Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Microsoft Releases Security Advisories for December 2017
###Event: [BRKSEC-2010] Talos Insights: The State of Cyber Security @ Cisco Live Barcelona
####Date: 2018-01-29 - 2018-02-02
####Speaker: Warren Mercer, Technical Leader
Synopsis: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. ####Reference: https://www.ciscolive.com/emea/learn/sessions/content-catalog/?search=BRKSEC-2010
###Title: Microsoft Releases Security Advisories for December 2017
Description: Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified in currently supported products. This month’s release sees a total of 32 vulnerabilities patched with 19 vulnerabilities rated “critical” and 13 rated “important.” This month’s release also sees the release of a security advisory aimed at reducing the attack surface in Office by disabling DDE.
####Reference: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/c383fa60-b852-e711-80dd-000d3a32f9b6
####Snort SID: 37283-37284, 45121-45124, 45128-45133, 45138-45153, 45155-45156
###Title: Intel Releases Critical Update for Management Engine
Description: Intel has released a critical security advisory for the Management Engine, Trusted Execution Engine, and Server Platform Services in response to a vulnerability being identified. “Systems using Intel ME Firmware versions 8.x-10.x and 11.0.0 -11.7.0, SPS Firmware version 4.0, and TXE version 3.0 are impacted.” These effects firmware version on certain processors, such as 6th, 7th, and 8th generation Core Processors, Xeon E3-1200 v5 and v6 series, and others.
####Reference: https://www.intel.com/content/www/us/en/support/articles/000025619/software.html
####Snort SID: Detection pending release of vulnerability information
###Title: Apple Releases Security Updates for macOS, iTunes, and Safari
Description: Apple has released security updates for macOS, iTunes, and Safari. The macOS security update addresses 22 vulnerabilities impacting various components such as OpenSSL, IOKit, Intel Graphics Drivers, Directory Utility, and more. The macOS update also re-addresses CVE-2017-13872, the privilege escalation vulnerability that was previously patched in an out-of-band security update.
####Reference: https://support.apple.com/en-us/HT208331
####Snort SID: Detection pending release of vulnerability information
###Title: Adobe Releases Flash Player Security Bulletin
Description: Adobe has released a Flash Player security bulletin addressing a vulnerability that has been identified. This vulnerability, CVE-2017-11305, is a business logic error that could result in the unintended reset of the global settings preference file. Adobe has released a software update addressing this issue.
####Reference: https://helpx.adobe.com/security/products/flash-player/apsb17-42.html
####Snort SID: Detection pending
Sysinternals Sysmon suspicious activity guide
https://blogs.technet.microsoft.com/motiba/2017/12/07/sysinternals-sysmon-suspicious-activity-guide/
Phishers Are Upping Their Game. So Should You.
https://krebsonsecurity.com/2017/12/phishers-are-upping-their-game-so-should-you/
The Mutiny Fuzzing Framework and Decept Proxy
http://blog.talosintelligence.com/2017/12/mutiny-decept.html
x86-64 Windows shellcode that recreates the Jurassic Park hacking scene
https://github.com/zznop/pop-nedry
Deep dive on the HP keylogger fixed in November
https://zwclose.github.io/HP-keylogger/
- SHA 256: 99550ea419a3f49ee1154c9d5ae99b7f925a783028f87286584a0c9fe7bab4f0
- MD5: 5bafb135e1d7ba0a5acd0fbbeb2a93e1
- VirusTotal: https://www.virustotal.com/file/99550ea419a3f49ee1154c9d5ae99b7f925a783028f87286584a0c9fe7bab4f0/analysis/#additional-info
- Typical Filename: helperamc.zip
- Claimed Product: Advanced Mac Cleaner
- Detection Name: W32.99550EA419-95.SBX.TG
- SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
- MD5: 799b30f47060ca05d80ece53866e01cc
- VirusTotal: https://www.virustotal.com/file/15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b/analysis/#additional-info
- Typical Filename: mf2016341595.exe
- Claimed Product: (unknown)
- Detection Name: W32.Generic:Gen.20l1.1201
- SHA 256: 7ceaa325d27f178732b0fecceee3a2eda1de7f49970424d39ebdde93c077aa0f
- MD5: 8a0a9252ba0f7d46e7b02337ebdad2be
- VirusTotal: https://www.virustotal.com/file/7ceaa325d27f178732b0fecceee3a2eda1de7f49970424d39ebdde93c077aa0f/analysis/#additional-info
- Typical Filename: PCMHelper_u.rar
- Claimed Product: (unknown)
- Detection Name: W32.7CEAA325D2-100.SBX.VIOC
- SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
- MD5: e2ea315d9a83e7577053f52c974f6a5a
- VirusTotal: https://www.virustotal.com/file/c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f/analysis/#additional-info
- Typical Filename: Tempmf582901854.exe
- Claimed Product: (unknown)
- Detection Name: W32.C3E530CC00-95.SBX.TG
- SHA 256: 24eadaa94a1ce95065e0a9b6456e918a4b5af1e12671f53762e6f3716a40787f
- MD5: edb8ce07bc64bff9df7cfadc500a660d
- VirusTotal: https://www.virustotal.com/file/24eadaa94a1ce95065e0a9b6456e918a4b5af1e12671f53762e6f3716a40787f/analysis/#additional-info
- Typical Filename: 26kuroda.n.xls
- Claimed Product: N/A
- Detection Name: W32.24EADAA94A-100.SBX.TG
####TOP SPAM SUBJECTS OBSERVED
####MOST FREQUENTLY USED ASNs FOR SENDING SPAM