• Cisco Login
  • Software
  • Vulnerability Information
    • Vulnerability Information

    • Vulnerability Reports
    • Microsoft Advisories
  • Reputation Center
    • Reputation Center

    • IP & Domain Reputation
    • Talos File Reputation
    • Reputation Support
    • AMP Threat Naming Conventions
    • AWBO Exercises
    • Intelligence Categories
  • Library
  • Support
    • Support

    • Reputation Center Support
    • Snort Community
    • ClamAV Community
    • SpamCop
  • Incident Response
  • Careers
  • Blog
  • Podcasts
    • Podcasts

    • Beers with Talos
    • Talos Takes
  • About
  • Cisco Login

Talos Threat Source Newsletters

Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.

October 11, 2016


TOP VULNERABILITY THIS WEEK: Microsoft Releases Monthly Security Bulletins for October 2016

============================================================

UPCOMING PUBLIC ENGAGEMENTS WITH TALOS

Event: Talos EMER Security Threat Briefing - Free Webinar Date: 2016-10-18 @ 10:00 CET Speaker: Martin Lee, Technical Leader Security Research Description: There is no such thing as a new crime. Adversaries are adept at adapting and refining criminal business models and applying them to modern technology. The security experts at Talos invite you to their EMEAR threat briefing, where they will share their insights into recent attacks and present the implications of these attacks for future trends. Reference: https://grs.cisco.com/grsx/cust/grsEventSite.html?EventCode=14711&LanguageId=1&KeyCode=001324753

Event: Talos - Cisco’s Key to Understanding the Threat Landscape @ Cisco On The Road - King of Prussia, PA Date: 2016-11-15 Speaker: Earl Carter, Technical Leader Description: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos’ large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://demand.cisco.com/CiscoOnTheRoad

Event: Talos - Cisco’s Key to Understanding the Threat Landscape @ Cisco Security Week - Minneapolis Date: 2016-11-15 - 2016-11-16 Speaker: William Largent, Threat Researcher Description: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos’ large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Minneapolis

Event: Talos - Cisco’s Key to Understanding the Threat Landscape @ Cisco Security Week - Seattle Date: 2016-12-13 - 2016-12-14 Speaker: Earl Carter, Technical Leader Description: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos’ large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Seattle

============================================================

NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

Title: Microsoft Releases Monthly Security Bulletins for October 2016 Description: Microsoft has released 10 bulletins for October to address 37 newly disclosed security flaws. Five bulletins rated critical and address vulnerabilities in Edge, Graphics Component, Internet Explorer, Video Control, and Adobe Flash Player. Four bulletins are rated important and address flaws in Office, Windows Diagnostic Hub, Windows Kernel-Mode Drivers, and Windows Registry. One bulletin is rated moderate and addresses a flaw in Microsoft Internet Messaging API. Reference: https://technet.microsoft.com/en-us/library/security/ms16-oct.aspx Snort SID: 40364-40381, 40383-40405, 40408-40412, 40418-40428

Title: Adobe Releases Security Bulletin for Flash Player, PDF Reader, and Acrobat Description: Adobe has released security bulletins for Flash Player, PDF Reader, and Acrobat to address a multitude of vulnerabilities. The Flash Player bulletin remediates 12 vulnerabilities that could be used to achieve remote code execution. The PDF Reader and Acrobat security bulletin remediates 71 vulnerabilities that could be also be used to achieve arbitrary code execution or bypass security features or restrictions. The vast majority of the vulnerabilities addressed in Flash Player, PDF Reader, and Acrobat are memory corruption flaws, use-after-free flaws, heap buffer overflow flaws, and type confusion flaws. Users who have Flash Player installed should consider uninstalling it if it’s not business critical. All users should otherwise immediately patch Flash Player, PDF Reader, and Acrobat if they are installed. Reference: - https://helpx.adobe.com/content/help/en/security/products/flash-player/apsb16-32.html - https://helpx.adobe.com/security/products/acrobat/apsb16-33.html Snort SID: Detection pending release of vulnerability information

Title: Cisco Releases Critical Security Advisories for Nexus Family of Products Description: Cisco has released two critical security advisories for its Nexus family of products that could be exploited to achieve code execution or bypass security restrictions on the targeted device. The first advisory addresses CVE-2016-1453, a buffer overflow vulnerability that manifests due to “incomplete input validation performed on the size of OTV packet header parameters.” The other advisory addresses CVE-2015-0721, a security feature bypass vulnerability that manifests as a failure to enforce “authentication, authorization, and accounting restrictions,” potentially allowing an authenticated adversary to “execute commands on the device command-line interface (CLI) that should be restricted to a different privileged user role.” Cisco has released a software update that corrects these issues. Reference: - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-otv - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-nxaaa

============================================================

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

Say Cheese: a snapshot of the massive DDoS attacks coming from IoT cameras https://blog.cloudflare.com/say-cheese-a-snapshot-of-the-massive-ddos-attacks-coming-from-iot-cameras/

IAEA chief: Nuclear power plant was disrupted by cyber attack http://www.reuters.com/article/us-nuclear-cyber-idUSKCN12A1OC

Remsec driver analysis http://artemonsecurity.blogspot.com/2016/10/remsec-driver-analysis-part-3.html

Teaching Machines Security: Identifying Botnet Panels https://blog.cylance.com/teaching-machines-security-identifying-botnet-panels

Nymaim: Deep Technical Dive - Adventures in Evasive Malware http://www.seculert.com/blogs/nymaim-deep-technical-dive-adventures-in-evasive-malware

US NIST Submits Mobile Threat Catalogue for Comment by Public https://pages.nist.gov/mobile-threat-catalogue/

=========================================================

MOST PREVALENT MALWARE FILES 2016-10-04 - 2016-10-11: COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

SHA 256: d33560fd760bb1dad9988f7e1e5c7fa19b5d4dbbc2f585125f0d4d788a8f7f85 MD5: 632e4213f00a23820ce4e0606abd1873 VirusTotal: https://www.virustotal.com/file/d33560fd760bb1dad9988f7e1e5c7fa19b5d4dbbc2f585125f0d4d788a8f7f85/analysis/#additional-info Typical Filename: d33560fd760bb1dad9988f7e1e5c7fa19b5d4dbbc2f585125f0d4d788a8f7f85 Claimed Product: (none) Detection Name: OSX.MAC:Malwaregen.19j3.1201

SHA 256: 9888d4da14d97a9458e0c86080d700b511ae65e84b3d563b87ad79a226c19de1 MD5: 5fda936952048f707a93d76b947d58fb VirusTotal: https://www.virustotal.com/file/9888d4da14d97a9458e0c86080d700b511ae65e84b3d563b87ad79a226c19de1/analysis/#additional-info Typical Filename: invoice_217322.doc Claimed Product: N/A Detection Name: W32.9888D4DA14-100.SBX.TG

SHA 256: f9b8f7f285f811ee720cce7bccd98a421a26fb90dd7b022118d4b4e1f340036b MD5: 0612402ad98c8c31cd6f2b914a419039 VirusTotal: https://www.virustotal.com/file/f9b8f7f285f811ee720cce7bccd98a421a26fb90dd7b022118d4b4e1f340036b/analysis/#additional-info Typical Filename: winltdl.exe Claimed Product: (none) Detection Name: W32.Malware:Pramro.19it.1201

SHA 256: 93e1023abc8018b9b85abeca7c74222f2a38d019bf98a2e91cc3e58dbd24775d MD5: 8f83d9d18b9cf346da44f7df322afa41 VirusTotal: https://www.virustotal.com/file/93e1023abc8018b9b85abeca7c74222f2a38d019bf98a2e91cc3e58dbd24775d/analysis/#additional-info Typical Filename: seupdater.dll Claimed Product: (none) Detection Name: W32.93E1023ABC-100.SBX.VIOC

SHA 256: c0e294414b361ccfda88a569c0275978001b0c419122c0684eea91669884f6f1 MD5: 1515ee5dee1152b4af7e1cbeb13edc39 VirusTotal: https://www.virustotal.com/file/c0e294414b361ccfda88a569c0275978001b0c419122c0684eea91669884f6f1/analysis/#additional-info Typical Filename: SogouCloud.exe Claimed Product: “???????” Detection Name: W32.C0E294414B-100.SBX.VIOC

============================================================

SPAM STATS FOR 2016-10-04 - 2016-10-11

TOP SPAM SUBJECTS OBSERVED

  • “NotiCe.”
  • “Please verify your account Amazon.com”
  • “RE: New Email System!!”
  • “I owe you some money”
  • “RE: New Email System!”

MOST FREQUENTLY USED ASNs FOR SENDING SPAM

  • 8075 Microsoft Corporation
  • 4795 INDOSATM2 ASN
  • 15945 Koschatplatz 1
  • 201229 DIGITALOCEAN-GERMANY
  • 15169 Google Inc.
Most Recent 25 Newsletters
Newsletter Archives

For more, click here...

      • Software
      • Reputation Center
      • Vulnerability Information
      • Microsoft Advisory Snort Rules
      • Incident Response
      • AMP Naming Conventions
      • Talos File Reputation
      • AWBO Exercises
      • Library
      • Support Communities
      • About
      • Careers
      • Blog
      • Threat Source Newsletter
      • Beers with Talos Podcast
      • Talos Takes Podcast
Connect With Us
  • Follow us on Twitter
  • Watch our informational videos on YouTube
  • Connect with us on LinkedIn
Cisco

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. View our Privacy Policy here.