Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Remote Code Execution Vulnerability Found in GoAhead Web Server
Synopsis: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies.
Description: Researchers have identified a remote code execution vulnerability in the GoAhead Web Server, a widely used web server that is designed to be embedded in applications and devices. This vulnerability, identified as CVE-2017-17562, manifests due to improper handling of user-supplied variables in an HTTP request that are subsequently used when forking and executing a CGI script. An attacker who exploits this vulnerability could remotely execute arbitrary code of their choice, thereby compromising the server. GoAhead versions since 2.5.0 have been confirmed vulnerable. Software updates that address this vulnerability have been published and are available for download.
Description: Researchers have identified a flaw in RSA-encrypted TLS traffic that could allow an attacker to perform decryption or signing operations with the private key of a TLS server. This vulnerability is a variation of the flaws first identified in RSA encryption by Daniel Bleichenbacher in 1998 and has been named "Return Of Bleichenbacher's Oracle Threat," or ROBOT. Software updates for various affected products and software are forthcoming pending the development of a patch that addresses this flaw.
aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript
Trump administration formally blames North Korea for WannaCry. Now what?
Backdoor Found in WordPress Plugin With More Than 300,000 Installations
OSX.Pirrit Mac Adware - Part III: The DaVinci Code
There’s No Place Like ::1 — Enumerating Local IPv6 networks
Network Pivoting Techniques Cheat Sheet
The 2017 SANS Holiday Hack Challenge
Talos Blog: Virus Bulletin Publication And Presentation