@RISK: The Consensus Security Vulnerability Alert
August 15, 2019 – Vol. 19, Num. 33
=========================================================
CONTENTS:
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES August 8 – 15, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: Microsoft discloses more than 90 vulnerabilities as part of Patch Tuesday
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: 31 critical vulnerabilities addressed in latest Microsoft security update
Description: Microsoft released its monthly security update Tuesday, disclosing more than 90 vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated “critical,” 65 that are considered “important” and one “moderate.” This month’s security update covers security issues in a variety of Microsoft services and software, including certain graphics components, Outlook and the Chakra Scripting Engine.
Reference: https://blog.talosintelligence.com/2019/08/microsoft-patch-tuesday-aug-2019.html
Snort SIDs: 35190, 35191, 40851, 40852, 45142, 45143, 50936 – 50939, 50969 – 50974, 50987, 50988, 50940, 50941, 50998, 50999, 51001 – 51006
Title: Cisco releases security patches for multiple products, including high-severity bugs in WebEx Teams
Description: Cisco released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit the more critical bugs to take control of an affected system. Some of the most severe vulnerabilities exist in Cisco WebEx Network Recording for Microsoft Windows and Cisco Webex Player for Windows. These bugs, identified across five different CVEs, could allow a remote attacker to execute arbitrary code on an affected system.
Reference: https://www.us-cert.gov/ncas/current-activity/2019/08/08/cisco-releases-security-updates-multiple-products
Snort SIDs: 50902, 50904 – 50907
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Security researchers say some of the most popular voting machines in the U.S. have been exposed to the internet for months or even years, despite their manufacturer claiming otherwise.
https://www.vice.com/en_us/article/3kxzk9/exclusive-critical-us-election-systems-have-been-left-exposed-online-despite-official-denials
Two years after the U.S. banned the use of Kaspersky software on government-owned systems, the company’s software remains on many machines.
https://www.forbes.com/sites/thomasbrewster/2019/08/08/exclusive-kaspersky-software-lingers-on-sensitive-government-systems-2-years-after-us-ban/#3954ffb7381c
Car makers used the DEFCON conference as an opportunity to find out where there may be vulnerabilities in their onboard computers and remote start systems.
https://www.reuters.com/article/us-autos-cyber-conference/automakers-warm-up-to-friendly-hackers-at-cybersecurity-conference-idUSKCN1V10H9
Democratic lawmakers used the Black Hat and DEFCON conferences to push election security bills and criticize Senate Majority Leader Mitch McConnell.
https://www.politico.com/story/2019/08/12/election-security-hacker-conference-mitch-mcconnell-1654899
A controversial sponsored talk at the Black Hat conference about the “Time AI” service was eventually taken offline after backlash from researchers.
https://www.vice.com/en_us/article/8xw9kp/black-hat-talk-about-time-ai-causes-uproar-is-deleted-by-conference
Police in South Wales, U.K. are starting to use facial recognition apps to identify a suspect without having to take them to a station.
https://www.theguardian.com/technology/2019/aug/07/south-wales-police-to-use-facial-recognition-to-identify-suspects
The United Nations is investigating 35 cyber attacks it says came from North Korea in an effort to fund their atomic weapons program.
https://abcnews.go.com/US/wireStory/probing-35-north-korean-cyberattacks-17-countries-64933610
MOST PREVALENT MALWARE FILES August 8 – 15, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: b22eaa5c51f0128d5e63a67ddf44285010c05717e421142a3e59bba82ba1325a
MD5: 125ef5dc3115bda09d2cef1c50869205
VirusTotal: virus analysis
Typical Filename: helpermcp
Claimed Product: N/A
Detection Name: PUA.Osx.Trojan.Amcleaner::sbmt.talos
SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: virus analysis
Typical Filename: qmreportupload.exe
Claimed Product: qmreportupload
Detection Name: Win.Trojan.Generic::in10.talos
SHA 256: 8c0b271744bf654ea3538c6b92aa7bb9819de3722640796234e243efc077e2b6
MD5: f7145b132e23e3a55d2269a008395034
VirusTotal: virus analysis
Typical Filename: 8c0b271744bf654ea3538c6b92aa7bb9819de3722640796234e243efc077e2b6.bin
Claimed Product: N/A
Detection Name: Unix.Exploit.Lotoor::other.talos
SHA 256: 39a875089acaa37c76dd333c46c0072c6db0586c03135153fe6c15ac453ab750
MD5: df61f138409416736d9b6f4ec72ac0af
VirusTotal: virus analysis
Typical Filename: cslast.gif
Claimed Product: N/A
Detection Name: W32.39A875089A-100.SBX.TG
SHA 256: 7acf71afa895df5358b0ede2d71128634bfbbc0e2d9deccff5c5eaa25e6f5510
MD5: 4a50780ddb3db16ebab57b0ca42da0fb
VirusTotal: virus analysis
Typical Filename: xme64-2141.exe
Claimed Product: N/A
Detection Name: W32.7ACF71AFA8-95.SBX.TG