Cyware Daily Threat Intelligence November 20, 2017

EMOTET variant
The notorious malware has spawned various new variants since its inception in the year 2014. Its primary role is to intercept network activity and steal data via DLL injections. However, in the recently released malware strain, new evasive features have been added that allows the malware to terminate itself if it determines it is in a sandbox environment.

Android backdoor
A backdoor file in the executable and linkable format (ELF) is said to be a part of an Android malware. The malware is reported to be belonging to the Lazarus cybercrime group. The malware poses as a legitimate APK, available from Google Play, for reading the Bible in Korean. Oracle Tuxedo platform patched
An emergency patch has been released by Oracle for resolving the serious server vulnerability issues.Also, some of the vulnerabilities had received top severity ratings. The most critical security flaw — a memory leak issue similar to HeartBleed — has also been fixed.

Android vulnerability
A fresh bug in Android smartphones has been found that exploits the MediaProjection service to access users’ screen and records audio. MediaProjection is a service capable of capturing screen contents and record system audio. This service exists in every Android system, but only apps deployed by Android OEMs can use it.

High Sierra vulnerability
There is a new update for High Sierra — released by Apple — that addresses various security upgrades and invasive ad tracker blocking in Safari and weekly firmware validation. Although, a serious flaw has been identified by a researcher that extracts passwords from Apple’s High Sierra. Older macOS versions are also affected by the attack. ABC data leak
Recently, Australian Broadcasting Corporation (ABC) has become vulnerable to the sensitive corporate data. The leak was a result of the exposure of the AWS S3 repositories that included usernames, email addresses, password hashes, and other user details. Leaked data belonged to ABC Commercial and included 1800 daily backups of their database.

Microsoft suspects source code leak
Security researchers believe that Microsoft may have lost the source code to one of its Office components. The suspicion arose after Microsoft released a security update CVE-2017-11882 that affected EQNEDT32.EXE. Also, it is reported that the developers made a series of changes directly to the buggy program’s executable file.

Medical college data breach
About 9,500 patients of the Medical College of Wisconsin (MCW) have been informed that its confidential information may have been compromised in a targeted attack in late July. According to a news release from the MCW, a small number of faculty and staff were victims of a spear phishing attack.