US charges four Chinese military hackers in 2017 Equifax breach
The
hackers spent weeks in the Equifax system, breaking into computer
networks, stealing company secrets and personal data, Attorney General
William Barr said.
Chinese government leans on City of Perth to shut down lawful protests
The
Chinese Consulate in WA has contacted the City of Perth on "multiple
occasions" in attempts to stop lawful protests by Falun Gong
practitioners.
US charges four Chinese military hackers in 2017 Equifax breach
The
hackers spent weeks in the Equifax system, breaking into computer
networks, stealing company secrets and personal data, Attorney General
William Barr said.
Shorten says Centrelink is increasingly targeting vulnerable ...
Robodebt revelations hit new low
'It's like camping': North shore residents told outage could last all week
Residents
without power in Sydney's north and the Central Coast have been told
they could be waiting until Friday for it to be restored.
Nextgov
February 7,
2020
A
bipartisan report released Thursday by the Senate Intelligence Committee says
that the Obama administration mounted an insufficient response to Russia’s
election interference in 2016, but that its failures were “understandable”
because the government lacked information and had limited policy options at the
time. The panel recommended that the government develop specific responses to
foreign influence campaigns to better safeguard against future incursions, and
integrate those efforts across agencies and with the governments of other
countries contending with Russian aggression. Its report also said the
president must be more direct with the American public about the nature of such
threats, and “separate himself or herself from political considerations” when
handling these issues. “These steps should include explicitly putting aside
politics when addressing the American people on election threats and marshaling
all the resources of the U.S. Government to effectively confront the threat,”
the report states.
CyberScoop
February 7,
2020
The
cybersecurity wing of the Department of Homeland Security must “urgently
finalize” its plans to protect the 2020 presidential election, a government
watchdog agency said in a new report released Thursday. The Cybersecurity and
Infrastructure Security Agency (CISA) provides state and local election
officials with federal assistance, education and information sharing about how
to safeguard U.S. voting infrastructure from possible interference. Despite
three years of work meant to improve security, CISA still is “not
well-positioned to execute a nationwide strategy for securing election
infrastructure prior to the start of the 2020 election cycle,” according to a
Government Accountability Office (GAO) report published Thursday. Most notably,
CISA has not created clear plans to respond to a possible Election Day security
incident in which state and local response capabilities were exhausted,
according to the GAO report. The audit also determined that CISA had failed to
address challenges it experienced in 2018, including an inability of security
personnel to access social media websites from situational awareness rooms, a
weak point in countering possible disinformation efforts. “While CISA
identified challenges related to its prior efforts, it has not developed plans
to address them,” GAO noted in its 47-page report.
The
Washington Post
February 6,
2020
A
bipartisan report released Thursday by the Senate Intelligence Committee says
that the Obama administration mounted an insufficient response to Russia’s
election interference in 2016, but that its failures were “understandable”
because the government lacked information and had limited policy options at the
time. The panel recommended that the government develop specific responses to
foreign influence campaigns to better safeguard against future incursions, and
integrate those efforts across agencies and with the governments of other
countries contending with Russian aggression. Its report also said the
president must be more direct with the American public about the nature of such
threats, and “separate himself or herself from political considerations” when
handling these issues. “These steps should include explicitly putting aside
politics when addressing the American people on election threats and marshaling
all the resources of the U.S. Government to effectively confront the threat,”
the report states.
The Hill
February 6,
2020
Oregon Sen.
Ron Wyden (D) is calling on the state's secretary of State to work with him to
address threats he said are posed by allowing some residents to vote via
“insecure” electronic methods. “We share a common goal of making it easier for
Oregonians serving in the military or otherwise living overseas to vote,” Wyden
wrote in a letter Thursday to Oregon Secretary of State Bev Clarno. “I look
forward to working with you to explore ways to do so, including, if
appropriate, introducing federal legislation to provide states with additional
resources. However, the security and integrity of Oregon’s elections must
always come first,” he added. Oregon is one of 24 states that permit overseas
and military voters to return marked ballots over the internet. Wyden said the
methods pose threats to secure elections. He cited concerns laid out by
cybersecurity experts in a 2018 National Academy of Sciences Report, which he
urged Clarno to share with local officials across the state. “Russia’s 2016
campaign to meddle in our elections demonstrated the urgency of states doing
everything in their power to secure Americans’ votes from hacking,” Wyden said.
“Continuing to permit the use of internet voting — against the advice of
cybersecurity experts — is simply asking for trouble.”
FCW
February 5,
2020
FBI
Director Christopher Wray declined to say whether he would endorse legislation
that would create a pathway for law enforcement to access encrypted apps and
devices. At a Feb. 5 House Judiciary Committee hearing, Wray was asked by Rep.
Matt Gaetz (R-Fl.) if there is any "meaningful legislation that Congress
should consider so that technology partners have a yellow brick road to work
with the government" on encryption. Wray did not rule of the possibility
but stopped short of calling for Congress to draft such a bill, beyond saying
it was a decision "that should be made by the American people through
their elected representatives, not through one company making a business
decision on behalf of all of us." "Whether it's done by legislation
or done by the companies doing it voluntarily, I think we have to find a
solution," said Wray, later adding that "there are some countries that
have already passed legislation of a sort that you are referring to – Australia
for example."
CSO
February 4,
2020
Distracted
by high-profile developments, gridlocked by partisan resentment, and
time-crunched due to the election year, Congress is nevertheless swinging into
gear on specific cybersecurity issues, Washington insiders told attendees at
Shmoocon 2020 this past weekend. Among the top items that Congress might tackle
are new subpoena powers to address critical infrastructure threats, a
big-picture policy report, and copyright law exemptions that protect security
researchers. Congressional interest in cybersecurity has escalated over the
past decade, the panelists agreed. "Congress members are aware of a
challenge. They want to do something to fix it," Nick Leiserson,
legislative director to Congressman Jim Langevin (D-RI), a senior member of the
House Armed Services and Homeland Security Committees, said. "There is
engagement, and that is very important. That is a change that is not where we
were ten years ago when my boss was being looked at [oddly] by his colleagues.
You know, they were like, 'Here's the tinfoil hat, Jim,'" he said.
FCW
February 4,
2020
The
Department of Homeland Security previewed new plans to patrol federal networks
for cybersecurity compliance in relpy comments to an oversight report released
Feb. 4. The Government Accountability Office report reviewed the department's
use of Binding Operational Directives (BOD) to improve baseline federal
civilian cybersecurity practices. While the overall findings were largely
favorable to DHS and its component, the Cybersecurity and Infrastructure
Security Agency, it did find gaps in the department's ability to validate
agencies who largely self-report their compliance. In an attached reply, a DHS
official concurred with those finding and outlined plans to develop a
risk-based strategy and two existing programs, Continuous Diagnostics and
Mitigation and CyberStat, to better validate whether agencies are complying with
directives.
ADMINISTRATION
Nextgov
February 7,
2020
Representatives
from top tech and telecom companies are responding to an attempt by Attorney
General William Barr to throw cold water on the leading proposal policymakers
have made to date for averting reliance on Chinese telecom giant Huawei in 5G
networks. Barr proposed the U.S. “through ownership of a controlling stake,
either directly or through a consortium of American and allied companies” align
itself with Nokia or Ericsson instead of a White House-backed plan to develop
an interoperable, software-defined network. “The problem is that this is a pie
in the sky,” Barr said at an event Thursday hosted by the Center for Strategic
and International Studies. “The software industry has a long history of turning
so-called ‘pie-in-the-sky’ ideas into innovative, practical solutions,” Tommy
Ross, senior director of policy for BSA | The Software Alliance, told Nextgov.
“Attempting to artificially pick winners and losers often proves ineffective in
the face of rapidly evolving technologies and consumer demands.”
ProPublica
February 5,
2020
A glitch in
the smartphone app used to count and report votes from individual precincts
continues to delay results from Monday’s Iowa caucuses. But a closer look shows
that the app had a potentially graver problem that apparently did not come into
play: its vulnerability to hacking. The IowaReporterApp was so insecure that
vote totals, passwords and other sensitive information could have been
intercepted or even changed, according to officials at Massachusetts-based
Veracode, a security firm that reviewed the software at ProPublica’s request.
Because of a lack of safeguards, transmissions to and from the phone were left
largely unprotected. Chris Wysopal, Veracode’s chief technology officer, said
the problems were elementary. He called it a “poor decision” to release the
software without first fixing them. “It is important for all mobile apps that
deal with sensitive data to have adequate security testing, and have any
vulnerabilities fixed before being released for use,” he said.
FCW
February 5,
2020
The
Departments of Energy, Homeland Security and Defense have extended their joint
effort to develop common cyber threat indicators and cyber defense capabilities
to protect critical infrastructure in the energy sector. The agencies signed a
new memorandum of understanding to develop common, cross-agency threat data and
to collaborate on cyberattack response playbooks for energy infrastructure
stakeholders. The MOU extends the Pathfinder information sharing effort for
critical infrastructure sectors among the agencies begun in 2018. "Through
this agreement, we will strengthen the partnership between DOE, DHS, and DOD to
enable intergovernmental cooperation and bolster our ability to proactively
address cyber threats to critical energy infrastructure, and to respond
effectively should those threats materialize," Karen Evans, DOE's
assistant secretary of cybersecurity, energy security and emergency response,
said in a Feb. 3 statement. Bryan Ware, assistant director for cybersecurity at
DHS' Cybersecurity and Infrastructure Security Agency, said the agreement will
help develop threat indicators and warnings that can cross multiple national
critical functions, enhance cyber threat information sharing and expedite
response.
FedScoop
February 5,
2020
The
Department of Defense remains on alert for retaliation in cyberspace for a U.S.
attack that killed a top Iranian general. But security experts and federal
officials warn that Iran could target the military another way — through
potentially vulnerable defense contractors. Weak cybersecurity practices in the
complex DOD supply chain could make those companies attractive targets if Iran
wanted to strike a measurable blow against the U.S., experts said at a panel
Tuesday on Iranian cyberattacks hosted by the Institute for Critical
Infrastructure Technology. Nation-states like China already have shown such is
possible, siphoning billions of dollars from the defense industry through the
digital theft of intellectual property. “In the cyber realm, Iran is more likely
to act out now,” said Jamil Jaffer, vice president of strategy at IronNet
Cybersecurity and a former Department of Justice official. Iran is on the short
list of countries known for harboring or sponsoring advanced persistent threat
(APT) groups tied to sophisticated cyber-operations.
The
Washington Post
February 4,
2020
Federal
prosecutors on Tuesday opened their case against a former CIA software engineer
they say leaked a massive trove of the agency's secret hacking tools to take
revenge on his former colleagues and bosses. Joshua Schulte, 31, is charged
with disclosing classified information to WikiLeaks after allegedly stealing it
from a secretive CIA unit where he worked. In more than 8,000 pages of material
published in 2017 — known as the Vault 7 leaks — WikiLeaks showed how the CIA
breaks into smartphones and Internet-connected devices, including televisions.
The disclosure “was the single biggest leak of classified national defense
information in the history of the CIA,” Assistant U.S. Attorney David Denton
told jurors. Denton said that as a result of the disclosure, CIA operations had
“come to a halt,” U.S. intelligence officers serving overseas had been exposed
and American adversaries were able to turn cyberweapons developed by the CIA
against the United States. Schulte has pleaded not guilty to 11 criminal
counts.
Nextgov
February 4,
2020
The Office
of the Director of National Intelligence will take a “whole of society”
approach that hopes to encourage greater private-sector participation in
protecting the country from cyber threats, according to a leading official who
said a related strategy document will be published Monday. “As the new strategy
gets rolled out Monday we are going to take a look at a whole of nation
approach, a whole of society approach to defending what we believe are true to
our values, our laws, our morals,” said Bill Evanina, director of ODNI’s
National Counterintelligence and Security Center. Evanina spoke Tuesday at an
event hosted by the Institute for Critical Infrastructure Technology. His
announcement is in line with pledges by government agencies such as the
Cybersecurity and Infrastructure Security Agency and the National Security
Agency to share more contextual information about cyber threats—without sharing
classified sources or methods—with industry. Evanina said the president signed
the 2020 counterintelligence strategy for America on Jan. 8, and characterized
it as representing a “paradigm shift” while also acknowledging that the
intelligence community is playing catch up.
Bleeping
Computer
February 4,
2020
The US
Federal Bureau of Investigation (FBI) warned of a potential Distributed Denial
of Service (DDoS) attack that targeted a state-level voter registration and
information site in a Private Industry Notification (PIN) released today.
"The FBI received reporting indicating a state-level voter registration
and voter information website received anomalous Domain Name System (DNS)
server requests consistent with a Pseudo Random Subdomain (PRSD) attack,"
according to the FBI PIN seen by BleepingComputer. PRSD attacks are a type of DDoS
attack used by threat actors to disrupt DNS record lookups by flooding a DNS
server with large amounts of DNS queries against non-existing subdomains. The
FBI says that the state voter registration website was not affected by the DDoS
siege due to properly set up rate-limiting on the target's DNS servers.
AP
February 4,
2020
A new
Maryland bill would ask the state’s Department of Information Technology to
develop a baseline plan for localities within the state to help battle cyber
attacks. Senate bill 120, introduced by Sen. Susan Lee, D-Montgomery, would
give the Maryland Department of Information Technology the expanded
responsibility of developing a cybersecurity strategy and helping agencies
within the state implement it at their discretion. Under current law, the Department
of Information Technology oversees the defense of state systems, but not that
of counties, school districts and other similar entities. Having a sample plan
in place could be beneficial in preventing future attacks that disrupted the
likes of the city of Baltimore and Salisbury Police Department recently and
cost millions in reparations. The legislation does not mandate significant
increases in expenditures by the state or local governments, but rather leaves
it up to each entity to potentially implement the plan, according to Lee. This
Maryland bill follows a 2019 North Dakota law that added the same provisions
and power to its state Information Technology department.
Gov Info
Security
February 3,
2020
The
National Institute of Standards and Technology has unveiled a pair of draft
practice guidelines that offer updated advice and best practices on how to
protect the confidentiality, integrity and availability of data in light of
increasing threats from ransomware and other large-scale cyber events. The
guidelines offer recommendations for enterprises to contain a ransomware attack
or mitigate the impact. For example, they offer details on how to implement
backups tied to secure storage capabilities, use network protection and
inventory assessments, and create policies to help ensure endpoints are
safeguarded. The draft practice guidelines, Data Integrity: Identifying and
Protecting Assets Against Ransomware and Other Destructive Events, and Data
Integrity: Detecting and Responding to Ransomware and Other Destructive Events,
were developed by NIST's National Cybersecurity Center of Excellence. NIST will
accept comments on the draft advice until Feb. 26, and then will issue final
guidance later this year.
WISN
February 3,
2020
Hackers
have gained access to city systems in Racine. Officials said the city's
internet, website, email and voicemail were all affected. They said it could be
another week before they regain control. "If you need to interact
electronically, for all intents and purposes, this week we need you to go back
to an older, more analog time," Mayor Cory Mason said Monday. "Come
on in to City Hall, say hello." He said the cyberattack hit servers
Friday, possible through a phishing email. "It is ransomware that we have
in the system," Mason said. "Nobody has contacted us demanding a
ransom. Even if they did, the city would not pay it." City Hall workers
continue to do the work of the people, the mayor said. "I wouldn't even
begin to guess what their intentions were or what they want to do or where it
originated," Mason said. "I just know what the impact has been and
we're doing everything we can to restore it."
NBC
January 31,
2020
West
Virginia is moving to become the first state to allow people with disabilities
to use technology that would allow them to vote with their smartphones in the
2020 election. Gov. Jim Justice, a Republican, plans to sign a bill by early
next week that will require all counties to provide some form of online
ballot-marking device to every voter with physical disabilities, according to
West Virginia Secretary of State Mac Warner. Warner, the state’s chief election
official, said that he would most likely provide counties with the smartphone
app Voatz or a similar app, making the choice easy for cash-strapped counties.
But cybersecurity experts have long railed against apps like Voatz, saying that
any kind of online voting unnecessarily increases security risks. “Mobile
voting systems completely run counter to the overwhelming consensus of every
expert in the field,” said Matt Blaze, a computer scientist at Georgetown
University and a seasoned election security researcher. “This is incredibly
unwise.”
INDUSTRY
Ars
Technica
February 7,
2020
Attackers
behind one of the world’s more destructive pieces of ransomware have found a
new way to defeat defenses that might otherwise prevent the attack from
encrypting data: installing a buggy driver first and then hacking it to burrow
deeper into the targeted computer. The ransomware in this case is RobbinHood,
known for taking down the city of Baltimore networks and systems in Greenville,
North Carolina. When networks aren’t protected by robust end-point defenses,
RobbinHood can easily encrypt sensitive files once a vulnerability has allowed
the malware to gain a toehold. For networks that are better fortified, the
ransomware has a harder time. Now, RobbinHood has found a way to defeat those
defenses. In two recent attacks, researchers from security firm Sophos said,
the ransomware has used its access to a targeted machine to install a driver,
from Taiwan-based motherboard manufacturer Gigabyte, that has a known
vulnerability in it. The vulnerability led to the driver being deprecated, but
it retains the cryptographic signature required to run in the highly sensitive
Windows region known as the Kernel.
CyberScoop
February 6,
2020
Private
equity dollars continued to flow into the cybersecurity industry Thursday when
Forescout Technologies announced it reached an agreement to be acquired by the
investment firm Advent International. It’s an all-cash deal worth $1.9 billion,
meaning Advent International will pay $33 per Forescout share, a rate that’s
about 18% above Forescout’s closing price of $27.98 on Thursday. The company
first went public in October 2017 at $22 a share. Forescout specializes in
“device security,” a concept that allows companies to protect their share of
any device connected to their networks. Its shares have fallen by some 12% over
the past year, while the overall S&P 500 index has climbed by 22%, Silicon
Valley Business Journal reported. The company’s fourth-quarter revenue grew 8%
year-over-year to $91.3 million, propelled in part by a 14% jump in
subscription revenue to $37.6 million. President and CEO Mike DeCesare will
remain in charge, and Forescout’s headquarters will remain in San Jose,
California.
WIRED
February 5,
2020
Workplace
phones and routers have a long, storied history of very bad vulnerabilities.
Now it's time again to add to the list: Researchers say that a crop of recently
discovered flaws in Cisco enterprise products—like desk phones, web cameras,
and network switches—could be exploited to penetrate deep into corporate networks.
Because Cisco dominates the network equipment market, the bugs impact millions
of devices. All software has flaws, but embedded device issues are especially
concerning given the potential for espionage and the inherent complexity of
patching them. These particular vulnerabilities, found by the enterprise
security firm Armis, can also break out of the "segmentation" that IT
managers use to silo different parts of a network, like a guest Wi-Fi, to cause
widespread issues. Attackers could target a vulnerable Cisco network
switch—which moves data around an internal network—to intercept large amounts
of unencrypted, internal information and move between different parts of a
target's system. Attackers could use related flaws, also disclosed by Armis, to
attack batches of Cisco devices at once—like all the desk phones or all the
webcams—to shut them down or turn them into eyes and ears inside a target
organization.
Ars Technica
February 5,
2020
Facebook
has issued a security advisory for a flaw in WhatsApp Desktop that could allow
an attacker to use cross-site scripting attacks and read the files on MacOS or
Windows PCs by using a specially crafted text message. The attacker could
retrieve the contents of files on the computer on the other end of a WhatsApp
text message and potentially do other illicit things. The flaw, discovered by
researcher Gal Weizman at PerimeterX, is a result of a weakness in how
WhatsApp's desktop was implemented using the Electron software framework, which
has had significant security issues of its own in the past. Electron allows
developers to create cross-platform applications based on Web and browser
technologies but is only as secure as the components developers deploy with
their Electron apps.
Security
Week
February 5,
2020
Researchers
have demonstrated an ability to compromise an IoT smart bulb, and then use
malware from the internet-connected bulb to infiltrate the rest of a network --
regardless of whether that is a home or office. In 2016, earlier researchers
were able to compromise Philips Hue lightbulbs with malicious firmware, and
then propagate to other adjacent lightbulbs. The vendor was able to fix the
propagation issue, but due to design issues was unable to fix the original
vulnerability. Now researchers at Check Point have been able to use this
initial vulnerability to compromise the lightbulb and use it as a platform to
take over first the controlling bridge, and then -- using vulnerabilities in
the ZigBee communication protocol -- to propagate to other devices on the
network. ZigBee is a communication protocol that allows different smart
products from different manufacturers to communicate with each other. Common
users of Zigbee include Amazon Echo Plus, Samsung SmartThings, Belkin WeMo, and
many more smart home devices. The Philips Hue lightbulb transmits and receives
messages using Zigbee, and uses a device known as the bridge to receive
commands. "Check Point's researchers," said the firm in a blog
report, "showed how a threat actor could exploit an IoT network (smart
lightbulbs and their control bridge) to launch attacks on conventional computer
networks in homes, businesses or even smart cities."
Gov Info
Security
February 5,
2020
Australian
transportation and logistics firm Toll Group has confirmed that it sustained a
ransomware attack earlier this month that forced to company to shut down
several systems and led to delays in deliveries across the country. While Toll
Group continues to recover from the ransomware attack that started Jan. 31, the
firm has now deliberately shut down several systems, including customer-facing
applications, as a precautionary measure to ensure that the malware does not
spread, according to a statement released Tuesday. company officials say no
personal data has been compromised. Toll Group, which is owned by Japan Post,
has operations in over 50 countries and about 40,000 employees worldwide. The
company does not plan to pay the ransom and is not engaging with the attacks,
according to the Australian Financial Review.
CyberScoop
February 5,
2020
An ongoing
campaign from an unidentified threat actor has been deploying seven different
kinds of malware — including ransomware — at once against an estimated 500,000
targets over the past couple of months to steal as much money as possible,
according to new research from Cybereason. The different kinds of malware
deployed from just this one actor — which allows them to steal sensitive
browser data, cookies, system information, two-factor authentication token
information to bypass 2FA, and cryptocurrency from digital wallets — is
“unprecedented,” Lior Rochberger, a security analyst at Cybereason, and Assaf
Dahan, the head of threat research at Cybereason. The two released their
findings on Wednesday. “The combination of so many different types of malware
exfiltrating so many different types of data can leave organizations
unworkable,” Rochberger and Dahan write. “This threat is able to compromise
system security, violate user privacy, harm machine performance, and cause
great damage to individuals and corporations by stealing and spreading
sensitive information, all before infecting them with ransomware.” The
attackers make their scheme work by exploiting code repository platform
BitBucket to store and disperse the malware, according to Cybereason.
Bloomberg
February 4,
2020
Aon Plc
bought closely held Canadian firm Cytelligence Inc. to help boost its ability
to respond to and investigate attacks on computer systems. Aon picked up
employees with cybersecurity consulting and digital forensic expertise, the
London-based insurance brokerage and advisory firm said Tuesday in a statement
that didn’t disclose terms. Cytelligence Chief Executive Officer Daniel Tobok
will become the Canadian president at Aon’s cyber solutions group. Aon is
seeking to expand its foothold in the market helping companies deal with cyber
attacks, which are expected to cost the world $6 trillion annually by 2021,
according to a 2019 report from Cisco Security and Cybersecurity Ventures. Aon
boosted the cyber group more than three years ago with the purchase of
risk-management firm Stroz Friedberg, and now is adding Cytelligence employees
based in offices in Toronto, Ottawa, New York, San Francisco and Miami. “They
have a very good capability that they have built in the digital-forensic and
incident-response area,” J. Hogg, CEO of Aon’s cyber solutions group, said in
an interview. The companies conducted at least one joint incident response
together before the deal.
WIRED
February 3,
2020
Only a few
times in the history of hacking has a piece of malicious code been spotted
attempting to meddle directly with industrial control systems, the computers
that bridge the gap between digital and physical systems. Those rare specimens
of malware have destroyed nuclear enrichment centrifuges in Iran and caused a
blackout in Ukraine. Now, a malware sample has surfaced that uses specific
knowledge of control systems to target them with a far blunter, and more
familiar, tactic: Kill the target's software processes, encrypt the underlying
data, and hold it hostage. Over the last month, researchers at security firms
including Sentinel One and Dragos have puzzled over a piece of code called
Snake or EKANS, which they now believe is specifically designed to target
industrial control systems, the software and hardware used in everything from
oil refineries to power grids to manufacturing facilities. Much like other
ransomware, EKANS encrypts data and displays a note to victims demanding
payment to release it; the name comes from a string it plants as a file marker
on a victim computer to identify that its files have already been encrypted.
But EKANS also uses another trick to ratchet up the pain: It's designed to
terminate 64 different software processes on victim computers, including many
that are specific to industrial control systems. That allows it to then encrypt
the data that those control system programs interact with. While crude compared
to other malware purpose-built for industrial sabotage, that targeting can
nonetheless break the software used to monitor infrastructure, like an oil
firm's pipelines or a factory's robots. That could have potentially dangerous
consequences, like preventing staff from remotely monitoring or controlling the
equipment's operation.
CyberScoop
February 3,
2020
Looks can
be deceiving when a security researcher first studies a piece of code. What
might seem mundane or straightforward on the surface — an insecure log-in page,
for example — can lead to unexpected results when a security practitioner digs
deeper. Without humans scanning for vulnerabilities, bugs are left to fester,
and can be exploited to cause real issues if they fall into the wrong hands.
That lesson lingers in Ken Pyle’s mind. During a security test for a client
last year, Pyle, a partner at the security company DFDR Consulting, examined a
networking switch made by Cisco. The equipment is popular with small
businesses, including the managed service providers that handle remote
connections, because it allows organizations to administer multiple devices
across a network. What started as a simple web application vulnerability, upon
closer inspection, turned out to be two previously-unreported flaws affecting
hundreds of thousands of devices, according to Pyle, from routers and printers
to cable modems. One bug is a denial-of-service vulnerability that a hacker
could use to take the switches, and the networks that rely on them, offline.
Another flaw could reveal sensitive information about a switch’s configuration.
Cisco issued patches for the issues on Jan. 29, and the Department of Homeland
Security has urged enterprises to apply those fixes.
The Times
February 2,
2020
High street
banks are still not offering online foreign exchange facilities a month after
Travelex was laid low by a cyber-attack. The ransomware attack on New Year’s
Eve crippled Travelex, which provides foreign exchange services for banks and
supermarkets, leaving them unable to offer many travel money services. Banks
that use Travelex include HSBC, Barclays, RBS and Virgin Money, as well as the
banking operations of Tesco and Sainsbury’s. It took Travelex — part of the
listed Finablr group — until the end of last week to restore its own online
service. Even so, a message on Travelex’s website yesterday still said it was
unable to offer “our full range of services and products at this time.”
INTERNATIONAL
The New
Zealand Herald
February 7,
2020
Emails
apparently sent and received by Auckland mayor Phil Goff over a 12-year period
have been offered with a $20,000 price tag and appear to contain deeply
personal information alongside council and Parliamentary work. Communications
sent to the Herald suggest there has been a complete grab of Goff's inbox and
sent folders. Among many other topics, they appear to include fundraising plans
for Goff's mayoral bid, "confidential" polling data during last
year's campaign and sensitive business information. The seller claims to have
more than 15,000 emails from an Xtra account in Goff's name with the database
spanning from 2007 to 2019. Evidence sent by the seller and examined by the
Herald appears to confirm the claims. It is unknown if the seller has offered
the emails to other businesses or individuals.
AP
February 6,
2020
A judge in
Brazil’s capital on Thursday dismissed accusations that journalist Glenn
Greenwald was involved in hacking phones of officials, following weeks of
criticism that his prosecution would infringe on constitutional protections for
the press. Prosecutors last month leveled accusations that Greenwald helped a
group of six people hack into phones of hundreds of local authorities, saying
his actions amounted to criminal association and illegal interception of
communications. Since last year, Greenwald’s online media outlet The Intercept
Brasil has published a series of excerpts from private conversations on a
messaging app involving current Justice Minister Sérgio Moro. The attempt by
prosecutors to criminalize Greenwald’s work had prompted swift backlash from
national and foreign journalist associations, freedom of expression advocates
and Brazil’s national bar association. Those groups said prosecutors were
abusing their power to persecute Greenwald, an attorney-turned-journalist who
lives with his husband and children in Rio de Janeiro. Greenwald’s lawyers
called the allegations “bizarre” and said they challenged a previous ruling in
the case by the Brazilian Supreme Court protecting freedom of the press.
Reuters
February 6,
2020
Saudi
Aramco has seen an increase in attempted cyber attacks since the final quarter
of 2019, which the company has so far successfully countered, the state oil
giant’s chief information security officer told Reuters on Thursday. “Overall
there is definitely an increase in the attempts of (cyber) attacks, and we are
very successful in preventing these attacks at the earliest stage possible,”
Khalid al-Harbi told Reuters in a telephone interview. “The pattern of the
(cyber) attacks is cyclical, and we are seeing that the magnitude is
increasing, I would suspect that this will continue to be a trend,” he said,
without giving further details on who was behind the attacks. Saudi Arabia has
been the target of frequent cyber attacks, including the “Shamoon” virus, which
cripples computers by wiping their disks and has hit both government ministries
and petrochemical firms, the latest of these was in 2017. Aramco, which pumps
10% of global oil supply, experienced its largest cyber attack to date in
August 2012, when a Shamoon virus attack damaged around 30,000 computers and
was aimed at stopping oil and gas production at the biggest OPEC exporter.
The
Guardian
February 6,
2020
The British
government is helping a controversial Israeli spyware company to market its
surveillance technologies at a secretive trade fair visited by repressive
regimes, the Guardian can reveal. The government will host the NSO Group, which
sells technology that has allegedly been used by autocratic regimes to spy on
the private messages of journalists and human rights activists, at the closed
Security and Policing trade fair in Hampshire next month. The NSO Group is due
to be an exhibitor at the three-day fair, where police and security officials
from abroad can browse commercial stalls selling surveillance and crowd-control
equipment. Around 60 foreign delegations are typically hosted by the British
government to the fair. In the last four years they have included countries
whose human rights records have been criticised such as Saudi Arabia, Egypt,
the UAE, Oman, Qatar and Hong Kong. The identities of this year’s delegations
are not known as they are usually announced on the opening day of the fair.
CyberScoop
February 6,
2020
A hacking
group that private researchers have linked with Chinese interests has
successfully targeted Malaysian government officials in an apparent
data-stealing espionage campaign, cybersecurity officials in the Southeast
Asian nation said this week. The Malaysian Computer Emergency Response Team, a
government-backed organization, said it had “observed an increase in [the]
number of artifacts and victims involving a campaign against Malaysian
government officials.” The hackers have tended to target government-backed
projects in an effort to steal reams of data on proposal and shipping
information, the Malaysian officials said. To do that, the attackers have
exploited a pair of old vulnerabilities, one dating back to 2014, in Microsoft
products to compromise their targets. The advisory did not explicitly name the
hacking group responsible. But the data it cited, including private-sector
reports, point to a state-sponsored group known as APT40 or Leviathan.
Reuters
February 5,
2020
When
Iranian-born German academic Erfan Kasraie received an email from The Wall
Street Journal requesting an interview, he sensed something was amiss. The Nov.
12 note purportedly came from Farnaz Fassihi, a veteran Iranian-American
journalist who covers the Middle East. Yet it read more like a fan letter,
asking Kasraie to share his “important achievements” to “motivate the youth of
our beloved country.” “This interview is a great honor for me,” the note gushed.
Another red flag: the follow-up email that instructed Kasraie to enter his
Google password to see the interview questions. The phony request was in
reality an attempt to break into Kasraie’s email account. The incident is part
of a wider effort to impersonate journalists in hacking attempts that three
cybersecurity firms said they have tied to the Iranian government, which
rejected the claim. The incidents come to light at a time when the U.S.
government has warned of Iranian cyber threats in the wake of the U.S. air
strike that killed Iran’s second most powerful official, Major-General Qassem
Soleimani.
TECHNOLOGY
ZDNet
February 6,
2020
Academics
from Israel have detailed and demoed a new method for stealing data from
air-gapped computers. The method relies on making small tweaks to an LCD screen's
brightness settings. The tweaks are imperceptible to the human eye, but can be
detected and extracted from video feeds using algorithmical methods. Named
BRIGHTNESS, the attack was designed for air-gapped setups -- where computers
are kept on a separate network with no internet access. Air-gapped computers
are often found in government systems that store top-secret documents or
enterprise networks dedicated to storing non-public proprietary information.
Creative hackers might find a way to infect these systems -- such as using an
infected USB thumb drive that's plugged into these systems -- but getting data
out of air-gapped networks is the harder part. This is where a team of
academics at the Ben-Gurion University of the Negev in Israel have specialized
themselves. For the past few years, they've been studying ways of extracting
data from already-infected air-gapped systems.
Ars
Technica
February 4,
2020
Sudo, a
utility found in dozens of Unix-like operating systems, has received a patch
for a potentially serious bug that allows unprivileged users to easily obtain
unfettered root privileges on vulnerable systems. The vulnerability, tracked as
CVE-2019-18634, is the result of a stack-based buffer-overflow bug found in
versions 1.7.1 through 1.8.25p1. It can be triggered only when either an
administrator or a downstream OS, such as Linux Mint and Elementary OS, has
enabled an option known as pwfeedback. With pwfeedback turned on, the
vulnerability can be exploited even by users who aren't listed in sudoers, a
file that contains rules that users must follow when using the sudo command.
Sudo is a powerful utility that’s included in most if not all Unix- and
Linux-based OSes. It lets administrators allow specific individuals or groups
to run commands or applications with higher-than-usual system privileges. Both
Apple’s macOS and Debian distributions of Linux received updates last week.
