The CyberWire Daily Briefing, 4.29.20

Dateline

Conspiracies falsely accuse an Army reservist of being ‘patient zero’ of coronavirus pandemic (Army Times) “The Army is providing support to help Sgt. 1st Class Benassi with the public attention,

GovExec Daily: How Officials Can Fight Disinformation About COVID-19 (Government Executive) Emma Coleman joins the podcast to discuss the ways governments can refute conspiracy theories that come up during crises like the pandemic.

[Letter from US Senators Margaret Wood Hassan and James Lankford] (United States Senate) Dear Acting Secretary Wolf, Acting Director Grennell, and Director Wray: We write to express concern over continued terrorist threats and to request information about the United States government’s counterterrorism capabilities amid our nation’s struggle with the COVID-19 pandemic.

Special Report: Cyber-intel firms pitch governments on spy tools to trace coronavirus (Reuters) When law enforcement agencies want to gather evidence locked inside an iPhone, they often turn to hacking software from the Israeli firm Cellebrite. By manually plugging the software into a suspect’s phone, police can break in and determine where the person has gone and whom he or she has met.

Analysis | The Cybersecurity 202: Companies join governments in rush to launch coronavirus tracking apps (Washington Post) The scramble is outpacing privacy and security efforts.

Most Americans are not willing or able to use an app tracking coronavirus infections. That’s a problem for Big Tech’s plan to slow the pandemic. (Washington Post) Nearly 3 in 5 Americans say they are either unable or unwilling to use the infection-alert apps under development by Google and Apple, suggesting a steep climb to win enough adoption of the technology to make it effective against the coronavirus pandemic, a Washington Post-University of Maryland poll finds.

Analysis | The Cybersecurity 202: Americans are wary of the coronavirus tracking apps being produced by big tech (Washington Post) Less than half of Americans willing to download software from Apple and Google.

445 million attacks detected since the beginning of 2020, COVID-19 wreaks havoc (Help Net Security) In the first quarter of 2020, the Arkose Labs network recorded the highest attack rate ever seen. 26.5% of all transactions were fraud and abuse attempts.

The Covid-19 Pandemic Reveals Ransomware's Long Game (Wired) Hackers laid the groundwork months ago for attacks. Now they're flipping the switch.

(ISC)² Survey Finds Cybersecurity Professionals Being Repurposed During COVID-19 Pandemic ((ISC)²) 47% of respondents have been temporarily taken off security duties to assist with IT-related tasks as organizations move to remote work

Pandemic forces fundraising founders to accept ‘discounts across the board’ (TechCrunch) Startup founders who are fundraising in this climate should expect venture investors to take a huge chunk out of their valuation expectations. “What we’re seeing across the board is discounts,” says Mike Janke, co-founder of early-stage cybersecurity investment firm Datatribe. Inv…

iThreat Working to Combat COVID-19 Fraudulent Domains (WFMZ) Threat announced today that it is working with a coalition of Internet infrastructure providers, law enforcement organizations and other anti-abuse organizations to

Zoom selects Oracle Cloud to support its growth (Computing) Recent growth has put immense pressure on Zoom to increase its service capacity

In response to Zoom, Google opens video call tool for up to 100 people (Explica) Since the coronavirus quarantine spread to several countries, the video call segment has heated up. This Wednesday, 29, Google also enters strongly in the dispute....

Zoom or Not? NSA Offers Agencies Guidance for Choosing Videoconference Tools. (Nextgov) The agency weighs in on the questions federal employees and contractors should ask as they select collaboration platforms.

Thousands of parents push Twitter to take steps to prevent 'Zoombombings' (TheHill) Thousands of parents across the country are calling for Twitter to take additional steps to combat online trolls, citing concerns that individuals are using the platform to organize major disruptions of online

Working from Home? Select and Use Collaboration Services More Securely (National Security Agency Central Security Service) Article about NSA's release of cybersecurity guidance about selecting and safely using collaboration services for telework. NSA released a full and a short version of the guidance. By following the

Ransomware Shuts Down Colorado Hospital IT Network Amid COVID-19 (HealthITSecurity) This week's breach roundup is led by a ransomware attack on Colorado-based Parkview Medical Center; the hospital is operating under EHR downtime, while they try to restore the network amid COVID-19.

CenturyLink Extends Keep Americans Connected Pledge (CenturyLink) FCC Chairman Ajit Pai launched the Keep Americans Connected Pledge March 13. CenturyLink was among the original list of companies that took the pledge and today, the company committed to extending it through June 30.

Yellowbrick Partners with ScaleMatrix to Expand Free Solution for COVID-19 Vaccine Research (Yellowbrick Data) Yellowbrick has partnered with ScaleMatrix to offer even more free access to powerful data solutions to researchers and companies actively working on a vaccine for the novel coronavirus, COVID-19.

Zaha Hadid Architects suffers cyber attack during coronavirus lockdown (De Zeen) Zaha Hadid Architects has warned architecture practices to be vigilant after hackers held its server to ransom while the company works remotely during the coronavirus pandemic.

Cyber Attacks, Threats, and Vulnerabilities

Chinese Influence Operations Evolve in Campaigns Targeting Taiwanese Elections, Hong Kong Protests (Recorded Future) Insikt Group provides updates on Chinese state-sponsored influence operations targeting the 2020 Taiwanese presidential elections and Hong Kong protests.

How Spies Snuck Malware Into the Google Play Store—Again and Again (Wired) Malicious Android apps from the so-called PhantomLance campaign targeted hundreds of users, and at least two slipped past Google's defenses.

Sophisticated Android Spyware Attack is Spreading via Google Play (Threatpost) The PhantomLance espionage campaign is targeting specific victims, mainly in Southeast Asia — and could be the work of the OceanLotus APT.

Hiding in plain sight: PhantomLance walks into a market (SecureList) In July 2019, a sophisticated backdoor trojan in Google Play was reported. We conducted an inquiry of our own, discovering a long-term campaign, which we dubbed “PhantomLance”.

Kaspersky researchers catch Vietnamese hackers using Play Store to distribute apps (CyberScoop) Vietnamese hackers have been abusing the Google Play Store to spread malware for at least the last four years, Kaspersky researchers found.

PhantomLance malware breaches Google Play Store security (TechRadar) Malware campaign had been live for years

NSO Employee Abused Phone Hacking Tech to Target a Love Interest (Vice) The previously unreported news is a serious abuse of NSO's products, which are typically used by governments and authoritarian regimes.

Malware analysis: nspps, a Go RAT/Backdoor (IronNet Cybersecurity) At IronNet Threat Research, we’re always looking for novel or “interesting” malware, to inform analysis that enhances our products’ detection capabilities. Recent compromises of specific Citrix products via the CVE-2019-197811234 vulnerability have been brought to light recently by the public exposure of several of the associated malicious software components involved in those events. A trusted …

The latest in FBI impersonation: An extortion scheme involving mobile ransomware (CyberScoop) Ransomware on mobile phones may not be the most profitable avenue for criminals, but that hasn't stopped some from trying to make a buck.

Revealed: The Supermarkets That Will Sell You Malware For $50 (Forbes) So, you want to be a cybercriminal? Sadly, buying the right tools for the job has never been easier or cheaper.

Report: buying your own malware has never been easier (CyberNews) Cybersecurity analysts at CyberNews warn that the ease of owning malware is a significant reason behind huge increases in cyberattacks.

Nine million logs of Brits' road journeys spill onto the internet from password-less number-plate camera dashboard (Register) Democratising mass surveillance, one snafu at a time

Would You Have Fallen for This Phone Scam? (KrebsOnSecurity) You may have heard that today’s phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable.

iPhone “word of death” could crash your phone – what you need to know (Naked Security) Yes, a rogue “word” could freeze up your iPhone – but it’s not malware, it doesn’t steal data and doesn’t do permanent damage.

LCDS LAquis SCADA (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low skill level to exploit Vendor: LCDS—Leão Consultoria e Desenvolvimento de Sistemas LTDA ME Equipment: LAquis SCADA Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow unauthorized attackers to view sensitive information and create files in arbitrary locations.

Security Patches, Mitigations, and Software Updates

GitLab awards researcher $20,000, patches remote code execution bug (ZDNet) Engineers jumped on the issue which earned the researcher $1,000 at the point of triage.

Adobe patches critical code, corruption bugs across Bridge, Illustrator, Magento (ZDNet) The company has squashed a range of critical flaws leading to arbitrary code execution.

Microsoft Office 365: This new feature will keep you safe from malware-filled documents (TechRepublic) Application Guard for Office and Safe Documents will make phishing attacks harder and the Office experience better for users, starting with Office 365 Pro Plus and E5 licences.

Cyber Trends

Arcserve Research Uncovers Links Between Ransomware, Consumer Purchasing Behavior and Brand Loyalty (Globe NewsWire) Report indicates that consumers are likely to avoid conducting business with an organization that has experienced a cyberattack. Reveals consumers will not tolerate ransomware-related service disruptions or security breaches, and will turn to a competitor after a single failed transaction or instance of inaccessible information.

The state of data quality: Too much, too wild and too skewed (Help Net Security) People and processes are almost always implicated in both the creation and the perpetuation of data quality issues, so we need to start there.

Marketplace

Rapid7 acquires cybersecurity firm DivvyCloud for $145M (SiliconANGLE) Security operations firm Rapid7 Inc. today said it has agreed to acquire cybersecurity firm DivvyCloud Corp. for $145 million in cash and stock.

Facebook Restructures Its Security Teams (New York Times) The social network displaced more than two dozen employees who work on security, as the company fights threats such as cyberattacks.

Facebook’s Specialized Cyber Security Team Blows The Whistle, Says They’re Victims Of Automation (Daily Caller) Current and former Facebook employees who are responsible for heading off cyber attacks say the Silicon Valley giant is replacing them with machines.

Automation at Facebook making cybersecurity staff redundant: Report (ETCIO.com) Facebook has reportedly shaken up its cybersecurity team as it invests in automation to identify and address cyber breaches on its various platforms, ..

Facebook cuts back on cybersecurity team as it invests more in automation (Business Standard) The employees responsible for tackling hacking threats have alleged that the Silicon Valley giant is replacing them with machines and is automating its alert response and security teams

FireEye stock falls on outlook, company announces layoffs (MarketWatch) FireEye Inc. undefined shares slipped in the extended session Tuesday after the cybersecurity company said it was laying off staff and forecast an outlook...

BlackRock Unit to Increase Its Stake in U.S. Cybersecurity Company Cofense (Wall Street Journal) BlackRock is investing at least $10 million, in a deal expected to be announced later today, a person familiar with the matter said.

Exclusive: Amazon turns to Chinese firm on U.S. blacklist to meet thermal camera needs (Reuters) Amazon.com Inc has bought cameras to take temperatures of workers during the coronavirus pandemic from a firm the United States blacklisted over allegations it helped China detain and monitor the Uighurs and other Muslim minorities, three people familiar with the matter told Reuters.

Unisys Announces First-Quarter 2020 Contracts with New and Existing U.S. Clients Valued at $200 Million (Unisys) Unisys Corporation (NYSE: UIS) today announced a set of first-quarter 2020 contracts with new and existing clients valued at $200 million.

Axonius Appoints Former Salesforce EVP and GM of Platform Anne DelSant (PRWeb) Axonius, the cybersecurity asset management company, today announced it has welcomed Anne DelSanto to its Board of Directors, its first female and independent boar

Security And Compliance Innovator, Tobias Whitney, Joins Fortress Information Security (Fortress Information Security) Security and compliance innovator Tobias Whitney joins Fortress to develop groundbreaking solutions for utilities, vendors and service providers

Products, Services, and Solutions

2020 Vision: Strategic Compliance and the Future of Business | A-LIGN (Transform your organization with strategic compliance to deliver new efficiencies and allow your team the time to focus on dynamic digital transformation efforts. ) Transform your organization with strategic compliance to deliver new efficiencies and allow your team the time to focus on dynamic digital transformation efforts.

Swimlane launches Insider Channel Program (Yahoo) Swimlane has announced the launch of its new Insider Channel Program, a two-part advanced program designed to create long-term partner growth.

Identity Automation Releases Update for RapidIdentity IAM Platform (Identity Automation) Highlights Include Password Blacklist Screening, Scheduled Entitlements, & QR Code Branding

Grosvenor partners with Tempered Networks to release cloaking security technology (FM Media) Grosvenor Cyber Solutions (GCS) provides a cloaking security technology offered as a managed service provider. The service targets operational technology ecosystems owned by large corporate businesses, government organisations and property owners who are concerned about cyber risk and managing assets more securely.

Privva Introduces Continuous Risk Monitoring Partnerships with Argos Risk®, RiskRecon and SpyCloud (privva) New integrations adding visualizations of vendor security assessments, financial data and dark web monitoring enrich Privva’s third-party risk management platf

New Cygilant Solution Helps Detect Threats Residing Directly on Company Endpoints (Cygilant) Cygilant Endpoint Security Provides a Fast, Cost-Effective Way to Detect Malware and Critical Threats on Workstations and Servers

Cyren Redefines Corporate Email Security for Every Microsoft 365 Inbox (Yahoo) New cloud service provides continuous protection and remediation from sophisticated phishing threats that penetrate existing safeguards MCLEAN, VA / ACCESSWIRE / April 29, 2020 / Cyren (NASDAQ:CYRN)(FRA:TOU) ...

Appsian Enables Adaptive Multi-Factor Authentication in Oracle PeopleSoft Applications (PR Newswire) Appsian, the global leader in Enterprise Resource Planning (ERP) data security, has announced an integration with Duo Security, now part of...

NextgenID Presents Identity-as-a-Service, Minimizing Identity Enrollment Costs and Offering Long-term Savings (Globe Newswire) The frictionless procurement model features zero capital outlay for any and all identity credentials

Technologies, Techniques, and Standards

Microsoft releases guidance on blocking ransomware attacks (BleepingComputer) Microsoft warned today of ongoing human-operated ransomware campaigns targeting healthcare organizations and critical services, and shared tips on how to block new breaches by patching vulnerable internet-facing systems.

FSB Consults on Cyber-Attack Response and Recovery (The National Law Review) The Financial Stability Board (FSB) issued a&nbsp;consultation&nbsp;on a toolkit of measures designed to help ensure firms and regulators are well prepared to tackle cyber incidents. This consultation

Research and Development

Software that swaps out words can now fool the AI behind Alexa and Siri (MIT Technology Review) The news: Software called TextFooler can trick natural-language processing (NLP) systems into misunderstanding text just by replacing certain words in a sentence with synonyms. In tests, it was able to drop the accuracy of three state-of-the-art NLP systems dramatically. For example, Google’s powerful BERT neural net was worse by a factor of five to seven…

Academia

Protecting University Students and Faculty from Phishing Scams (Campus Safety Magazine) Phishing attacks are causing significant financial losses. Here are some prevention tips for institutions of higher education

Legislation, Policy and Regulation

With Kim Jong Un Mysteriously Gone, China Is Likely to Make a Power Move (Foreign Policy) There are many ways Beijing could use the mystery surrounding Kim Jong Un’s disappearance to its advantage. None of them are good for the United…

The Coronavirus Has Pushed North Korea’s Economy to the Edge (Foreign Policy) Despite the crisis, there’s no signs of reform from Pyongyang.

Senate committee planning Ligado hearing on GPS interference (C4ISRNET) The hearing, which could come as soon as next week, would give defense leaders a public platform to push back on an FCC decision the department says will harm GPS.

DHS’ cyber agency will now serve as a cybersecurity “marketplace” (Fifth Domain) The Office of Management and Budget made its first Quality Service Management Office designation.

Litigation, Investigation, and Enforcement

The Washington Post, ACLU argue for the public’s right to see a judge’s opinion on encryption (Washington Post) The Justice Department argues disclosure in the case involving the calling feature on Facebook’s Messenger app could harm an ongoing prosecution.

ACLU, EFF still trying to get documents unsealed in Facebook encryption case (CyberScoop) It's the latest front in a broader standoff between privacy advocates and law enforcement over access to encrypted communications.

Justices Call For Data Scraper's Response In LinkedIn Appeal (Law360) The U.S. Supreme Court is asking data analytics startup hiQ Labs Inc. to respond to LinkedIn's challenge of a Ninth Circuit ruling that cleared the way for the startup to scrape the professional networking site's publicly available information in order to resell it.

At a glance.

Bring your own context.