Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Researcher Discloses New Local Privilege Escalation 0-Day Vulnerability In Apple macOS
###Event: [BRKSEC-2010] Talos Insights: The State of Cyber Security @ Cisco Live Barcelona
####Date: 2018-01-29 - 2018-02-02
####Speaker: Warren Mercer, Technical Leader
Synopsis: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. ####Reference: https://www.ciscolive.com/emea/learn/sessions/content-catalog/?search=BRKSEC-2010
###Title: Researcher Discloses New Local Privilege Escalation 0-Day Vulnerability In Apple macOS
Description: A researcher has disclosed a new 0-day vulnerability in Apple macOS that could allow an attacker to conduct a privilege escalation attack. This vulnerability manifests in the IOHIDFamily macOS kernel driver, which handles various types of user interaction, and can could be used to gain root access. As this vulnerability is a local privilege escalation flaw, it can only be exploited if an attacker has physical access to the host or if the attacker already has compromised the device. Updates that address this flaw are expected to be released in the next Security Update for macOS
####Reference:
- https://www.bleepingcomputer.com/news/apple/macos-exploit-published-on-the-last-day-of-2017/
- https://siguza.github.io/IOHIDeous/
###Title: VMware Releases Security Advisory for Three Critical Vulnerabilities in vSphere Data Protection (VDP)
Description: VMware has released a security advisory for vSphere Data Protection (VDP) to address three critical vulnerabilities. These flaws are identified as CVE-2017-15548, an authentication bypass vulnerability; CVE-2017-15549, an arbitrary file upload vulnerability; and CVE-2017-15550, a path traversal vulnerability. VMware has released a software update that addresses these vulnerabilities.
####Reference: https://www.vmware.com/security/advisories/VMSA-2018-0001.html
####Snort SID: Detection pending release of vulnerability information
34C3 (34th Chaos Communications Congress) Talks
https://media.ccc.de/c/34c3
Black Hat Europe 2017 Videos
https://www.youtube.com/playlist?list=PLH15HpR5qRsXtpLirwYHPWyqcEFPbr-uB
Why TLS 1.3 isn’t in browsers yet
https://blog.cloudflare.com/why-tls-1-3-isnt-in-browsers-yet/
Kansas Man Killed In ‘SWATting’ Attack
https://krebsonsecurity.com/2017/12/kansas-man-killed-in-swatting-attack
- SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
- MD5: 799b30f47060ca05d80ece53866e01cc
- VirusTotal: https://www.virustotal.com/file/15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b/analysis/#additional-info
- Typical Filename: mf2016341595.exe
- Claimed Product: N/A
- Detection Name: W32.Generic:Gen.20l1.1201
- SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
- MD5: e2ea315d9a83e7577053f52c974f6a5a
- VirusTotal: https://www.virustotal.com/file/c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f/analysis/#additional-info
- Typical Filename: Tempmf582901854.exe
- Claimed Product: N/A
- Detection Name: W32.C3E530CC00-95.SBX.TG
- SHA 256: bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f
- MD5: 2dbf779808d2ec3f5121891be9f4b1cf
- VirusTotal: https://www.virustotal.com/file/bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f/analysis/#additional-info
- Typical Filename: helperamc
- Claimed Product: Advanced Mac Cleaner
- Detection Name: OSX.Variant:AMCZ.19if.1201
- SHA 256: 7c8e2fa9c2e79093834cb0dd04d41a9a0022ada60920c1ee5423a967f30acff8
- MD5: 5d60516dc6b946a3f0074839003a64a4
- VirusTotal: https://www.virustotal.com/file/7c8e2fa9c2e79093834cb0dd04d41a9a0022ada60920c1ee5423a967f30acff8/analysis/#additional-info
- Typical Filename: 5d60516dc6b946a3f0074839003a64a471a5d38f886a617e053f3efc809029f3701c6036160091.dll
- Claimed Product: (none)
- Detection Name: W32.Worm:Malwaregen.20mi.1201
- SHA 256: b585d24ee89e6ba2cf54086020775be31e96a4283f02e7eca8ab2f5b4242f670
- MD5: 8243e9b8243fba63155cba1371f2b02f
- VirusTotal: https://www.virustotal.com/file/b585d24ee89e6ba2cf54086020775be31e96a4283f02e7eca8ab2f5b4242f670/analysis/#additional-info
- Typical Filename: lsmosee.exe
- Claimed Product: (none)
- Detection Name: W32.Variant:Gen.21ca.1201
####TOP SPAM SUBJECTS OBSERVED
####MOST FREQUENTLY USED ASNs FOR SENDING SPAM