Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
"Stack Clash" Vulnerability Disclosed, Affecting Linux, BSD, and Solaris based Systems
Synopsis: Cisco's Talos Group specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers continuously evolve their techniques. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk, we will perform deep analysis of recent threats Talos has observed over the past quarter and see how Talos leverages large datasets to deliver product improvements and mitigation strategies.
Description: Researchers at Qualys have identified a vulnerability in way Linux, BSD, and Solaris based systems manage memory that could allow attackers to corrupt memory and elevate their privileges. Dubbed "Stack Clash", this series of vulnerabilities exploit system mismanagement of stack space and heap space where one could overlap the other, even with stack guard-page protection. Qualys notes that while their research has primarily focused on local exploitation, remote exploitation cannot be ruled out. Software updates that address these flaws in Linux, BSD, and Solaris based systems are available.
Description: Researchers at Senrio have identified and responsibly disclosed an arbitrary code execution vulnerability in TP-Link WN841N V8 routers. CVE-2017-9466 manifests as a logic flaw in the router that could allow an attacker to reset a router's credentials where upon successfully resetting then, an attacker could then login and exploit a stack overflow vulnerability in the configuration services. Senrio notes that while TP-Link discontinued this router model, TP-Link did agree to develop an update that would remove the vulnerable service from the firmware. As a result, a software update that addresses this vulnerability is available.
Analysis of the Shadow Brokers release and mitigation with Windows 10 virtualization-based security
Bug Hunting: Drilling Into the Internet of Things (IoT)
Say Goodbye to SMBv1 in Windows Fall Creators Update
Reckless Exploit: Mexican Journalists, Lawyers, and a Child Targeted with NSO Spyware
DEFCON CTF Quals 2017 - Divided Writeup (Pwntools support for Windows)
How I Stole Your Siacoin