
Veeam to 'become US company' following $5bn acquisition (CRN) Vendor snapped up by private equity
DivvyCloud Achieves Record 2019 Results and Bolsters Leadership Team With Two New Hires (BusinessWire) DivvyCloud Appoints Vice President of People & Culture and Vice President of North American Sales
Products, Services, and Solutions
New infosec products of the week: January 10, 2020 (Help Net Security) New infosec products of the week feature: Cloudflare, Avira, TP-LINK, Arlo Technologies, Ambarella, ON Semiconductor, Fingerprint Cards.
Hushmesh to Reveal Password-Free Solution to Identity Fraud, Data Breaches at CES 2020 (BusinessWire) Hushmesh Inc., a Public Benefit Corporation committed to enabling digital trust and privacy for everyone, has a new approach to identity fraud and dat
Three years of free software will help county combat cyberattacks (Daily Reporter) Hancock County will enter into an agreement with the Indiana secretary of state’s office allowing the county to receive free access to software intended to prevent breaches of elections and other government data for three years. California-based firm FireEye Security will provide protection to the county’s informational systems. The agreement was approved by
Arxan Nails It with Direct Mail (CRM Magazine) PFL's tactile marketing program delivers hard-to-reach customers
Technologies, Techniques, and Standards
Cybersecurity in aviation: a regulator's perspective (GOV.UK) To counter threats of cyber-attack on military systems, the MAA is equipping the Regulated Community with cybersecurity regulation to protect critical systems.
Analysis | The Cybersecurity 202: Voting vendors, security pros still far apart on protecting 2020 election (Washington Post) One company defended the paperless voting machines that DHS says are vulnerable to hacking.
Design and Innovation
Reddit bans impersonation on its platform (The Verge) The new policies could help Reddit shut down misinformation campaigns.
Facebook won’t limit political ad targeting or stop false claims under new ad rules (Washington Post) Facebook has defied public calls to adopt significant limits on political advertising ahead of the 2020 presidential election, opting instead to introduce changes that allow users to control more of the ads they see.
Microsoft rolls out tool to scan chat apps for sexual predators seeking to exploit children (GeekWire) Microsoft released a new tool Thursday that scans online chats for people seeking to sexually exploit children. It’s part of a broader push by the technology industry to crack down on the dangers…
Apple’s scanning iCloud photos for child abuse images (Naked Security) It isn’t new, all the tech giants do it, and your privacy’s intact – unless you’re dealing in illegal imagery with telltale hashing.
Connected cars: How to improve their connection to cybersecurity (WeLiveSecurity) With software becoming more important than ever, how can engaging the security industry help make the road ahead less winding?
Research and Development
NCCoE to Address Cybersecurity Challenges of Distributed Energy Resources (NCCoE) Anterix, BlackRidge Technology, Cisco, Radiflow, Spherical Analytics, Sumo Logic, TDi Technologies, and Xage Security have joined the National Cybersecurity Center of Excellence (NCCoE) as technology collaborators in the Securing the Industrial Internet of Things (IIoT)
USAF Scientific Advisers Lay Out 2020 Study Plans (Air Force Magazine) The Air Force’s science advisers in 2020 will launch studies on future communications, innovation in space, and the unintended consequences of autonomy.
Academia
Goshen High School students work toward career in cyber security (WKRC) A local high school is giving its students the tools for a future in cyber security. Cracking a code is a problem some Goshen High School students like Samuel Lowry face every day.
Legislation, Policy, and Regulation
‘We did not intend to kill,’ Iranian commander says of missile strike on U.S. targets (Washington Post) Rocket attacks in Baghdad on Wednesday suggested that the risk of escalation remained.
Iran sends mixed signals as tensions with US ease (Military Times) Iran sent mixed signals Thursday as tensions with the U.S. appeared to ease, with President Hassan Rouhani warning of a “very dangerous response” if the U.S. makes “another mistake” and a senior commander vowing “harsher revenge” for the killing of a top Iranian general.
Iran’s Revenge Plans Are Bigger Than Missile Strikes (Foreign Policy) Iran will use the networks Suleimani built to avenge his death.
()
‘We Will Have to Wait and See if Iran Is Done’ (Foreign Policy) Former Centcom commander says the United States would be mistaken to take Iran’s word that it does not seek escalation.
Explainer: How countries in conflict, like Iran and the US, talk to each other (Navy Times) International diplomacy found an ingenious solution to the problem of communication between nations that broke ties.
Israel and US will handle the Iranian challenge in their own ways (The Jerusalem Post) Iran has crossed the threshold on low-enriched uranium, shortening significantly the time to produce enough fissile material for a nuclear device.
How tensions with Iran could test a new cyber strategy (Fifth Domain) With the potential for Iran to hit back at the United States in cyberspace, DoD's new approach of
Why US Officials Are Revealing More about Cyber Ops (Defense One) It’s part of a “costly signaling” gambit. Will it deter America’s enemies?
U.S. Army Plans to Expand Asian Cyber Efforts to Counter China (Bloomberg) Unit would likely be based east of Taiwan, Philippines. Army Secretary McCarthy to detail effort Friday in Washington.
On the Integration of Psychological Operations with Cyber Operations (Lawfare) When U.S. Cyber Command gets involved with psychological operations, what is the role of military psy-ops troops?
Cyber commission inspired by ’50s nuclear deterrence, but looks to go further (Federal News Network) If retaliation for cyber attacks are swift, decisive, consistent and public adversaries will be less likely to instigate attacks.
()
Reevaluating Our Counter-Terrorism Information Sharing Methods (Just Security) Senator Hassan writes for Just Security about bipartisan legislation that she introduced with Republican Senator Johnson of Wisconsin, Chairman of the Homeland Security and Governmental Affairs Committee.
The need for competitive innovation in national security (C4ISRNET) A vast vendor ecosystem able to deliver a variety of foundational, innovative commercial technologies to the war fighter is clearly essential to DoD’s mission. Here's what can help ...
Bryan Ware Named CISA Assistant Director for Cybersecurity (MeriTalk) President Trump appointed Bryan Ware as new assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA) on Jan. 8.
'Lost its focus': DHS neglected cyber mission while focusing on immigration, analysts say (Washington Examiner) Private sector and former Homeland Security aides say the Trump administration’s intense focus on immigration and border security has come at a cost to national cybersecurity as officials worry about a massive attack from Iran.
APRA teams up with spy agencies (Australian Financial Review) The prudential regulator is developing deeper relationships with local and international intelligence authorities to help deal with "active adversaries".
California's IoT cybersecurity bill: What it gets right and wrong (Help Net Security) California state lawmakers should be lauded for SB 327, their well-intentioned legislative attempt at tackling one of the most pressing issues in the tech
Election security officials brace for possible Iran cyber retaliation (WIMS AM 1420) With tensions between Washington and Tehran on the rise, election security officials are warning of possible retaliation from Iran in the form of election meddling — a familiar threat in the wake of Russia’s efforts in the 2016 presidential election.
Litigation, Investigation, and Law Enforcement
The extradition trial of Huawei's CFO starts this month — here's what to watch (CNBC) The highly-anticipated trial of Huawei's Meng Wanzhou kicks off on January 20. Canada's relationship with China — and with the United States — could hang in the balance.
UK Police Investigate Travelex Cyberattack (PYMNTS.com) Sodinokibi, a cyber gang allegedly responsible for a cyberattack on Travelex, the "world's largest retail currency dealer," is demanding ransom of $6 million.
Travelex customers left in cashless limbo, ICO not formally alerted to data theft claims (ZDNet) The ransomware attack has infuriated stranded customers and the ICO has still not seen an official data breach report.
Exclusive: Informants in Iraq, Syria helped U.S. kill Iran's Soleimani - sources (Reuters) Iranian General Qassem Soleimani arrived at the Damascus airport in a vehicle wi...
Boeing and US safety board invited to join probe of Ukraine-bound plane crash, Iran officials say (CNBC) Iran has formally invited the U.S. National Transportation Safety Board to take part in its investigation into the crash of a Ukrainian jetliner and the U.S. agency has agreed to assign an investigator, an Iranian official said on Thursday.
U.S. Intel: Iran Shot Down Plane, Then Realized Mistake (The Daily Beast) The Ukrainian airliner that crashed in Iran the night of the missile attacks on bases in Iraq appears to have been shot by the Iranians with a Russian-made anti-aircraft system.
Iran denies downing plane, says West should share evidence (AP NEWS) Iran on Friday denied Western allegations that one of its own missiles downed a Ukrainian jetliner that crashed outside Tehran, and called on the U.S. and Canada to share any...
Currys-PC World fined £500,000 over cyber attack that compromised 14 million people's personal information (Computing) Currys owner DSG Retail fined the maximum under the old data protection regime - would've been much more under GDPR, warns ICO
Dixons Carphone fined for systemic failures that led to cyber attack: ICO (Reuters) A British watchdog has fined DSG, a unit of retailer Dixons Carphone, half a mil...
Dixons Carphone hit with £500,000 fine after data breach affecting 14 million people (ZDNet) Investigation found malware installed on over 5,000 PoS terminals.
Router Cryptojacking Campaigns Disrupted (BankInfo Security) Nearly 16,000 malware-infected MicroTik routers in Southeast Asia have been scrubbed of Coinhive cryptojacking code, which mines for monero, thanks to an
Man jailed for using data breach info leaks to claim over $12 million in IRS tax refunds (ZDNet) Information leaked due to data breaches was used to file fraudulent tax returns.
Major at Cyber Command indicted in child pornography case (The Augusta Chronicle) An Army Cyber Command major arrested after allegedly posting nude photographs of a teen was indicted Wednesday.Jason M. Musgrove, 39, faces federal
()