CyberWire Daily - ISIS inspiration in exile. Facebook’s Sunday outage. A Microsoft IE bug, and a web-mail breach. Issues with VPNs. Last minute tax scams. Oculus Easter eggs.
Episode Date: April 15, 2019An ISIS hard drive suggests the Caliphate’s plans for inspiration as it enters exile. Facebook’s Sunday outage remains unexplained. Microsoft deals with a breach in its consumer web mail products.... A researcher drops an Internet Explorer zero-day that may affect you even if you don’t use IE. CISA warns of bugs in widely used VPNs. Last minute Tax Day online scams. Security pros advocate poor restroom hygiene. Easter eggs in Oculus. Joe Carrigan from JHU ISI on research from Tenable on Verizon FIOS router vulnerabilities. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_15.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
An ISIS hard drive suggests the caliphate's plans for inspiration as it enters exile.
Facebook's Sunday outage remains unexplained.
Microsoft deals with a breach in its consumer webmail products.
A researcher drops an Internet Explorer zero-day
that may affect you even if you don't use IE.
CISA warns of bugs in widely used VPNs.
Last-minute tax-day online scams.
Security pros advocate poor restroom hygiene.
And Easter eggs in Oculus.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Monday, April 15th, 2019.
We begin with a brief note on ISIS and its attempt to resume inspiration operations online following its effective expulsion from the territory it had controlled in Syria.
According to the Times of London, the contents of a dropped hard drive
show the caliphate retains its lethal intentions, even in its present stateless diaspora.
The Paris massacre at the Bataclan
concert hall in 2015 and the New York murders by truck in 2017 are viewed as templates for
angry and disaffected jihadists to use against the Dal al-Harb going forward.
Facebook, Instagram, WhatsApp, and Messenger were down for several hours yesterday,
the second major disruption the social network has suffered in roughly a month, and the third so far this year.
Many outlets have been quoting the only explanation Facebook has offered so far,
quote, earlier today some people may have experienced trouble connecting to the family
of apps. The issue has since been resolved. We're sorry for any inconvenience, end quote.
No cause or explanation
yet, but most observers think this most recent outage was less severe than the one that hit in
mid-March. TechCrunch reported Saturday that Microsoft has acknowledged that a limited number
of Redmond's webmail services had their accounts compromised. The incident, which occurred between
January 1st and March 28th, arose when a customer
support agent's credentials to a support portal were compromised. Microsoft advises affected users,
whom it's notified, to change their passwords. Enterprise users are believed to be unaffected,
but people who use these services for personal accounts should be aware of the data that were
compromised. These include email addresses, the names of folders, email subject lines,
and those email addresses the affected users communicate with.
The data do not include, according to Microsoft, the contents of any emails or attachments.
Also unaffected, apparently, are login credentials.
The breach carries with it the usual attendant risk of derivative phishing,
so be on the lookout, whether you are among the affected users or not,
for more or less plausible approaches designed to spook you into following a link
or opening an attachment with a webmail theme.
Researcher John Page released a proof-of-concept Microsoft Internet Explorer Zero Day
after Microsoft declined to patch it, deferring corrective action until some unspecified later time.
ZDNet reports that the vulnerability could enable file exfiltration.
Page says the proof-of-concept affects Windows 7, Windows 10, and Windows Server 2012 R2.
You might feel reassured if you don't use Internet Explorer,
and many no longer do. The browser has steadily lost market share over recent years. But you
should still be on your guard. You might not be interested in IE, but IE is interested in you.
That is, if you're a Windows user, whatever browser you use. Windows still uses IE to open MHT files, so don't trust suspicious or
questionable MHT files, particularly if they arrive as an attachment to an email.
On Friday, CISA announced that CERT-CC, the CERT Coordination Center, had issued a warning
about vulnerabilities in several widely used virtual private network applications.
CertCC says the applications store the authentication and or session cookies insecurely in memory and or log files.
The affected products include Palo Alto Network's Global Protect Agent 4.1.0 for Windows
and Global Protect Agent 4.1.1 and earlier for macOS,
and Pulse Secure Connect Secure prior to 8.1.R14, 8.2, 8.3.R6, and 9.0.R2,
and Cisco AnyConnect 4.7 and prior versions.
F5 says its big IP APM system was vulnerable under rare circumstances, but that users should implement multi-factor authentication.
Palo Alto Networks has a patch for Global Protect version 4.1.1.
CERT doesn't know about the others, but thinks the problem may be generic to VPNs.
Today is tax day in the U.S., and as the dazed, confused, or dilatory scramble to file,
they should know that the scammers are prepared to take advantage of the procrastinator's reduced capacity to defraud them.
Zscaler shares some 11th hour advice.
You should be aware of IRS login phishing, in which you receive an email that takes you to a fairly convincing imitation of an IRS page,
where you will, of course, be invited to enter the credentials you and many like you use when you file online.
It's worth noting that the U.S. Internal Revenue Service is only one of the prominent brands social engineers are vigorously impersonating.
We've already mentioned Microsoft.
But then there's the fake Apply for EIN scam and Google SEO poisoning, which gets bogus
ads for bogus employer identification numbers served up piping hot at the top of Google search
results. Don't go there. And if you're in the UK, there's still time to fall victim to the tax
refund phishing campaign. Be wary and don't let your fear and grogginess at, say, 11.30 local time tonight
cloud your judgment. And happy filing. A survey of information security professionals sponsored
by Lastline indicates that most of them would rather walk barefoot across a public restroom
than use public Wi-Fi. We weren't aware that was the alternative, but okay. Noted.
And thanks for the nice image.
We'll be keeping our shoes on in any case.
By the way, the survey was conducted at RSA, and we must say that the restrooms there were indeed cleaner than the Wi-Fi, so maybe last line has a point.
Still, shoes on, kids.
All your headsets are belong us.
Do developers' goofball messages count as a supply chain hack?
Facebook is embarrassed by messages embedded in Oculus VR pre-production controllers
by Oculus developers.
This space for rent, the Masons were here,
Big Brother is watching, and hi, iFixit, we see you.
The girls and boys are just yucking it up and having fun,
but Facebook would rather this hadn't happened.
We should note that the messages are physical messages imprinted in the hardware,
not virtual messages that will display before your eyes in either virtual or augmented reality.
They're not, Oculus and its parent Facebook stress, going to appear in consumer models,
but if you get your hands on one of the tens of thousands of prototypes,
you should know that it's not the Illuminati signaling their imminent takeover.
It's just some playful Easter eggs.
Nate Mitchell, co-founder of Oculus and VR product boss at Facebook, tweeted,
Unfortunately, some Easter egg labels meant for prototype
accidentally mated onto the internal hardware for tens of thousands of touch controllers.
While I appreciate Easter eggs, these were inappropriate and should have been removed.
The integrity and functionality of the hardware were not compromised,
and we've fixed our process so this won't happen again.
End quote.
We think the Masonic reference would have been better and more believable
if it had said,
the Shriners were here. a buzzword. It's a way of life. You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together. Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And joining me once again is Joe Kerrigan. He's from the Johns Hopkins University Information
Security Institute, and he is also my co-host on the Hacking Humans podcast.
Joe, it's great to have you back. It's good to be back, Dave.
We saw some news come by from the folks at Tenable
about some vulnerabilities they discovered
on some Verizon routers.
What's going on here?
So the Verizon Fios routers,
these are the routers that you get in your house
when you get the Verizon service.
Yep.
I probably have one in my house.
Yes, I actually don't because I'm not on Verizon right now.
Okay.
But they've found these vulnerabilities that let people come in and they can change firewall rules on the router and change parental settings on the firewall as well.
They can also start making a map of your network.
Right.
So there's three vulnerabilities here that they've published with the MITRE CVE system.
But, you know, we talk about this frequently. what's being done to protect the average person here.
Now, Verizon has advised that there's a new firmware update that's going to address these issues,
but it's going to be rolled out automatically too.
But I don't know when that's happening.
There's nothing in here that says that's already happened.
I imagine that Tenable followed the responsible disclosure process here.
Imagine that Tenable followed a responsible disclosure process here.
How do you feel about that sort of thing with an update being rolled out automatically?
Well, technically the router is Verizon property.
Okay.
So it's their responsibility to roll those out automatically, I would say.
That would be my argument.
Yeah.
And they should do it quickly.
Okay.
Now, how can you protect yourself against this? This is the problem, the question
that everybody's wondering. And what I've done is I've bought another router. Okay. I was going to
ask you about that. So can you put another ring in the moat around the house, basically? Right.
I've talked about this before. I use Comcast right now. Here in our area, we're fortunate enough to
have a choice of which ISP we can use. So right now I'm using
Comcast. I'll probably go back to Verizon at some point in the future. The Comcast modem is a cable
modem and it sits outside of my network perimeter. It is not a trusted device. I don't trust it.
And I have another router on the inside of that, which I maintain and which I update the firmware
for. I take personal responsibility for it.
I don't rely on another company to do that.
Now, additionally, because this physical piece of property is the property of your ISP,
they actually have the ability to come into it themselves as well.
Right.
You don't know what that means, and you have no idea if you should trust that.
But if they come in, they're going to see that one device is connected to their router or to their cable
modem and that they can't get past that because it doesn't allow access from the outside of
the network.
So if you have the sophistication where you think you can handle this sort of thing, and
it's not terribly complicated.
It's not really terribly complicated. So if you just get a basic router from one of the many router companies available out there
and put it on your network and then just make sure that that external login is not enabled,
you'll be a lot better off. So there's no way for somebody else to even see a web interface
on your router if they're coming in from the compromised router. And I guess this points to
that thing we've talked about before, where it's not so much that you have to make your place impenetrable.
Right.
It's that you make it less penetrable than the guy next door.
Right.
It's like the burglar alarm on your house.
If you have a burglar alarm on your house, then the neighbor who doesn't have the burglar alarm is the one that gets robbed.
Right.
Verizon is saying here to confirm that your device is updated to the latest version.
And if you have any questions, contact Verizon.
But in the meantime, probably good advice to go out there and get yourself a secondary router.
I would recommend that.
All right. Joe Kerrigan, thanks for joining us.
My pleasure, Dave.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely. And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The CyberWire podcast is proudly produced in Maryland
out of the startup studios of DataTribe,
where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing CyberWire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen, Nick Valecki, Gina Johnson, Bennett Moe, Chris Russell, John Petrick, Jennifer Iben, Rick Howard, Peter Kilby, and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.