@RISK: The Consensus Security Vulnerability Alert
January 24, 2019 – Vol. 19, Num. 04
=========================================================
CONTENTS:
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES January 17 – 24, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: Malicious actor delivering new backdoor, trojan variants
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: APT launches new attacks with FlawedGrace, ServHelper variants
Description: TA505, a well-known attacker who has a history launching ransomware campaigns, is using new variants of the ServHelper backdoor and FlawedGrace remote access tool. These appear to be long-term investments by the actor that they have been distributing since November 2018.
Reference: https://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introduced-ta505
Snort SIDs: 48879 – 48887
Title: BITTER RAT resurfaces in Microsoft-focused attack
Description: A new variant of the BITTER remote access tool is in the wild once again. Attackers are trying to exploit CVE-2017-11882, a vulnerability in Microsoft Office, to download the malware. Victims receive malicious, specially crafted Word documents that execute HTTP GET requests to download special executable files.
Reference: https://community.rsa.com/community/products/netwitness/blog/2018/01/10/malspam-delivers-bitter-rat-07-01-2018
Snort SIDs: 48873 – 48878
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
France fined Google roughly $57 million for privacy violations, the largest fine handed out yet under GDPR laws.
https://www.washingtonpost.com/world/europe/france-fines-google-nearly-57-million-for-first-major-violation-of-new-european-privacy-regime/2019/01/21/89e7ee08-1d8f-11e9-a759-2b8541bbbe20_story.html
Several consumer protection websites are down due to the government shutdown, including the do-not-call list and the Federal Trade Commission’s site where users can report identity fraud.
https://www.theverge.com/2019/1/13/18178594/fcc-ftc-robocall-complaints-websites-government-shutdown
A new report from the Pentagon’s Inspector General found 266 open security vulnerabilities in American military equipment and systems.
https://motherboard.vice.com/en_us/article/7xy5ky/the-american-military-sucks-at-cybersecurity
Security researchers discovered malicious Android apps that pose as navigation apps, but only display ads over top of the legitimate Google Maps app.
https://www.zdnet.com/article/some-android-gps-apps-are-just-showing-ads-on-top-of-google-maps/
Twitter patched a bug that made some private users’ protected tweets publicly available.
https://techcrunch.com/2019/01/17/twitter-bug-revealed-some-android-users-private-tweets/
A federal judge declared that U.S. law enforcement officers cannot force users to unlock their phones using facial or fingerprint recognition technology.
https://www.forbes.com/sites/thomasbrewster/2019/01/14/feds-cant-force-you-to-unlock-your-iphone-with-finger-or-face-judge-rules/#278518b542b7
MOST PREVALENT MALWARE FILES January 17 – 24, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: f54459dbcda4aae7f983f25a5917a1dbf932fe761b9b18396f1d7568e2e24d84
MD5: 21a9440e6b5ecec1472da9c3dedab4ab
VirusTotal: scan analysis
Typical Filename: 3dfx32v2.dll
Claimed Product: Voodoo2® DirectX for Windows® 95
Detection Name: Auto.F54459DBCD.Sbmt.tht.Talos
SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: scan analysis
Typical Filename: qmreportupload.exe
Claimed Product: qmreportupload
Detection Name: Win.Trojan.Generic::in10.talos
SHA 256: 6d36f92ee3f1a7be56e00118cebf62fc4f3f127e307f5a4e7f008793ca549671
MD5: b23f736c46d9fa238b02c9eb0cea37cf
VirusTotal: scan analysis
Typical Filename: CONFIGURETGN.EXE
Claimed Product: N/A
Detection Name: W32.Auto:6d36f9.in03.Talos
SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
MD5: e2ea315d9a83e7577053f52c974f6a5a
VirusTotal: scan analysis
Typical Filename: Tempmf582901854.exe
Claimed Product: N/A
Detection Name: W32.AgentWDCR:Gen.21gn.1201
SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
MD5: 799b30f47060ca05d80ece53866e01cc
VirusTotal: scan analysis
Typical Filename: 799b30f47060ca05d80ece53866e01cc.vir
Claimed Product: N/A
Detection Name: W32.Generic:Gen.21ij.1201