January 02, 2018
TOP VULNERABILITY THIS WEEK:
Researcher Discloses New Local Privilege Escalation 0-Day Vulnerability In Apple macOS
UPCOMING PUBLIC ENGAGEMENTS WITH TALOS
Event: [BRKSEC-2010] Talos Insights: The State of Cyber Security @ Cisco Live Barcelona
Date: 2018-01-29 - 2018-02-02
Speaker: Warren Mercer, Technical Leader
Synopsis: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies.
Reference: https://www.ciscolive.com/emea/learn/sessions/content-catalog/?search=BRKSEC-2010
NOTABLE RECENT SECURITY ISSUES
Title: Researcher Discloses New Local Privilege Escalation 0-Day Vulnerability In Apple macOS
Description: A researcher has disclosed a new 0-day vulnerability in Apple macOS that could allow an attacker to conduct a privilege escalation attack. This vulnerability manifests in the IOHIDFamily macOS kernel driver, which handles various types of user interaction, and can could be used to gain root access. As this vulnerability is a local privilege escalation flaw, it can only be exploited if an attacker has physical access to the host or if the attacker already has compromised the device. Updates that address this flaw are expected to be released in the next Security Update for macOS
Reference:
- https://www.bleepingcomputer.com/news/apple/macos-exploit-published-on-the-last-day-of-2017/
- https://siguza.github.io/IOHIDeous/
Title: VMware Releases Security Advisory for Three Critical Vulnerabilities in vSphere Data Protection (VDP)
Description: VMware has released a security advisory for vSphere Data Protection (VDP) to address three critical vulnerabilities. These flaws are identified as CVE-2017-15548, an authentication bypass vulnerability; CVE-2017-15549, an arbitrary file upload vulnerability; and CVE-2017-15550, a path traversal vulnerability. VMware has released a software update that addresses these vulnerabilities.
Reference: https://www.vmware.com/security/advisories/VMSA-2018-0001.html
Snort SID: Detection pending release of vulnerability information
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
34C3 (34th Chaos Communications Congress) Talks
https://media.ccc.de/c/34c3
Black Hat Europe 2017 Videos
https://www.youtube.com/playlist?list=PLH15HpR5qRsXtpLirwYHPWyqcEFPbr-uB
Why TLS 1.3 isn't in browsers yet
https://blog.cloudflare.com/why-tls-1-3-isnt-in-browsers-yet/
Kansas Man Killed In ‘SWATting’ Attack
https://krebsonsecurity.com/2017/12/kansas-man-killed-in-swatting-attack
MOST PREVALENT MALWARE FILES 2017-12-26 - 2018-01-02:
-
SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
-
MD5: 799b30f47060ca05d80ece53866e01cc
-
VirusTotal: https://www.virustotal.com/file/15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b/analysis/#additional-info
-
Typical Filename: mf2016341595.exe
-
Claimed Product: N/A
-
Detection Name: W32.Generic:Gen.20l1.1201
-
SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
-
MD5: e2ea315d9a83e7577053f52c974f6a5a
-
VirusTotal: https://www.virustotal.com/file/c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f/analysis/#additional-info
-
Typical Filename: Tempmf582901854.exe
-
Claimed Product: N/A
-
Detection Name: W32.C3E530CC00-95.SBX.TG
-
SHA 256: bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f
-
MD5: 2dbf779808d2ec3f5121891be9f4b1cf
-
VirusTotal: https://www.virustotal.com/file/bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f/analysis/#additional-info
-
Typical Filename: helperamc
-
Claimed Product: Advanced Mac Cleaner
-
Detection Name: OSX.Variant:AMCZ.19if.1201
-
SHA 256: 7c8e2fa9c2e79093834cb0dd04d41a9a0022ada60920c1ee5423a967f30acff8
-
MD5: 5d60516dc6b946a3f0074839003a64a4
-
VirusTotal: https://www.virustotal.com/file/7c8e2fa9c2e79093834cb0dd04d41a9a0022ada60920c1ee5423a967f30acff8/analysis/#additional-info
-
Typical Filename: 5d60516dc6b946a3f0074839003a64a471a5d38f886a617e053f3efc809029f3701c6036160091.dll
-
Claimed Product: (none)
-
Detection Name: W32.Worm:Malwaregen.20mi.1201
-
SHA 256: b585d24ee89e6ba2cf54086020775be31e96a4283f02e7eca8ab2f5b4242f670
-
MD5: 8243e9b8243fba63155cba1371f2b02f
-
VirusTotal: https://www.virustotal.com/file/b585d24ee89e6ba2cf54086020775be31e96a4283f02e7eca8ab2f5b4242f670/analysis/#additional-info
-
Typical Filename: lsmosee.exe
-
Claimed Product: (none)
-
Detection Name: W32.Variant:Gen.21ca.1201
SPAM STATS FOR 2017-12-26 - 2018-01-02
TOP SPAM SUBJECTS OBSERVED
- "Alert: Billing Issue #1728377"
- "A one hundred dollar bonus is yours on Amazon."
- "Authorize log-in attempt"
- "INCORRECT INVOICE"
- "Missouri Account Holder,"
MOST FREQUENTLY USED ASNs FOR SENDING SPAM
- 8075 Microsoft Corporation
- 9009 M247 Ltd
- 32489 Amanah Tech Inc.
- 4760 PCCW Limited
- 19893 RagingWire Data Centers, Inc.