Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Microsoft Releases Monthly Security Updates for July 2017
Description: This presentation will show how APT actors are evolving and how the reconnaissance phase is changing to protect their valuable 0-day exploit or malware frameworks. This talk will mainly focus on the usage of Office documents and watering hole attacks designed to establish if the target is the intended one (we will mention campaigns against political or military organizations). The techniques and the obfuscation put in place by these actors will be described in detail (techniques based on Macro, JavaScript, PowerShell, Flash or Python). At the end of the presentation, we will show different mitigations to help attendees protect their users.
Description: The threat landscape is constantly evolving. As new methods and solutions for combating cyber threats are developed, threat actors will continue to evolve their tactics, techniques, and procedures. This is one of the many reasons that solid threat intelligence is such an essential part of a sound cyber security strategy. There are constantly new threats being faced by organizations globally across virtually every industry. This presentation will provide an overview of the threat landscape, a description of the common types of attacks that are used to compromise organizations, as well as a discussion of the potential impact these attacks can have on business operations. Ransomware, exploit kits, and malicious/phishing email campaigns will be discussed with specific examples provided in an attempt to provide an inside look at what is currently occurring within the threat landscape.
Description: Microsoft has release their monthly set of security updates for July 2017. This month's release addresses 54 vulnerabilities with 19 of them rated critical, 32 rated important, and 3 rated moderate. Impacted products include Edge, .NET Framework, Internet Explorer, Office, and Windows.
Description: Researchers publish details of vulnerability in Libgcrypt that results in the break of RSA-1024 bit keys.
Description: Talos has disclosed a memory corruption vulnerability in Iceni Infix PDF editor.
The MeDoc Connection
http://blog.talosintelligence.com/2017/07/the-medoc-connection.html
The Clever Phishing Trick Used by Hackers Targeting the US Energy Sector
https://www.bleepingcomputer.com/news/security/the-clever-phishing-trick-used-by-hackers-targeting-the-us-energy-sector/
Decryption Key to Original Petya Ransomware Released
https://threatpost.com/decryption-key-to-original-petya-ransomware-released/126705/