• Cisco Login
  • Software
  • Vulnerability Information
    • Vulnerability Information

    • Vulnerability Reports
    • Microsoft Advisories
  • Reputation Center
    • Reputation Center

    • IP & Domain Reputation
    • Talos File Reputation
    • Reputation Support
    • AMP Threat Naming Conventions
    • AWBO Exercises
    • Intelligence Categories
  • Library
  • Support
    • Support

    • Reputation Center Support
    • Snort Community
    • ClamAV Community
    • SpamCop
  • Incident Response
  • Careers
  • Blog
  • Podcasts
    • Podcasts

    • Beers with Talos
    • Talos Takes
  • About
  • Cisco Login

Talos Threat Source Newsletters

Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.

July 26, 2016


TOP VULNERABILITY THIS WEEK: Oracle Releases Quarterly Security Update Advisories for Various Products, Include Oracle Database and Java

============================================================

UPCOMING PUBLIC ENGAGEMENTS WITH TALOS

Event: Black Hat USA 2016 Date: 2016-08-03 - 2016-08-04 Description: Talos will be at Black Hat USA 2016! Join us on August 4th in Business Hall Theater B at 13:20 to hear Craig Williams and Matt Olney discuss Talos’ interdiction efforts against major threat actors and the lessons we’ve learned disrupting and degrading actor capability before they affect our customers. Talos will also be at the Cisco booth on the vendor floor where we will have ongoing lightning talks on our threat research capabilities. Reference: https://www.blackhat.com/us-16/sponsored-sessions.html#driving-global-interdiction-against-major-threat-actors

Event: Talos - Cisco’s Key to Understanding the Threat Landscape @ Cisco Security Week - Montreal, Canada Date: 2016-09-21 - 2016-09-22 Speaker: Nick Biasini, Threat Researcher Description: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos’ large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Montreal

Event: The Continuing Evolution of Ransomware - Cisco Connect, Sweden Date: 2016-09-21 Speaker: Martin Lee, Technical Lead Description: Selling personal data on dark market forums is passé. Ransomware is the new profitable business model for cyber crime. Discover how ransomware has evolved, the latest strategies used by cyber criminals, and how the next generation of ransomware will pose new threats to organisations. In this session, Talos will present how ransomware has evolved, the advantages of ransomware as a criminal business model, and how we can expect ransomware to develop in the near future. Reference: http://ciscoconnect.se

============================================================

NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

Title: Oracle Releases Quarterly Security Update Advisories for Various Products, Include Oracle Database and Java Description: Oracle has released its quarterly set of security advisories as part of the its Critical Patch Update process. This quarter’s bulletin contains 276 security fixes for Oracle Database, Java, MySQL, VirtualBox, and more. For Java, 13 vulnerabilities were addressed with 4 severe flaws being potentially exploitable in a remote manner. Other major flaws that were patched affect Oracle Communications Applications, Fusion Middleware, Health Sciences, Retail Applications, Sun Systems Products Suite, Supply Chain Products and Virtualization. Reference: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Snort SID: Detection pending release of vulnerability information

Title: SAP Patches Various Vulnerabilities Description: SAP has released patches to address 15 different security vulnerabilities that have been identified by Onapsis in HANA, the database management system. The identified flaws affect HANA and its internal communication channels. Two of the vulnerabilities that have been publicly discussed could allow a remote, unauthenticated attacker to “to gain knowledge of the different database users” on the system while the other vulnerability could “allow an attacker to gain access to the SAP HANA Platform” via the SYSTEM account. Reference: https://www.onapsis.com/blog/onapsis-publishes-15-advisories-sap-hana-and-building-components Snort SID: Detection pending release of vulnerability information

============================================================

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

U.S. NIST considers deprecating SMS-based 2-factor authentication in near future https://techcrunch.com/2016/07/25/nist-declares-the-age-of-sms-based-2-factor-authentication-over/

Mozilla to Block Certain Flash Content in August, Require Click-to-play in 2017 https://blog.mozilla.org/futurereleases/2016/07/20/reducing-adobe-flash-usage-in-firefox/

Talos Blog: Ransomware: Because OpSec is Hard? http://blog.talosintel.com/2016/07/ransomware-because-opsec-is-hard.html

Bypassing UAC on Windows 10 Using Disk Cleanup https://enigma0x3.net/2016/07/22/bypassing-uac-on-windows-10-using-disk-cleanup/

How we broke PHP, hacked Pornhub and earned $20,000 https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/

Courier Scammers Intercept Text Messages, Leave Traces on Google Play http://blog.trendmicro.com/trendlabs-security-intelligence/courier-scammers-intercept-text-messages-leave-traces-google-play/

=========================================================

MOST PREVALENT MALWARE FILES 2016-07-19 - 2016-07-26: COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

SHA 256: 7EAD8CC6225DC4B9DAA1F4EB2A05F10943C120DF5F072F72C5591832AEADF33A MD5: 49b2e542a7ed7c44a2c4f84b5008df72 VirusTotal: https://www.virustotal.com/file/7EAD8CC6225DC4B9DAA1F4EB2A05F10943C120DF5F072F72C5591832AEADF33A/analysis/#additional-info Typical Filename: shopathomehelper.exe Claimed Product: ShopAtHome.com Browser App Detection Name: W32.7EAD8CC622-100.SBX.VIOC

SHA 256: 17DBF3AC448AE1098454FCE9D52F1BB294710642ADACFBABB19911E78FE2E495 MD5: 339f02063c8e27bfc3cfac8b522ff033 VirusTotal: https://www.virustotal.com/file/17DBF3AC448AE1098454FCE9D52F1BB294710642ADACFBABB19911E78FE2E495/analysis/#additional-info Typical Filename: shopathomewatcher.exe Claimed Product: ShopAtHome.com Browser App Detection Name: W32.Adware.19iu.1201

SHA 256: F9B8F7F285F811EE720CCE7BCCD98A421A26FB90DD7B022118D4B4E1F340036B MD5: 0612402ad98c8c31cd6f2b914a419039 VirusTotal: https://www.virustotal.com/file/F9B8F7F285F811EE720CCE7BCCD98A421A26FB90DD7B022118D4B4E1F340036B/analysis/#additional-info Typical Filename: icqolp.exe Claimed Product: (none) Detection Name: W32.Malware:Pramro.19it.1201

SHA 256: 6F6F7B10AA9BA70F3D4A1B4F75136F3351293DE78B29FE175B971EF127B1E07C MD5: c1480b553be76792084adf1d7dae8e15 VirusTotal: https://www.virustotal.com/file/6F6F7B10AA9BA70F3D4A1B4F75136F3351293DE78B29FE175B971EF127B1E07C/analysis/#additional-info Typical Filename: seupgrade1613.exe Claimed Product: (none) Detection Name: W32.6F6F7B10AA-100.SBX.VIOC

SHA 256: 8897F94710F3CA65AF0E52F6E2B76E6319DD5FB0DD6AD0968F8ACC0D25EE783A MD5: cc9e1075db0645f1032f8c4b4412deba VirusTotal: https://www.virustotal.com/file/8897F94710F3CA65AF0E52F6E2B76E6319DD5FB0DD6AD0968F8ACC0D25EE783A/analysis/#additional-info Typical Filename: dshinr.exe Claimed Product: (none) Detection Name: W32.Crypt:Rootkitgen.19iu.1201

============================================================

SPAM STATS FOR 2016-07-19 - 2016-07-26:

TOP SPAM SUBJECTS OBSERVED

  • “f y i”
  • “FW: UOGUELPH HELP DESK”
  • “Your mailbox is becoming too large”
  • “wellsfargo-admin”
  • “WINNING NOTIFICATION LETTER.”

MOST FREQUENTLY USED ASNs FOR SENDING SPAM

  • 8075 Microsoft Corporation
  • 15169 Google Inc.
  • 26496 GoDaddy.com, LLC
  • 26282 MessageLabs Inc.
  • 790 EUNETFI
Most Recent 25 Newsletters
Newsletter Archives

For more, click here...

      • Software
      • Reputation Center
      • Vulnerability Information
      • Microsoft Advisory Snort Rules
      • Incident Response
      • AMP Naming Conventions
      • Talos File Reputation
      • AWBO Exercises
      • Library
      • Support Communities
      • About
      • Careers
      • Blog
      • Threat Source Newsletter
      • Beers with Talos Podcast
      • Talos Takes Podcast
Connect With Us
  • Follow us on Twitter
  • Watch our informational videos on YouTube
  • Connect with us on LinkedIn
Cisco

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. View our Privacy Policy here.