@RISK: The Consensus Security Vulnerability Alert
January 03, 2019 – Vol. 19, Num. 01
=========================================================
CONTENTS:
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES December 27, 2018 – January 3, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: Adobe schedules patches for Acrobat, Reader
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Adobe alerts customers of incoming patches for Acrobat, Reader
Description: Adobe planned to release security updates for Acrobat and Reader on Jan. 3, according to an advisory on Dec. 27. All of the vulnerabilities are considered important.
Reference: https://helpx.adobe.com/security/products/acrobat/apsb19-02.html
Snort SIDs: 48709 – 48712, 48703 – 48706
Title: Attackers leverage Brexit talks to deliver malware
Description: Security researchers believe attackers could leverage negotiations between the U.K. and European Union to deliver phishing emails. In one recent campaign, attackers pretended to be the Polish government to deliver the Zekapab malware via malicious emails. As the deadline for the two sides to reach an agreement approaches, these kinds of attacks could spike.
Reference: https://www.itpro.co.uk/security/32560/spike-in-brexit-themed-phishing-attacks-expected-once-withdrawal-agreement-is
Snort SIDs: 48732
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
A national cyberattack that hit U.S. newspaper publishers this week slowed down many of their printing schedules.
https://www.theguardian.com/technology/2018/dec/30/cyber-attack-disrupts-printing-of-major-us-newspapers
The U.S. says it is investigating a nationwide CenturyLink internet outage that led to the failure of some 911 services.
https://www.apnews.com/1454add5707d41118930e49ae5752f11
Hackers stole 10 years worth of personal data from a San Diego school district through a phishing campaign.
https://www.zdnet.com/article/hacker-steals-10-years-worth-of-data-from-san-diego-school-district/
Twitter says it fixed a bug that could allow attackers to post unauthorized tweets to some accounts though the original discoverers say that’s not the case.
https://gizmodo.com/twitter-hackers-hijacked-new-accounts-after-company-cla-1831369315
U.S. President Donald Trump is reportedly considering new executive orders that would ban American companies from using Huawei and ZTE products.
https://www.reuters.com/article/us-usa-china-huawei-tech-exclusive/exclusive-white-house-mulls-new-year-executive-order-to-bar-huawei-zte-purchases-idUSKCN1OQ09P
Apple scrambled to remove a fake Amazon app that claimed to help users set up their Alexa systems that rose up the app store’s charts.
https://9to5mac.com/2018/12/27/fake-amazon-alexa-app-psa/
MOST PREVALENT MALWARE FILES December 27, 2018 – January 3, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
MD5: 799b30f47060ca05d80ece53866e01cc
VirusTotal: virus analysis
Typical Filename: 799b30f47060ca05d80ece53866e01cc.vir
Claimed Product: N/A
Detection Name: W32.Generic:Gen.21ij.1201
SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
MD5: e2ea315d9a83e7577053f52c974f6a5a
VirusTotal: virus analysis
Typical Filename: Tempmf582901854.exe
Claimed Product: N/A
Detection Name: W32.AgentWDCR:Gen.21gn.1201
SHA 256: 709a7dd743ca6a688ee0afc9a67a04c73c4f6fb6559cde2bafadbb5af58f043b
MD5: 59a06d7e48fd3d80fa2dc1cb859b45cc
VirusTotal: virus analysis
Typical Filename: helperamc
Claimed Product: Advanced Mac Cleaner
Detection Name: OSX.709A7DD743.agent.tht.Talos
SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: virus analysis
Typical Filename: qmreportupload
Claimed Product: qmreportupload
Detection Name: Win.Trojan.Generic::in10.talos
SHA 256: 85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5
MD5: 8c80dd97c37525927c1e549cb59bcbf3
VirusTotal: virus analysis
Typical Filename: eternalblue-2.2.0.exe
Claimed Product: N/A
Detection Name: W32.GenericKD:WNCryLdrA.21lx.1201