Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
TOP VULNERABILITY THIS WEEK: NTP Project Releases Security Update for ntpd, Patching 5 Vulnerabilities
============================================================
UPCOMING PUBLIC ENGAGEMENTS WITH TALOS
Event: Cisco’s Secret Weapon “Talos” and the Evolving Threat Landscape @ InfoSec Belgium, Brussels Date: 2016-06-15 Speaker: Holger Unterbrink, Technical Lead Description: Talos is Cisco’s Threat Research group. Today’s IT organizations need security solutions relying on leading threat intelligence to effectively safeguard their extended networks. Creating leading threat intelligence is the focus of the Cisco Talos Security Intelligence and Research Group. In this session, you will learn what is Talos, learn about the scale and severity of the current threat landscape, discover how attackers target specific organizations and users, and understand changes in attack behavior, Reference: http://www.infosecurity.be/
Event: Emerging Threats - The State of Cyber Security @ Cisco Security Week, Boston Date: 2016-06-22 and 2016-06-23 Speaker: Craig Williams, Security Outreach Manager Description: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos’ large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Boston
Event: Emerging Threats - The State of Cyber Security @ Cisco Live USA, Las Vegas Date: 2016-07-10 and 2016-07-14 Speaker: Craig Williams, Security Outreach Manager Description: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos’ large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.ciscolive.com/us/learn/sessions/session-catalog/?search=BRKSEC-2010
============================================================
NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: NTP Project Releases Security Update for ntpd, Patching 5 Vulnerabilities Description: The NTP Project has released a security advisory to address 5 security vulnerabilities within the Network Time Protocol daemon. The most severe flaw addressed in the advisory is a denial of service flaw (CVE-2016-4957) that is due to a bug in a fix to check the validity of CRYPTO_NAK packets. The four other vulnerabilities addressed are low severity. The NTP Project has released an updated version of ntpd to address these flaws. Reference: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities Snort SID: Detection pending
Title: Arbitrary File Upload Vulnerability in WP Mobile Detector Patched Description: An arbitrary file upload vulnerability in the WP Mobile detector plugin for WordPress has been patched. An attacker could leverage this vulnerability to upload arbitrary files to a website running a vulnerable version of the plugin in a WordPress installation. Note that the impact of this flaw depends if the server is configured in a way that could introduce security risks. The developer of the plugin has been notified and a patched released to address the vulnerability. Reference: https://www.pluginvulnerabilities.com/2016/05/31/aribitrary-file-upload-vulnerability-in-wp-mobile-detector/ Snort SID: Detection pending
============================================================
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Ransomware Leaves Server Credentials in its Code http://blog.trendmicro.com/trendlabs-security-intelligence/ransomware-leaves-server-keys-code/?
Developer of KeePass overlooks possible MITM security hole to preserve ads http://www.engadget.com/2016/06/04/keepass-wont-fix-security-hole-due-to-ads/
Lenovo Tells Users to Uninstall Vulnerable Updater https://threatpost.com/lenovo-tells-users-to-uninstall-vulnerable-updater/118436/
Hacking the Mitsubishi Outlander PHEV hybrid https://www.pentestpartners.com/blog/hacking-the-mitsubishi-outlander-phev-hybrid-suv/
PowerOPS: PowerShell for Offensive Operations https://labs.portcullis.co.uk/blog/powerops-powershell-for-offensive-operations/
=========================================================
MOST PREVALENT MALWARE FILES 2016-06-01 - 2016-06-07: COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: AE18C52EA4D461DDBE6B152ACA7A0B0AC303D66D29454D9A172044D180BDC172 MD5: cb48dffd42d3dc0b03c315c6d5112478 VirusTotal: https://www.virustotal.com/file/AE18C52EA4D461DDBE6B152ACA7A0B0AC303D66D29454D9A172044D180BDC172/analysis/#additional-info Typical Filename: SafeWeb.exe Claimed Product: Safe Web Detection Name: W32.GenericKD:Gen.19dk.1201
SHA 256: 724545EE16374B95C7B3F658DACF71584C908346B4FD04B1F8F40F16575AE304 MD5: 5a7b4ebc3d40821b7748b4e80d6061d7 VirusTotal: https://www.virustotal.com/file/724545EE16374B95C7B3F658DACF71584C908346B4FD04B1F8F40F16575AE304/analysis/#additional-info Typical Filename: CONTRACT_8642027505979_corporateombudsman.zip Claimed Product: N/A Detection Name: W32.724545EE16.spmc.tht.Talos
SHA 256: F9B8F7F285F811EE720CCE7BCCD98A421A26FB90DD7B022118D4B4E1F340036B MD5: 0612402ad98c8c31cd6f2b914a419039 VirusTotal: https://www.virustotal.com/file/F9B8F7F285F811EE720CCE7BCCD98A421A26FB90DD7B022118D4B4E1F340036B/analysis/#additional-info Typical Filename: windawbd.exe Claimed Product: (none) Detection Name: W32.Malware:Pramro.19di.1201
SHA 256: 4205D56A46820C3C340854CE67A31F32EED8D6A7BBDD2C134BE4DA2BB6A77F76 MD5: 781a020ee3641da19fe4eba0fbab1444 VirusTotal: https://www.virustotal.com/file/4205D56A46820C3C340854CE67A31F32EED8D6A7BBDD2C134BE4DA2BB6A77F76/analysis/#additional-info Typical Filename: 4205d56a46820c3c_psgv.exe Claimed Product: (none) Detection Name: Trojan:Sality-tpd
SHA 256: 91C9DA70136860F2220CE340B45EB48C64CC080ADFADAD0F15EA0D65B6C0C9B4 MD5: cf3c58bf9944ba9556930dd5d9a74f3d VirusTotal: https://www.virustotal.com/file/91C9DA70136860F2220CE340B45EB48C64CC080ADFADAD0F15EA0D65B6C0C9B4/analysis/#additional-info Typical Filename: CONTRACT_458457_privatimmobilien.zip Claimed Product: N/A Detection Name: Auto.91C9DA.191940.in02
============================================================
SPAM STATS FOR 2016-06-01 - 2016-06-07:
TOP SPAM SUBJECTS OBSERVED
MOST FREQUENTLY USED ASNs FOR SENDING SPAM