Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
OpenSSL Releases Security Advisory For High-severity Denial of Service Flaw
Description: Cyberthreats will never disappear. Adversaries are only getting smarter and more adept at evading security measures. The security experts at Talos invite you to their quarterly threat briefing, where they will share their insights into recent attacks that exemplify the latest trends within the security industry. By discussing these new and emerging threats, the Talos team will help you understand new protection strategies and build better defenses.
Description: Cisco's Talos Group specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers continuously evolve their techniques. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk/webinar, we will perform deep analysis of recent threats Talos has observed over the past quarter and see how Talos leverages large datasets to deliver product improvements and mitigation strategies.
E###vent: Driving Attacker Innovation: A Tale of Three Ransomware Variants
Description: Ransomware has become a constant threat to users. Innovation is the key to staying ahead of threat defenders and earning the most money. During this talk I will examine how three separate ransomware variants (TeslaCrypt, Cryptowall, & Locky) have demonstrated totally different innovation paths with varying results. TeslaCrypt demonstrates a failed attempt at innovation that could not overcome the constant examination by threat defenders. Cryptowall evolved from a simple phishing attack into an advanced piece of malware delivered by exploit kits earning millions of dollars annually. Finally Locky has evolved into a significant spam based email threat driven by an affiliate model that has enabled the ransomware authors to separate themselves from the actual malware distribution.
Description: OpenSSL has released a security advisory in response to CVE-2017-3733, a denial of service vulnerability that was privately disclosed to the OpenSSL Software Foundation. CVE-2017-3733 manifests "if the Encrypt-Then-Mac extension is negotiated" during the re-negotiation handshake when "it was not in the original handshake" of a SSL/TLS connection (or vice-versa). Exploiting this could cause both clients and servers to crash. OpenSSL has released a software update for the 1.1.0 branch to addressed this vulnerability. CVE-2017-3733 does not affect OpenSSL 1.0.2.
Investigating Off-Premise Wireless Behaviour (or, "I Know What You Connected To")
Google Discloses Unpatched Microsoft Vulnerability
https://threatpost.com/google-discloses-unpatched-microsoft-vulnerability/123812/
Google Project Zero: Attacking the Windows NVIDIA Driver
https://googleprojectzero.blogspot.com/2017/02/attacking-windows-nvidia-driver.html
Penetration Testing Tools Cheat Sheet
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
Flipping Bits and Opening Doors: Reverse Engineering the Linear Wireless Security DX Protocol
https://duo.com/blog/flipping-bits-and-opening-doors-reverse-engineering-the-linear-wireless-security-dx-protocol
Talos Vulnerability Spotlight: Multiple Vulnerabilities in the Aerospike NoSQL Database Server
http://blog.talosintelligence.com/2017/02/Aerospike-Vulnerabilities.html
Detection Name: OSX.Variant:AMCZ.19if.1201
SHA 256: 64db0882534bfb82a05dd831b98694b2e175e10aa4a52167310c43ad65afa515
Detection Name: W32.Auto.64db08.201556.in01
SHA 256: e8f80d0b97ecb8ccb06741e99e04eb5c843c0d76c6ba40047b917033f0510386
Detection Name: W32.Trojan.NM
SHA 256: 1e62a41983d37f983100a9e9e2a5d4a89bd319f186f1a4d5d3ee35dea4de3f3c
Detection Name: W32.Auto.1e62a4.201551.in01
SHA 256: aa44a8dd4563c03ac65650622cb3af81f52e8ea2e1df663f68e0061b8bcac3ce