Share Blog post
With much vigor and aggression, Locky has reappeared in the last week. After being under the wraps for several months now, it has returned with two different samples. One of the comes with the subject 'Emailed Invoice - [Random Number]' while the second one arrives with the subject 'New Doc [yyyy-mm-dd] - Page [Random Number]’. Both come with the .zip archived attachments. Look out for suspicious emails and delete them as soon as possible.
The uniqueness of this ransomware is that it doesn’t spread through exploit kits, cracks, compromised sites or Trojans but instead by the developer hacking into computers using Remote Desktop. During the initial stage of infection, Kangaroo attempts to hide in the victim system by disguising itself as explorer.exe.
Crapware and adware
Crapware and adware bundles are not being distributed by the ‘Roboto Condensed Font Was Not Found’ attack. Earlier, depending on which malware was distributed at the time of visiting the website, the victim got infected with the Ursnif keylogger, Miners, or Trojan downloaders. Do not entertain pop-up window messages that ask you to install files in order to update your browser.
There were a number of vulnerabilities in its popular gamut of products based on Apache Struts 2. It is speculated that the recent Equifax hack is also a result of the exploitation of the critical vulnerability in Apache Struts2 along with others. The Java deserialization vulnerability in Struts 2 allowed malicious actors to inject code into any server running a Struts application for complete remote code execution.
Apple patches flaws
In the last couple of weeks, the iOS 11 has seen a second update which is available for supported iPhones, iPads, and iPods. Several users were reporting crackling noise coming from the earpiece when making phone calls over cellular networks. This issue along with two other bugs was fixed in the latest update rollout.
OpenText document vulnerability
The software that allows users to automate the generation of customized and personalized communications, OpenText Document Sciences is riddled with flaws. Security experts discovered that malicious persons could initiate SQL injection attacks and cross-site scripting attacks and many others. The security loophole could be fixed by updating the software from the server side.
Posted on: October 04, 2017
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...