Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Android Releases Monthly Security Bulletin for June 2017
###Event: Talos - Cisco’s Key Into Understanding the Evolving Threat Landscape @ Cisco Security Week (Raleigh, NC)
####Date: 2017-06-07 - 2017-06-08
####Speaker: Alex Chiu, Threat Researcher
Synopsis: People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers continuously evolve their techniques. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk, we will perform deep analysis of recent threats Talos has observed over the past quarter and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. ####Reference: http://www.cisco.com/c/m/digital/usc/securityweek/index.html
###Event: Talos - Cisco’s Key Into Understanding the Evolving Threat Landscape @ Cisco Security Week (Detroit, MI)
####Date: 2017-06-21 - 2017-06-22
####Speaker: Nick Biasini, Threat Researcher
Synopsis: People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers continuously evolve their techniques. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk, we will perform deep analysis of recent threats Talos has observed over the past quarter and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. ####Reference: http://www.cisco.com/c/m/digital/usc/securityweek/index.html
###Event: Talos Insights: The State of Cyber Security @ Cisco Live US 2017 (Las Vegas, NV)
####Date: 2017-06-29
####Speaker: Craig Williams, Global Outreach Manager
Synopsis: Cisco’s Talos Group specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers continuously evolve their techniques. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk, we will perform deep analysis of recent threats Talos has observed over the past quarter and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. ####Reference: https://www.ciscolive.com/us/learn/sessions/session-catalog/?search=BRKSEC-2010
###Event: Modern Reconnaissance Phase by APTs @ Shakacon IX (Honolulu, HI)
####Date: 2017-07-10 - 2017-07-13
####Speaker: Paul Rascagneres, Threat Researcher
Synopsis: This presentation will show how APT actors are evolving and how the reconnaissance phase is changing to protect their valuable 0-day exploit or malware frameworks. This talk will mainly focus on the usage of Office documents and watering hole attacks designed to establish if the target is the intended one (we will mention campaigns against political or military organizations). The techniques and the obfuscation put in place by these actors will be described in detail (techniques based on Macro, JavaScript, PowerShell, Flash or Python). At the end of the presentation, we will show different mitigations to help attendees protect their users. ####Reference: https://www.shakacon.org/modern-reconnaissance-phase-on-apt-protection-layer-by-paul-rascagneres/
###Title: Android Releases Monthly Security Bulletin for June 2017
Description: Android has released its monthly security bulletin for June 2017 disclosing various vulnerabilities that have been identified as part of the mobile OS. This month’s release addresses 48 newly identified vulnerabilities. The most critical flaw disclosed this month is in “Media Framework that could enable a remote attacker using a specially crafted file to cause memory corruption during media file and data processing.” These updates have been released for Google Nexus and Pixel devices.
####Reference: https://source.android.com/security/bulletin/2017-06-01
####Snort SID: Detection pending release of vulnerability information
The Journey to Hijacking a Country’s TLD – The Hidden Risks of Domain Extensions
https://thehackerblog.com/the-journey-to-hijacking-a-countrys-tld-the-hidden-risks-of-domain-extensions/index.html
Announcing Google Capture the Flag 2017
https://security.googleblog.com/2017/06/announcing-google-capture-flag-2017.html
An Elegant Way To Ruin Your Company’s Day - Introduction to PUblic AWS EBS Snapshots
https://www.nvteh.com/news/problems-with-public-ebs-snapshots
MS17-010: EternalBlue’s Large Non-Paged Pool Overflow in SRV Driver
http://blog.trendmicro.com/trendlabs-security-intelligence/ms17-010-eternalblue/
OneLogin: Breach Exposed Ability to Decrypt Data
https://krebsonsecurity.com/2017/06/onelogin-breach-exposed-ability-to-decrypt-data/
- SHA 256: bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f
- MD5: 2dbf779808d2ec3f5121891be9f4b1cf
- VirusTotal: https://www.virustotal.com/file/bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f/analysis/#additional-info
- Typical Filename: helperamc
- Claimed Product: Advanced Mac Cleaner
- Detection Name: OSX.Variant:AMCZ.19if.1201
- SHA 256: 400f3891dc7445a9fe1214ec979e92b780f0488ef65f6be02bfd05d4ef0358f1
- MD5: d0e9d4554a8b46b956c5a873a2501292
- VirusTotal: https://www.virustotal.com/file/400f3891dc7445a9fe1214ec979e92b780f0488ef65f6be02bfd05d4ef0358f1/analysis/#additional-info
- Typical Filename: windljiv.exe
- Claimed Product: (none)
- Detection Name: W32.Malware:Asprox.20gn.1201
- SHA 256: 81d8fdfd8b6f390a8e756cfc055751392125d73e618fc69d185975382e2e7735
- MD5: a68663f8ef0a597c73d72890c66123b3
- VirusTotal: https://www.virustotal.com/file/81d8fdfd8b6f390a8e756cfc055751392125d73e618fc69d185975382e2e7735/analysis/#additional-info
- Typical Filename: com.android.appkeyguard-1.apk
- Claimed Product: (unknown)
- Detection Name: APK.81D8FDFD8B.agent.tht.Talos
- SHA 256: f2c08d33630a739d16bedeea4c62539f878d64b00811e8909f98afee3a28a533
- MD5: 65c83591b87db94138d9fd257d55663a
- VirusTotal: https://www.virustotal.com/file/f2c08d33630a739d16bedeea4c62539f878d64b00811e8909f98afee3a28a533/analysis/#additional-info
- Typical Filename: Original BL and Packing List.xls
- Claimed Product: N/A
- Detection Name: W32.F2C08D3363-100.SBX.TG
- SHA 256: e8f80d0b97ecb8ccb06741e99e04eb5c843c0d76c6ba40047b917033f0510386
- MD5: 68047ef39c0958335c5ae9c5148c044a
- VirusTotal: https://www.virustotal.com/file/e8f80d0b97ecb8ccb06741e99e04eb5c843c0d76c6ba40047b917033f0510386/analysis/#additional-info
- Typical Filename: mfon.zip
- Claimed Product: Mac File Opener
- Detection Name: Auto.E8F80D.201552.in02
####TOP SPAM SUBJECTS OBSERVED
####MOST FREQUENTLY USED ASNs FOR SENDING SPAM