• Cisco Login
  • Software
  • Vulnerability Information
    • Vulnerability Information

    • Vulnerability Reports
    • Microsoft Advisories
  • Reputation Center
    • Reputation Center

    • IP & Domain Reputation
    • Talos File Reputation
    • Reputation Support
    • AMP Threat Naming Conventions
    • AWBO Exercises
    • Intelligence Categories
  • Library
  • Support
    • Support

    • Reputation Center Support
    • Snort Community
    • ClamAV Community
    • SpamCop
  • Incident Response
  • Careers
  • Blog
  • Podcasts
    • Podcasts

    • Beers with Talos
    • Talos Takes
  • About
  • Cisco Login

Talos Threat Source Newsletters

Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.

July 11, 2017


TOP VULNERABILITY THIS WEEK:

Microsoft Releases Monthly Security Updates for July 2017


UPCOMING PUBLIC ENGAGEMENTS WITH TALOS


###Event: Modern Reconnaissance Phase by APTs @ Shakacon IX (Honolulu, HI) ####Date: 2017-07-10 - 2017-07-13 ####Speaker: Paul Rascagneres, Threat Researcher Description: This presentation will show how APT actors are evolving and how the reconnaissance phase is changing to protect their valuable 0-day exploit or malware frameworks. This talk will mainly focus on the usage of Office documents and watering hole attacks designed to establish if the target is the intended one (we will mention campaigns against political or military organizations). The techniques and the obfuscation put in place by these actors will be described in detail (techniques based on Macro, JavaScript, PowerShell, Flash or Python). At the end of the presentation, we will show different mitigations to help attendees protect their users.


###Event: NIRMA 2017 Conference ####Date: 2017-08-06 - 2017-08-09 ####Speaker: Edmund Brumaghin Description: The threat landscape is constantly evolving. As new methods and solutions for combating cyber threats are developed, threat actors will continue to evolve their tactics, techniques, and procedures. This is one of the many reasons that solid threat intelligence is such an essential part of a sound cyber security strategy. There are constantly new threats being faced by organizations globally across virtually every industry. This presentation will provide an overview of the threat landscape, a description of the common types of attacks that are used to compromise organizations, as well as a discussion of the potential impact these attacks can have on business operations. Ransomware, exploit kits, and malicious/phishing email campaigns will be discussed with specific examples provided in an attempt to provide an inside look at what is currently occurring within the threat landscape. ####Reference: https://www.nirma.org/wp-content/uploads/2017/07/2017-NIRMA-Schedule.pdf


NOTABLE RECENT SECURITY ISSUES


###Title: Microsoft Releases Monthly Security Updates for July 2017 Description: Microsoft has release their monthly set of security updates for July 2017. This month’s release addresses 54 vulnerabilities with 19 of them rated critical, 32 rated important, and 3 rated moderate. Impacted products include Edge, .NET Framework, Internet Explorer, Office, and Windows. ####Reference: https://portal.msrc.microsoft.com/en-us/security-guidance ####Snort SID: 42753, 42755-42756, 43460-43463, 43465-43466, 43469-43474, 43490-43493, 43521-43522 ####ClamAV: N/A


###Title: Sliding right into disaster: Left-to-right sliding windows leak Description: Researchers publish details of vulnerability in Libgcrypt that results in the break of RSA-1024 bit keys. ####Reference: https://eprint.iacr.org/2017/627.pdf ####Snort SID: N/A ####ClamAV: N/A


###Title: Talos Discloses Iceni Infix PDF Editor Memory Corruption Description: Talos has disclosed a memory corruption vulnerability in Iceni Infix PDF editor. ####Reference: http://blog.talosintelligence.com/2017/07/iceni-infix-pdf.html ####Snort SID: 43212-43213 ####ClamAV: N/A


INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

The MeDoc Connection
http://blog.talosintelligence.com/2017/07/the-medoc-connection.html

The Clever Phishing Trick Used by Hackers Targeting the US Energy Sector
https://www.bleepingcomputer.com/news/security/the-clever-phishing-trick-used-by-hackers-targeting-the-us-energy-sector/

Decryption Key to Original Petya Ransomware Released
https://threatpost.com/decryption-key-to-original-petya-ransomware-released/126705/


MOST PREVALENT MALWARE FILES 7/05/2017 - 7/11/2017:


- SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
- MD5: e2ea315d9a83e7577053f52c974f6a5a
- VirusTotal: https://virustotal.com/en/file/C3E530CC005583B47322B6649DDC0DAB1B64BCF22B124A492606763C52FB048F/analysis/
- Typical Filename: tempmf582901854.exe
- Claimed Product: N/A
- Detection Name: W32.C3E530CC00-95.SBX.TG


- SHA 256: e5a874a0282f2952db3300e9c09d77063cab7b2c408a05321d82994b56cfa0e9
- MD5: b004ff361b22d4dd4734c6acee088356
- VirusTotal: https://virustotal.com/en/file/E5A874A0282F2952DB3300E9C09D77063CAB7B2C408A05321D82994B56CFA0E9/analysis/
- Typical Filename: MailRuUpdater.exe
- Claimed Product: MailRuUpdater
- Detection Name: W32.E5A874A028-95.SBX.TG


- SHA 256: 981528cbeafd245f003c838e0db3fb55d755b447631b0472fd2c164de72dcaee
- MD5: c3f2bdec751c91036a982bd5aaff3327
- VirusTotal: https://virustotal.com/en/file/981528CBEAFD245F003C838E0DB3FB55D755B447631B0472FD2C164DE72DCAEE/analysis/
- Typical Filename: lsmo.exe
- Claimed Product: N/A
- Detection Name: W32.981528CBEA-95.SBX.TG


- SHA 256: b98d862e2ff6d0fd9185548b3becb5032720531b066afc41e7e57764a6b58583
- MD5: fd20a8d69dba9ead569e32979f26c8b9
- VirusTotal: https://virustotal.com/en/file/B98D862E2FF6D0FD9185548B3BECB5032720531B066AFC41E7E57764A6B58583/analysis/
- Typical Filename: Mpeg.exe
- Claimed Product: N/A
- Detection Name: W32.Generic:Gen.20hq.1201


- SHA 256: 119e578472a931294eebc26d0b7c45cf32f6ba20456b8139a458283c55d71b0e
- MD5: 7ac49e8aad3c5fc0efb472b4505186ba
- VirusTotal: https://virustotal.com/en/file/119E578472A931294EEBC26D0B7C45CF32F6BA20456B8139A458283C55D71B0E/analysis/
- Typical Filename: CompAttr.exe
- Claimed Product: N/A
- Detection Name: W32.119E578472-95.SBX.TG


Most Recent 25 Newsletters
Newsletter Archives

For more, click here...

      • Software
      • Reputation Center
      • Vulnerability Information
      • Microsoft Advisory Snort Rules
      • Incident Response
      • AMP Naming Conventions
      • Talos File Reputation
      • AWBO Exercises
      • Library
      • Support Communities
      • About
      • Careers
      • Blog
      • Threat Source Newsletter
      • Beers with Talos Podcast
      • Talos Takes Podcast
Connect With Us
  • Follow us on Twitter
  • Watch our informational videos on YouTube
  • Connect with us on LinkedIn
Cisco

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. View our Privacy Policy here.