@RISK: The Consensus Security Vulnerability Alert
April 16, 2020 – Vol. 20, Num. 16
CONTENTS:
=========================================================
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES April 9 – 16, 2020
=========================================================
TOP VULNERABILITY THIS WEEK: 18 critical vulnerabilities disclosed as part of Microsoft Patch Tuesday
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Microsoft releases monthly security update
Description: Microsoft released its monthly security update this week, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month’s Patch Tuesday covers 113 vulnerabilities. Eighteen of the flaws Microsoft disclosed are considered critical, while one is considered “moderate.” The remainders are scored as being “important” updates. This month’s security update covers security issues in a variety of Microsoft services and software, including SharePoint, the Windows font library and the Windows kernel.
Reference: https://blog.talosintelligence.com/2020/04/microsoft-patch-tuesday-april-2020.html
Snort SIDs: 53489 – 53492, 53619 – 53630, 53652 – 53655
Title: DrayTek routers, switches open to attack
Description: Tech company DrayTek recently patched two zero-day vulnerabilities in some of its routers and switches that could allow malicious actors to monitor traffic and install backdoors on affected networks. DrayTek worked with security researchers to discover the vulnerabilities and active exploitations in December, and patches were made available in late March. Users are encouraged to patch their devices as soon as possible or disable remote admin access.
Reference: https://www.scmagazine.com/home/security-news/vulnerabilities/zero-day-vulnerabilities-used-against-draytek-routers-and-switches/
Snort SIDs: 53591, 53592
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Apple and Google announced plans to jointly develop a service that will alert users if they’ve been near someone who’s been diagnosed with COVID-19.
https://techcrunch.com/2020/04/10/apple-and-google-are-launching-a-joint-covid-19-tracing-tool/
This “contact tracing” service has raised some concerns over privacy, however, and potential inequalities over individuals’ access to wireless networks.
https://www.cnet.com/news/how-youll-get-apple-and-googles-contact-tracing-update-for-your-phone/
Cisco Talos researchers discovered many devices’ fingerprint scanners can be tricked using 3-D printed models and resin copies of users’ fingerprints.
https://blog.talosintelligence.com/2020/04/fingerprint-research.html
Foreign currency exchange company Travelex paid a $2.3 million ransomware demand in January. (Please note that this story is behind a paywall.)
https://www.wsj.com/articles/travelex-paid-hackers-multimillion-dollar-ransom-before-hitting-new-obstacles-11586440800
Teleconferencing platform Zoom has taken steps to address some of the privacy and security concerns raised by experts.
https://www.fastcompany.com/90488717/can-you-trust-zoom
Microsoft says every country in the world has now seen at least one COVID-19-themed cyber attack, many of them utilizing the Emotet and Trickbot families.
https://www.microsoft.com/security/blog/2020/04/08/microsoft-shares-new-threat-intelligence-security-guidance-during-global-crisis/
Individuals working from home are looking toward upgrading to mesh Wi-Fi networks to improve their wireless internet speed while more employees work from home during the pandemic.
https://arstechnica.com/gadgets/2020/04/remote-work-lagging-if-you-cant-plug-it-in-upgrade-to-mesh/
Scammers are attempting to capitalize on the COVID-19 pandemic by offering phony services and health products through “gig economy” apps like Fiverr.
https://www.vice.com/en_us/article/v74ay9/fiverr-coronavirus-healers-mask-sellers
Online casino magnate SBTech is setting aside $30 million to respond to a cyber attack from last month part of an acquisition agreement.
https://zdnet.com/article/gambling-company-to-set-aside-30-million-to-deal-with-cyber-attack-fallout/
MOST PREVALENT MALWARE FILES April 9 – 16, 2020
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: a545df34334b39522b9cc8cc0c11a1591e016539b209ca1d4ab8626d70a54776
MD5: 5d34464531ddbdc7b0a4dba5b4c1cfea
VirusTotal: scan analysis
Typical Filename: FlashHelperServices.exe
Claimed Product: Flash Helper Service
Detection Name: PUA.Win.Adware.Flashserv::in03.talos
SHA 256: 589d9977a5b0420d29acc0c1968a2ff48102ac3ddc0a1f3188be79d0a4949c82
MD5: bf1d79fad6471fcf50e38a9ea1f646a5
VirusTotal: scan analysis
Typical Filename: wupxarch.exe
Claimed Product: N/A
Detection Name: W32.Auto:589d99.in03.Talos
SHA 256: 85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5
MD5: 8c80dd97c37525927c1e549cb59bcbf3
VirusTotal: scan analysis
Typical Filename: Eternalblue-2.2.0.exe
Claimed Product: N/A
Detection Name: W32.85B936960F.5A5226262.auto.Talos
SHA 256: 518a8844dae953d7f2510d38ba916f1c4ccc01cfba58f69290938b6ddde8b472
MD5: 9b47b9f19455bf56138ddb81c93b6c0c
VirusTotal: scan analysis
Typical Filename: updateprofile.exe
Claimed Product: N/A
Detection Name: Win.Dropper.Generic::tpd
SHA 256: 1c3ed460a7f78a43bab0ae575056d00c629f35cf7e72443b4e874ede0f305871
MD5: c2406fc0fce67ae79e625013325e2a68
VirusTotal: scan analysis
Typical Filename: SegurazoIC.exe
Claimed Product: Segurazo IC
Detection Name: PUA.Win.Adware.Ursu::95.sbx.tg