The CyberWire Daily Briefing 6.20.19

thecyberwire.com activities, android users, another, apt, attack, attacks against governments, bouncing golf, cash, code, countries, cyber army, cyberespionage campaign, cyberespionage campaign, cyberscoop, cyberwire daily briefing, espionage group, espionage group rolls out brand, golf, group, hacking groups, infrastructure, kim jong un, malware, middle eastern, mobile cyberespionage campaign 'bouncing golf' affects middle east, north korea, package, peers, rece, revenue stream, securityweek, soldiers, spies, symantec, target, the irish times, toolset, trendlabs security intelligence blog, waterbug

Kim Jong Un’s cyber army raises cash for North Korea (The Irish Times) Cash generated from illicit cyber-based activities has become a core revenue stream

Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments (Symantec) Waterbug may have hijacked a separate espionage group’s infrastructure during one attack against a Middle Eastern target.

What happens when one APT hijacks another’s infrastructure (CyberScoop) Like any group of spies or soldiers, state-sponsored hacking groups are acutely interested in what their peers are using.

Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East (TrendLabs Security Intelligence Blog) We uncovered a cyberespionage campaign targeting Middle Eastern countries we named “Bouncing Golf” based on the malware’s code in the package named “golf.”

Cyberespionage Campaign Targets Android Users in Middle East (SecurityWeek) A recently uncovered cyberespionage campaign is targeting the users of Android devices in Middle Eastern countries.

Cybersecurity News: Middle East Faces Rising Cyberattack Threat (International Business Times) A recent report from a UAE-based cybersecurity firm said the Middle East faces a rising threat of cyberattacks on critical infrastructure such as oil and gas.

()

Analysis of a New HawkEye Variant (Fortinet Blog) FortiGuard Labs recently identified a new variant of HawkEye malware being spread by a phishing email. Read more about the analysis here. …

Cryptominer Uses Cron To Reinfect Linux Host After Removal (BleepingComputer) A cryptomining dropper malware has been spotted by security researchers while gaining persistence on Linux hosts by adding cron jobs to reinfect the compromised machines after being removed.

Ad agency leaks data on US military veterans' combat injuries (ZDNet) Florida ad agency leaks the keys to its entire kingdom, including invoices, campaign metrics, and all collected data.

Report: Medical Data Leaked for Hundreds of Thousands of Users (including US Veterans) (vpnMentor) vpnMentor's research team has found a breach in the xSocialMedia database. Noam Rotem and Ran Locar, our leading cybersecurity researchers, discovered …

Notices mailed to 645,000 clients possibly impacted by data breach (Oregon Department of Human Services) The Oregon Department of Human Services is sending notices by mail to approximately 645,000 clients notifying them that their personal information was compromised during a previously announced January 2019 data breach.

Florida city pays $600,000 ransom to save computer records (AP NEWS) A Florida city agreed to pay $600,000 in ransom to hackers who took over its computer system, the latest in thousands of attacks worldwide aimed at extorting money…

Expert on RB: 'Why does a city of this size not have backups?' (WPTV) As Riviera Beach agrees to pay a $600,000 ransom to get its data back, a security expert questions why the city put itself in a vulnerable situation in the first place.

'There was no breach': NPPD disputes story reporting Cooper Nuclear Station was hacked (Omaha.com) The story, which focused on increased U.S. cyberactivities targeting Russia’s power grid, referenced previously unreported attempts to infiltrate Cooper Nuclear Station, stating "The hackers got into communications networks, but never

Botnets shift from Windows towards Linux and IoT platforms (Help Net Security) Botnets in 2018 continued the trend of using distributed denial-of-service (DDoS) as their primary weapon to attack high-speed networks.

DHS Email Phishing Scam (US-CERT) The Cybersecurity and Infrastructure Security Agency (CISA) is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (DHS) notifications. The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (NCAS) alert and lure targeted recipients into

Nanocore RAT via fake DHL failed delivery in Chinese (My Online Security) A quick post about the latest in a long, long, long, very, very long line of fake DHL delivery failure emails delivering all sorts of malware. Today’s version is slightly different to the ones we…

Welcome to the Next Generation of Corporate Phishing Scams (Fortune) Hackers are getting more sophisticated.

Do you know the last time you were socially engineered (Avast) Read how the intensity of phishing campaigns endures as threat actors manipulate human foibles to gain unauthorized access to homes and companies.

Phone Scammers Fake Apple Support by Phishing User Account Info (neoRhino IT Solutions) Telephone phishing scams (also known as Vishing Scams) have been around for ages, and robocalling has been on the rise recently. Companies are taking a stand and improving their cybersecurity against these annoying scam attempts, and one company that is…

Google Pushes Confidential Android Security Update to Pixel User (BleepingComputer) Google has mistakenly sent out a confidential Google-only dogfood build of their upcoming July 2019 security update to a Pixel owner. These builds are meant to be used internally by Google employees and are not meant to be pushed out to normal users.

Parent bank details, signatures compromised as cyber attack hits Catholic high school (ABC News) Nagle Catholic College principal Rob Crothers warns parents their bank details may have been stolen after a four-day widespread cyber security attack that also targeted other schools.

Ford School experiences latest phishing storm in ‘U’ community (The Michigan Daily) The University of Michigan Ford School of Public Policy was the target of phishing scams this past week after Public Policy students, faculty and staff received an email last Tuesday from phishers masquerading as staff members inquiring about their recipients’ schedule availability.In an email statement to The Daily, Sol Bermann, University interim chief information security officer, explained phishing is a phenomenon that affects organizations worldwide.

()

Security Patches, Mitigations, and Software Updates

Oracle patches WebLogic Server flaw hackers are actively exploiting in the wild (Computing) Tells users to install the updates as early as possible,Security ,oracle weblogic server,security patch,CVE-2019-2729,KnownSec404 Team,CVE-2019-2725

Cisco Releases Security Updates for Multiple Products (US-CERT) Cisco has released security updates to address vulnerabilities in multiple Cisco products.  A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following advisories and apply the necessary updates:

Red Hat Security Advisory 2019-1517-01 (Packet Storm) Red Hat Security Advisory 2019-1517-01 – GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol, Secure Shell File Transfer Protocol, Web Distributed Authoring and Versioning, Common Internet File System, Server Message Block, and other protocols. GVFS integrates with the GNOME I/O abstraction layer. A file access vulnerability has been addressed.

Google Boosts Chrome Protection Against Deceptive Sites (SecurityWeek) Google is making web browsing with Chrome safer with a new option for reporting suspicious websites and a new warning mechanism for sites that use deceptive URLs.

BlueKeep warnings having little effect on Windows patching (SearchSecurity) Another BlueKeep warning has been issued, this time by the Department of Homeland Security — but public scanning results indicate the security advisories have had little effect on getting organizations to patch the Windows vulnerability.

Cyber Trends

3 ways AI will change the nature of cyber attacks (The European Sting) Cyberattacks are becoming ubiquitous and have been recognized as one of the most strategically significant risks facing the world today.

New McAfee Report Finds Eighty-Seven Percent of Companies Experience Business Acceleration from Use of Cloud Services (BusinessWire) McAfee, the device-to-cloud cybersecurity company, today released a special edition of its Cloud and Risk Adoption Report, focused on the business imp

Download: eSentire Q1 2019 Quarterly Threat Report (Help Net Security) The eSentire Q1 2019 Quarterly Threat Report provides a snapshot of threat events and trends investigated by the eSentire SOC.

()

Expressvpn Survey Reveals Americans Do Care about Privacy after All (Home of internet privacy) A survey, commissioned by ExpressVPN and undertaken by Propeller Insights, produced many surprising results about privacy in the U.S.

AP-NORC poll: Majority worry about 2020 foreign meddling (Washington Post) A majority of Americans are concerned that a foreign government might interfere in some way in the 2020 presidential election by tampering with election results, stealing information or by influencing candidates or voter opinion, a new poll shows

()

The fourth Industrial revolution emerges from AI and the Internet of Things (Ars Technica) IoT has arrived on the factory floor with the force of Kool-Aid Man exploding through walls.

Marketplace

New breed of security vendor spells trouble for pure play firms (CIO Dive) Cloud service providers are taking security market control from third parties. The key for keeping an edge in the market is having multicloud offerings and on-prem integrations.

UN ambassador cites Israeli company in proposal to ban spyware (Jerusalem Post) In his report, David Kaye, the UN special rapporteur on freedom of expression said government oversight of spyware “hardly exists,” and there was an “extraordinary risk of abuse.”

Huawei saga is no good for anyone – Nokia UK CEO (Telecoms.com) Some might assume the suspicion which is being placed on Huawei might work out well for its competitors, but that is certainly not the case.

Three Facebook moderators break their NDAs to expose a company in crisis (The Verge) "A sweatshop in America"

YouTube, Under Fire, Considers Major Changes to Kids’ Content (Wall Street Journal) YouTube executives are debating moving all children’s content into the standalone YouTube Kids app, to better protect young viewers from objectionable videos.

AMCA Files for Bankruptcy Following Data Breach (SecurityWeek) Retrieval-Masters Creditors Bureau, the company that operates American Medical Collection Agency (AMCA), has filed for Chapter 11 bankruptcy due to a recent data breach affecting millions of individuals.

TrueFort Raises $13.7M to Provide Data Breach Protection within Business Applications  (BusinessWire) Series A round led by Evolution Equity Partners, with the participation of Lytical Ventures and Emerald Development Managers.

Cloud Security Firm Valtix Emerges From Stealth With $14 Million in Funding (SecurityWeek) Valtix emerges from stealth mode with a cloud-native network security platform and $14 million in initial funding.

()

()

Facial recognition co AnyVision raises $31m (Globes) The Israeli computer vision company has developed core software solutions that make all cameras smart.

Cloud data management, protection company is Silicon Valley's newest unicorn (Silicon Valley Business Journal) Cloud data management and protection startup Druva, led by CEO Jaspreet Singh, raised a $130 million round of funding at a valuation of more than $1 billion and has moved into new headquarters in downtown Sunnyvale.

()

Alphabet’s CrowdStrike Stock Investment Has Rocketed in Value (Barron's) Subsidiaries of the parent of Google have invested in the cloud-based security software firm since 2015. After CrowdStrike’s IPO last week, Alphabet’s investment is now worth 13 times what it paid.

Is CrowdStrike (CRWD) Worth Twice as Much as Symantec? (Grizzle) CrowdStrike (NASDAQ: CRWD) held its IPO last week and its market cap is already double that of larger rival Symantec (NASDAQ: SYMC). Which is the better investment?

Will SentinelOne Win Customers From Carbon Black And CrowdStrike In $8B Endpoint Security Market? (Forbes) Is CrowdStrike overvalued?

Can FireEye Stock Really Double in the Next 2 Years? (The Motley Fool) This fund manager believes that FireEye is a misunderstood stock that could do well in the future, but it might not be entirely correct.

Acronis flips majority of partners to become MSPs (CRN Australia) Admits not all of them will make the leap from licensing to subs.

Tradewinds scores AT&T cybersecurity deal (CRN Australia) Includes products from the recently acquired AlienVault.

Forcepoint Names Shayne Higdon as Chief Operating Officer (PR Newswire) Global cybersecurity leader Forcepoint today announced transformational technology business leader Shayne Higdon…

Kudelski Security Expands Advisory Services with Addition of Seasoned Security Leaders (Kudelski Security) Strategic new hires will serve as local resource to CISOs, helping to improve security strategies, programs, tactics and share best practices among CISO community

Digital Guardian Names Susan Walker Chief Financial Officer (Digital Guardian) Digital Guardian today announced the appointment of Susan Walker as Chief Financial Officer (CFO). This news comes on the heels of Digital Guardian’s recent $30 million funding round and the expansion of its engineering, corporate strategy and product management leadership team.

CyberScout Announces the Appointment of Jennifer Leuer as Chief Executive Officer (Yahoo) CyberScout, a leader in identity theft resolution, data defense and employee benefits services, is pleased to announce the appointment of Jennifer Leuer as …

Products, Services, and Solutions

NSS Labs Announces 2019 SD-WAN Group Test Results (NSS Labs, Inc.) All products tested met the use case requirements and offer a good ROI AUSTIN, Texas – June 19, 2019  – NSS Labs, Inc., a global leader and trusted source for independent cybersecurity product testing, today announced the results of its 2019 Software Defined Wide Area Network (

Insurance (BAE Systems | Cyber Security & Intelligence) Our solution for the insurance market uses data to help achieve critical business objectives by improving the quality of data captured, securing it and employing advanced analytic techniques to enable better informed decision making.

Finally, Smart Cybersecurity: The Optimal Combination of Ethical Hackers and Artificial Intelligence (Synack) Synack integrates human intelligence and machine intelligence for “Smart” security testing at scale, resulting in 4x the efficiency of a traditional penetration test.

Fortinet launches new WAN and edge security platform (SearchSecurity) Fortinet has launched Secure SD-Branch, an edge security platform designed to secure the WAN and access edge using Fortinet security products, such as Fortinet Security Fabric, to converge WAN and security into an integrated platform.

Trusted Cyber Security Solutions in Austria Joins Radiflow's OT MSSP Partner Program to Expand Service Offerings (Yahoo) Radiflow, a leading provider of industrial cybersecurity solutions for industrial automation networks, and Trusted Cyber Security Solutions (TCSS), a provider of cybersecurity services and solution, today jointly announced that TCSS has joined

New Social Media Platform Aims to Combat Conservative Censorship (PR Newswire) Safe Space 1776 LLC has launched the beta version of its social media site, the "Safe Space," for conservatives…

Technologies, Techniques, and Standards

Where AI factors in to DHS election security (Fifth Domain) Artificial intelligence's profile is rising but humans need to remain in the process to take on high-level problems, according to the director of the Cybersecurity and Infrastructure Security Agency.

Shared Assessments Announces Third Party Risk Management (TPRM) Framework to Offer Guidance for Organizations Seeking to Create, Improve and Manage Third Party IT Security Risk (Yahoo) The Shared Assessments Program, the member-driven leader in third party risk assurance, today announced a new Third Party Risk Management (TPRM) Framework designed to help organizations of all sizes effectively build, improve and execute best practices in today’s fast changing third party risk environment

What is PCI DSS? (FIME Blog) As worldwide card fraud continues to rise, it is fundamental that the payments industry steps up to the challenge to prevent further data breaches and losses.

Don’t let fear win: saying no to ransomware (SecurityBrief) “Agreeing to pay a ransom demand isn’t conducive to long-term security, and emboldens cyber criminals to continue to use this method.”

Investigation and Response is a Team Sport (SecurityWeek) With a platform that can act as a virtual cybersecurity situation room, analysts can have a single location to investigate collaboratively and share the same pool of threat data and evidence.

Security Doesn't Have to be a Losing Battle (SecurityWeek) Security itself has represented a losing battle for so long – I would contend it is the singular losing societal / macro investment ever.

In the New Fight Against Malware, It’s Spy vs. Spy – Security Boulevard (Security Boulevard) Malware authors have essentially become master spies. Security vendors need to enable defenders to become spies themselves.

NBA Strives to Protect Secrets From Hackers (Wall Street Journal) Cybersecurity is a year-round concern for the league, but big events like the draft bring a heightened focus on keeping data locked away.

Design and Innovation

CSIRO's Data61 develops 'vaccine' against attacks on machine learning (ZDNet) Data61 claims its new set of vaccination-like techniques show it's possible to prevent adversarial attacks made on machine learning algorithms.

()

Facebook's Libra cryptocurrency: where are the banks? (The Block) When looking at a new money or payments system meant to replace an old one, one need only look at who is missing from the list of partners to understand what is being replaced. In the case of the Facebook-led Libra Association, which was unveiled today, the missing link from our current financial world is …

Facebook's Libra will not help the unbanked (Facebook) For the last century, new communications technologies — radio, television, VCRs, the internet — have all been initially sold as something that will help with education, and have actually been used for entertainment.

Facebook’s cryptocurrency has a trust problem (The Verge) Libra isn’t as decentralized as a normal cryptocurrency

Microsoft, Salesforce Join Hyperledger Enterprise Blockchain Consortium (CoinDesk) Microsoft and Salesforce have joined Hyperledger, lending their enterprise software heft to the DLT consortium.

Cloudflare's Ethereum Gateway (The Cloudflare Blog) Today, we are excited to announce Cloudflare's Ethereum Gateway, where you can interact with the Ethereum network without installing any software on your computer.

Academia

Deloitte makes big cyber school donation (WZDX) During a ceremony at the Paris Air Show, Deloitte presented a $100,000 gift to the Alabama school of Cyber Technology and Engineering Foundation.

Legislation, Policy, and Regulation

What is the Cyber equivalent of physical displays of military strength? (Gula Tech Adventures) We project our power in the air, on land and in the sea – are there methods we could be using in cyberspace?

Artificial Intelligence and the Good Society (The Aspen Institute) The report of the 2019 Aspen Institute Roundtable on Artificial Intelligence surfaced some of the key vectors of engagement that must be joined when directing AI development. Most of all, the report reflects discussions on how to prod AI development in the right directions—and what, indeed, are those “right directions?”

Battlefield Internet (Foreign Affairs) The U.S government needs to play a more assertive role in protecting the public from digital threats, just as it protects it from conventional ones.

Big Brother Comes to Belgrade (Foreign Policy) Chinese facial recognition software has arrived in Serbia. It confirms the West’s worst fears about Huawei.

Brazil ignores US pressure to reject Huawei (ZDNet) Vice president Hamilton Mourao welcomes infrastructure investment despite US requests to exclude the Chinese giant from its 5G suppliers.

Why Blacklisting Huawei Could Backfire (Foreign Affairs) China has overcome technological blockades before.

Romney Pushes to Stop Trump From Using Huawei to Get Trade Deal (Bloomberg) Senator is introducing amendment to keep Huawei export ban. Move follows letter by Rubio, Warner warning against issue.

Sen. Rubio wants to stop Huawei from filing U.S. patent lawsuits (Roll Call) The Florida Republican Marco Rubio filed an amendment to a defense authorization bill. to keep Huawei from filing U.S. patent lawsuits.

Senate panel advances bill to protect government devices against cyber threats (TheHill) A Senate committee on Wednesday advanced legislation aimed at securing government-purchased devices against cyber threats, a move that comes just weeks after a companion bill moved forward in the House.

New Senate Bill Would Make Tech Giants Responsible for the Content Hosted on Their Platforms (Cheddar) Republican Senator Josh Hawley (R-MO) is taking on tech giants with a new bill proposed Wednesday. It would hold companies like Facebook and Youtube responsible for toxic content on its platform, stripping these companies of their current protections. Rick McElroy, Head of Security Strategy at Carbon Black, joins Cheddar to discuss the impact this bill would have on big tech companies if it passes.

Shocking truth: Top tech execs don't trust the government to help in the event of a cyberattack (CNBC) In a CNBC survey of top technology executives, a majority of those who responded said they doubted the U.S. government would be able to help them in the event of a cyberattack. "Greater diplomacy" between the public and private sectors is necessary to help address the threat, said one CTO.

Facebook called before Senate panel over digital currency project (Reuters) Facebook Inc's plans to create a global cryptocurrency will face scrutiny f…

Voting machine giant lobbies for paper ballots over election security concerns (CNN) The US's largest election equipment manufacturer has begun quietly lobbying Congress to force all voting equipment to create a paper trail, a sharp departure after years of selling paperless digital machines that can't be fully audited. The change of stance comes amid concerns over the security of elections following Russia's interference effort in the 2016 presidential election.

How secure is that .zip file? One senator is urging NIST to weigh in (CyberScoop) Federal workers and the public in general might be mistaken about the security of .zip files, Sen. Ron Wyden says, and he’s asking the National Institute of Standards and Technology to issue guidance on the best way to send sensitive files over the internet.

22 State Attorneys General Seek Election Security Help (BankInfo Security) A group of 22 state attorneys general, mainly from Democratic-leaning states, are demanding Congress offer local officials more support – including grants and

Analysis | The Cybersecurity 202: 2020 hopeful Seth Moulton is calling for a ‘cyber wall.' Here are the details. (Washington Post) It's designed to be an alternative to Trump's demands for a border wall.

New acting Pentagon chief has closer ties to Trump (POLITICO) Mark Esper backed border deployments, but raised questions about transgender ban.

Mark Esper is acting defense secretary. Will Trump make it permanent? (Military Times) Federal rules limit how long he can serve in the temporary role, but Trump may nominated him for the permanent post.

Shanahan nomination implosion raises anew questions about White House background checks (Military Times) Allegations of family domestic violence problems did not surface in his earlier confirmation process.

One of the military’s top cyber groups will get a new leader (Fifth Domain) The Cyber National Mission Force is often described as having Cyber Command’s best operators.

Litigation, Investigation, and Law Enforcement

()

YouTube under federal investigation over allegations it violates children’s privacy (Washington Post) YouTube executives are discussing broad changes to how the video platform handles children’s content and are also examining ways to improve core features to limit hate speech in response to criticism that the video-streaming platform has done too little to prevent harm.

U.N. investigator calls for probing Saudi officials in Khashoggi killing (Washington Post) The U.N. inquiry into Jamal Khashoggi's death said high-level Saudi officials, including Crown Prince Mohammed bin Salman, likely knew a criminal mission was being planned.

Feds arrest Syrian refugee accused of plotting terrorist attack on Pittsburgh church (ABC News) A Syrian refugee living in Pittsburgh has been arrested on charges of plotting a terrorist attack on a Christian church.

Cyber Weaknesses That Led to Breaches at NASA’s JPL Persist, Says IG (Nextgov.com) The federally-funded research center is at the forefront of space exploration but continues to struggle with some basic cybersecurity practices.

Feds: Ex-CIA employee waged ‘information war’ against US (Federal Times) Prosecutors said an ex-CIA employee must be kept isolated in the Metropolitan Correction Center after he declared the

Ex-Senate staffer sentenced to 4 years for ‘doxing’ GOP senators in Kavanaugh confirmation fight (Washington Post) The fired aide carried out the largest known theft of electronic data in U.S. Senate history.

Russian Hack or CrowdStrike Ruse? (American Greatness) Robert Mueller may live to regret indicting Roger Stone. Stone is the long-time Republican political operative who made headlines in January when he was hauled out of his home by a squad of FBI agents adorned in tactical gear and carrying M4 rifles. The ostentatious display of