Security Vulnerability Alert Archives - Page 16 of 34

August 22, 2019October 14, 2019

@RISK: The Consensus Security Vulnerability Alert: Vol. 19, Num. 34

@RISK: The Consensus Security Vulnerability Alert
August 22, 2019 – Vol. 19, Num. 34
=========================================================
CONTENTS:

NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES August 15 – 22, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: Vulnerabilities in Google Nest cameras could allow attacker to leak data
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

Title: Nest Cam IQ camera open to takeover, data disclosure
Description: Cisco Talos recently discovered multiple vulnerabilities in the Nest Cam IQ Indoor camera. One of Nest Labs’ most advanced internet-of-things devices, the Nest Cam IQ Indoor integrates Security-Enhanced Linux in Android, Google Assistant, and even facial recognition all into a compact security camera. It primarily uses the Weave protocol for setup and initial communications with other Nest devices over TCP, UDP, Bluetooth and 6lowpan. Most of these vulnerabilities lie in the weave binary of the camera, however, there are some that also apply to the weave-tool binary. It is important to note that while the weave-tool binary also lives on the camera and is vulnerable, it is not normally exploitable as it requires a local attack vector (i.e. an attacker-controlled file) and the vulnerable commands are never directly run by the camera.
Reference: https://blog.talosintelligence.com/2019/08/vuln-spotlight-nest-camera-openweave-aug-2019.html
Snort SIDs: 49843 – 49855, 49797, 49798, 49801 – 49804, 49856, 49857, 49813 – 49816, 49912 (Written by Josh Williams)

Title: Aspose APIs contain bugs that could lead to remote code execution
Description: Cisco Talos recently discovered multiple remote code execution vulnerabilities in various Aspose APIs. Aspose provides a series of APIs for manipulating or converting a large family of document formats. These vulnerabilities exist in APIs that help process PDFs, Microsoft Word files and more. An attacker could exploit these vulnerabilities by sending a specially crafted, malicious file to the target and trick them into opening it while using the corresponding API.
Reference: https://blog.talosintelligence.com/2019/08/aspose-APIs-RCE-vulns-aug-2019.html
Snort SIDs: 49756, 49757, 49760, 49761, 49852, 49853 (Written by Cisco Talos analysts)

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

A new vulnerability in Bluetooth could allow an attacker to intercept keystrokes on mobile devices and potentially steal sensitive information.
https://arstechnica.com/information-technology/2019/08/new-attack-exploiting-serious-bluetooth-weakness-can-intercept-sensitive-data/

Bernie Sanders became the first 2020 presidential candidate to publicly call for an end to the use of facial recognition technology by law enforcement agencies.
https://www.vox.com/recode/2019/8/19/20812594/bernie-sanders-ban-facial-recognition-tech-police

Instagram is expanding its bug bounty program to reward researchers who discover third-party apps that inappropriately disclose user data.
https://www.engadget.com/2019/08/19/facebook-data-abuse-bounty-program-instagram-checkout/

Apple mistakenly unpatched a vulnerability that could allow users to jailbreak the iPhone, and hackers quickly went public with a way to break into a fully up-to-date device.
https://www.vice.com/en_us/article/qvgp77/hacker-releases-first-public-iphone-jailbreak-in-years

Security researchers discovered an unpatchable vulnerability in a line of SoC boards manufactured by American manufacturer Xilinx.
https://www.zdnet.com/article/unpatchable-security-flaw-found-in-popular-soc-boards/

Twenty-three cities in Texas have been hit with a ransomware attack believed to originate from a single threat actor.
https://www.npr.org/2019/08/20/752695554/23-texas-towns-hit-with-ransomware-attack-in-new-front-of-cyberassault

The United States gave Chinese tech company Huawei another 90-day import agreement that will allow the company to use American-made parts as the two sides continue to discuss security concerns.
https://www.reuters.com/article/us-huawei-tech-usa-license-exclusive-idUSKCN1V701U?

MOST PREVALENT MALWARE FILES August 15 – 22, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

SHA 256: b22eaa5c51f0128d5e63a67ddf44285010c05717e421142a3e59bba82ba1325a
MD5: 125ef5dc3115bda09d2cef1c50869205
VirusTotal: virus analysis
Typical Filename: helpermcp
Claimed Product: N/A
Detection Name: PUA.Osx.Trojan.Amcleaner::sbmt.talos

SHA 256: 8c0b271744bf654ea3538c6b92aa7bb9819de3722640796234e243efc077e2b6
MD5: f7145b132e23e3a55d2269a008395034
VirusTotal: virus analysis
Typical Filename: 8c0b271744bf654ea3538c6b92aa7bb9819de3722640796234e243efc077e2b6.bin
Claimed Product: N/A
Detection Name: Unix.Exploit.Lotoor::other.talos

SHA 256: 7acf71afa895df5358b0ede2d71128634bfbbc0e2d9deccff5c5eaa25e6f5510
MD5: 4a50780ddb3db16ebab57b0ca42da0fb
VirusTotal: virus analysis
Typical Filename: xme64-2141.exe
Claimed Product: N/A
Detection Name: W32.7ACF71AFA8-95.SBX.TG

SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
MD5: e2ea315d9a83e7577053f52c974f6a5a
VirusTotal: virus analysis
Typical Filename: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f.bin
Claimed Product: N/A
Detection Name: W32.AgentWDCR:Gen.21gn.1201

SHA 256: 46b241e3d33811f7364294ea99170b35462b4b5b85f71ac69d75daa487f7cf08
MD5: db69eaaea4d49703f161c81e6fdd036f
VirusTotal: virus analysis
Typical Filename: invoice.exe
Claimed Product: N/A
Detection Name: W32.46B241E3D3-95.SBX.TG

August 15, 2019October 14, 2019

@RISK: The Consensus Security Vulnerability Alert: Vol. 19, Num. 33

@RISK: The Consensus Security Vulnerability Alert
August 15, 2019 – Vol. 19, Num. 33
=========================================================
CONTENTS:

NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES August 8 – 15, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: Microsoft discloses more than 90 vulnerabilities as part of Patch Tuesday
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

Title: 31 critical vulnerabilities addressed in latest Microsoft security update
Description: Microsoft released its monthly security update Tuesday, disclosing more than 90 vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated “critical,” 65 that are considered “important” and one “moderate.” This month’s security update covers security issues in a variety of Microsoft services and software, including certain graphics components, Outlook and the Chakra Scripting Engine.
Reference: https://blog.talosintelligence.com/2019/08/microsoft-patch-tuesday-aug-2019.html
Snort SIDs: 35190, 35191, 40851, 40852, 45142, 45143, 50936 – 50939, 50969 – 50974, 50987, 50988, 50940, 50941, 50998, 50999, 51001 – 51006

Title: Cisco releases security patches for multiple products, including high-severity bugs in WebEx Teams
Description: Cisco released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit the more critical bugs to take control of an affected system. Some of the most severe vulnerabilities exist in Cisco WebEx Network Recording for Microsoft Windows and Cisco Webex Player for Windows. These bugs, identified across five different CVEs, could allow a remote attacker to execute arbitrary code on an affected system.
Reference: https://www.us-cert.gov/ncas/current-activity/2019/08/08/cisco-releases-security-updates-multiple-products
Snort SIDs: 50902, 50904 – 50907

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

Security researchers say some of the most popular voting machines in the U.S. have been exposed to the internet for months or even years, despite their manufacturer claiming otherwise.
https://www.vice.com/en_us/article/3kxzk9/exclusive-critical-us-election-systems-have-been-left-exposed-online-despite-official-denials

Two years after the U.S. banned the use of Kaspersky software on government-owned systems, the company’s software remains on many machines.
https://www.forbes.com/sites/thomasbrewster/2019/08/08/exclusive-kaspersky-software-lingers-on-sensitive-government-systems-2-years-after-us-ban/#3954ffb7381c

Car makers used the DEFCON conference as an opportunity to find out where there may be vulnerabilities in their onboard computers and remote start systems.
https://www.reuters.com/article/us-autos-cyber-conference/automakers-warm-up-to-friendly-hackers-at-cybersecurity-conference-idUSKCN1V10H9

Democratic lawmakers used the Black Hat and DEFCON conferences to push election security bills and criticize Senate Majority Leader Mitch McConnell.
https://www.politico.com/story/2019/08/12/election-security-hacker-conference-mitch-mcconnell-1654899

A controversial sponsored talk at the Black Hat conference about the “Time AI” service was eventually taken offline after backlash from researchers.
https://www.vice.com/en_us/article/8xw9kp/black-hat-talk-about-time-ai-causes-uproar-is-deleted-by-conference

Police in South Wales, U.K. are starting to use facial recognition apps to identify a suspect without having to take them to a station.
https://www.theguardian.com/technology/2019/aug/07/south-wales-police-to-use-facial-recognition-to-identify-suspects

The United Nations is investigating 35 cyber attacks it says came from North Korea in an effort to fund their atomic weapons program.
https://abcnews.go.com/US/wireStory/probing-35-north-korean-cyberattacks-17-countries-64933610

MOST PREVALENT MALWARE FILES August 8 – 15, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: virus analysis
Typical Filename: qmreportupload.exe
Claimed Product: qmreportupload
Detection Name: Win.Trojan.Generic::in10.talos

SHA 256: 39a875089acaa37c76dd333c46c0072c6db0586c03135153fe6c15ac453ab750
MD5: df61f138409416736d9b6f4ec72ac0af
VirusTotal: virus analysis
Typical Filename: cslast.gif
Claimed Product: N/A
Detection Name: W32.39A875089A-100.SBX.TG

August 8, 2019October 14, 2019

@RISK: The Consensus Security Vulnerability Alert: Vol. 19, Num. 32

@RISK: The Consensus Security Vulnerability Alert
August 8, 2019 – Vol. 19, Num. 32
=========================================================
CONTENTS:

NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES August 1 – 8, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: Remote code execution bug in popular VPN service
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

Title: Palo Alto Network’s GlobalProtect Secure Socket Layer (SSL) virtual private network contains remote code execution bug
Description: CVE-2019-1579 is a remote code execution vulnerability in Palo Alto Network’s GlobalProtect Secure Socket Layer (SSL) virtual private network (VPN). At the time of discovery, some systems belonging to ride-sharing service Uber were still at risk, though they have since patched the issue. An attacker could exploit this bug to carry out a buffer overflow, and then gain the ability to remotely execute code on the victim machine.
Reference: https://www.scmagazine.com/home/security-news/vulnerabilities/remote-code-execution-vulnerability-disclosed-in-palo-alto-networks-globalprotect-ssl-vpn/
Snort SIDs: 50859, 50860

Title: VMware vulnerability leads to other flaws in NVIDIA Windows GPU display driver
Description: VMware ESXi, Workstation and Fusion are affected by an out-of-bounds read vulnerability that can be triggered using a specially crafted shader file. This vulnerability can be triggered from a VMware guest, affecting the VMware host, leading to a crash (denial-of-service) of the vmware-vmx.exe process on the host. However, when the host/guest systems are using an NVIDIA graphics card, the VMware denial-of-service can be turned into a code execution vulnerability (leading to a VM escape), because of an additional security issue present in NVIDIA’s Windows GPU Display Driver.
Reference: https://blog.talosintelligence.com/2019/08/nvidia-vmware-gpu-rce-vulnerabilities.html
Snort SIDs: 48852, 48853, 49894, 49895 – 49897, 49205, 49206

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

State-sponsored actors may be behind three spear-phishing attacks on U.S. utility companies last month, according to a new report.
https://www.cyberscoop.com/apt-10-utilities-phishing-proofpoint/

Clothing resale app Poshmark said an “unauthorized third party” stole some users’ information, including usernames, first and last names, gender, email address and hashed password.
https://www.vice.com/en_us/article/8xw4n4/poshmark-hacked

Apple suspended the practice of humans reviewing Siri recordings as the company reviews the process and releases an update that will allow users to opt into the program that it uses to ensure Siri is working correctly.
https://techcrunch.com/2019/08/01/apple-suspends-siri-response-grading-in-response-to-privacy-concerns/

There are 14 states in the U.S. that use all-paperless voting systems, but they have been slow to replace or patch those machines ahead of the 2020 election.
https://www.politico.com/interactives/2019/election-security-americas-voting-machines/

Scammers tricked employees for the city of Naples, Florida into sending them $700,000 via a spear-phishing email.
https://www.naplesnews.com/story/news/local/2019/08/02/scammers-trick-naples-out-700-000-spear-phishing-cyber-attack/1902321001/

Some of the most popular websites in the world have recently unknowingly hosted malicious ads, the latest development in the exploding popularity of adware.
https://blog.talosintelligence.com/2019/07/malvertising-deepdive.html

Facebook said it deactivated two major accounts linked to spreading fake news in the Middle East, both of which may be connected to the Saudi Arabian government.
https://www.bbc.com/news/world-middle-east-49197576

MOST PREVALENT MALWARE FILES August 1 – 8, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
MD5: e2ea315d9a83e7577053f52c974f6a5a
VirusTotal: virus analysis
Typical Filename: Tempmf582901854.exe
Claimed Product: N/A
Detection Name: W32.AgentWDCR:Gen.21gn.1201

SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
MD5: 799b30f47060ca05d80ece53866e01cc
VirusTotal: virus analysis
Typical Filename: mf2016341595.exe
Claimed Product: N/A
Detection Name: W32.Generic:Gen.22fz.1201