November 15, 2016

TOP VULNERABILITY THIS WEEK: OpenSSL Releases Security Advisory for Three Vulnerabilities

============================================================

UPCOMING PUBLIC ENGAGEMENTS WITH TALOS

Event: Talos - Cisco's Key to Understanding the Threat Landscape @ Cisco Tech Days (Denver, CO) Date: 2016-12-01 Speaker: Nick Biasini, Threat Researcher Description: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos' large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://demand.cisco.com/CiscoOnTheRoad

Event: Emerging Threats - The State of Cybersecurity @ HITCON Pacific 2016 (Taipei, Taiwan) Date: 2016-12-01 - 2016-12-02 Speaker: Earl Carter, Technical Leader Description: The security threat landscape is constantly in flux as attackers evolve their skills and tactics. Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary to help secure a network in light of this ever changing and growing threat landscape. Talos advances the overall efficacy of all Cisco security platforms by analyzing data feeds, collaborating with teams of security experts, and developing cutting-edge big data technology to identify security threats. In this talk we will perform deep analysis of recent threats and see how Talos leverages large data intelligence feeds to deliver product improvements and mitigation strategies. Reference: http://hitcon.org/2016/pacific/

Event: Talos - Cisco's Key to Understanding the Threat Landscape @ Cisco Security Week - Seattle Date: 2016-12-13 - 2016-12-14 Speaker: Earl Carter, Technical Leader Description: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos' large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Seattle

Event: Talos - Cisco's Key to Understanding the Threat Landscape @ Cisco On The Road (Boston, MA) Date: 2016-12-15 Speaker: Nick Biasini, Threat Researcher Description: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos' large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://demand.cisco.com/CiscoOnTheRoad

============================================================

NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

Title: OpenSSL Releases Security Advisory for Three Vulnerabilities Description: OpenSSL has released a security advisory for the open-source cryptography library to address three vulnerabilities. The most severe vulnerability, CVE-2016-7054, is a heap-buffer-overflow flaw that could result in a denial-of-service. The other two vulnerabilities, CVE-2016-7053 and CVE-2016-7055, are rated "moderate" and "low" respectively. CVE-2016-7053 is null dereference flaw that could crash OpenSSL while CVE-2016-7055 is a logic error in the Broadwell-specific Montgomery multiplication procedure and is deemed to be difficult, if not impossible, to practically exploit. OpenSSL has released as software update that addresses these flaws for OpenSSL 1.1.0. Earlier versions are not affected. Reference: https://www.openssl.org/news/secadv/20161110.txt Snort SID: Detection pending release of vulnerability information

Title: VMware Issues Critical Security Advisory for Workstation and Fusion Products Description: VMware has issued a critical security advisory to address CVE-2016-7461, a vulnerability within its Workstation and Fusion products. CVE-2016-7461 is a out-of-bounds memory access vulnerability that manifests in the drag-and-drop functionality of both Workstation and Fusion and could potentially allow a guest OS to execute code in the context of the host OS, thus escaping the sandbox. Users are advised to update their VMware Workstation and Fusion installations. Additionally, for users who are unable to immediately update, users can disable drag-and-drop and copy-and-paste functionality to mitigate this risk of compromise. Reference: https://www.vmware.com/security/advisories/VMSA-2016-0019.html Snort SID: Detection pending release of vulnerability information

Title: Vulnerability in cryptsetup Disclosed Description: Researchers at the Polytechnic University of Valencia in Spain have disclosed a vulnerability they've identified in cryptsetup, a utility which is used to set up encrypted filesystems on Linux machines. CVE-2016-4484 manifests as a logic error on bootup where if a user attempts to decrypt the volume too many times, the system will fail in an unsafe manner and drop a user into a shell with root permissions. It should be noted that any data contained within the encrypted volume remains encrypted. However, other partitions that are not encrypted could still be accessed. Note that this vulnerability has been patched in Debian. Reference: http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484cryptsetupinitrd_shell.html

============================================================

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

HackingTeam back for your Androids, now extra insecure! http://rednaga.io/2016/11/14/hackingteambackforyourandroids/

Russian 'Dukes' of Hackers Pounce on Trump Win https://krebsonsecurity.com/2016/11/russian-dukes-of-hackers-pounce-on-trump-win/

Master Decryption Keys and Decryptor for the CrySiS Ransomware Released http://www.bleepingcomputer.com/news/security/master-decryption-keys-and-decryptor-for-the-crysis-ransomware-released-/

Lobbyists Press Trump to Support Strong Encryption, Surveillance Reform https://threatpost.com/lobbyists-press-trump-to-support-strong-encryption-surveillance-reform/121960/

Metasploitable3: An Intentionally Vulnerable Machine for Exploit Testing https://community.rapid7.com/community/metasploit/blog/2016/11/15/test-your-might-with-the-shiny-new-metasploitable3

Crashing Stacks Without Squishing Bugs: Advanced Vulnerability Analysis http://blog.talosintel.com/2016/11/crashing-stacks-without-squishing-bugs.html

=========================================================

MOST PREVALENT MALWARE FILES 2016-11-08 - 2016-11-15: COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

SHA 256: c8bc4cdc187319bbbe0f663da7153f9a9cccf265484b779041d442a3a8fd3b87 MD5: 5a1107ce5b82eddb5318d44b05b2985e VirusTotal: https://www.virustotal.com/file/c8bc4cdc187319bbbe0f663da7153f9a9cccf265484b779041d442a3a8fd3b87/analysis/#additional-info Typical Filename: FedEx.doc Claimed Product: N/A Detection Name: W32.C8BC4CDC18-100.SBX.TG

SHA 256: bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f MD5: 2dbf779808d2ec3f5121891be9f4b1cf VirusTotal: https://www.virustotal.com/file/bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f/analysis/#additional-info Typical Filename: helperamc Claimed Product: Advanced Mac Cleaner Detection Name: OSX.Variant:AMCZ.19if.1201

SHA 256: b273c5e1fc95672afb46bd9248855fb2df59f81a8056c048008b9cce24550107 MD5: 4267e99e4a9f99e28bd58d6e6bd287e7 VirusTotal: https://www.virustotal.com/file/b273c5e1fc95672afb46bd9248855fb2df59f81a8056c048008b9cce24550107/analysis/#additional-info Typical Filename: FedEx.doc Claimed Product: N/A Detection Name: W32.B273C5E1FC-100.SBX.TG

SHA 256: f9b8f7f285f811ee720cce7bccd98a421a26fb90dd7b022118d4b4e1f340036b MD5: 0612402ad98c8c31cd6f2b914a419039 VirusTotal: https://www.virustotal.com/file/f9b8f7f285f811ee720cce7bccd98a421a26fb90dd7b022118d4b4e1f340036b/analysis/#additional-info Typical Filename: weeli.exe Claimed Product: (none) Detection Name: W32.Malware:Pramro.19l0.1201

SHA 256: 4665c9d5c277cacd3d02dbde9068383608010efaff0bb0651e6434c45e79c387 MD5: ea97455784c8036d1eb45dace2af14f0 VirusTotal: https://www.virustotal.com/file/4665c9d5c277cacd3d02dbde9068383608010efaff0bb0651e6434c45e79c387/analysis/#additional-info Typical Filename: FedEx.doc Claimed Product: (none) Detection Name: W32.4665C9D5C2-95.SBX.TG

============================================================

SPAM STATS FOR 2016-11-08 - 2016-11-15

TOP SPAM SUBJECTS OBSERVED

"Account temporarily suspended"
"SMU Alert!"
"Order"
"unauthorized access"
"Paperless Billing"

MOST FREQUENTLY USED ASNs FOR SENDING SPAM

24560 Bharti Airtel Ltd., Telemedia Services
9829 National Internet Backbone
45899 VNPT Corp
18403 The Corporation for Financing & Promoting Technology
45595 Pakistan Telecom Company Limited

Vulnerability Information

Reputation Center

Support Communities

Talos ThreatSource Newsletters

November 15, 2016

Newsletter Archives

2019

August (3)

July (3)

June (4)

May (5)

April (2)

March (4)

February (4)

January (4)

2018

December (3)

November (5)

October (4)

September (4)

August (5)

July (4)

June (4)

May (5)

April (1)

March (3)

February (4)

January (5)

2017

December (3)

November (3)

October (5)

September (4)

August (5)

July (4)

June (4)

May (5)

April (4)

March (4)

February (4)

January (5)

2016

December (3)

November (5)

October (5)

September (3)

August (5)

July (2)

June (4)

May (5)

April (4)

March (6)

February (3)