Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Researchers Identify Major Vulnerabilities in Intel, AMD, and ARM-based Processors
###Event: [BRKSEC-2010] Talos Insights: The State of Cyber Security @ Cisco Live Barcelona
####Date: 2018-01-29 - 2018-02-02
####Speaker: Warren Mercer, Technical Leader
Synopsis: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. ####Reference: https://www.ciscolive.com/emea/learn/sessions/content-catalog/?search=BRKSEC-2010
###Event: [BRKSEC-2777] Talos Insights: The State of Cyber Security @ Cisco Live Melbourne
####Date: 2018-03-06 - 2018-03-09
####Speaker: Nick Biasini, Threat Researcher
Synopsis: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. ####Reference: https://www.ciscolive.com/anz/learn/sessions/session-catalog/?search=BRKSEC-2777
###Title: Researchers Identify Major Vulnerabilities in Intel, AMD, and ARM-based Processors
Description: Researchers have identified three major vulnerabilities in Intel, AMD, and ARM-based processors. All three vulnerabilities manifest due to how processors handle speculative execution of instructions. Exploitation of these flaws could lead to an attacker being able to read kernel memory, in the case of Meltdown, or be able to read memory from other processes. These vulnerabilities will require mitigations to be implemented at the operating system and firmware levels. Operating system developers have released software updates for their respective operating systems to mitigate the impact of these vulnerabilities.
####Reference: https://meltdownattack.com/
####Snort SID: 45357-45368
###Title: Microsoft Releases Security Updates for January 2018
Description: Microsoft has released its monthly set of security advisory for vulnerabilities that have been identified in its products. This month’s advisory release addresses 56 new vulnerabilities with 16 of them rated critical, 39 of them rated important and 1 of them rated Moderate. These vulnerabilities impact ASP.NET, Edge, Internet Explorer, Office, Windows, and more.
####Reference:
- https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/858123b8-25ca-e711-a957-000d3a33cf99
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
####Snort SID: 45374-45379, 45383-45384, 45387-45392, 45395-45396, 45402-45403
###Title: Adobe Releases Security Advisory for Flash Player
Description: Adobe has released a security advisory for Flash Player to address CVE-2018-4871. CVE-2018-4871 is an out-of-bound read flaw that could result in information disclosure. Adobe has released a software update that addresses this vulnerability.
####Reference: https://helpx.adobe.com/security/products/flash-player/apsb18-01.html
####Snort SID: Detection pending
Reading privileged memory with a side-channel
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
New Rules Announced for Border Inspection of Electronic Devices
https://threatpost.com/new-rules-announced-for-border-inspection-of-electronic-devices/129361/
WPA3 Features Explained - What is WPA3?
http://rootsaid.com/wpa3-features-explained/
All Your Docs Are Belong To Us - reversing an av engine to compose signatures capable of detecting classified documents
https://objective-see.com/blog/blog_0x22.html
- SHA 256: 91f4d74473aee9be5b67aaefc3b7abd3ab82eecfcafb4b2bede31263f36d1667
- MD5: ecb9ff8fccd2426fb244a66afc5faffb
- VirusTotal: https://www.virustotal.com/file/91f4d74473aee9be5b67aaefc3b7abd3ab82eecfcafb4b2bede31263f36d1667/analysis/#additional-info
- Typical Filename: task.exe
- Claimed Product: tasj
- Detection Name: Downldr2:Dropped-tpd
- SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
- MD5: e2ea315d9a83e7577053f52c974f6a5a
- VirusTotal: https://www.virustotal.com/file/c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f/analysis/#additional-info
- Typical Filename: Tempmf582901854.exe
- Claimed Product: (none)
- Detection Name: W32.C3E530CC00-95.SBX.TG
- SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
- MD5: 799b30f47060ca05d80ece53866e01cc
- VirusTotal: https://www.virustotal.com/file/15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b/analysis/#additional-info
- Typical Filename: mf2016341595.exe
- Claimed Product: (none)
- Detection Name: W32.Generic:Gen.21cd.1201
- SHA 256: 99550ea419a3f49ee1154c9d5ae99b7f925a783028f87286584a0c9fe7bab4f0
- MD5: 5bafb135e1d7ba0a5acd0fbbeb2a93e1
- VirusTotal: https://www.virustotal.com/file/99550ea419a3f49ee1154c9d5ae99b7f925a783028f87286584a0c9fe7bab4f0/analysis/#additional-info
- Typical Filename: helperamc.zip
- Claimed Product: Advanced Mac Cleaner
- Detection Name: W32.99550EA419-95.SBX.TG
- SHA 256: 7c8e2fa9c2e79093834cb0dd04d41a9a0022ada60920c1ee5423a967f30acff8
- MD5: 5d60516dc6b946a3f0074839003a64a4
- VirusTotal: https://www.virustotal.com/file/7c8e2fa9c2e79093834cb0dd04d41a9a0022ada60920c1ee5423a967f30acff8/analysis/#additional-info
- Typical Filename: 5d60516dc6b946a3f0074839003a64a471a5d38f886a617e053f3efc809029f3701c6036160091.dll
- Claimed Product: (none)
- Detection Name: W32.Worm:Malwaregen.20mi.1201
####TOP SPAM SUBJECTS OBSERVED
####MOST FREQUENTLY USED ASNs FOR SENDING SPAM