@RISK: The Consensus Security Vulnerability Alert
June 06, 2019 – Vol. 19, Num. 23
=========================================================
CONTENTS:
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES May 30 – June 6, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: WordPress plugin vulnerability used in the wild to redirect users to malicious websites
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Attackers exploit bug in popular WordPress vulnerability to inject malicious JavaScript
Description: Attackers are exploiting a recently patched bug in a WordPress plugin that allows them to redirect users to malicious sites. The vulnerability exists in the content management system’s instant chat plugin, which can allow site managers to communicate directly with users. The bug allows attackers to inject malicious JavaScript into these sites, sending them to attacker-controlled websites or displaying malicious pop-ups.
Reference: https://arstechnica.com/information-technology/2019/05/hackers-actively-exploit-wordpress-plugin-flaw-to-send-visitors-to-bad-sites/
Snort SIDs: 50299
Title: Cisco Firepower protects against encrypted attacks exploiting Microsoft RDP bug
Description: Researchers at Cisco Talos discovered a new way to protect against encrypted attacks exploiting a recently disclosed vulnerability in Microsoft RDP. Microsoft disclosed the bug in May, but did not provide any guidance on how to mitigate attacks. A new method using Cisco Firepower Management Center allows users to protect themselves from attacks that would otherwise go virtually undetected.
Reference: https://blog.talosintelligence.com/2019/05/firepower-encrypted-rdp-detection.html
Snort SIDs: 50137
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Apple unveiled a new authentication system that will allow users to log into third-party sites with their Apple ID, which the company says will make it tougher for apps to track users.
https://www.securityweek.com/apple-unveils-privacy-focused-authentication-system
Security researchers say there is no evidence that the EternalBlue NSA exploit was used in a ransomware attack on the city of Baltimore.
https://krebsonsecurity.com/2019/06/report-no-eternal-blue-exploit-found-in-baltimore-city-ransomware/
A new malware, which pulls together several open-source components, appears to have been used in several document-based attacks January through April of this year.
https://blog.talosintelligence.com/2019/06/frankenstein-campaign.html
Several American universities, foundations and retirement plans have invested in two Chinese facial recognition companies that the Chinese government is now using to surveil its citizens.
https://www.buzzfeednews.com/article/ryanmac/us-money-funding-facial-recognition-sensetime-megvii?%3Fbftw=world
The U.S. State Department is now requesting all visa applicants provide their social media account handles.
https://www.nytimes.com/2019/06/02/us/us-visa-application-social-media.html
Google is rolling out a series of new policies aimed to eliminate malicious plugins from the extensions store of its Chrome browser.
https://www.wired.com/story/google-chrome-extensions-security-changes/
MOST PREVALENT MALWARE FILES May 30 – June 6, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: scan analysis
Typical Filename: qmreportupload.exe
Claimed Product: qmreportupload
Detection Name: Win.Trojan.Generic::in10.talos
SHA 256: 144e4b5a6e99d9e89dae2ac2907c313d253878e13db86c6f5c50dae6e17a015a
MD5: 5e3b592b8e093f92ae9f6cfc93b22c58
VirusTotal: scan analysis
Typical Filename: pupdate.exe
Claimed Product: Internet Explorer
Detection Name: W32.144E4B5A6E-95.SBX.TG
SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
MD5: e2ea315d9a83e7577053f52c974f6a5a
VirusTotal: scan analysis
Typical Filename: Tempmf582901854.exe
Claimed Product: N/A
Detection Name: W32.AgentWDCR:Gen.21gn.1201
SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
MD5: 799b30f47060ca05d80ece53866e01cc
VirusTotal: scan analysis
Typical Filename: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b.bin
Claimed Product: N/A
Detection Name: W32.Generic:Gen.22fz.1201
SHA 256: 7acf71afa895df5358b0ede2d71128634bfbbc0e2d9deccff5c5eaa25e6f5510
MD5: 4a50780ddb3db16ebab57b0ca42da0fb
VirusTotal: scan analysis
Typical Filename: wup.exe
Claimed Product: N/A
Detection Name: W32.7ACF71AFA8-95.SBX.TG