Security Briefing – 11.7.2017
On Friday 3 November an app called Update WhatsApp Messenger was spotted on Google Play. The app was decked out in all the greenery and speech-bubble-logoed finery you’d expect of a legitimate WhatsApp and, most crucially, it appeared under the developer name WhatsApp Inc. Totally malware with over 1M downloads before it was pulled from the Google Play store.
Apple has reduced the accuracy of the iPhone X Face ID feature to speed up production, Bloomberg reported Monday. It’s not clear how much the new specs will reduce Face ID’s efficacy, but if the reporting is accurate, there could be problems recognizing changes in facial hair, glasses and other ancillary features, suggested Gerrit Schneemann, senior analyst at IHS Markit. Imagine someone who looks similar unlocking your phone? Or a police officer holding your phone to your face to unlock it without your consent? Neat, huh?
Remote attackers can cause thousands of Brother printers to temporarily stop working by exploiting an unpatched vulnerability discovered recently by researchers at Trustwave. According to an advisory published by the security firm, the flaw is related to an embedded httpd server named Debut that some Brother products use to host their web interfaces. The security hole is tracked as CVE-2017-16249 and it affects version 1.20 and earlier of the Debut software.
The cost for malware tools and services can add up, but the returns from cybercrime campaigns can be enormous, says Recorded Future. Still, the paybacks are enormous, says Andrei Barysevich, director of advanced collection at Recorded Future and author of the report. “We estimate the average ROI of a botnet operation to be between 400% to 600%,” he says. That’s after spending $3,500-5,000 for a trojan, thousands more in hosting, obfuscation tools, and web-injects.
If someone set out to invent a risky way to transport important data around it’s hard to imagine they’d better the USB flash stick for calamitous efficiency. They’re incredibly popular – which is why in 2017 we’re still writing about cases like the USB stick found in a west London street that turned out to contain 2.5Gb of unprotected files detailing many of the anti-terrorism procedures and systems used to protect one of the world’s busiest airports. This included: the route taken by the Queen, politicians and dignitaries when using the airport’s secure departure suite; radio codes used to indicate hijackings; details of maintenance and escape tunnels and CCTV locations; a timetable of police patrols; information of security ID cards; and details of the surveillance system used to monitor runways and the airport perimeter.
Dell’s primary domain used for the backup and restore software that comes default with every one of their new PC’s expired on June 1st, was purchased by a third party, and then Dell got it back in July. Wonder what happened to the data that was backed up then, if it even was at all? Dell seems to think it didn’t work at all. Strange world.
A very interesting variant of the Marcher Android trojan has been found targeting Austrian citizens. A phishing email contains a bit.ly link to a fake Bank Austria login page, they put their credentials in, then they’re sent an email stating they ‘don’t have the Bank Austria app and must download it.’ In the instructions to download it, users must allow applications from unknown sources (this is bad). So far, 20,000 people have had all of the information compromised on their phones from the 3-pronged attack and Proofpoint warns that this type of attack could become more common soon.