@RISK: The Consensus Security Vulnerability Alert
February 21, 2019 – Vol. 19, Num. 08
=========================================================
CONTENTS:
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES February 14 – 21, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: SpeakUp backdoor trojan targets Linux systems
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: New SpeakUp trojan goes after Linux machines, servers
Description: A new backdoor trojan known as “SpeakUp,” named after its command and control server, is targeting Linux machines to install cryptocurrency miners. While the attack has so far only targeted servers in East Asia and Latin America, security researchers believe it has the potential to expand.
Reference: https://searchsecurity.techtarget.com/news/252457328/SpeakUp-backdoor-Trojan-could-spell-further-trouble-for-Linux-servers
Snort SIDs: 49188
Title: Additional coverage for Adobe Acrobat vulnerabilities
Description: Cisco Talos released additional coverage for a slew of security vulnerabilities that Adobe disclosed in Acrobat and Reader. Forty-three of the bugs Adobe disclosed were considered “critical.” The release impacts Acrobat DC and Reader DC, versions 2019.010.20069 and earlier.
Reference: https://www.zdnet.com/article/adobes-massive-patch-update-fixes-critical-acrobat-reader-bugs/
Snort SIDs: 49201 – 49204, 49192, 49193, 49196, 49197
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
A former member of the U.S. Air Force was charged with defecting to Iran and helping launch a cyber-spying operation.
https://www.reuters.com/article/us-usa-iran-spy/us-charges-former-air-force-officer-with-spying-for-iran-idUSKCN1Q2228
More than 620 million account records are for sale on the dark web, according to a hacker. The accounts are connected to 16 hacked websites, including MyFitnessPal and Whitepages.
https://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/
The Department of Homeland Security dismantled a task force in charge of protecting U.S. elections from foreign interference.
https://www.thedailybeast.com/trumps-dhs-guts-task-forces-protecting-elections-from-foreign-meddling
Facebook maintains a list of individuals the company believes could be a threat to its employees based on posts they’ve made.
https://www.cnbc.com/2019/02/14/facebooks-security-team-tracks-posts-location-for-bolo-threat-list.html
Facebook and the Federal Trade Commission are reportedly negotiating a multibillion-dollar settlement for a series of privacy violations.
https://www.washingtonpost.com/technology/2019/02/14/us-government-facebook-are-negotiating-record-multi-billion-dollar-fine-companys-privacy-lapses/
The U.S. is reviving supply-chain attacks against Iran’s missile program.
https://www.nytimes.com/2019/02/13/us/politics/iran-missile-launch-failures.html
MOST PREVALENT MALWARE FILES February 14 – 21, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: e4cef790c953b769c08472ace6d6f3321851fb701882ebcb76a78a413ed85505
MD5: 2c5d83f7abe17e9ccdd6dcc0622a22aa
VirusTotal: scan analysis
Typical Filename: $RECYCLE.BIN.scr
Claimed Product: N/A
Detection Name: W32.Generic:Pitin.20ie.1201
SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: scan analysis
Typical Filename: qmreportupload.exe
Claimed Product: qmreportupload
Detection Name: Win.Trojan.Generic::in10.talos
SHA 256: 3573bf742920655ec2c28c9ec4ac04194e38096f54c63f0ceb02d366c1034f56
MD5: b6ca0e72b072f40f5544b9fd054d6ed1
VirusTotal: scan analysis
Typical Filename: maftask.zip
Claimed Product: N/A
Detection Name: Auto.3573BF7429.Sbmt.tht.Talos
SHA 256: d7d80bf3f32c20298cad1d59ca8cb4508bad43a9be5e027579d7fc77a8e47be0
MD5: d8461f2978de84045e7ad6bea7a60418
VirusTotal: scan analysis
Typical Filename: dwm.exe
Claimed Product: N/A
Detection Name: W32.CoinMiner:FileRepMalware.22de.1201
SHA 256: 83cec41170390e5e6d49ed7bf4fa76ddfb581c9e39d9efe7ed9382957de152dd
MD5: c913d292a9a907799526695c9ad3bfac
VirusTotal: scan analysis
Typical Filename: 83cec41170390e5e6d49ed7bf4fa76ddfb581c9e39d9efe7ed9382957de152dd.file
Claimed Product: Advanced Mac Cleaner
Detection Name: PUA.Osx.Trojan.Amcleaner::other.talos