@RISK: The Consensus Security Vulnerability Alert
October 10, 2019 – Vol. 19, Num. 41
=========================================================
CONTENTS:
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES October 3 – 10, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: Microsoft Patch Tuesday – Oct. 2019: Vulnerability disclosures and Snort coverage
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Microsoft discloses 60 vulnerabilities as part of monthly security update
Description: Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 60 vulnerabilities, nine of which are considered “critical,” with the rest being deemed “important.”
This month’s security update covers security issues in a variety of Microsoft services and software, the Chakra Scripting Engine, the Windows operating system and the SharePoint software.
Reference: https://blog.talosintelligence.com/2019/10/microsoft-patch-tuesday-oct-2019.html
Snort SIDs: 51733 – 51736, 51739 – 51742, 51781 – 51794
Title: Multiple vulnerabilities in Schneider Electric Modicon M580
Description: There are several vulnerabilities in the Schneider Electric Modicon M580 that could lead to a variety of conditions, the majority of which can cause a denial of service. The Modicon M580 is the latest in Schneider Electric’s Modicon line of programmable automation controllers. The majority of the bugs exist in the Modicon’s use of FTP. Schneider Electric Modicon M580, BMEP582040 SV2.80, is affected by these vulnerabilities.
Reference: https://blog.talosintelligence.com/2019/10/vuln-spotlight-schneider-electric-m580-part-2-sept-2019.html
Snort SIDs: 49982, 49983
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Twitter says it used phone numbers and emails linked to two-factor authentication to serve targeted ads.
https://techcrunch.com/2019/10/08/twitter-admits-it-used-two-factor-phone-numbers-and-emails-for-targeted-advertising/
An Iranian hacking group carried out targeted attacks on Microsoft email accounts, including many that belonged to a U.S. presidential candidate.
https://www.geekwire.com/2019/iranian-hacker-group-attacked-hundreds-email-accounts-tied-us-presidential-candidate-microsoft-says/
After this hacking group’s actions were uncovered, they started to go after researchers who are looking into their attacks.
https://www.cyberscoop.com/iran-hacking-clearsky-microsoft-charming-kitten/
A group of cyber security firms are teaming up to promote greater cooperation between the companies’ products, including a shared set of protocols and standards.
https://www.cbronline.com/news/open-cybersecurity-alliance
The U.S. government is increasingly using child exploitation as an argument against encryption, but experts worry it will mislead the American public on encryption’s advantages.
https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2019/10/08/the-cybersecurity-202-experts-slam-justice-s-move-to-make-child-exploitation-the-face-of-antiencryption-push/5d9b664e88e0fa747e6d5169/
Cyber security agencies in the U.S. and U.K. warned of state-sponsored attacks against several popular VPN services.
https://www.zdnet.com/article/vpn-users-if-youre-on-fortinet-palo-alto-pulse-secure-patch-now-warns-spy-agency/
Several hospitals across the U.S. and Australia were taken offline in the past week due to ransomware attacks.
https://www.welivesecurity.com/2019/10/03/hospitals-us-australia-ransomware/
Apple released its new Catalina operating system this week, and it comes with several new security features.
https://www.zdnet.com/article/these-are-the-macos-catalina-10-15-security-updates-you-need-to-know-about/
MOST PREVALENT MALWARE FILES October 3 – 10, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: scan analysis
Typical Filename: qmreportupload.exe
Claimed Product: qmreportupload
Detection Name: Win.Trojan.Generic::in10.talos
SHA 256: 7acf71afa895df5358b0ede2d71128634bfbbc0e2d9deccff5c5eaa25e6f5510
MD5: 4a50780ddb3db16ebab57b0ca42da0fb
VirusTotal: scan analysis
Typical Filename: xme64-2141.exe
Claimed Product: N/A
Detection Name: W32.7ACF71AFA8-95.SBX.TG
SHA 256: ce8cb7c8dc29b9e4feab463fdf53b569b69e6a5c4ab0e50513b264563d74a6ac
MD5: 0e02555ede71bc6c724f9f924320e020
VirusTotal: scan analysis
Typical Filename: dllhostex.exe
Claimed Product: Microsoft(R) Windows(R) Operating System
Detection Name: W32.CoinMiner:CryptoMinerY.22k3.1201
SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
MD5: e2ea315d9a83e7577053f52c974f6a5a
VirusTotal: scan analysis
Typical Filename: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f.bin
Claimed Product: N/A
Detection Name: W32.AgentWDCR:Gen.21gn.1201
SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
MD5: 799b30f47060ca05d80ece53866e01cc
VirusTotal: scan analysis
Typical Filename: mf2016341595.exe
Claimed Product: N/A
Detection Name: W32.Generic:Gen.22fz.1201