Overnight Cybersecurity: Computer chip flaws present new security challenge | DOJ to offer House key documents in Russia probe | Vulnerability found in Google Apps Script

Overnight Cybersecurity: Computer chip flaws present new security challenge | DOJ to offer House key documents in Russia probe | Vulnerability found in Google Apps Script
© Getty

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--FLAWS IN COMPUTER CHIPS LEAVE FEDS VULNERABLE TO HACKS: Two critical vulnerabilities that affect modern computer processing chips are about to become a huge headache for governments worldwide.

The vulnerabilities could allow hackers to pilfer sensitive data from virtually all modern computing devices, ranging from computers to smartphones to cloud infrastructure. Experts believe that they may be the most dangerous computer processor flaws to date.

The Department of Homeland Security issued guidance on the matter late Wednesday, noting that while operating system updates could help mitigate the issues, the only true solution would be to replace computer processing units' hardware.

This means that mitigating the flaws will likely cost federal, state and local governments a significant amount of time, money and effort.

--PROBLEM MORE WIDESPREAD THAN BELIEVED: The cyber-flaws, which were originally believed to only be in Intel chips, affect an array of chip vendors including, AMD, Google, Microsoft and Apple, and impacts millions of modern computing systems developed over the last decade.

"These processors are used in most government systems around the globe and are likely vulnerable," said Tony Cole, vice president and global government chief technology officer at FireEye.

The discovery, which came from months of work by computer researchers, has sent programmers at major companies scrambling to issue patches to prevent possible hacks.

The researchers had planned to go public with the details later in January after notifying affected companies, but some details about the flaws leaked to the media on Tuesday.

Now that the vulnerabilities have been made public, the clock is ticking for organizations to take steps to guard their systems.

To read the rest of our story on the security flaws, click here.

--MEANWHILE … INTEL CEO REPORTEDLY SOLD STOCK AFTER FINDING OUT ABOUT VULNERABILITIES: Intel CEO Brian Krzanich reportedly sold more than $20 million worth of stock after his company had been informed of a massive cybersecurity flaw in its chips and prior to the firm publicly disclosing the flaw. Krzanich sold stock and exercised options worth a rough total of $24 million on Nov. 29, reducing his holdings of Intel shares to 245,743 -- the minimum required by his contract with the firm. The Intel CEO's sale occurred as developers were racing to fix enormous vulnerabilities in their computer processors. Though the sale raises insider trading concerns, the Securities and Exchange Commission has not publicly said if it will investigate. Intel says that his selloff came independently of the vulnerabilities and notes that it was preplanned. "Brian's sale is unrelated," an Intel spokesperson told Gizmodo. Krzanich.

To read the rest of our story, click here.



--DEMS WANT INTEL ASSESSMENT ON TRUMP NUKE BUTTON TWEET: Two Senate Democrats are asking for an intelligence assessment of the risk from President TrumpDonald John TrumpTrump: 'I don't trust everybody in the White House' JPMorgan CEO withdraws from Saudi conference Trump defends family separations at border MORE's tweet about his nuclear button being "bigger and more powerful" than that of North Korean leader Kim Jong Un.

Sens. Ron WydenRonald (Ron) Lee WydenCollusion judgment looms for key Senate panel Hillicon Valley: Facebook deletes accounts for political 'spam' | Leaked research shows Google's struggles with online free speech | Trump's praise for North Korea complicates cyber deterrence | Senators want Google memo on privacy bug On The Money: Jobless rate hits 49-year low | Officials face legal obstacles to pursuing tax charges against Trump | Tax story prompts calls to revise estate rules MORE (D-Ore.) and Martin HeinrichMartin Trevor HeinrichFor everyone’s safety, border agents must use body-worn cameras Electric carmakers turn to Congress as tax credits dry up A Senator Gary Johnson could be good not just for Libertarians, but for the Senate too MORE (D-N.M.), both of whom are members of the Senate Intelligence Committee, wrote to Director of National Intelligence Dan CoatsDaniel (Dan) Ray CoatsOvernight Defense — Presented by The Embassy of the United Arab Emirates — Senators seek US intel on journalist's disappearance | Army discharged over 500 immigrant recruits in one year | Watchdog knocks admiral over handling of sexual harassment case Lawmakers seeking intel on alleged Saudi plot against journalist It’s not just foreign state-owned telecom posing a threat  MORE on Thursday asking him to produce an assessment of the "risk" posed by Trump's Twitter message, which he posted Tuesday evening.

Trump posted the message after Kim said during annual address that the U.S. is in range of Pyongyang's nuclear arsenal and that "a nuclear button is always on my desk."

"North Korean Leader Kim Jong Un just stated that the 'Nuclear Button is on his desk at all times,'" Trump wrote. "Will someone from his depleted and food starved regime please inform him that I too have a Nuclear Button, but it is a much bigger & more powerful one than his, and my Button works!"

Trump has been heavily criticized for the tweet and others, which some say risk escalating the situation further at a time of high tensions over North Korea's nuclear program.

"We request that the assessment address the likely North Korean response to the President's January 2 tweet and the President's other threatening tweets and statements, and whether this rhetoric serves as a deterrent or a provocation," Wyden and Heinrich wrote. "We also ask the Intelligence Community to assess the impact of the president's message on U.S. credibility and leadership with regard to our regional and international partners and allies."

"In light of the current serious risk of conflict, including nuclear escalation with North Korea, the implications, of the president's recent communications are of particular interest and significance to the American people," they wrote, adding that the assessment should be made public if possible.

--DOJ TO OFFER DOCS IN HOUSE RUSSIA PROBE: The House and Justice Department reached a deal Wednesday night to provide the probe into Russian election meddling with long-sought documents and access to key witnesses.

The deal was reached after FBI Director Christopher Wray and Deputy Attorney General Rod RosensteinRod Jay RosensteinThree reasons Mueller may not charge Trump with obstruction Rod Rosenstein must recuse himself Trump: Nunes should receive Medal of Honor MORE made a surprise visit to House Speaker Paul RyanPaul Davis RyanMcCarthy introduces bill to fully fund Trump's border wall On The Money: McCarthy offers bill to fully fund Trump border wall | US to press China on currency in trade talks | Mnuchin plans to go ahead with Saudi trip | How America's urban-rural divide is changing the Dems Election Countdown: Minnesota Dems worry Ellison allegations could cost them key race | Dems struggle to mobilize Latino voters | Takeaways from Tennessee Senate debate | Poll puts Cruz up 9 in Texas MORE (R-Wis.).

It was announced by House Intelligence Committee Chairman Devin NunesDevin Gerald NunesThe Hill's 12:30 Report — Presented by Citi — Latest on Hurricane Michael | Trump, Kanye West to have lunch at White House | GOP divided over potential 2020 high court vacancy Senate Dem: Trump's 'fake, hyperbolic rantings' an insult to real Medal of Honor recipients Trump: Nunes should receive Medal of Honor MORE (R-Calif.), who had sought the information and threatened more drastic action if his panel continued to be denied access to the information.

"After speaking to Deputy Attorney General Rosenstein this evening, I believe the House Intelligence Committee has reached an agreement with the Department of Justice that will provide the committee with access to all the documents and witnesses we have requested," Nunes said in a statement. "The committee looks forward to receiving access to the documents over the coming days."

Nunes has in recent months lashed out against the Justice Department over its failure to respond to requests for the documents, suggesting the department was doing so deliberately.

"At this point it seems the DOJ and FBI need to be investigating themselves," Nunes wrote in a letter to Rosenstein last week.

A small group of GOP members have suggested the FBI used the documents, found in a controversial dossier of salacious allegations about the president, in order to launch an investigation into Trump.

To read the rest of our piece, click here.



Nissan is working to develop a car that can read your mind. (Motherboard)



Researchers at cybersecurity firm Proofpoint have discovered a way in which hackers can exploit the Google Apps Script to deliver malware using URLs.

Google Apps Script is a scripting language based in JavaScript that allows for the creation of standalone web applications and extensions to elements in the Google ecosystem. Researchers say that the vulnerability lets attackers "automatically download arbitrary malware hosted in Google Drive to a victim's computer."

"Google Apps Script and the normal document sharing capabilities built into Google Apps supported automatic malware downloads and sophisticated social engineering schemes designed to convince recipients to execute the malware once it has been downloaded," the company wrote in a blog post on Thursday.

"We also confirmed that it was possible to trigger exploits with this type of attack without user interaction, making it more urgent that organizations mitigated these threats before they reach end users, whenever possible."

Proofpoint has shared the findings with Google, which has taken steps to mitigate the threat.

To read more about the research, click here.



THREATS TO INDUSTRIAL SECTOR: Industrial companies are increasingly facing cyberattacks, with roughly one in four companies saying they were targeted last year in a new survey.

Twenty-eight percent of 900 industrial organizations surveyed by Moscow-based Kaspersky Lab reported facing a targeted attack in 2017, according to the research released on Thursday.

The figure represents a nearly one-third increase over the 20 percent who reported such attacks in 2016.

The survey comes less than a month after cybersecurity researchers publicly identified a new type of malware targeting industrial control systems that was used in an attack that disrupted operations at a critical infrastructure organization.

Experts and officials are particularly wary of cyberattacks that could target critical infrastructure operations. The Department of Homeland Security is responsible for engaging with critical infrastructure operators--the majority of which are private organizations--to help mitigate cyber and physical threats.

The Kaspersky survey also found that industrial organizations took considerable amounts of time to detect cyberattacks, with 34 percent spending several days and 20 percent several weeks to detect the incidents.



Links from our blog, The Hill, and around the Web.

Trump dissolves voter fraud commission. (The Hill)

US regulators to discuss Bitcoin futures trading. (The Hill)

Feud erupts between Grassley, Fusion GPS over transcripts. (The Hill)

The Trump Organization has given documents to Russia investigators. (CNN)

French president Emmanuel Macron unveils plans for 'fake news' law. (BBC)

Homeland Security data breach impacted over 240,000 current and former employees. (CyberScoop)