Thursday, June 3, 2021

Threat Source newsletter (June 3, 2021)

Newsletter compiled by Jon Munshaw.

Good afternoon, Talos readers.  

If you didn't catch us live yesterday, we've uploaded the full version of our stream on Discord and Slack malware to our YouTube page. Chris Neal from Talos Outreach walked through his recent research into these campaigns targeting collaboration apps. Find out what Chris and his team discovered on these apps that have become crucial to work and communication in 2021.

Cybersecurity week in review

Notable recent security issues

Description: Trend Micro recently patched multiple security vulnerabilities in its Home Network Security systems. Attackers could exploit the vulnerabilities to cause a denial of service on connected devices, privilege escalation and code execution. The Home Network Security Station is an all-in-one device that protects users’ home networks by scanning for vulnerabilities on connected devices and serves as an intrusion prevention system. An attacker could manipulate the device in a way, using these vulnerabilities, that could allow them to execute remote code on the device or takeover PCs that are connected to the targeted home network. 
Snort SIDs: 51719 - 57122 

Description: Cisco Talos researchers recently discovered multiple vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert various images. It supports more than 100 file formats such as DICOM, PDF, Microsoft Office. These vulnerabilities Talos discovered could allow an attacker to carry out various malicious actions, including corrupting memory on the victim machine and gaining the ability to execute remote code. CVE-2021-21793, CVE-2021-21794 and CVE-2021-21824 are all out-of-bounds write vulnerabilities that exist in various functions of the software. An attacker could trigger these vulnerabilities by tricking a user into opening a specially crafted, malicious file. 
Snort SIDs: 54411 - 54414, 57249 - 57252, 57270 - 57273, 57301, 57302, 57378, 57379 

Most prevalent malware files this week

MD5: 9a4b7b0849a274f6f7ac13c7577daad8 
Typical Filename: ww31.exe 
Claimed Product: N/A 
Detection Name: W32.GenericKD:Attribute.24ch.1201

MD5: 52ed8d8b8f1d37b7db0319a3351f6a16 
Typical Filename: smbscanlocal2705.exe 
Claimed Product: N/A 
Detection Name: W32.Auto:583418f8f4.in03.Talos 

MD5: 34560233e751b7e95f155b6f61e7419a 
Typical Filename: SAntivirusService.exe 
Claimed Product: A n t i v i r u s S e r v i c e 
Detection Name: PUA.Win.Dropper.Segurazo::tpd 
MD5: d709ea22945c98782dc69e996a98d643 
Typical Filename: FlashHelperService.exe 
Claimed Product: Flash Helper Service 
Detection Name: W32.Auto:3bc24c6181.in03.Talos 

MD5: 8193b63313019b614d5be721c538486b 
Typical Filename: SAService.exe 
Claimed Product: SAService 
Detection Name: 

Keep up with all things Talos by following us on TwitterSnortClamAV and Immunet also have their own accounts you can follow to keep up with their latest updates. You can also subscribe to the Beers with Talos podcast here and Talos Takes here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.  

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.