FLORIDA CITY GIVES IN TO $600,000 BITCOIN RANSOMWARE DEMAND. But there’s no guarantee hackers will actually restore Riviera Beach’s systems.
Silly hackers — don’t they know that the really big bucks are to be made in environmental impact studies of removing high school George Washington murals?
ROGER SIMON: Why Are There So Many Homeless in Los Angeles?
Country Time paying kids’ fines, lobbying for legalizing lemonade stands (link has video chatter on it).
100 best drummers of all time? Listed at #98 is Karen Carpenter.
David Henderson reviews *Big Business: A Love Letter to an American Anti-Hero*, you need to scroll down a wee bit.
PHILIP GIRALDI. PompDeo Lies, Cheats and Steals (But He’s Still a Good Christian) (American Herald Tribune 4.5.2019)
Secretary of State Mike Pompeo recently recounted to an audience at Texas A&M University that when he was head of the Central Intelligence Agency he was responsible for “lying, cheating and stealing” to benefit the United States. “Like we had entire training courses. It reminds you of the glory of the American experiment.”
AP
June 13,
2019
Two U.S.
senators asked the FBI on Wednesday to explain what it has done to investigate
the suspected hack by Russian intelligence of a Florida-based voting software
company before the 2016 election. In a letter sent to FBI Director Christopher
Wray, Democratic Sens. Ron Wyden of Oregon and Amy Klobuchar of Minnesota, who
is the ranking member of the committee with jurisdiction over federal
elections, asked for answers by July 12 regarding steps the agency has taken in
response to the breach of VR Systems' computer servers. Robert Mueller's report
on Russia's interference in the 2016 election describes how Kremlin-backed
spies installed malware on the network of an unnamed company that
"developed software used by numerous U.S. counties to manage voter rolls."
The
Washington Post
June 13,
2019
House
Democrats are readying a major legislative push focused on securing elections,
a response to special counsel Robert S. Mueller III’s findings of Russian
interference in the 2016 election that took on new resonance after President
Trump said he would be willing to take dirt on a political opponent from a
foreign government. Legislation under discussion would, among other things, bar
political campaigns from sharing private material with foreign governments,
require them to report offers of foreign help and clarify that it is illegal to
seek to influence U.S. elections by conspiring with foreign nationals. The new
campaign, discussed internally as an effort to “end crime, corruption and
coverups,” according to two Democrats familiar with the effort, has been in the
works for weeks, dating to the submission of Mueller’s report in March. It will
combine legislative measures with a fresh oversight push from key congressional
committees, including hearings meant to highlight foreign threats to U.S.
elections.
CyberScoop
June 13,
2019
The concept
of “hacking back” — which has often been referred to as “the worst idea in
cybersecurity” — has resurfaced again in Washington. Rep. Tom Graves, R-Ga., is
reintroducing a bill Thursday that would allow companies to go outside of their
own networks to identify their attackers and possibly disrupt their activities.
While Graves has made previous attempts to legalize the practice, “hacking
back” would currently be a violation of the Computer Fraud and Abuse Act. The
CFAA, enacted in 1986, makes it illegal to access computers without
authorization. Graves told CyberScoop the bill is necessary in part because
companies are left without recourse when they are attacked. “Where do they turn
— can they call 911? What do they do?” Graves said. “They have nowhere to
turn.” The incentive to pass this bill, Graves says, also stems in part from
the fact that there are no guidelines right now for companies that he says are
already hacking back.
FCW
June 12,
2019
The House
Appropriations Committee approved a series of cybersecurity-related research
and development initiatives designed to tighten up protection to the electric
grid and other energy systems as part of its annual spending bill for Energy
and Water Development. The bill, which passed committee on June 10, sets aside
$150 million for Cybersecurity, Energy Security and Emergency response
services, $30 million higher than 2019-levels of spending. The measure is being
teed up as one of four appropriations to be voted on by the full House in the
first "minibus" of fiscal year 2020 funding bills. A sizable chunk of
those dollars would be dedicated to studying new methods and applications for
protecting the country's energy grid from cyberattacks, something the committee
said it "places a high priority" on in an accompanying report.
The Hill
June 12,
2019
The House
Oversight and Reform Committee approved bipartisan legislation on Wednesday
that would establish baseline cybersecurity standards for government-purchased
internet-connected devices. The approval, done through a voice vote, advances
the Internet of Things Cybersecurity Improvement Act of 2019 toward a vote on
the House floor. The legislation is aimed at reducing the risks to government
information technology from cyberattacks, and directs the National Institute of
Standards and Technology to establish recommendations for the federal
government on “the appropriate use and management” of the devices by no later
than March 31, 2020. "Internet of things" devices include those with
internet connections and those that are able to send and receive data, such as
laptops and mobile phones. The bill is spearheaded by Reps. Robin Kelly (D-Ill.)
and Will Hurd (R-Texas), and has almost two dozen other bipartisan co-sponsors.
Nextgov
June 11,
2019
House
lawmakers on Monday approved a bill that would stand up a crack team of
government cyber defenders who could parachute in when networks come under
attack. The DHS Cyber Incident Response Teams Act would create a permanent
group of security specialists that agencies and industry could call on when
their IT infrastructure gets compromised. The teams, housed within the
Cybersecurity and Infrastructure Security Agency, would assist victims in
containing the damage and restoring networks after digital attacks. “When
cyber-attacks occur, immediate expertise is needed to mitigate damage and
ensure organizations are restored,” Rep. Michael McCaul, R-Texas, the
legislation’s sponsor and former House Homeland Security Committee chairman,
said in a statement. “[The bill] ensures that the Department of Homeland
Security can foster collaboration between the public and private sector to
ensure our nation can continue to adapt to the constant changes in the cyber
landscape.” A previous version of the legislation passed the House in 2018 but
never received a vote in the Senate. Sens. Rob Portman, R-Ohio, and Maggie
Hassan, D-N.H., are sponsoring the bill’s current Senate counterpart, which was
approved by committee in February.
FCW
June 11,
2019
The House
Appropriations Committee approved a $63.8 billion spending package for the
Department of Homeland Security that includes higher funding levels for the
department's top cyber agency. The bill allocates approximately $2 billion for
the Cybersecurity and Infrastructure Security Agency, a $335 million bump from
last year and $408 million above what was requested in the president's budget.
Lawmakers in both parties have expressed support over the past year for the
idea of providing CISA with more resources to carry out its cybersecurity
mission. "This 20% funding increase will help the new agency move faster to
improve our cyber and infrastructure defense capabilities," said Rep.
Lucille Roybal Allard (D-Calif.), chair of the House Appropriations Homeland
Security Subcommittee. It also includes $24 million in additional funding for
CISA's election security initiative, including increased coordination between
the National Cybersecurity and Communications Integration Center and National
Guard units with cybersecurity experience to support training, risk assessments
and incident response needs for state and local governments. The committee's
report on the bill notes that NCCIC is currently grappling with a 12-month
backlog for requested vulnerability assessments.
THE TRAFFIC STOP: One of the Great Abuses of Police Power in Contemporary Life. Historian Dan Albert on an Obsolete Enforcement Practice That Just Won’t Die.
THE TRAFFIC STOP: One of the Great Abuses of Police Power in Contemporary Life. Historian Dan Albert on an Obsolete Enforcement Practice That Just Won’t Die.
The New
York Times
June 7,
2019
A raft of
legislation intended to better secure United States election systems after what
the special counsel, Robert S. Mueller III, called a “sweeping and systematic”
Russian attack in 2016 is running into a one-man roadblock in the form of the
Senate majority leader, Mitch McConnell of Kentucky. The bills include a
Democratic measure that would send more than $1 billion to state and local
governments to tighten election security, but would also demand a national
strategy to protect American democratic institutions against cyberattacks and
require that states spend federal funds only on federally certified “election
infrastructure vendors.” A bipartisan measure in both chambers would require
internet companies like Facebook to disclose the purchasers of political ads.
Another bipartisan Senate proposal would codify cyberinformation-sharing
initiatives between federal intelligence services and state election officials,
speed up the granting of security clearances to state officials and provide
federal incentives for states to adopt paper ballots. But even bipartisan
coalitions have begun to crumble in the face of the majority leader’s blockade.
Mr. McConnell, long the Senate’s leading ideological opponent to federal
regulation of elections, has told colleagues in recent months that he has no
plans to consider stand-alone legislation on the matter this term, despite
clamoring from members of his own conference and the growing pressure from
Democrats who also sense a political advantage in trying to make the Republican
response to Russia’s election attack look anemic.
ADMINISTRATION
FedScoop
June 14,
2019
A
Department of Defense official unveiled plans Thursday for contractor
cybersecurity standards that are scheduled to be implemented by January 2020.
Katie Arrington, special assistant to the assistant secretary of Defense
acquisition for cyber, made the announcement along with a plea for the private
sector to work with the government to secure its supply chain at a Professional
Services Council conference Thursday. The new standards will have a five-level
system, and they will combine guidance currently in place from the National
Institute of Standards and Technology with new input from the private sector
and academia. The standards, known as Cybersecurity Maturity Model
Certification, will be researched and developed in partnership with the Johns
Hopkins Applied Physics Lab and Carnegie Mellon University Software Engineering
Institute. Once in place, third-party private sector companies will audit
contractors to ensure compliance. The program also will include an education
and training center for cybersecurity. The level of cybersecurity required by
the standards will be indicated on all contract solicitations once implemented.
Nextgov
June 13,
2019
Though the
U.S. Postal Service’s investment strategies have strengthened its cybersecurity
practice, the agency must produce a solid operational cyber budget to
adequately steer the program and fund annual expenses, according to the Office
of Inspector General’s Semiannual Report to Congress released this week. In
2015, the agency approved millions in investments for Cybersecurity Decision
Analysis Reports I and II. The total approved investment amounts are not
publicly available but the OIG said it comprises “a capital investment,
deployment investment expenses, and first-year operating expenses.” Though the
Postal Service uses the DAR process to “approve, fund, and monitor” operating
expenses for cybersecurity investments, the OIG said daily operational expenses
necessary to support cyber efforts should be managed differently. “We found
that expenses associated with day-to-day operations to sustain ongoing
cybersecurity operations, such as rent, software licenses and services, and
employee and contractor support, should not be considered investments per
Postal Service investment policy,” the OIG said.
CyberScoop
The
cybersecurity features built into cloud computing have allowed the CIA to
quickly achieve its technological goals, a top U.S. intelligence official said
Tuesday. Sue Gordon, principal deputy director of national intelligence, said
that of all the improvements that the cloud has brought to the intelligence
community, the protections built into the technology provide the trust needed
to handle some of the most sensitive work done by the U.S. government. “The
advances we’ve made in security are probably what have allowed the greatest
movement of mission,” Gordon said Tuesday at the Amazon Web Services Public
Sector Summit in Washington, D.C. “Because of our insistence in the confidence
of our processes and our data, and our commitment to the trust the American
people place in us, we now have an environment that we trust.” It was a
watershed moment for cloud computing when the CIA announced in 2013 that it
would pay Amazon Web Services $600 million to set up a cloud computing system
for the intelligence community. Since then, Amazon has become a titan in the
space, dwarfing competition like IBM, Google and Microsoft in the race to help
the government move away from legacy data centers. “We trust [our cloud
instances] more than our legacy systems, we trust with our most secure data and
our secure processes,” Gordon said.
Nextgov
June 12,
2019
Cyber
experts often warn there’s no such thing as completely secure tech, but the
National Institute of Standards and Technology is trying to help software
developers and IT buyers get as close as possible. On Tuesday, NIST released a
draft set of guidelines that technologists should follow to ensure security is
baked into every step of the software development lifecycle. The framework is
intended to benefit both the people creating the tech and the organizations
that buy it, such as the federal government. The draft framework comes as
federal cyber leaders explore more robust strategies for locking down the
government’s software supply chain against potential threats. The document
divides the secure development process into four different categories—preparing
the organization, protecting the software, producing well-secured software and
responding to vulnerability reports—and offers specific instructions to help
ensure each of the goals are met. Ultimately, federal agencies and other
consumers could use the framework to determine which tech vendors they can
trust.
The New
York Times
June 12,
2019
Republican
lawmakers are refusing to commit to the millions of dollars sought by
Democratic Gov. Tom Wolf to back up his demand that Pennsylvania's counties
buttress election security by replacing their voting machines before 2020's
presidential elections. Republicans who control Pennsylvania's Legislature say
that a roughly $34 billion budget counterproposal they are finalizing does not
include the $15 million Wolf requested, and that they want Wolf to back off his
stated intention to decertify voting machines in use last year. Republicans
never agreed to require counties to replace voting machines, and helping
finance the purchases is Wolf's problem, not theirs, said Senate Majority
Leader Jake Corman, R-Centre. "This was a crisis that the governor created,
and he needs to resolve it," Corman said in an interview. "I feel bad
for the counties, because he put a huge unfunded mandate on the counties, but
that's his responsibility."
Nextgov
June 11,
2019
People
surfing the web have come to rely on HTTPS and the lock icon in the address bar
to feel secure as they browse the internet. But criminals have caught up,
according to the FBI, and are including verification certificates for website
designed to steal your information. In an alert published Monday, the bureau’s
Internet Crime Complaint Center, or IC3, warned that scammers are using the
public’s trust in website certificates as part of phishing campaigns. “The
presence of ‘https’ and the lock icon are supposed to indicate the web traffic
is encrypted and that visitors can share data safely,” the bureau wrote in the
alert. “Unfortunately, cyber criminals are banking on the public’s trust of
‘https’ and the lock icon.” The HTTPS protocol ensures the connection to a
given website is secure, preventing man-in-the-middle and other attacks from
diverting or spying on information going to and from the site. However, the
protocol does nothing to ensure the site itself is benign. In current ongoing
scams, criminals are sending phishing emails pretending to be from an
acquaintance or official website. But links in the emails actually go to malicious
sites, masquerading as legitimate services using HTTPS as cover.
CyberScoop
The U.S. is
beginning use offensive cyber measures in response to commercial espionage, President
Trump’s national security adviser, John Bolton, said Tuesday. “We’re now
looking at — beyond the electoral context — a whole range of other activities
to prevent this other kind of cyber interference … in the economic space, as
well,” Bolton said while speaking at The Wall Street Journal’s CFO Network
annual meeting. The U.S. faces many digital economic threats, including a
particularly aggressive salvo from Beijing, which continues to steal
intellectual property and conduct other cyber-espionage activities, according
to the latest Pentagon assessment on Chinese military operations. The U.S.
government traditionally has carried out offensive cyber-operations in the
electoral context, such as a 2018 Cyber Command operation that interrupted the
internet access of a Russian organization that spread political disinformation
on social media. Now, according to Bolton, American focus is expanding to deter
the theft of IP. “We’re now opening the aperture, broadening the areas we’re
prepared to act in,” Bolton said Tuesday, also citing Russian activity and
Chinese influence operations underway in the U.S.
The New
York Times
June 10,
2019
Tens of
thousands of images of travelers and license plates stored by the Customs and
Border Protection agency have been stolen in a digital breach, officials said
Monday, prompting renewed questions about how the federal government secures and
shares personal data. An official at the agency said it learned on May 31 that
a federal subcontractor had transferred copies of the images to the
subcontractor’s network, which the agency said was done without its knowledge
and in violation of the contract. The subcontractor’s network was then hacked.
The hacked material did not include images from airports, but rather of drivers
in their cars and license plates of vehicles crossing through one port of entry
over a six-week period, officials said. One United States government official
said no more than 100,000 people had their information compromised by the
attack.
Nextgov
The head of
the Office of Management and Budget is asking the Trump administration and
Congress to give government contractors and federal grant recipients more time
to cut ties with Chinese telecom providers like Huawei. If officials don’t
grant the extension, there may be “a dramatic reduction” in the number of
contractors able to legally do business with the government, acting OMB
Director Russel Vought wrote in a letter to Vice President Mike Pence and
congressional leaders. The letter, dated June 4, was first reported by The Wall
Street Journal. The 2019 National Defense Authorization Act prohibited the use
of federal funds to purchase products from Huawei, ZTE and other Chinese
telecom firms after intelligence officials warned the Chinese government could
use the companies to spy on the U.S. The measure not only bans agencies from
doing business directly with the firms but also bars government contractors and
federal grant recipients from working with the Chinese companies or any other
group that uses their tech.
INDUSTRY
Gov Info
Security
June 14,
2019
Medical
device vendor Becton Dickinson and U.S. federal regulators have issued security
alerts about vulnerabilities that potentially put certain infusion pump
products from the manufacturer at risk for remote hacker attacks. On Thursday,
Becton Dickinson and the Department of Homeland Security's Industrial Control
System Computer Emergency Response Team each issued security alerts about
vulnerabilities in certain BD Alaris Gateway Workstations. The vulnerabilities,
which DHS described in its advisory as involving "improper access
control" and also "unrestricted dangerous file upload" during
firmware updates, were recently identified by researchers at CyberMDX, the
alerts note. A BD spokesman tells Information Security Media Group that there
is no evidence that the vulnerabilities have been exploited.
CyberScoop
June 13,
2019
Since
March, criminals have been using hacking tools that were reportedly stolen from
the National Security Agency in targeting companies around the world as part of
a cryptomining campaign, researchers with cybersecurity company Trend Micro
said Thursday. The broad-brush campaign has hit organizations in the banking,
manufacturing and education sectors, among others, Trend Micro says. The
criminals are essentially hijacking corporate computing power to harvest the
cryptocurrency Monero. It’s hardly a new concept, but in this case it’s a
reminder that tools deployed by state-sponsored hackers can also be used by
relatively unskilled crooks more interested in making money than in spying.
“Entry-level cybercriminals are gaining easy access to what we can consider
‘military-grade’ tools — and are using them for seemingly ordinary cybercrime
activity,” Trend Micro researchers wrote in a blog post.
Wired
June 13,
2019
The internet-wide
push to encrypt more web traffic has resulted in a wave of safer, snoop-proof
connections. The next challenge, though, is completing that transition from
using a mixture of unencrypted HTTP and protected HTTPS to requiring that
baseline protection everywhere. And over the past year, Google has been
publicly offering a simple and straightforward way for websites to eliminate
these subtle weak spots. When HTTPS encryption was still a novelty, web
developers needed to create features that would allow HTTPS and HTTP pages to
interoperate, because the majority of sites were still unencrypted. So HTTPS
architects built mechanisms to upgrade or downgrade browsing sessions between
HTTP and HTTPS when needed, so that people wouldn't be blocked from using certain
sites completely. But as HTTPS has proliferated, it's finally time to bypass or
otherwise eliminate those intermediary features. Otherwise, pages still served
over HTTP, like those redirect pages, will continue to be at risk of
interception or manipulation. So Google has built HTTPS protection directly
into a handful of top-level domains—the suffixes at the end of a URL like
".com." Google added its internal .google top-level domain to the
preload list in 2015 as a sort of pilot, and in 2017 the company started using
the idea more extensively with its privately run suffixes ".foo" and
".dev." But in May 2018, Google launched public registrations of
".app," opening up automatic, preloaded encryption to anyone that
wanted it. In February of this year, it opened up .dev to the public as well.
Which means that today, when you register a site through Google that uses
".app," ".dev," or ".page," that page and any
others you build off it are automatically added to a list that all mainstream
browsers, including Chrome, Safari, Edge, Firefox, and Opera, check when
they're setting up encrypted web connections.
Reuters
June 13,
2019
Anheuser-Busch
InBev (AB InBev), the world's largest beer maker, said on Thursday it was
opening a cybersecurity unit in Israel to help protect itself from a growing
number of attacks. Israel is a leader in cybersecurity and many of the world's
largest companies have opened centers there or acquired Israeli tech firms to
defend themselves against hackers as the reliance on digital networks and cloud
storage becomes more prevalent. AB InBev's Tel Aviv hub will focus on analyzing
threats and potential attacks, said Luis Veronesi, vice president of global
security and compliance. The company did not disclose financial details of the
move. Veronesi told Reuters that AB InBev and the entire industry have been
facing increased cyber attacks, ranging from "financially motivated"
hacks to attempts at disrupting operations. "With increasing
digitalization, we have to be prepared to defend against anything coming,"
he said.
The Guardian
June 13,
2019
The
American cybersecurity giant Symantec has downplayed a data breach that allowed
a hacker to access passwords and a purported list of its clients, including
large Australian companies and government agencies. The list extracted in the
February incident, seen by Guardian Australia, suggests that all major federal
government departments were among the targets of a hacker who also claimed to
be responsible for Medicare data being available for sale on the dark web. But
Symantec said the “minor incident” involved “an isolated, self-enclosed demo
lab in Australia – not connected to Symantec’s corporate network – used to
[demonstrate] various Symantec security solutions and how they work together”.
The incident was not reported because Symantec concluded that “no sensitive
personal data was hosted in or extracted from this demo lab, nor were
Symantec’s corporate network, email accounts, products or solutions
compromised”.
ZDNet
June 13,
2019
Yubico said
today it plans to replace certain hardware security keys because of a firmware
flaw that reduces the randomness of cryptographic keys generated by its
devices. Affected products include models part of the YubiKey FIPS Series, a
line of YubiKey authentication keys certified for use on US government networks
(and others) according to the US government's Federal Information Processing
Standards (FIPS). According to a Yubico security advisory published today,
YubiKey FIPS Series devices that run firmware version 4.4.2 and 4.4.4 contain a
bug that keeps "some predictable content" inside the device's data
buffer after the power-up operation. This "predictable content" will
influence the randomness of cryptographic keys generated on the device for a
short period after the boot-up, until the "predictable content" is
all used up, and true random data is present in the buffer.
Gov Info
Security
June 12,
2019
A Google
security researcher has disclosed what he calls an unpatched bug in the main
cryptographic library used in newer versions of the Windows operating system
that he claims could affect an entire fleet of Windows-based devices. Tavis
Ormandy, a researcher with Google Project Zero, says he first took notice in
March of the bug in Microsoft's SymCrypt, an open source project that forms the
core cryptographic function library currently included in newer version of
Windows, including Windows 8 and Window 10. The researcher says he gave
Microsoft a private, 90-day notice of the unpatched bug, but the company had
not fixed the flaw as of Tuesday, June 11, when it published its latest Patch
Tuesday notification. Once his deadline for posting a fix passed, Ormandy
described his findings in a blog post.
CyberScoop
June 12,
2019
You can bet
CrowdStrike executives hope the company has more days like Wednesday. The
security vendor’s market value exceeded $12 billion on its first day of trading
on the Nasdaq under the ticker symbol “CRWD.” That’s almost four times the
company’s valuation in June 2018 when it raised $200 million in its last
private round, good enough for a $3 billion valuation. The California-based
company traded at $63 per share, nearly double its IPO price of $34. Founded in
2011, CrowdStrike provides endpoint protection, threat intelligence and
incident response services. Customers include HSBC, Google and Amazon Web
Services, though U.S. government agencies and political organizations also have
worked with the firm. It’s perhaps best known for investigating the 2016 data
breach at the Democratic National Committee, an incident it blamed on Russian
intelligence-affiliated groups.
Wired
June 12,
2019
In May
2018, the Middle East-focused free speech and information access group Majal
suffered a major cyberattack. Someone had managed to infiltrate a Majal Amazon
Web Services account, access a content repository and backups, and wipe out six
months of user data and posts across the organization's various message boards
and social media platforms. "The more time we took trying to figure out
what was going on, the more damage the hackers were doing," says
Bahrain-based Esra’a Al Shafei, Majal's founder and director. Majal eventually
reconstructed the lost data from offline backups, but the incident underscored
to Al Shafei how vulnerable the organization was online. Majal faced DDoS
attacks, defacements, and malicious script injections for years but couldn't
afford pricey digital defenses on its shoestring budget. So Al Shafei wrote to
the internet infrastructure firm Cloudflare and its initiative called Project
Galileo, which offers free defense tools and technical support to human rights
groups, activists, journalists, and artistic organizations around the world.
Project Galileo, launched five years ago in June 2014, has grown to support
nearly 600 organizations. The service is often compared to Alphabet's Project
Shield, first announced in October 2013, which also provides free DDoS
protection and other defenses to vulnerable humanitarian and free speech
groups. But multiple Project Galileo users, along with Cloudflare itself, note
that organizations benefit from having choices about who to work with.
Cloudflare's CEO Matthew Prince says that he wishes even more companies would
offer similar services.
CyberScoop
June 11,
2019
As the
mergers and acquisitions activity in the cybersecurity industry continues at a
feverish pace, one of its more consumer-friendly brands — the
breach-notification database Have I Been Pwned — is hoping for a new home. Have
I Been Pwned, a website where visitors can check if their email address has
been compromised, is exploring a sale, founder Troy Hunt revealed in a blog
post Tuesday. Since its debut in 2013 the site has won praise as a uniquely
free and user-friendly way for individuals to get information about incidents.
Nearly 3 million people have subscribed to its breach notifications, and
120,000 individuals use it to monitor web domains. Now, Hunt says he will be
working with the mergers and acquisitions team at the professional service firm
KPMG to search for a potential buyer. He’s calling the process Project Svalbard
— an allusion to a massive bank of plant seeds in Norway.
Wired
June 11,
2019
Election
Systems & Software, which describes itself as the nation’s leading
elections-equipment provider, has vowed to stop selling paperless electronic
voting systems—at least as the "primary voting device in a
jurisdiction." And the company is calling on Congress to pass legislation
mandating paper ballots and raising security standards for voting machines.
"Congress must pass legislation establishing a more robust testing
program—one that mandates that all voting-machine suppliers submit their
systems to stronger, programmatic security testing conducted by vetted and
approved researchers," writes ES&S CEO Tom Burt in an op-ed for Roll
Call. Over the past 18 months, election-security advocates have been pushing
for new legislation shoring up the nation's election infrastructure.
Election-security reform proposals enjoy significant support among
Democrats—who control the House of Representatives—and have picked up some
Republican cosponsors, too. However, such measures have faced hostility from
the White House and from the Republican leadership of the Senate.
Gov Info Security
June 10,
2019
Microsoft
is warning about a large-scale spam campaign that is targeting European users
by taking advance of an old Office exploit to send emails that contain malware
in malicious Rich Text Format (RTF) attachments. In a series of tweets sent
from the Microsoft Security Intelligence team on Friday, researcher warned of
the spam campaign found in malicious emails written in different European
languages. By using the older exploit, referred to as CVE-2017-11882, attackers
can automatically run malicious code without requiring user interaction,
according to Microsoft. First found in 2017, CVE-2017-11882 specifically
targets Equation Editor, a feature found in older version of Office that has
since been removed and replaced by Microsoft. This particular component allowed
Office users to build complex equations within Office documents.
INTERNATIONAL
Wired
June 14, 2019
n the scale
of security threats, hackers scanning potential targets for vulnerabilities
might seem to rank rather low. But when it's the same hackers who previously
executed one of the most reckless cyberattacks in history—one that could have
easily turned destructive or even lethal—that reconnaissance has a more
foreboding edge. Especially when the target of their scanning is the US power
grid. Over the past several months, security analysts at the Electric
Information Sharing and Analysis Center (E-ISAC) and the
critical-infrastructure security firm Dragos have been tracking a group of
sophisticated hackers carrying out broad scans of dozens of US power grid
targets, apparently looking for entry points into their networks. Scanning
alone hardly represents a serious threat. But these hackers, known as
Xenotime—or sometimes as the Triton actor, after their signature malware—have a
particularly dark history. The Triton malware was designed to disable the
so-called safety-instrument systems at Saudi Arabian oil refinery Petro Rabigh
in a 2017 cyberattack, with the apparent aim of crippling equipment that
monitors for leaks, explosions, or other catastrophic physical events. Dragos
has called Xenotime "easily the most dangerous threat activity publicly
known."
The
Washington Post
June 14, 2019
Russia
conducted a “continued and sustained” disinformation campaign against Europe’s
recent parliamentary elections, the European Union reported Friday, the latest
sign that Russia’s high-tech efforts to influence democratic votes have not
slowed down. The report found that Russia sought to influence voter behavior
and, in some cases, suppress turnout. These conclusions echo the conclusions of
official U.S. investigations into the 2016 presidential election, which
reported that Russians sought to damage Democrat Hillary Clinton and help elect
her rival, Republican Donald Trump, while also working to undermine democratic
institutions in the United States. Friday’s European Union report said the
Russian interference in parliamentary campaigns “covered a broad range of
topics, ranging from challenging the Union’s democratic legitimacy to
exploiting divisive public debates on issues such as of migration and
sovereignty...There was a consistent trend of malicious actors using
disinformation to promote extreme views and polarize local debates, including
through unfounded attacks on the EU.” The report said major U.S. technology
companies, including Google, Twitter and Facebook, had taken steps to combat
Russian disinformation, but the report also said, “more needs to be done by the
platforms to effectively tackle disinformation.”
The New
York Times
June 13, 2019
As
protesters in Hong Kong retreated from police lines in the heart of the city’s
business district, a new assault quietly began. It was not aimed at the
protesters. It was aimed at their phones. A network of computers in China
bombarded Telegram, a secure messaging app used by many of the protesters, with
a huge volume of traffic that disrupted service. The app’s founder, Pavel
Durov, said the attack coincided with the Hong Kong protests, a phenomenon that
Telegram had seen before. “This case was not an exception,” he wrote.
The Intercept
June 12,
2019
Operatives
at a controversial cybersecurity firm working for the United Arab Emirates
government discussed targeting The Intercept and breaching the computers of its
employees, according to two sources, including a member of the hacking team who
said they were present at a meeting to plan for such an attack. The firm,
DarkMatter, brought ex-National Security Agency hackers and other U.S.
intelligence and military veterans together with Emirati analysts to compromise
the computers of political dissidents at home and abroad, including American
citizens, Reuters revealed in January. The news agency also reported that the
FBI is investigating DarkMatter’s use of American hacking expertise and the
possibility that it was wielded against Americans.
Ars Technica
June 8,
2019
Traffic destined for some of Europe's biggest mobile providers was
misdirected in a roundabout path through the Chinese-government-controlled
China Telecom on Thursday, in some cases for more than two hours, an
Internet-monitoring service reported. It's the latest event to stoke concerns
about the security of the Internet's global routing system, known as the Border
Gateway Protocol. The incident started around 9:43am UTC on Thursday. That's
when AS21217, the autonomous system belonging to Switzerland-based data center
colocation company Safe Host, improperly updated its routers to advertise it
was the proper path to reach what eventually would become more than 70,000
Internet routes comprising an estimated 368 million IP addresses. China
Telecom's AS4134, which struck a network peering arrangement with Safe Host in
2017, almost immediately echoed those routes rather than dropping them, as
proper BGP filtering practices dictate. In short order, a large number of big
networks that connect to China Telecom began following the route.
TECHNOLOGY
CyberScoop
June 12,
2019
Spearphishing
schemes are pulling on practices from legitimate software companies in order to
enhance the efficiency and distribution of their scams, according to new
research published Wednesday. Akamai Principal Lead Security Researcher Or
Katz, whose company sees thousands of new phishing pages each day, and has
noticed phishing kit sellers are increasingly operating as if they were in the
lawful commercial space. They are using “factory-like production cycle to
target dozens of brands,” Katz, who has been analyzing the development of
phishing kits since December last year, writes in the research. One phishing
kit distributor Akamai has been tracking advertises kits that imitate a wide
swath of websites, including Gmail, Amazon, Facebook, YouTube, GoDaddy, PayPal
and Skype.
Ars Technica
June 11,
2019
The
Rowhammer exploit that lets unprivileged attackers corrupt or change data
stored in vulnerable memory chips has evolved over the past four years to take
on a range of malicious capabilities, including elevating system rights and
breaking out of security sandboxes, rooting Android phones, and taking control
of supposedly impregnable virtual machines. Now, researchers are unveiling a
new attack that uses Rowhammer to extract cryptographic keys or other secrets
stored in vulnerable DRAM modules. Like the previous Rowhammer-based attacks,
the new data-pilfering RAMBleed technique exploits the ever-shrinking
dimensions of DRAM chips that store data a computer needs to carry out various
tasks. Rowhammer attacks work by rapidly accessing—or hammering—physical rows
inside vulnerable chips in ways that cause bits in neighboring rows to flip,
meaning 1s turn to 0s and vice versa. The attacks work because as capacitors
become closer together, they more quickly leak the electrical charges that
store the bits. At one time, these bit flips were little more than an exotic
crashing phenomenon that was known to be triggered only by cosmic rays. But
when induced with surgical precision, as researchers have demonstrated over the
past four years, Rowhammer can have potentially serious effects on the security
of the devices that use the vulnerable chips.