Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Zero-day Vulnerability Under Active Exploitation in Apache Struts2 Patched
Description: Cisco's Talos Group specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers continuously evolve their techniques. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk/webinar, we will perform deep analysis of recent threats Talos has observed over the past quarter and see how Talos leverages large datasets to deliver product improvements and mitigation strategies.
Description: Malware seems to be the Swiss Army knife in an attacker’s toolkit; some threats like ransomware target the users data. Others, such as banking trojans seek to exfiltrate sensitive data. Join our live webinar lead by Talos Threat Researcher Edmund Brumaghin as he covers the recent evolutions in malware and offers a detailed analysis of one of the newest banking Trojans, Floki Bot.
Description: Apache has release a security advisory and software update to address CVE-2017-5638, a zero-day vulnerability in Struts2. CVE-2017-5638 is a remote command execution bug that manifests in the Jakarta Multipart parser of Apache Struts2. Exploitation of this flaw could allow a remote, unauthenticated attacker to execute arbitrary commands on the targeted system, typically with root privileges. Researchers have noted that there are active attempts to exploit this flaw. Administrators should consider updating systems as soon as possible.
Description: Microsoft has released their monthly set of security bulletins for March 2017. This month's release contains 17 bulletins covering 140 different vulnerabilities, 47 of which are rated as critical. The critical vulnerabilities affect Internet Explorer, Edge, Hyper-V, Windows PDF Library, Microsoft SMB Server, Uniscribe, Microsoft Graphics Component, Adobe Flash Player and Microsoft Windows. 92 vulnerabilities are rated as important, additionally affecting Active Directory Federation Services, DirectShow, Internet Information Services, Microsoft Exchange Server, Microsoft Office, Microsoft XML Core Services, Windows DVD Maker, Windows Kernel, Windows Kernel-Mode Drivers.
Description: Adobe has released security bulletins for Flash and Shockwave Player. In total, eight vulnerabilities were patched with seven of those affecting Flash alone. Of the seven flaws that were patched, six of them could lead to remote code execution if exploited while the seventh could lead to information disclosure. The single flaw in Shockwave that was patched is a privilege escalation flaw. Users who do not already have Flash Player set to "click-to-play" are advised to patch immediately. Reference: - https://helpx.adobe.com/security/products/flash-player/apsb17-07.html - https://helpx.adobe.com/security/products/shockwave/apsb17-08.html
Description: SAP has released 25 new security notes for its March Patch Day addressing flaws in various supported products. The most severe vulnerability is #2424173, an unauthenticated privilege escalation vulnerability that manifests in the password change and reset functionality. Exploiting this flaw could allow an attacker to impersonate users and gain full control of the affected systems. Other flaws that were addressed include denial-of-service bugs, cross-site scripting flaws, SQL injection vulnerabilities, and memory corruption vulnerabilities. Reference: - https://blogs.sap.com/2017/03/14/sap-security-patch-day-march-2017/ - https://www.onapsis.com/blog/sap-security-notes-march-2017-onapsis-helps-secure-critical-bugs-sap-hana
Description: WordPress has released a new version of its blog platform software to address various security and maintenance issues. Version 4.7.3 addresses six security issues such as three cross-site scripting flaws, a cross-site request forgery flaw, a URL redirection bug, and a logic bug in handling file deletion with respect to plugin deletion. Site administrators are advised to update their WordPress sites as soon as possible.
How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff
Attacking Nexus 9 with Malicious Headphones https://alephsecurity.com/2017/03/08/nexus9-fiq-debugger/
Password Rules Are Bulls**t https://blog.codinghorror.com/password-rules-are-bullshit/
Github Enterprise SAML authentication bypass write-up http://www.economyofmechanism.com/github-saml
Using the Registry to Discover Unix Systems and Jump Boxes https://www.fireeye.com/blog/threat-research/2017/03/usingtheregistryt.html
Talos Blog: R - PDF LoadEncoding Code Execution Vulnerability http://blog.talosintelligence.com/2017/03/r-pdf-vuln.html