@RISK: The Consensus Security Vulnerability Alert
April 4, 2019 – Vol. 19, Num. 14
=========================================================
CONTENTS:
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES March 28 – April 4, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: Huawei software vulnerability opens Windows systems to attacks
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Huawei PCManager could allow attackers to alter Windows kernel
Description: Microsoft recently discovered a serious vulnerability in Huawei’s PCManager that could allow attackers to alter the Windows 10 kernel in Huawei’s line of MateBook machines. The Chinese tech company patched the bug in January, but it was just disclosed last week. An attacker could exploit this vulnerability by tricking the user into running a malicious application.
Reference: https://www.zdnet.com/article/microsoft-windows-10-devices-open-to-full-compromise-from-huawei-pc-driver/
Snort SIDs: 49628 – 49632
Title: Cisco discloses several vulnerabilities in IOS XE
Description: Cisco released a slew of patches last week to fix 24 vulnerabilities in its IOS operating system. The company also warned customers that two routers in its RV line are open to attack, and no fix is available as of yet. Fifteen of the bugs exist on IOS XE, which runs on Cisco networking gear such as switches, routers and controllers.
Reference: https://threatpost.com/cisco-releases-flood-of-patches-for-ios-xe-and-small-business-routers/143228/
Snort SIDs: 49606 – 49616, 49588 – 49591
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Attackers collected credit card information from Buca di Beppo restaurants for nearly a year, eventually selling the data on the dark web.
https://krebsonsecurity.com/2019/03/a-month-after-2-million-customer-cards-sold-online-buca-di-beppo-parent-admits-breach/
Australia and Singapore adopted new laws that crack down on social media sites that fail to remove violent and gruesome content quickly.
https://www.bloomberg.com/news/articles/2019-03-30/australia-to-crack-down-on-live-streaming-of-violent-crimes
A new phishing campaign specifically targets Verizon cell phone customers.
https://blog.lookout.com/mobile-phishing-verizon
Google fixed three critical remote code execution vulnerabilities in Android devices as part of its monthly security update.
https://threatpost.com/googles-april-android-security-bulletin-warns-of-3-critical-bugs/143357/
Facebook CEO Mark Zuckerberg pushed for tougher privacy laws in the U.S., urging the federal government to become more involved in data privacy and election security.
https://www.cnbc.com/2019/03/30/mark-zuckerberg-calls-for-tighter-internet-regulations-we-need-a-more-active-role-for-governments.html
Iran is being blamed for a major cyber attack against infrastructure in the U.K. that took place in December.
https://news.sky.com/story/iran-conducted-major-cyber-assault-on-key-uk-infrastructure-11676686
MOST PREVALENT MALWARE FILES March 28 – April 4, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: d98edcaf8acdd135b38ad5d6ce503e59868555f5acb6aaa95017ec758a6603ac
MD5: a7608ce0baea081df610eb9accb4400e
VirusTotal: scan analysis
Typical Filename:
emotet_e1_d98edcaf8acdd135b38ad5d6ce503e59868555f5acb6aaa95017ec758a6603ac_2019-03-26__175503.exe_
Claimed Product: Advanced PDF Converter
Detection Name: W32.d98edcaf8a.Malspam.MRT.Talos
SHA 256: ec604bc4c6020b69868f14ea05295ac7c27e0ec01c288657199d8917850f3443
MD5: 97911a1da380f874393cf15982c6b1b9
VirusTotal: scan analysis
Typical Filename: spoolsv.exe
Claimed Product: Microsoft® Windows® Operating System
Detection Name: W32.GenericKD:Trojan.22co.1201
SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: scan analysis
Typical Filename: qmreportupload.exe
Claimed Product: qmreportupload
Detection Name: Win.Trojan.Generic::in10.talos
SHA 256: 8f236ac211c340f43568e545f40c31b5feed78bdf178f13abe498a1f24557d56
MD5: 4cf6cc9fafde5d516be35f73615d3f00
VirusTotal: scan analysis
Typical Filename: max.exe
Claimed Product: 易语言程序
Detection Name: Win.Dropper.Armadillo::1201
SHA 256: 46bc86cff88521671e70edbbadbc17590305c8f91169f777635e8f529ac21044
MD5: b89b37a90d0a080c34bbba0d53bd66df
VirusTotal: scan analysis
Typical Filename: u.exe
Claimed Product: Orgs ps
Detection Name: W32.GenericKD:Trojangen.22ek.1201