Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
TOP VULNERABILITY THIS WEEK: Microsoft Releases Monthly Security Advisories for February 2016
============================================================
UPCOMING PUBLIC TALOS ENGAGEMENTS
Event: Discussion on Evolving Trends in the Threat Landscape @ RSA Date: March 2, 2016 11:30 AM - 1:00 PM Pacific Time Speaker: Craig Williams, Senior Technical Leader and Manager Description: Billions of threats can compromise systems on a daily basis. Unfortunately, we know that number grows constantly. Talos is on the forefront of stopping cyberattacks and educating organizations about current threats. Join us for this complimentary session in which you’ll learn about the scale and severity of the current threat landscape and what your organization can do about these issues. Reference: https://starcite.smarteventscloud.com/rsvp/invitation/registration.asp?id=/m1c9c391-1HJALD1KFUP22&EPRegistrationForGuest=True
============================================================
NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Microsoft Releases Monthly Security Advisories for February 2016 Description: Microsoft has released their monthly set of security advisories for February 2016. This month’s release contains twelve bulletins addressing 37 vulnerabilities. Five bulletins are rated “critical” and fix flaws in Internet Explorer, Edge, Windows Journal, Office and Windows PDF. The remaining seven bulletins are rated “important” and address vulnerabilities in the Network Policy Server (NPS), Active Directory, Windows, Remote Desktop Protocol, WebDAV, Kernel Mode Driver and the .NET Framework. On additional bulletin was also released to address Adobe Flash Player vulnerabilities. Reference: https://technet.microsoft.com/library/security/ms16-feb Snort SID: 37553-37617
Title: Adobe Releases Four Bulletins to Address Vulnerabilities in Adobe Connect, Experience Manager, Flash Player, and Photoshop CC/Bridge CC Description: Adobe has released four security bulletins to address vulnerabilities in Connect, Experience Manager, Flash Player, and Photoshop CC/Bridge CC. This month’s Flash Player bulletin addresses 22 vulnerabilities that manifest as type confusion, use-after-free conditions, heap buffer overflows, and other memory corruption vulnerabilities that could be used to execute arbitrary code on the client. The Experience Manager, Connect, and Photoshop CC/Bridge CC bulletin each address four, three, and three flaws respectively. Reference: https://helpx.adobe.com/security.html Snort SID: Detection pending release of vulnerability information
============================================================
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Talos: Bedep Lurking in Angler’s Shadows http://blog.talosintel.com/2016/02/bedep-actor.html
Google Project Zero: Racing MIDI messages in Chrome http://googleprojectzero.blogspot.com/2016/02/racing-midi-messages-in-chrome.html
Talos: The Internet of Things Is Not Always So Comforting - Vulnerabilities in Trane ComfortLink II Thermostats http://blog.talosintel.com/2016/02/trane-iot.html
As Dyre Goes Quiet, Focus Turns On Other Banking Trojans http://www.darkreading.com/vulnerabilities—threats/as-dyre-goes-quiet-focus-turns-on-other-banking-trojans-/d/d-id/1324249
Bypassing Rolling Code Systems http://andrewmohawk.com/2016/02/05/bypassing-rolling-code-systems/
Hacking Microsoft SQL Server Without a Password https://blog.anitian.com/hacking-microsoft-sql-server-without-a-password/
=========================================================
MOST PREVALENT MALWARE FILES 2016-02-02 - 2016-02-09:
SHA 256: 20EE8AAD5F8336DA2962BEA913CDC2794A81A8274DDFFA9737D4932A70EA4607 MD5: 609916fa5f6c9164b6770b2a3c60b1e4 VirusTotal: https://www.virustotal.com/file/20EE8AAD5F8336DA2962BEA913CDC2794A81A8274DDFFA9737D4932A70EA4607/analysis/#additional-info Typical Filename: ApplicationManager Claimed Product: N/A Detection Name: OSX.Variant:SpigotD.19cv.1201
SHA 256: 3B17689A486D68813C31BF2BA610BF36F4B1F5B0403B0316C9833348845306FC MD5: 37ee9a5257102d876cfae15bccfbbf78 VirusTotal: https://www.virustotal.com/file/3B17689A486D68813C31BF2BA610BF36F4B1F5B0403B0316C9833348845306FC/analysis/#additional-info Typical Filename: WebSocketServerApp Claimed Product: N/A Detection Name: W32.Auto.3b1768.182243.in01
SHA 256: 8897F94710F3CA65AF0E52F6E2B76E6319DD5FB0DD6AD0968F8ACC0D25EE783A MD5: cc9e1075db0645f1032f8c4b4412deba VirusTotal: https://www.virustotal.com/file/8897F94710F3CA65AF0E52F6E2B76E6319DD5FB0DD6AD0968F8ACC0D25EE783A/analysis/#additional-info Typical Filename: winnoag.exe Claimed Product: N/A Detection Name: W32.Crypt:SalityGR.18i0.1201
SHA 256: F4AE1A3D610A57547F014215A5D7AAED8572CD36AA77A9567C183F11430A6B55 MD5: 51e63633487f9180ec8031980684bf86 VirusTotal: https://www.virustotal.com/file/F4AE1A3D610A57547F014215A5D7AAED8572CD36AA77A9567C183F11430A6B55/analysis/#additional-info Typical Filename: winrdgboy.exe Claimed Product: N/A Detection Name: W32.Malware:Pramro.19cf.1201
SHA 256: 5698439055DB91BBA16C01E4E42888D5F4499D2ADE0698489562F29646ACF9D7 MD5: 4f841218a4fa2c5ca82e9a078c8aa91e VirusTotal: https://www.virustotal.com/file/5698439055DB91BBA16C01E4E42888D5F4499D2ADE0698489562F29646ACF9D7/analysis/#additional-info Typical Filename: arisx06.exe Claimed Product: N/A Detection Name: W32.Auto.569843.182461.in02
=========================================================
SPAM STATS FOR 2016-02-02 - 2016-02-09:
TOP SPAM SUBJECTS OBSERVED
MOST FREQUENTLY USED ASNs FOR SENDING SPAM