@RISK: The Consensus Security Vulnerability Alert: Vol. 18, Num. 51

@RISK: The Consensus Security Vulnerability Alert
December 20, 2018 – Vol. 18, Num. 51
=========================================================
CONTENTS:

NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES December 13 – 20, 2018
=========================================================
TOP VULNERABILITY THIS WEEK: WordPress patches severe security vulnerabilities in latest update
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

Title: WordPress 5.0.1 fixes several security bugs
Description: WordPress released its latest update, which fixes a number of security vulnerabilities that are considered serious. The most serious flaw allowed the content management system’s “user activation screen” to be indexed by Google, which could lead to some users’ login information to become publicly visible. WordPress also warned users about unauthorized file deletion bug and unauthorized post creation bugs.
Reference: https://threatpost.com/wordpress-5-0-patched-to-fix-serious-bugs/139948/
Snort SIDs: 48573

Title: Adobe discloses 86 vulnerabilities in Reader, Acrobat
Description: Coverage continues to come in for the slew of bugs that Adobe patched in its monthly security update. The latest release covers 86 vulnerabilities in Adobe Reader and Acrobat DC. The bugs include two buffer overflow errors, five out-of-bounds write vulnerabilities and 23 use-after-free vulnerabilities, among others.
Reference: https://latesthackingnews.com/2018/12/15/adobe-december-patch-tuesday-fixed-38-critical-vulnerabilities-in-adobe-reader-and-acrobat-dc/
Snort SIDs: 48622 – 48630, 48636, 48637

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

Smartphone apps are collecting more users’ location data than they let on, and often sell that information to advertisers and even hedge funds.
https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html

Facebook disclosed a bug that allowed app developers to view users’ photos that they uploaded to Facebook but never shared on their timeline.
https://techcrunch.com/2018/12/14/facebook-photo-bug/

Credit reporting agency Experian mistakenly exposed customer data in its training manuals, documents that have since been taken down.
https://motherboard.vice.com/en_us/article/zmdg7e/experian-exposes-customer-data-training-manuals-credit-score

Attackers from the Iranian APT group Charming Kitten attempted to break into the emails of several high-profile U.S. Treasury Department officials, as well as individuals in charge of enforcing nuclear sanctions on Iran.
https://apnews.com/7f4d814ebf0642b4b381fd9ce01345f7

Android’s facial recognition technology on its smartphones can be tricked by a 3-D printed head.
https://www.forbes.com/sites/thomasbrewster/2018/12/13/we-broke-into-a-bunch-of-android-phones-with-a-3d-printed-head/#12d7fe361330

Former U.S. Secretary of State John Kerry confirmed that Russia was behind a cyberattack on the State Department in 2014.
https://www.npr.org/templates/transcript/transcript.php?storyId=644830886

MOST PREVALENT MALWARE FILES December 13 – 20, 2018
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: scan analysis
Typical Filename: qmreportupload
Claimed Product: qmreportupload
Detection Name: Win.Trojan.Generic::in10.talos

SHA 256: fc62d76945faed86fc11454c8ae1ecc3e8cbb449b8466c7f5aaa9bf45af9730c
MD5: 1f4ab214b36d80c07898cf1a9efe7d6e
VirusTotal: scan analysis
Typical Filename: MSVSBP20.DLL
Claimed Product: Microsoft® Win
Detection Name: W32.FC62D76945-100.SBX.TG

SHA 256: 709a7dd743ca6a688ee0afc9a67a04c73c4f6fb6559cde2bafadbb5af58f043b
MD5: 59a06d7e48fd3d80fa2dc1cb859b45cc
VirusTotal: scan analysis
Typical Filename: helperamc
Claimed Product: Advanced Mac Cleaner
Detection Name: OSX.709A7DD743.agent.tht.Talos

SHA 256: e856c759e2dd2e637aaebbfc0eeea4a7f8e7c7a02967b4db2e88dc8914b5b296
MD5: c76517dc654e6852eae9f2f42a630470
VirusTotal: scan analysis
Typical Filename: maftask.zip
Claimed Product: N/A
Detection Name: OSX.E856C759E2.agent.tht.Talos

SHA 256: e5f1609df4f67e0e23f3b3409f265722692e5e15a6349bf1157d36b79c5acf9d
MD5: c9636e35954360b7b1375ee615ba6c24
VirusTotal: scan analysis
Typical Filename: 3dfx32v2.dll
Claimed Product: Voodoo2® DirectX for Windows® 95
Detection Name: W32.Auto:e5f160.in03.Talos