@RISK

The Consensus Security Vulnerability Alert

November 4, 2021  |  Vol. 21, Num. 43

Recent Security Issues


SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP


Title: TA505 begins larger-volume malicious email attacks, adding FlawedGrace variant and MirrorBlast

Description: Known-actor TA505 has ramped up its large-volume malicious email attacks through September and October 2021, adding new tools to its email lures and malicious Excel attachments with MirrorBlast and a FlawedGrace variant. Rebol and KiXtart replaced the Get2 downloader, employing more information-gathering techniques and next-stage launch protocols. Targets have expanded from North America to German-speaking countries.

References: https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant

Snort SIDs: 58429-58433


Title: BQE Software vulnerability highlights need for proactive measures as well as fast patchwork

Description: BQE Software will receive a short-term patch, after hackers from Huntress were able to exploit several CVEs to gain access and deploy ransomware in the company’s network. The wide user base and financial nature of the BQE Software product make them a valuable target. Huntress began investigating after seeing suspicious activity directed at the web server hosting BillQuick Web Suite.

References: https://threatpost.com/bqe-web-suite-billing-app-ransomware/175720/

Snort SIDs: 58421-58423

Security News


Microsoft found vulnerabilities that would allow a user to bypass System Integrity Protection (SIP) protocols on Mac OS devices and allow arbitrary operations and privilege escalation. They shared this with Apple, which has now released a fix.

https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/


Biden dedicates November to critical infrastructure security, and an exploration of political responsibility and national versus global infrastructure for internet and security.

https://thecyberwire.com/newsletters/policy-briefing/3/210


UK detectives seize more than £2 million worth of cryptocurrency used in a money laundering scheme. Suspect charged was 17 years old.

https://www.hstoday.us/subject-matter-areas/cybersecurity/police-seize-more-than-2-million-in-cryptocurrencies-from-british-teenager/

Prevalent Malware Files


COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP


SHA 256: 131F95C51CC819465FA1797F6CCACF9D494AAAFF46FA3EAC73AE63FFBDFD8267

MD5: 69630e4574ec6798239b091cda43dca0

VirusTotal: https://www.virustotal.com/gui/file/131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267/details

Typical Filename: EICAR.exe

Claimed Product: N/A

Detection Name: EICAR


SHA 256: 5BAB2AE1CADA90F37B821E4803912C5B351FDA417BBF0A9C768B715C6D492E13

MD5: a6a7eb61172f8d988e47322ebf27bf6d

VirusTotal: https://www.virustotal.com/gui/file/5bab2ae1cada90f37b821e4803912c5b351fda417bbf0a9c768b715c6d492e13/details

Typical Filename: wspcqabpg.dll

Claimed Product: N/A

Detection Name: Win.Dropper.Wingo::in07.talos


SHA 256: E5044D5AC2F8EA3090C2460A5F7D92A5A49E7FA040BF26659EC2F7C442DDA762

MD5: 6ea750c9d69b7db6532d90ac0960e212

VirusTotal: https://www.virustotal.com/gui/file/e5044d5ac2f8ea3090c2460a5f7d92a5a49e7fa040bf26659ec2f7c442dda762/details

Typical Filename: deps.zip

Claimed Product: N/A

Detection Name: Auto.E5044D5AC2.242358.in07.Talos


SHA 256: BDA6B6C45EABFAD23B72C1982820202FA35A73211680C90E2E9D04E98FE91DAE

MD5: 7c5eaac8c756691c422027f7b3458759

VirusTotal: https://www.virustotal.com/gui/file/bda6b6c45eabfad23b72c1982820202fa35a73211680c90e2e9d04e98fe91dae/details

Typical Filename: sOgBtLmP, OSuVrJnN, lDcPwXr

Claimed Product: N/A

Detection Name: W32.Auto:bda6b6c45e.in03.Talos


SHA 256: 4D47791970C9E4B829EF0CC0049EECDFAE3655F87A1E79620BBCC39EB8C21C8B

MD5: fdcdb2db7d4f9cb8b463ea2e8272d175

VirusTotal: https://www.virustotal.com/gui/file/4d47791970c9e4b829ef0cc0049eecdfae3655f87a1e79620bbcc39eb8c21c8b/details

Typical Filename: javarx2.dat, lsm.exe

Claimed Product: N/A

Detection Name: Auto.4D47791970.232152.in07.Talos