Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
TOP VULNERABILITY THIS WEEK: Oracle Releases Quarterly Security Update Advisories for Various Products, Include Oracle Database and Java
============================================================
UPCOMING PUBLIC ENGAGEMENTS WITH TALOS
Event: Black Hat USA 2016 Date: 2016-08-03 - 2016-08-04 Description: Talos will be at Black Hat USA 2016! Join us on August 4th in Business Hall Theater B at 13:20 to hear Craig Williams and Matt Olney discuss Talos' interdiction efforts against major threat actors and the lessons we've learned disrupting and degrading actor capability before they affect our customers. Talos will also be at the Cisco booth on the vendor floor where we will have ongoing lightning talks on our threat research capabilities. Reference: https://www.blackhat.com/us-16/sponsored-sessions.html#driving-global-interdiction-against-major-threat-actors
Event: Talos - Cisco's Key to Understanding the Threat Landscape @ Cisco Security Week - Montreal, Canada Date: 2016-09-21 - 2016-09-22 Speaker: Nick Biasini, Threat Researcher Description: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos' large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Montreal
Event: The Continuing Evolution of Ransomware - Cisco Connect, Sweden Date: 2016-09-21 Speaker: Martin Lee, Technical Lead Description: Selling personal data on dark market forums is passé. Ransomware is the new profitable business model for cyber crime. Discover how ransomware has evolved, the latest strategies used by cyber criminals, and how the next generation of ransomware will pose new threats to organisations. In this session, Talos will present how ransomware has evolved, the advantages of ransomware as a criminal business model, and how we can expect ransomware to develop in the near future. Reference: http://ciscoconnect.se
============================================================
NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Oracle Releases Quarterly Security Update Advisories for Various Products, Include Oracle Database and Java Description: Oracle has released its quarterly set of security advisories as part of the its Critical Patch Update process. This quarter's bulletin contains 276 security fixes for Oracle Database, Java, MySQL, VirtualBox, and more. For Java, 13 vulnerabilities were addressed with 4 severe flaws being potentially exploitable in a remote manner. Other major flaws that were patched affect Oracle Communications Applications, Fusion Middleware, Health Sciences, Retail Applications, Sun Systems Products Suite, Supply Chain Products and Virtualization. Reference: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Snort SID: Detection pending release of vulnerability information
Title: SAP Patches Various Vulnerabilities Description: SAP has released patches to address 15 different security vulnerabilities that have been identified by Onapsis in HANA, the database management system. The identified flaws affect HANA and its internal communication channels. Two of the vulnerabilities that have been publicly discussed could allow a remote, unauthenticated attacker to "to gain knowledge of the different database users" on the system while the other vulnerability could "allow an attacker to gain access to the SAP HANA Platform" via the SYSTEM account. Reference: https://www.onapsis.com/blog/onapsis-publishes-15-advisories-sap-hana-and-building-components Snort SID: Detection pending release of vulnerability information
============================================================
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
U.S. NIST considers deprecating SMS-based 2-factor authentication in near future https://techcrunch.com/2016/07/25/nist-declares-the-age-of-sms-based-2-factor-authentication-over/
Mozilla to Block Certain Flash Content in August, Require Click-to-play in 2017 https://blog.mozilla.org/futurereleases/2016/07/20/reducing-adobe-flash-usage-in-firefox/
Talos Blog: Ransomware: Because OpSec is Hard? http://blog.talosintel.com/2016/07/ransomware-because-opsec-is-hard.html
Bypassing UAC on Windows 10 Using Disk Cleanup https://enigma0x3.net/2016/07/22/bypassing-uac-on-windows-10-using-disk-cleanup/
How we broke PHP, hacked Pornhub and earned $20,000 https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/
Courier Scammers Intercept Text Messages, Leave Traces on Google Play http://blog.trendmicro.com/trendlabs-security-intelligence/courier-scammers-intercept-text-messages-leave-traces-google-play/
=========================================================
MOST PREVALENT MALWARE FILES 2016-07-19 - 2016-07-26: COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: 7EAD8CC6225DC4B9DAA1F4EB2A05F10943C120DF5F072F72C5591832AEADF33A MD5: 49b2e542a7ed7c44a2c4f84b5008df72 VirusTotal: https://www.virustotal.com/file/7EAD8CC6225DC4B9DAA1F4EB2A05F10943C120DF5F072F72C5591832AEADF33A/analysis/#additional-info Typical Filename: shopathomehelper.exe Claimed Product: ShopAtHome.com Browser App Detection Name: W32.7EAD8CC622-100.SBX.VIOC
SHA 256: 17DBF3AC448AE1098454FCE9D52F1BB294710642ADACFBABB19911E78FE2E495 MD5: 339f02063c8e27bfc3cfac8b522ff033 VirusTotal: https://www.virustotal.com/file/17DBF3AC448AE1098454FCE9D52F1BB294710642ADACFBABB19911E78FE2E495/analysis/#additional-info Typical Filename: shopathomewatcher.exe Claimed Product: ShopAtHome.com Browser App Detection Name: W32.Adware.19iu.1201
SHA 256: F9B8F7F285F811EE720CCE7BCCD98A421A26FB90DD7B022118D4B4E1F340036B MD5: 0612402ad98c8c31cd6f2b914a419039 VirusTotal: https://www.virustotal.com/file/F9B8F7F285F811EE720CCE7BCCD98A421A26FB90DD7B022118D4B4E1F340036B/analysis/#additional-info Typical Filename: icqolp.exe Claimed Product: (none) Detection Name: W32.Malware:Pramro.19it.1201
SHA 256: 6F6F7B10AA9BA70F3D4A1B4F75136F3351293DE78B29FE175B971EF127B1E07C MD5: c1480b553be76792084adf1d7dae8e15 VirusTotal: https://www.virustotal.com/file/6F6F7B10AA9BA70F3D4A1B4F75136F3351293DE78B29FE175B971EF127B1E07C/analysis/#additional-info Typical Filename: seupgrade1613.exe Claimed Product: (none) Detection Name: W32.6F6F7B10AA-100.SBX.VIOC
SHA 256: 8897F94710F3CA65AF0E52F6E2B76E6319DD5FB0DD6AD0968F8ACC0D25EE783A MD5: cc9e1075db0645f1032f8c4b4412deba VirusTotal: https://www.virustotal.com/file/8897F94710F3CA65AF0E52F6E2B76E6319DD5FB0DD6AD0968F8ACC0D25EE783A/analysis/#additional-info Typical Filename: dshinr.exe Claimed Product: (none) Detection Name: W32.Crypt:Rootkitgen.19iu.1201
============================================================
SPAM STATS FOR 2016-07-19 - 2016-07-26:
TOP SPAM SUBJECTS OBSERVED
MOST FREQUENTLY USED ASNs FOR SENDING SPAM