Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
TOP VULNERABILITY THIS WEEK: Oracle Releases Quarterly Patch Update for Supported Products
============================================================
UPCOMING PUBLIC ENGAGEMENTS WITH TALOS
Event: Talos Insights: The State of Cyber Security @ Cisco Live EMER (Berlin, Germany) Date: 2017-02-20 - 2017-02-24 Speaker: Craig Williams, Global Outreach Manager Description: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.ciscolive.com/emea/learn/sessions/content-catalog/?search=BRKSEC-2010
Event: Emerging Threats: The State of Cybersecurity @ Cisco Live Melbourne 2017 (Melbourne, Australia) Date: 2017-03-07 - 2017-03-10 Speaker: Earl Carter, Technical Leader Description: Cisco's Talos Group specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers continuously evolve their techniques. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk/webinar, we will perform deep analysis of recent threats Talos has observed over the past quarter and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.ciscolive.com/anz/
============================================================
NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Oracle Releases Quarterly Patch Update for Supported Products Description: Oracle has released its quarterly set of security advisories for the first quarter of 2017. This release contains fixes for 270 vulnerabilities, include 2 local vulnerabilities in Oracle Database Server, 27 vulnerabilities for MySQL Enterprise Monitor and Server, and 17 vulnerabilities in Java. Two of the vulnerabilities in Java are severe with a CVSS 3.0 score of 9.6 and could be remotely exploited without authentication. Reference: http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html Snort SID: 40773-40774, 41108-41109; Additional detection pending release of vulnerability information
Title: WordPress 4.7.1 Security and Maintenance Release Description: WordPress has released a security and maintenance update for WordPress 4.7. This latest update addresses eight security issues with the most notable being the remote code execution flaw in PHPMailer, which was disclosed last month. Note that while WordPress appears to be have been unaffected, PHPMailer has been updated as a hardening measure. Other vulnerabilities that were patched include an information leak flaw, an pair of XSS flaws, a pair of CSRF flaws, fixes for default behavior, and weak cryptographic security for multisite activation key. Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/ Snort SID: Detection pending release of vulnerability information
============================================================
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
The Line of Death https://textslashplain.com/2017/01/14/the-line-of-death/
Google Infrastructure Security Design Overview https://cloud.google.com/security/security-design/
Buggy Domain Validation Forces GoDaddy to Revoke Certs https://threatpost.com/buggy-domain-validation-forces-godaddy-to-revoke-certs/123038/
Facebook ImageTragick Story http://4lemon.ru/2017-01-17facebookimagetragickremotecode_execution.html
Hardening Windows 10 with zero-day exploit mitigations https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/
Practical Android Debugging Via KGDB http://blog.trendmicro.com/trendlabs-security-intelligence/practical-android-debugging-via-kgdb/
=========================================================
MOST PREVALENT MALWARE FILES 2017-01-10 - 2017-01-17:
COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP SHA 256: ae7327f36a659d01a85d4071a4570458ec03a05a6ce7d2f6d092fb46aff3e739 MD5: fa1f769475516b03881602d0824cae12 VirusTotal: https://www.virustotal.com/file/ae7327f36a659d01a85d4071a4570458ec03a05a6ce7d2f6d092fb46aff3e739/analysis/#additional-info Typical Filename: printerinstallerclientupdater.exe Claimed Product: PrinterLogic Printer Client Updater Detection Name: W32.AE7327F36A-95.SBX.TG
SHA 256: 2c031ea081992e5a0429d3c1c8cba2530c42dfba1081c16f48c01a9f2ef2774e MD5: 32d51047d3cf9af2d83680b495ad32c9 VirusTotal: https://www.virustotal.com/file/2c031ea081992e5a0429d3c1c8cba2530c42dfba1081c16f48c01a9f2ef2774e/analysis/#additional-info Typical Filename: EntNameRepair.exe Claimed Product: "???????" Detection Name: Auto.2C031EA081.tht.Talos
SHA 256: bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f MD5: 2dbf779808d2ec3f5121891be9f4b1cf VirusTotal: https://www.virustotal.com/file/bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f/analysis/#additional-info Typical Filename: helperamc Claimed Product: Advanced Mac Cleaner Detection Name: OSX.Variant:AMCZ.19if.1201
SHA 256: f9b8f7f285f811ee720cce7bccd98a421a26fb90dd7b022118d4b4e1f340036b MD5: 0612402ad98c8c31cd6f2b914a419039 VirusTotal: https://www.virustotal.com/file/f9b8f7f285f811ee720cce7bccd98a421a26fb90dd7b022118d4b4e1f340036b/analysis/#additional-info Typical Filename: icxy.exe Claimed Product: (none) Detection Name: W32.AgentWDCR:Malwaregen.20cd.1201
SHA 256: fb87d53c5aed346c98a2ef6f0840f423ca0b6281eef1c606ee79a97b64dbc142 MD5: da408cef2fca99a51b4fb5afd37d6d18 VirusTotal: https://www.virustotal.com/file/fb87d53c5aed346c98a2ef6f0840f423ca0b6281eef1c606ee79a97b64dbc142/analysis/#additional-info Typical Filename: Documento n.002356-0048533.exe Claimed Product: (none) Detection Name: W32.FB87D53C5A-95.SBX.TG
============================================================
SPAM STATS FOR 2017-01-10 - 2017-01-17
TOP SPAM SUBJECTS OBSERVED
MOST FREQUENTLY USED ASNs FOR SENDING SPAM