Newsletter compiled by Jon Munshaw.

Good afternoon, Talos readers.

If you didn't catch us live yesterday, we've uploaded the full version of our stream on Discord and Slack malware to our YouTube page. Chris Neal from Talos Outreach walked through his recent research into these campaigns targeting collaboration apps. Find out what Chris and his team discovered on these apps that have become crucial to work and communication in 2021.


Cybersecurity week in review

Notable recent security issues

Title: Vulnerabilities in Trend Micro Home Network Security Station could lead to device takeover

Description: Trend Micro recently patched multiple security vulnerabilities in its Home Network Security systems. Attackers could exploit the vulnerabilities to cause a denial of service on connected devices, privilege escalation and code execution. The Home Network Security Station is an all-in-one device that protects users’ home networks by scanning for vulnerabilities on connected devices and serves as an intrusion prevention system. An attacker could manipulate the device in a way, using these vulnerabilities, that could allow them to execute remote code on the device or takeover PCs that are connected to the targeted home network.

Snort SIDs: 51719 - 57122

Title: Multiple vulnerabilities in Accusoft ImageGear

Description: Cisco Talos researchers recently discovered multiple vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert various images. It supports more than 100 file formats such as DICOM, PDF, Microsoft Office. These vulnerabilities Talos discovered could allow an attacker to carry out various malicious actions, including corrupting memory on the victim machine and gaining the ability to execute remote code. CVE-2021-21793, CVE-2021-21794 and CVE-2021-21824 are all out-of-bounds write vulnerabilities that exist in various functions of the software. An attacker could trigger these vulnerabilities by tricking a user into opening a specially crafted, malicious file.

Snort SIDs: 54411 - 54414, 57249 - 57252, 57270 - 57273, 57301, 57302, 57378, 57379

Most prevalent malware files this week

SHA 256: c1d5a585fce188423d31df3ea806272f3daa5eb989e18e9ecf3d94b97b965f8e

MD5: 9a4b7b0849a274f6f7ac13c7577daad8

Typical Filename: ww31.exe

Claimed Product: N/A

Detection Name: W32.GenericKD:Attribute.24ch.1201

SHA 256: 583418f8f4c156be56ae65b932ca1d8e431e8f845806d0fc814f40562241fbc4

MD5: 52ed8d8b8f1d37b7db0319a3351f6a16

Typical Filename: smbscanlocal2705.exe

Claimed Product: N/A

Detection Name: W32.Auto:583418f8f4.in03.Talos

SHA 256: 8b4216a7c50599b11241876ada8ae6f07b48f1abe6590c2440004ea4db5becc9

MD5: 34560233e751b7e95f155b6f61e7419a

Typical Filename: SAntivirusService.exe

Claimed Product: A n t i v i r u s S e r v i c e

Detection Name: PUA.Win.Dropper.Segurazo::tpd

SHA 256: 3bc24c618151b74ebffb9fbdaf89569fadcce6682584088fde222685079f7bb9

MD5: d709ea22945c98782dc69e996a98d643

Typical Filename: FlashHelperService.exe

Claimed Product: Flash Helper Service

Detection Name: W32.Auto:3bc24c6181.in03.Talos

SHA 256: e3eeaee0af4b549eae4447fa20cfe205e8d56beecf43cf14a11bf3e86ae6e8bd

MD5: 8193b63313019b614d5be721c538486b

Typical Filename: SAService.exe

Claimed Product: SAService

Detection Name: PUA.Win.Dropper.Segurazo::95.sbx.tg

Keep up with all things Talos by following us on Twitter. Snort, ClamAV and Immunet also have their own accounts you can follow to keep up with their latest updates. You can also subscribe to the Beers with Talos podcast here and Talos Takes here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.