Cyware Daily Threat Intelligence September 10, 2018

Share Blog post

Top Malware Reported in the Last 24 Hours

Big Bang threat group malware campaign
The Big Bang threat group is back again and targeting Palestinian entities once again. Last year, researchers discovered an espionage campaign that the threat group was conducting against the Palestinian Authority and other targets in the Middle East. In the previous campaign, the group used the Micropsia RAT. The Big Bang's recent campaign makes use of a modular malware that can take screenshots of the infected machine and send them to the command-and-control server, locate and send a list of documents to the C2 server. The malware can also log system details, reboot a system, and destroy the executable.

SonarSnoop
A new attack method has been discovered that uses sounds emitted from a phone to figure out a user's swiped passcode to unlock an Android phone. Dubbed SonarSnoop, the malware emits a sound at between 18kHz and 20kHz, frequencies inaudible to humans, through the smartphone’s speaker. The sound waves produce data, which the malware uses to discern the swipe patterns. 

Top Breaches Vulnerabilities in the Last 24 Hours

SSL certificates
A new tool that crawls for SSL certificates and matches them to the hosted IP addresses has been discovered. The new method can be used to easily identify the public IP addresses of misconfigured dark web servers. When operators of Tor hidden services add an SSL certificate to their site, they associate the .onion domain with the certificate. A specific tool crawls the Internet and catalogs all SSL certificates it finds being used by a site and associates this .onion certificate with the public IP address it finds it on.

IBM bug
IBM found and fixed a vulnerability in its  Security Access Manager for Enterprise Single-Sign On. The flaw does not set the secure attribute on authorization tokens or session cookies in the product. The bug could allow attackers to obtain cookie values by snooping on the web traffic.

Google security patches
Google has released the September 2018 security patch for its Android OS. 59 flaws were addressed, most of which impact Android versions 7 to 9.  The most severe flaw that the Android’s September security patch fixes is a security issue related to the media framework of the operating system. The flaw could let a remote attacker execute arbitrary code.


 Tags

micropsia rat
google security patches
big bang
sonarsnoop

Posted on: September 10, 2018

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!