@RISK: The Consensus Security Vulnerability Alert
July 25, 2019 – Vol. 19, Num. 30
=========================================================
CONTENTS:
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES July 18 – 25, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: AZORult trojan delivered via malicious YouTube links, supposed video game cheats
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Attackers spread AZORult trojan, attempts to steal passwords
Description: Attackers recently began spreading the AZORult trojan AZORult through a series of phony cheat codes for video games, such as “CounterStrike: Go and Player Unknown’s Battlegrounds. The attackers embedded links to the supposed cheats in YouTube videos and other social media sites. Once installed, the trojan attempts to steal users’ passwords. This Snort rule fires when AZORult attempts to make an outbound connection to its command and control server.
Reference: https://www.bleepingcomputer.com/news/security/fake-cs-go-pubg-rust-cheats-push-password-stealing-trojan/
Snort SIDs: 50771
Title: New protection rolled out for Microsoft vulnerability exploited in the wild
Description: Attackers continue to exploit a previously disclosed vulnerability in Windows’ win32k.sys component. The escalation of privilege bug, identified as CVE?2019?1132, was exploited in a series of targeted attacks in Eastern Europe. An APT installed espionage malware on victim machines through this bug. Two new Snort rules activate when a user attempts to corrupt a machine’s memory using this vulnerability.
Reference: https://www.welivesecurity.com/2019/07/10/windows-zero-day-cve-2019-1132-exploit/
Snort SIDs: 50734 – 50737
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Some Android phones are open to an exploit that could allow an attacker to listen in on any audio played over speakerphone using devices’ accelerometer.
https://threatpost.com/samsung-lg-android-spearphone-eavesdropping/146625/
A cloud hosting company that provides cloud-based QuickBooks accounting software said it was the victim of a ransomware attack last week, leading to some customers’ data becoming inaccessible.
https://krebsonsecurity.com/2019/07/quickbooks-cloud-hosting-firm-insynq-hit-in-ransomware-attack/
Credit reporting firm Equifax agreed to a settlement worth up to $700 million over a data breach in 2017, but security advocates and some lawmakers say the fine doesn’t go far enough.
https://www.wired.com/story/equifax-fine-not-enough/
Apple’s latest round of updates fixed a vulnerability in the Apple Watch’s Walkie Talkie app that could allow an attacker to listen in on users’ conversations.
https://arstechnica.com/gadgets/2019/07/apple-releases-ios-12-4-watchos-5-3-macos-10-14-6-and-more/
There are still 805,665 operating systems vulnerable to the highly publicized BlueKeep vulnerability, according to a new study.
https://www.bitsight.com/blog/industry-response-to-bluekeep-vulnerability
The National Security Agency plans to launch a new cybersecurity directorate later this year as part of a larger effort to align the U.S.’s offensive and defensive cyber capabilities. (Note: WSJ is behind a paywall.)
https://www.wsj.com/articles/nsa-forms-cybersecurity-directorate-under-more-assertive-u-s-effort-11563876005
U.S. Attorney General William Barr spoke out against encrypted data, saying that it could allow “criminals to operate with impunity.”
https://thehill.com/policy/technology/454292-barr-warns-encryption-allows-criminals-to-operate-with-impunity
MOST PREVALENT MALWARE FILES July 18 – 25, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: 6dfaacd6f16cb86923f21217ca436b09348ee72b34849921fed2a17bddd59310
MD5: 7054c32d4a21ae2d893a1c1994039050
VirusTotal: scan analysis
Typical Filename: maftask.zip
Claimed Product: N/A
Detection Name: PUA.Osx.Adware.Advancedmaccleaner::tpd
SHA 256: e062f35810260a1406895acff447e412a8133380807ef3ddc91c70c01bd34b50
MD5: 5a315fdaa14ae98226de43940630b147
VirusTotal: scan analysis
Typical Filename: FYDUpdate.exe
Claimed Product: Minama
Detection Name: W32.E062F35810-95.SBX.TG
SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: scan analysis
Typical Filename: qmreportupload.exe
Claimed Product: qmreportupload
Detection Name: Win.Trojan.Generic::in10.talos
SHA 256: 7acf71afa895df5358b0ede2d71128634bfbbc0e2d9deccff5c5eaa25e6f5510
MD5: 4a50780ddb3db16ebab57b0ca42da0fb
VirusTotal: scan analysis
Typical Filename: xme64-2141.exe
Claimed Product: N/A
Detection Name: W32.7ACF71AFA8-95.SBX.TG
SHA 256: 46b241e3d33811f7364294ea99170b35462b4b5b85f71ac69d75daa487f7cf08
MD5: db69eaaea4d49703f161c81e6fdd036f
VirusTotal:scan analysis
Typical Filename: xme32-2141-gcc.exe
Claimed Product: N/A
Detection Name: W32.46B241E3D3-95.SBX.TG