Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence October 26, 2018 - Featured Image

Daily Threat Briefing Sep 10, 2018

Top Malware Reported in the Last 24 Hours

Big Bang threat group malware campaign

The Big Bang threat group is back again and targeting Palestinian entities once again. Last year, researchers discovered an espionage campaign that the threat group was conducting against the Palestinian Authority and other targets in the Middle East. In the previous campaign, the group used the Micropsia RAT. The Big Bang's recent campaign makes use of a modular malware that can take screenshots of the infected machine and send them to the command-and-control server, locate and send a list of documents to the C2 server. The malware can also log system details, reboot a system, and destroy the executable.

SonarSnoop

A new attack method has been discovered that uses sounds emitted from a phone to figure out a user's swiped passcode to unlock an Android phone. Dubbed SonarSnoop, the malware emits a sound at between 18kHz and 20kHz, frequencies inaudible to humans, through the smartphone’s speaker. The sound waves produce data, which the malware uses to discern the swipe patterns.

Top Breaches Vulnerabilities in the Last 24 Hours

SSL certificates

A new tool that crawls for SSL certificates and matches them to the hosted IP addresses has been discovered. The new method can be used to easily identify the public IP addresses of misconfigured dark web servers. When operators of Tor hidden services add an SSL certificate to their site, they associate the .onion domain with the certificate. A specific tool crawls the Internet and catalogs all SSL certificates it finds being used by a site and associates this .onion certificate with the public IP address it finds it on.

IBM bug

IBM found and fixed a vulnerability in its Security Access Manager for Enterprise Single-Sign On. The flaw does not set the secure attribute on authorization tokens or session cookies in the product. The bug could allow attackers to obtain cookie values by snooping on the web traffic.

Google security patches

Google has released the September 2018 security patch for its Android OS. 59 flaws were addressed, most of which impact Android versions 7 to 9. The most severe flaw that the Android’s September security patch fixes is a security issue related to the media framework of the operating system. The flaw could let a remote attacker execute arbitrary code.

Related Threat Briefings