@RISK

The Consensus Security Vulnerability Alert

January 2, 2020  |  Vol. 20, Num. 01

Recent Security Issues


SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP


Title: Arbitrary code execution vulnerability in Citrix

Description: The Citrix Application Delivery Controller (ADC) and Citrix Gateway contain remote code execution vulnerability that could allow an attacker to infiltrate a large-scale LAN. The digital workspace and enterprise network vendor said the bug does not require the use of any credentials, so therefore could be carried out by anyone. Citrix released a set of measures to mitigate the vulnerability, including software updates. These products are installed in more than 150,000 companies' networks across the globe.

Reference: https://threatpost.com/critical-citrix-bug-80000-corporate-lans-at-risk/151444/

Snort SIDs: 52512, 51513

Security News


Russia's meddling in the 2016 American presidential election may trace back to a breach at a Florida tech company, according to a new report.

https://www.politico.com/news/magazine/2019/12/26/did-russia-really-hack-2016-election-088171


U.S. Congress passed a law aimed at cracking down on the companies and individuals behind robocalls, but the legislation is unlikely to actually help most users.

https://www.wsj.com/articles/washingtons-new-anti-robocall-law-wont-stop-the-calls-heres-why-11577367931


The British government apologized to the high-profile individuals whose information was leaked online, all of whom had received a prestigious award in the past, including Sir Elton John.

https://www.bbc.com/news/uk-50929543


New Orleans says it is raising its cyber insurance coverage in 2020 after a crippling ransomware attack in mid-December.

https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/new-orleans-cyber-insurance-plan/


Home security company Wyze says it mistakenly left 2.4 million users' information exposed over the course of three weeks, including email addresses, SSIDs and API tokens.

https://www.theverge.com/2019/12/30/21042974/wyze-server-breach-cybersecurity-smart-home-security-camera


A government agency in South Korea is launching an investigation into the TikTok social media app after an official raised concerns about how the Chinese company behind the app handles personal data.

https://news.softpedia.com/news/security-risks-trigger-tiktok-investigation-in-south-korea-528726.shtml


Several individuals and groups have already filed lawsuits against Wawa after they say their credit card information was stolen and used in the data breach the gas station chain disclosed in December.

https://www.inquirer.com/business/wawa-data-breach-class-action-lawsuit-20191226.html


A deadline in Russia is quickly approaching that would require smart device manufacturers to install Russian-made software on their devices before they can hit store shelves, including a web browser that would restrict access to some social media apps.

https://www.hollywoodreporter.com/news/new-russian-legislation-targets-apple-facebook-twitter-netflix-1264747

Prevalent Malware Files


COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP


SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3

MD5: 47b97de62ae8b2b927542aa5d7f3c858

VirusTotal: https://www.virustotal.com/gui/file/3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3/details

Typical Filename: qmreportupload.exe

Claimed Product: qmreportupload

Detection Name: Win.Trojan.Generic::in10.talos


SHA 256: 1c3ed460a7f78a43bab0ae575056d00c629f35cf7e72443b4e874ede0f305871

MD5: c2406fc0fce67ae79e625013325e2a68

VirusTotal: https://www.virustotal.com/gui/file/1c3ed460a7f78a43bab0ae575056d00c629f35cf7e72443b4e874ede0f305871/details

Typical Filename: SegurazoIC.exe

Claimed Product: Digital Communications Inc.

Detection Name: PUA.Win.Adware.Ursu::95.sbx.tg


SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f

MD5: e2ea315d9a83e7577053f52c974f6a5a

VirusTotal: https://www.virustotal.com/gui/file/c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f/details

Typical Filename: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f.bin

Claimed Product: N/A

Detection Name: W32.AgentWDCR:Gen.21gn.1201


SHA 256: 252555d28366ea4d2d2066ea1f66b1250b7cc297a2b0066a595f5a2b240a0637

MD5: 3e1e9579a3b11547adc012d9b1caf273

VirusTotal: https://www.virustotal.com/gui/file/252555d28366ea4d2d2066ea1f66b1250b7cc297a2b0066a595f5a2b240a0637/details

Typical Filename: cloudnet.exe

Claimed Product: EpicNet Cloud Office

Detection Name: W32.252555D283-100.SBX.TG


SHA 256: d8b594956ed54836817e38b365dafdc69aa7e07776f83dd0f706278def8ad2d1

MD5: 56f11ce9119632ba360e5b3dd0a89acd

VirusTotal: https://www.virustotal.com/gui/file/d8b594956ed54836817e38b365dafdc69aa7e07776f83dd0f706278def8ad2d1/details

Typical Filename: xme64-540.exe

Claimed Product: N/A

Detection Name: W32.D8B594956E-100.SBX.TG