Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
TOP VULNERABILITY THIS WEEK: Apple Releases Emergency iOS Update to Address Zero-Day Vulnerabilities Being Exploited in the Wild
============================================================
UPCOMING PUBLIC ENGAGEMENTS WITH TALOS
Event: The Continuing Evolution of Ransomware - Cisco Connect, Sweden Date: 2016-09-21 Speaker: Martin Lee, Technical Lead Description: Selling personal data on dark market forums is passé. Ransomware is the new profitable business model for cyber crime. Discover how ransomware has evolved, the latest strategies used by cyber criminals, and how the next generation of ransomware will pose new threats to organisations. In this session, Talos will present how ransomware has evolved, the advantages of ransomware as a criminal business model, and how we can expect ransomware to develop in the near future. Reference: http://ciscoconnect.se
Event: Talos - Cisco’s Key to Understanding the Threat Landscape @ Cisco Security Week - Montreal, Canada Date: 2016-09-21 - 2016-09-22 Speaker: Nick Biasini, Threat Researcher Description: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos’ large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Montreal
Event: Talos - Cisco’s Key to Understanding the Threat Landscape @ Cisco Security Week - Dallas Date: 2016-10-05 - 2016-10-06 Speaker: William Largent, Threat Researcher Description: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos’ large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Dallas
============================================================
NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Apple Releases Emergency iOS Update to Address Zero-Day Vulnerabilities Being Exploited in the Wild Description: Apple has released an emergency security update for iOS after it was discovered that three zero-day vulnerabilities were being exploited in the wild. These three vulnerabilities when used together could be used to achieve remote code execution with kernel level privileges. Citizen Labs and Lookout, research firms that privately disclosed the vulnerabilities to Apple, state that these vulnerabilities were used to install surveillance software on the phones of human rights activists. Users are advised to patch immediately. Reference: - https://support.apple.com/en-us/HT207107 - https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/ Snort SID: Detection pending release of vulnerability information
Title: VMware Addresses Vulnerability in VMware Identity Manager and vRealize Automation Description: VMware has released a security update for Identity Manager and vRealize Automation to address CVE-2016-5335 and CVE-2016-5336. CVE-2016-5335 is a local privilege escalation vulnerability within Identity Manager and affects Identity Manager 2.x and vRealize 7.0.x. CVE-2016-5336 is a remote code execution vulnerability in vRealize Automation 7.0.x. that could allow an attacker to “access to a low-privileged account on the appliance.” Note that workarounds are available for CVE-2016-5336. Reference: http://www.vmware.com/security/advisories/VMSA-2016-0013.html Snort SID: Detection pending release of vulnerability information
============================================================
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
The Hunt for Lurk https://securelist.com/analysis/publications/75944/the-hunt-for-lurk/
Slaying Rogue Access Points With Python And Cheap Hardware http://blog.gdssecurity.com/labs/2016/8/26/slaying-rogue-access-points-with-python-and-cheap-hardware.html
France, Germany Call for European Decryption Law https://threatpost.com/france-germany-call-for-european-decryption-law/120139/
Inside “The Attack That Almost Broke the Internet” http://krebsonsecurity.com/2016/08/inside-the-attack-that-almost-broke-the-internet/?
Locky Morphs Again: Now Delivered as a DLL http://blog.cyren.com/articles/locky-morphs-again-now-delivered-as-dll.html
=========================================================
MOST PREVALENT MALWARE FILES 2016-08-23 - 2016-08-30: COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: 1F54236CFCFE85240B0BC921E2C744280D352AAF68CC4382EEDCDC214E04266B MD5: 268ea500ec94f5970352298e3bf8747e VirusTotal: https://www.virustotal.com/file/1F54236CFCFE85240B0BC921E2C744280D352AAF68CC4382EEDCDC214E04266B/analysis/#additional-info Typical Filename: op.exe Claimed Product: “pdfforgeAdOffer” Detection Name: W32.1F54236CFC-95.SBX.TG
SHA 256: F83DAB5E27D17DEC0C491D4D8587F08B5B684B5782C7A91D529D9A891420829D MD5: 286c334b4c13952cfb3fd03e97e59b00 VirusTotal: https://www.virustotal.com/file/F83DAB5E27D17DEC0C491D4D8587F08B5B684B5782C7A91D529D9A891420829D/analysis/#additional-info Typical Filename: complaint_23113.doc Claimed Product: N/A Detection Name: W32.F83DAB5E27-100.SBX.TG
SHA 256: 87F0FD15BA97FE0A2B80BCD0238BE6BD801D694910C292AC30A596D93DBE2C34 MD5: 001e47797a4b1909878cda3afd350658 VirusTotal: https://www.virustotal.com/file/87F0FD15BA97FE0A2B80BCD0238BE6BD801D694910C292AC30A596D93DBE2C34/analysis/#additional-info Typical Filename: complaint_67185.doc Claimed Product: N/A Detection Name: W32.87F0FD15BA-100.SBX.TG
SHA 256: F9B8F7F285F811EE720CCE7BCCD98A421A26FB90DD7B022118D4B4E1F340036B MD5: 0612402ad98c8c31cd6f2b914a419039 VirusTotal: https://www.virustotal.com/file/F9B8F7F285F811EE720CCE7BCCD98A421A26FB90DD7B022118D4B4E1F340036B/analysis/#additional-info Typical Filename: winbaynkl.exe Claimed Product: (none) Detection Name: W32.Malware:Pramro.19it.1201
SHA 256: 261CFE24C55D44AD597D62E72C5F6897EB14AB9B1E6D017686033E5740ED9531 MD5: 0800df542bcbf052226737331af0f90b VirusTotal: https://www.virustotal.com/file/261CFE24C55D44AD597D62E72C5F6897EB14AB9B1E6D017686033E5740ED9531/analysis/#additional-info Typical Filename: PowerISO6-x64.exe Claimed Product: “PowerISO Setup” Detection Name: Auto.261CFE24C5.Adware.ConvertAd.tht.Talos
============================================================
SPAM STATS FOR 2016-08-23 - 2016-08-30
TOP SPAM SUBJECTS OBSERVED
MOST FREQUENTLY USED ASNs FOR SENDING SPAM