@RISK: The Consensus Security Vulnerability Alert
September 5, 2019 – Vol. 19, Num. 36
=========================================================
CONTENTS:
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES August 29 – September 5, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: Additional protection for attacks against popular VPN service
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: New protection fends off password-stealing attacks from popular VPN service
Description: Last week, attackers began launching password-stealing attacks against the Fortigate and Pulse VPN services. At the time, Cisco Talos released SNORT(R) rules to protect Pulse VPN, and there is now additional protection for Fortigate. Attackers are attempting to steal encryption keys, passwords and other important data from servers utilizing these two VPN services. These bugs can be exploited by sending the unpatched servers a specialized Web request that contains a special sequence of characters.
Reference: https://arstechnica.com/information-technology/2019/08/hackers-are-actively-trying-to-steal-passwords-from-two-widely-used-vpns/
Snort SIDs: 51370 – 51372, 51387 (Written by John Levy)
Title: Multiple vulnerabilities disclosed in Cisco NX-OS software
Description: Cisco disclosed three denial-of-service vulnerabilities in its NX-OS software: CVE-2019-1965, CVE-2019-1964 and CVE-2019-1962. These bugs can cause a variety of conditions, including forced reboots, crashes or disruption of certain processes. All three are considered high-severity vulnerabilities.
Reference:
– https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos
– https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ipv6-dos
– https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-fsip-dos
Snort SIDs: 51365 – 51367 (Written by John Levy)
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Google’s Project Zero uncovered several malicious websites that compromised iPhones for years, just by having users visit them.
https://www.cnet.com/news/google-says-iphone-security-flaws-let-websites-hack-them-for-years/
Security researchers believe this discovery could lead to a new wave of attacks on iPhones after the devices were mainly targets of nation-state actors.
https://www.wired.com/story/ios-attack-watering-hole-project-zero/
A new report suggests ransomware attacks may be on the rise because threat actors are encouraged by extortion payments from insurance companies.
https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Attackers used the “SIM hacking” technique to take over Twitter CEO Jack Dorsey’s personal account, posting offensive messages and linking to the group’s Discord channel.
https://www.theverge.com/2019/8/31/20841448/jack-dorsey-twitter-hacked-account-sim-swapping
Amazon’s Ring home security service recently released a list of the more than 400 police departments it partners with for a variety of reasons, and a new map can help users see what their cameras’ footage may be used for.
https://lifehacker.com/how-to-see-if-police-are-using-ring-doorbells-to-monito-1837797394
Apple apologized to users for its practice of allowing contracted employees to listen in on Siri recordings. The company now says it will be an opt-in program, with the goal of improving the AI assistant.
https://www.theguardian.com/technology/2019/aug/29/apple-apologises-listen-siri-recordings
Chinese tech company Huawei accused the U.S. of launching cyber attacks against its networks, while also denying allegations that it stole smart camera technology from a Portuguese firm. (Please note this article is behind a paywall.)
https://www.wsj.com/articles/huawei-accuses-the-u-s-of-cyberattacks-threatening-its-employees-11567500484
MOST PREVALENT MALWARE FILES August 29 – September 5, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: scan analysis
Typical Filename: qmreportupload.exe
Claimed Product: qmreportupload
Detection Name: Win.Trojan.Generic::in10.talos
SHA 256: 9a082883ad89498af3ad8ece88d982736edbd46d65908617cf292cf7b5836dbc
MD5: 7a6f7f930217521e47c7b8d91fb79649
VirusTotal: scan analysis
Typical Filename: DHL Scan File.img
Claimed Product: IMGBURN V2.5.8.0 – THE ULTIMATE IMAGE BURNER!
Detection Name: W32.9A082883AD-100.SBX.TG
SHA 256: 7acf71afa895df5358b0ede2d71128634bfbbc0e2d9deccff5c5eaa25e6f5510
MD5: 4a50780ddb3db16ebab57b0ca42da0fb
VirusTotal: scan analysis
Typical Filename: xme64-2141.exe
Claimed Product: N/A
Detection Name: W32.7ACF71AFA8-95.SBX.TG
SHA 256: 1755c179f08a648a618043a5af2314d6a679d6bdf77d4d9fca5117ebd9f3ea7c
MD5: c785a8b0be77a216a5223c41d8dd937f
VirusTotal: scan analysis
Typical Filename: cslast.gif
Claimed Product: N/A
Detection Name: W32.1755C179F0-100.SBX.TG
SHA 256: 093cc39350b9dd2630a1b48372abc827251a3d37bd88c35cea2e784359b457d7
MD5: 3c7be1dbe9eecfc73f4476bf18d1df3f
VirusTotal: scan analysis
Typical Filename: sayext.gif
Claimed Product: N/A
Detection Name: W32.093CC39350-100.SBX.TG