InfoSec Week 37, 2017

Posted on 19 September 2017
SUBSCRIBE!

SfyLabs' researchers discovered a new Android banking Trojan named Red Alert 2.0, that is being offered for rent on many dark websites. It uses Twitter as a fall back mechanism for communication.
https://clientsidedetection.com/new_android_trojan_targeting_over_60_banks_and_social_apps.html

Windows cleanup utility CCleaner distributed by antivirus vendor Avast contained a multi-stage Floxif malware.
http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html https://www.bleepingcomputer.com/news/security/avast-clarifies-details-surrounding-ccleaner-malware-incident/

According to Slovak CSIRT, multiple Python packages in the PyPI Python repository was hit by typosquatting attack.
http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/

Medfusion 4000 Wireless Syringe Infusion Pumps used in acute critical care settings could be remotely controlled, patients killed.
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02

Kaspersky researchers discovered a new attack technique leveraging an undocumented Microsoft Word feature that loads PHP scripts hosted on third-party web servers.
https://securelist.com/an-undocumented-word-feature-abused-by-attackers/81899/

DigitalOcean warned that some pre-built and pre-configured application (One-Click) offered by the cloud platform are using default admin passwords.
http://www.securityweek.com/digitalocean-warns-vulnerability-affecting-cloud-users

A use after free error in Apache HTTP can leak pieces of arbitrary memory from the server. It's tracked as an CVE-2017-9798 "Optionsbleed" vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2017-9798 https://github.com/hannob/optionsbleed

Mr. SIP is a tool developed to audit and simulate SIP-based attacks.
https://github.com/meliht/mr.sip


Comments !