This Week in Cybersec Headlines, 26 JAN 2018

of Hawaii Data Breach Affects 2,400, CSCC article

Russian government inspected source code for Symantec, McAfee, other software used US government

Reuters, Tech firms let Russia probe software widely used by U.S. government

“Major global technology providers SAP (SAPG.DE), Symantec (SYMC.O) and McAfee have allowed Russian authorities to hunt for vulnerabilities in software deeply embedded across the U.S. government, a Reuters investigation has found.”

SC Media, Global tech firms let Russian defense agency peek into source code to search for flaws

“To do business with Russia, U.S. tech companies often must obtain certification from the country’s Federal Service for Technical and Export Control (FSTEC), the FSB, the Russian intelligence agency, and other agencies.”

RATANKA, North Korea-Linked Lazarus Targets Cryptocurencies

Trend Micro, Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More

“The malware known as RATANKBA is just one of the weapons in Lazarus’ arsenal. This malicious software, which could have been active since late 2016, was used in a recent campaign targeting financial institutions using watering hole attacks.”

Security Week, North Korea-linked Lazarus Hackers Update Arsenal of Hacking Tools

Dutch Intelligence Service Spied into Cozy Bear’s Networks During the 2016 US Elections

Volkskrant.nl, Dutch agencies provide crucial intel about Russia’s interference in US-elections

“Hackers from the Dutch intelligence service AIVD have provided the FBI with crucial information about Russian interference with the American elections. For years, AIVD had access to the infamous Russian hacker group Cozy Bear.”

FinFisher Cracked?

SC Media, Elusive FinFisher spyware can finally be cracked, researchers believe

ESET, We Live Security blog, ESET’s guide makes it possible to peek into FinFisher

Maersk chair describes NotPetya Aftermath

The Register, IT ‘heroes’ saved Maersk from NotPetya with ten-day reinstallation bliz

“Speaking on a panel at the World Economic Forum this week, Møller-Maersk chair Jim Hagemann Snabe detailed the awful toll of the ransomware epidemic as necessitating the reinstall ‘4,000 new servers, 45,000 new PCs, and 2,500 applications’… ‘And that was done in a heroic effort over ten days,’ he said.”

Social Media and Foreign Interference

Twitter, Update on Twitter’s Review of the 2016 U.S. Election

“As previously announced, we identified and suspended a number of accounts that were potentially connected to a propaganda effort by a Russian government-linked organization known as the Internet Research Agency (IRA).” “In total, during the time period we investigated, the 3,814 identified IRA-linked accounts posted 175,993 Tweets, approximately 8.4% of which were election-related.”

Reuters. Facebook: Russian agents created 129 U.S. election events

“Facebook Inc said Russian agents created 129 events on the social media network during the 2016 U.S. election campaign, according to testimony to Congress”

Washington Post, Russians got tens of thousands of Americans to RSVP for their phony political events on Facebook

Washington Post, Twitter to tell 677,000 users they were had by the Russians. Some signs show the problem continues

“Twitter says it will notify nearly 700,000 users who interacted with accounts the company has identified as potential pieces of a propaganda effort by the Russian government during the 2016 presidential election.”

In Other News

Dark Reading, Industrial Safety Systems in the Bullseye

Triton/TRISIS article

Infosecurity Magazine, Mastercard to Implement Biometrics for In-Store Card Payments

“The financial giant said that all consumers will be able to identify themselves with biometrics such as fingerprints or facial recognition whenever they pay in stores with Mastercard.”

Infosecurity Magazine, High-Profile Twitter Accounts Hit by Turkish Propaganda Campaign

CyberScoop, New global cybersecurity center announced at Davos

“The World Economic Forum announced plans Wednesday to launch a new coordinating group to counter emerging cybersecurity threats and help connect leaders from business and government to collaborate on various security issues as well as share best practices.Named the “Global Centre for Cybersecurity,” the loosely defined, Geneva-based organization will act as a sort of independent, multinational cyberthreat information sharing platform for companies to improve digital security writ [sic] large”