• Cisco Login
  • Software
  • Vulnerability Information
    • Vulnerability Information

    • Vulnerability Reports
    • Microsoft Advisories
  • Reputation Center
    • Reputation Center

    • IP & Domain Reputation
    • Talos File Reputation
    • Reputation Support
    • AMP Threat Naming Conventions
    • AWBO Exercises
    • Intelligence Categories
  • Library
  • Support
    • Support

    • Reputation Center Support
    • Snort Community
    • ClamAV Community
    • SpamCop
  • Incident Response
  • Careers
  • Blog
  • Podcasts
    • Podcasts

    • Beers with Talos
    • Talos Takes
  • About
  • Cisco Login

Talos Threat Source Newsletters

Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.

February 14, 2017


TOP VULNERABILITY THIS WEEK: ISC Releases Security Advisory for BIND To Resolve Denial of Service Attack

============================================================

UPCOMING PUBLIC ENGAGEMENTS WITH TALOS

Event: Talos Insights: The State of Cyber Security @ Cisco Live EMER (Berlin, Germany) Date: 2017-02-20 - 2017-02-24 Speaker: Craig Williams, Global Outreach Manager Description: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.ciscolive.com/emea/learn/sessions/content-catalog/?search=BRKSEC-2010

Event: Talos Winter Security Threat Briefing (Free Webinar) Date: 2017-02-28 13:00 ET (10:00 PT) Speaker: Earl Carter, Technical Leader Description: Cyberthreats will never disappear. Adversaries are only getting smarter and more adept at evading security measures. The security experts at Talos invite you to their quarterly threat briefing, where they will share their insights into recent attacks that exemplify the latest trends within the security industry. By discussing these new and emerging threats, the Talos team will help you understand new protection strategies and build better defenses. Reference: https://security-mktg.cisco.com/CiscoSecurityWebinarSeries/Social?webinar=ME5484A1

Event: Emerging Threats: The State of Cybersecurity @ Cisco Live Melbourne 2017 (Melbourne, Australia) Date: 2017-03-07 - 2017-03-10 Speaker: Earl Carter, Technical Leader Description: Cisco’s Talos Group specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers continuously evolve their techniques. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk/webinar, we will perform deep analysis of recent threats Talos has observed over the past quarter and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.ciscolive.com/anz/

Event: Driving Attacker Innovation: A Tale of Three Ransomware Variants Date: 2017-03-14 Speaker: Earl Carter, Technical Leader Description: Ransomware has become a constant threat to users. Innovation is the key to staying ahead of threat defenders and earning the most money. During this talk I will examine how three separate ransomware variants (TeslaCrypt, Cryptowall, & Locky) have demonstrated totally different innovation paths with varying results. TeslaCrypt demonstrates a failed attempt at innovation that could not overcome the constant examination by threat defenders. Cryptowall evolved from a simple phishing attack into an advanced piece of malware delivered by exploit kits earning millions of dollars annually. Finally Locky has evolved into a significant spam based email threat driven by an affiliate model that has enabled the ransomware authors to separate themselves from the actual malware distribution. Reference: http://acsc2017.com.au/

============================================================

NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

Title: ISC Releases Security Advisory for BIND To Resolve Denial of Service Attack Description: ISC has released a security advisory for BIND to address CVE-2017-3135, a denial of service vulnerability. CVE-2017-3135 manifests under certain conditions when both DNS64 and RPZ are used to rewrite query responses. In some instances, query processing “can resume in an inconsistent state” and result in a assertion failure or NULL pointer dereference. Workarounds to avoid this vulnerability are possible, but ISC recommends BIND should be upgraded as updated that address this vulnerability have been made available. Reference: https://kb.isc.org/article/AA-01453 Snort SID: Detection pending release of vulnerability information

Title: Adobe Releases Security Bulletins for Flash Player, Digital Editions, and Campaign Description: Adobe has released three security bulletins for Flash Player, Digital Editions, and Campaign. In total, 24 vulnerabilities were resolved across the three bulletins with 13 Flash Player flaws fixed, 9 Digital Editions flaws fixed, and 2 Campaign flaws fixed. The Flash Player bulletin notes that all 13 flaws could possibly lead to remote code execution with all them being memory corruptions, heap buffer overflows, use-after-frees, integer overflows, and type confusion flaws. Reference: - https://helpx.adobe.com/security/products/flash-player/apsb17-04.html - https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html - https://helpx.adobe.com/security/products/campaign/apsb17-06.html Snort SID: 41603-41604, 41611-41624, 41627-41632

============================================================

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

New Attack, Old Tricks - Macro-based Malware Observed on macOS https://objective-see.com/blog/blog_0x17.html

How to build a 8 GPU password cracker https://www.shellntel.com/blog/2017/2/8/how-to-build-a-8-gpu-password-cracker

Go RAT, Go! AthenaGo points “TorWords” Portugal http://blog.talosintel.com/2017/02/athena-go.html?f_l=s

USB Key Cleaner: CIRCLean https://n0where.net/usb-key-cleaner-circlean/?

U.S. House of Representatives Passes Long-Sought Email Privacy Bill https://krebsonsecurity.com/2017/02/house-passes-long-sought-email-privacy-bill/?

Microsoft delays its usual Patch Tuesday updates http://www.zdnet.com/article/microsoft-delays-its-usual-patch-tuesday-updates/

=========================================================

MOST PREVALENT MALWARE FILES 2017-02-07 - 2017-02-14: COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

SHA 256: bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f MD5: 2dbf779808d2ec3f5121891be9f4b1cf VirusTotal: https://www.virustotal.com/file/bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f/analysis/#additional-info Typical Filename: helperamc Claimed Product: Advanced Mac Cleaner Detection Name: OSX.Variant:AMCZ.19if.1201

SHA 256: 2a3c6020418ba65020feffc50d30ad77aa6f87bb97e831f9d19585c5c0fbf439 MD5: 220a227048a34c7145aa3af9b29a39c5 VirusTotal: https://www.virustotal.com/file/2a3c6020418ba65020feffc50d30ad77aa6f87bb97e831f9d19585c5c0fbf439/analysis/#additional-info Typical Filename: mfon.zip Claimed Product: Mac File Opener Detection Name: W32.Auto.2a3c60.201455.in01

SHA 256: 280c48828f845c55a14a2930cf2105f65a220a471c0c71515c69d77aabfed054 MD5: dd0b29dbd6f54d217e75739520e090a6 VirusTotal: https://www.virustotal.com/file/280c48828f845c55a14a2930cf2105f65a220a471c0c71515c69d77aabfed054/analysis/#additional-info Typical Filename: Delivery-Details.zip Claimed Product: N/A Detection Name: W32.Auto:280c48828f.in05.Talos

SHA 256: e3a1b642e1e097ad51aaf00ac04f95a542ca532d1527897543dd46b4c4a8aa8a MD5: 96233bf468ffa3039764e39dc2e4aab4 VirusTotal: https://www.virustotal.com/file/e3a1b642e1e097ad51aaf00ac04f95a542ca532d1527897543dd46b4c4a8aa8a/analysis/#additional-info Typical Filename: 销.售.主.管该如何定位.docx Claimed Product: N/A Detection Name: DOCX.Auto:e3a1b642e1.in05.Talos

SHA 256: 09e8114c3198af5e854ca0cf863d6651313c392bbf89761cf39e9cc312a40e24 MD5: 3f9a39ce158010d21ac983311fa2e41f VirusTotal: https://www.virustotal.com/file/09e8114c3198af5e854ca0cf863d6651313c392bbf89761cf39e9cc312a40e24/analysis/#additional-info Typical Filename: 32957.doc Claimed Product: N/A Detection Name: W32.09E8114C31-100.SBX.TG

============================================================

SPAM STATS FOR 2017-02-07 - 2017-02-14

TOP SPAM SUBJECTS OBSERVED

  • “Mail Update”
  • “RE: Outlook Web Access”
  • “Update”
  • “Important Message from the HR Department”
  • “RE: SERVICE ADMIN”

MOST FREQUENTLY USED ASNs FOR SENDING SPAM

  • 36850 University of North Carolina at Chapel Hill
  • 25876 Los Angeles Department of Water & Power
  • 87 Indiana University
  • 394922 CGI Federal
  • 8075 Microsoft Corporation
Most Recent 25 Newsletters
Newsletter Archives

For more, click here...

      • Software
      • Reputation Center
      • Vulnerability Information
      • Microsoft Advisory Snort Rules
      • Incident Response
      • AMP Naming Conventions
      • Talos File Reputation
      • AWBO Exercises
      • Library
      • Support Communities
      • About
      • Careers
      • Blog
      • Threat Source Newsletter
      • Beers with Talos Podcast
      • Talos Takes Podcast
Connect With Us
  • Follow us on Twitter
  • Watch our informational videos on YouTube
  • Connect with us on LinkedIn
Cisco

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. View our Privacy Policy here.