Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
OpenSSL Releases Security Advisory For High-severity Denial of Service Flaw
###Event: Talos Winter Security Threat Briefing (Free Webinar)
####Date: 2017-02-28 13:00 ET (10:00 PT)
####Speaker: Earl Carter, Technical Leader
Description: Cyberthreats will never disappear. Adversaries are only getting smarter and more adept at evading security measures. The security experts at Talos invite you to their quarterly threat briefing, where they will share their insights into recent attacks that exemplify the latest trends within the security industry. By discussing these new and emerging threats, the Talos team will help you understand new protection strategies and build better defenses.
####Reference: https://security-mktg.cisco.com/CiscoSecurityWebinarSeries/Social?webinar=ME5484A1
###Event: Emerging Threats: The State of Cybersecurity @ Cisco Live Melbourne 2017 (Melbourne, Australia)
####Date: 2017-03-07 - 2017-03-10
####Speaker: Earl Carter, Technical Leader
Description: Cisco’s Talos Group specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers continuously evolve their techniques. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk/webinar, we will perform deep analysis of recent threats Talos has observed over the past quarter and see how Talos leverages large datasets to deliver product improvements and mitigation strategies.
####Reference: http://www.ciscolive.com/anz/
E###vent: Driving Attacker Innovation: A Tale of Three Ransomware Variants
####Date: 2017-03-14
####Speaker: Earl Carter, Technical Leader
Description: Ransomware has become a constant threat to users. Innovation is the key to staying ahead of threat defenders and earning the most money. During this talk I will examine how three separate ransomware variants (TeslaCrypt, Cryptowall, & Locky) have demonstrated totally different innovation paths with varying results. TeslaCrypt demonstrates a failed attempt at innovation that could not overcome the constant examination by threat defenders. Cryptowall evolved from a simple phishing attack into an advanced piece of malware delivered by exploit kits earning millions of dollars annually. Finally Locky has evolved into a significant spam based email threat driven by an affiliate model that has enabled the ransomware authors to separate themselves from the actual malware distribution.
####Reference: http://acsc2017.com.au/
####SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
###Title: OpenSSL Releases Security Advisory For High-severity Denial of Service Flaw
Description: OpenSSL has released a security advisory in response to CVE-2017-3733, a denial of service vulnerability that was privately disclosed to the OpenSSL Software Foundation. CVE-2017-3733 manifests “if the Encrypt-Then-Mac extension is negotiated” during the re-negotiation handshake when “it was not in the original handshake” of a SSL/TLS connection (or vice-versa). Exploiting this could cause both clients and servers to crash. OpenSSL has released a software update for the 1.1.0 branch to addressed this vulnerability. CVE-2017-3733 does not affect OpenSSL 1.0.2.
####Reference: https://www.openssl.org/news/secadv/20170216.txt
Investigating Off-Premise Wireless Behaviour (or, “I Know What You Connected To”)
https://isc.sans.edu/diary/22089
Google Discloses Unpatched Microsoft Vulnerability
https://threatpost.com/google-discloses-unpatched-microsoft-vulnerability/123812/
Google Project Zero: Attacking the Windows NVIDIA Driver
https://googleprojectzero.blogspot.com/2017/02/attacking-windows-nvidia-driver.html
Penetration Testing Tools Cheat Sheet
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
Flipping Bits and Opening Doors: Reverse Engineering the Linear Wireless Security DX Protocol
https://duo.com/blog/flipping-bits-and-opening-doors-reverse-engineering-the-linear-wireless-security-dx-protocol
Talos Vulnerability Spotlight: Multiple Vulnerabilities in the Aerospike NoSQL Database Server
http://blog.talosintelligence.com/2017/02/Aerospike-Vulnerabilities.html
####COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
- SHA 256: bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f
- MD5: 2dbf779808d2ec3f5121891be9f4b1cf
- VirusTotal: https://www.virustotal.com/file/bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f/analysis/#additional-info
- Typical Filename: helperamc
- Claimed Product: Advanced Mac Cleaner
- Detection Name: OSX.Variant:AMCZ.19if.1201
Detection Name: W32.Auto.64db08.201556.in01
Detection Name: W32.Trojan.NM
Detection Name: W32.Auto.1e62a4.201551.in01
####TOP SPAM SUBJECTS OBSERVED
“RE: Dear Valid User,”
####MOST FREQUENTLY USED ASNs FOR SENDING SPAM