Hello, welcome to the Wednesday, October 31st, 2018 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Brad today wrote a diary about some of the changes that he has seen in the Hankitor Malspam.

Hangator, also known as Chanitor or Tor doll, has been around for a while and it usually

uses vert macros to install malware.

What Brad is seeing is a shift in the malware being installed.

Until recently the macros installed the Sous Panda banking malware on disk and in addition

run Pony malware in RAM. Initially the document just stopped sending Sous, so it just stuck with the in-ram

component, which was still a pony.

But over the last few days, it looks like Sue's Panda has been replaced by U.R. sniff.

Your sniff is typically an info stealer, but it can also intercept web traffic, which

is white sometimes used as banking matter just like Seuss.

Then of course you probably heard about Apple having a major media event today announcing

new hardware, but that's not the only

thing we got from Apple today.

Apple also released updates for its more popular products, fixing a number of security

vulnerabilities.

As often for Apple, vulnerabilities may apply to various operating systems and products. One interesting

issue is a vulnerability in FaceTime. This vulnerability can be used to execute arbitrary code

at the recipient's system. It can also leak memory. So what could happen here is that an attacker is calling you via FaceTime and uses the call

to actually steal memory content from your system.

Apple also fixed a problem with IPSEC that does affect several of its operating systems.

...