Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
TOP VULNERABILITY THIS WEEK: Microsoft Releases Monthly Security Bulletins for September 2016
============================================================
UPCOMING PUBLIC ENGAGEMENTS WITH TALOS
Event: The Continuing Evolution of Ransomware - Cisco Connect, Sweden Date: 2016-09-21 Speaker: Martin Lee, Technical Lead Description: Selling personal data on dark market forums is passé. Ransomware is the new profitable business model for cyber crime. Discover how ransomware has evolved, the latest strategies used by cyber criminals, and how the next generation of ransomware will pose new threats to organisations. In this session, Talos will present how ransomware has evolved, the advantages of ransomware as a criminal business model, and how we can expect ransomware to develop in the near future. Reference: http://ciscoconnect.se
Event: Talos - Cisco's Key to Understanding the Threat Landscape @ Cisco Security Week - Montreal, Canada Date: 2016-09-21 - 2016-09-22 Speaker: Nick Biasini, Threat Researcher Description: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos' large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Montreal
Event: Talos - Cisco's Key to Understanding the Threat Landscape @ Cisco Security Week - Dallas Date: 2016-10-05 - 2016-10-06 Speaker: William Largent, Threat Researcher Description: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos' large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Dallas
============================================================
NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Microsoft Releases Monthly Security Bulletins for September 2016 Description: Microsoft has released their monthly set of security bulletins to address vulnerabilities in various products. This month's release contains 14 bulletins covering 50 vulnerabilities. Seven bulletins are considered "Critical" and address flaws in Internet Explorer, Microsoft Edge, Microsoft Graphics Component, Microsoft Exchange Server, Microsoft Office, OLE Automation for VBScript Scripting Engine, and the Adobe Flash Player. The remain seven bulletins are considered "Important" and impact Silverlight, Windows, Windows Kernel, Windows Lock Screen, Windows Secure Kernel Mode, Windows SMBv1 Server, and the Microsoft Windows PDF Library. Reference: https://technet.microsoft.com/en-us/library/security/ms16-sep Snort SID: 40129, 40146, 40035-40036, 40073-40080, 40082-40124, 40127-40128, 40132-40145, 40147-40150
Title: Adobe Releases Security Bulletin for Flash Player and Other Adobe Products Description: Adobe has released a security bulletin for Flash Player to address 26 vulnerabilities. Adobe notes that these updates are "critical" as they could "potentially allow an attacker to take control of the affected system." The Flash Player bulletin addresses an integer overflow flaw, use-after-free vulnerabilities, security bypass vulnerabilities, and other memory corruption flaws. Users are advised to update as soon as possible if they have Flash installed and require its use. Security updates for AIR SDK & Compiler and Adobe Digital Editions were also released. Reference: - https://helpx.adobe.com/content/help/en/security/products/flash-player/apsb16-29.html - https://helpx.adobe.com/security.html Snort SID: 40151-40181
Title: WordPress Releases Security and Maintenance Update for Blog Platform Description: WordPress has released a security and maintenance update for its blog platform, bring the latest version to 4.6.1. The update resolves two security issues: a "cross-site scripting vulnerability via image filename," and a "path traversal vulnerability in the upgrade package uploader." Web Masters, Site Administrators, and IT Departments should take note of these issues if they have a WordPress installation and to update them at their earliest convenience. Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/ Snort SID: Detection pending
Title: Apple Releases iOS 10; Addresses 7 Security Vulnerability in iOS Description: Apple has release the latest version of its iOS mobile platform for iPhones, iPads, and iPod Touch devices. The latest iOS update contains fixes for 7 security vulnerabilities, including a fix for the iOS update process where the system "did not properly secure user communications" and could result in an attacker "block a device from receiving software updates." The latest update makes it so iOS devices download updates over a TLS session. Other issues addressed in the new version of iOS include a fix for the iOS keyboard caching sensitive information and handling untrusted certificates. Users are advised to backup their devices before updating their iOS devices to the latest version. Reference: https://support.apple.com/en-us/HT207143 Snort SID: Detection pending release of vulnerability information
============================================================
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Zepto ransomware now introduces new features to "better" encrypt your files https://blog.avast.com/zepto-ransomware-now-introduces-new-features-to-better-encrypt-your-files
Neutrino EK’s Afraidgate pushed in malvertising attack https://blog.malwarebytes.com/cybercrime/exploits/2016/09/neutrino-eks-afraidgate-pushed-in-malvertising-attack/
Congressional Report Slams OPM on Data Breach http://krebsonsecurity.com/2016/09/congressional-report-slams-opm-on-data-breach/
Federal Judge: FBI's Use of Malware to Hack Someone's Computer is a 'Search' http://motherboard.vice.com/read/hacking-is-a-search-according-to-federal-judge
The Missing Piece – Sophisticated OS X Backdoor Discovered https://securelist.com/blog/research/75990/the-missing-piece-sophisticated-os-x-backdoor-discovered/
FTC Panel Encourages Basic Security Hygiene to Counter Ransomware https://threatpost.com/ftc-panel-encourages-basic-security-hygiene-to-counter-ransomware/120421/
=========================================================
MOST PREVALENT MALWARE FILES 2016-09-06 - 2016-09-13: COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: 8F26A30A1FC71B7E9EB12E3B94317B7DD5827E2CBCFB3CD3FEB684AF6A73B4E6 MD5: 03cde68eac992e6240471029bd46fa5d VirusTotal: https://www.virustotal.com/file/8F26A30A1FC71B7E9EB12E3B94317B7DD5827E2CBCFB3CD3FEB684AF6A73B4E6/analysis/#additional-info Typical Filename: contract_63283.doc Claimed Product: N/A Detection Name: W32.8F26A30A1F-100.SBX.TG
SHA 256: 08FA5B11BDA8BE59B569B277FE72F2C41D747790C7C72D4A00A2A15E0D8B66F7 MD5: fc50e72038881ba759c2d297ecdcab3c VirusTotal: https://www.virustotal.com/file/08FA5B11BDA8BE59B569B277FE72F2C41D747790C7C72D4A00A2A15E0D8B66F7/analysis/#additional-info Typical Filename: contract_4547648053.doc Claimed Product: N/A Detection Name: W32.08FA5B11BD-100.SBX.TG
SHA 256: 90C35D520C98F9AF2FCF19F64EBC1E26400E196F6BD388D91F24A38D7E03FF2C MD5: 0623958acc5c6dabb96b6d56d3f3dfca VirusTotal: https://www.virustotal.com/file/90C35D520C98F9AF2FCF19F64EBC1E26400E196F6BD388D91F24A38D7E03FF2C/analysis/#additional-info Typical Filename: vprot.exe Claimed Product: VProtect Application Detection Name: Auto.90C35D520C.RSU-1202.tht.Talos
SHA 256: F9B8F7F285F811EE720CCE7BCCD98A421A26FB90DD7B022118D4B4E1F340036B MD5: 0612402ad98c8c31cd6f2b914a419039 VirusTotal: https://www.virustotal.com/file/F9B8F7F285F811EE720CCE7BCCD98A421A26FB90DD7B022118D4B4E1F340036B/analysis/#additional-info Typical Filename: winciwux.exe Claimed Product: (none) Detection Name: W32.Malware:Pramro.19it.1201
SHA 256: 5D90E71DED74F744E01F30A80AE938B9259B298476C919E4014EF32A392A15C7 MD5: f108b4538360491d7421fe18edc1c5e8 VirusTotal: https://www.virustotal.com/file/5D90E71DED74F744E01F30A80AE938B9259B298476C919E4014EF32A392A15C7/analysis/#additional-info Typical Filename: pinyinup.exe Claimed Product: "???????" Detection Name: W32.5D90E71DED-100.SBX.VIOC
============================================================
SPAM STATS FOR 2016-09-06 - 2016-09-13
TOP SPAM SUBJECTS OBSERVED
MOST FREQUENTLY USED ASNs FOR SENDING SPAM