Cyware Daily Threat Intelligence September 10, 2018

Top Malware Reported in the Last 24 Hours

Big Bang threat group malware campaign
The Big Bang threat group is back again and targeting Palestinian entities once again. Last year, researchers discovered an espionage campaign that the threat group was conducting against the Palestinian Authority and other targets in the Middle East. In the previous campaign, the group used the Micropsia RAT. The Big Bang's recent campaign makes use of a modular malware that can take screenshots of the infected machine and send them to the command-and-control server, locate and send a list of documents to the C2 server. The malware can also log system details, reboot a system, and destroy the executable.

SonarSnoop
A new attack method has been discovered that uses sounds emitted from a phone to figure out a user's swiped passcode to unlock an Android phone. Dubbed SonarSnoop, the malware emits a sound at between 18kHz and 20kHz, frequencies inaudible to humans, through the smartphone’s speaker. The sound waves produce data, which the malware uses to discern the swipe patterns. 

Top Breaches Vulnerabilities in the Last 24 Hours

SSL certificates
A new tool that crawls for SSL certificates and matches them to the hosted IP addresses has been discovered. The new method can be used to easily identify the public IP addresses of misconfigured dark web servers. When operators of Tor hidden services add an SSL certificate to their site, they associate the .onion domain with the certificate. A specific tool crawls the Internet and catalogs all SSL certificates it finds being used by a site and associates this .onion certificate with the public IP address it finds it on.

IBM bug
IBM found and fixed a vulnerability in its  Security Access Manager for Enterprise Single-Sign On. The flaw does not set the secure attribute on authorization tokens or session cookies in the product. The bug could allow attackers to obtain cookie values by snooping on the web traffic.

Google security patches
Google has released the September 2018 security patch for its Android OS. 59 flaws were addressed, most of which impact Android versions 7 to 9.  The most severe flaw that the Android’s September security patch fixes is a security issue related to the media framework of the operating system. The flaw could let a remote attacker execute arbitrary code.





  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.