Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Microsoft Released Security Updates for November 2017
Synopsis: Email threats have always been a major part of the threat landscape. As the use of exploit kits and other malware distribution techniques have decreased, malicious spam campaigns play an even greater role in the distribution of malware to organizations around the globe. Enter Necurs. Over the past couple of years, Necurs has singlehandedly transformed the email threat landscape and continues to innovate with regards to the distribution of malware downloaders. This talk will take a deep dive on the botnet itself and the ways in which C2 is handled. This includes analysis of some of the major spam campaigns for which it has been responsible. Additionally, we will discuss details of the C2 infrastructure and DGA capabilities we’ve observed over the last several months. We will also cover the modular nature of the Necurs malware itself, and how this multi-faceted threat is capable of generating revenue and damaging organizations without sending a single email.
Description: Microsoft has released its monthly set of security updates to address vulnerabilities that have been identified in Windows, Office, and other supported software. This month's release addresses 53 new vulnerabilities with 19 of them rated critical, 31 of them rated important and 3 of them rated moderate. These vulnerabilities impact Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, and more.
Description: Adobe has released security updates for Flash Player, Shockwave Player, Acrobat, Reader, Photoshop, and more. This month's Flash Player update address five critical vulnerabilities that could be exploited by an attacker to achieve remote code execution. The Acrobat and Reader security update addressed 62 vulnerabilities with the vast majority of them being critical arbitrary code execution vulnerabilities.
Guidance on Mitigating Microsoft Office DDE Attacks
A penetration tester’s guide to sub-domain enumeration
2017 ACM Conference on Computer and Communications Security - Accepted Papers
Apple iPhone X Face ID Fooled by a Mask