Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Apple Releases Security Update for "Text Bomb" Flaw in iOS and macOS
Synopsis: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies.
Synopsis: Supply chain attacks are often long thought about and often overlooked in terms of how well a business prepares itself for any associated compromise or breach. 2017 has truly marked itself as ‘The Year Of The Supply Chain Attack’ and marked a turning point concerning supply chain attacks. Talos was involved in two major campaigns: MeDoc compromise that paralyzed the Ukraine and CCleaner compromise that impacted a reported 2.27M consumers. In this presentation we will firstly present these two cases. In both cases, we will present how the attackers modified a legitimate application and what was the result of the modification. We will explain the purpose of the attackers and the malware used against the victims. For the MeDoc compromise, we were directly involved in the incident response and we will provide a timeline of the events to give an idea of the before, during and after picture associated with Nyetya and MeDoc. Concerning the CCleaner compromise, we will provide some data and statistics from the attacker’s database and the profiles of the targeted organizations. In a second part, we will speak globally about supply chain attacks. We will remember that it’s not the first time in the history that this kind of attacks occurred and we will finally open the discussion on the future of this attacks.
Synopsis: PyREBox is an open-source tool focused on reverse engineering that provides instrumentation and debugging capabilities on top of the QEMU emulator. It allows you to inspect a running QEMU VM, modify its memory or registers, and instrument its execution with simple Python scripts. It combines whole-system-emulation (QEMU) with Virtual Machine Introspection (Volatility). One of the possible applications of this tool is malware analysis. It allows you to debug any process running on the system and also to instrument the execution of the VM with simple Python scripts to automate common tasks. In this talk, we will present an overview of PyREBox, how it works internally, and how it compares to other tools. We will explain some of the challenges found in implementing Python-based fine-grained instrumentation and how PyREBox tries to solve them. Finally, we will show you how to take advantage of PyREBox for malware analysis by releasing a set of open-source scripts for PyREBox and IDA Pro.
Description: Apple has released a supplemental security update in response to the "text bomb" denial of service flaw in iOS, macOS, watchOS, and tvOS. The "text bomb" vulnerability, identified as CVE-2018-4124, is a flaw in how certain characters are handled and rendered by the operating system and could result in application and system crashes. Users are advised to update their devices as people triggering this flaw has been observed.
Description: Dell EMC has released a security advisory for two vulnerabilities that have been identified in VMAX Virtual Appliance (vApp) Manager. These vulnerabilities, assigned CVE-2018-1215 and CVE-2018-1216, are severe and have been assessed CVSSv3 scores of 8.8 and 9.8 respectively. CVE-2018-1215 is an arbitrary file upload vulnerability while CVE-2018-1216 is a hard-coded credential vulnerability. Dell EMC has released a software update that addresses these vulnerabilities.
Encryption 101: a malware analyst’s primer
https://blog.malwarebytes.com/threat-analysis/2018/02/encryption-101-malware-analysts-primer/
PcapXray - A Network Forensics Tool to visualize a packet capture offline as a Network Diagram
https://github.com/Srinivas11789/PcapXray
Expanding Intel’s Bug Bounty Program: New Side Channel Program, Increased Awards
https://newsroom.intel.com/news/expanding-intels-bug-bounty-program/
Multi-Stage Email Word Attack Without Macros
https://www.trustwave.com/Resources/SpiderLabs-Blog/Multi-Stage-Email-Word-Attack-without-Macros/