• Cisco Login
  • Software
  • Vulnerability Information
    • Vulnerability Information

    • Vulnerability Reports
    • Microsoft Advisories
  • Reputation Center
    • Reputation Center

    • IP & Domain Reputation
    • Talos File Reputation
    • Reputation Support
    • AMP Threat Naming Conventions
    • AWBO Exercises
    • Intelligence Categories
  • Library
  • Support
    • Support

    • Reputation Center Support
    • Snort Community
    • ClamAV Community
    • SpamCop
  • Incident Response
  • Careers
  • Blog
  • Podcasts
    • Podcasts

    • Beers with Talos
    • Talos Takes
  • About
  • Cisco Login

Talos Threat Source Newsletters

Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.

November 01, 2016


TOP VULNERABILITY THIS WEEK: Adobe Releases Emergency Patch for Flash Player Zero Day Vulnerability Being Exploited in Wild

============================================================

UPCOMING PUBLIC ENGAGEMENTS WITH TALOS

Event: Fall Security Threat Briefing - Free Webinar Date: 2016-11-10 Speaker: Warren Mercer, Technical Leader Description: New threats emerge on a daily basis—and one team is tasked with tracking and stopping them. Talos has more than 270 full time threat researchers who discover new vulnerabilities, threats and attack strategies. Join our complimentary webinar to learn what they considered the most important security developments of the past season. Reference: https://security-mktg.cisco.com/CiscoSecurityWebinarSeries/Cisco?webinar=ME5372A1

Event: Talos - Cisco’s Key to Understanding the Threat Landscape @ Cisco On The Road - King of Prussia, PA Date: 2016-11-15 Speaker: Earl Carter, Technical Leader Description: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos’ large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://demand.cisco.com/CiscoOnTheRoad

Event: Talos - Cisco’s Key to Understanding the Threat Landscape @ Cisco Security Week - Minneapolis Date: 2016-11-15 - 2016-11-16 Speaker: William Largent, Threat Researcher Description: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos’ large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Minneapolis

Event: Talos - Cisco’s Key to Understanding the Threat Landscape @ Cisco Security Week - Seattle Date: 2016-12-13 - 2016-12-14 Speaker: Earl Carter, Technical Leader Description: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos’ large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Seattle

============================================================

NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

Title: Adobe Releases Emergency Patch for Flash Player Zero Day Vulnerability Being Exploited in Wild Description: Adobe has released emergency out-of-band patch for Flash Player following the discovery a zero day vulnerability being actively exploited. Adobe’s latest update patches CVE-2016-7855, a use-after-free vulnerability that could be used to achieve remote code execution. Users and administrators are advised to either remove Flash Player from their systems, or patch as soon as possible if Flash Player is deemed necessary for business. Reference: https://helpx.adobe.com/security/products/flash-player/apsb16-36.html Snort SID: 40544-40545

Title: Google’s Threat Analysis Group Discloses Windows Kernel Zero Day Being Actively Exploited Description: Google’s Threat Analysis Group has publicly disclosed the existence of a Windows kernel zero day vulnerability that is currently being exploited in the wild. According to Google, this vulnerability was disclosed to Microsoft on October 21 and is now being disclosed as Microsoft has not yet issued an advisory or fix for the vulnerability. Few details are currently known about the vulnerability other than it is a local privilege escalation bug in win32k.sys system call NtSetWindowLongPtr(). Reference: https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html Snort SID: Detection pending release of vulnerability information

============================================================

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

Office 2013 can now block macros to help prevent infection https://blogs.technet.microsoft.com/mmpc/2016/10/26/office-2013-can-now-block-macros-to-help-prevent-infection/

Killing Mirai: Active defense against an IoT botnet https://www.invincealabs.com/blog/2016/10/killing-mirai/

Control Flow Guard Improvements in Windows 10 Anniversary Update http://blog.trendmicro.com/trendlabs-security-intelligence/control-flow-guard-improvements-windows-10-anniversary-update/?

Google Announces Certificate Transparency Requirement Beginning in 2017 https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/78N3SMcqUGw/ykIwHXuqAQAJ

Sundown EK: You Better Take Care http://blog.talosintel.com/2016/10/sundown-ek.html

Talos Blog: Remotely Exploitable Bugs in Memcached Identified and Patched http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html

Talos Blog: Iceni Argus Buffer Overflows Identified http://blog.talosintel.com/2016/10/iceni-argus.html

=========================================================

MOST PREVALENT MALWARE FILES 2016-10-25 - 2016-11-01: COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

SHA 256: 4b4fd57349e06056088ce758e2ce50dc75837b2f17307574b329208a31145247 MD5: 69b011d298e344c693c9866c4f8e73ea VirusTotal: https://www.virustotal.com/file/4b4fd57349e06056088ce758e2ce50dc75837b2f17307574b329208a31145247/analysis/#additional-info Typical Filename: irs_doc181356553.doc Claimed Product: N/A Detection Name: W32.4B4FD57349-100.SBX.TG

SHA 256: bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f MD5: 2dbf779808d2ec3f5121891be9f4b1cf VirusTotal: https://www.virustotal.com/file/bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f/analysis/#additional-info Typical Filename: helperamc Claimed Product: (none) Detection Name: OSX.Variant:AMCZ.19if.1201

SHA 256: f4ae1a3d610a57547f014215a5d7aaed8572cd36aa77a9567c183f11430a6b55 MD5: 51e63633487f9180ec8031980684bf86 VirusTotal: https://www.virustotal.com/file/110165cec127b04c9ea6b6d51497cb8f30e2b8b8410b6985d88446cc706c91a2/analysis/#additional-info Typical Filename: qwxr.exe Claimed Product: (none) Detection Name: W32.110165CEC1-100.SBX.VIOC

SHA 256: 4c424fe45453840002ac944d167c45e1f77000485848dec65a46ca53a2b04ba3 MD5: 3edda4e903d939eb94544b9ade771e1a VirusTotal: https://www.virustotal.com/file/4c424fe45453840002ac944d167c45e1f77000485848dec65a46ca53a2b04ba3/analysis/#additional-info Typical Filename: gvt_uk_01112016.doc Claimed Product: N/A Detection Name: W32.4C424FE454-100.SBX.TG

SHA 256: f9b8f7f285f811ee720cce7bccd98a421a26fb90dd7b022118d4b4e1f340036b MD5: 0612402ad98c8c31cd6f2b914a419039 VirusTotal: https://www.virustotal.com/file/f9b8f7f285f811ee720cce7bccd98a421a26fb90dd7b022118d4b4e1f340036b/analysis/#additional-info Typical Filename: winpkaom.exe Claimed Product: (none) Detection Name: W32.Malware:Pramro.19l0.1201

============================================================

SPAM STATS FOR 2016-10-25 - 2016-11-01

TOP SPAM SUBJECTS OBSERVED

  • “Deloitte: Email alert”
  • “Uw nieuwe factuur”
  • “wells_fargo”
  • “deloitte.com: Email alert”
  • “Notice”

MOST FREQUENTLY USED ASNs FOR SENDING SPAM

  • 790 EUNETFI
  • 8075 Microsoft Corporation
  • 132116 Ani Network Pvt Ltd
  • 27357 Rackspace Hosting
  • 29571 Ci Telecom
Most Recent 25 Newsletters
Newsletter Archives

For more, click here...

      • Software
      • Reputation Center
      • Vulnerability Information
      • Microsoft Advisory Snort Rules
      • Incident Response
      • AMP Naming Conventions
      • Talos File Reputation
      • AWBO Exercises
      • Library
      • Support Communities
      • About
      • Careers
      • Blog
      • Threat Source Newsletter
      • Beers with Talos Podcast
      • Talos Takes Podcast
Connect With Us
  • Follow us on Twitter
  • Watch our informational videos on YouTube
  • Connect with us on LinkedIn
Cisco

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. View our Privacy Policy here.