Advance your Career with Hands-on Cyber Security Training in San Francisco. Save $350 thru 5/29.

Newsletters: Newsbites

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.





SANS NewsBites
@Risk: Security Alert
OUCH! Security Awareness
Case Leads DFIR Digest
Industrial Control Systems
Industrials & Infrastructure


SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume XXI - Issue #37

May 10, 2019

Chinese Hackers Used NSA Tool a Year Leak; NSA/DHS CAEs Take 55 of Top 100 in Cyber Talent; Baltimore Ransomware; Verizon 2019 Breach Report




****************************************************************************

SANS NewsBites                 May 10, 2019                Vol. 21, Num. 037

****************************************************************************

TOP OF THE NEWS

  Chinese Hackers Were Using NSA Hacking Tool a Year Before it was Leaked by Shadow Brokers

  NSA/DHS Centers of Academic Excellence Take 55 of the Top 100 Rankings in Cyber Talent

  Baltimore City Systems Hit with Ransomware

  Verizon 2019 Data Breach Investigations Report


REST OF THE WEEK'S NEWS       

  Binance Cryptocurrency Exchange Loses Millions to Theft

  CIA Sets Up .onion Website

  NYC Apartment Building Tenants Get Physical Keys in Settlement

  Wolters Kluwer Tax and Accounting Software Applications Offline After Cyberattack

  Cisco Releases Updates to Fix Vulnerability in Elastic Services Controller

  Google Chrome History Manipulation Intervention Feature Will Prevent Back Button Interference

  Microsoft Advice on Improving Identity Management

  Alleged FIN7 Leader to be Extradited to US

  Indictment Unsealed in Anthem Case

  NSA/DHS CAE Preliminary Results


INTERNET STORM CENTER TECH CORNER


********************************************

CYBERSECURITY TRAINING UPDATE



-- SANSFIRE 2019 | Washington, DC | June 15-22 | https://www.sans.org/event/sansfire-2019


-- SANS Amsterdam May 2019 | May 20-25 | https://www.sans.org/event/amsterdam-may-2019


-- SANS San Antonio 2019 | May 28-June 2 | https://www.sans.org/event/san-antonio-2019


-- SANS London June 2019 | June 3-8 | https://www.sans.org/event/london-june-2019


-- Enterprise Defense Summit & Training 2019 | Redondo Beach, CA | June 3-10 | https://www.sans.org/event/enterprise-defense-summit-2019


-- Security Operations Summit 2019 | New Orleans, LA | June 24-July 1 | https://www.sans.org/event/security-operations-summit-2019


-- SANS Cyber Defence Canberra 2019 | June 24-July 13 | https://www.sans.org/event/cyber-defence-canberra-2019


-- SANS Cyber Defence Japan 2019 | July 1-13 | https://www.sans.org/event/cyber-defence-japan-2019


-- SANS Rocky Mountain 2019 | Denver, CO | July 15-20 | https://www.sans.org/event/rocky-mountain-2019


-- SANS OnDemand and vLive Training

Get an iPad, Samsung Galaxy Tab A, or $250 Off with OnDemand or vLive training. Offer ends May 15.

https://www.sans.org/online-security-training/specials/


-- Can't travel? SANS offers online instruction for maximum flexibility

-- Live Daytime training with Simulcast - https://www.sans.org/simulcast

-- Evening training 2x per week for 6 weeks with vLive | https://www.sans.org/vlive

-- Anywhere, Anytime access for 4 months with OnDemand format | https://www.sans.org/ondemand/


Single Course Training

-- Single Course Training

SANS Mentor | https://www.sans.org/mentor/about

Community SANS | https://www.sans.org/community/

 

-- View the full SANS course catalog and Cyber Security Skills Roadmap

https://www.sans.org/courses

https://www.sans.org/cyber-security-skills-roadmap


*************************  Sponsored By Sentryo  ***************************

Don't Miss "Not sure that you need OT Cybersecurity? A Sentryo Assessment can quickly provide the data and guidance that you need." with Tim Conway. Learn how Sentryo is working with world-class partners to offer a unique Risk Assessment Service that provides all IT and OT management and stakeholders in an organization clear analysis and insights about their cyber security posture highlighting the potential vulnerabilities and/or threats that require attention. Register: http://www.sans.org/info/212715

*****************************************************************************


TOP OF THE NEWS

 --Chinese Hackers Were Using NSA Hacking Tool a Year Before it was Leaked by Shadow Brokers

(May 7 & 8, 2019)

Research from Symantec shows that a Chinese hacking group were using NSA hacking tools a year before Shadow Brokers leaked the cache of tools to the Internet. The Chinese hackers appear to have captured and reverse-engineered the tools, illustrating a lesson of cyberwarfare: hacking an adversary gives them access to the cybertools used.


Read more in:

Wired: The Strange Journey of an NSA Zero-Day--Into Multiple Enemies' Hands

https://www.wired.com/story/nsa-zero-day-symantec-buckeye-china/

Threatpost: Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak

https://threatpost.com/chinese-spies-stole-nsa-cyberweapons/144446/

The Register: Remember those stolen 'NSA exploits' leaked online by the Shadow Brokers? The Chinese had them a year before

https://www.theregister.co.uk/2019/05/07/equation_group_tools/

SC Magazine: Researchers: Chinese APT group used stolen NSA tools prior to Shadow Brokers leak

https://www.scmagazine.com/home/security-news/researchers-chinese-apt-group-used-stolen-nsa-tools-prior-to-shadow-brokers-leak/

Ars Technica: Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak

https://arstechnica.com/information-technology/2019/05/stolen-nsa-hacking-tools-were-used-in-the-wild-14-months-before-shadow-brokers-leak/

Dark Reading: How a Chinese Nation-State Group Reverse-Engineered NSA Attack Tools

https://www.darkreading.com/attacks-breaches/how-a-chinese-nation-state-group-reverse-engineered-nsa-attack-tools/d/d-id/1334632

 
 

--NSA/DHS Centers of Academic Excellence Take 55 of the Top 100 Rankings in Cyber Talent

(May 10, 2019)

In the 27-state Governor's Cyber Fast Track talent identification program, colleges that are designated NSA/DHS Center of Academic Excellence with more than 700 students moving to the elite round that begins May 20.  Rankings of CAE schools by state are provided at the end of this issue.

To read more: www.cyber-fasttrack.org



 --Baltimore City Systems Hit with Ransomware

(May 7, 8, & 9, 2019)

The computer network of the city of Baltimore, Maryland, has been hit with ransomware. Core services, such as first responders and 311, a non-emergency help number for city services, remain available, but many other services, including the Department of Public Works and the Department of Transportation have been affected by the incident. Baltimore mayor Bernard Young said that the city has shut down most of its servers "out of an abundance of precaution."


Read more in:

Baltimore Sun: Baltimore ransomware attack: Here's what's working and what's not in city government

https://www.baltimoresun.com/news/maryland/baltimore-city/bs-md-ci-city-agencies-ransomware-20190509-story.html

SC Magazine: Baltimore struck with Robbinhood ransomware, city servers down

https://www.scmagazine.com/home/security-news/ransomware/baltimore-struck-with-robbinhood-ransomware-city-servers-down/

Ars Technica: "RobbinHood" ransomware takes down Baltimore City government networks

https://arstechnica.com/information-technology/2019/05/baltimore-city-government-hit-by-robbinhood-ransomware/

The Hill: Baltimore hit by ransomware attack

https://thehill.com/policy/cybersecurity/442562-baltimore-hit-by-ransomware-attack


 

--Verizon 2019 Data Breach Investigations Report

(May 8 & 9, 2019)

Verizon has released its 2019 Data Breach Investigations Report. Social engineering attacks targeting C-level executives, attacks on cloud-based email servers, and payment card web app compromises all increased over the past year. Ransomware accounted for nearly 24 percent of malware infections. The report is based "on real-world data from 41,686 security incidents and 2,013 data breaches provided by 73 data sources, both public and private entities, spanning 86 countries worldwide."


[Editor Comments]


[Honan] The Verizon DBIR is the number one on my list of threat reports.


[Neely] If nothing else, read the executive summary: it's a quick read which can help you focus on areas relevant to your industry. Takeaways include increased wins for systems using chip and pin payment cards as well a reduction of clicking on suspicious links, although much of that clicking now happens on mobile devices.


Read more in:

SC Magazine: Verizon Breach Report: Attacks on top executives and cloud-based email services increased in 2018

https://www.scmagazine.com/home/security-news/verizon-breach-report-attacks-on-top-executives-and-cloud-based-email-services-increased-in-2018/

Threatpost: Verizon Data Breach Report: Espionage, C-Suite and Cloud Attacks on the Rise

https://threatpost.com/verizon-dbir-espionage-c-suite-cloud/144486/

Verizon: 2019 Data Breach Investigations Report - Executive Summary

https://enterprise.verizon.com/resources/executivebriefs/2019-dbir-executive-brief.pdf

Verizon: 2019 Data Breach Investigations Report - Full Report

https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf


****************************  SPONSORED LINKS  ******************************


1) Unisys' CISO, Mathew Newfield discusses how CISOs handle translating technical cyber risks into the language of business as boardroom discussions increasingly focus on cybersecurity. http://www.sans.org/info/212720


2) "Vetting Your Intel - Techniques and Tools for False Positive Analysis" with Robert M. Lee and Tarik Saleh. Register: http://www.sans.org/info/212725


3) How is your organization responding to the threats that matter? Take this SANS survey and enter for a chance to win a $400 Amazon gift card:  http://www.sans.org/info/212730


*****************************************************************************

REST OF THE WEEK'S NEWS       

 --Binance Cryptocurrency Exchange Loses Millions to Theft

(May 7 & 8, 2019)

Thieves have stolen US $40 million from the Binance cryptocurrency exchange. Binance will cover the losses with its secure asset fund. The thieves also stole some API tokens and two-factor authentication codes. Deposits and withdrawals are currently suspended, but trading can take place. The company estimates it will take a week to complete a security review. Binance CEO Zhao Changpeng called the theft "a very expensive lesson."


Read more in:

Wired: Hack Brief: Hackers Stole $40 Million From Binance Cryptocurrency Exchange

https://www.wired.com/story/hack-binance-cryptocurrency-exchange/

ZDNet: Hackers steal $41 million from cryptocurrency exchange Binance

https://www.zdnet.com/article/hackers-steal-41-million-from-cryptocurrency-exchange-binance/

CNBC: Hackers steal over $40 million worth of bitcoin from one of the world's largest cryptocurrency exchanges

https://www.cnbc.com/2019/05/08/binance-bitcoin-hack-over-40-million-of-cryptocurrency-stolen.html

Vice: $40M Hack Is 'Expensive Lesson' for Cryptocurrency Exchange, CEO Says

https://www.vice.com/en_us/article/pajapb/40m-hack-is-expensive-lesson-for-binance-ceo-says

Binance: Binance Security Breach Update

https://binance.zendesk.com/hc/en-us/articles/360028031711-Binance-Security-Breach-Update

 
 

--CIA Sets Up .onion Website

(May 7 & 8, 2019)

There is now an .onion version of the CIA website. The US Central Intelligence Agency (CIA) has set up the site in hope that people will use it to submit anonymous tips or apply for positions at the agency. It can also be used to browse the CIA website anonymously.


[Editor Comments]


[Neely] Providing a .onion site should reinforce idea that access is truly anonymous, and should work for providing anonymous tips. The secrecy of access to that site is dependent on proper configuration of the user's computer, and behavior consistent with remaining anonymous. Be sure to use up-to-date TOR packages, consider running on a Linux workstation, encrypt any storage under the browser, don't enable javascript, aggressively remove cookies.


Read more in:

Wired: The CIA Sets Up Shop on Tor, the Anonymous Internet

https://www.wired.com/story/cia-sets-up-shop-on-tor/

ZDNet: CIA camps out in anonymized Tor network

https://www.zdnet.com/article/cia-camps-out-in-anonymized-tor-network/

CNET: CIA sets up shop on the anonymous, encrypted Tor network

https://www.cnet.com/news/cia-sets-up-shop-on-the-anonymous-encrypted-tor-network/

Vice: The CIA Will Use its New Dark Web Site to Collect Anonymous Tips

https://www.vice.com/en_us/article/xwnyew/the-cia-will-use-its-new-dark-web-site-to-collect-anonymous-tips

 
 

--NYC Apartment Building Tenants Get Physical Keys in Settlement

(May 7 & 8, 2019)

Tenants of a New York City apartment building who objected to the smart lock installed on the door to the building's main entrance will get physical keys instead. The tenants sued the landlord, expressing concern that the system violated their privacy, as it alerted management to their comings and goings. In a settlement, a judge ordered the landlord to provide the tenants with physical keys to the entrance.


[Editor Comments]


[Pescatore] Not really any legal precedent set here, but another indication of consumers increasingly valuing privacy over technology that provides them no value. Physical keys (a "what you have" authentication method) have some disadvantages but are so much more secure than "what you know) as in passcodes, and have privacy advantages, as well. Back in 1980 or so, Ford was the first to offer keypad entry on car doors and here we are almost 40 years later and the adoption is minimal - physical keys prevail. Imagine how much more secure we would have been over the years if IBM had built requirements for a big old physical ignition switch into the original specifications of the Personal Computer!


[Neely] While physical keys have a more difficult remediation process when lost, particularly master or sub-master keys, as John says, if the technology alternative doesn't provide value to users, it will not be accepted. In this case, the features of the Latch application, including tracking of tenants and providing targeted advertising, represent too much of a privacy violation to outweigh the technical advantages.


Read more in:

The Register: Key to success: Tenants finally get physical keys after suing landlords for fitting Bluetooth smart-lock to front door

https://www.theregister.co.uk/2019/05/08/ny_judge_mechanical_key/

CNET: Tenants win as settlement orders landlords give physical keys over smart locks

https://www.cnet.com/news/tenants-win-rights-to-physical-keys-over-smart-locks-from-landlords/

 
 

--Wolters Kluwer Tax and Accounting Software Applications Offline After Cyberattack

(May 7, 8, & 9, 2019)

Wolters Kluwer, "a global provider of professional information, software solutions, and services" discovered malware on its systems earlier this week and took some platforms and applications offline as a precaution. On Friday, May 3, Brian Krebs "asked a friend to relay a message to his security contact at CCH, the cloud-based tax division of the global information services firm Wolters Kluwer in the Netherlands. The message was that the same file directories containing new versions of CCH's software were open and writable by any anonymous user, and that there were suspicious files in those directories indicating some user(s) abused that access." Some of the company's applications and platforms have been restored, and law enforcement is investigating. CCH is the tax and accounting division.


Read more in:

SC Magazine: Wolters Kluwer still down from May 6 cyberattack

https://www.scmagazine.com/home/security-news/malware/wolters-kluwer-still-down-from-may-6-cyberattack/

The Register: Late with your financial paperwork? Here's a handy excuse: Malware smacked your bean-counter cloud offline

https://www.theregister.co.uk/2019/05/08/cch_hit_by_malware/

CNBC: A malware attack against accounting software giant Wolters Kluwer is causing a 'quiet panic' at accounting firms

https://www.cnbc.com/2019/05/08/wolters-kluwer-accounting-giant-hit-by-malware-causing-quiet-panic.html

KrebsOnSecurity: What's Behind the Wolters Kluwer Tax Outage?

https://krebsonsecurity.com/2019/05/whats-behind-the-wolters-kluwer-tax-outage/

 
 

--Cisco Releases Updates to Fix Vulnerability in Elastic Services Controller

(May 7 & 9, 2019)

Cisco has released a fix for a critical flaw in the REST API of its Elastic Services Controller that could be exploited to bypass authentication and take control of vulnerable systems. The improper validation of API request problem affects Cisco Elastic Services Controller running Software Release 4.1, 4.2, 4.3, or 4.4 with the REST API enabled. Cisco has released software updates to fix the problem.


Read more in:

Cisco: Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass

SC Magazine: Cisco patches critical vulnerability in Cisco Elastic Services Controller

https://www.scmagazine.com/home/security-news/vulnerabilities/cisco-patches-critical-vulnerability-in-cisco-elastic-services-controller/

Threatpost: Critical Flaw in Cisco Elastic Services Controller Allows Full System Takeover

https://threatpost.com/critical-flaw-in-cisco-elastic-services-controller-allows-full-system-takeover/144452/

Bleeping Computer: Cisco Fixes Critical Vulnerability in Elastic Services Controller

https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-vulnerability-in-elastic-services-controller/

 
 

--Google Chrome History Manipulation Intervention Feature Will Prevent Back Button Interference

(May 7 & 9, 2019)

Google plans to introduce a feature in Chrome that will help prevent websites from interfering with the browsers back button. Some sketchy sites use redirects or history manipulation to make it "difficult or impossible for the user to go back to the page they came from via the browser back button." Google Chrome History Manipulation Intervention will let the back button "skip over pages that added history entries or redirected the user without ever getting a user gesture."


[Editor Comments]


[Neely] Google continues to raise the bar on abusive or annoying behavior designed to direct the users' browsing without their intervention, sometimes obfuscating sites previously visited by inserting automatic redirects that prevent fully retracing their steps. This will allow users to skip those sites in their history, producing the desired behavior.


Read more in:

Google: PSA: History Manipulation Intervention

https://groups.google.com/a/chromium.org/forum/?#!msg/blink-dev/T8d4_BRb2xQ/WSdOiOFcBAAJ

Bleeping Computer: Google Chrome To Stop Sites From Messing with the Back Button

https://www.bleepingcomputer.com/news/security/google-chrome-to-stop-sites-from-messing-with-the-back-button/

Naked Security: Chrome plans to save you from sites that mess with your back button

https://nakedsecurity.sophos.com/2019/05/09/chrome-plans-to-save-you-from-sites-that-mess-with-your-back-button/

 
 

--Microsoft Advice on Improving Identity Management

(May 8 & 9, 2019)

In a blog post, Microsoft discusses its approach to improving identity management, which focuses on securing administrator accounts, eliminating passwords, and simplifying identity provisioning. For administrator accounts, Microsoft recommends using a separate device that is kept current with patches and updates for admin tasks, as well as high security controls, no remote access, and zero-rights by default.


Read more in:

ZDNet: Microsoft recommends using a separate device for administrative tasks

https://www.zdnet.com/article/microsoft-recommends-using-a-separate-device-for-administrative-tasks/

Microsoft: 3 investments Microsoft is making to improve identity management

https://www.microsoft.com/security/blog/2019/05/08/3-investments-improve-identity-management-microsoft/

 
 

--Alleged FIN7 Leader to be Extradited to US

(May 9, 2019)

An alleged leader of the FIN7 hacking group will reportedly be extradited to the US from Spain. Andrii Kolpakov, who is from Ukraine, was arrested in Spain in June 2018 at the request of US authorities. His attorney says he will plead not guilty when he appears in court in Washington state. The US Department of Justice (DOJ) says that FIN7 was behind the theft of millions of payment card numbers.


Read more in:

Cyberscoop: Alleged FIN7 hacking director Andrii Kolpakov set to be extradited to the U.S.

https://www.cyberscoop.com/fin7-andrii-kolpakov-extradition-spain/

 

 --Indictment Unsealed in Anthem Case

(May 9, 2019)

In an indictment unsealed this week, the US Justice Department (DOJ) accuses two people, Chinese national Fujie Wang and a John Doe defendant, of being part of a group that stole massive amounts of data from four US businesses, including the Anthem insurance company. The group allegedly used phishing attacks to gain access to company networks, and from there accessed the servers containing the data. The defendants face charges of conspiracy to commit fraud and related activity in connection with computers, conspiracy to commit wire fraud, and intentional damage to a protected computer.


Read more in:

The Register: Uncle Sam accuses Chinese pair of romping through Anthem's servers for almost a year

https://www.theregister.co.uk/2019/05/09/anthem_hack_indictments_china/

Ars Technica: Feds charge Chinese national in 2015 breach of health insurer Anthem

https://arstechnica.com/information-technology/2019/05/feds-charge-chinese-national-in-2015-hack-of-health-insurer-anthem/

Justice: Indictment (PDF)

https://www.justice.gov/opa/press-release/file/1161466/download

 

NSA/DHS CAE Preliminary Results


In Alabama Jacksonville State University had 5 out of 37 participating students make it into the elite round


In Alabama University of South Alabama had 5 out of 15 participating students make it into the elite round


In Alabama The University of Alabama had 3 out of 12 participating students make it into the elite round


In Alabama Auburn University had 2 out of 8 participating students make it into the elite round


In Alabama University of Alabama in Huntsville had 2 out of 5 participating students make it into the elite round


In Alabama University of Alabama at Birmingham had 2 out of 4 participating students make it into the elite round


In Alabama John C Calhoun State Community College had 0 out of 5 participating students make it into the elite round


In Alabama Tuskegee University had 0 out of 0 participating students make it into the elite round


 

In Arkansas University of Arkansas had 1 out of 3 participating students make it into the elite round


 

In California California State University-Sacramento had 10 out of 60 participating students make it into the elite round


In California California State Polytechnic University-Pomona had 6 out of 25 participating students make it into the elite round


In California Cypress College had 6 out of 24 participating students make it into the elite round


In California California State University-San Bernardino had 4 out of 45 participating students make it into the elite round


In California San Jose State University had 4 out of 10 participating students make it into the elite round


In California Naval Postgraduate School had 1 out of 1 participating students make it into the elite round


In California National University had 0 out of 9 participating students make it into the elite round


In California University of California-Irvine had 0 out of 8 participating students make it into the elite round


In California Long Beach City College had 0 out of 2 participating students make it into the elite round


In California University of California-Davis had 0 out of 2 participating students make it into the elite round


In California Coastline Community College had 0 out of 1 participating students make it into the elite round


 

In Colorado University of Colorado Colorado Springs had 7 out of 14 participating students make it into the elite round


In Colorado Colorado State University-Pueblo had 4 out of 26 participating students make it into the elite round


In Colorado Pikes Peak Community College had 2 out of 10 participating students make it into the elite round


In Colorado Red Rocks Community College had 2 out of 2 participating students make it into the elite round


In Colorado University of Denver had 1 out of 13 participating students make it into the elite round


In Colorado Regis University had 0 out of 5 participating students make it into the elite round


In Colorado United States Air Force Academy had 0 out of 1 participating students make it into the elite round


 

In Connecticut University of Connecticut had 6 out of 13 participating students make it into the elite round


 

In Delaware Wilmington University had 16 out of 70 participating students make it into the elite round


In Delaware University of Delaware had 2 out of 10 participating students make it into the elite round


 

In Georgia University of North Georgia had 32 out of 57 participating students make it into the elite round


In Georgia Middle Georgia State University had 24 out of 112 participating students make it into the elite round


In Georgia Augusta University had 23 out of 107 participating students make it into the elite round


In Georgia Georgia Southern University had 9 out of 41 participating students make it into the elite round


In Georgia Georgia Institute of Technology-Main Campus had 6 out of 15 participating students make it into the elite round


In Georgia Kennesaw State University had 5 out of 25 participating students make it into the elite round


In Georgia Columbus State University had 2 out of 38 participating students make it into the elite round


In Georgia University of Georgia had 1 out of 23 participating students make it into the elite round


In Georgia Augusta Technical College had 0 out of 5 participating students make it into the elite round


 

In Hawaii University of Hawaii-West Oahu had 14 out of 40 participating students make it into the elite round


In Hawaii University of Hawaii at Manoa had 9 out of 34 participating students make it into the elite round


In Hawaii Leeward Community College had 3 out of 5 participating students make it into the elite round


In Hawaii University of Hawaii Maui College had 1 out of 2 participating students make it into the elite round


In Hawaii Honolulu Community College had 0 out of 1 participating students make it into the elite round


 

In Idaho University of Idaho had 14 out of 54 participating students make it into the elite round


In Idaho Idaho State University had 1 out of 18 participating students make it into the elite round


In Idaho North Idaho College had 0 out of 2 participating students make it into the elite round


 

In Indiana Ivy Tech Community College had 10 out of 103 participating students make it into the elite round


In Indiana Purdue University Northwest had 6 out of 39 participating students make it into the elite round


In Indiana Indiana University-Bloomington had 5 out of 16 participating students make it into the elite round


In Indiana Purdue University-Main Campus had 4 out of 12 participating students make it into the elite round


 

In Iowa Iowa State University had 25 out of 45 participating students make it into the elite round


 

In Maryland Anne Arundel Community College had 22 out of 67 participating students make it into the elite round


In Maryland University of Maryland-Baltimore County had 20 out of 91 participating students make it into the elite round


In Maryland University of Maryland-University College had 14 out of 75 participating students make it into the elite round


In Maryland College of Southern Maryland had 12 out of 42 participating students make it into the elite round


In Maryland Montgomery College had 10 out of 141 participating students make it into the elite round


In Maryland University of Maryland-College Park had 8 out of 27 participating students make it into the elite round


In Maryland Bowie State University had 4 out of 26 participating students make it into the elite round


In Maryland Johns Hopkins University had 3 out of 5 participating students make it into the elite round


In Maryland Capitol Technology University had 2 out of 8 participating students make it into the elite round


In Maryland Prince George's Community College had 1 out of 47 participating students make it into the elite round


In Maryland United States Naval Academy had 1 out of 11 participating students make it into the elite round


In Maryland Community College of Baltimore County had 1 out of 1 participating students make it into the elite round


In Maryland Towson University had 0 out of 6 participating students make it into the elite round


In Maryland Morgan State University had 0 out of 2 participating students make it into the elite round


In Maryland Howard Community College had 0 out of 2 participating students make it into the elite round


In Maryland Harford Community College had 0 out of 1 participating students make it into the elite round


In Maryland Hagerstown Community College had 0 out of 1 participating students make it into the elite round


 

In Michigan Ferris State University had 6 out of 38 participating students make it into the elite round


In Michigan Eastern Michigan University had 2 out of 42 participating students make it into the elite round


In Michigan Davenport University had 2 out of 6 participating students make it into the elite round


In Michigan Grand Rapids Community College had 0 out of 19 participating students make it into the elite round


In Michigan Henry Ford College had 0 out of 2 participating students make it into the elite round


In Michigan Oakland University had 0 out of 1 participating students make it into the elite round


In Michigan University of Detroit Mercy had 0 out of 1 participating students make it into the elite round


 

In Nevada University of Nevada-Las Vegas had 12 out of 34 participating students make it into the elite round


In Nevada College of Southern Nevada had 4 out of 45 participating students make it into the elite round


 

In New Jersey Fairleigh Dickinson University-Florham Campus had 54 out of 66 participating students make it into the elite round


In New Jersey Stevens Institute of Technology had 7 out of 28 participating students make it into the elite round


In New Jersey New Jersey Institute of Technology had 5 out of 34 participating students make it into the elite round


In New Jersey Rutgers University-New Brunswick had 3 out of 18 participating students make it into the elite round


In New Jersey County College of Morris had 1 out of 2 participating students make it into the elite round


In New Jersey New Jersey City University had 0 out of 2 participating students make it into the elite round


 

In North Carolina University of North Carolina at Charlotte had 34 out of 63 participating students make it into the elite round


In North Carolina North Carolina A & T State University had 3 out of 21 participating students make it into the elite round


In North Carolina Montreat College had 2 out of 14 participating students make it into the elite round


In North Carolina North Carolina State University at Raleigh had 2 out of 9 participating students make it into the elite round


In North Carolina East Carolina University had 1 out of 5 participating students make it into the elite round


In North Carolina University of North Carolina Wilmington had 0 out of 7 participating students make it into the elite round


In North Carolina Forsyth Technical Community College had 0 out of 2 participating students make it into the elite round


In North Carolina Rowan-Cabarrus Community College had 0 out of 1 participating students make it into the elite round


 

In Pennsylvania Pennsylvania State University-Main Campus had 19 out of 87 participating students make it into the elite round


In Pennsylvania Carnegie Mellon University had 3 out of 11 participating students make it into the elite round


In Pennsylvania Lehigh Carbon Community College had 2 out of 11 participating students make it into the elite round


In Pennsylvania Drexel University had 2 out of 11 participating students make it into the elite round


In Pennsylvania West Chester University of Pennsylvania had 2 out of 3 participating students make it into the elite round


In Pennsylvania Bloomsburg University of Pennsylvania had 1 out of 2 participating students make it into the elite round


In Pennsylvania Indiana University of Pennsylvania-Main Campus had 0 out of 2 participating students make it into the elite round


In Pennsylvania Lehigh University had 0 out of 0 participating students make it into the elite round


 

In Rhode Island Community College of Rhode Island had 7 out of 38 participating students make it into the elite round


In Rhode Island University of Rhode Island had 1 out of 2 participating students make it into the elite round


 

In Tennessee Tennessee Technological University had 17 out of 46 participating students make it into the elite round


In Tennessee University of Memphis had 11 out of 49 participating students make it into the elite round


In Tennessee The University of Tennessee-Chattanooga had 9 out of 65 participating students make it into the elite round


In Tennessee Jackson State Community College had 0 out of 2 participating students make it into the elite round


 

In Texas Texas A & M University-College Station had 19 out of 100 participating students make it into the elite round


In Texas Houston Community College had 10 out of 62 participating students make it into the elite round


In Texas University of North Texas had 10 out of 37 participating students make it into the elite round


In Texas Southern Methodist University had 8 out of 11 participating students make it into the elite round


In Texas The University of Texas at Austin had 6 out of 13 participating students make it into the elite round


In Texas Texas Tech University had 5 out of 26 participating students make it into the elite round


In Texas The University of Texas at El Paso had 3 out of 17 participating students make it into the elite round


In Texas St Philip's College had 2 out of 15 participating students make it into the elite round


In Texas University of Dallas had 1 out of 18 participating students make it into the elite round


In Texas Laredo Community College had 1 out of 15 participating students make it into the elite round


In Texas Our Lady of the Lake University had 1 out of 6 participating students make it into the elite round


In Texas South Texas College had 1 out of 6 participating students make it into the elite round


In Texas University of Houston had 0 out of 13 participating students make it into the elite round


In Texas San Antonio College had 0 out of 7 participating students make it into the elite round


In Texas Texas A&M University-San Antonio had 0 out of 6 participating students make it into the elite round


 

In Vermont Norwich University had 10 out of 38 participating students make it into the elite round


In Vermont Champlain College had 6 out of 40 participating students make it into the elite round


 

In Virginia George Mason University had 50 out of 354 participating students make it into the elite round


In Virginia Old Dominion University had 20 out of 143 participating students make it into the elite round


In Virginia Virginia Polytechnic Institute and State University had 18 out of 61 participating students make it into the elite round


In Virginia Liberty University had 16 out of 76 participating students make it into the elite round


In Virginia Marymount University had 6 out of 64 participating students make it into the elite round


In Virginia Radford University had 4 out of 11 participating students make it into the elite round


In Virginia Northern Virginia Community College had 3 out of 28 participating students make it into the elite round


In Virginia James Madison University had 2 out of 23 participating students make it into the elite round


In Virginia Norfolk State University had 2 out of 16 participating students make it into the elite round


In Virginia ECPI University had 2 out of 10 participating students make it into the elite round


In Virginia Thomas Nelson Community College had 1 out of 13 participating students make it into the elite round


In Virginia University of Virginia-Main Campus had 1 out of 12 participating students make it into the elite round


In Virginia Tidewater Community College had 1 out of 5 participating students make it into the elite round


In Virginia Lord Fairfax Community College had 0 out of 10 participating students make it into the elite round


In Virginia Danville Community College had 0 out of 1 participating students make it into the elite round


In Virginia Hampton University had 0 out of 1 participating students make it into the elite round


In Virginia Regent University had 0 out of 1 participating students make it into the elite round


 

In West Virginia American Public University System had 3 out of 18 participating students make it into the elite round


In West Virginia Blue Ridge Community and Technical College had 2 out of 12 participating students make it into the elite round


In West Virginia West Virginia University had 0 out of 2 participating students make it into the elite round









INTERNET STORM CENTER TECH CORNER

Jenkins Exploit Mines Cryptocurrencies

https://isc.sans.edu/forums/diary/Vulnerable+Apache+Jenkins+exploited+in+the+wild/24916/


Confluence Vulnerability Exploited to Delivery Cryptocurrency Miner with Rootkit

https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-3396-redux-confluence-vulnerability-exploited-to-deliver-cryptocurrency-miner-with-rootkit/


Cisco Elastic Services Controller REST API Authentication Bypass

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass


Google Chrome History Manipulation Prevention

https://groups.google.com/a/chromium.org/forum/?#!msg/blink-dev/T8d4_BRb2xQ/WSdOiOFcBAAJ


EMail Roulette May 2019

https://isc.sans.edu/forums/diary/Email+roulette+May+2019/24918/


Turla Lightneuron (PDF)

https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf


Alpine Linux Docker Image root User Hard Coded Credentials

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782


Worpress 5.2 Adds Digitally Signed Updates

https://wordpress.org/support/wordpress-version/version-5-2/


US DHS Warns of North Korean ELECTRICFISH Malware

https://www.us-cert.gov/ncas/analysis-reports/AR19-129A


Fake KeePass Site Spreading Malware

https://twitter.com/berkcgoksel/status/1125727590440931329


Google Android Security Bulletin

https://source.android.com/security/bulletin/2019-05-01


Three Anti-Virus Companies Breached

https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies

 

******************************************************************************


The Editorial Board of SANS NewsBites

 

John Pescatore was Vice President at Gartner Inc. for fourteen years. He became a director of the SANS Institute in 2013. He has worked in computer and network security since 1978 including time at the NSA and the U.S. Secret Service.


Shawn Henry is president of CrowdStrike Services. He retired as FBI Executive Assistant Director responsible for all criminal and cyber programs and investigations worldwide, as well as international operations and the FBI's critical incident response.


Suzanne Vautrinot was Commander of the 24th Air Force (AF Cyber) and now sits on the board of directors of Wells Fargo and several other major organizations.


Ed Skoudis is co-founder of CounterHack, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course.


Michael Assante was Vice President and Chief Security Officer at NERC, led a key control systems group at Idaho National Labs, and was American Electric Power's CSO. He now leads the global cyber skills development program at SANS for power, oil & gas and other critical infrastructure industries.


Mark Weatherford is Chief Cybersecurity Strategist at vArmour and the former Deputy Under Secretary of Cybersecurity at the US Department of Homeland Security.


Stephen Northcutt teaches advanced courses in cyber security management; he founded the GIAC certification and was the founding President of STI, the premier skills-based cyber security graduate school, www.sans.edu.


Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.


William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.


Lee Neely is a Senior Cyber Analyst at Lawrence Livermore National Laboratory, SANS Analyst and Mentor. He has worked in computer security since 1989.


Rob Lee is the SANS Institute's top forensics instructor and director of the digital forensics and incident response research and education program at SANS (computer-forensics.sans.org).


Tom Liston is member of the Cyber Network Defense team at UAE-based Dark Matter. He is a Handler for the SANS Institute's Internet Storm Center and co-author of the book Counter Hack Reloaded.


Jake Williams is a SANS course author and the founder of Rendition Infosec, with experience securing DoD, healthcare, and ICS environments.


Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.


Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He leads SANS' efforts to raise the bar in cybersecurity education around the world.


David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.


Gal Shpantzer is a trusted advisor to CSOs of large corporations, technology startups, Ivy League universities and non-profits specializing in critical infrastructure protection. Gal created the Security Outliers project in 2009, focusing on the role of culture in risk management outcomes and contributes to the Infosec Burnout project.


Alan Paller is director of research at the SANS Institute.


Brian Honan is an independent security consultant based in Dublin, Ireland.


David Turley is SANS operations manager and serves as production manager and final editor on SANS NewsBites.


Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription visit https://www.sans.org/account/create