@RISK: The Consensus Security Vulnerability Alert: Vol. 19, Num. 09

@RISK: The Consensus Security Vulnerability Alert
February 28, 2019 – Vol. 19, Num. 09
=========================================================
CONTENTS:

NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES February 21 – 28, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: Drupal critical flaw could lead to remote code execution
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

Title: Drupal patches critical vulnerability
Description: The Drupal content management system disclosed a critical remote code execution vulnerability that could allow an attacker to completely take over a web server. The bug lies in the way some file types on Drupal improperly sanitize data from non-form sources, such as RESTful web services. This can lead to arbitrary PHP code execution.
Reference: https://www.zdnet.com/article/drupal-critical-flaw-patch-this-remote-code-execution-bug-urgently-websites-warned/
Snort SIDs: 49257

Title: Cisco releases fixes for vulnerabilities in several of its products
Description: Cisco released a round of security updates for several of its products, including WebEx, HyperFlex and Prime Infrastructure. CVE-2019-1659 is a certificate validation vulnerability in Cisco Prime Infrastructure that could allow an attacker to perform a man-in-the-middle attack against the SSL tunnel between Cisco’s Identity Service Engine and Prime Infrastructure.
Reference: https://www.helpnetsecurity.com/2019/02/21/cisco-hyperflex-flaws/
Snort SIDs: 49240

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

The U.K.’s parliament is calling for an antitrust and data abuse investigation into Facebook based on recommendations from a committee’s recent report on the social media network.
https://techcrunch.com/2019/02/17/uk-parliament-calls-for-antitrust-data-abuse-probe-of-facebook/

Australia’s prime minister says several of the country’s largest political parties were hit by a massive cyber attack from a “sophisticated state actor.”
https://www.smh.com.au/politics/federal/australia-s-major-political-parties-hacked-in-sophisticated-attack-ahead-of-election-20190218-p50yi1.html

Popular smartphone apps may be sharing sensitive data with Facebook, including women’s menstruation cycles and recent home buying purchases.
https://www.nbcnews.com/tech/tech-news/some-apps-send-data-about-menstruation-home-buying-facebook-wsj-n974711

The same Russian hacking group believed to be behind the attack on the Democratic National Committee in 2016 carried out similar attacks recently on U.S.-backed think tanks in Europe.
https://www.cnn.com/2019/02/19/tech/russian-hackers-think-tanks-europe/index.html

Screens installed on some United Airlines and Delta planes have built-in cameras that have yet to be activated.
https://www.buzzfeednews.com/article/nicolenguyen/united-delta-airlines-seat-back-screens-cameras

The Chinese government is collecting real-time location data on its citizens, according to a recently exposed database.
https://www.apnews.com/6753f428edfd439ba4b29c71941f52bb

MOST PREVALENT MALWARE FILES February 21 – 28, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: scan analysis
Typical Filename: qmreportupload
Claimed Product: qmreportupload.exe
Detection Name: Win.Trojan.Generic::in10.talos

SHA 256: 3573bf742920655ec2c28c9ec4ac04194e38096f54c63f0ceb02d366c1034f56
MD5: b6ca0e72b072f40f5544b9fd054d6ed1
VirusTotal: scan analysis
Typical Filename: maftask.zip
Claimed Product: N/A
Detection Name: Auto.3573BF7429.Sbmt.tht.Talos

SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
MD5: e2ea315d9a83e7577053f52c974f6a5a
VirusTotal: scan analysis
Typical Filename: Tempmf582901854.exe
Claimed Product: N/A
Detection Name: W32.AgentWDCR:Gen.21gn.1201

SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
MD5: 799b30f47060ca05d80ece53866e01cc
VirusTotal: scan analysis
Typical Filename: 799b30f47060ca05d80ece53866e01cc.vir
Claimed Product: N/A
Detection Name: W32.Generic:Gen.21ij.1201

SHA 256: 18042540b39d543e9e648e5d0b059d2e8c74889bb9353674be59c94da265f393
MD5: 1a5a7532854ab45ac74b1c657fe47941
VirusTotal: scan analysis
Typical Filename: helperamc.zip
Claimed Product: N/A
Detection Name: W32.18042540B3-95.SBX.TG

Latest news from Naked Security (2019/02/28)

Thunderclap: Apple Macs at risk from malicious Thunderbolt peripherals

Researchers have revealed how malicious Thunderbolt and PCI Express (PCIe) peripherals could be used to compromise computers running macOS, Windows, Linux and FreeBSD.

US House and Senate debate new data privacy law

A steady stream of hair-raising revelations about the treatment of users’ data by Facebook, et al. is pushing Congress to do *something.*

US pushed Russian troll factory offline during US midterm elections

The US blocked internet access to Russian trolls who, they say, were trying to spread FUD.

Latest news from Naked Security (2019/02/27)

Ep.021 – Leaked calls, a social media virus and passwords exposed [PODCAST]

Here’s the latest Naked Security podcast – enjoy!

Nvidia patches eight security flaws in graphics products

Chip maker Nvidia has released a security update, fixing eight CVE flaws in its Windows and Linux graphics display drivers.

Researchers break e-signatures in 22 common PDF viewers

Researchers have discovered a flaw in some PDF document viewers that allows new content to be added to documents without breaking the electronic signatures.

Police bust their own radio shop manager for dodgy software updates

Police allege that he updated radios with fraudulent software from a radio enthusiast who allegedly hacked encrypted radios for drug cartels.

Millions of utilities customers’ passwords stored in plain text

Plain-text, unencrypted passwords were sent instead of having users reset them. There was no breach, the firm claims, but how would it know?