TrendLabs: Updates on ThiefQuest, the Quickly-Evolving macOS Malware

Figure 1. Code snippet showing the function eisl_apply_function() that is used to call the new updates in the main code.

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/updates-on-thiefquest-the-quickly-evolving-macos-malware/

Updated Debian 9: 9.13 released

---------- Forwarded message ---------

From: Laura Arjona Reina <larjona@debian.org>

Date: Jul 19, 2020 3:41AM

------------------------------------------------------------------------

The Debian Project                               https://www.debian.org/

Updated Debian 9: 9.13 released                         press@debian.org

July 18th, 2020                https://www.debian.org/News/2020/20200718

------------------------------------------------------------------------

The Debian project is pleased to announce the thirteenth (and final)

update of its oldstable distribution Debian 9 (codename "stretch"). This

point release mainly adds corrections for security issues, along with a

few adjustments for serious problems. Security advisories have already

been published separately and are referenced where available.

After this point release, Debian's Security and Release Teams will no

longer be producing updates for Debian 9. Users wishing to continue to

receive security support should upgrade to Debian 10, or see

https://wiki.debian.org/LTS for details about the subset of

architectures and packages covered by the Long Term Support project.

Please note that the point release does not constitute a new version of

Debian 9 but only updates some of the packages included. There is no

need to throw away old "stretch" media. After installation, packages can

be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have

to update many packages, and most such updates are included in the point

release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by

pointing the package management system at one of Debian's many HTTP

mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list

LM: Kubuntu 20.04 LTS "Focal Fossa" (64-bit)

REF: https://www.linux-magazine.com/Issues/2020/237/This-Month-s-DVD

TrendLabs: Patch Tuesday: Fixes for ‘Wormable’ Windows DNS Server RCE, SharePoint Flaws

The patches address 18 vulnerabilities rated Critical and 105 that were rated Important in severity. A total of eight CVEs were disclosed through Trend Micro’s Zero Day Initiative (ZDI) program.

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/patch-tuesday-fixes-for-wormable-windows-dns-server-rce-sharepoint-flaws/

Plexamp: A Plex Pass Exclusive

Super Audio Player Loudness leveling, true gapless playback, Sweet Fades™, soft transitions, a configurable preamp, and more. Perfection for golden ears, buttery smooth touches for the rest of us. Custom pre-caching so your music keeps playing, because sometimes life brings you through tunnels.

TrendLabs: Patch Tuesday: Fixes for LNK, SMB, and SharePoint Bugs

This month’s Patch Tuesday had the highest number of entries so far in 2020 — a whopping 129, a continuation of the trend seen from the previous months. The update includes fixes for LNK, SMB, SharePoint, and Win32k vulnerabilities.

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/patch-tuesday-fixes-for-lnk-smb-and-sharepoint-bugs/

Attention NDI® Fans & Mac Users!

A newly updated NDI® Tools for Mac is available for download. This release adds NDI Virtual Input for Mac users! PC users may use this same link to access the download of NDI Tools for Windows.

TrendLabs: New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa

Figure 1. The Earth Empusa attack chain

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/new-android-spyware-actionspy-revealed-via-phishing-attacks-from-earth-empusa/

Proxmox Backup Server (beta)

Proxmox Backup Server is an enterprise client-server backup software that safely backups VMs, containers, and physical hosts. It is specially optimized for the Proxmox VE platform and efficiently protects and replicates your business-critical data.

Like all of our other Proxmox solutions, the Proxmox Backup Server is fast to install and is centrally managed. With the intuitive, web-based user interface and a command line you can easily administrate all your backup and restore jobs.

Key Features

• Easy to setup and use client/server backup software
• Seamless integration into Proxmox VE
• Incremental backups
• Data deduplication
• Compression
• Authenticated encryption
• Remote Sync
• Software stack written in Rust providing high speed and memory efficiency
• License: GNU AGPL, v3

TrendLabs: New Tekya Ad Fraud Found on Google Play

Figures 1 and 2. Apps with Tekya malware (Click to enlarge)

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/new-tekya-ad-fraud-found-on-google-play/

MagicSoft Recorder 3.1 release

• faster network scanning for detecting NDI streams
• better buffering when capturing 4K 8 bit at rates of 50, 59.94 and 60 fps
• fixes issues for time-code  and 4K ProRes recording
• additional options for naming the files (pruning separators when entities are empty)
• fixes field order when up-converting from NTSC to HD 1080 / 59.94i

REF: https://www.magicsoft.tv

 

TrendLabs: New Mirai Variant Expands Arsenal, Exploits CVE-2020-10173

Figure 1. Code snippet that shows the use of CVE-2020-10173

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/new-mirai-variant-expands-arsenal-exploits-cve-2020-10173/

MagicSoft Playout ver 7.6

MagicSoft Recorder ver 7.6 was released having a new streaming engine.

The supported resolutions are :

SD / HD 720p / HD1080i / HD 1080p / 4K ( from 23.98 to 60 fps )

The supported streaming protocols :

- RTMP ( YouTube /Wowza /Dacast etc )

- RTMPS ( ex : FaceBook )

- UDP ( unicast and multicast using H264 with AAC, AC3 or MP2)

There is also support for CPU or nVidia acceleration.

REF: https://www.magicsoft.tv/news.html

TrendLabs: Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers

Figure 5. Malicious files dropped

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-devil-shadow-botnet-hidden-in-fake-zoom-installers/

[USN-4410-1] Net-SNMP vulnerability

---------- Forwarded message ---------

From: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>

Date: Jul 3, 2020 7:00AM

A double-free bug was discovered in snmpd server. An authenticated user could

potentially cause a DoS by sending a crafted request to the server.

(CVE-2019-20892)

Update instructions:

The problem can be corrected by updating your system to the following

package versions:

Ubuntu 20.04 LTS:

  libsnmp-base                    5.8+dfsg-2ubuntu2.1

  libsnmp-perl                    5.8+dfsg-2ubuntu2.1

  libsnmp35                       5.8+dfsg-2ubuntu2.1

  snmpd                           5.8+dfsg-2ubuntu2.1

After a standard system update you need to restart snmpd to make

all the necessary changes.

References:

  https://usn.ubuntu.com/4410-1

  CVE-2019-20892

TrendLabs: Barcode Reader Apps on Google Play Found Using New Ad Fraud Technique

Figure 1. Malicious code disguised using Facebook’s name

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/barcode-reader-apps-on-google-play-found-using-new-ad-fraud-technique/

[USN-4409-1] Samba vulnerabilities

---------- Forwarded message ---------

From: Leonidas S. Barbosa <leo.barbosa@canonical.com>

Date: Jul 2, 2020 11:14PM

Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries.

A remote attacker could use this issue to cause Samba to crash, resulting

in a denial of service, or possibly execute arbitrary code. This issue only

affected Ubuntu 18.04 LTS, Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-10730)

Douglas Bagnall discovered that Samba incorrectly handled certain queries.

A remote attacker could possibly use this issue to cause a denial of service.

(CVE-2020-10745)

Andrei Popa discovered that Samba incorrectly handled certain LDAP queries.

A remote attacker could use this issue to cause Samba to crash, resulting

in a denial of service, or possibly execute arbitrary code. This issue only

affected Ubuntu 18.04 LTS, Ubuntu 19.10 and Ubuntu 20.04 LTS.

(CVE-2020-10760)

References:

  https://usn.ubuntu.com/4409-1

  CVE-2020-10730, CVE-2020-10745, CVE-2020-10760

Roku: 25 movies to get summer started now.

 

Our list of 25 summertime movies

Cloudflare During the Coronavirus Emergency

---------- Forwarded message ---------
From: Matthew Prince
Date: Mar 13, 2020 8:13AM

We know that organizations and individuals around the world depend on Cloudflare and our network. I wanted to send you a personal note to let you know how Cloudflare is dealing with the Coronavirus emergency.

First, the health and safety of our employees and customers is our top priority. We have implemented a number of sensible policies to this end, including encouraging many employees to work from home. This, however, hasn't slowed our operations. Our network operations center (NOC), security operations center (SOC), and customer support teams will remain fully operational and can do their jobs entirely remote as needed.
...

TrendLas: Netwalker Fileless Ransomware Injected via Reflective Loading

Figure 1. Overview of the PowerShell script’s behavior

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/netwalker-fileless-ransomware-injected-via-reflective-loading/

Plex: Snap, Crackle, Watch

Not sure where to start? No problem. Check out our latest blog The Watch List for guidance on your quest for movie knowledge from our resident expert.

TrendLabs: April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities

Microsoft fixed 113 vulnerabilities in this month’s Patch Tuesday, just two shy of last month’s 115. This continues the streak of longer-than-usual list of patches that began in January. In fact, compared to the same period in 2019, Microsoft fixed 44% more vulnerabilities between January to April of this year.

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/april-patch-tuesday-fixes-for-font-related-microsoft-sharepoint-windows-components-vulnerabilities/