@RISK: The Consensus Security Vulnerability Alert
September 12, 2019 – Vol. 19, Num. 37
=========================================================
CONTENTS:
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES September 5 – 12, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: Microsoft releases monthly security updates
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Microsoft patches 19 critical bugs as part of security update
Description: Microsoft released its monthly security update this week, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 85 vulnerabilities, 19 of which are rated “critical,” 65 that are considered “important” and one “moderate.” There is also a critical advisory relating to the latest update to Adobe Flash Player. This month’s security update covers security issues in a variety of Microsoft services and software, including the Jet Database Engine and the Hyper-V hypervisor. Most notably, this release contains another round of vulnerabilities in remote desktop services, the latest in a line of RDP bugs that are considered “wormable.” Talos has already outlined how Cisco Firepower users can stay protected from other series of RDP vulnerabilities known as “BlueKeep” and “DejaBlue.”
Reference: https://blog.talosintelligence.com/2019/09/microsoft-patch-tuesday-sept-2019.html
Snort SIDs: 51436 – 51438, 51445, 51446, 51449 – 51452, 51454 – 51457, 51463 – 51465, 51479 – 51483
Title: Some NETGEAR routers vulnerable to DoS attacks
Description: The NETGEAR N300 line of wireless routers contains two denial-of-service vulnerabilities. The N300 is a small and affordable wireless router that contains the basic features of a wireless router. An attacker could exploit these bugs by sending specific SOAP and HTTP requests to different functions of the router, causing it to crashentirely.
Reference: https://blog.talosintelligence.com/2019/09/vuln-spotlight-Netgear-N300-routers-DoS-sept-2019.html
Snort SIDs: 50040 (Written by Dave McDaniel)
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Apple fired back at a report from Google’s security arm that recently highlighted an exploit in their iOS mobile operating system, saying the company was “stoking fear.”
https://www.theverge.com/2019/9/6/20853115/apple-google-iphone-security-flaw-uighur-community-fud
Some states’ Departments of Motor Vehicles are selling drivers’ personal information to private investigators and other businesses.
https://www.vice.com/en_us/article/43kxzq/dmvs-selling-data-private-investigators-making-millions-of-dollars
A set of Chromebooks mistakenly warned users that the devices’ end-of-life was approaching, despite Google promising it will provide updates to the laptops for six-and-a-half years.
https://arstechnica.com/gadgets/2019/09/some-chromebooks-mistakenly-declared-themselves-end-of-life-last-week/
A new report exposed a cyber attack on a portion of the U.S. electric grid from earlier this year, the first disruptive cyber attack on the American energy grid ever recorded.
https://www.eenews.net/stories/1061111289
The popular Wikipedia service was intermittently unavailable across Europe after a string of denial-of-service attacks last week.
https://techcrunch.com/2019/09/07/wikipedia-blames-malicious-ddos-attack-after-site-goes-down-across-europe-middle-east/
U.S. Senate Majority Leader Mitch McConnell continues to block a vote on a series of cyber security bills aimed at protecting American elections, and some believe it could be at the direction of the White House.
https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2019/09/09/the-cybersecurity-202-here-s-why-mitch-mcconnell-s-blocking-election-security-bills/5d758b86602ff171a5d734b6/
The U.S. filed criminal charges against a professor in Texas for allegedly stealing a startup company’s technology on behalf of Chinese tech company Huawei. (Please note that this story is behind a paywall.)
https://www.wsj.com/articles/u-s-files-criminal-charges-against-chinese-professor-linked-to-huawei-11568048700
MOST PREVALENT MALWARE FILES September 5 – 12, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: 15ffbb8d382cd2ff7b0bd4c87a7c0bffd1541c2fe86865af445123bc0b770d13
MD5: c24315b0585b852110977dacafe6c8c1
VirusTotal: virus analysis
Typical Filename: puls.exe
Claimed Product: N/A
Detection Name: W32.DoublePulsar:WNCryLdrA.22is.1201
SHA 256: 7acf71afa895df5358b0ede2d71128634bfbbc0e2d9deccff5c5eaa25e6f5510
MD5: 4a50780ddb3db16ebab57b0ca42da0fb
VirusTotal: virus analysis
Typical Filename: xme64-2141.exe
Claimed Product: N/A
Detection Name: W32.7ACF71AFA8-95.SBX.TG
SHA 256:46b241e3d33811f7364294ea99170b35462b4b5b85f71ac69d75daa487f7cf08
MD5: db69eaaea4d49703f161c81e6fdd036f
VirusTotal: virus analysis
Typical Filename: xme32-2141-gcc.exe
Claimed Product: N/A
Detection Name: W32.46B241E3D3-95.SBX.TG
SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: virus analysis
Typical Filename: qmreportupload
Claimed Product: qmreportupload.exe
Detection Name: Win.Trojan.Generic::in10.talos
SHA 256: 093cc39350b9dd2630a1b48372abc827251a3d37bd88c35cea2e784359b457d7
MD5: 3c7be1dbe9eecfc73f4476bf18d1df3f
VirusTotal: virus analysis
Typical Filename: sayext.gif
Claimed Product: N/A
Detection Name: W32.093CC39350-100.SBX.TG