Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Microsoft Releases Monthly Security Updates for June 2017
Synopsis: People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers continuously evolve their techniques. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk, we will perform deep analysis of recent threats Talos has observed over the past quarter and see how Talos leverages large datasets to deliver product improvements and mitigation strategies.
Synopsis: Cisco's Talos Group specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers continuously evolve their techniques. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk, we will perform deep analysis of recent threats Talos has observed over the past quarter and see how Talos leverages large datasets to deliver product improvements and mitigation strategies.
Synopsis: This presentation will show how APT actors are evolving and how the reconnaissance phase is changing to protect their valuable 0-day exploit or malware frameworks. This talk will mainly focus on the usage of Office documents and watering hole attacks designed to establish if the target is the intended one (we will mention campaigns against political or military organizations). The techniques and the obfuscation put in place by these actors will be described in detail (techniques based on Macro, JavaScript, PowerShell, Flash or Python). At the end of the presentation, we will show different mitigations to help attendees protect their users.
Description: Microsoft has released its monthly set of security updates designed to address vulnerabilities that have been identified in various products. This month's release resolves 92 vulnerabilities with 17 of them rated critical and 75 rated important. Impacted products include Edge, Internet Explorer, Office, Sharepoint, Skype for Business, Lync, and Windows.
Description: Adobe has released a security updates for Flash Player, Shockwave Player, Captivate, and Digital Editions. The security updates for Flash Player and Shockwave Player collectively address 10 vulnerabilities with four of them being use-after-free vulnerabilities and six being memory corruption vulnerabilities. All 10 vulnerabilities, if exploited, could lead to remote code execution.
Description: Cisco has released a security advisory for CVE-2017-6639, an arbitrary code execution vulnerability in Prime Data Center Network Manager. CVE-2017-6639 manifests in the role-based access control functionality of Cisco Prime Data Center Network Manager and "is due to the lack of authentication and authorization mechanisms for a debugging tool" inadvertently enabled. Cisco has released a software update addressing this vulnerability.
PLATINUM continues to evolve, find ways to maintain invisibility
https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/
Following the Money Hobbled vDOS Attack-for-Hire Service
https://krebsonsecurity.com/2017/06/following-the-money-hobbled-vdos-attack-for-hire-service/
Making the Internet safer and faster: Introducing reCAPTCHA Android API
https://security.googleblog.com/2017/06/making-internet-safer-and-faster.html
MacSpy: OS X RAT as a Service
https://www.alienvault.com/blogs/labs-research/macspy-os-x-rat-as-a-service
Pwn2Own: Safari sandbox part 1 – Mount yourself a root shell
https://phoenhex.re/2017-06-09/pwn2own-diskarbitrationd-privesc