@RISK: The Consensus Security Vulnerability Alert
January 2, 2020 – Vol. 20, Num. 01
CONTENTS:
=========================================================
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
MOST PREVALENT MALWARE FILES December 26, 2019 – January 2, 2020
=========================================================
TOP VULNERABILITY THIS WEEK: Bug in Citrix leaves corporate local networks open to attack
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Arbitrary code execution vulnerability in Citrix
Description: The Citrix Application Delivery Controller (ADC) and Citrix Gateway contain remote code execution vulnerability that could allow an attacker to infiltrate a large-scale LAN. The digital workspace and enterprise network vendor said the bug does not require the use of any credentials, so therefore could be carried out by anyone. Citrix released a set of measures to mitigate the vulnerability, including software updates. These products are installed in more than 150,000 companies’ networks across the globe.
Reference: https://threatpost.com/critical-citrix-bug-80000-corporate-lans-at-risk/151444/
Snort SIDs: 52512, 51513
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Russia’s meddling in the 2016 American presidential election may trace back to a breach at a Florida tech company, according to a new report.
https://www.politico.com/news/magazine/2019/12/26/did-russia-really-hack-2016-election-088171
U.S. Congress passed a law aimed at cracking down on the companies and individuals behind robocalls, but the legislation is unlikely to actually help most users.
https://www.wsj.com/articles/washingtons-new-anti-robocall-law-wont-stop-the-calls-heres-why-11577367931
The British government apologized to the high-profile individuals whose information was leaked online, all of whom had received a prestigious award in the past, including Sir Elton John.
https://www.bbc.com/news/uk-50929543
New Orleans says it is raising its cyber insurance coverage in 2020 after a crippling ransomware attack in mid-December.
https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/new-orleans-cyber-insurance-plan/
Home security company Wyze says it mistakenly left 2.4 million users’ information exposed over the course of three weeks, including email addresses, SSIDs and API tokens.
https://www.theverge.com/2019/12/30/21042974/wyze-server-breach-cybersecurity-smart-home-security-camera
A government agency in South Korea is launching an investigation into the TikTok social media app after an official raised concerns about how the Chinese company behind the app handles personal data.
https://news.softpedia.com/news/security-risks-trigger-tiktok-investigation-in-south-korea-528726.shtml
Several individuals and groups have already filed lawsuits against Wawa after they say their credit card information was stolen and used in the data breach the gas station chain disclosed in December.
https://www.inquirer.com/business/wawa-data-breach-class-action-lawsuit-20191226.html
A deadline in Russia is quickly approaching that would require smart device manufacturers to install Russian-made software on their devices before they can hit store shelves, including a web browser that would restrict access to some social media apps.
https://www.hollywoodreporter.com/news/new-russian-legislation-targets-apple-facebook-twitter-netflix-1264747
MOST PREVALENT MALWARE FILES December 26, 2019 – January 2, 2020
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: scan analysis
Typical Filename: qmreportupload.exe
Claimed Product: qmreportupload
Detection Name: Win.Trojan.Generic::in10.talos
SHA 256: 1c3ed460a7f78a43bab0ae575056d00c629f35cf7e72443b4e874ede0f305871
MD5: c2406fc0fce67ae79e625013325e2a68
VirusTotal: scan analysis
Typical Filename: SegurazoIC.exe
Claimed Product: Digital Communications Inc.
Detection Name: PUA.Win.Adware.Ursu::95.sbx.tg
SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
MD5: e2ea315d9a83e7577053f52c974f6a5a
VirusTotal: scan analysis
Typical Filename: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f.bin
Claimed Product: N/A
Detection Name: W32.AgentWDCR:Gen.21gn.1201
SHA 256: 252555d28366ea4d2d2066ea1f66b1250b7cc297a2b0066a595f5a2b240a0637
MD5: 3e1e9579a3b11547adc012d9b1caf273
VirusTotal: scan analysis
Typical Filename: cloudnet.exe
Claimed Product: EpicNet Cloud Office
Detection Name: W32.252555D283-100.SBX.TG
SHA 256: d8b594956ed54836817e38b365dafdc69aa7e07776f83dd0f706278def8ad2d1
MD5: 56f11ce9119632ba360e5b3dd0a89acd
VirusTotal: scan analysis
Typical Filename: xme64-540.exe
Claimed Product: N/A
Detection Name: W32.D8B594956E-100.SBX.TG