Cyware Daily Threat Intelligence November 14, 2017

Reaver malware
A malware named Reaver has been used in a China-linked cyber espionage group which has been active since 2010. It has used in highly targeted attacks launched in 2016. Ten different samples belonging to three different versions of the malicious code were identified.

OnePlus backdoor
Recently a backdoor has been spotted in OnePlus phones that could allow someone to obtain root access. This is a grave security concern as the root access can be obtained by a simple command.

IcedID banking trojan
New banking trojan named IcedID has been discovered which is currently in its first stages of development. It can carry out attacks that steal user financial data via both redirection attacks and web injection attacks. Apple FaceID tricked
In a recent discovery, Apple's FaceID security system has been broken using a mask that took a few days to make and costs only $150. While Samsung failed to secure the iris and facial recognition systems it deployed with Galaxy S8 phones released in 2017 against simple "photo attacks," Apple did a much better job.

‘Huddle’ leak
The British Broadcasting Corporation has discovered a security flaw in the office collaboration tool Huddle that led to private documents being exposed to unauthorised parties. According to Huddle, if two people arrived on the same login server within 20 milliseconds of one another, they would both be issued the same authorization code.

ProPublica servers hacked
Recently, a stream of emails sent by bots shut down the servers of ProPublica, the investigative nonprofit newsroom. The attack, known as email bombing or subscription bombing, exploited the proliferation of websites that offer email sign-ups.