• Cisco Login
  • Software
  • Vulnerability Information
    • Vulnerability Information

    • Vulnerability Reports
    • Microsoft Advisories
  • Reputation Center
    • Reputation Center

    • IP & Domain Reputation
    • Talos File Reputation
    • Reputation Support
    • AMP Threat Naming Conventions
    • AWBO Exercises
    • Intelligence Categories
  • Library
  • Support
    • Support

    • Reputation Center Support
    • Snort Community
    • ClamAV Community
    • SpamCop
  • Incident Response
  • Careers
  • Blog
  • Podcasts
    • Podcasts

    • Beers with Talos
    • Talos Takes
  • About
  • Cisco Login

Talos Threat Source Newsletters

Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.

September 06, 2016


TOP VULNERABILITY THIS WEEK: Apple Patches Trio of Vulnerabilities (AKA “Trident”) in Mac OS X and Safari

============================================================

UPCOMING PUBLIC ENGAGEMENTS WITH TALOS

Event: The Continuing Evolution of Ransomware - Cisco Connect, Sweden Date: 2016-09-21 Speaker: Martin Lee, Technical Lead Description: Selling personal data on dark market forums is passé. Ransomware is the new profitable business model for cyber crime. Discover how ransomware has evolved, the latest strategies used by cyber criminals, and how the next generation of ransomware will pose new threats to organisations. In this session, Talos will present how ransomware has evolved, the advantages of ransomware as a criminal business model, and how we can expect ransomware to develop in the near future. Reference: http://ciscoconnect.se

Event: Talos - Cisco’s Key to Understanding the Threat Landscape @ Cisco Security Week - Montreal, Canada Date: 2016-09-21 - 2016-09-22 Speaker: Nick Biasini, Threat Researcher Description: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos’ large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Montreal

Event: Talos - Cisco’s Key to Understanding the Threat Landscape @ Cisco Security Week - Dallas Date: 2016-10-05 - 2016-10-06 Speaker: William Largent, Threat Researcher Description: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos’ large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Dallas

============================================================

NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

Title: Apple Patches Trio of Vulnerabilities (AKA “Trident”) in Mac OS X and Safari Description: Apple has released two security advisories for Mac OS X and Safari to address the three iOS 0-day vulnerabilities identified by Citizen Labs and Lookout Security targeting human rights activists. The three vulnerabilities (CVE-2016-4655, CVE-2016-4656, CVE-2016-4657) were all recently patched in iOS 9.3.5, but had not yet been patched for Mac OS X and Safari. Apple’s latest updates fix the same issues for Mac OS X and Safari. Users are advised to update their Macs accordingly. Reference: - https://support.apple.com/kb/HT207130 - https://support.apple.com/kb/HT207131 Snort SID: Detection pending release of vulnerability information

Title: Cisco Issues Two Critical Security Advisories for Sx 220 Series Switches and WebEx Meeting Center Description: Cisco has released a pair of critical security advisories for Cisco Small Business 220 Series Smart Plus (Sx220) Switches and WebEx Meeting Center. The flaw in Sx200 series switches, CVE-2016-1473, is an unauthorized access vulnerability in the SNMP functionality where an attackers could gain “unauthorized access to SNMP objects on an affected device.” The other flaw affecting WebEx Meeting Center, CVE-2016-1464, is an arbitrary code execution flaw which manifests due to improper handling of user-supplied files. Cisco has released software and firmware updates that address both flaws. Cisco also notes that no workarounds are available for either flaw. Reference: - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps3 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player Snort SID: 39994, 40013-40014

Title: Google Releases Patch for Critical Memory Dumping Flaw in Nexus 5X Description: Researchers at IBM X-Force have identified a critical flaw in certain Nexus 5X bootloaders that could potentially allow an attacker to dump memory of the device. The vulnerability in question is exploitable via “physical or nonphysical attackers with Android Debug Bridge (ADB) access to the device.” If an attacker issues a ‘fastboot oem panic’ command “via the fastboot USB interface,” the device would crash and “cause the bootloader to expose a serial-over-USB connection.” This “would allow an attacker to obtain a full memory dump of the device.” Google has acknowledged the issue and have patched the vulnerability. Reference: https://securityintelligence.com/undocumented-patched-vulnerability-in-nexus-5x-allowed-for-memory-dumping-via-usb/

============================================================

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

Snagging creds from locked machines https://room362.com/post/2016/snagging-creds-from-locked-machines/

Talos ShadowGate Take Down: Global Malvertising Campaign Thwarted http://blog.talosintel.com/2016/09/shadowgate-takedown.html?f_l=s

Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems/?

Creating Malicious Outlook Rules https://labs.mwrinfosecurity.com/blog/malicous-outlook-rules/

Apple, Fox News, and ACLU join Microsoft’s fight against secret data demands http://www.zdnet.com/article/why-the-aclu-fox-news-and-microsoft-are-fighting-the-us-government/

=========================================================

MOST PREVALENT MALWARE FILES 2016-08-30 - 2016-09-06: COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

SHA 256: F9B8F7F285F811EE720CCE7BCCD98A421A26FB90DD7B022118D4B4E1F340036B MD5: 0612402ad98c8c31cd6f2b914a419039 VirusTotal: https://www.virustotal.com/file/F9B8F7F285F811EE720CCE7BCCD98A421A26FB90DD7B022118D4B4E1F340036B/analysis/#additional-info Typical Filename: gfhppi.exe Claimed Product: (none) Detection Name: W32.Malware:Pramro.19it.1201

SHA 256: D33560FD760BB1DAD9988F7E1E5C7FA19B5D4DBBC2F585125F0D4D788A8F7F85 MD5: 632e4213f00a23820ce4e0606abd1873 VirusTotal: https://www.virustotal.com/file/D33560FD760BB1DAD9988F7E1E5C7FA19B5D4DBBC2F585125F0D4D788A8F7F85/analysis/#additional-info Typical Filename: ApplicationManager Claimed Product: (none) Detection Name: OSX.MAC:Malwaregen.19j3.1201

SHA 256: 5D90E71DED74F744E01F30A80AE938B9259B298476C919E4014EF32A392A15C7 MD5: f108b4538360491d7421fe18edc1c5e8 VirusTotal: https://www.virustotal.com/file/5D90E71DED74F744E01F30A80AE938B9259B298476C919E4014EF32A392A15C7/analysis/#additional-info Typical Filename: pinyinup.exe Claimed Product: “???????” Detection Name: W32.5D90E71DED-100.SBX.VIOC

SHA 256: 8897F94710F3CA65AF0E52F6E2B76E6319DD5FB0DD6AD0968F8ACC0D25EE783A MD5: cc9e1075db0645f1032f8c4b4412deba VirusTotal: https://www.virustotal.com/file/8897F94710F3CA65AF0E52F6E2B76E6319DD5FB0DD6AD0968F8ACC0D25EE783A/analysis/#additional-info Typical Filename: winwxwrp.exe Claimed Product: (none) Detection Name: W32.Crypt:Rootkitgen.19j1.1201

SHA 256: F4AE1A3D610A57547F014215A5D7AAED8572CD36AA77A9567C183F11430A6B55 MD5: 51e63633487f9180ec8031980684bf86 VirusTotal: https://www.virustotal.com/file/ADE8BC9B9A13C537FF8F1B61987D4F6839C63325A4A84426EF087DA11241AF17/analysis/#additional-info Typical Filename: winxbhny.exe Claimed Product: (none) Detection Name: W32.ADE8BC9B9A-100.SBX.VIOC

============================================================

SPAM STATS FOR 2016-08-30 - 2016-09-06

TOP SPAM SUBJECTS OBSERVED

  • “Cliente Santander, Comunicado Importante.”
  • “Account Re-activation”
  • “EMAIL: Confirm your email session”
  • “BofA Alert!”
  • “FINAL WARNING”

MOST FREQUENTLY USED ASNs FOR SENDING SPAM

  • 8075 Microsoft Corporation
  • 1668 AOL Transit Data Network
  • 6830 Liberty Global Operations B.V.
  • 766 REDIRIS RedIRIS Autonomous System
  • 22773 Cox Communications Inc.
Most Recent 25 Newsletters
Newsletter Archives

For more, click here...

      • Software
      • Reputation Center
      • Vulnerability Information
      • Microsoft Advisory Snort Rules
      • Incident Response
      • AMP Naming Conventions
      • Talos File Reputation
      • AWBO Exercises
      • Library
      • Support Communities
      • About
      • Careers
      • Blog
      • Threat Source Newsletter
      • Beers with Talos Podcast
      • Talos Takes Podcast
Connect With Us
  • Follow us on Twitter
  • Watch our informational videos on YouTube
  • Connect with us on LinkedIn
Cisco

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. View our Privacy Policy here.