Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
TOP VULNERABILITY THIS WEEK: Adobe Releases Emergency Patch for Flash Player Zero Day Vulnerability Being Exploited in Wild
============================================================
UPCOMING PUBLIC ENGAGEMENTS WITH TALOS
Event: Fall Security Threat Briefing - Free Webinar Date: 2016-11-10 Speaker: Warren Mercer, Technical Leader Description: New threats emerge on a daily basis—and one team is tasked with tracking and stopping them. Talos has more than 270 full time threat researchers who discover new vulnerabilities, threats and attack strategies. Join our complimentary webinar to learn what they considered the most important security developments of the past season. Reference: https://security-mktg.cisco.com/CiscoSecurityWebinarSeries/Cisco?webinar=ME5372A1
Event: Talos - Cisco's Key to Understanding the Threat Landscape @ Cisco On The Road - King of Prussia, PA Date: 2016-11-15 Speaker: Earl Carter, Technical Leader Description: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos' large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://demand.cisco.com/CiscoOnTheRoad
Event: Talos - Cisco's Key to Understanding the Threat Landscape @ Cisco Security Week - Minneapolis Date: 2016-11-15 - 2016-11-16 Speaker: William Largent, Threat Researcher Description: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos' large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Minneapolis
Event: Talos - Cisco's Key to Understanding the Threat Landscape @ Cisco Security Week - Seattle Date: 2016-12-13 - 2016-12-14 Speaker: Earl Carter, Technical Leader Description: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos' large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Seattle
============================================================
NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Adobe Releases Emergency Patch for Flash Player Zero Day Vulnerability Being Exploited in Wild Description: Adobe has released emergency out-of-band patch for Flash Player following the discovery a zero day vulnerability being actively exploited. Adobe's latest update patches CVE-2016-7855, a use-after-free vulnerability that could be used to achieve remote code execution. Users and administrators are advised to either remove Flash Player from their systems, or patch as soon as possible if Flash Player is deemed necessary for business. Reference: https://helpx.adobe.com/security/products/flash-player/apsb16-36.html Snort SID: 40544-40545
Title: Google's Threat Analysis Group Discloses Windows Kernel Zero Day Being Actively Exploited Description: Google's Threat Analysis Group has publicly disclosed the existence of a Windows kernel zero day vulnerability that is currently being exploited in the wild. According to Google, this vulnerability was disclosed to Microsoft on October 21 and is now being disclosed as Microsoft has not yet issued an advisory or fix for the vulnerability. Few details are currently known about the vulnerability other than it is a local privilege escalation bug in win32k.sys system call NtSetWindowLongPtr(). Reference: https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html Snort SID: Detection pending release of vulnerability information
============================================================
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Office 2013 can now block macros to help prevent infection https://blogs.technet.microsoft.com/mmpc/2016/10/26/office-2013-can-now-block-macros-to-help-prevent-infection/
Killing Mirai: Active defense against an IoT botnet https://www.invincealabs.com/blog/2016/10/killing-mirai/
Control Flow Guard Improvements in Windows 10 Anniversary Update http://blog.trendmicro.com/trendlabs-security-intelligence/control-flow-guard-improvements-windows-10-anniversary-update/?
Google Announces Certificate Transparency Requirement Beginning in 2017 https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/78N3SMcqUGw/ykIwHXuqAQAJ
Sundown EK: You Better Take Care http://blog.talosintel.com/2016/10/sundown-ek.html
Talos Blog: Remotely Exploitable Bugs in Memcached Identified and Patched http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html
Talos Blog: Iceni Argus Buffer Overflows Identified http://blog.talosintel.com/2016/10/iceni-argus.html
=========================================================
MOST PREVALENT MALWARE FILES 2016-10-25 - 2016-11-01: COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: 4b4fd57349e06056088ce758e2ce50dc75837b2f17307574b329208a31145247 MD5: 69b011d298e344c693c9866c4f8e73ea VirusTotal: https://www.virustotal.com/file/4b4fd57349e06056088ce758e2ce50dc75837b2f17307574b329208a31145247/analysis/#additional-info Typical Filename: irs_doc181356553.doc Claimed Product: N/A Detection Name: W32.4B4FD57349-100.SBX.TG
SHA 256: bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f MD5: 2dbf779808d2ec3f5121891be9f4b1cf VirusTotal: https://www.virustotal.com/file/bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f/analysis/#additional-info Typical Filename: helperamc Claimed Product: (none) Detection Name: OSX.Variant:AMCZ.19if.1201
SHA 256: f4ae1a3d610a57547f014215a5d7aaed8572cd36aa77a9567c183f11430a6b55 MD5: 51e63633487f9180ec8031980684bf86 VirusTotal: https://www.virustotal.com/file/110165cec127b04c9ea6b6d51497cb8f30e2b8b8410b6985d88446cc706c91a2/analysis/#additional-info Typical Filename: qwxr.exe Claimed Product: (none) Detection Name: W32.110165CEC1-100.SBX.VIOC
SHA 256: 4c424fe45453840002ac944d167c45e1f77000485848dec65a46ca53a2b04ba3 MD5: 3edda4e903d939eb94544b9ade771e1a VirusTotal: https://www.virustotal.com/file/4c424fe45453840002ac944d167c45e1f77000485848dec65a46ca53a2b04ba3/analysis/#additional-info Typical Filename: gvtuk01112016.doc Claimed Product: N/A Detection Name: W32.4C424FE454-100.SBX.TG
SHA 256: f9b8f7f285f811ee720cce7bccd98a421a26fb90dd7b022118d4b4e1f340036b MD5: 0612402ad98c8c31cd6f2b914a419039 VirusTotal: https://www.virustotal.com/file/f9b8f7f285f811ee720cce7bccd98a421a26fb90dd7b022118d4b4e1f340036b/analysis/#additional-info Typical Filename: winpkaom.exe Claimed Product: (none) Detection Name: W32.Malware:Pramro.19l0.1201
============================================================
SPAM STATS FOR 2016-10-25 - 2016-11-01
TOP SPAM SUBJECTS OBSERVED
MOST FREQUENTLY USED ASNs FOR SENDING SPAM