Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
TOP VULNERABILITY THIS WEEK: OpenSSL Releases Security Advisory for Three Vulnerabilities
============================================================
UPCOMING PUBLIC ENGAGEMENTS WITH TALOS
Event: Talos - Cisco’s Key to Understanding the Threat Landscape @ Cisco Tech Days (Denver, CO) Date: 2016-12-01 Speaker: Nick Biasini, Threat Researcher Description: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos’ large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://demand.cisco.com/CiscoOnTheRoad
Event: Emerging Threats - The State of Cybersecurity @ HITCON Pacific 2016 (Taipei, Taiwan) Date: 2016-12-01 - 2016-12-02 Speaker: Earl Carter, Technical Leader Description: The security threat landscape is constantly in flux as attackers evolve their skills and tactics. Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary to help secure a network in light of this ever changing and growing threat landscape. Talos advances the overall efficacy of all Cisco security platforms by analyzing data feeds, collaborating with teams of security experts, and developing cutting-edge big data technology to identify security threats. In this talk we will perform deep analysis of recent threats and see how Talos leverages large data intelligence feeds to deliver product improvements and mitigation strategies. Reference: http://hitcon.org/2016/pacific/
Event: Talos - Cisco’s Key to Understanding the Threat Landscape @ Cisco Security Week - Seattle Date: 2016-12-13 - 2016-12-14 Speaker: Earl Carter, Technical Leader Description: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos’ large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Seattle
Event: Talos - Cisco’s Key to Understanding the Threat Landscape @ Cisco On The Road (Boston, MA) Date: 2016-12-15 Speaker: Nick Biasini, Threat Researcher Description: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos’ large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://demand.cisco.com/CiscoOnTheRoad
============================================================
NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: OpenSSL Releases Security Advisory for Three Vulnerabilities Description: OpenSSL has released a security advisory for the open-source cryptography library to address three vulnerabilities. The most severe vulnerability, CVE-2016-7054, is a heap-buffer-overflow flaw that could result in a denial-of-service. The other two vulnerabilities, CVE-2016-7053 and CVE-2016-7055, are rated “moderate” and “low” respectively. CVE-2016-7053 is null dereference flaw that could crash OpenSSL while CVE-2016-7055 is a logic error in the Broadwell-specific Montgomery multiplication procedure and is deemed to be difficult, if not impossible, to practically exploit. OpenSSL has released as software update that addresses these flaws for OpenSSL 1.1.0. Earlier versions are not affected. Reference: https://www.openssl.org/news/secadv/20161110.txt Snort SID: Detection pending release of vulnerability information
Title: VMware Issues Critical Security Advisory for Workstation and Fusion Products Description: VMware has issued a critical security advisory to address CVE-2016-7461, a vulnerability within its Workstation and Fusion products. CVE-2016-7461 is a out-of-bounds memory access vulnerability that manifests in the drag-and-drop functionality of both Workstation and Fusion and could potentially allow a guest OS to execute code in the context of the host OS, thus escaping the sandbox. Users are advised to update their VMware Workstation and Fusion installations. Additionally, for users who are unable to immediately update, users can disable drag-and-drop and copy-and-paste functionality to mitigate this risk of compromise. Reference: https://www.vmware.com/security/advisories/VMSA-2016-0019.html Snort SID: Detection pending release of vulnerability information
Title: Vulnerability in cryptsetup Disclosed Description: Researchers at the Polytechnic University of Valencia in Spain have disclosed a vulnerability they’ve identified in cryptsetup, a utility which is used to set up encrypted filesystems on Linux machines. CVE-2016-4484 manifests as a logic error on bootup where if a user attempts to decrypt the volume too many times, the system will fail in an unsafe manner and drop a user into a shell with root permissions. It should be noted that any data contained within the encrypted volume remains encrypted. However, other partitions that are not encrypted could still be accessed. Note that this vulnerability has been patched in Debian. Reference: http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
============================================================
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
HackingTeam back for your Androids, now extra insecure! http://rednaga.io/2016/11/14/hackingteam_back_for_your_androids/
Russian ‘Dukes’ of Hackers Pounce on Trump Win https://krebsonsecurity.com/2016/11/russian-dukes-of-hackers-pounce-on-trump-win/
Master Decryption Keys and Decryptor for the CrySiS Ransomware Released http://www.bleepingcomputer.com/news/security/master-decryption-keys-and-decryptor-for-the-crysis-ransomware-released-/
Lobbyists Press Trump to Support Strong Encryption, Surveillance Reform https://threatpost.com/lobbyists-press-trump-to-support-strong-encryption-surveillance-reform/121960/
Metasploitable3: An Intentionally Vulnerable Machine for Exploit Testing https://community.rapid7.com/community/metasploit/blog/2016/11/15/test-your-might-with-the-shiny-new-metasploitable3
Crashing Stacks Without Squishing Bugs: Advanced Vulnerability Analysis http://blog.talosintel.com/2016/11/crashing-stacks-without-squishing-bugs.html
=========================================================
MOST PREVALENT MALWARE FILES 2016-11-08 - 2016-11-15: COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: c8bc4cdc187319bbbe0f663da7153f9a9cccf265484b779041d442a3a8fd3b87 MD5: 5a1107ce5b82eddb5318d44b05b2985e VirusTotal: https://www.virustotal.com/file/c8bc4cdc187319bbbe0f663da7153f9a9cccf265484b779041d442a3a8fd3b87/analysis/#additional-info Typical Filename: FedEx.doc Claimed Product: N/A Detection Name: W32.C8BC4CDC18-100.SBX.TG
SHA 256: bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f MD5: 2dbf779808d2ec3f5121891be9f4b1cf VirusTotal: https://www.virustotal.com/file/bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f/analysis/#additional-info Typical Filename: helperamc Claimed Product: Advanced Mac Cleaner Detection Name: OSX.Variant:AMCZ.19if.1201
SHA 256: b273c5e1fc95672afb46bd9248855fb2df59f81a8056c048008b9cce24550107 MD5: 4267e99e4a9f99e28bd58d6e6bd287e7 VirusTotal: https://www.virustotal.com/file/b273c5e1fc95672afb46bd9248855fb2df59f81a8056c048008b9cce24550107/analysis/#additional-info Typical Filename: FedEx.doc Claimed Product: N/A Detection Name: W32.B273C5E1FC-100.SBX.TG
SHA 256: f9b8f7f285f811ee720cce7bccd98a421a26fb90dd7b022118d4b4e1f340036b MD5: 0612402ad98c8c31cd6f2b914a419039 VirusTotal: https://www.virustotal.com/file/f9b8f7f285f811ee720cce7bccd98a421a26fb90dd7b022118d4b4e1f340036b/analysis/#additional-info Typical Filename: weeli.exe Claimed Product: (none) Detection Name: W32.Malware:Pramro.19l0.1201
SHA 256: 4665c9d5c277cacd3d02dbde9068383608010efaff0bb0651e6434c45e79c387 MD5: ea97455784c8036d1eb45dace2af14f0 VirusTotal: https://www.virustotal.com/file/4665c9d5c277cacd3d02dbde9068383608010efaff0bb0651e6434c45e79c387/analysis/#additional-info Typical Filename: FedEx.doc Claimed Product: (none) Detection Name: W32.4665C9D5C2-95.SBX.TG
============================================================
SPAM STATS FOR 2016-11-08 - 2016-11-15
TOP SPAM SUBJECTS OBSERVED
MOST FREQUENTLY USED ASNs FOR SENDING SPAM