@RISK: The Consensus Security Vulnerability Alert
May 30, 2019 – Vol. 19, Num. 22
=========================================================
CONTENTS:
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES May 23 -30, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: Another zero-day vulnerability exposed in Internet Explorer
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Vulnerability could allow JavaScript to be injected into Internet Explorer 11
Description: Researchers uncovered another Microsoft zero-day vulnerability. One of the critical bugs could allow an attacker to inject a DLL into Internet Explorer 11. After the injection, the exploit opens a filepicker and an HTML page that contains JavaScript that executes in a lower security context. There is also a zero-day privilege escalation vulnerability in Windows Error Reporting.
Reference: https://www.bleepingcomputer.com/news/microsoft/poc-exploits-released-for-two-more-windows-vulnerabilities/
Snort SIDs: 50183, 50184
Title: Winnti malware now appears on Linux
Description: A new variant of the Winnti malware has been spotted in the wild being exploited on Linux machines. The malware acts as a backdoor for attackers. There are two different files – a main backdoor and a library that can hide the malware’s activity. Winnti’s primary role is to handle communications and deploy other modules directly from the command and control (C2) server.
Reference: https://www.scmagazine.com/home/security-news/malware/googles-chronicle-security-team-discovered-a-linux-version-of-the-winnti-malware-was-used-in-the-2015-hack-of-a-vietnamese-gaming-company/
Snort SIDs: 50164 – 50167
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Title insurance company First American Financial Corp. leaked hundreds of millions of documents related to mortgage deals dating back to 2003.
https://krebsonsecurity.com/2019/05/first-american-financial-corp-leaked-hundreds-of-millions-of-title-insurance-records/
Hackers claim to have stolen the personal data of millions of Australian graphic design startup Canva’s users.
https://www.zdnet.com/article/australian-tech-unicorn-canva-suffers-security-breach/
An estimated one million devices are still vulnerable to the wormable vulnerability that people are calling “BlueKeep,” which Microsoft disclosed earlier this month.
https://threatpost.com/one-million-devices-open-to-wormable-microsoft-bluekeep-flaw/145113/
Snapchat pushed back on a report that some of its employees used privileged access to spy on some users.
https://www.infosecurity-magazine.com/news/snapchat-claims-of-employees-1/
The U.S. charged WikiLeaks founder Julian Assange with 17 criminal charges for soliciting, receiving and publishing national secrets.
https://www.buzzfeednews.com/article/zoetillman/julian-assange-wikileaks-new-charges-us
A phony, malicious app on the Google Play store that steals users’ cryptocurrencies was downloaded more than 1,000 times before being removed recently.
https://techcrunch.com/2019/05/23/cryptocurrency-stealing-android-app/
Several lawmakers are upset that a former NSA hacking tool is behind several cyberattacks against American cities, most recently Baltimore. However, many researchers say it is on end-users to patch their machines and protect them from these kinds of vulnerabilities.
https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2019/05/28/the-cybersecurity-202-security-pros-divided-over-nsa-s-responsibility-for-baltimore-hack/5cec79771ad2e52231e8e80f/
MOST PREVALENT MALWARE FILES May 23 – 30, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: scan analysis
Typical Filename: qmreportupload.exe
Claimed Product: qmreportupload
Detection Name: Win.Trojan.Generic::in10.talos
SHA 256: f08f4374674a8993ddaf89dcaf216bc6952d211763b8489366b0835f0eda1950
MD5: b9a5e492a6c4dd618613b1a2a9c6a4fb
VirusTotal: scan analysis
Typical Filename: maf-task.zip
Claimed Product: N/A
Detection Name: PUA.Osx.Adware.Gt32supportgeeks::221862.in02
SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
MD5: e2ea315d9a83e7577053f52c974f6a5a
VirusTotal: scan analysis
Typical Filename: Tempmf582901854.exe
Claimed Product: N/A
Detection Name: W32.AgentWDCR:Gen.21gn.1201
SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
MD5: 799b30f47060ca05d80ece53866e01cc
VirusTotal: scan analysis
Typical Filename: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b.bin
Claimed Product: N/A
Detection Name: W32.Generic:Gen.22fz.1201
SHA 256: 7acf71afa895df5358b0ede2d71128634bfbbc0e2d9deccff5c5eaa25e6f5510
MD5: 4a50780ddb3db16ebab57b0ca42da0fb
VirusTotal: scan analysis
Typical Filename: wup.exe
Claimed Product: N/A
Detection Name: W32.7ACF71AFA8-95.SBX.TG