• Cisco Login
  • Software
  • Vulnerability Information
    • Vulnerability Information

    • Vulnerability Reports
    • Microsoft Advisories
  • Reputation Center
    • Reputation Center

    • IP & Domain Reputation
    • Talos File Reputation
    • Reputation Support
    • AMP Threat Naming Conventions
    • AWBO Exercises
    • Intelligence Categories
  • Library
  • Support
    • Support

    • Reputation Center Support
    • Snort Community
    • ClamAV Community
    • SpamCop
  • Incident Response
  • Careers
  • Blog
  • Podcasts
    • Podcasts

    • Beers with Talos
    • Talos Takes
  • About
  • Cisco Login

Talos Threat Source Newsletters

Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.

December 12, 2017


TOP VULNERABILITY THIS WEEK:

Microsoft Releases Security Advisories for December 2017


UPCOMING PUBLIC ENGAGEMENTS WITH TALOS


###Event: [BRKSEC-2010] Talos Insights: The State of Cyber Security @ Cisco Live Barcelona ####Date: 2018-01-29 - 2018-02-02 ####Speaker: Warren Mercer, Technical Leader

Synopsis: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. ####Reference: https://www.ciscolive.com/emea/learn/sessions/content-catalog/?search=BRKSEC-2010


NOTABLE RECENT SECURITY ISSUES


###Title: Microsoft Releases Security Advisories for December 2017 Description: Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified in currently supported products. This month’s release sees a total of 32 vulnerabilities patched with 19 vulnerabilities rated “critical” and 13 rated “important.” This month’s release also sees the release of a security advisory aimed at reducing the attack surface in Office by disabling DDE. ####Reference: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/c383fa60-b852-e711-80dd-000d3a32f9b6 ####Snort SID: 37283-37284, 45121-45124, 45128-45133, 45138-45153, 45155-45156


###Title: Intel Releases Critical Update for Management Engine Description: Intel has released a critical security advisory for the Management Engine, Trusted Execution Engine, and Server Platform Services in response to a vulnerability being identified. “Systems using Intel ME Firmware versions 8.x-10.x and 11.0.0 -11.7.0, SPS Firmware version 4.0, and TXE version 3.0 are impacted.” These effects firmware version on certain processors, such as 6th, 7th, and 8th generation Core Processors, Xeon E3-1200 v5 and v6 series, and others. ####Reference: https://www.intel.com/content/www/us/en/support/articles/000025619/software.html ####Snort SID: Detection pending release of vulnerability information


###Title: Apple Releases Security Updates for macOS, iTunes, and Safari Description: Apple has released security updates for macOS, iTunes, and Safari. The macOS security update addresses 22 vulnerabilities impacting various components such as OpenSSL, IOKit, Intel Graphics Drivers, Directory Utility, and more. The macOS update also re-addresses CVE-2017-13872, the privilege escalation vulnerability that was previously patched in an out-of-band security update. ####Reference: https://support.apple.com/en-us/HT208331 ####Snort SID: Detection pending release of vulnerability information


###Title: Adobe Releases Flash Player Security Bulletin Description: Adobe has released a Flash Player security bulletin addressing a vulnerability that has been identified. This vulnerability, CVE-2017-11305, is a business logic error that could result in the unintended reset of the global settings preference file. Adobe has released a software update addressing this issue. ####Reference: https://helpx.adobe.com/security/products/flash-player/apsb17-42.html ####Snort SID: Detection pending


INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

Sysinternals Sysmon suspicious activity guide
https://blogs.technet.microsoft.com/motiba/2017/12/07/sysinternals-sysmon-suspicious-activity-guide/

Phishers Are Upping Their Game. So Should You.
https://krebsonsecurity.com/2017/12/phishers-are-upping-their-game-so-should-you/

The Mutiny Fuzzing Framework and Decept Proxy
http://blog.talosintelligence.com/2017/12/mutiny-decept.html

x86-64 Windows shellcode that recreates the Jurassic Park hacking scene
https://github.com/zznop/pop-nedry

Deep dive on the HP keylogger fixed in November
https://zwclose.github.io/HP-keylogger/


MOST PREVALENT MALWARE FILES 2017-12-05 - 2017-12-12:


- SHA 256: 99550ea419a3f49ee1154c9d5ae99b7f925a783028f87286584a0c9fe7bab4f0
- MD5: 5bafb135e1d7ba0a5acd0fbbeb2a93e1
- VirusTotal: https://www.virustotal.com/file/99550ea419a3f49ee1154c9d5ae99b7f925a783028f87286584a0c9fe7bab4f0/analysis/#additional-info
- Typical Filename: helperamc.zip
- Claimed Product: Advanced Mac Cleaner
- Detection Name: W32.99550EA419-95.SBX.TG


- SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
- MD5: 799b30f47060ca05d80ece53866e01cc
- VirusTotal: https://www.virustotal.com/file/15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b/analysis/#additional-info
- Typical Filename: mf2016341595.exe
- Claimed Product: (unknown)
- Detection Name: W32.Generic:Gen.20l1.1201


- SHA 256: 7ceaa325d27f178732b0fecceee3a2eda1de7f49970424d39ebdde93c077aa0f
- MD5: 8a0a9252ba0f7d46e7b02337ebdad2be
- VirusTotal: https://www.virustotal.com/file/7ceaa325d27f178732b0fecceee3a2eda1de7f49970424d39ebdde93c077aa0f/analysis/#additional-info
- Typical Filename: PCMHelper_u.rar
- Claimed Product: (unknown)
- Detection Name: W32.7CEAA325D2-100.SBX.VIOC


- SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
- MD5: e2ea315d9a83e7577053f52c974f6a5a
- VirusTotal: https://www.virustotal.com/file/c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f/analysis/#additional-info
- Typical Filename: Tempmf582901854.exe
- Claimed Product: (unknown)
- Detection Name: W32.C3E530CC00-95.SBX.TG


- SHA 256: 24eadaa94a1ce95065e0a9b6456e918a4b5af1e12671f53762e6f3716a40787f
- MD5: edb8ce07bc64bff9df7cfadc500a660d
- VirusTotal: https://www.virustotal.com/file/24eadaa94a1ce95065e0a9b6456e918a4b5af1e12671f53762e6f3716a40787f/analysis/#additional-info
- Typical Filename: 26kuroda.n.xls
- Claimed Product: N/A
- Detection Name: W32.24EADAA94A-100.SBX.TG


SPAM STATS FOR 2017-12-05 - 2017-12-12


####TOP SPAM SUBJECTS OBSERVED

  • “Unauthorized Access”
  • “RE: Tokyo visit Dec. 2017”
  • “A document has been shared on DropBox with you”
  • “Your Premiere Global Services Invoice 1989710 is now available”
  • Digital Transformation: Strategies


####MOST FREQUENTLY USED ASNs FOR SENDING SPAM

  • 27357 Rackspace Ltd.
  • 8075 Microsoft Corporation
  • 4760 PCCW Limited
  • 7545 TPG Telecom Limited
  • 16276 OVH SAS
Most Recent 25 Newsletters
Newsletter Archives

For more, click here...

      • Software
      • Reputation Center
      • Vulnerability Information
      • Microsoft Advisory Snort Rules
      • Incident Response
      • AMP Naming Conventions
      • Talos File Reputation
      • AWBO Exercises
      • Library
      • Support Communities
      • About
      • Careers
      • Blog
      • Threat Source Newsletter
      • Beers with Talos Podcast
      • Talos Takes Podcast
Connect With Us
  • Follow us on Twitter
  • Watch our informational videos on YouTube
  • Connect with us on LinkedIn
Cisco

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. View our Privacy Policy here.