Daily NCSC-FI news followup 2019-10-03

Casbaneiro: Dangerous cooking with a secret ingredient

www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/ Casbaneiro, also known as Metamorfo, is a typical Latin American banking trojan that targets banks and cryptocurrency services in Brazil and Mexico (Figure 1). It uses the social engineering method described in the introduction to our previous article, where fake pop-up windows are displayed.

Just a GIF Image Could Have Hacked Your Android Phone Using WhatsApp

thehackernews.com/2019/10/whatsapp-rce-vulnerability.html WhatsApp has recently patched a critical security vulnerability in its app for Android, which remained unpatched for at least 3 months after being discovered, and if exploited, could have allowed remote hackers to compromise Android devices and potentially steal files and chat messages.

Dutch police take down hornets’ nest of DDoS botnets

www.zdnet.com/article/dutch-police-take-down-hornets-nest-of-ddos-botnets/ Dutch police have taken down this week a bulletproof hosting provider that has sheltered tens of IoT botnets that have been responsible for hundreds of thousands of DDoS attacks around the world,. Servers were seized, and two men were arrested yesterday at the offices of KV Solutions BV.

HIGH-IMPACT RANSOMWARE ATTACKS THREATEN U.S. BUSINESSES AND ORGANIZATIONS

www.ic3.gov/media/2019/191002.aspx This Public Service Announcement (PSA) is an update and companion to Ransomware PSA I-091516-PSA posted on www.ic3.gov. This PSA contains updated information about the ransomware threat.

No More Mixed Messages About HTTPS

security.googleblog.com/2019/10/no-more-mixed-messages-about-https_3.html Today were announcing that Chrome will gradually start ensuring that https:// pages can only load secure https:// subresources. In a series of steps outlined below, well start blocking mixed content (insecure http:// subresources on https:// pages) by default.

Smominru botnet infects 4,700 new PCs daily

www.kaspersky.com/blog/smominru-botnet-eternalblue/28862/ Active since 2017, Smominru has now become one of the most rapidly spreading computer malware, according to a publicly available report. In 2019, during August alone, it infected 90,000 machines worldwide, with an infection rate of up to 4,700 computers per day. China, Taiwan, Russia, Brazil, and the US have seen the most attacks, but that doesnt mean other countries are out of its scope.

macOS systems abused in DDoS attacks

www.zdnet.com/article/macos-systems-abused-in-ddos-attacks/ Up to 40,000 macOS systems expose a particular port online that can be abused for pretty big DDoS attacks.

Minerva attack can recover private keys from smart cards, cryptographic libraries

www.zdnet.com/article/minerva-attack-can-recover-private-keys-from-smart-cards-cryptographic-libraries/ Czech academics have detailed this week a new cryptographic attack that can recover private keys used to sign operations on some smart cards and cryptographic libraries. Once obtained, the private key can allow attackers to spoof any smart cards or sign other cryptographic operations secured by the affected libraries.

Pulling back the curtain on a banking botnet

blog.avast.com/avast-researcher-helps-expose-banking-botnet-geost The Avast Threats Lab team has helped to pull back the curtain on the Geost botnet, which used 13 command-and-control servers to run hundreds of malicious domains. The botnet plundered bank accounts in Russia until in an ironic twist cybersecurity lapses exposed the entire operation, including what developers working on the criminal enterprise said to each other online.

Suomi saa uuden digiturvaosaajan: Kyberturvallisuusjohtaja torjuu bittimaailman uhkia tietokonetumpeloinnista trollaamiseen

yle.fi/uutiset/3-11003492 Suomessakin on laadittu kyberturvallisuusstrategioita, jollaisen päivitetty versio(siirryt toiseen palveluun) hyväksyttiin torstaina valtioneuvostossa. Uuden strategian on tarkoitus vastata alati kehittyvän digitaalisen ympäristön muutokseen.. Uutena ja konkreettisena uudistuksena strategiassa mainitaan kyberturvallisuusjohtajan tehtävä. Se perustetaan liikenne- ja viestintäministeriöön. Kyberturvallisuusjohtaja koordinoi kansallisesti digiuhkiin liittyviä toimia.