Overnight Cybersecurity: Computer chip flaws present new security challenge | DOJ to offer House key documents in Russia probe | Vulnerability found in Google Apps Script

Overnight Cybersecurity: Computer chip flaws present new security challenge | DOJ to offer House key documents in Russia probe | Vulnerability found in Google Apps Script
© Getty

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--FLAWS IN COMPUTER CHIPS LEAVE FEDS VULNERABLE TO HACKS: Two critical vulnerabilities that affect modern computer processing chips are about to become a huge headache for governments worldwide.

The vulnerabilities could allow hackers to pilfer sensitive data from virtually all modern computing devices, ranging from computers to smartphones to cloud infrastructure. Experts believe that they may be the most dangerous computer processor flaws to date.

The Department of Homeland Security issued guidance on the matter late Wednesday, noting that while operating system updates could help mitigate the issues, the only true solution would be to replace computer processing units' hardware.

This means that mitigating the flaws will likely cost federal, state and local governments a significant amount of time, money and effort.

--PROBLEM MORE WIDESPREAD THAN BELIEVED: The cyber-flaws, which were originally believed to only be in Intel chips, affect an array of chip vendors including, AMD, Google, Microsoft and Apple, and impacts millions of modern computing systems developed over the last decade.

"These processors are used in most government systems around the globe and are likely vulnerable," said Tony Cole, vice president and global government chief technology officer at FireEye.

The discovery, which came from months of work by computer researchers, has sent programmers at major companies scrambling to issue patches to prevent possible hacks.

The researchers had planned to go public with the details later in January after notifying affected companies, but some details about the flaws leaked to the media on Tuesday.

Now that the vulnerabilities have been made public, the clock is ticking for organizations to take steps to guard their systems.

To read the rest of our story on the security flaws, click here.

--MEANWHILE … INTEL CEO REPORTEDLY SOLD STOCK AFTER FINDING OUT ABOUT VULNERABILITIES: Intel CEO Brian Krzanich reportedly sold more than $20 million worth of stock after his company had been informed of a massive cybersecurity flaw in its chips and prior to the firm publicly disclosing the flaw. Krzanich sold stock and exercised options worth a rough total of $24 million on Nov. 29, reducing his holdings of Intel shares to 245,743 -- the minimum required by his contract with the firm. The Intel CEO's sale occurred as developers were racing to fix enormous vulnerabilities in their computer processors. Though the sale raises insider trading concerns, the Securities and Exchange Commission has not publicly said if it will investigate. Intel says that his selloff came independently of the vulnerabilities and notes that it was preplanned. "Brian's sale is unrelated," an Intel spokesperson told Gizmodo. Krzanich.

To read the rest of our story, click here.



--DEMS WANT INTEL ASSESSMENT ON TRUMP NUKE BUTTON TWEET: Two Senate Democrats are asking for an intelligence assessment of the risk from President TrumpDonald John TrumpAccuser says Trump should be afraid of the truth Woman behind pro-Trump Facebook page denies being influenced by Russians Shulkin says he has White House approval to root out 'subversion' at VA MORE's tweet about his nuclear button being "bigger and more powerful" than that of North Korean leader Kim Jong Un.

Sens. Ron WydenRonald (Ron) Lee WydenOvernight Health Care: Trump eases rules on insurance outside ObamaCare | HHS office on religious rights gets 300 complaints in a month | GOP chair eyes opioid bill vote by Memorial Day Trump eases rules on insurance sold outside of ObamaCare Grassley, Dems step up battle over judicial nominees MORE (D-Ore.) and Martin HeinrichMartin Trevor HeinrichCongress fails miserably: For Asian-Americans, immigration proposals are personal attacks Senate rejects centrist immigration bill after Trump veto threat Dem senators want list of White House officials with interim security clearances MORE (D-N.M.), both of whom are members of the Senate Intelligence Committee, wrote to Director of National Intelligence Dan CoatsDaniel (Dan) Ray CoatsTop state election official questions why Trump is downplaying threat of Russian election interference: report Russian bots turn to gun control after Florida high school shooting: report The case alleging Russian collusion is not closed MORE on Thursday asking him to produce an assessment of the "risk" posed by Trump's Twitter message, which he posted Tuesday evening.

Trump posted the message after Kim said during annual address that the U.S. is in range of Pyongyang's nuclear arsenal and that "a nuclear button is always on my desk."

"North Korean Leader Kim Jong Un just stated that the 'Nuclear Button is on his desk at all times,'" Trump wrote. "Will someone from his depleted and food starved regime please inform him that I too have a Nuclear Button, but it is a much bigger & more powerful one than his, and my Button works!"

Trump has been heavily criticized for the tweet and others, which some say risk escalating the situation further at a time of high tensions over North Korea's nuclear program.

"We request that the assessment address the likely North Korean response to the President's January 2 tweet and the President's other threatening tweets and statements, and whether this rhetoric serves as a deterrent or a provocation," Wyden and Heinrich wrote. "We also ask the Intelligence Community to assess the impact of the president's message on U.S. credibility and leadership with regard to our regional and international partners and allies."

"In light of the current serious risk of conflict, including nuclear escalation with North Korea, the implications, of the president's recent communications are of particular interest and significance to the American people," they wrote, adding that the assessment should be made public if possible.

--DOJ TO OFFER DOCS IN HOUSE RUSSIA PROBE: The House and Justice Department reached a deal Wednesday night to provide the probe into Russian election meddling with long-sought documents and access to key witnesses.

The deal was reached after FBI Director Christopher Wray and Deputy Attorney General Rod RosensteinRod Jay RosensteinOvernight Cybersecurity: Lawyer charged in Mueller probe pleads guilty to lying | Sessions launches cyber task force | White House tallies economic impact of cyber crime Sessions creates cyber task force to study election interference Dopey Russian ads didn't swing voters — federal coverups did MORE made a surprise visit to House Speaker Paul RyanPaul Davis RyanRepublicans are avoiding gun talks as election looms The Hill's 12:30 Report Flake to try to force vote on DACA stopgap plan MORE (R-Wis.).

It was announced by House Intelligence Committee Chairman Devin NunesDevin Gerald NunesFive key takeaways from the Russian indictments Shepard Smith: New Mueller indictments prove Russia probe is 'opposite of a hoax' Schiff: 'We're very close to reaching an agreement' with FBI on countermemo MORE (R-Calif.), who had sought the information and threatened more drastic action if his panel continued to be denied access to the information.

"After speaking to Deputy Attorney General Rosenstein this evening, I believe the House Intelligence Committee has reached an agreement with the Department of Justice that will provide the committee with access to all the documents and witnesses we have requested," Nunes said in a statement. "The committee looks forward to receiving access to the documents over the coming days."

Nunes has in recent months lashed out against the Justice Department over its failure to respond to requests for the documents, suggesting the department was doing so deliberately.

"At this point it seems the DOJ and FBI need to be investigating themselves," Nunes wrote in a letter to Rosenstein last week.

A small group of GOP members have suggested the FBI used the documents, found in a controversial dossier of salacious allegations about the president, in order to launch an investigation into Trump.

To read the rest of our piece, click here.



Nissan is working to develop a car that can read your mind. (Motherboard)



Researchers at cybersecurity firm Proofpoint have discovered a way in which hackers can exploit the Google Apps Script to deliver malware using URLs.

Google Apps Script is a scripting language based in JavaScript that allows for the creation of standalone web applications and extensions to elements in the Google ecosystem. Researchers say that the vulnerability lets attackers "automatically download arbitrary malware hosted in Google Drive to a victim's computer."

"Google Apps Script and the normal document sharing capabilities built into Google Apps supported automatic malware downloads and sophisticated social engineering schemes designed to convince recipients to execute the malware once it has been downloaded," the company wrote in a blog post on Thursday.

"We also confirmed that it was possible to trigger exploits with this type of attack without user interaction, making it more urgent that organizations mitigated these threats before they reach end users, whenever possible."

Proofpoint has shared the findings with Google, which has taken steps to mitigate the threat.

To read more about the research, click here.



THREATS TO INDUSTRIAL SECTOR: Industrial companies are increasingly facing cyberattacks, with roughly one in four companies saying they were targeted last year in a new survey.

Twenty-eight percent of 900 industrial organizations surveyed by Moscow-based Kaspersky Lab reported facing a targeted attack in 2017, according to the research released on Thursday.

The figure represents a nearly one-third increase over the 20 percent who reported such attacks in 2016.

The survey comes less than a month after cybersecurity researchers publicly identified a new type of malware targeting industrial control systems that was used in an attack that disrupted operations at a critical infrastructure organization.

Experts and officials are particularly wary of cyberattacks that could target critical infrastructure operations. The Department of Homeland Security is responsible for engaging with critical infrastructure operators--the majority of which are private organizations--to help mitigate cyber and physical threats.

The Kaspersky survey also found that industrial organizations took considerable amounts of time to detect cyberattacks, with 34 percent spending several days and 20 percent several weeks to detect the incidents.



Links from our blog, The Hill, and around the Web.

Trump dissolves voter fraud commission. (The Hill)

US regulators to discuss Bitcoin futures trading. (The Hill)

Feud erupts between Grassley, Fusion GPS over transcripts. (The Hill)

The Trump Organization has given documents to Russia investigators. (CNN)

French president Emmanuel Macron unveils plans for 'fake news' law. (BBC)

Homeland Security data breach impacted over 240,000 current and former employees. (CyberScoop)

If you'd like to receive our newsletter in your inbox, please sign up here.