Top of the Cyber News (19th Jan 2019)

Cyber Thieves Targeting West African Banks(January 17, 2019)
 Symantec says that cybercriminals have been targeting West African banks since mid-2017. The attackers have been using off-the-shelf malware to establish a persistent presence in the banks’ systems and to exfiltrate data. The attacks have hit banks in Cameroon, the Democratic Republic of Congo, Ghana, Equatorial Guinea, and Côte d’Ivoire.
 Read more in:
: West African banks targeted in multi-wave attack
– Security firm identifies cyberattacks on West African financial groups
– Banks in West Africa Hit with Off-The-Shelf Malware, Free Tools

Oklahoma Government Server Exposed Sensitive Data(January 16 & 17, 2019)
 An inadequately secured server at the Oklahoma Department of Securities (ODS) exposed confidential data, including Social Security numbers, the names and conditions of AIDS patients, and information related to FBI investigations. The server was open, allowing anyone to download data. ODS removed public access to the server the same day that it learned of the problem.
 Read more in:
: Oklahoma gov data leak exposes FBI investigation records, millions of department files
– Oklahoma server exposes information on FBI investigations and AIDS patients
– Out of Commission: How the Oklahoma Department of Securities Leaked Millions of Files

US Authorities Gained Cooperation of Drug Kingpin’s IT Specialist(January 8 & 16, 2019)
 With the help of an IT specialist turned informant, authorities in the US were able to obtain damaging evidence to use in the trial of alleged Mexican drug kingpin Joaquín Guzmán (El Chapo). Christian Rodriguez developed a secure communications product for Guzmán; authorities managed to requite Rodriguez’s cooperation and obtain encryption keys that allowed them to listen to Guzmán’s phone conversations.
 Read more in:
: El Chapo Trial: How a Colombian I.T. Guy Helped U.S. Authorities Take Down the Kingpin
– Feds flip El Chapo’s IT Consultant to gain drug lord’s encryption keys

Oracle Quarterly Update(January 16, 2019)
 Oracle released 284 security fixes in its January 2019 quarterly Critical Patch Update. The patches address issues in Enterprise Manager Products Suite, MySQL, Fusion Middleware products, PeopleSoft and other products.
 Read more in:
: Oracle issues 248 patches with new quarterly security update
– Oracle Critical Patch Update Advisory – January 2019
DOJ Reportedly Investigating Huawei for Alleged Theft of Trade Secrets(January 16, 2019)
 The US Department of Justice (DOJ) is conducting a criminal investigation of Huawei Technologies for allegedly stealing trade secrets from business partners in the US. DOJ is reportedly close to filing an indictment in the case. Last week, Polish authorities arrested a Huawei employee on espionage charges, and in December, the company’s chief financial officer (CFO) was arrested in Canada at the behest of US authorities for alleged violation of trade sanctions against Iran. (Please note that this WSJ story is behind a paywall.)
 Editor’s Note

Cisco sued Huawei back in 2003, claiming theft of intellectual property, and settled in 2004 when Huawei agreed to replace the offending code and documentation. If there is evidence a repeat of this kind of illegal behavior, they should be charged and if found guilty, enterprises should remove them from supplier lists. But, quite often reports of “pursuing” or “investigating” never result in actual charges, let alone guilty findings.
Read more in:
: Report: DOJ pursuing criminal charges against Huawei for theft of tech
– Federal prosecutors investigating Huawei for allegedly stealing trade secrets: report
– Huawei Targeted in U.S. Criminal Probe for Alleged Theft of Trade Secrets (paywall)
DOJ Charges Two in Connection with Securities and Exchange Commission EDGAR Hack(January 15, 2019)
 The US Department of Justice (DOJ) has charged two Ukrainian men with securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud, and computer fraud for their alleged roles in the the 2016 breach of the Securities and Exchange Commission’s (SEC’s) Electronic Data Gathering, Analysis, and Retrieval (EDGAR) financial filing system. The men allegedly sold the information to others who in turn allegedly used the privileged information to conduct financial transactions. In addition, the US Securities and Exchange Commission (SEC) has charged nine people in connection with the scheme.
 Read more in:
: SEC charges nine in 2016 EDGAR hack, insider trading scheme
– Ukrainian nationals charged with hacking SEC docs in $4.1 million scam
– Nine defendants charged in SEC hacking scheme that netted $4.1 million
– Two Ukrainian Nationals Indicted in Computer Hacking and Securities Fraud Scheme Targeting U.S. Securities and Exchange Commission
– Indictment (PDF)
– Complaint filed in United States District Court District of New Jersey (PDF)

Louisiana Introduces Digital Driver’s Licenses(January 15, 2019)
 Drivers in the US state of Louisiana now have the option of obtaining a digital driver’s license, or DDL. Louisiana’s DLL launched in July 2018. While law enforcement will accept the DDL as a valid identification document, other entities, such as retail stores are not required to accept it. Louisiana’s DDL is not currently accepted by TSA. Several other US states are in various stages of developing similar systems.   
 Editor’s Note

The Food Court in Vanderbilt Hall of Grand Central Terminal now has signs that say “Cashless.” One now gets messages from one’s trading partners announcing that “paperless” is the default. A digital driver’s license will be more convenient for drivers and law enforcement officers. It implies electronic access to a database of authorized drivers, “wants and warrants,” and other information useful to arresting officers.

Don’t forget to continue to carry a physical ID until adoption is wide-spread and reciprocity is in place. Digital Drivers Licenses are in various stages of development in several states, including Iowa, Idaho, Colorado, Maryland and the District of Columbia, but none has a statewide rollout. The piloted security features explored include remote revocation by the DMV, encryption at rest/transit and biometric authentication to access the license or transmission of that information. As the states are using different solution providers including Gemalto and IDEMIA, interoperation and equivalent protections are going to be key.

Yup, that tiny sliver of plastic is a burden to carry around. People don’t write phone apps from scratch, they use Software Development Kits, (SDKs), and some of these are very intrusive. if my DDL will not work unless location is turned on, that would tell me not to keep this app.
Read more in:
: Louisiana Enters the Era of the Digital Driver’s License

Clarification: Shutdown Affecting Government Web Security Certificate Renewal(January 17, 2019)
 In Tuesday’s NewsBites, we ran a story about how the partial US government shutdown is affecting agency website security. To clarify a point, the expired certificates are affecting the availability of some web pages, including payment portals and remote access services, at some agencies.
 Editor’s Note

Perhaps maintaining these certificates should be part of the core operations performed when operating on a skeleton crew during a shutdown or other crisis.
Read more in:
: The shutdown is breaking government websites, one by one

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.