@RISK: The Consensus Security Vulnerability Alert
June 27, 2019 – Vol. 19, Num. 26
=========================================================
CONTENTS:
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES June 20 – 27, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: Attackers exploit Firefox zero-day to deliver malware
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Netwire malware delivered through Firefox vulnerability
Description: Attackers are exploiting a now-patched Mozilla Firefox vulnerability to deliver the Netwire malware. At the time of first exploitation, there was no fix for the bug. Netwire uses two separate functions to persist — once as a launch agent and again as a login item. New Snort rules prevent the malware from downloading its final payload.
Reference: https://duo.com/decipher/firefox-0-day-used-to-deliver-netwire-mac-malware
Snort SIDs: 50498, 50500
Title: Cisco patches critical bugs in DNA Center, SD-WAN
Description: Cisco has patched a slew of critical and high-severity flaws in its DNA Center and SD-WAN. In all, the company issued fixes for 25 vulnerabilities last week across a variety of its products. Two of the most severe bugs exist on access ports necessary for Cisco Digital Network Architecture (DNA) Center. There is another critical vulnerability in SD-WAN’s command line interface.
Reference: https://threatpost.com/cisco-dna-center-critical-flaw/145849/
Snort SIDs: 50467, 50469 – 50472, 50485 – 50489, 50492
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
For the second time in just over a week, a Florida city agreed to pay the attackers behind a ransomware attack in exchange for the recovery of their data.
https://www.cbsnews.com/news/ransomware-attack-lake-city-florida-pay-hackers-ransom-computer-systems-after-riviera-beach/
The U.S. Department of Homeland Security released a warning that wiper cyber attacks from Iranian threat groups are on the rise as tensions increase between Iran and America.
https://arstechnica.com/information-technology/2019/06/dhs-cyber-director-warns-of-surge-in-iranian-wiper-hack-attacks/
The head of Instagram again denied the theory that Instagram and Facebook listen in on users’ conversations and then deliver ads based on that data.
https://www.insider.com/instagram-facebook-listening-on-smartphones-2019-6
A lawsuit against Facebook over a massive data breach can move forward, a federal appeals court ruled this week. The attack in question resulted in 30 million users having their login information compromised.
https://www.bloomberg.com/news/articles/2019-06-24/facebook-must-face-lawsuit-over-29-million-user-data-breach
The DanaBot banking trojan now has a ransomware module. So far, the variant has targeted users in Italy and Poland.
https://www.bleepingcomputer.com/news/security/danabot-banking-trojan-upgraded-with-non-ransomware-module/
Oracle patched a critical vulnerability in WebLogic that attackers could exploit remotely without authentication.
https://threatpost.com/oracle-warns-of-new-actively-exploited-weblogic-flaw/145829/
MOST PREVALENT MALWARE FILES June 20 – 27, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: scan analysis
Typical Filename: qmreportupload.exe
Claimed Product: qmreportupload
Detection Name: Win.Trojan.Generic::in10.talos
SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
MD5: e2ea315d9a83e7577053f52c974f6a5a
VirusTotal: scan analysis
Typical Filename: Tempmf582901854.exe
Claimed Product: N/A
Detection Name: W32.AgentWDCR:Gen.21gn.1201
SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
MD5: 799b30f47060ca05d80ece53866e01cc
VirusTotal: scan analysis
Typical Filename: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b.bin
Claimed Product: N/A
Detection Name: W32.Generic:Gen.22fz.1201
SHA 256: 7acf71afa895df5358b0ede2d71128634bfbbc0e2d9deccff5c5eaa25e6f5510
MD5: 4a50780ddb3db16ebab57b0ca42da0fb
VirusTotal: scan analysis
Typical Filename: wup.exe
Claimed Product: N/A
Detection Name: W32.7ACF71AFA8-95.SBX.TG
SHA 256: f118e52a73227b85fbb0cb7d202c3753916e518c516286c441a2dc92ede1f023
MD5: 4f551cb9a7c7d24104c19ac85e55defe
VirusTotal: scan analysis
Typical Filename: watchdog.exe
Claimed Product: N/A
Detection Name: W32.Trojan:Trojangen.22hu.1201