Cyware Daily Threat Intelligence October 04, 2017

Locky is back
With much vigor and aggression, Locky has reappeared in the last week. After being under the wraps for several months now, it has returned with two different samples. One of the comes with the subject 'Emailed Invoice - [Random Number]' while the second one arrives with the subject 'New Doc [yyyy-mm-dd] - Page [Random Number]’. Both come with the .zip archived attachments. Look out for suspicious emails and delete them as soon as possible.

Kangaroo ransomware
The uniqueness of this ransomware is that it doesn’t spread through exploit kits, cracks, compromised sites or Trojans but instead by the developer hacking into computers using Remote Desktop. During the initial stage of infection, Kangaroo attempts to hide in the victim system by disguising itself as explorer.exe.

Crapware and adware
Crapware and adware bundles are not being distributed by the ‘Roboto Condensed Font Was Not Found’ attack. Earlier, depending on which malware was distributed at the time of visiting the website, the victim got infected with the Ursnif keylogger, Miners, or Trojan downloaders. Do not entertain pop-up window messages that ask you to install files in order to update your browser. Oracle flaws
There were a number of vulnerabilities in its popular gamut of products based on Apache Struts 2. It is speculated that the recent Equifax hack is also a result of the exploitation of the critical vulnerability in Apache Struts2 along with others. The Java deserialization vulnerability in Struts 2 allowed malicious actors to inject code into any server running a Struts application for complete remote code execution.

Apple patches flaws
In the last couple of weeks, the iOS 11 has seen a second update which is available for supported iPhones, iPads, and iPods. Several users were reporting crackling noise coming from the earpiece when making phone calls over cellular networks. This issue along with two other bugs was fixed in the latest update rollout.

OpenText document vulnerability
The software that allows users to automate the generation of customized and personalized communications, OpenText Document Sciences is riddled with flaws. Security experts discovered that malicious persons could initiate SQL injection attacks and cross-site scripting attacks and many others. The security loophole could be fixed by updating the software from the server side.