@RISK: The Consensus Security Vulnerability Alert
February 28, 2019 – Vol. 19, Num. 09
=========================================================
CONTENTS:
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES February 21 – 28, 2019
=========================================================
TOP VULNERABILITY THIS WEEK: Drupal critical flaw could lead to remote code execution
=========================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Drupal patches critical vulnerability
Description: The Drupal content management system disclosed a critical remote code execution vulnerability that could allow an attacker to completely take over a web server. The bug lies in the way some file types on Drupal improperly sanitize data from non-form sources, such as RESTful web services. This can lead to arbitrary PHP code execution.
Reference: https://www.zdnet.com/article/drupal-critical-flaw-patch-this-remote-code-execution-bug-urgently-websites-warned/
Snort SIDs: 49257
Title: Cisco releases fixes for vulnerabilities in several of its products
Description: Cisco released a round of security updates for several of its products, including WebEx, HyperFlex and Prime Infrastructure. CVE-2019-1659 is a certificate validation vulnerability in Cisco Prime Infrastructure that could allow an attacker to perform a man-in-the-middle attack against the SSL tunnel between Cisco’s Identity Service Engine and Prime Infrastructure.
Reference: https://www.helpnetsecurity.com/2019/02/21/cisco-hyperflex-flaws/
Snort SIDs: 49240
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
The U.K.’s parliament is calling for an antitrust and data abuse investigation into Facebook based on recommendations from a committee’s recent report on the social media network.
https://techcrunch.com/2019/02/17/uk-parliament-calls-for-antitrust-data-abuse-probe-of-facebook/
Australia’s prime minister says several of the country’s largest political parties were hit by a massive cyber attack from a “sophisticated state actor.”
https://www.smh.com.au/politics/federal/australia-s-major-political-parties-hacked-in-sophisticated-attack-ahead-of-election-20190218-p50yi1.html
Popular smartphone apps may be sharing sensitive data with Facebook, including women’s menstruation cycles and recent home buying purchases.
https://www.nbcnews.com/tech/tech-news/some-apps-send-data-about-menstruation-home-buying-facebook-wsj-n974711
The same Russian hacking group believed to be behind the attack on the Democratic National Committee in 2016 carried out similar attacks recently on U.S.-backed think tanks in Europe.
https://www.cnn.com/2019/02/19/tech/russian-hackers-think-tanks-europe/index.html
Screens installed on some United Airlines and Delta planes have built-in cameras that have yet to be activated.
https://www.buzzfeednews.com/article/nicolenguyen/united-delta-airlines-seat-back-screens-cameras
The Chinese government is collecting real-time location data on its citizens, according to a recently exposed database.
https://www.apnews.com/6753f428edfd439ba4b29c71941f52bb
MOST PREVALENT MALWARE FILES February 21 – 28, 2019
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3
MD5: 47b97de62ae8b2b927542aa5d7f3c858
VirusTotal: scan analysis
Typical Filename: qmreportupload
Claimed Product: qmreportupload.exe
Detection Name: Win.Trojan.Generic::in10.talos
SHA 256: 3573bf742920655ec2c28c9ec4ac04194e38096f54c63f0ceb02d366c1034f56
MD5: b6ca0e72b072f40f5544b9fd054d6ed1
VirusTotal: scan analysis
Typical Filename: maftask.zip
Claimed Product: N/A
Detection Name: Auto.3573BF7429.Sbmt.tht.Talos
SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
MD5: e2ea315d9a83e7577053f52c974f6a5a
VirusTotal: scan analysis
Typical Filename: Tempmf582901854.exe
Claimed Product: N/A
Detection Name: W32.AgentWDCR:Gen.21gn.1201
SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
MD5: 799b30f47060ca05d80ece53866e01cc
VirusTotal: scan analysis
Typical Filename: 799b30f47060ca05d80ece53866e01cc.vir
Claimed Product: N/A
Detection Name: W32.Generic:Gen.21ij.1201
SHA 256: 18042540b39d543e9e648e5d0b059d2e8c74889bb9353674be59c94da265f393
MD5: 1a5a7532854ab45ac74b1c657fe47941
VirusTotal: scan analysis
Typical Filename: helperamc.zip
Claimed Product: N/A
Detection Name: W32.18042540B3-95.SBX.TG