Chinese Health Care Needs More Communism
Wyden calls on NSA to examine White House cybersecurity following Bezos hack
The Hill
January 24,
2020
Sen. Ron
Wyden (D-Ore.) on Friday pressured the National Security Agency (NSA) on
efforts to secure personal devices of government employees from foreign hackers
and surveillance following news that Amazon CEO Jeff Bezos's phone was
allegedly hacked by Saudi officials. Wyden, a member of the Senate Intelligence
Committee, sent a letter to NSA Director Gen. Paul Nakasone asking for an
update on a commitment made by former NSA Director Michael Rogers in 2018 that
the agency would look into how key government institutions like the White House
are guarding against hacking and surveillance operations. He also singled out
senior White House adviser Jared Kushner, who in 2018 reportedly communicated
via WhatsApp with Saudi Crown Prince Mohammed bin Salman, sometimes referred to
as MBS. “Until the White House takes security seriously, the most sensitive
secrets of this country will end up in enemy hands,” Wyden told reporters on
Friday while discussing the letter. “So today, I am writing to the National
Security Agency and asking them to evaluate the security risks of Jared
Kushner, and other White House officials who may have messaged MBS,
particularly on their personal devices.”
ADMINISTRATION
FCW
January 24,
2020
Under a
recent policy change, the FBI will notify states if local election systems are
hacked, but some state officials and lawmakers want the feds to commit to
informing a broader range of stakeholders. The federal government, in
particular the FBI, have taken heat for taking three years to notify the
Florida state government and members of Congress that voter registration
systems in two counties were breached by Russian hackers leading up to the 2016
elections. While U.S. officials have said they do not have any evidence that
suggests voting machines or tallies were compromised, security experts say bad
actors tampering with registration data can still sow confusion and wreak havoc
on election day. Alabama Secretary of State John Merrill said he and his
counterparts in other states spent years pressing the federal government to
notify states about local election hacks, arguing that many counties and municipalities
lack the technical resources to effectively respond to a breach of their
election systems. The FBI's new policy does not include notifying members of
Congress or the public when a system is breached, though bureau and DOJ
officials told reporters last week they might to do so in extenuating
circumstances. According to the FBI, the federal government does not prevent or
inhibit states and localities from telling Congress or the public that one of
their election systems have been hacked. Instead, it's left up to the victims
to come forward.
StateScoop
January 24,
2020
Municipal
workers in New Orleans discovered on Dec. 13 that their computer systems had
been rendered inoperable by a virus demanding payment, making the city yet
another victim of the global ransomware scourge that’s pestered state and local
governments for the last several years. Recovery from the attack, which has
since been attributed to the Ryuk strain of malware, has already cost New
Orleans $7.2 million, and officials expect that figure to climb much higher by
the time their devices and networks are fully restored. The incident confirmed
a warning Mayor LaToya Cantrell had given to the New Orleans City Council last
June when she was arguing that cybersecurity funding deserved to be included in
the city’s budget for critical infrastructure. Some members were hesitant and
said that protecting IT assets was not an infrastructure component. “I said,
‘like hell it isn’t’,” Cantrell recalled Thursday during a meeting of the U.S.
Conference of Mayors in Washington. Cantrell said she got the funding, but when
ransomware locked up the city’s computers last month, knocking websites offline
and preventing social-services agencies from accessing electronic records, she
was vindicated: “I was like, now what?” she said.
Nextgov
January 23,
2020
The latest
publication in a long line of reports drawing attention to the State
Department’s failure to secure its information technology-dependent systems
from cyberattacks reflects a general mismanagement of resources.
“Notwithstanding the expenditure of substantial resources by the Department,”
reads a report State’s Office of the Inspector General released Wednesday, “the
OIG continues to identify significant issues that put its information at risk.”
The report follows a Jan. 14 letter Sen. Mark Warner, D-Va., sent to Secretary
of State Mike Pompeo asking what steps he’s taken to address the shortcomings
detailed in previous IG reports. Warner put the letter in the context of a
“long history of information breaches” at State and recent tensions with Iran.
The senator specifically noted an August OIG report that called attention to
the absence of “two senior executive service positions responsible for
cybersecurity” due to a hiring freeze, and a 2017 OIG report that stated the
chief information officer was “not well placed to be held accountable for State
Department Cybersecurity issues.” The report out Wednesday reiterated the 2017
findings, noting “lapses in the performance of duties by Information Systems
Security Officers persisted in FY 2019” and pointed to overseas posts where
problems were more extensive.
CyberScoop
January 23,
2020
The U.S.
Department of Homeland Security’s cybersecurity outfit on Thursday issued an
alert about six flaws in popular health care devices that could affect device
functionality, expose patients’ health information or create other
vulnerabilities. DHS’ Cybersecurity and Infrastructure Security Agency detailed
the six vulnerabilities, known collectively as “MDhex,” lurking in medical
technology manufactured by GE Healthcare. The issues exist in GE’s line of
CARESCAPE patient monitors, including some versions of the Central Information
Center product, the Apex Telemetry Server/Tower, the Central Station, a
Telemetry Server and three monitor products (the B450, B650 and B850) that
display vital patient information to hospital professionals. No known public
exploits specifically target these vulnerabilities, CISA said in its alert.
Five of the vulnerabilities were assigned a severity score of 10 on a scale of
1-10, while the sixth was rated an 8.5 on the National Infrastructure Advisory
Council’s system. The New York-based security firm CyberMDX first found the
issues.
KGW
January 23,
2020
Tillamook
County has called in a forensic team to figure out what caused a virus to shut
down their computers. Systems were infected with malware causing all computer
systems and phones to stop working. The issue was first noticed Wednesday
morning and IT staff immediately shut down computers hoping to stop the spread
of the virus. County websites were unavailable as of Thursday evening and
phones went straight to voicemail. "It's unusual that you come to work and
you can't get on a computer," said Lt. Gordon McCraw with the Tillamook County
Sheriff's Office. "Much of what we do is computer generated. So, again all
we can do is set back and wait and see and learn from it."
Gov Info
Security
January 23,
2020
The U.S.
Cybersecurity and Infrastructure Security Agency on Wednesday warned that it's
seen a surge in targeted attacks using a sophisticated strain of malware called
Emotet. "Heads up! We're tracking a spike in Emotet and re-upping
defensive guidance," Chris Krebs, CISA's director, said on Wednesday.
While Emotet started life as a banking Trojan, over the past five years,
developers have added additional functionality, including making the malware a
dropper - aka downloader - so that it can be used to install additional
malicious code on endpoints it's infected, as well as giving it the ability to
scrape victims' PCs for contact information. In addition, other attackers have
increasingly rented Emotet botnets to install other malware, including Trickbot
and various strains of ransomware. Now, CISA says it's seeing a fresh surge in
attacks.
ZDNet
January 23,
2020
Two New
York state senators have proposed two bills last week to ban local
municipalities and other government entities from using taxpayer money for
paying ransomware demands. The first bill (S7246) was proposed by Republican NY
Senator Phil Boyle on January 14. The second bill (S7289) was introduced by
Democrat NY Senator David Carlucci, two days later, on January 16. Both bills
are under discussion in committee, and is unclear which will move forward to a
vote on the Senate floor. Both S7246 and S7289 have similar texts. The only
difference between the two is that S7246 also proposes the creation of a state
fund to help local municipalities improve their cyber-security posture.
NPR
January 22,
2020
A district
encompassing Greater Seattle is set to become the first in which every voter
can cast a ballot using a smartphone — a historic moment for American democracy.
The King Conservation District, a state environmental agency that encompasses
Seattle and more than 30 other cities, is scheduled to detail the plan at a
news conference on Wednesday. About 1.2 million eligible voters could take
part. The new technology will be used for a board of supervisors election, and
ballots will be accepted from Wednesday through election day on Feb. 11.
"This is the most fundamentally transformative reform you can do in
democracy," said Bradley Tusk, the founder and CEO of Tusk Philanthropies,
a nonprofit aimed at expanding mobile voting that is funding the King County
pilot. But the move is sure to polarize the elections community as
democracy-watchers across the country debate the age-old push-and-pull between
voting access and voting security.
Nextgov
January 22,
2020
Two
documents published in the Federal Register within the last week highlight how
the Treasury Department is embracing a more active role for itself in
protecting critical infrastructure in the financial sector from cybersecurity
attacks, including by promoting industry’s perspective. Treasury’s Office of
Cybersecurity and Critical Infrastructure Protection will take comments through
March 23 on a proposal issued Wednesday toward identifying “cybersecurity and
operational risks to and interdependencies within U.S. financial services
sector critical infrastructure and to work collaboratively with industry and
interagency partners to develop risk management and operational resilience
initiatives.” Under the Paperwork Reduction Act, the office can currently only
collect information from a maximum of nine companies at a time, a senior cyber
policy advisor for Treasury explained. If approved, OCIP’s proposal would allow
Treasury to engage with a broader array of stakeholders and to have a written record
in response to questionnaires the department hopes to issue in the future.
“Part of our mission space is looking at the implementation of best
practices,” Treasury official Elizabeth Irwin told Nextgov, noting the National
Institute of Standards and Technology’s Cybersecurity Framework is one such
example.
CyberScoop
January 22,
2020
The market
for previously unknown, or zero-day, software exploits has come out of the
shadows in recent years as exploit brokers openly advertise million-dollar
payouts. But while zero-day brokers like Zerodium and Crowdfense sometimes
outline the types of exploits they buy — whether for mobile or desktop devices
— much less has been said about the market for exploits that affect industrial
control systems (ICS), which support critical infrastructure sectors like
energy and transportation. Sarah Freeman, an analyst at the Department of
Energy’s Idaho National Laboratory, is trying to help fill that void in data
and, in the process, show how the ICS exploit market can be a bellwether for
threats. Freeman’s hypothesis was that “if you track these bounties, you can
use them as precursors or tripwires for future adversary activity.” She argues
that current tallies of zero-day exploits with ICS implications are
undercounted. In the first quarter of 2019, for example, Crowdfense categorized
just 2% of the zero-days it bought as ICS exploits. But that figure doesn’t
account for how exploits targeting various technology and operating systems can
affect ICS, she said. “The market for [software exploits], writ large, is
growing,” she said Tuesday during a presentation of her research at S4, an ICS
security conference in Miami Beach. And within that market, there are signs
that ICS-relevant exploits are growing, too.
Nextgov
January 22,
2020
A coalition
for secure elections sent a letter to Attorney General William Barr Wednesday,
criticizing the AG for recent comments he made calling on companies to create a
“backdoor” through encryption. The letter, published by the Project on
Government Oversight, warns such backdoors—even if expressly for use by law
enforcement—would weaken the security of encrypted services and devices,
“opening the door” for hackers to harm users. “While encryption does not
guarantee safety from all forms of malicious hacking, it is a vital safeguard
to minimize risk. The Department of Justice has previously asked companies to
create a ‘backdoor’ through encryption that would be accessible to law
enforcement—but it is simply not possible to create a ‘backdoor’ that could not
also be accessed by malicious hackers,” the letter states. The letter follows
pressure from the Justice Department on companies like Apple and Facebook to
provide law enforcement backdoor access to systems if permitted under a
warrant. Apple has refused to unlock encrypted iPhones for the FBI going back
several years, and the issue took renewed importance last week after Barr
called on Apple to unlock two phones used by a gunman at a naval air station in
Pensacola, Fla.
CyberScoop
January 22,
2020
The Secret
Service has recently hand-picked a small group of private-sector cybersecurity
experts to advise the agency’s investigations team on how it can better take
down cybercriminals, CyberScoop has learned. The council, which will be known
as the “Cyber Investigations Advisory Board” (CIAB), will aim to “provide
Secret Service’s Office of Investigations with outside strategic input for the
agency’s investigative mission, including insights on the latest trends in
cybercrime, financial crime, technology, and investigative techniques,”
according to an internal Secret Service Electronic Crimes Task Force Bulletin.
The 16-member federal advisory committee (FAC) will be the first one ever for
the investigative unit, which focuses on financial crimes such as
counterfeiting, card-skimming and other forms of fraud. Previous FACs all have
been established for the Secret Service’s more widely known protection mission,
which provides security for U.S. presidents and other dignitaries.
WRVO
January 22,
2020
Board of
elections commissioners in central New York met with federal cybersecurity
officials to talk about what issues and vulnerabilities they face leading up to
the 2020 election. Rep. John Katko (R-Camillus) said New York is much further
ahead in election cybersecurity than other states. Katko said the
misinformation campaign on social media that was launched during the 2016
presidential election was designed to influence and create mistrust in the
system. Bringing together local elections commissioners and federal
cybersecurity officials is meant to build back trust. "There has never
been any proof of anything nationwide, anywhere, where the 2016 or any other
hacks since then into the election systems, has resulted in changing the voting
numbers," Katko said. "It's undermining the confidence. It's making
it more difficult to vote." Katko praised New York State for how it's
handling election cybersecurity. All of the state’s election districts are
tuned into a federal information sharing database that only 25% of election
districts across the country are participating in. All that information can
sometimes overwhelm smaller counties. New York also has paper ballot backups.
"So, even if there is a ransomware attack or cyberattack, I don't think
it's going to undermine the impact of the election results," Katko said.
Fast
Company
January 21,
2020
The
entrance to the radiofrequency isolation chamber, near the middle of the
Lefkowitz Building in lower Manhattan, looks like an artifact from the Apollo
program, shielded by two airtight, metallic doors that are specially designed
to block electromagnetic waves. Inside the room, against one wall, are dozens
of Apple iPhones and iPads in various states of disrepair. Some have cracked
glass fronts or broken cases. Others look like they’ve been fished out of a
smoldering campfire. Of course, the devices are not there to be fixed. They are
evidence confiscated during the commission of alleged crimes. The district
attorney of Manhattan, Cyrus Vance Jr., and the city’s cybercrime unit have
built this electronic prison for a very specific purpose: to try, using brute
force algorithms, to extract the data on the phones before their owners try to
wipe the contents remotely. Welcome to ground zero in the encryption battle
between state and federal law enforcement officials on one side, and trillion-dollar
tech giants Apple and Google on the other. About five years ago, with the
introduction of its iOS8 operating system, Apple decided to encrypt all of its
mobile devices—protecting both consumers and criminals from prying eyes. Google
quickly followed suit, locking down its Android devices. The result has been an
escalating cat and mouse game between Washington and Silicon Valley, with
prosecutors like Vance trying to break into the phones, and Apple and Google
racing to stop them.
Nextgov
January 21,
2020
Four years
after the enactment of the Cybersecurity Information Sharing Act of 2015, a
joint inspectors general survey of seven financial-sector agencies’ efforts to
implement the law reflects significant irregularities in steps taken to share
cyber threat indicators and defensive measures with their fellow federal
agencies and non-federal entities. The Office of the Chief Information Officer
“does not have the resources, fiscal funds, or technical capabilities to
implement a sharing of CTIs and DM program,” the National Credit Union
Administration told the Council of Inspectors General on Financial Oversight in
a Jan. 15 memo. The CISA law promised to shield private-sector entities from
liability if they shared such information through the Department of Homeland
Security’s Automated Indicator Sharing system and required federal agencies to
implement policies to likewise share information the government had access to
with the private sector. The idea was that this would lay the foundation for a
stronger collective defense, but companies are still skittish, fearing the
protections aren’t enough to shield them from regulators, and as the new survey
shows, government entities are also constrained by the classification levels
attached to threat information by intelligence agencies. The survey of the
financial sector agencies—which, in addition to the NCUA, included the Board of
Governors of the Federal Reserve System, the Bureau of Consumer Financial
Protection, the Commodity Futures Trading Commission, Federal Deposit Insurance
Corporation, the Federal Housing Finance Agency, and the Securities and
Exchange Commission—gives insight into challenges the larger federal government
might be facing, under pressure to share more of its information with
private-sector partners.
CyberScoop
January 21,
2020
U.S.
government documents made public Tuesday show that while a U.S. Cyber Command
operation that disrupted ISIS computer networks was largely successful, there
were significant shortcomings, including operators having trouble collecting
data, interagency deconfliction issues, difficulty vetting targets, and, in at
least one case, a close call with the operation being discovered by the
adversary. The documents, shared with CyberScoop via George Washington
University’s National Security Archive, show how the command has faced
significant internal hurdles as Pentagon leadership has pushed Cyber Command to
grow into a well-respected force since its creation in 2009. They include
briefings on how Cyber Command measured the effectiveness of Operation Glowing
Symphony, a mission carried out in 2016 that was meant to isolate and destroy
ISIS networks used to spread the terrorist group’s propaganda. The documents
show the gaps needed for the U.S. government to scale and expand its offensive
cyber missions beyond ISIS to countering other adversaries like Russia, Iran,
China, and North Korea.
The
Washington Post
January 17,
2020
A senior
Justice Department official on Friday said he saw an increasing willingness on
Capitol Hill to pass legislation requiring tech companies to make their
encrypted devices accessible to law enforcement, saying “the ground is as
fertile as ever” for such action. Assistant Attorney General John Demers
declined to disclose “how far along we are on a decision to seek legislation”
but leaned forward on the issue. “I’ve never seen the atmosphere here in D.C.
to be so conducive to passing some kind of encryption legislation or lawful
access legislation as it is today,” Demers said during a discussion at the
Wilson Center. His remarks come in the wake of last month’s shooting at a naval
base in Pensacola, Fla., that killed three people and led the FBI earlier this
month to ask Apple for help opening two iPhones that belonged to the Saudi
shooter. This week, U.S. Attorney General William P. Barr raised the issue
again, accusing Apple of failing to provide “substantial assistance” and
calling on the firm “to help us find a solution” to locked devices.
INDUSTRY
CyberScoop
January 24,
2020
t least one
insurance company will cover the costs from a cyberattack against one of its
clients. A Maryland federal judge on Thursday ruled that an Ohio insurer must
cover the costs following a ransomware attack that forced a client to replace
much of its technology. State Auto Property & Casualty Insurance is on the
hook for losses incurred by National Ink & Stitch, a Maryland screen
printing business, after a 2016 hack resulted in “direct physical loss or
damage” of National Ink & Stitch’s property. No dollar figure has been set
yet. The embroidery company had sought $310,000 in damages from State Auto,
which has a $1.3 billion market cap. The summary judgment decision from Judge
Stephanie A. Gallagher, of the U.S. District Court of Maryland, comes amid
ongoing skepticism with the way insurance companies have waded into data
security incidents, which are difficult to predict.
Gov Info
Security
January 24,
2020
Hackers who
may have ties to Iran have recently turned their attention to the European
energy sector, using open source tools to target one firm's network as part of
an cyberespionage operation, according to the security firm Recorded Future.
The precise goal of the campaign that the Recorded Future analysts describe in
a report released Thursday is not clear, although other studies have found that
several Iranian-backed advanced persistent threat groups have targeted U.S. and
European businesses connected to the energy sector over the last several years
- before the tensions between the U.S. and Iran recently heated up. In the
incident described by Recorded Future, hackers targeted a company described as
"a key organization in the European energy sector." The researchers
believe the attack started several months before the Jan. 2 death of Major
General Qasem Soleimani, leader of the foreign wing of Iran's Islamic
Revolutionary Guard Corps, in a U.S. drone strike in Iraq.
Ars
Technica
January 23,
2020
Almost two
years have passed since the appearance of Shlayer, a piece of Mac malware that
gets installed by tricking targets into installing fake Adobe Flash updates. It
usually does so after promising pirated videos, which are also fake. The lure
may be trite and easy to spot, but Shlayer continues to be common—so much so
that it’s the number one threat encountered by users of Kaspersky Labs’
antivirus programs for macOS. Since Shlayer first came to light in February
2018, Kaspersky Lab researchers have collected almost 32,000 different variants
and identified 143 separate domains operators have used to control infected
machines. The malware accounts for 30 percent of all malicious detections
generated by the Kaspersky Lab’s Mac AV products. Attacks are most common
against US users, who account for 31 percent of attacks Kaspersky Lab sees.
Germany, with 14 percent, and France and the UK (both with 10 percent)
followed. For malware using such a crude and outdated infection method, Shlayer
remains surprisingly prolific.
CyberScoop
January 23,
2020
Jason
Larsen was tired of hearing about the skills of Russian-linked hackers,
particularly those who cut power in parts of Ukraine in 2015 and 2016. These
were groundbreaking and worrying attacks, he thought to himself, but giving the
attackers too much credit makes defending against them more complicated than it
needs to be. So Larsen, a researcher at cybersecurity company IOActive, broke
into the substation network of a European electric utility using one of the
Russian hackers’ techniques. The first segment of the attack — gaining root
access on some firmware— took him 14 hours. He took notes by the hour and
shared them with the distribution utility, one of his clients, to improve their
defenses.
Computer
Weekly
January 23,
2020
The
criminal group responsible for the cyber attack that has disrupted high-street
banks and the foreign currency exchange chain Travelex for more than three
weeks has launched what has been described as a “massive cyber attack” on a
German automotive parts supplier. Parts manufacturer Gedia Automotive Group,
which employs 4,300 people in seven countries, said today that the attack will
have far-reaching consequences for the company, which has been forced to shut
down its IT systems and send staff home. The 100-year-old company, which has
its headquarters in Attendorn, said in a statement posted on its website that
it would take weeks or months before its systems were fully up and running.
Gedia posted the statement on its website after the criminal group behind the
Sodinokibi ransomware attack on Travelex claimed responsibility for the attack
on an underground web forum.
ZDNet
January 22,
2020
Malicious
hackers are targeting factories and industrial environments with a wide variety
of malware and cyberattacks including ransomware, cryptocurrency miners – and
in some cases they're actively looking to shut down or disrupt systems. All of
these incidents were spotted by researchers at cybersecurity company Trend
Micro who built a honeypot that mimicked the environment of a real factory. The
fake factory featured some common cybersecurity vulnerabilities to make it appealing
for hackers to discover and target. To help make the honeypot as convincing as
possible, researchers linked the desktops, networks and servers to a false
company they called MeTech and created a website detailing how the manufacturer
served clients in high-tech sectors including defence and aerospace – popular
targets for hacking.
Reuters
January 21,
2020
Apple Inc
dropped plans to let iPhone users fully encrypt backups of their devices in the
company’s iCloud service after the FBI complained that the move would harm
investigations, six sources familiar with the matter told Reuters. The tech
giant’s reversal, about two years ago, has not previously been reported. It
shows how much Apple has been willing to help U.S. law enforcement and
intelligence agencies, despite taking a harder line in high-profile legal
disputes with the government and casting itself as a defender of its customers’
information. The long-running tug of war between investigators’ concerns about
security and tech companies’ desire for user privacy moved back into the public
spotlight last week, as U.S. Attorney General William Barr took the rare step
of publicly calling on Apple to unlock two iPhones used by a Saudi Air Force
officer who shot dead three Americans at a Pensacola, Florida naval base last
month.
Japan Times
January 20,
2020
Mitsubishi
Electric Corp. said Monday it was hit by a massive cyberattack and that information
on government agencies and business partners may have been compromised, with a
Chinese group believed behind the attack. A key player in Japan’s defense and
infrastructure industries, the company said email exchanges with the Defense
Ministry and Nuclear Regulation Authority, as well as documents related to
projects with firms including utilities, railways, automakers and other firms
may have been stolen. It also said personal data on over 8,000 people,
including employees, retirees and job-seekers, had been endangered. Highly
sensitive information on defense, electricity or other infrastructure
operations, however, was not breached, it said. The personal data was related
to 1,987 new graduates who were seeking to enter the firm between October 2017
and April 2020, as well as others who sought jobs between 2011 and 2016.
Gov Info
Security
January 20,
2020
Microsoft
says it's prepping a patch to fix a memory corruption flaw in multiple versions
of Internet Explorer that is being exploited by in-the-wild attackers. In a
security alert issued on Friday, Microsoft says the vulnerability - designated
CVE-2020-0674 - is present in IE9 running on Windows Server 2008, IE10 running
on Windows Server 2012 and IE11 running on Windows 7, 8.1, RT 8.1, 10 and
Server 2019, among other operating systems. Microsoft warns that the flaw is
already being exploited in "limited, targeted attacks." It's issued
no timeline for when a patch will be published, although it notes that it
prefers to release security updates on the second Tuesday of every month, as
part of its monthly "Patch Tuesday" batch of fixes. Hence Feb. 11
seems a likely date for a security update to appear.
Ars Technica
January 20,
2020
On January
19, Citrix released some permanent fixes to a vulnerability on the company's
Citrix Application Delivery Controller (ADC) and Citrix Gateway virtual private
network servers that allowed an attacker to remotely execute code on the
gateway without needing a login. The vulnerability affects tens of thousands of
known VPN servers, including at least 260 VPN servers associated with US
federal, state, and local government agencies—including at least one site
operated by the US Army. The patches are for versions 11.1 and 12.0 of the
products, formerly marketed under the NetScaler name. Other patches will be
available on January 24. These patches follow instructions for temporary fixes
the company provided to deflect the crafted requests associated with the
vulnerability, which could be used by an attacker to gain access to the
networks protected by the VPNs. Fermin J. Serna, chief information security
officer at Citrix, announced the fixes in a blog post on Sunday. At the same
time, Serna revealed that the vulnerability—and the patches being released—also
applied to Citrix ADC and Citrix Gateway Virtual Appliances hosted on virtual
machines on all commercially available virtualization platforms, as well as
those hosted in Azure, Amazon Web Services, Google Compute Platform, and Citrix
Service Delivery Appliances (SDXs).
INTERNATIONAL
AP
January 24,
2020
The Greek
government said Friday that the official state websites of the prime minister,
the national police and fire service and several important ministries were
briefly disabled by a cyberattack but have been restored. Government spokesman
Stelios Petsas said early Friday that the distributed denial-of-service or DDoS
attack “led to the malfunction of certain websites.” He said “countermeasures”
had been successfully implemented, but gave no further details. Along with the
prime minister’s website, targets in the attack late Thursday included the
websites of the ministries of public order, interior, foreign affairs, and
merchant marine, as well as the Greek Police and Fire Service.
AP
January 23,
2020
Cybersecurity
experts said Thursday there were still many unanswered questions from an
investigation commissioned by Jeff Bezos that concluded the billionaire’s
cellphone was hacked, apparently after receiving a video file with malicious
spyware from the WhatsApp account of Saudi Arabia’s crown prince. The experts
said the evidence in the privately commissioned report does not show with
certainty that Bezos’ phone was actually hacked, much less how it was
compromised or what kind of malware was used. The report on the investigation,
which was managed by FTI Consulting and overseen by Anthony Ferrante, a former
head of the FBI’s Cyber Division, was made public Wednesday. The report’s
conclusions drew heavily from the unusually high volume of data that left
Bezos’ iPhone X within 24 hours of receiving the video file from Prince
Mohammed’s WhatsApp account on May 1, 2018, a month after the two exchanged
phone numbers. The size of the file, the investigators suggested, indicated a
malware payload may have been included. Cybersecurity experts said that while it
was likely a hack occurred, the investigation did not prove that definitively.
“In some ways, the investigation is very incomplete. … The conclusions they’ve
drawn I don’t think are supported by the evidence. They veered off into
conjecture,” said Robert Pritchard, the director of U.K.-based consultancy
Cyber Security Expert.
Reuters
January 23,
2020
British
officials have proposed granting Huawei a limited role in the UK’s future 5G
network, resisting U.S. calls for a complete ban over fears of Chinese spying,
two people with knowledge of the matter told Reuters. The recommendation, made
at a meeting of officials from senior government departments on Wednesday,
comes ahead of a meeting of Britain’s National Security Council next week to
decide how to deploy Huawei equipment, the sources said. The officials proposed
barring Huawei from the sensitive, data-heavy “core” part of the network and
restricted government systems, closely mirroring a provisional decision made
last year under former Prime Minister Theresa May. “The technical and policy
guidance hasn’t changed,” said one of the sources, who spoke on condition of
anonymity to discuss private conversations. “Now it is down to a political
calculation.” A spokesman for prime minister Boris Johnson said: “The work on the
issue of high risk vendors in the 5G network remains ongoing and when it is
completed it will be announced to parliament.”
Financial
Times
January 22,
2020
A US
businessman believes that the sovereign wealth fund of one of the seven United
Arab Emirates was responsible for hacking his emails, the High Court in London
was told on Wednesday. Farhad Azima’s allegation forms part of a civil lawsuit
involving him and the Ras al Khaimah Investment Authority (RAKIA), the
sovereign wealth fund of Ras al Khaminah. RAKIA denies hacking Mr Azima’s
emails and is suing Mr Azima for £3.7m, alleging fraudulent misrepresentation
and breach of contract relating to joint business ventures and commission
allegedly paid over a hotel sale. It also alleges that Mr Azima orchestrated a
media “campaign of denigration” against the ruler of RAK. Mr Azima denies any
wrongdoing and is defending the case. He has launched a counterclaim against
RAKIA, claiming it was responsible for hacking a large cache of his emails,
which were published online in 2016. The London trial began on Monday as it
emerged that experts hired by Amazon founder Jeff Bezos concluded that a
What’sApp account used by Saudi Crown Prince Mohammed bin Salman was involved
in a 2018 hack of Mr Bezos’s phone. Saudi Arabia has denied the claim.
AP
January 21,
2020
Prosecutors
accused U.S. journalist Glenn Greenwald on Tuesday of involvement in hacking
the phones of Brazilian officials involved in a corruption investigation,
though Brazil’s high court had blocked investigations of the journalist or his
Brazil-based news outlet in relation to the case. A federal judge would have to
give approval to lodging a formal charge based on the allegations by prosecutor
Wellington Divino Marques de Oliveira in the capital of Brasilia that Greenwald
helped a group of six people that hacked into phones of hundreds local
authorities. De Oliveira accuses Greenwald of criminal association and illegal
interception of communications. He charges the six alleged hackers with
criminal organization, money laundering, cybercrimes and illegal interception
of communications. Brazil’s federal police looked at the same evidence and did
not find any wrongdoing by Greenwald. A ruling by Supreme Court Justice Gilmar
Mendes later barred investigations of Greenwald and his The Intercept Brasil in
relation to the alleged hacking. Prosecutors decided to recommend charges
against the journalist anyway.
The
Guardian
January 21,
2020
Britain’s
cyber-defences are being endangered by the outdated Computer Misuse Act, which
prevents investigators from dealing effectively with online threats while
over-punishing immature defendants, according to a legal report. Thirty years
after hacking became a criminal offence, a study by the Criminal Law Reform Now
Network (CLRNN) calls for urgent revision of the legislation governing illegal
access to computers, denial of service attacks and other digital crimes. The
144-page review, led by academic lawyers at Birmingham and Cambridge
universities, argues that the 1990 Computer Misuse Act is “crying out for
reform” and must develop public interest defences for hacking. The report,
Reforming the Computer Misuse Act, identifies problems of enforcement and legal
obstructions that expose the UK’s economy and critical infrastructure to “harm
by cybercriminals and hostile nation states”. Wide-ranging changes are needed,
the report stresses, to create a legislative regime that is “fit for purpose –
allowing ethically motivated cyber defenders, security researchers and
journalists to pursue their work with greater legal certainty, while improving
the ability of the state to identify, prosecute and punish those acting against
the public interest”.
TECHNOLOGY
Wired
January 23,
2020
On a small,
blue-lit stage in a dim side room of the Fillmore Theater in Miami on Tuesday,
three men sat behind laptops in front of a small crowd. Two of them nervously
reviewed the commands on a screen in front of them. Steven Seeley and Chris
Anastasio, a hacker duo calling themselves Team Incite, were about to attempt
to take over the Dell laptop sitting a few inches away by targeting a very
particular piece of software it was running: A so-called human-machine
interface, sold by the industrial control systems company Rockwell Automation.
Rockwell HMIs appear in industrial facilities around the world, used for
manipulating the physical equipment in everything from car washes to nuclear
plants. In other words, a hacker can do very dangerous things if they manage to
hijack one. A soft beep signaled that a five-minute countdown timer had
started. Seeley hit the enter key on his keyboard. A tense 56 seconds passed as
the hackers looked back and forth at their screens and the target. Finally,
they both flashed a relieved smile. Seeley mimed wiping sweat from his brow.
The third person on the stage, a gruff-looking bald man with a goatee, turned
the Dell around, à la Vanna White, revealing the laptop was now running
Microsoft Paint. The room broke into applause. Seeley and Anastasio had just
pulled off the first full takeover of a computer at this week's Pwn2Own, the latest
round of the world's biggest hacking competition—so named because the hackers
get to take home the computers they "pwn," cybersecurity slang for
"hack" or "control."
Ars
Technica
January 21,
2020
Internet
routers running the Tomato alternative firmware are under active attack by a
self-propagating exploit that searches for devices using default credentials.
When credentials are found and remote administration has been turned on, the
exploit then makes the routers part of a botnet that’s used in a host of online
attacks, researchers said on Tuesday. The Muhstik botnet came to light about
two years ago when it started unleashed a string of exploits that attacked
Linux servers and Internet-of-things devices. It opportunistically exploited a
host of vulnerabilities, including the so-called critical Drupalgeddon2
vulnerability disclosed in early 2018 in the Drupal content management system.
Muhstik has also been caught using vulnerabilities in routers that use Gigabit
Passive Optical Network (GPON) or DD-WRT software. The botnet has also
exploited previously patched vulnerabilities in other server applications,
including the Webdav, WebLogic, Webuzo, and WordPress. On Tuesday, researchers
from Palo Alto Networks said they recently detected Muhstik targeting Internet
routers running Tomato, an open-source package that serves as an alternative to
firmware that ships by default with routers running Broadcom chips. The ability
to work with virtual private networks and provide advanced quality of service
control make Tomato popular with end users and in some cases router sellers.
