@RISK: The Consensus Security Vulnerability Alert
May 23, 2019 – Vol. 19, Num. 21
=========================================================
CONTENTS:
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES May 16 -23, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: Microsoft warns of wormable remote code execution bug
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Coverage available for critical vulnerability in Microsoft Remote Desktop Protocol
Description: Microsoft continues to urge users to update to the latest version of the Remote Desktop Protocol to patch a wormable remote code execution bug. The vulnerability opens up victims to an attack where malware spreads from one machine to another once this bug is exploited only once. The company disclosed this vulnerability last week as part of its monthly security update. The company disclosed this vulnerability as CVE-2019-0708 last week as part of its monthly security update.
Reference: https://www.csoonline.com/article/3395444/microsoft-urges-windows-customers-to-patch-wormable-rdp-flaw.html
Snort SIDs: 50137
Title: Multiple vulnerabilities in Wacom Update Helper
Description: There are two privilege escalation vulnerabilities in the Wacom update helper. The update helper is a utility installed alongside the macOS application for Wacom tablets. The application interacts with the tablet and allows the user to manage it. These vulnerabilities could allow an attacker with local access to raise their privileges to root.
Reference: https://blog.talosintelligence.com/2019/05/wacom-update-helper-vuln-spotlight-may-2019.html
Snort SIDs: 48850, 48851
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
The U.S. Department of Homeland Security sent out a warning that some Chinese-made drones may be transmitting sensitive data back to their manufacturers.
https://www.cnn.com/2019/05/20/politics/dhs-chinese-drone-warning/index.html
A popular forum for people involved in stealing online accounts and carrying out SIM-swapping attacks was hacked, exposing the hashed passwords, IP addresses, email addresses and private users for more than 110,000 of its members.
https://krebsonsecurity.com/2019/05/account-hijacking-forum-ogusers-hacked/
The MuddyWater APT recently made some changes to its well-known BlackWater malware that make it more difficult to detect and easier for it to establish persistence.
https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html
Cisco has released firmware updates to address a critical flaw in its Secure Boot implementation; while fixes are currently available for some products, patches for others will not be available until later this year.
https://threatpost.com/cisco-patch-firmware/144936/
A misconfiguration in some of the most popular Docker containers could open them to attack; the issue affects containers from Microsoft, Monsanto and the British government.
https://www.zdnet.com/article/root-account-misconfigurations-found-in-20-of-top-1000-docker-containers/
San Francisco passed a law banning the government’s use of facial recognition technology, which is expected to set up battles in other cities and states between law enforcement officials and privacy advocates.
https://www.nbcnews.com/news/us-news/san-francisco-s-facial-recognition-ban-just-beginning-national-battle-n1007186
MOST PREVALENT MALWARE FILES May 16 – 23, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: scan analysis
Typical Filename: qmreportupload.exe
Claimed Product: qmreportupload
Detection Name: Win.Trojan.Generic::in10.talos
SHA 256: 6dfaacd6f16cb86923f21217ca436b09348ee72b34849921fed2a17bddd59310
MD5: 7054c32d4a21ae2d893a1c1994039050
VirusTotal: scan analysis
Typical Filename: maftask.zip
Claimed Product: N/A
Detection Name: PUA.Osx.Adware.Advancedmaccleaner::tpd
SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
MD5: 799b30f47060ca05d80ece53866e01cc
VirusTotal: scan analysis
Typical Filename: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b.bin
Claimed Product: N/A
Detection Name: W32.Generic:Gen.22fz.1201
SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
MD5: e2ea315d9a83e7577053f52c974f6a5a
VirusTotal: scan analysis
Typical Filename: Tempmf582901854.exe
Claimed Product: N/A
Detection Name: W32.AgentWDCR:Gen.21gn.1201
SHA 256: 7acf71afa895df5358b0ede2d71128634bfbbc0e2d9deccff5c5eaa25e6f5510
MD5: 4a50780ddb3db16ebab57b0ca42da0fb
VirusTotal: scan analysis
Typical Filename: wup.exe
Claimed Product: N/A
Detection Name: W32.7ACF71AFA8-95.SBX.TG