June 14, 2016

TOP VULNERABILITY THIS WEEK: Microsoft Releases Monthly Security Bulletins for June 2016

============================================================

UPCOMING PUBLIC ENGAGEMENTS WITH TALOS

Event: Talos - Cisco's Key to Understanding the Threat Landscape @ Cisco Security Week, Boston Date: 2016-06-22 and 2016-06-23 Speaker: Craig Williams, Security Outreach Manager Description: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos' large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Boston

Event: Exploit Kits: Hunting the Hunters – Free Webinar Date: 2016-06-30 @ 10:00 am PDT Speaker: Nick Biasini, Threat Researcher Description: Flash. Silverlight. Internet Explorer. Exploit kits capitalize on vulnerabilities everywhere. And the problem is only growing. Talos has done more than just monitor exploit kits as they happen. They disrupted a $34 million enterprise by unraveling the process behind the Angler exploit kit. Join us for a free webinar from the threat researchers at Talos on these malicious kits and how to stop them. Reference: https://www.cybrary.it/cisco-talos-exploit-kits-hunting-hunters/

Event: Emerging Threats - The State of Cyber Security @ Cisco Live USA, Las Vegas Date: 2016-07-10 and 2016-07-14 Speaker: Craig Williams, Security Outreach Manager Description: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos' large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.ciscolive.com/us/learn/sessions/session-catalog/?search=BRKSEC-2010

============================================================

NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

Title: Microsoft Releases Monthly Security Bulletins for June 2016 Description: This month's release contains 16 bulletins addressing 44 vulnerabilities. Five bulletins resolve critical vulnerabilities found in MS DNS Server, Edge, Internet Explorer, JScript/VBScript, and Office. The remaining bulletins are rated important and address vulnerabilities in Active Directory, Exchange Server, Group Policy, SMB Server, Netlogon, Windows Graphics component, Windows Kernel-mode Drivers, Windows PDF, Window Search Component, and WPAD. Reference: https://technet.microsoft.com/en-us/library/security/ms16-jun Snort SID: 39227, 39193-39196, 39199-39208, 39211-39226, 39228-39239, 39242-39261, 39266-39267

Title: Adobe Releases Security Advisory for Flash Zero-day Under Attack; Bulletin to be Release Later This Week Description: Adobe has released a security advisory for a Flash zero-day vulnerability (CVE-2016-4171) that is currently being exploited in the wild. This vulnerability was identified by researchers at Kaspersky and reported to Adobe. Users are advised to remove Flash player from their computers to reduce the risk of compromise. If removal is not possible, users are advised to disable Flash or make it "click-to-play". Adobe is expected to release a security bulletin later this week to address this and other vulnerabilities in Flash. Reference: https://helpx.adobe.com/security/products/flash-player/apsa16-03.html Snort SID: Detection pending

============================================================

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

Lurk Banker Trojan: Exclusively for Russia https://securelist.com/blog/research/75040/lurk-banker-trojan-exclusively-for-russia/

Details on the PDFium Flaw Patched by Google in Chrome http://blog.talosintel.com/2016/06/pdfium.html

Meaningful Surveillance Reform Risks Defeat https://threatpost.com/meaningful-surveillance-reform-risks-defeat/118634/

Bears in the Midst: Intrusion into the Democratic National Committee https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/

Solving Crackmes: A Beginner's Guide Using LuCiFeR's Crackme 2 and Hopper Disassembler http://tekwizz123.blogspot.com/2016/06/solving-crackmes-beginners-guide-using.html

=========================================================

MOST PREVALENT MALWARE FILES 2016-06-07 - 2016-06-14: COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

SHA 256: F5D3F9B1A9C4B59DBCF34782A3B5AB3A89EB47EE3195364E54CC2845502E020E MD5: de04a6ee625c7b8dd09ce22cd5cfb2e9 VirusTotal: https://www.virustotal.com/file/F5D3F9B1A9C4B59DBCF34782A3B5AB3A89EB47EE3195364E54CC2845502E020E/analysis/#additional-info Typical Filename: ApplicationManager Claimed Product: (none) Detection Name: OSX.Variant:SpigotD.19d2.1201

SHA 256: F9B8F7F285F811EE720CCE7BCCD98A421A26FB90DD7B022118D4B4E1F340036B MD5: 0612402ad98c8c31cd6f2b914a419039 VirusTotal: https://www.virustotal.com/file/F9B8F7F285F811EE720CCE7BCCD98A421A26FB90DD7B022118D4B4E1F340036B/analysis/#additional-info Typical Filename: windawbd.exe Claimed Product: (none) Detection Name: W32.Malware:Pramro.19di.1201

SHA 256: 4205D56A46820C3C340854CE67A31F32EED8D6A7BBDD2C134BE4DA2BB6A77F76 MD5: 781a020ee3641da19fe4eba0fbab1444 VirusTotal: https://www.virustotal.com/file/4205D56A46820C3C340854CE67A31F32EED8D6A7BBDD2C134BE4DA2BB6A77F76/analysis/#additional-info Typical Filename: (none) Claimed Product: mjbtby.exe Detection Name: Trojan:Sality-tpd

SHA 256: 25D0963F8E33FA800F9E0A1700FE15A441D6E04B18D522DED18672A044569BCA MD5: 2d0e3c6a1ca54a92250317eeeec0df18 VirusTotal: https://www.virustotal.com/file/25D0963F8E33FA800F9E0A1700FE15A441D6E04B18D522DED18672A044569BCA/analysis/#additional-info Typical Filename: sogouexe.exe Claimed Product: "???????" Detection Name: W32.25D0963F8E-100.SBX.VIOC

SHA 256: 94B0D43FD0FE931F98C7853D49EA3817087B250C4ADB665093261A3C9B2297E4 MD5: 3be2ff51ee0ab42f57fda13712d9e682 VirusTotal: https://www.virustotal.com/file/94B0D43FD0FE931F98C7853D49EA3817087B250C4ADB665093261A3C9B2297E4/analysis/#additional-info Typical Filename: iSafeTkHlp.exe Claimed Product: YAC Security Protection Detection Name: W32.94B0D43FD0-100.SBX.VIOC

============================================================

SPAM STATS FOR 2016-06-07 - 2016-06-14:

TOP SPAM SUBJECTS OBSERVED

"Deloitte Account Upgrade,"
"CapitalOne-support"
"Urgent Update"
"CapitalOne Support"
"Betreffende uw Apple ID."

MOST FREQUENTLY USED ASNs FOR SENDING SPAM

8075 Microsoft Corporation
15169 Google Inc.
1653 SUNET Swedish University Network
27357 Rackspace Hosting
63737 VietServer Services technology company limited

Vulnerability Information

Reputation Center

Support Communities

Talos ThreatSource Newsletters

June 14, 2016

Newsletter Archives

2019

August (3)

July (3)

June (4)

May (5)

April (2)

March (4)

February (4)

January (4)

2018

December (3)

November (5)

October (4)

September (4)

August (5)

July (4)

June (4)

May (5)

April (1)

March (3)

February (4)

January (5)

2017

December (3)

November (3)

October (5)

September (4)

August (5)

July (4)

June (4)

May (5)

April (4)

March (4)

February (4)

January (5)

2016

December (3)

November (5)

October (5)

September (3)

August (5)

July (2)

June (4)

May (5)

April (4)

March (6)

February (3)