Tuesday, February 11, 2020

Serious flaw that lurked in sudo for 9 years hands over root privileges


US charges four Chinese military hackers in 2017 Equifax breach

The hackers spent weeks in the Equifax system, breaking into computer networks, stealing company secrets and personal data, Attorney General William Barr said.

 

Chinese government leans on City of Perth to shut down lawful protests

The Chinese Consulate in WA has contacted the City of Perth on "multiple occasions" in attempts to stop lawful protests by Falun Gong practitioners.

US charges four Chinese military hackers in 2017 Equifax breach

The hackers spent weeks in the Equifax system, breaking into computer networks, stealing company secrets and personal data, Attorney General William Barr said.

Shorten says Centrelink is increasingly targeting vulnerable ...

 

Robodebt revelations hit new low

 

'It's like camping': North shore residents told outage could last all week

Residents without power in Sydney's north and the Central Coast have been told they could be waiting until Friday for it to be restored.

 

Nextgov
February 7, 2020
A bipartisan report released Thursday by the Senate Intelligence Committee says that the Obama administration mounted an insufficient response to Russia’s election interference in 2016, but that its failures were “understandable” because the government lacked information and had limited policy options at the time. The panel recommended that the government develop specific responses to foreign influence campaigns to better safeguard against future incursions, and integrate those efforts across agencies and with the governments of other countries contending with Russian aggression. Its report also said the president must be more direct with the American public about the nature of such threats, and “separate himself or herself from political considerations” when handling these issues. “These steps should include explicitly putting aside politics when addressing the American people on election threats and marshaling all the resources of the U.S. Government to effectively confront the threat,” the report states.

CyberScoop
February 7, 2020
The cybersecurity wing of the Department of Homeland Security must “urgently finalize” its plans to protect the 2020 presidential election, a government watchdog agency said in a new report released Thursday. The Cybersecurity and Infrastructure Security Agency (CISA) provides state and local election officials with federal assistance, education and information sharing about how to safeguard U.S. voting infrastructure from possible interference. Despite three years of work meant to improve security, CISA still is “not well-positioned to execute a nationwide strategy for securing election infrastructure prior to the start of the 2020 election cycle,” according to a Government Accountability Office (GAO) report published Thursday. Most notably, CISA has not created clear plans to respond to a possible Election Day security incident in which state and local response capabilities were exhausted, according to the GAO report. The audit also determined that CISA had failed to address challenges it experienced in 2018, including an inability of security personnel to access social media websites from situational awareness rooms, a weak point in countering possible disinformation efforts. “While CISA identified challenges related to its prior efforts, it has not developed plans to address them,” GAO noted in its 47-page report.

The Washington Post
February 6, 2020
A bipartisan report released Thursday by the Senate Intelligence Committee says that the Obama administration mounted an insufficient response to Russia’s election interference in 2016, but that its failures were “understandable” because the government lacked information and had limited policy options at the time. The panel recommended that the government develop specific responses to foreign influence campaigns to better safeguard against future incursions, and integrate those efforts across agencies and with the governments of other countries contending with Russian aggression. Its report also said the president must be more direct with the American public about the nature of such threats, and “separate himself or herself from political considerations” when handling these issues. “These steps should include explicitly putting aside politics when addressing the American people on election threats and marshaling all the resources of the U.S. Government to effectively confront the threat,” the report states.

The Hill
February 6, 2020
Oregon Sen. Ron Wyden (D) is calling on the state's secretary of State to work with him to address threats he said are posed by allowing some residents to vote via “insecure” electronic methods. “We share a common goal of making it easier for Oregonians serving in the military or otherwise living overseas to vote,” Wyden wrote in a letter Thursday to Oregon Secretary of State Bev Clarno. “I look forward to working with you to explore ways to do so, including, if appropriate, introducing federal legislation to provide states with additional resources. However, the security and integrity of Oregon’s elections must always come first,” he added. Oregon is one of 24 states that permit overseas and military voters to return marked ballots over the internet. Wyden said the methods pose threats to secure elections. He cited concerns laid out by cybersecurity experts in a 2018 National Academy of Sciences Report, which he urged Clarno to share with local officials across the state. “Russia’s 2016 campaign to meddle in our elections demonstrated the urgency of states doing everything in their power to secure Americans’ votes from hacking,” Wyden said. “Continuing to permit the use of internet voting — against the advice of cybersecurity experts — is simply asking for trouble.”

FCW
February 5, 2020
FBI Director Christopher Wray declined to say whether he would endorse legislation that would create a pathway for law enforcement to access encrypted apps and devices. At a Feb. 5 House Judiciary Committee hearing, Wray was asked by Rep. Matt Gaetz (R-Fl.) if there is any "meaningful legislation that Congress should consider so that technology partners have a yellow brick road to work with the government" on encryption. Wray did not rule of the possibility but stopped short of calling for Congress to draft such a bill, beyond saying it was a decision "that should be made by the American people through their elected representatives, not through one company making a business decision on behalf of all of us." "Whether it's done by legislation or done by the companies doing it voluntarily, I think we have to find a solution," said Wray, later adding that "there are some countries that have already passed legislation of a sort that you are referring to – Australia for example."

CSO
February 4, 2020
Distracted by high-profile developments, gridlocked by partisan resentment, and time-crunched due to the election year, Congress is nevertheless swinging into gear on specific cybersecurity issues, Washington insiders told attendees at Shmoocon 2020 this past weekend. Among the top items that Congress might tackle are new subpoena powers to address critical infrastructure threats, a big-picture policy report, and copyright law exemptions that protect security researchers. Congressional interest in cybersecurity has escalated over the past decade, the panelists agreed. "Congress members are aware of a challenge. They want to do something to fix it," Nick Leiserson, legislative director to Congressman Jim Langevin (D-RI), a senior member of the House Armed Services and Homeland Security Committees, said. "There is engagement, and that is very important. That is a change that is not where we were ten years ago when my boss was being looked at [oddly] by his colleagues. You know, they were like, 'Here's the tinfoil hat, Jim,'" he said.

FCW
February 4, 2020
The Department of Homeland Security previewed new plans to patrol federal networks for cybersecurity compliance in relpy comments to an oversight report released Feb. 4. The Government Accountability Office report reviewed the department's use of Binding Operational Directives (BOD) to improve baseline federal civilian cybersecurity practices. While the overall findings were largely favorable to DHS and its component, the Cybersecurity and Infrastructure Security Agency, it did find gaps in the department's ability to validate agencies who largely self-report their compliance. In an attached reply, a DHS official concurred with those finding and outlined plans to develop a risk-based strategy and two existing programs, Continuous Diagnostics and Mitigation and CyberStat, to better validate whether agencies are complying with directives.


ADMINISTRATION

Nextgov
February 7, 2020
Representatives from top tech and telecom companies are responding to an attempt by Attorney General William Barr to throw cold water on the leading proposal policymakers have made to date for averting reliance on Chinese telecom giant Huawei in 5G networks. Barr proposed the U.S. “through ownership of a controlling stake, either directly or through a consortium of American and allied companies” align itself with Nokia or Ericsson instead of a White House-backed plan to develop an interoperable, software-defined network. “The problem is that this is a pie in the sky,” Barr said at an event Thursday hosted by the Center for Strategic and International Studies. “The software industry has a long history of turning so-called ‘pie-in-the-sky’ ideas into innovative, practical solutions,” Tommy Ross, senior director of policy for BSA | The Software Alliance, told Nextgov. “Attempting to artificially pick winners and losers often proves ineffective in the face of rapidly evolving technologies and consumer demands.”

ProPublica
February 5, 2020
A glitch in the smartphone app used to count and report votes from individual precincts continues to delay results from Monday’s Iowa caucuses. But a closer look shows that the app had a potentially graver problem that apparently did not come into play: its vulnerability to hacking. The IowaReporterApp was so insecure that vote totals, passwords and other sensitive information could have been intercepted or even changed, according to officials at Massachusetts-based Veracode, a security firm that reviewed the software at ProPublica’s request. Because of a lack of safeguards, transmissions to and from the phone were left largely unprotected. Chris Wysopal, Veracode’s chief technology officer, said the problems were elementary. He called it a “poor decision” to release the software without first fixing them. “It is important for all mobile apps that deal with sensitive data to have adequate security testing, and have any vulnerabilities fixed before being released for use,” he said.

FCW
February 5, 2020
The Departments of Energy, Homeland Security and Defense have extended their joint effort to develop common cyber threat indicators and cyber defense capabilities to protect critical infrastructure in the energy sector. The agencies signed a new memorandum of understanding to develop common, cross-agency threat data and to collaborate on cyberattack response playbooks for energy infrastructure stakeholders. The MOU extends the Pathfinder information sharing effort for critical infrastructure sectors among the agencies begun in 2018. "Through this agreement, we will strengthen the partnership between DOE, DHS, and DOD to enable intergovernmental cooperation and bolster our ability to proactively address cyber threats to critical energy infrastructure, and to respond effectively should those threats materialize," Karen Evans, DOE's assistant secretary of cybersecurity, energy security and emergency response, said in a Feb. 3 statement. Bryan Ware, assistant director for cybersecurity at DHS' Cybersecurity and Infrastructure Security Agency, said the agreement will help develop threat indicators and warnings that can cross multiple national critical functions, enhance cyber threat information sharing and expedite response.

FedScoop
February 5, 2020
The Department of Defense remains on alert for retaliation in cyberspace for a U.S. attack that killed a top Iranian general. But security experts and federal officials warn that Iran could target the military another way — through potentially vulnerable defense contractors. Weak cybersecurity practices in the complex DOD supply chain could make those companies attractive targets if Iran wanted to strike a measurable blow against the U.S., experts said at a panel Tuesday on Iranian cyberattacks hosted by the Institute for Critical Infrastructure Technology. Nation-states like China already have shown such is possible, siphoning billions of dollars from the defense industry through the digital theft of intellectual property. “In the cyber realm, Iran is more likely to act out now,” said Jamil Jaffer, vice president of strategy at IronNet Cybersecurity and a former Department of Justice official. Iran is on the short list of countries known for harboring or sponsoring advanced persistent threat (APT) groups tied to sophisticated cyber-operations.

The Washington Post
February 4, 2020
Federal prosecutors on Tuesday opened their case against a former CIA software engineer they say leaked a massive trove of the agency's secret hacking tools to take revenge on his former colleagues and bosses. Joshua Schulte, 31, is charged with disclosing classified information to WikiLeaks after allegedly stealing it from a secretive CIA unit where he worked. In more than 8,000 pages of material published in 2017 — known as the Vault 7 leaks — WikiLeaks showed how the CIA breaks into smartphones and Internet-connected devices, including televisions. The disclosure “was the single biggest leak of classified national defense information in the history of the CIA,” Assistant U.S. Attorney David Denton told jurors. Denton said that as a result of the disclosure, CIA operations had “come to a halt,” U.S. intelligence officers serving overseas had been exposed and American adversaries were able to turn cyberweapons developed by the CIA against the United States. Schulte has pleaded not guilty to 11 criminal counts.

Nextgov
February 4, 2020
The Office of the Director of National Intelligence will take a “whole of society” approach that hopes to encourage greater private-sector participation in protecting the country from cyber threats, according to a leading official who said a related strategy document will be published Monday. “As the new strategy gets rolled out Monday we are going to take a look at a whole of nation approach, a whole of society approach to defending what we believe are true to our values, our laws, our morals,” said Bill Evanina, director of ODNI’s National Counterintelligence and Security Center. Evanina spoke Tuesday at an event hosted by the Institute for Critical Infrastructure Technology. His announcement is in line with pledges by government agencies such as the Cybersecurity and Infrastructure Security Agency and the National Security Agency to share more contextual information about cyber threats—without sharing classified sources or methods—with industry. Evanina said the president signed the 2020 counterintelligence strategy for America on Jan. 8, and characterized it as representing a “paradigm shift” while also acknowledging that the intelligence community is playing catch up.

Bleeping Computer
February 4, 2020
The US Federal Bureau of Investigation (FBI) warned of a potential Distributed Denial of Service (DDoS) attack that targeted a state-level voter registration and information site in a Private Industry Notification (PIN) released today. "The FBI received reporting indicating a state-level voter registration and voter information website received anomalous Domain Name System (DNS) server requests consistent with a Pseudo Random Subdomain (PRSD) attack," according to the FBI PIN seen by BleepingComputer. PRSD attacks are a type of DDoS attack used by threat actors to disrupt DNS record lookups by flooding a DNS server with large amounts of DNS queries against non-existing subdomains. The FBI says that the state voter registration website was not affected by the DDoS siege due to properly set up rate-limiting on the target's DNS servers.

AP
February 4, 2020
A new Maryland bill would ask the state’s Department of Information Technology to develop a baseline plan for localities within the state to help battle cyber attacks. Senate bill 120, introduced by Sen. Susan Lee, D-Montgomery, would give the Maryland Department of Information Technology the expanded responsibility of developing a cybersecurity strategy and helping agencies within the state implement it at their discretion. Under current law, the Department of Information Technology oversees the defense of state systems, but not that of counties, school districts and other similar entities. Having a sample plan in place could be beneficial in preventing future attacks that disrupted the likes of the city of Baltimore and Salisbury Police Department recently and cost millions in reparations. The legislation does not mandate significant increases in expenditures by the state or local governments, but rather leaves it up to each entity to potentially implement the plan, according to Lee. This Maryland bill follows a 2019 North Dakota law that added the same provisions and power to its state Information Technology department.

Gov Info Security
February 3, 2020
The National Institute of Standards and Technology has unveiled a pair of draft practice guidelines that offer updated advice and best practices on how to protect the confidentiality, integrity and availability of data in light of increasing threats from ransomware and other large-scale cyber events. The guidelines offer recommendations for enterprises to contain a ransomware attack or mitigate the impact. For example, they offer details on how to implement backups tied to secure storage capabilities, use network protection and inventory assessments, and create policies to help ensure endpoints are safeguarded. The draft practice guidelines, Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events, and Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events, were developed by NIST's National Cybersecurity Center of Excellence. NIST will accept comments on the draft advice until Feb. 26, and then will issue final guidance later this year.

WISN
February 3, 2020
Hackers have gained access to city systems in Racine. Officials said the city's internet, website, email and voicemail were all affected. They said it could be another week before they regain control. "If you need to interact electronically, for all intents and purposes, this week we need you to go back to an older, more analog time," Mayor Cory Mason said Monday. "Come on in to City Hall, say hello." He said the cyberattack hit servers Friday, possible through a phishing email. "It is ransomware that we have in the system," Mason said. "Nobody has contacted us demanding a ransom. Even if they did, the city would not pay it." City Hall workers continue to do the work of the people, the mayor said. "I wouldn't even begin to guess what their intentions were or what they want to do or where it originated," Mason said. "I just know what the impact has been and we're doing everything we can to restore it."

NBC
January 31, 2020
West Virginia is moving to become the first state to allow people with disabilities to use technology that would allow them to vote with their smartphones in the 2020 election. Gov. Jim Justice, a Republican, plans to sign a bill by early next week that will require all counties to provide some form of online ballot-marking device to every voter with physical disabilities, according to West Virginia Secretary of State Mac Warner. Warner, the state’s chief election official, said that he would most likely provide counties with the smartphone app Voatz or a similar app, making the choice easy for cash-strapped counties. But cybersecurity experts have long railed against apps like Voatz, saying that any kind of online voting unnecessarily increases security risks. “Mobile voting systems completely run counter to the overwhelming consensus of every expert in the field,” said Matt Blaze, a computer scientist at Georgetown University and a seasoned election security researcher. “This is incredibly unwise.”


INDUSTRY

Ars Technica
February 7, 2020
Attackers behind one of the world’s more destructive pieces of ransomware have found a new way to defeat defenses that might otherwise prevent the attack from encrypting data: installing a buggy driver first and then hacking it to burrow deeper into the targeted computer. The ransomware in this case is RobbinHood, known for taking down the city of Baltimore networks and systems in Greenville, North Carolina. When networks aren’t protected by robust end-point defenses, RobbinHood can easily encrypt sensitive files once a vulnerability has allowed the malware to gain a toehold. For networks that are better fortified, the ransomware has a harder time. Now, RobbinHood has found a way to defeat those defenses. In two recent attacks, researchers from security firm Sophos said, the ransomware has used its access to a targeted machine to install a driver, from Taiwan-based motherboard manufacturer Gigabyte, that has a known vulnerability in it. The vulnerability led to the driver being deprecated, but it retains the cryptographic signature required to run in the highly sensitive Windows region known as the Kernel.

CyberScoop
February 6, 2020
Private equity dollars continued to flow into the cybersecurity industry Thursday when Forescout Technologies announced it reached an agreement to be acquired by the investment firm Advent International. It’s an all-cash deal worth $1.9 billion, meaning Advent International will pay $33 per Forescout share, a rate that’s about 18% above Forescout’s closing price of $27.98 on Thursday. The company first went public in October 2017 at $22 a share. Forescout specializes in “device security,” a concept that allows companies to protect their share of any device connected to their networks. Its shares have fallen by some 12% over the past year, while the overall S&P 500 index has climbed by 22%, Silicon Valley Business Journal reported. The company’s fourth-quarter revenue grew 8% year-over-year to $91.3 million, propelled in part by a 14% jump in subscription revenue to $37.6 million. President and CEO Mike DeCesare will remain in charge, and Forescout’s headquarters will remain in San Jose, California.

WIRED
February 5, 2020
Workplace phones and routers have a long, storied history of very bad vulnerabilities. Now it's time again to add to the list: Researchers say that a crop of recently discovered flaws in Cisco enterprise products—like desk phones, web cameras, and network switches—could be exploited to penetrate deep into corporate networks. Because Cisco dominates the network equipment market, the bugs impact millions of devices. All software has flaws, but embedded device issues are especially concerning given the potential for espionage and the inherent complexity of patching them. These particular vulnerabilities, found by the enterprise security firm Armis, can also break out of the "segmentation" that IT managers use to silo different parts of a network, like a guest Wi-Fi, to cause widespread issues. Attackers could target a vulnerable Cisco network switch—which moves data around an internal network—to intercept large amounts of unencrypted, internal information and move between different parts of a target's system. Attackers could use related flaws, also disclosed by Armis, to attack batches of Cisco devices at once—like all the desk phones or all the webcams—to shut them down or turn them into eyes and ears inside a target organization.

Ars Technica
February 5, 2020
Facebook has issued a security advisory for a flaw in WhatsApp Desktop that could allow an attacker to use cross-site scripting attacks and read the files on MacOS or Windows PCs by using a specially crafted text message. The attacker could retrieve the contents of files on the computer on the other end of a WhatsApp text message and potentially do other illicit things. The flaw, discovered by researcher Gal Weizman at PerimeterX, is a result of a weakness in how WhatsApp's desktop was implemented using the Electron software framework, which has had significant security issues of its own in the past. Electron allows developers to create cross-platform applications based on Web and browser technologies but is only as secure as the components developers deploy with their Electron apps.

Security Week
February 5, 2020
Researchers have demonstrated an ability to compromise an IoT smart bulb, and then use malware from the internet-connected bulb to infiltrate the rest of a network -- regardless of whether that is a home or office. In 2016, earlier researchers were able to compromise Philips Hue lightbulbs with malicious firmware, and then propagate to other adjacent lightbulbs. The vendor was able to fix the propagation issue, but due to design issues was unable to fix the original vulnerability. Now researchers at Check Point have been able to use this initial vulnerability to compromise the lightbulb and use it as a platform to take over first the controlling bridge, and then -- using vulnerabilities in the ZigBee communication protocol -- to propagate to other devices on the network. ZigBee is a communication protocol that allows different smart products from different manufacturers to communicate with each other. Common users of Zigbee include Amazon Echo Plus, Samsung SmartThings, Belkin WeMo, and many more smart home devices. The Philips Hue lightbulb transmits and receives messages using Zigbee, and uses a device known as the bridge to receive commands. "Check Point's researchers," said the firm in a blog report, "showed how a threat actor could exploit an IoT network (smart lightbulbs and their control bridge) to launch attacks on conventional computer networks in homes, businesses or even smart cities."

Gov Info Security
February 5, 2020
Australian transportation and logistics firm Toll Group has confirmed that it sustained a ransomware attack earlier this month that forced to company to shut down several systems and led to delays in deliveries across the country. While Toll Group continues to recover from the ransomware attack that started Jan. 31, the firm has now deliberately shut down several systems, including customer-facing applications, as a precautionary measure to ensure that the malware does not spread, according to a statement released Tuesday. company officials say no personal data has been compromised. Toll Group, which is owned by Japan Post, has operations in over 50 countries and about 40,000 employees worldwide. The company does not plan to pay the ransom and is not engaging with the attacks, according to the Australian Financial Review.

CyberScoop
February 5, 2020
An ongoing campaign from an unidentified threat actor has been deploying seven different kinds of malware — including ransomware — at once against an estimated 500,000 targets over the past couple of months to steal as much money as possible, according to new research from Cybereason. The different kinds of malware deployed from just this one actor — which allows them to steal sensitive browser data, cookies, system information, two-factor authentication token information to bypass 2FA, and cryptocurrency from digital wallets — is “unprecedented,” Lior Rochberger, a security analyst at Cybereason, and Assaf Dahan, the head of threat research at Cybereason. The two released their findings on Wednesday. “The combination of so many different types of malware exfiltrating so many different types of data can leave organizations unworkable,” Rochberger and Dahan write. “This threat is able to compromise system security, violate user privacy, harm machine performance, and cause great damage to individuals and corporations by stealing and spreading sensitive information, all before infecting them with ransomware.” The attackers make their scheme work by exploiting code repository platform BitBucket to store and disperse the malware, according to Cybereason.

Bloomberg
February 4, 2020
Aon Plc bought closely held Canadian firm Cytelligence Inc. to help boost its ability to respond to and investigate attacks on computer systems. Aon picked up employees with cybersecurity consulting and digital forensic expertise, the London-based insurance brokerage and advisory firm said Tuesday in a statement that didn’t disclose terms. Cytelligence Chief Executive Officer Daniel Tobok will become the Canadian president at Aon’s cyber solutions group. Aon is seeking to expand its foothold in the market helping companies deal with cyber attacks, which are expected to cost the world $6 trillion annually by 2021, according to a 2019 report from Cisco Security and Cybersecurity Ventures. Aon boosted the cyber group more than three years ago with the purchase of risk-management firm Stroz Friedberg, and now is adding Cytelligence employees based in offices in Toronto, Ottawa, New York, San Francisco and Miami. “They have a very good capability that they have built in the digital-forensic and incident-response area,” J. Hogg, CEO of Aon’s cyber solutions group, said in an interview. The companies conducted at least one joint incident response together before the deal.

WIRED
February 3, 2020
Only a few times in the history of hacking has a piece of malicious code been spotted attempting to meddle directly with industrial control systems, the computers that bridge the gap between digital and physical systems. Those rare specimens of malware have destroyed nuclear enrichment centrifuges in Iran and caused a blackout in Ukraine. Now, a malware sample has surfaced that uses specific knowledge of control systems to target them with a far blunter, and more familiar, tactic: Kill the target's software processes, encrypt the underlying data, and hold it hostage. Over the last month, researchers at security firms including Sentinel One and Dragos have puzzled over a piece of code called Snake or EKANS, which they now believe is specifically designed to target industrial control systems, the software and hardware used in everything from oil refineries to power grids to manufacturing facilities. Much like other ransomware, EKANS encrypts data and displays a note to victims demanding payment to release it; the name comes from a string it plants as a file marker on a victim computer to identify that its files have already been encrypted. But EKANS also uses another trick to ratchet up the pain: It's designed to terminate 64 different software processes on victim computers, including many that are specific to industrial control systems. That allows it to then encrypt the data that those control system programs interact with. While crude compared to other malware purpose-built for industrial sabotage, that targeting can nonetheless break the software used to monitor infrastructure, like an oil firm's pipelines or a factory's robots. That could have potentially dangerous consequences, like preventing staff from remotely monitoring or controlling the equipment's operation.

CyberScoop
February 3, 2020
Looks can be deceiving when a security researcher first studies a piece of code. What might seem mundane or straightforward on the surface — an insecure log-in page, for example — can lead to unexpected results when a security practitioner digs deeper. Without humans scanning for vulnerabilities, bugs are left to fester, and can be exploited to cause real issues if they fall into the wrong hands. That lesson lingers in Ken Pyle’s mind. During a security test for a client last year, Pyle, a partner at the security company DFDR Consulting, examined a networking switch made by Cisco. The equipment is popular with small businesses, including the managed service providers that handle remote connections, because it allows organizations to administer multiple devices across a network. What started as a simple web application vulnerability, upon closer inspection, turned out to be two previously-unreported flaws affecting hundreds of thousands of devices, according to Pyle, from routers and printers to cable modems. One bug is a denial-of-service vulnerability that a hacker could use to take the switches, and the networks that rely on them, offline. Another flaw could reveal sensitive information about a switch’s configuration. Cisco issued patches for the issues on Jan. 29, and the Department of Homeland Security has urged enterprises to apply those fixes.

The Times
February 2, 2020
High street banks are still not offering online foreign exchange facilities a month after Travelex was laid low by a cyber-attack. The ransomware attack on New Year’s Eve crippled Travelex, which provides foreign exchange services for banks and supermarkets, leaving them unable to offer many travel money services. Banks that use Travelex include HSBC, Barclays, RBS and Virgin Money, as well as the banking operations of Tesco and Sainsbury’s. It took Travelex — part of the listed Finablr group — until the end of last week to restore its own online service. Even so, a message on Travelex’s website yesterday still said it was unable to offer “our full range of services and products at this time.”


INTERNATIONAL

The New Zealand Herald
February 7, 2020
Emails apparently sent and received by Auckland mayor Phil Goff over a 12-year period have been offered with a $20,000 price tag and appear to contain deeply personal information alongside council and Parliamentary work. Communications sent to the Herald suggest there has been a complete grab of Goff's inbox and sent folders. Among many other topics, they appear to include fundraising plans for Goff's mayoral bid, "confidential" polling data during last year's campaign and sensitive business information. The seller claims to have more than 15,000 emails from an Xtra account in Goff's name with the database spanning from 2007 to 2019. Evidence sent by the seller and examined by the Herald appears to confirm the claims. It is unknown if the seller has offered the emails to other businesses or individuals.

AP
February 6, 2020
A judge in Brazil’s capital on Thursday dismissed accusations that journalist Glenn Greenwald was involved in hacking phones of officials, following weeks of criticism that his prosecution would infringe on constitutional protections for the press. Prosecutors last month leveled accusations that Greenwald helped a group of six people hack into phones of hundreds of local authorities, saying his actions amounted to criminal association and illegal interception of communications. Since last year, Greenwald’s online media outlet The Intercept Brasil has published a series of excerpts from private conversations on a messaging app involving current Justice Minister Sérgio Moro. The attempt by prosecutors to criminalize Greenwald’s work had prompted swift backlash from national and foreign journalist associations, freedom of expression advocates and Brazil’s national bar association. Those groups said prosecutors were abusing their power to persecute Greenwald, an attorney-turned-journalist who lives with his husband and children in Rio de Janeiro. Greenwald’s lawyers called the allegations “bizarre” and said they challenged a previous ruling in the case by the Brazilian Supreme Court protecting freedom of the press.

Reuters
February 6, 2020
Saudi Aramco has seen an increase in attempted cyber attacks since the final quarter of 2019, which the company has so far successfully countered, the state oil giant’s chief information security officer told Reuters on Thursday. “Overall there is definitely an increase in the attempts of (cyber) attacks, and we are very successful in preventing these attacks at the earliest stage possible,” Khalid al-Harbi told Reuters in a telephone interview. “The pattern of the (cyber) attacks is cyclical, and we are seeing that the magnitude is increasing, I would suspect that this will continue to be a trend,” he said, without giving further details on who was behind the attacks. Saudi Arabia has been the target of frequent cyber attacks, including the “Shamoon” virus, which cripples computers by wiping their disks and has hit both government ministries and petrochemical firms, the latest of these was in 2017. Aramco, which pumps 10% of global oil supply, experienced its largest cyber attack to date in August 2012, when a Shamoon virus attack damaged around 30,000 computers and was aimed at stopping oil and gas production at the biggest OPEC exporter.

The Guardian
February 6, 2020
The British government is helping a controversial Israeli spyware company to market its surveillance technologies at a secretive trade fair visited by repressive regimes, the Guardian can reveal. The government will host the NSO Group, which sells technology that has allegedly been used by autocratic regimes to spy on the private messages of journalists and human rights activists, at the closed Security and Policing trade fair in Hampshire next month. The NSO Group is due to be an exhibitor at the three-day fair, where police and security officials from abroad can browse commercial stalls selling surveillance and crowd-control equipment. Around 60 foreign delegations are typically hosted by the British government to the fair. In the last four years they have included countries whose human rights records have been criticised such as Saudi Arabia, Egypt, the UAE, Oman, Qatar and Hong Kong. The identities of this year’s delegations are not known as they are usually announced on the opening day of the fair.

CyberScoop
February 6, 2020
A hacking group that private researchers have linked with Chinese interests has successfully targeted Malaysian government officials in an apparent data-stealing espionage campaign, cybersecurity officials in the Southeast Asian nation said this week. The Malaysian Computer Emergency Response Team, a government-backed organization, said it had “observed an increase in [the] number of artifacts and victims involving a campaign against Malaysian government officials.” The hackers have tended to target government-backed projects in an effort to steal reams of data on proposal and shipping information, the Malaysian officials said. To do that, the attackers have exploited a pair of old vulnerabilities, one dating back to 2014, in Microsoft products to compromise their targets. The advisory did not explicitly name the hacking group responsible. But the data it cited, including private-sector reports, point to a state-sponsored group known as APT40 or Leviathan.

Reuters
February 5, 2020
When Iranian-born German academic Erfan Kasraie received an email from The Wall Street Journal requesting an interview, he sensed something was amiss. The Nov. 12 note purportedly came from Farnaz Fassihi, a veteran Iranian-American journalist who covers the Middle East. Yet it read more like a fan letter, asking Kasraie to share his “important achievements” to “motivate the youth of our beloved country.” “This interview is a great honor for me,” the note gushed. Another red flag: the follow-up email that instructed Kasraie to enter his Google password to see the interview questions. The phony request was in reality an attempt to break into Kasraie’s email account. The incident is part of a wider effort to impersonate journalists in hacking attempts that three cybersecurity firms said they have tied to the Iranian government, which rejected the claim. The incidents come to light at a time when the U.S. government has warned of Iranian cyber threats in the wake of the U.S. air strike that killed Iran’s second most powerful official, Major-General Qassem Soleimani.


TECHNOLOGY

ZDNet
February 6, 2020
Academics from Israel have detailed and demoed a new method for stealing data from air-gapped computers. The method relies on making small tweaks to an LCD screen's brightness settings. The tweaks are imperceptible to the human eye, but can be detected and extracted from video feeds using algorithmical methods. Named BRIGHTNESS, the attack was designed for air-gapped setups -- where computers are kept on a separate network with no internet access. Air-gapped computers are often found in government systems that store top-secret documents or enterprise networks dedicated to storing non-public proprietary information. Creative hackers might find a way to infect these systems -- such as using an infected USB thumb drive that's plugged into these systems -- but getting data out of air-gapped networks is the harder part. This is where a team of academics at the Ben-Gurion University of the Negev in Israel have specialized themselves. For the past few years, they've been studying ways of extracting data from already-infected air-gapped systems.

Ars Technica
February 4, 2020
Sudo, a utility found in dozens of Unix-like operating systems, has received a patch for a potentially serious bug that allows unprivileged users to easily obtain unfettered root privileges on vulnerable systems. The vulnerability, tracked as CVE-2019-18634, is the result of a stack-based buffer-overflow bug found in versions 1.7.1 through 1.8.25p1. It can be triggered only when either an administrator or a downstream OS, such as Linux Mint and Elementary OS, has enabled an option known as pwfeedback. With pwfeedback turned on, the vulnerability can be exploited even by users who aren't listed in sudoers, a file that contains rules that users must follow when using the sudo command. Sudo is a powerful utility that’s included in most if not all Unix- and Linux-based OSes. It lets administrators allow specific individuals or groups to run commands or applications with higher-than-usual system privileges. Both Apple’s macOS and Debian distributions of Linux received updates last week.