TOP VULNERABILITY THIS WEEK:
Researchers Identify Major Vulnerabilities in Intel, AMD, and ARM-based Processors
UPCOMING PUBLIC ENGAGEMENTS WITH TALOS
Event: [BRKSEC-2010] Talos Insights: The State of Cyber Security @ Cisco Live Barcelona
Date: 2018-01-29 - 2018-02-02
Speaker: Warren Mercer, Technical Leader
Synopsis: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies.
Reference: https://www.ciscolive.com/emea/learn/sessions/content-catalog/?search=BRKSEC-2010
Event: [BRKSEC-2777] Talos Insights: The State of Cyber Security @ Cisco Live Melbourne
Date: 2018-03-06 - 2018-03-09
Speaker: Nick Biasini, Threat Researcher
Synopsis: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies.
Reference: https://www.ciscolive.com/anz/learn/sessions/session-catalog/?search=BRKSEC-2777
NOTABLE RECENT SECURITY ISSUES
Title: Researchers Identify Major Vulnerabilities in Intel, AMD, and ARM-based Processors
Description: Researchers have identified three major vulnerabilities in Intel, AMD, and ARM-based processors. All three vulnerabilities manifest due to how processors handle speculative execution of instructions. Exploitation of these flaws could lead to an attacker being able to read kernel memory, in the case of Meltdown, or be able to read memory from other processes. These vulnerabilities will require mitigations to be implemented at the operating system and firmware levels. Operating system developers have released software updates for their respective operating systems to mitigate the impact of these vulnerabilities.
Reference: https://meltdownattack.com/
Snort SID: 45357-45368
Title: Microsoft Releases Security Updates for January 2018
Description: Microsoft has released its monthly set of security advisory for vulnerabilities that have been identified in its products. This month's advisory release addresses 56 new vulnerabilities with 16 of them rated critical, 39 of them rated important and 1 of them rated Moderate. These vulnerabilities impact ASP.NET, Edge, Internet Explorer, Office, Windows, and more.
Reference:
- https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/858123b8-25ca-e711-a957-000d3a33cf99
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
Snort SID: 45374-45379, 45383-45384, 45387-45392, 45395-45396, 45402-45403
Title: Adobe Releases Security Advisory for Flash Player
Description: Adobe has released a security advisory for Flash Player to address CVE-2018-4871. CVE-2018-4871 is an out-of-bound read flaw that could result in information disclosure. Adobe has released a software update that addresses this vulnerability.
Reference: https://helpx.adobe.com/security/products/flash-player/apsb18-01.html
Snort SID: Detection pending
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Reading privileged memory with a side-channel
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
New Rules Announced for Border Inspection of Electronic Devices
https://threatpost.com/new-rules-announced-for-border-inspection-of-electronic-devices/129361/
WPA3 Features Explained - What is WPA3?
http://rootsaid.com/wpa3-features-explained/
All Your Docs Are Belong To Us - reversing an av engine to compose signatures capable of detecting classified documents
https://objective-see.com/blog/blog_0x22.html
MOST PREVALENT MALWARE FILES 2018-01-02 - 2018-01-09:
-
SHA 256: 91f4d74473aee9be5b67aaefc3b7abd3ab82eecfcafb4b2bede31263f36d1667
-
MD5: ecb9ff8fccd2426fb244a66afc5faffb
-
VirusTotal: https://www.virustotal.com/file/91f4d74473aee9be5b67aaefc3b7abd3ab82eecfcafb4b2bede31263f36d1667/analysis/#additional-info
-
Typical Filename: task.exe
-
Claimed Product: tasj
-
Detection Name: Downldr2:Dropped-tpd
-
SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
-
MD5: e2ea315d9a83e7577053f52c974f6a5a
-
VirusTotal: https://www.virustotal.com/file/c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f/analysis/#additional-info
-
Typical Filename: Tempmf582901854.exe
-
Claimed Product: (none)
-
Detection Name: W32.C3E530CC00-95.SBX.TG
-
SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
-
MD5: 799b30f47060ca05d80ece53866e01cc
-
VirusTotal: https://www.virustotal.com/file/15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b/analysis/#additional-info
-
Typical Filename: mf2016341595.exe
-
Claimed Product: (none)
-
Detection Name: W32.Generic:Gen.21cd.1201
-
SHA 256: 99550ea419a3f49ee1154c9d5ae99b7f925a783028f87286584a0c9fe7bab4f0
-
MD5: 5bafb135e1d7ba0a5acd0fbbeb2a93e1
-
VirusTotal: https://www.virustotal.com/file/99550ea419a3f49ee1154c9d5ae99b7f925a783028f87286584a0c9fe7bab4f0/analysis/#additional-info
-
Typical Filename: helperamc.zip
-
Claimed Product: Advanced Mac Cleaner
-
Detection Name: W32.99550EA419-95.SBX.TG
-
SHA 256: 7c8e2fa9c2e79093834cb0dd04d41a9a0022ada60920c1ee5423a967f30acff8
-
MD5: 5d60516dc6b946a3f0074839003a64a4
-
VirusTotal: https://www.virustotal.com/file/7c8e2fa9c2e79093834cb0dd04d41a9a0022ada60920c1ee5423a967f30acff8/analysis/#additional-info
-
Typical Filename: 5d60516dc6b946a3f0074839003a64a471a5d38f886a617e053f3efc809029f3701c6036160091.dll
-
Claimed Product: (none)
-
Detection Name: W32.Worm:Malwaregen.20mi.1201
SPAM STATS FOR 2018-01-02 - 2018-01-09
TOP SPAM SUBJECTS OBSERVED
- "Activity On Your Account"
- "DELOITTE UPDATE"
- "Lsuhsc e-mail alert"
- "To All"
- "FW: Courier was unable to deliver the parcel, ID1413969"
MOST FREQUENTLY USED ASNs FOR SENDING SPAM
- 23366 LSU Health Sciences Center
- 8075 Microsoft Corporation
- 9009 M247 Ltd
- 14782 The Rocket Science Group, LLC
- 19893 RagingWire Data Centers, Inc.