Pages

Wednesday, August 28, 2019

Lawmaker sounds alarm on supply chain risk



    As Samuel Johnson noted: “You may scold a carpenter who has made you a bad table, though you cannot make a table. It is not your trade to make tables 

One of the poets, whose name I cannot recall, has a passage, which I am unable at the moment to remember, in one of his works, which for the time being has slipped my mind, which hits off admirably this age-old situation.”
― PG Wodehouse

There’s a revolution happening right in front of us and most politicians haven’t even noticed
It’s silly season. I reviewed the news this morning and nothing jumped out as requiring comment, in itself. At the same time the whole news
Read the full article…


'Stop interfering': China hits back at Australia over imprisoned Australian writer



The Contagion of Corruption Scientific American

ben butler hirschhorn from amp.theguardian.com'My endless lunch break starts now': Chatswood dad wins $96 millionNSW Labor boss dragged into ICAC cash scandal

He was the frontman of a "squeaky clean" company earning millions from clients that included government departments with the lure of providing free payroll services.
But in reality, Joshua Meredith Kitson was the "mole" to a band of co-conspirators he plotted with to defraud the Australian Tax Office (ATO) of more than $100 million in a "complex" and "carefully planned" white-collar criminal syndicate.








Joshua Kitson, 38, is to be sentenced over his key role in a high-profile tax evasion plot.
Joshua Kitson, 38, is to be sentenced over his key role in a high-profile tax evasion plot.CREDIT:DOMINIC LORRIMER

Kitson, a former general manager to the scandalised Plutus Payroll firm, is set to be sentenced on Wednesday over his integral role in the tax evasion ploy that even saw him throw investigators off by referring them to a dead associate.
ben butler hirschhorn from amp.theguardian.comThe 'mole' behind the $100 million scheme to defraud the ATO


Ben Butler ... In an interview with the Guardian, Hirschhorn

NYT – I Visited 47 Sites. Hundreds of Trackers Followed Me. Farhad Manjoo and Nadieh Bremer: “Earlier this year, an editor working on The Times’s Privacy Project asked me whether I’d be interested in having all my digital activity tracked, examined in meticulous detail and then published — you know, for journalism. “Hahaha,” I said, and then I think I made an “at least buy me dinner first” joke, but it turned out he was serious. What could I say? I’m new here, I like to help, and, conveniently, I have nothing whatsoever at all to hide….What did we find? The big story is as you’d expect: that everything you do online is logged in obscene detail, that you have no privacy. And yet, even expecting this, I was bowled over by the scale and detail of the tracking; even for short stints on the web, when I logged into Invasive Firefox just to check facts and catch up on the news, the amount of information collected about my endeavors was staggering…”
FCW
August 22, 2019
Rep. Mike Gallagher (R-Wis.) wants the U.S. government to take its supply chain security problems more seriously. On a conference call with reporters, Gallagher, a co-chair of the Cyberspace Solarium Commission and a member of the House Armed Services Committee, cited a recent oversight report that showed that Defense Department personnel used government purchase cards to buy off-the-shelf technology with known vulnerabilities. The congressman's cybersecurity concerns are part of an increasingly fierce debate over the defense supply chain security in the past two years that has everyone from regulators to contractors yearning for clearer, stricter rules and bans of products and manufacturers. Gallagher recently introduced a bill that would require congressional approval for Huawei to be removed from the tech blacklist. But for DOD to better secure its supply chain, a cultural schism between the Pentagon and the tech industry must be addressed.
Nextgov
August 22, 2019
Two lawmakers penned a letter to the National Highway Traffic Safety Administration Thursday questioning whether they’ve been notified or plan to address cyber vulnerabilities and dangers to public safety posed by the increasing use of internet-connected cars on American roads. In their letter, Senators Ed Markey, D-Mass., and Richard Blumenthal, D-Conn., raise concerns from a recent Consumer Watchdog report that suggests car manufacturers have made investors and shareholders aware of the risks associated with connected vehicles, but they have yet to disclose that critical information to the general public. The report, which was produced over five months in collaboration with car industry technologists, alleges all top 2020 cars have connections that are vulnerable to potentially detrimental “fleet wide attacks.” “We are concerned that consumers are purchasing internet-connected vehicles without sufficient safety warnings and write to inquire about NHTSA’s knowledge of any cyber vulnerabilities, as well as what actions NHTSA is taking to address these issues,” the lawmakers wrote.

The Hill
August 22, 2019
A congressionally mandated commission plans to issue its recommendations for protecting the U.S. against cyberattacks early next year, a former top official at the Department of Homeland Security said Tuesday. The Cyberspace Solarium Commission — made up of bipartisan members of Congress, former government officials and industry representatives — is working toward formulating a comprehensive, strategic approach, commission member Suzanne Spaulding said at the Digital Government Institute’s 930gov conference. “I think we’re trying to cover everything, frankly, short of war,” said Spaulding, a former under secretary of the Department of Homeland Security's National Protection and Programs Directorate, now known as the Cybersecurity and Infrastructure Security Agency. “To have a strategic approach, you’ve got to make sure that you’re thinking about all of the tools that you have at your disposal, all of the resources, all of the levers that both you and the private sector can contribute and bring to bear,” she added.

Gov Info Security
August 19, 2019
To better prepare for cyberthreats posed by Russia and China, the U.S. Army has been building cyber and electronic warfare units. But a new report from the Government Accountability Office finds that these units are understaffed, underequipped and in need of better training. The GAO report comes at a time when the Army is changing part of its mission, organizational structure and training to develop new capabilities that can effectively counter Russia and China, especially when it comes to cyberwarfare. The Army also plans to develop what it calls "multidomain operations" by 2028 to confront adversaries on land, air, sea, cyber and space, according to the GAO report. Over the last two years, the Army has established two of these new units, and more are planned in 2020. The 915th Cyber Warfare Support Battalion, which is based in Fort Gordon, Georgia, is focusing on providing offensive cyber capabilities. Another new unit Army division with a similar mission is the Intelligence, Cyber, Electronic Warfare and Space unit. The GAO determined, however, that while the Army has accelerated its plans for cyberdefense and cyberwarfare, top officials have not adequately staffed these new units. There have also been shortfalls when it comes to properly training and equipping soldiers assigned to the these new units, the report finds.


ADMINISTRATION

Federal News Network
August 23, 2019
Recent ransomware attacks in Texas and Louisiana are causing the National Guard to rethink some of its training policies for its cyber units. Last month, Louisiana was forced to declare a state of emergency after a handful of its school districts’ networks were hacked. Similarly, a few days ago hackers held more than 20 Texas local governments’ networks hostage. National Guard Chief Gen. Joseph Lengyel called the events a “cyber storm” and the multi-state attack is highlighting the need for more standardized policies and training for cyber units across the force. “I have questions about us in terms of making sure we are able to provide the best capacity to not only the military sector, but also the domestic sector,” Lengyel said in a Friday phone call with reporters. “Everybody’s cyber response packages look a little bit different. Texas has this joint cyber response team and it has eight people both Army and Air. The way Louisiana does it is a little different in the way we train them and the way they plug into the civilian networks are all a little different.” While the structures themselves are different and may need retooling, Lengyel said the way members of the Guard are trained and the apparatuses they use may not be standardized.

Gov Info Security
August 23, 2019
Eighty suspects, most of them Nigerian nationals, have been indicted on charges of running global business email compromise and romance scams that led to millions of dollars in fraud and allegedly involved a complex money-laundering operation, according to the U.S. Department of Justice. The 252-count indictment, revealed Thursday, also describes others crimes that targeted the elderly, according to the U.S. Attorney's Office for the Central District of California, which is overseeing the case along FBI agents in Los Angeles and elsewhere. So far, the FBI has arrested 14 of the suspects, including 11 who were either living or working in the Los Angeles area. Others charged in the indictment remain at large, possibly living overseas, according to federal prosecutors. The FBI issued some of the first search warrants related to this case in 2017, authorities say.

The Boston Globe
August 23, 2019
A computer security expert is proposing a solution that would let the state Board of Elections bolster its cybersecurity on Election Day without having to rip out modems that make the state’s election system vulnerable to cyberattacks. On Aug. 2, the Board of Elections asked Tony Adams, an information security professional who lives in Providence, to write a memo suggesting ways to reduce the risk of hacking on election night, when modems are used to quickly report unofficial results. In an Aug. 14 memo, Adams suggests having the modems report unofficial results to computers that are separate from the state’s core election computer system, which configures ballots and tabulates official results. That way, if hackers did penetrate the system on election night, they couldn’t change the official results or hold the whole system hostage with ransomware, for example, he said. “This idea is so elegant you have to ask: Why didn’t I think of that?” Board of Elections Vice Chairman Stephen P. Erickson said this week. “Because you don’t have to spend a lot of money, it’s relatively simple to implement, and it will substantially increase the level of security — and the perceived security, which is important.”

The Hill
August 22, 2019
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) plans to prioritize election security, cybersecurity at federal agencies, and the “persistent threat” posed by China, among its many goals. The agency laid out its key priorities in a new “strategic intent” document released on Thursday, which CISA Director Christopher Krebs described in the introduction as the “keystone” for the agency. Among Krebs’s operational priorities is addressing Chinese threats to U.S. supply chains and to the rollout of 5G networks, bolstering election security efforts at the state and local level, and protecting the cybersecurity of industrial control systems. Other priorities are protecting federal networks against cyber attacks, such as ransomware incidents that have increasingly spread across the country, and defending “soft targets” and crowded venues from physical threats.

The New York Times
August 22, 2019
Brian A. Hawkins Googles his name and last employer and winces. The words that appear are verbs like “fired,” “axed” and “sacked.” The former information technology director of Lake City, the northern Florida city that was forced to pay out nearly half a million dollars after a ransomware attack this summer, was blamed for the breach, and for the long time it took to recover. But in a new lawsuit, Mr. Hawkins said he had warned the city about its vulnerability long ago — urging the purchase of an expensive, cloud-based backup system that might have averted the need to pay a ransom. But there was no money. And to those weighing the many competing priorities in the northern Florida city of 12,000 people, purchasing capacity on remote computer servers didn’t seem to rise to the top — at the time. Once the city’s entire computer network crumbled in the space of a few hours, there was an intense round of finger-pointing, and it ended with Mr. Hawkins. “My name has been blasted all over the media and across the country for weeks,” he said in his first interview with the news media since the attack earlier this summer.

CyberScoop
August 22, 2019
A years-long project from researchers at the National Security Agency that could better protect machines from firmware attacks will soon be available to the public, the lead NSA researcher on the project tells CyberScoop. The project will increase security in machines essentially by placing a machine’s firmware in a container to isolate it from would-be attackers. A layer of protection is being added to the System Management Interrupt (SMI) handler — code that allows a machine to make adjustments on the hardware level — as part of the open source firmware platform Coreboot. Eugene Myers, who works in the National Security Agency’s Trusted Systems Research Group, told CyberScoop that the end product — known as an SMI Transfer Monitor with protected execution (STM-PE) — will work with x86 processors that run Coreboot. Attackers are increasingly targeting firmware in order to run malicious attacks. Just last year, the first-ever documented UEFI rootkit was deployed in the wild, according to ESET researchers. These type of attacks are particularly concerning because if an attacker compromises an endpoint’s firmware, they could gain control of the entire system. Many security software products do not detect firmware attacks.

Fifth Domain
August 22, 2019
Students at the Army’s cyber school and a Japanese defense force participated in what service leaders are describing as the first international “capture the flag” type event. The international exercise, held Aug. 21, sought to improve the organizations’ relationship but also aimed to share best practices between key allies as a way to strengthen training and best practices. Teams from the Army’s cyber school and Japanese ground self defense force cyber students faced off. Capture the flag events involve a set of challenges and objectives students have to meet with the tools at their exposure, which tests their knowledge and ability in areas like networking, for example. “It’s not sometimes about the curriculum, it’s just training methodologies, what are good lessons learned. Being a good coalition partner, if we’re learning things that are bad and things that are good, we want to share them with others and we want to reap the benefit as well,” Todd Boudreau, deputy commandant at the Army Cyber School, told Fifth Domain. “As our students see students from another coalition partner, they’re likely to see them one day on an operations floor. We want to start that [speed of trust] real early so we can build those bridges right away.”

CyberScoop
August 22, 2019
U.S. Army Cyber Command could soon have a new identity. Commander Lt. Gen. Stephen Fogarty said this week he wants his military outfit, dedicated to electronic warfare and information operations, to be renamed as the “Army Information Warfare Command.” The rechristening would better represent a new military mission, he said, and come at a time when Army cyber personnel increasingly deal with troll farms on social media, disrupt ISIS operations, and work to confuse international adversaries’ understanding of U.S. military units’ location. “The intent is to provide a proposal that will change us from Army Cyber Command to Army Information Warfare Command because we believe that is a more accurate descriptor of what I am being asked to do on a daily basis,” Fogarty said at the AFCEA TechNet conference in Augusta, Georgia this week.

Nextgov
August 21, 2019
As the second cohort of the experimental Federal Reskilling Academy prepares to graduate in September, two members from the first cohort—which graduated in July—spoke with reporters about what they learned during the 13-week course and what these new skills will mean for their careers. While both reskilling graduates agreed their new skills are invaluable—in both their personal and professional lives—the training has not translated into new jobs, one of the main promises of the effort. When Federal Chief Information Officer Suzette Kent announced the reskilling academy in November 2018, the stated goal of the first cohort was to train non-IT employees as cyber defense analysts who could then be transferred to IT-specific roles. The federal government has a critical shortage of cybersecurity professionals and the academy was meant to be one way of filling those positions with internal hires. Two graduates from the first cohort—who OMB made available to reporters during a roundtable Wednesday—lauded the course as an exceptional learning experience but said, for the time being, they will continue working in their current positions.

New England Public Radio
August 21, 2019
Elections security experts have discovered new ways to manipulate the type of voting machine used in Vermont, but local elections officials say it's unlikely that bad actors could exploit those vulnerabilities to change the results of an election. At a recent technology conference in Las Vegas, ethical hackers from across the country tried to infiltrate some of the voting machines used in U.S. elections. Probing for vulnerabilities in ballot tabulators is an annual tradition at the DEF CON Hacking Conference. This year, however, hackers tried to gain access to the same type of voting machine used by 135 towns in Vermont. Montpelier City Clerk John Odum retrieved one of the machines from a vault last week and placed it on a desk in his office. It's a pretty ancient-looking piece of technology — like something you might have seen in a middle school computer room in the early 1990s. The machine is called an AccuVote, and its name is clearly meant to inspire confidence in the results it spits out. But when white-hat hackers set to work on this tabulator at DEF CON earlier this month, they quickly found all kinds of ways to manipulate results. Odum, a certified ethical hacker himself, was one of the tech gurus in Vegas trying to compromise the very same machines he uses to administer elections in Montpelier. Despite all the vulnerabilities, Odum said there's no need to panic. "All of these things, if we're doing everything right, are manageable," Odum said. In order to corrupt the vote count on an AccuVote machine, you'd need physical access to its mechanical innards; Odum said Vermont's elections security protocols make the machines a pretty tough target to infiltrate.

The New York Times
August 20, 2019
Computer systems in 22 small Texas towns have been hacked, seized and held for ransom in a widespread, coordinated cyberattack that has sent state emergency-management officials scrambling and prompted a federal investigation, the authorities said. The Texas Department of Information Resources said Monday that it was racing to bring systems back online after the “ransomware attack,” in which hackers remotely block access to important data until a ransom is paid. Such attacks are a growing problem for city, county and state governments, court systems and school districts nationwide. By Tuesday afternoon, Texas officials had lowered the number of towns affected to 22 from 23 and said several government agencies whose systems were attacked were back to “operations as usual.” The ransomware virus appeared to affect certain agencies in the 22 towns, not entire government computer systems. Officials said that there were common threads among the 22 entities and that the attacks appeared not to be random, but they declined to elaborate, citing a federal investigation.

The Washington Post
August 20, 2019
Starting in 2020, Los Angeles County’s 5.2 million voters will cast their ballots on new machines that the county had custom built over a decade to be highly accessible to citizens with all manner of disabilities and who speak 13 languages. The new machines mark the biggest challenge in years to the highly consolidated voting machine industry in the United States, in which just three companies control more than 90 percent of the market. The dominant players have faced withering criticism from security advocates and lawmakers since the 2016 election for being too slow to adapt to election hacking threats from Russia and other adversaries and not transparent enough about their security. The plan is for the machines to be tested at some voting locations during local elections in November and then to be used by all voters for the first time in primaries on March 3, 2020. The challenge is even bigger because Los Angeles plans to make the computer code its machines are running on freely available to be used or modified by other voting jurisdictions. But the new systems are also likely to add fire to a battle between cybersecurity hawks and advocates for voters with disabilities that’s already playing out in Congress and among state election boards.

AP
August 20, 2019
Lawyers for a transgender woman charged in a massive data breach at Capital One asked a judge Tuesday to release her from federal custody, saying that for her to remain jailed with men is a serious threat to her mental health. Paige Thompson, a talented computer programmer from Seattle who goes by the online handle "erratic," was arrested last month after the FBI said she obtained personal information from more than 100 million Capital One credit applications. There is no indication she sold or distributed the data. A hearing is scheduled for Friday before Magistrate Judge Michelle Peterson on whether Thompson will remain at the Federal Detention Center in SeaTac pending trial. Prosecutors say she should because she presents a flight risk and is a danger to herself and others. They said she has "a long history of threatening behavior that includes repeated threats to kill others, to kill herself, and to commit suicide by cop," and that in May police investigated after she made threats to shoot up a California social media company. In a response filed in U.S. District Court on Tuesday, her attorneys, federal public defenders Mohammad Hamoudi and Christopher Sanders, asked for her to be released to a halfway house where she would have better access to mental health care.

Nextgov
August 19, 2019
Federal agencies didn’t experience a single “major” cybersecurity incident in 2018, marking the first time in three years the government avoided such a severe digital incursion, according to a recent White House report. Not one of the more than 31,000 cybersecurity incidents that agencies faced last year reached the “major incident” threshold, which is defined as an event that affects more than 100,000 individuals or otherwise causes “demonstrable harm” to the U.S, according to the Office of Management and Budget. The government fell victim to five major incidents in 2017 and 16 in 2016. Overall, the total number of cyber events the government experienced dropped 12% from 2017, OMB officials told Congress in their annual report on the Federal Information Security Management Act. While OMB called this downward trend “encouraging,” they warned that agencies shouldn’t let down their guard. Phishing and other email-based attacks remain a popular strategy for online bad actors, and the government is still struggling to attribute and label the thousands of attacks every year, officials said.

AP
August 17, 2019
Georgia election officials have for years ignored, downplayed and failed to address serious problems with the state’s election management system and voting machines, a federal judge said in a scathing order this week. U.S. District Judge Amy Totenberg said those problems place a burden on citizens’ rights to cast a vote and have it reliably counted. She called Georgia’s voting system “antiquated, seriously flawed, and vulnerable to failure, breach, contamination, and attack.” Despite those findings, Totenberg ruled Thursday that Georgia voters will use that same election system this fall because of concerns about the state’s capacity to make an interim switch while also implementing a new system. Plaintiffs in a lawsuit challenging Georgia’s system had asked Totenberg to order an immediate switch to hand-marked paper ballots for special and municipal elections this fall. But she declined, citing worries about the state’s capacity to manage an interim switch while also implementing a new system that is supposed to be in place for the March 24 presidential primaries.


INDUSTRY

CNBC
August 22, 2019
Software company VMware on Thursday said it’s acquiring Carbon Black at an enterprise value of $2.1 billion and Pivotal at an enterprise value of $2.7 billion. The deals are expected to close by the end of January 2020. Shares of Pivotal were up as much as 8% after the announcement, while VMware shares fell as much as 7%. Carbon Black shares rose as much as 6% after shares were initially halted following the close of the trading session. These are VMware’s largest acquisitions yet. The deals build on VMware’s strength helping companies run their software in their own data centers. They could help VMware compete better in the security market and hybrid-cloud infrastructure operations. VMware isn’t talking about cost synergies that could come out of buying two other enterprise-focused companies. However, CEO Pat Gelsinger told CNBC the companies will be operating profitably under VMware next year.

Ars Technica
August 22, 2019
In an attempt to quell a controversy that has raised the ire of white-hat hackers, the maker of the Steam online game platform said on Thursday it made a mistake when it turned away a researcher who recently reported two separate vulnerabilities. Valve’s new HackerOne program rules specifically provide that “any case that allows malware or compromised software to perform a privilege escalation through Steam, without providing administrative credentials or confirming a UAC dialog, is in scope. Any unauthorized modification of the privileged Steam Client Service is also in scope.” The statement and the policy change from Valve came two days after security researcher Vasily Kravets, an independent researcher from Moscow, received an email telling him that Valve’s security team would no longer receive his vulnerability reports through the HackerOne bug-reporting service. Valve turned Kravets away after he reported a Steam vulnerability that allowed hackers who already had a toe-hold on a vulnerable computer to burrow into privileged parts of an operating system. Valve initially told Kravets such vulnerabilities were out of scope and gave no indication that the one Kravets reported would be fixed.

ZDNet
August 21, 2019
Splunk on Wednesday delivered better-than-expected second quarter financial results and announced its plans to acquire cloud monitoring company SingalFx for $1.05 billion -- its largest acquisition to date. Splunk CEO Doug Merritt said the purchase will enable to Splunk offer customers a single data platform that can monitor cloud-native infrastructure and enterprise applications in real time. "The combination of Splunk and SignalFx will give IT and developers a data platform that allows them to monitor and observe data in real time, no matter the infrastructure or data volume, helping them cut costs, boost revenue and improve the customer experience," Splunk said in a press release. Splunk said the SignalFx acquisition will close in the second half of its current fiscal year.

Venture Beat
August 21, 2019
Major tech companies including Alibaba, Arm, Baidu, IBM, Intel, Google Cloud, Microsoft, and Red Hat today announced intent to form the Confidential Computing Consortium to improve security for data in use. Established by the Linux Foundation, the organization plans to bring together hardware vendors, developers, open source experts, and others to promote the use of confidential computing, advance common open source standards, and better protect data. “Confidential computing focuses on securing data in use. Current approaches to securing data often address data at rest (storage) and in transit (network), but encrypting data in use is possibly the most challenging step to providing a fully encrypted lifecycle for sensitive data,” the Linux Foundation said today in a joint statement. “Confidential computing will enable encrypted data to be processed in memory without exposing it to the rest of the system and reduce exposure for sensitive data and provide greater control and transparency for users.”

Vice Motherboard
August 19, 2019
Apple has mistakenly made it a bit easier to hack iPhone users who are on the latest version of its mobile operating system iOS by unpatching a vulnerability it had already fixed. Hackers quickly jumped on this over the weekend, and publicly released a jailbreak for current, up-to-date iPhones—the first free public jailbreak for a fully updated iPhone that's been released in years. Security researchers found this weekend that iOS 12.4, the latest version released in June, reintroduced a bug found by a Google hacker that was fixed in iOS 12.3. That means it’s currently relatively easy to not only jailbreak up to date iPhones, but also hack iPhone users, according to people who have studied the issue. “Due to 12.4 being the latest version of iOS currently available and the only one which Apple allows upgrading to, for the next couple of days (till 12.4.1 comes out), all devices of this version (or any 11.x and 12.x below 12.3) are jail breakable—which means they are also vulnerable to what is effectively a 100+ day exploit,” said Jonathan Levin, a security researcher and trainer who specializes in iOS, referring to the fact that this vulnerability can be exploited with code that was found more than 100 days ago.


INTERNATIONAL

Reuters
August 22, 2019
Israel is easing export rules on offensive cyber weapons, despite accusations by human rights and privacy groups that its technologies are used by some governments to spy on political foes and crush dissent. A rule change by the defense ministry means companies can now obtain exemptions on marketing license for the sale of some products to specific countries, a source close to the cyber sector told Reuters. Israel, like other big defense exporters, closely guards details of its weapons sales and its export rules are not widely known, but the defense ministry confirmed the change had gone into force about a year ago in response to Reuters’ questions. Industry specialists say the change makes a speedier approval process possible for the sale of cyber weapons, or spyware, which are used to break into electronic devices and monitor online communications. Israel’s defense ministry said the rule change “was made to facilitate effective service to Israeli industries while maintaining and protecting international standards of export control and supervision”.

CyberScoop
August 21, 2019
ackers using web infrastructure associated with a known North Korean threat group are behind a dormant phishing campaign that’s targeted the ministry of foreign affairs in at least three countries, as well as a number of research organizations, according to findings shared exclusively with CyberScoop before their publication Wednesday. Researchers from Anomali, a threat intelligence company based in California, found a network of malicious websites that appear to be login portals for the French Ministry for Europe and Foreign Affairs, the Ministry of Foreign and European Affairs of the Slovak Republic, Stanford University, and a U.K. think tank, among other targets. Each of the targets has focused in some way on North Korea’s nuclear efforts, or the international sanctions issued as punishment for it. By tricking diplomats or other victims into entering their credentials into a malicious website, the hackers behind this apparent espionage effort could then use that information to spy on the affected inbox. Exactly who is behind the operation was not immediately clear, though Anomali determined the attackers in this case used the same command-and-control server and the same IP address as the Kimsuky campaign, which Palo Alto Networks and others previously have associated with North Korea.

ZDNet
August 21, 2019
Chinese advanced persistent threat (APT) groups are honing in on cancer research institutes in recent cyberattacks in order to steal their work, researchers say. Cancer is the second leading cause of death worldwide and claimed the lives of 9.6 million individuals in 2018. The World Health Organization (WHO) estimates that one in six deaths annually are caused by cancer, and with these high mortality rates, researchers across the globe are working towards ways to improve detection and treatment. China, too, is contributing -- but cybersecurity firm FireEye says that facing cancer's impact on society, death rates, and the cost of care, the country is not above using nefarious methods to speed up research goals. On Wednesday, FireEye published a new report on the state of cybercrime in the healthcare industry. Titled, "Beyond Compliance: Cyber Threats and Healthcare," the research claims that Chinese APTs -- many of which are state-sponsored -- continue to target medical entities, and cancer-related organizations are a common target. 

Gov Info Security
August 20, 2019
The June ransomware attack against one of the largest forensic labs in the U.K. continues to delay police investigations in Britain while authorities await test results. At one point, authorities were confronted with a backlog of 20,000 forensic samples - including DNA and blood-samples - that were awaiting analysis for criminal cases, according to a report by the BBC. Earlier this year, the systems of Eurofins Scientific were crippled in a ransomware attack, resulting in the lab paying a hefty ransom to retrieve its files. Luxembourg-based Eurofins provides DNA testing, toxicology analysis, testing of firearms and other services to British police agencies as well as their counterparts in Europe, according to the company's website. The computer files and systems targeted in the ransomware attack included sensitive information on DNA and blood samples, which were required for urgent court hearings and police investigations. This delayed these crucial processes for several weeks, according to a Friday statement from the U.K.'s National Policing Chief's Council.

ZDNet
August 20, 2019
A French security researcher has found a critical vulnerability in the blockchain-based voting system Russian officials plan to use next month for the 2019 Moscow City Duma election. Pierrick Gaudry, an academic at Lorraine University and a researcher for INRIA, the French research institute for digital sciences, found that he could compute the voting system's private keys based on its public keys. This private keys are used together with the public keys to encrypt user votes cast in the election. Gaudry blamed the issue on Russian officials using a variant of the ElGamal encryption scheme that used encryption key sizes that were too small to be secure. This meant that modern computers could break the encryption scheme within minutes.


TECHNOLOGY

Ars Technica
August 21, 2019
A rash of supply chain attacks hitting open source software over the past year shows few signs of abating, following the discovery this week of two separate backdoors slipped into a dozen libraries downloaded by hundreds of thousands of server administrators. The first backdoor to come to light was in Webmin, a Web-based administration tool with more than 1 million installations. Sometime around April of last year, according to Webmin developer Jamie Cameron, someone compromised the server used to develop new versions of the program. The attacker then used the access to distribute a backdoor that was downloaded more than 900,000 times and may have been actively used by tens of thousands of Internet-facing servers. A second backdoor came to light on Monday in 11 libraries available in the RubyGems repository. According to an analysis by developer Jan Dintel, the backdoor allowed attackers to use pre-chosen credentials to remotely execute commands of their choice on infected servers.

CyberScoop
August 20, 2019
Encryption has always been a battle line in cyberspace. Attackers try to break it; defenders reinforce it. The next front in that struggle is something known as homomorphic encryption, which scrambles data not just when it is at rest or in transit, but when it is being used. The idea is to not have to decrypt sensitive financial or healthcare data, for example, in order to run computations with it. Defenders are trying to get ahead of attackers by locking down data wherever it lies. The latest step in homomorphic encryption’s decade-long journey from dream to adoption was a standards meeting over the weekend of representatives from Google, Intel, and Microsoft, along with academics from around the world. While previous meetings focused on the specifics of algorithms, this fourth meeting included more talk of pursuing homomorphic encryption standards at a handful of global bodies, according to Intel’s Casimir Wierzynski, who helped organize the gathering.