@RISK: The Consensus Security Vulnerability Alert
August 29, 2019 – Vol. 19, Num. 35
=========================================================
CONTENTS:
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES August 22 – 29, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: Cisco 220 smart switches open to data leak
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Nest Cam IQ camera open to takeover, data disclosure
Description: Two vulnerabilities in Cisco’s 220 series of smart switches for small businesses could allow an attacker to leak sensitive information or inject malicious code. CVE-2019-1912 could allow an attacker to bypass security checks on the switch and upload arbitrary files. And CVE-2019-1913 opens the switches to a buffer overflow attack, which could be used to gain the ability to remotely execute code on the machine with root privileges.
Reference:
– https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190806-sb220-auth_bypass
– https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190806-sb220-rce
Snort SIDs: 51293 – 51295 (Written by John Levy), 51298 – 51300 (Written by Amit Raut), 51306 – 51307 (Written by Tim Muniz)
Title: Aspose APIs contain bugs that could lead to remote code execution
Description: Attackers are actively exploiting vulnerabilities in the Fortigate and Pulse VPN services to steal encryption keys, passwords and other sensitive data. These campaigns, which started last week, target the Webmin utility for managing Linux and *NIX systems. These are devices in enterprise networks, and the vulnerabilities involved could allow an attacker to take complete control of a system.
Reference: https://www.zdnet.com/article/hackers-mount-attacks-on-webmin-servers-pulse-secure-and-fortinet-vpns/
Snort SIDs: 51240 – 51243 (Written by John Levyu), 51288, 51289 (Written by Joanne Kim)
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Apple repatched a vulnerability in iOS that could allow users to jailbreak their devices — a week after a hacker discovered an older patch had been undone.
https://www.cnet.com/news/apple-releases-ios-12-4-1-to-reportedly-fix-iphone-jailbreak/
The U.S. is close to launching a program to focus on protecting the 2020 U.S. presidential election from a ransomware attack.
https://www.cnbc.com/2019/08/26/us-officials-fear-ransomware-attack-against-2020-election.html
An independent security researcher dropped a zero-day vulnerability in Valve’s Steam video game launcher after Valve banned him from the company’s bug bounty program.
https://www.vice.com/en_us/article/wjwd8n/hacker-drops-steam-zero-day-after-being-banned-from-valve-bug-bounty-program
New emails uncovered between Facebook employees show that the social media giant may have known earlier than initially disclosed about Cambridge Analytica’s mishandling of users’ data.
https://techcrunch.com/2019/08/23/facebook-really-doesnt-want-you-to-read-these-emails/
Mobile carriers say an agreement with the U.S. government will start cutting down on robocalls, but researchers are skeptical of how effective the rules will be.
https://arstechnica.com/tech-policy/2019/08/us-phone-carriers-make-empty-unenforceable-promises-to-fight-robocalls/
Spammers have started using Google calendar invites as a new form of social engineering.
https://www.cbsnews.com/news/google-calendar-spam-is-on-the-rise-heres-how-to-stop-the-calendar-invite-spam/
Courthouses in Georgia are still using paper records to keep track of criminal cases and traffic citations months after a ransomware attack.
https://www.ajc.com/news/local/courts-across-georgia-struggling-keep-since-cyberattack/ZpresJoKsiNqPWNiQwoTCO/
A recent round of ransomware attacks on cities in Texas could encourage attackers to carry out similar campaigns in the future.
https://www.cnbc.com/2019/08/22/texas-ransomware-attacks-tell-the-us-cybersecurity-story.html
MOST PREVALENT MALWARE FILES August 22 – 29, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: virus analysis
Typical Filename: qmreportupload.exe
Claimed Product: qmreportupload
Detection Name: Win.Trojan.Generic::in10.talos
SHA 256: 7acf71afa895df5358b0ede2d71128634bfbbc0e2d9deccff5c5eaa25e6f5510
MD5: 4a50780ddb3db16ebab57b0ca42da0fb
VirusTotal: virus analysis
Typical Filename: xme64-2141.exe
Claimed Product: N/A
Detection Name: W32.7ACF71AFA8-95.SBX.TG
SHA 256: 1755c179f08a648a618043a5af2314d6a679d6bdf77d4d9fca5117ebd9f3ea7c
MD5: c785a8b0be77a216a5223c41d8dd937f
VirusTotal: virus analysis
Typical Filename: cslast.gif
Claimed Product: N/A
Detection Name: W32.1755C179F0-100.SBX.TG
SHA 256: 46b241e3d33811f7364294ea99170b35462b4b5b85f71ac69d75daa487f7cf08
MD5: db69eaaea4d49703f161c81e6fdd036f
VirusTotal: virus analysis
Typical Filename: invoice.exe
Claimed Product: N/A
Detection Name: W32.46B241E3D3-95.SBX.TG
SHA 256: 093cc39350b9dd2630a1b48372abc827251a3d37bd88c35cea2e784359b457d7
MD5: 3c7be1dbe9eecfc73f4476bf18d1df3f
VirusTotal: virus analysis
Typical Filename: sayext.gif
Claimed Product: N/A
Detection Name: W32.093CC39350-100.SBX.TG