@RISK: The Consensus Security Vulnerability Alert: Vol. 19, Num. 03

@RISK: The Consensus Security Vulnerability Alert
January 17, 2019 – Vol. 19, Num. 03
=========================================================
CONTENTS:

NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES January 10 – 17, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: WindTail bypasses traditional antivirus software
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

Title: WindTail APT able to bypass traditional antivirus protections
Description: Malware from the MindTail APT is able to bypass some traditional antivirus protections, such as Apple’s default gatekeeper settings on Mac. Rather than deliver specific malware, WindTail generally tries to track its victims, including their location, online habits and other traits.
Reference: https://www.sentinelone.com/blog/how-malware-bypass-macos-gatekeeper/
Snort SIDs: 48845 – 48847

Title: L0rdix cryptocurrency miner available for purchase on darknet
Description: A new cryptocurrency miner known as “L0rdix” has surfaced on the darknet. It’s available on some forums for as little as $60, and attackers are deploying it to mine cryptocurrency on victims’ machines, as well as steal personal data. L0rdix is specifically designed to target Windows machines.
Reference: https://www.coindais.com/l0rdix-malware-steals-data-and-mines-cryptocurrency-on-windows-operating-system/
Snort SIDs: 48857, 4885

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

The federal government shutdown has led to multiple federal government websites’ security certificates lapsing, which poses a security risk.
https://www.cnet.com/news/shutdown-government-sites-with-lapsed-security-certificates-pose-risk/

Poland is pushing NATO to jointly denounce the use of Chinese tech company’s Huawei’s products, citing security concerns.
https://www.bloomberg.com/news/articles/2019-01-12/poland-says-nato-europe-should-have-common-stance-on-huawei

Security researchers have found ways attackers could take over construction cranes as well as other large pieces of construction equipment.
https://www.forbes.com/sites/thomasbrewster/2019/01/15/exclusive-watch-hackers-take-control-of-giant-construction-cranes/#b0171e91d0a5

Popular cybersecurity conference DerbyCon says it is shutting down after this year, citing an inability to control attendees’ behavior.
https://www.cbronline.com/news/derbycon-shut-down

The NSA will release its longstanding reverse-engineering tool for free later this year at the RSA conference.
https://www.zdnet.com/article/nsa-to-release-a-free-reverse-engineering-tool/

After months of barbs, Kaspersky Labs reportedly assisted the U.S. government in tracking down a notorious NSA hacker.
https://www.politico.com/story/2019/01/09/russia-kaspersky-lab-nsa-cybersecurity-1089131

MOST PREVALENT MALWARE FILES January 10 – 17, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

SHA 256: 709a7dd743ca6a688ee0afc9a67a04c73c4f6fb6559cde2bafadbb5af58f043b
MD5: 59a06d7e48fd3d80fa2dc1cb859b45cc
VirusTotal: scan analysis
Typical Filename: helperamc
Claimed Product: Advanced Mac Cleaner
Detection Name: OSX.709A7DD743.agent.tht.Talos

SHA 256: 15ffbb8d382cd2ff7b0bd4c87a7c0bffd1541c2fe86865af445123bc0b770d13
MD5: c24315b0585b852110977dacafe6c8c1
VirusTotal: scan analysis
Typical Filename: puls.exe
Claimed Product: N/A
Detection Name: W32.DoublePulsar:Malwaregen.21ip.1201

SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
MD5: 799b30f47060ca05d80ece53866e01cc
VirusTotal: scan analysis
Typical Filename: 799b30f47060ca05d80ece53866e01cc.vir
Claimed Product: N/A
Detection Name: W32.Generic:Gen.21ij.1201

SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
MD5: e2ea315d9a83e7577053f52c974f6a5a
VirusTotal: scan analysis
Typical Filename: Tempmf582901854.exe
Claimed Product: N/A
Detection Name: W32.AgentWDCR:Gen.21gn.1201

SHA 256: 18042540b39d543e9e648e5d0b059d2e8c74889bb9353674be59c94da265f393
MD5: 1a5a7532854ab45ac74b1c657fe47941
VirusTotal: scan analysis
Typical Filename: helperamc.zip
Claimed Product: Advanced Mac Cleaner
Detection Name: W32.18042540B3-95.SBX.TG