Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
TOP VULNERABILITY THIS WEEK: Google Releases Monthly Security Bulletin for Android, Nexus, and Pixel Devices
============================================================
UPCOMING PUBLIC ENGAGEMENTS WITH TALOS
Event: Talos Insights: The State of Cyber Security @ Cisco Live EMER (Berlin, Germany) Date: 2017-02-20 - 2017-02-24 Speaker: Craig Williams, Global Outreach Manager Description: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.ciscolive.com/emea/learn/sessions/content-catalog/?search=BRKSEC-2010
Event: Emerging Threats: The State of Cybersecurity @ Cisco Live Melbourne 2017 (Melbourne, Australia) Date: 2017-03-07 - 2017-03-10 Speaker: Earl Carter, Technical Leader Description: Cisco's Talos Group specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers continuously evolve their techniques. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk/webinar, we will perform deep analysis of recent threats Talos has observed over the past quarter and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.ciscolive.com/anz/
============================================================
NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Google Releases Monthly Security Bulletin for Android, Nexus, and Pixel Devices Description: Google has released its monthly security bulletin for Android, Nexus, and Pixel devices. This month's release fixes 90 vulnerabilities with 29 of them being rated critical, 41 rated high, and 20 related moderate. The vulnerabilities rated critical affect Mediaserver, the kernel memory subsystem, the Qualcomm bootloader, the kernel file system, the NVIDIA GPU driver, the MediaTek driver, the Qualcomm GPU driver, and other Qualcomm components. Google has release two patch levels "to provide Android partners with the flexibility to more quickly fix a subset of vulnerabilities among Android devices." Updates for these vulnerabilities should be forthcoming for Android device owners in the near future with Nexus and Pixel device owners able to update now. Reference: https://source.android.com/security/bulletin/2017-01-01.html Snort SID: Detection pending release of vulnerability information
Title: Adobe Releases Security Bulletin for Flash Player Description: Adobe has released a security bulletin for Flash Player addressing 13 vulnerabilities. As with previous Flash Player security bulletins, the overwhelming majority of the flaws fixed are ones that could result in remote code execution. Five of the thirteen vulnerabilities are memory corruption flaws, four are heap buffer overflow flaws, three are use-after-free flaws, and one is a security feature bypass. Users who require Flash Player should update their systems as soon as possible as well as set Flash Player to be "click-to-play". Reference: https://helpx.adobe.com/security/products/flash-player/apsb17-02.html Snort SID: Detection pending
Title: Microsoft Releases Monthly Set of Security Bulletins for January 2017 Description: Microsoft has releases its monthly set of security bulletins for January 2017. This month's release contains three bulletins addressing 3 vulnerabilities in Windows and Office. Another bulletin is the Adobe Flash Player update, fixing the embedded Flash Player in Internet Explorer and Edge. Reference: https://technet.microsoft.com/library/security/ms17-jan Snort SID: 40759, 41140-41141
============================================================
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Edge Vulnerabilities CVE-2016-7200 & CVE-2016-7201 Integrated into Sundown Exploit Kits http://malware.dontneedcoffee.com/2017/01/CVE-2016-7200-7201.html
Lawmakers Reintroduce Popular Email Privacy Act https://threatpost.com/lawmakers-reintroduce-popular-email-privacy-act/122981/
Cracking The 12+ Character Password Barrier, Literally http://www.netmux.com/blog/cracking-12-character-above-passwords
Solving the SANS 2016 Holiday Hack Challenge https://techanarchy.net/2017/01/solving-the-sans-2016-holiday-hack-challenge/
=========================================================
MOST PREVALENT MALWARE FILES 2017-01-03 - 2017-01-10: COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: ae7327f36a659d01a85d4071a4570458ec03a05a6ce7d2f6d092fb46aff3e739 MD5: fa1f769475516b03881602d0824cae12 VirusTotal: https://www.virustotal.com/file/ae7327f36a659d01a85d4071a4570458ec03a05a6ce7d2f6d092fb46aff3e739/analysis/#additional-info Typical Filename: printerinstallerclientupdater.exe Claimed Product: Printer Client Updater Detection Name: W32.AE7327F36A-95.SBX.TG
SHA 256: 83cec41170390e5e6d49ed7bf4fa76ddfb581c9e39d9efe7ed9382957de152dd MD5: c913d292a9a907799526695c9ad3bfac VirusTotal: https://www.virustotal.com/file/83cec41170390e5e6d49ed7bf4fa76ddfb581c9e39d9efe7ed9382957de152dd/analysis/#additional-info Typical Filename: helperamc Claimed Product: Advanced Mac Cleaner Detection Name: OSX.83CEC41170.agent.tht.Talos
SHA 256: f9b8f7f285f811ee720cce7bccd98a421a26fb90dd7b022118d4b4e1f340036b MD5: 0612402ad98c8c31cd6f2b914a419039 VirusTotal: https://www.virustotal.com/file/f9b8f7f285f811ee720cce7bccd98a421a26fb90dd7b022118d4b4e1f340036b/analysis/#additional-info Typical Filename: icxy.exe Claimed Product: (none) Detection Name: W32.AgentWDCR:Malwaregen.20cd.1201
SHA 256: d3dbe14033ad25a5e4ffe1e2b559e53ee1d1799eb54eedbd7a689d6a88fd7137 MD5: f4be84934734b03d7f11e22b4de7fd0a VirusTotal: https://www.virustotal.com/file/d3dbe14033ad25a5e4ffe1e2b559e53ee1d1799eb54eedbd7a689d6a88fd7137/analysis/#additional-info Typical Filename: Danielic Claimed Product: (unknown) Detection Name: OSX.MAC:Malwaregen.19hh.1201
SHA 256: 63ecfe3dd8bf5040b1a8bd034d5e4ec861ba8870e98c3aa3de2057d8d21ba440 MD5: df03ff7e68fc8054e3a80b5774643300 VirusTotal: https://www.virustotal.com/file/63ecfe3dd8bf5040b1a8bd034d5e4ec861ba8870e98c3aa3de2057d8d21ba440/analysis/#additional-info Typical Filename: CVS.zip Claimed Product: N/A Detection Name: W32.1033DE5532-100.SBX.VIOC
============================================================
SPAM STATS FOR 2017-01-03 - 2017-01-10
TOP SPAM SUBJECTS OBSERVED
MOST FREQUENTLY USED ASNs FOR SENDING SPAM