Cyware Daily Threat Intelligence March 06, 2018

Saposhi malware
A new malware called Saposhi--capable of taking over electronic devices and turning them into bots--has been discovered by researchers in India. The malware is being compared to the earlier released Reaper malware. Indian Computer Emergency Response Team (CERT-In) hasn't released any alert regarding Saposhi yet.

TSCookie
TSCookie malware was initially discovered in January 2018, propagating through spoofed emails, that appears to be coming from Ministry of Education, Culture, Sports, Science, and Technology of Japan. The hacker group BlackTech is expected to be behind the attacks.

Ransom note embedded in the attack
A new threat vector that uses mis-configured Memcached servers to help amplify distributed denial-of-service (DDoS) attacks, dubbed memcached reflection attacks, has been discovered. In this method, hackers can deliver ransom demands along with the address to the attackers' digital wallet hidden within the attack payload. 4G LTE protocol flaws
New security bugs have been identified in LTE protocol that can be exploited to generate fake messages, snoop on users, and forge user location data. These vulnerabilities can affect the attach, detach, and paging procedures of LTE. The vulnerabilities were discovered by a special tool named LTEInspector.

Microsoft releases KB 4090913 update
Last month, Microsoft released KB 4074588 update. The update has bugs that affected some USB devices causing them to stop working after installation. To mitigate the issue, Microsoft released a cumulative update KB 4090913 for Windows 10 version 1709. The update will be released through Windows Update mechanism.

Side-channel attacks
A threat report disclosed that memory side-channel attacks have increased tremendously ever since the Meltdown vulnerability was made public. Malware authors are trying different combinations of existing code for proof-of-concept attacks testing the vulnerability.