@RISK: The Consensus Security Vulnerability Alert: Vol. 19, Num. 12

@RISK: The Consensus Security Vulnerability Alert
March 21, 2019 – Vol. 19, Num. 12
=========================================================
CONTENTS:

NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES March 14 – 21, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: Malicious WordPress comments could lead to complete site takeovers
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

Title: Latest WordPress version fixes critical vulnerability
Description: The latest update from WordPress fixes a critical vulnerability that could allow an attacker to completely take over a site. The bug opened sites to be attacked via malicious comments that contain cross-site scripting if sites had the comments module enabled. Around 20,000 sites have already been impacted by this exploit.
Reference: https://www.bleepingcomputer.com/news/security/wordpress-511-fixes-xss-vulnerability-leading-to-website-takeovers/
Snort SIDs: 49448

Title: Multiple vulnerabilities in CUJO Smart Firewall, Das U-Boot, OCTEON SDK, Webroot BrightCloud
Description: Cisco Talos recently discovered 11 vulnerabilities in the CUJO Smart Firewall. These vulnerabilities could allow an attacker to bypass the safe browsing function and completely take control of the device, either by executing arbitrary code in the context of the root account, or by uploading and executing unsigned kernels on affected systems.
Reference: https://blog.talosintelligence.com/2019/03/vuln-spotlight-cujo.html
Snort SIDs: 47234, 47663, 47809, 47811, 47842, 48261, 48262

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

Several high-profile companies may have issued 1 million digital certificates that do not actually meet industry requirements.
https://arstechnica.com/information-technology/2019/03/godaddy-apple-and-google-goof-results-in-1-million-misissued-certificates/

U.S. immigration agents have access to a database of American citizens’ location based on their license plate number.
https://www.aclunc.org/blog/documents-reveal-ice-using-driver-location-data-local-police-deportations

The U.S. Department of Defense is working on a $10 million open-source voting system that would deter attacks and also allow voters to check that their votes were counted correctly.
https://motherboard.vice.com/en_us/article/yw84q7/darpa-is-building-a-dollar10-million-open-source-secure-voting-system

Norwegian aluminum company Norsk Hydro had their operations interrupted in the U.S. and Europe due to a ransomware attack.
https://www.bloomberg.com/news/articles/2019-03-19/norsk-hydro-ransomware-attack-is-severe-but-all-too-common

Germany is considering legislation that would impose harsh punishment on people who provided digital infrastructure for illegal online activities.
https://www.zdnet.com/article/dark-web-crackdown-germans-want-to-criminalize-anyone-providing-a-platform/

Google made its Sandboxed API open-source to help developers create more secure software.
https://www.securityweek.com/google-open-sources-sandboxed-api

MOST PREVALENT MALWARE FILES March 14 – 21, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

SHA 256: aae728ffb953cfcc573c82b63eef7603c9b29c95f42bb032b790d6d51813f7c3
MD5: ee445f9fa6296b611c72bc81d8f6c19a
VirusTotal: scan analysis
Typical Filename: wusa.exe
Claimed Product: Microsoft® Windows® Operating System
Detection Name: W32.aae728ffb9.Malspam.MRT.Talos

SHA 256: 46bc86cff88521671e70edbbadbc17590305c8f91169f777635e8f529ac21044
MD5: b89b37a90d0a080c34bbba0d53bd66df
VirusTotal: scan analysis
Typical Filename: ups.rar
Claimed Product: Orgs ps
Detection Name: W32.GenericKD:Trojangen.22ek.1201

SHA 256: fea935d2d0fb1abadb900f009b4c40bb8a91fd9e25cc76ed4f9dae08960566d5
MD5: bc7fc83ce9762eb97dc28ed1b79a0a10
VirusTotal: scan analysis
Typical Filename: max.exe
Claimed Product: WPS Office
Detection Name: W32.Agent:Malwaregen.22em.1201

SHA 256: dcf0fd2f6cc7b7d6952e8a2a9e31d760c1f60dd6c64bffae0ab8b68384a21e8b
MD5: f22a024b4c98534e8ba7a1c03b0b6132
VirusTotal: scan analysis
Typical Filename: unpacknw.zip
Claimed Product: N/A
Detection Name: Osx.Malware.Bpbw::agent.tht.talos

SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
MD5: 799b30f47060ca05d80ece53866e01cc
VirusTotal: scan analysis
Typical Filename: 799b30f47060ca05d80ece53866e01cc.vir
Claimed Product: N/A
Detection Name: W32.Generic:Gen.21ij.1201