Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Siemens Patches Critical Intel AMT Flaw in Industrial Products
###Event: Modern Reconnaissance Phase by APTs @ Shakacon IX (Honolulu, HI)
####Date: 2017-07-10 - 2017-07-13
####Speaker: Paul Rascagneres, Threat Researcher
Description: This presentation will show how APT actors are evolving and how the reconnaissance phase is changing to protect their valuable 0-day exploit or malware frameworks. This talk will mainly focus on the usage of Office documents and watering hole attacks designed to establish if the target is the intended one (we will mention campaigns against political or military organizations). The techniques and the obfuscation put in place by these actors will be described in detail (techniques based on Macro, JavaScript, PowerShell, Flash or Python). At the end of the presentation, we will show different mitigations to help attendees protect their users.
###Event: NIRMA 2017 Conference
####Date: 2017-08-06 - 2017-08-09
####Speaker: Edmund Brumaghin
Description: The threat landscape is constantly evolving. As new methods and solutions for combating cyber threats are developed, threat actors will continue to evolve their tactics, techniques, and procedures. This is one of the many reasons that solid threat intelligence is such an essential part of a sound cyber security strategy. There are constantly new threats being faced by organizations globally across virtually every industry. This presentation will provide an overview of the threat landscape, a description of the common types of attacks that are used to compromise organizations, as well as a discussion of the potential impact these attacks can have on business operations. Ransomware, exploit kits, and malicious/phishing email campaigns will be discussed with specific examples provided in an attempt to provide an inside look at what is currently occurring within the threat landscape.
####Reference: https://www.nirma.org/wp-content/uploads/2017/07/2017-NIRMA-Schedule.pdf
###Event: XXX
####Date: XXX
####Speaker: XXX
Description: XXX
####Reference: XXX
###Title: Siemens Patches Critical Intel AMT Flaw in Industrial Products
Description: Siemens has released patches to address two critical vulnerabilities one of which is tied closely to the recently disclosed Intel Active Managment Technology vulnerability.
####Reference: https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf
####Snort SID: 42490-42492, 42805
####ClamAV: N/A
###Title: Talos Discloses Vulnerabilities in Dell Precision Optimizer and Invincea
Description: Talos has disclosed several vulnerabilies in the Dell Precision Optimizer application service software, Invincea-X, and Invincea Dell Protected Workspace.
####Reference: http://blog.talosintelligence.com/2017/06/vulnerability-spotlight-dell-precision.html
####Snort SID: 41306 - 41309, 41312 - 41313
####ClamAV: N/A
###Title: Avaya Patches Remote Code Execution Vulnerability in Aura Platform
Description: Avaya has patched a remote code execution vulnerability in the Aura platform that could put phone call and API data at risk for interception.
####Reference: https://downloads.avaya.com/css/P8/documents/101040351
####Snort SID: N/A
####ClamAV: N/A
In ExPetr/Petya’s shadow, FakeCry ransomware wave hits Ukraine
https://securelist.com/in-expetrpetyas-shadow-fakecry-ransomware-wave-hits-ukraine/78973/
Fourth Largest Cryptocurrency Exchange Was Hacked. Users Lose Ethereum & Bitcoin
https://www.bleepingcomputer.com/news/security/fourth-largest-cryptocurrency-exchange-was-hacked-users-lose-ethereum-and-bitcoin/
Police seize servers of Ukrainian software firm after cyber attack
https://www.reuters.com/article/us-cyber-attack-ukraine-police-idUSKBN19P1YF
- SHA 256: B0B052F2BAA8666EB3C9ACBBCB099A5EF721CD5F0B6893CD9EE8CB45196C50C0
- MD5: a98fcc5f766c2c5b481e8b0039fc678a
- VirusTotal: https://virustotal.com/en/file/B0B052F2BAA8666EB3C9ACBBCB099A5EF721CD5F0B6893CD9EE8CB45196C50C0/analysis/
- Typical Filename: invoice_
- **Claimed Product**: N/A
- **Detection Name**: W32.B0B052F2BA-100.SBX.TG
- SHA 256: F512EA74F68A9972A7BFF44AC0AD5F1B6689DB18A735547068A87EAD23DFD3A5
- MD5: 619050eddfec812914b74465440f4ef0
- VirusTotal: https://virustotal.com/en/file/F512EA74F68A9972A7BFF44AC0AD5F1B6689DB18A735547068A87EAD23DFD3A5/analysis/
- Typical Filename: 1.doc
- Claimed Product: N/A
- Detection Name: W32.F512EA74F6-100.SBX.TG
- SHA 256: C21E583881B7EDF2AF572232F8F4732E422FA39BF1DCDEE80D8CD2680A642563
- MD5: 60e296ef7f03e60466736baa28ac511b
- VirusTotal: https://virustotal.com/en/file/C21E583881B7EDF2AF572232F8F4732E422FA39BF1DCDEE80D8CD2680A642563/analysis/
- Typical Filename: quartz-2.1.5.jar
- Claimed Product: N/A
- Detection Name: JAR.C21E583881.malicious.tht.Talos
- SHA 256: 8100A53B101C9A51AFD4C3EAA87F41EE95BEB6280F3B71EB6B5F8A6946CC0D4C
- MD5: e2adbb633978703d346c137e367dea3e
- VirusTotal: https://virustotal.com/en/file/8100A53B101C9A51AFD4C3EAA87F41EE95BEB6280F3B71EB6B5F8A6946CC0D4C/analysis/
- Typical Filename: TBNotifier.exe
- Claimed Product: Ask TBNotifier
- Detection Name: W32.8100A53B10-100.SBX.VIOC