Latest news from Naked Security (2019/03/29)

As drones fill the skies, cybercriminals won’t be far behind

Putting these toys back in the box after a decade of hype isn’t going to be easy, but these researchers are exploring the options.

Grindr up for sale amid US fears for Chinese-owned data

A US national security panel told Kunlun, that its ownership of Grindr constitutes a national security risk.

FTC slams the phone down on quartet of robocallers

Wrist slaps and paltry fines may not be what most of us were hoping for in retribution for billions of robocalls and countless scams.

Companies will stop storing data in Australia, Microsoft warns

Australia’s controversial anti-encryption laws came under independent scrutiny this week as tech leaders criticized the proposed rules.

Latest news from Naked Security (2019/03/28)

“Twitter 2007 multicolor” hoax – debunk it, don’t spread it!

Hoaxers are saying you can unlock colorful new “features” in Twitter, but you’ll probably lock yourself out instead.

Is your e-commerce site being used to test stolen card data?

If you’re running Magento you should be on the look out for hackers testing stolen card data – it could get your PayPal account suspended.

Spyware app exposes private photos, hosting provider steps in

A hosting company has taken down a database owned by a mobile spying app after it was found displaying phone owners’ intimate images online.

Broadband providers told to explain how they handle consumer data

The FTC launched a broad inquiry to find out what data they collect, why, who they share it with, and how consumers can change or delete it.

Firefox brings Lockbox password manager to Android’s autofill

All your saved Firefox passwords, now happily inserting themselves into your Android-verse!

@RISK: The Consensus Security Vulnerability Alert: Vol. 19, Num. 13

@RISK: The Consensus Security Vulnerability Alert
March 28, 2019 – Vol. 19, Num. 13
=========================================================
CONTENTS:

NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES March 21 – 28, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: WordPress plugin vulnerabilities open sites to attack
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

Title: Two serious bugs in WordPress affect popular plugins
Description: WordPress patched two vulnerabilities in two of the most popular plugins available on the content management system. They both could allow an attacker to run extensions on top of affected websites. While WordPress has patched these bugs, the two plugins still appear to be downloaded often.
Reference: https://arstechnica.com/information-technology/2019/03/two-serious-wordpress-plugin-vulnerabilities-are-being-exploited-in-the-wild/
Snort SIDs: 49541 – 49543

Title: Trickbot dropping IcedID banking trojan
Description: Security researchers recently discovered that the IcedID banking trojan and the Trickbot dropper may be more closely related than once thought. Ties between the two malware families may even date back to six years ago, although they were discovered about a year apart. Researchers with IBM’s X-Force say there’s been a recent uptick in threat actors working together to deliver different kinds of banking trojans.
Reference: https://securityintelligence.com/the-business-of-organized-cybercrime-rising-Intergang-collaboration-in-2018/
Snort SIDs: 49544 – 49547, 49549 – 49551

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

A cellphone spyware seller left more than 95,000 private photos and 25,000 audio records on an unsecured server accessible to anyone on the internet.
https://motherboard.vice.com/en_us/article/7xnybe/hosting-provider-takes-down-spyware-mobiispy

Several tenants of a New York City apartment building are suing their landlord to remove keyless entry devices on their doors and replace them with physical locks.
https://www.nytimes.com/2019/03/23/nyregion/keyless-apartment-entry-nyc.html

Chinese intelligence agencies are using LinkedIn to recruit foreign military spies.
https://www.cyberscoop.com/linkedin-china-spies-kevin-mallory-ron-hansen/

More than 100,000 GitHub pages contain publicly accessible authentication secrets, including API and cryptographic keys, with thousands more being leaked each day.
https://www.scmagazine.com/home/security-news/paper-leaked-authentication-secrets-rampant-across-github/

ASUS corrected an update on its laptops that may have inadvertently pushed malware known as the “ShadowHammer” backdoor to users’ machines.
https://www.engadget.com/2019/03/26/asus-releases-fix-for-update-tool-malware-attack/

The latest iOS update patched 51 serious vulnerabilities, including one in an app that could have allowed an attacker to listen through an iPhone’s microphone without the user’s knowledge.
https://www.zdnet.com/article/ios-12-1-fixes-bug-that-granted-apps-hidden-access-to-the-microphone/

MOST PREVALENT MALWARE FILES March 21 – 28, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

SHA 256: dcf0fd2f6cc7b7d6952e8a2a9e31d760c1f60dd6c64bffae0ab8b68384a21e8b
MD5: f22a024b4c98534e8ba7a1c03b0b6132
VirusTotal: scan analysis
Typical Filename: unpacknw.zip
Claimed Product: N/A
Detection Name: Osx.Malware.Bpbw::agent.tht.talos

SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: scan analysis
Typical Filename: qmreportupload.exe
Claimed Product: qmreportupload
Detection Name: Win.Trojan.Generic::in10.talos

SHA 256: 4958c38ba2d7def9ba44c5382f2c5a41c619d5a5eedfb8ac4697dbf75c306933
MD5: 6b62b380b8b14b261c5bfdfe7b017cdd
VirusTotal: scan analysis
Typical Filename: csrs.exe
Claimed Product: Microsoft(R) Windows(R) Operating System
Detection Name: Win.Dropper.Shelma::1201

SHA 256: 8f236ac211c340f43568e545f40c31b5feed78bdf178f13abe498a1f24557d56
MD5: 4cf6cc9fafde5d516be35f73615d3f00
VirusTotal: scan analysis
Typical Filename: ok.exe
Claimed Product: \0x6613\0x8BED\0x8A00\0x7A0B\0x5E8F
Detection Name: W32.Trojangen:TR.22ew.1201

SHA 256: 46bc86cff88521671e70edbbadbc17590305c8f91169f777635e8f529ac21044
MD5: b89b37a90d0a080c34bbba0d53bd66df
VirusTotal: scan analysis
Typical Filename: u.exe
Claimed Product: Orgs ps
Detection Name: W32.GenericKD:Trojangen.22ek.1201