Overnight Cybersecurity: Computer chip flaws present new security challenge | DOJ to offer House key documents in Russia probe | Vulnerability found in Google Apps Script

Overnight Cybersecurity: Computer chip flaws present new security challenge | DOJ to offer House key documents in Russia probe | Vulnerability found in Google Apps Script
© Getty

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--FLAWS IN COMPUTER CHIPS LEAVE FEDS VULNERABLE TO HACKS: Two critical vulnerabilities that affect modern computer processing chips are about to become a huge headache for governments worldwide.

The vulnerabilities could allow hackers to pilfer sensitive data from virtually all modern computing devices, ranging from computers to smartphones to cloud infrastructure. Experts believe that they may be the most dangerous computer processor flaws to date.

The Department of Homeland Security issued guidance on the matter late Wednesday, noting that while operating system updates could help mitigate the issues, the only true solution would be to replace computer processing units' hardware.

This means that mitigating the flaws will likely cost federal, state and local governments a significant amount of time, money and effort.

--PROBLEM MORE WIDESPREAD THAN BELIEVED: The cyber-flaws, which were originally believed to only be in Intel chips, affect an array of chip vendors including, AMD, Google, Microsoft and Apple, and impacts millions of modern computing systems developed over the last decade.

"These processors are used in most government systems around the globe and are likely vulnerable," said Tony Cole, vice president and global government chief technology officer at FireEye.

The discovery, which came from months of work by computer researchers, has sent programmers at major companies scrambling to issue patches to prevent possible hacks.

The researchers had planned to go public with the details later in January after notifying affected companies, but some details about the flaws leaked to the media on Tuesday.

Now that the vulnerabilities have been made public, the clock is ticking for organizations to take steps to guard their systems.

To read the rest of our story on the security flaws, click here.

--MEANWHILE … INTEL CEO REPORTEDLY SOLD STOCK AFTER FINDING OUT ABOUT VULNERABILITIES: Intel CEO Brian Krzanich reportedly sold more than $20 million worth of stock after his company had been informed of a massive cybersecurity flaw in its chips and prior to the firm publicly disclosing the flaw. Krzanich sold stock and exercised options worth a rough total of $24 million on Nov. 29, reducing his holdings of Intel shares to 245,743 -- the minimum required by his contract with the firm. The Intel CEO's sale occurred as developers were racing to fix enormous vulnerabilities in their computer processors. Though the sale raises insider trading concerns, the Securities and Exchange Commission has not publicly said if it will investigate. Intel says that his selloff came independently of the vulnerabilities and notes that it was preplanned. "Brian's sale is unrelated," an Intel spokesperson told Gizmodo. Krzanich.

To read the rest of our story, click here.



--DEMS WANT INTEL ASSESSMENT ON TRUMP NUKE BUTTON TWEET: Two Senate Democrats are asking for an intelligence assessment of the risk from President TrumpDonald John TrumpFacebook releases audit on conservative bias claims Harry Reid: 'Decriminalizing border crossings is not something that should be at the top of the list' Recessions happen when presidents overlook key problems MORE's tweet about his nuclear button being "bigger and more powerful" than that of North Korean leader Kim Jong Un.

Sens. Ron WydenRonald (Ron) Lee WydenWyden blasts FEC Republicans for blocking probe into NRA over possible Russia donations Wyden calls for end to political ad targeting on Facebook, Google Ex-CIA chief worries campaigns falling short on cybersecurity MORE (D-Ore.) and Martin HeinrichMartin Trevor HeinrichOvernight Defense: Dems talk Afghanistan, nukes at Detroit debate | Senate panel advances Hyten nomination | Iranian foreign minister hit with sanctions | Senate confirms UN ambassador Senate committee advances nomination of general accused of sexual assault House passes bill requiring CBP to enact safety, hygiene standards MORE (D-N.M.), both of whom are members of the Senate Intelligence Committee, wrote to Director of National Intelligence Dan CoatsDaniel (Dan) Ray Coats11 Essential reads you missed this week Trump crosses new line with Omar, Tlaib, Israel move Hillicon Valley: Deepfakes pose 2020 test for media | States beg Congress for more election security funds | Experts worry campaigns falling short on cybersecurity | Trump officials urge reauthorization of NSA surveillance program MORE on Thursday asking him to produce an assessment of the "risk" posed by Trump's Twitter message, which he posted Tuesday evening.

Trump posted the message after Kim said during annual address that the U.S. is in range of Pyongyang's nuclear arsenal and that "a nuclear button is always on my desk."

"North Korean Leader Kim Jong Un just stated that the 'Nuclear Button is on his desk at all times,'" Trump wrote. "Will someone from his depleted and food starved regime please inform him that I too have a Nuclear Button, but it is a much bigger & more powerful one than his, and my Button works!"

Trump has been heavily criticized for the tweet and others, which some say risk escalating the situation further at a time of high tensions over North Korea's nuclear program.

"We request that the assessment address the likely North Korean response to the President's January 2 tweet and the President's other threatening tweets and statements, and whether this rhetoric serves as a deterrent or a provocation," Wyden and Heinrich wrote. "We also ask the Intelligence Community to assess the impact of the president's message on U.S. credibility and leadership with regard to our regional and international partners and allies."

"In light of the current serious risk of conflict, including nuclear escalation with North Korea, the implications, of the president's recent communications are of particular interest and significance to the American people," they wrote, adding that the assessment should be made public if possible.

--DOJ TO OFFER DOCS IN HOUSE RUSSIA PROBE: The House and Justice Department reached a deal Wednesday night to provide the probe into Russian election meddling with long-sought documents and access to key witnesses.

The deal was reached after FBI Director Christopher Wray and Deputy Attorney General Rod RosensteinRod RosensteinWhy the presumption of innocence doesn't apply to Trump McCabe sues FBI, DOJ, blames Trump for his firing Rosenstein: Trump should focus on preventing people from 'becoming violent white supremacists' MORE made a surprise visit to House Speaker Paul RyanPaul Davis RyanPaul Ryan moving family to Washington Embattled Juul seeks allies in Washington Ex-Parkland students criticize Kellyanne Conway MORE (R-Wis.).

It was announced by House Intelligence Committee Chairman Devin NunesDevin Gerald NunesJuan Williams: Trump, his allies and the betrayal of America Trump expected to nominate Texas GOP lawmaker to replace Dan Coats: report House Republicans claim victory after Mueller hearings MORE (R-Calif.), who had sought the information and threatened more drastic action if his panel continued to be denied access to the information.

"After speaking to Deputy Attorney General Rosenstein this evening, I believe the House Intelligence Committee has reached an agreement with the Department of Justice that will provide the committee with access to all the documents and witnesses we have requested," Nunes said in a statement. "The committee looks forward to receiving access to the documents over the coming days."

Nunes has in recent months lashed out against the Justice Department over its failure to respond to requests for the documents, suggesting the department was doing so deliberately.

"At this point it seems the DOJ and FBI need to be investigating themselves," Nunes wrote in a letter to Rosenstein last week.

A small group of GOP members have suggested the FBI used the documents, found in a controversial dossier of salacious allegations about the president, in order to launch an investigation into Trump.

To read the rest of our piece, click here.



Nissan is working to develop a car that can read your mind. (Motherboard)



Researchers at cybersecurity firm Proofpoint have discovered a way in which hackers can exploit the Google Apps Script to deliver malware using URLs.

Google Apps Script is a scripting language based in JavaScript that allows for the creation of standalone web applications and extensions to elements in the Google ecosystem. Researchers say that the vulnerability lets attackers "automatically download arbitrary malware hosted in Google Drive to a victim's computer."

"Google Apps Script and the normal document sharing capabilities built into Google Apps supported automatic malware downloads and sophisticated social engineering schemes designed to convince recipients to execute the malware once it has been downloaded," the company wrote in a blog post on Thursday.

"We also confirmed that it was possible to trigger exploits with this type of attack without user interaction, making it more urgent that organizations mitigated these threats before they reach end users, whenever possible."

Proofpoint has shared the findings with Google, which has taken steps to mitigate the threat.

To read more about the research, click here.



THREATS TO INDUSTRIAL SECTOR: Industrial companies are increasingly facing cyberattacks, with roughly one in four companies saying they were targeted last year in a new survey.

Twenty-eight percent of 900 industrial organizations surveyed by Moscow-based Kaspersky Lab reported facing a targeted attack in 2017, according to the research released on Thursday.

The figure represents a nearly one-third increase over the 20 percent who reported such attacks in 2016.

The survey comes less than a month after cybersecurity researchers publicly identified a new type of malware targeting industrial control systems that was used in an attack that disrupted operations at a critical infrastructure organization.

Experts and officials are particularly wary of cyberattacks that could target critical infrastructure operations. The Department of Homeland Security is responsible for engaging with critical infrastructure operators--the majority of which are private organizations--to help mitigate cyber and physical threats.

The Kaspersky survey also found that industrial organizations took considerable amounts of time to detect cyberattacks, with 34 percent spending several days and 20 percent several weeks to detect the incidents.



Links from our blog, The Hill, and around the Web.

Trump dissolves voter fraud commission. (The Hill)

US regulators to discuss Bitcoin futures trading. (The Hill)

Feud erupts between Grassley, Fusion GPS over transcripts. (The Hill)

The Trump Organization has given documents to Russia investigators. (CNN)

French president Emmanuel Macron unveils plans for 'fake news' law. (BBC)

Homeland Security data breach impacted over 240,000 current and former employees. (CyberScoop)