• Cisco Login
  • Software
  • Vulnerability Information
    • Vulnerability Information

    • Vulnerability Reports
    • Microsoft Advisories
  • Reputation Center
    • Reputation Center

    • IP & Domain Reputation
    • Talos File Reputation
    • Reputation Support
    • AMP Threat Naming Conventions
    • AWBO Exercises
    • Intelligence Categories
  • Library
  • Support
    • Support

    • Reputation Center Support
    • Snort Community
    • ClamAV Community
    • SpamCop
  • Incident Response
  • Careers
  • Blog
  • Podcasts
    • Podcasts

    • Beers with Talos
    • Talos Takes
  • About
  • Cisco Login

Talos Threat Source Newsletters

Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.

January 30, 2018


TOP VULNERABILITY THIS WEEK:

Cisco Discloses Remote Code Execution Vulnerability in SSL VPN Functionality of ASAs


UPCOMING PUBLIC ENGAGEMENTS WITH TALOS


###Event: Talos Insights: The State of Cyber Security @ Novosco Cyber Security and GDPR Seminar ####Date: 2018-02-22 ####Speaker: Warren Mercer, Technical Leader

Synopsis: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. ####Reference: https://www.novosco.com/cyber-security-gdpr-belfast


###Event: [BRKSEC-2777] Talos Insights: The State of Cyber Security @ Cisco Live Melbourne ####Date: 2018-03-06 - 2018-03-09 ####Speaker: Nick Biasini, Threat Researcher

Synopsis: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. ####Reference: https://www.ciscolive.com/anz/learn/sessions/session-catalog/?search=BRKSEC-2777


###Event: Surprise, Supplies! @ OPCDE (Dubai, UAE) ####Date: 2018-04-06 - 2018-04-07 ####Speaker: Paul Rascagneres

Synopsis: Supply chain attacks are often long thought about and often overlooked in terms of how well a business prepares itself for any associated compromise or breach. 2017 has truly marked itself as ‘The Year Of The Supply Chain Attack’ and marked a turning point concerning supply chain attacks. Talos was involved in two major campaigns: MeDoc compromise that paralyzed the Ukraine and CCleaner compromise that impacted a reported 2.27M consumers. In this presentation we will firstly present these two cases. In both cases, we will present how the attackers modified a legitimate application and what was the result of the modification. We will explain the purpose of the attackers and the malware used against the victims. For the MeDoc compromise, we were directly involved in the incident response and we will provide a timeline of the events to give an idea of the before, during and after picture associated with Nyetya and MeDoc. Concerning the CCleaner compromise, we will provide some data and statistics from the attacker’s database and the profiles of the targeted organizations. In a second part, we will speak globally about supply chain attacks. We will remember that it’s not the first time in the history that this kind of attacks occurred and we will finally open the discussion on the future of this attacks. ####Reference: https://www.opcde.com/


NOTABLE RECENT SECURITY ISSUES


###Title: Cisco Discloses Remote Code Execution Vulnerability in SSL VPN Functionality of ASAs Description: Cisco has released a security advisory to address CVE-2018-0101, a remote code execution vulnerability identified in the SSL VPN functionality of Cisco Adaptive Security Appliances (ASAs). The vulnerability, identified by Cedric Halbronn from the NCC Group, manifests as a double-free condition that can be triggered when the SSL VPN improperly handles XML packets. Cisco has released free software updates that address this vulnerability. ####Reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1


###Title: Lenovo Releases Security Advisory for Fingerprint Manager Pro Vulnerability on Lenovo Laptops Description: Lenovo has released a security advisory, addressing a vulnerability that has been identified in Fingerprint Manager Pro. This vulnerability, assigned CVE-2017-3762, impacts systems where sensitive data stored by Fingerprint Manager Pro is “encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in.” Lenovo notes that this vulnerability only affects Windows 7, Windows 8, and Windows 8.1 systems. Windows 10 systems are not vulnerable. Lenovo has released a software update addressing these issues for affected systems. ####Reference: https://support.lenovo.com/us/en/product_security/len-15999


INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

Microsoft to classify software containing coercive messaging as unwanted software
https://cloudblogs.microsoft.com/microsoftsecure/2018/01/30/protecting-customers-from-being-intimidated-into-making-an-unnecessary-purchase/

How to Hack a Turned-off Computer, or Running Unsigned Code in Intel ME
http://blog.ptsecurity.com/2018/01/running-unsigned-code-in-intel-me.html

A Deep Dive Analysis of Microsoft’s Kernel Virtual Address Shadow Feature
https://blog.fortinet.com/2018/01/25/a-deep-dive-analysis-of-microsoft-s-kernel-virtual-address-shadow-feature

Malware Reversing - Burpsuite Keygen
https://0x00sec.org/t/malware-reversing-burpsuite-keygen/5167

Strava Fitness App Can Reveal Military Sites, Analysts Say
https://www.nytimes.com/2018/01/29/world/middleeast/strava-heat-map.html

Talos Blog: Vulnerability Spotlight: Walt Disney Per-Face Texture Mapping faceInfoSize Code Execution Vulnerability
http://blog.talosintelligence.com/2018/01/ptex-rce-vuln.html

Talos Blog: 2017 in Snort Signatures
http://blog.talosintelligence.com/2018/01/2017-in-snort-signatures.html


MOST PREVALENT MALWARE FILES 2018-01-23 - 2018-01-30:


- SHA 256: fbe9c7f03f06b055de21ab0df6237c13df74e0b44a5c178ed7d0463d76069350
- MD5: 51d17f4d17dfb0cefaaf6aa236d011a6
- VirusTotal: https://www.virustotal.com/file/fbe9c7f03f06b055de21ab0df6237c13df74e0b44a5c178ed7d0463d76069350/analysis/#additional-info
- Typical Filename: Uninstall.exe
- Claimed Product: Sophos Standalone Engine uninstaller tool
- Detection Name: W32.Auto.fbe9c7.MASH.RT.SBX.VIOC


- SHA 256: 3f5961a80d3aa7cb06520fd8e89558170936a1a4a3fe16e9fc84c379518c0759
- MD5: 608e7d9ac275bdaadd0fa021f1c6694a
- VirusTotal: https://www.virustotal.com/file/3f5961a80d3aa7cb06520fd8e89558170936a1a4a3fe16e9fc84c379518c0759/analysis/#additional-info
- Typical Filename: cryptonight.wasm
- Claimed Product: N/A
- Detection Name: W32.3F5961A80D-100.SBX.VIOC


- SHA 256: dbf3890b782ac04136c3336814eef97e3c0f4133f9592e882c131c179161b27b
- MD5: 0c694193ceac8bfb016491ffb534eb7c
- VirusTotal: https://www.virustotal.com/file/dbf3890b782ac04136c3336814eef97e3c0f4133f9592e882c131c179161b27b/analysis/#additional-info
- Typical Filename: mssecsvc.exe
- Claimed Product: (none)
- Detection Name: W32.Ransom:TrojanRansom.21ck.1201


- SHA 256: 99550ea419a3f49ee1154c9d5ae99b7f925a783028f87286584a0c9fe7bab4f0
- MD5: 5bafb135e1d7ba0a5acd0fbbeb2a93e1
- VirusTotal: https://www.virustotal.com/file/99550ea419a3f49ee1154c9d5ae99b7f925a783028f87286584a0c9fe7bab4f0/analysis/#additional-info
- Typical Filename: helperamc.zip
- Claimed Product: Advanced Mac Cleaner
- Detection Name: W32.99550EA419-95.SBX.TG


- SHA 256: 0478ce64dd7a27d849e9ca32bc95f6f89330ce9c7f5ab3fedd70726c9d9e5c6c
- MD5: ba9ed23ee65094f4a8686b7088d1153a
- VirusTotal: https://www.virustotal.com/file/0478ce64dd7a27d849e9ca32bc95f6f89330ce9c7f5ab3fedd70726c9d9e5c6c/analysis/#additional-info
- Typical Filename: SafeDrv.exe
- Claimed Product: (none)
- Detection Name: Suspicious_F:Trojan-tpd


SPAM STATS FOR 2018-01-23 - 2018-01-30


####TOP SPAM SUBJECTS OBSERVED

  • “Mandatory 2018 updates”
  • “Urgent: From IT service Helpdesk”
  • “Invoice INVV02703 from ESIB Pty Ltd”
  • “Remittance Advice_990000987”
  • “Mystery Shopper”


####MOST FREQUENTLY USED ASNs FOR SENDING SPAM

  • 8075 Microsoft Corporation
  • 7922 Comcast Cable Communications, LLC
  • 4760 PCCW Limited
  • 16276 OVH SAS
  • 47610 RWTH Aachen University
Most Recent 25 Newsletters
Newsletter Archives

For more, click here...

      • Software
      • Reputation Center
      • Vulnerability Information
      • Microsoft Advisory Snort Rules
      • Incident Response
      • AMP Naming Conventions
      • Talos File Reputation
      • AWBO Exercises
      • Library
      • Support Communities
      • About
      • Careers
      • Blog
      • Threat Source Newsletter
      • Beers with Talos Podcast
      • Talos Takes Podcast
Connect With Us
  • Follow us on Twitter
  • Watch our informational videos on YouTube
  • Connect with us on LinkedIn
Cisco

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. View our Privacy Policy here.