• Cisco Login
  • Software
  • Vulnerability Information
    • Vulnerability Information

    • Vulnerability Reports
    • Microsoft Advisories
  • Reputation Center
    • Reputation Center

    • IP & Domain Reputation
    • Talos File Reputation
    • Reputation Support
    • AMP Threat Naming Conventions
    • AWBO Exercises
    • Intelligence Categories
  • Library
  • Support
    • Support

    • Reputation Center Support
    • Snort Community
    • ClamAV Community
    • SpamCop
  • Incident Response
  • Careers
  • Blog
  • Podcasts
    • Podcasts

    • Beers with Talos
    • Talos Takes
  • About
  • Cisco Login

Talos Threat Source Newsletters

Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.

January 10, 2017


TOP VULNERABILITY THIS WEEK: Google Releases Monthly Security Bulletin for Android, Nexus, and Pixel Devices

============================================================

UPCOMING PUBLIC ENGAGEMENTS WITH TALOS

Event: Talos Insights: The State of Cyber Security @ Cisco Live EMER (Berlin, Germany) Date: 2017-02-20 - 2017-02-24 Speaker: Craig Williams, Global Outreach Manager Description: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.ciscolive.com/emea/learn/sessions/content-catalog/?search=BRKSEC-2010

Event: Emerging Threats: The State of Cybersecurity @ Cisco Live Melbourne 2017 (Melbourne, Australia) Date: 2017-03-07 - 2017-03-10 Speaker: Earl Carter, Technical Leader Description: Cisco’s Talos Group specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers continuously evolve their techniques. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk/webinar, we will perform deep analysis of recent threats Talos has observed over the past quarter and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.ciscolive.com/anz/

============================================================

NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

Title: Google Releases Monthly Security Bulletin for Android, Nexus, and Pixel Devices Description: Google has released its monthly security bulletin for Android, Nexus, and Pixel devices. This month’s release fixes 90 vulnerabilities with 29 of them being rated critical, 41 rated high, and 20 related moderate. The vulnerabilities rated critical affect Mediaserver, the kernel memory subsystem, the Qualcomm bootloader, the kernel file system, the NVIDIA GPU driver, the MediaTek driver, the Qualcomm GPU driver, and other Qualcomm components. Google has release two patch levels “to provide Android partners with the flexibility to more quickly fix a subset of vulnerabilities among Android devices.” Updates for these vulnerabilities should be forthcoming for Android device owners in the near future with Nexus and Pixel device owners able to update now. Reference: https://source.android.com/security/bulletin/2017-01-01.html Snort SID: Detection pending release of vulnerability information

Title: Adobe Releases Security Bulletin for Flash Player Description: Adobe has released a security bulletin for Flash Player addressing 13 vulnerabilities. As with previous Flash Player security bulletins, the overwhelming majority of the flaws fixed are ones that could result in remote code execution. Five of the thirteen vulnerabilities are memory corruption flaws, four are heap buffer overflow flaws, three are use-after-free flaws, and one is a security feature bypass. Users who require Flash Player should update their systems as soon as possible as well as set Flash Player to be “click-to-play”. Reference: https://helpx.adobe.com/security/products/flash-player/apsb17-02.html Snort SID: Detection pending

Title: Microsoft Releases Monthly Set of Security Bulletins for January 2017 Description: Microsoft has releases its monthly set of security bulletins for January 2017. This month’s release contains three bulletins addressing 3 vulnerabilities in Windows and Office. Another bulletin is the Adobe Flash Player update, fixing the embedded Flash Player in Internet Explorer and Edge. Reference: https://technet.microsoft.com/library/security/ms17-jan Snort SID: 40759, 41140-41141

============================================================

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

Edge Vulnerabilities CVE-2016-7200 & CVE-2016-7201 Integrated into Sundown Exploit Kits http://malware.dontneedcoffee.com/2017/01/CVE-2016-7200-7201.html

Lawmakers Reintroduce Popular Email Privacy Act https://threatpost.com/lawmakers-reintroduce-popular-email-privacy-act/122981/

Cracking The 12+ Character Password Barrier, Literally http://www.netmux.com/blog/cracking-12-character-above-passwords

Solving the SANS 2016 Holiday Hack Challenge https://techanarchy.net/2017/01/solving-the-sans-2016-holiday-hack-challenge/

=========================================================

MOST PREVALENT MALWARE FILES 2017-01-03 - 2017-01-10: COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

SHA 256: ae7327f36a659d01a85d4071a4570458ec03a05a6ce7d2f6d092fb46aff3e739 MD5: fa1f769475516b03881602d0824cae12 VirusTotal: https://www.virustotal.com/file/ae7327f36a659d01a85d4071a4570458ec03a05a6ce7d2f6d092fb46aff3e739/analysis/#additional-info Typical Filename: printerinstallerclientupdater.exe Claimed Product: Printer Client Updater Detection Name: W32.AE7327F36A-95.SBX.TG

SHA 256: 83cec41170390e5e6d49ed7bf4fa76ddfb581c9e39d9efe7ed9382957de152dd MD5: c913d292a9a907799526695c9ad3bfac VirusTotal: https://www.virustotal.com/file/83cec41170390e5e6d49ed7bf4fa76ddfb581c9e39d9efe7ed9382957de152dd/analysis/#additional-info Typical Filename: helperamc Claimed Product: Advanced Mac Cleaner Detection Name: OSX.83CEC41170.agent.tht.Talos

SHA 256: f9b8f7f285f811ee720cce7bccd98a421a26fb90dd7b022118d4b4e1f340036b MD5: 0612402ad98c8c31cd6f2b914a419039 VirusTotal: https://www.virustotal.com/file/f9b8f7f285f811ee720cce7bccd98a421a26fb90dd7b022118d4b4e1f340036b/analysis/#additional-info Typical Filename: icxy.exe Claimed Product: (none) Detection Name: W32.AgentWDCR:Malwaregen.20cd.1201

SHA 256: d3dbe14033ad25a5e4ffe1e2b559e53ee1d1799eb54eedbd7a689d6a88fd7137 MD5: f4be84934734b03d7f11e22b4de7fd0a VirusTotal: https://www.virustotal.com/file/d3dbe14033ad25a5e4ffe1e2b559e53ee1d1799eb54eedbd7a689d6a88fd7137/analysis/#additional-info Typical Filename: Danielic Claimed Product: (unknown) Detection Name: OSX.MAC:Malwaregen.19hh.1201

SHA 256: 63ecfe3dd8bf5040b1a8bd034d5e4ec861ba8870e98c3aa3de2057d8d21ba440 MD5: df03ff7e68fc8054e3a80b5774643300 VirusTotal: https://www.virustotal.com/file/63ecfe3dd8bf5040b1a8bd034d5e4ec861ba8870e98c3aa3de2057d8d21ba440/analysis/#additional-info Typical Filename: CVS.zip Claimed Product: N/A Detection Name: W32.1033DE5532-100.SBX.VIOC

============================================================

SPAM STATS FOR 2017-01-03 - 2017-01-10

TOP SPAM SUBJECTS OBSERVED

  • “RE: RE: New Order list “
  • “Notification from Axis Bank”
  • “Quantum Code - Password Recovery”
  • “Confirm Your Account”
  • “Undelivered Mail Returned to Sender”

MOST FREQUENTLY USED ASNs FOR SENDING SPAM

  • 1221 Telstra Pty Ltd
  • 15169 Google Inc.
  • 3320 Deutsche Telekom AG
  • 25847 ServInt
  • 7046 MCI Communications Services, Inc. d/b/a Verizon Business
Most Recent 25 Newsletters
Newsletter Archives

For more, click here...

      • Software
      • Reputation Center
      • Vulnerability Information
      • Microsoft Advisory Snort Rules
      • Incident Response
      • AMP Naming Conventions
      • Talos File Reputation
      • AWBO Exercises
      • Library
      • Support Communities
      • About
      • Careers
      • Blog
      • Threat Source Newsletter
      • Beers with Talos Podcast
      • Talos Takes Podcast
Connect With Us
  • Follow us on Twitter
  • Watch our informational videos on YouTube
  • Connect with us on LinkedIn
Cisco

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. View our Privacy Policy here.