Hello, welcome to the Monday, October 30th, 2017 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich and the Am recording from Berlin, Germany.

Oracle released an interesting security bulletin and patch for Oracle's identity manager.

The identity manager is part of Oracle's Fusion middle Manager. The Identity Manager is part of Oracle's Fusion Middleware. The update hasn't

gotten a lot of press being released on Friday, but the vulnerability has a CVSS score of 10,

indicating that it can be exploited remotely without authentication and successful exploitation

will lead to a complete system compromise. All current supported versions up to 12.2.1.3 are affected.

Oracle's last critical patch update was released in October 17th.

This issue with a CVE number of 2017-10-151

was not addressed in the Critical Patch Update.

And Renato came across yet another malicious Google Chrome extension.

This particular extension is advertised via spam that claims to contain a WhatsApp message.

And it tricks the user into downloading and installing the malware by

camouflaging it as a flash update of course flash update we have seen a lot

one interesting trick employed by this malware is that it intentionally

floats its size to evade antivirus the The download itself, a zip file, is a bit less

than 10 megabytes in size, but it uncompresses to 200 megabytes of executable code. Most of the

executable is no-ops, but due to the size of this binary, some anti-malware products may just not scan it.

Only about 3% of the binary, so only about 6 megabytes, which is actually less than the compressed

size, are actual executable code once the no-ops are removed.

The executable will then, if executed, disable the Windows firewall.

It will crash Chrome and then install itself as a Chrome extension.

...