@RISK: The Consensus Security Vulnerability Alert
July 4, 2019 – Vol. 19, Num. 27
=========================================================
CONTENTS:
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES June 27 – July 4, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: New exploit kit Spelevo uses old tricks
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Spelevo exploit kit pops up to deliver banking trojans
Description: Researchers at Cisco Talos discovered a new exploit kit known as “Spelevo.” While exploit kit activity has quieted down over the past few years, this new campaign uses some old tricks — such as exploiting Adobe Flash Player vulnerabilities — to infect victims. It then delivers various payloads, but mainly banking trojans such as IcedID and Dridex. The actors behind Spelevo seem to be strictly financially motivated.
Reference: https://blog.talosintelligence.com/2019/06/spelevo-exploit-kit.html
Snort SIDs: 50509 – 50511
Title: Firefox patches critical zero-day used to target Macs
Description: Firefox patched a series of bugs in its latest update, but most notably fixed a vulnerability that attackers exploited to install cryptocurrency miners. Last week, the web browser released a fix for a code-execution vulnerability in a JavaScript programming method known as “Array.pop,” and then a sandbox breakout bug the next day. Two new Snort rules from Talos protect against the Array vulnerability.
Reference: https://arstechnica.com/information-technology/2019/06/potent-firefox-0day-used-to-install-undetected-backdoors-on-macs/
Snort SIDs: 50518, 50519
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Several members of the U.S. Security Council are reportedly considering pushing for a bill to outlaw tech companies from using encryption that law enforcement officials cannot break.
https://www.politico.com/story/2019/06/27/trump-officials-weigh-encryption-crackdown-1385306
While Apple is touting the security benefits of its soon-to-be-released credit card, some security experts say relying solely on hardware could mean long (or impossible) security updates.
https://www.cisomag.com/deconstructing-apple-card-a-hackers-perspective/
Google’s new API standards will begin phasing out some third-party sites from using Google logins as of July 15.
https://arstechnica.com/gadgets/2019/06/gmails-api-lockdown-will-kill-some-third-party-app-access-starting-july-15/
The U.S. Food and Drug Association issued a recall of a line of small, portable insulin pumps due to cybersecurity concerns.
https://www.infosecurity-magazine.com/news/medtronic-insulin-pumps-recalled-1/
Facebook says it shut down more than 30 accounts associated with spreading malware since 2014, hitting thousands of users with remote access trojans.
https://threatpost.com/facebook-malware-laced-links/146149/
A campaign downloading remote access trojans and information stealers is utilizing the well-known “Heaven’s Gate” exploit.
https://blog.talosintelligence.com/2019/07/rats-and-stealers-rush-through-heavens.html
Hackers breached cloud solutions provider PCM Inc. and accessed email and file-sharing systems for some of the company’s clients.
https://krebsonsecurity.com/2019/06/breach-at-cloud-solution-provider-pcm-inc/
MOST PREVALENT MALWARE FILES June 27 – July 4, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: 440944ab47cc3140207179f5449ddacb32883a74a9cff11141fdf494eaf21592
MD5: dd77416ab164d3423b00f33380cf06ca
VirusTotal: scan analysis
Typical Filename: SafeInstaller
Claimed Product: SafeInstaller
Detection Name: PUA.Win.Downloader.Installiq::tpd
SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: scan analysis
Typical Filename: qmreportupload.exe
Claimed Product: qmreportupload
Detection Name: Win.Trojan.Generic::in10.talos
SHA 256: 64f3633e009650708c070751bd7c7c28cd127b7a65d4ab4907dbe8ddaa01ec8b
MD5: 42143a53581e0304b08f61c2ef8032d7
VirusTotal: scan analysis
Typical Filename: N/A
Claimed Product: JPMorganChase Instructions SMG 82749206.pdf
Detection Name: Pdf.Phishing.Phishing::malicious.tht.talos
SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
MD5: e2ea315d9a83e7577053f52c974f6a5a
VirusTotal: scan analysis
Typical Filename: Tempmf582901854.exe
Claimed Product: N/A
Detection Name: W32.AgentWDCR:Gen.21gn.1201
SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
MD5: 799b30f47060ca05d80ece53866e01cc
VirusTotal: scan analysis
Typical Filename: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b.bin
Claimed Product: N/A
Detection Name: W32.Generic:Gen.22fz.1201