Cyware Daily Threat Intelligence September 23, 2017

Retefe campaign
The Retefe banking Trojan has resurfaced again in a fresh wave of Retefe campaigns consisting of unsolicited emails containing malicious Microsoft Office documents. The Retefe banking Trojan has earlier targeted Austria, Sweden, Switzerland, and Japan, and is now targeting United Kingdom banking site. You should ensure that EternalBlue vulnerability is thoroughly patched.

BTCRansomware
Recently, a new variant of the BTCWare ransomware has been discovered that appends its extension to encrypted files. It has the capability of hacking into remote computers with weak passwords using Remote Desktop services. Unfortunately, there are no tools capable of restoring files encrypted by BTCWare. Chrome flaws
Some vulnerabilities that plagued Chrome have been found by security experts. Two of the discovered flaws were rated high-risk severity. The bugs, tracked as CVE-2017-5121 and CVE-2017-5122, respectively, were out-of-bounds for access in V8. However, Google has now released the updated version for Windows, Mac, and Linux users.

NVIDIA flaws patched
Several patches for the vulnerabilities that impacted NVIDIA GPU have finally found patches. The patches for several denial-of-service (DoS) and privilege escalation vulnerabilities affecting its GeForce, NVS, Quadro and Tesla graphics card drivers. The GPU Display Driver contained various vulnerabilities in its kernel mode layer handler and they affected the Windows drivers, and some also impacted Linux, FreeBSD, and Solaris.

Samba patches
Three security updates that affected Samba servers are released for users to patch. The vulnerability majorly allowed attackers to initiate man-in-the-middle attack. A patch for a critical vulnerability impacting the free networking software Samba was issued on Sept 20, 2017. The flaw poses a severe threat to users, with around 100,000 Samba installations vulnerable to remote takeover. Adobe posts its public and private key
In a rare incident, Adobe’s Product Security Incident Response Team’s member accidentally posted the PGP keys for PSIRT’s email account for both the public and the private keys. The keys have since been taken down, and a new public key has been posted in its place. An attacker could spoof PGP-signed messages as coming from Adobe.

Verizon documents leaked
Several confidential documents related to internal systems and server logs were exposed in the recent Verizon data leak. All the sensitive documents were found on an unprotected Amazon S3 storage server controlled by Verizon. Those files had username and passwords to the internal system. In addition, the compromised files included details about the server, IP address, and infrastructure maps. Netflix scam
Hackers have found a novel way of targeting victims. This time they’ve targeted Netflix subscribers through phishing emails. Currently, the scam is active in Netherlands and UK, but can soon spread to the US. The emails are generated from supportnetflix@checkinformation[.]com and inform users that their Netflix account is disabled due to a problem in the last payment.

Protection against identity theft
A novel but a low-tech idea has been invented by a retired intelligence organization employee in the UK to protect himself against identity theft.He has made it mandatory for credit rating agencies and lenders to have his applications authenticated by his thumbprint manually. This leaves the onus of verifying the thumbprint on the lenders rather than himself.