Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Third major recent vulnerability found in Drupal
Synopsis: The threat environment is a cat-and-mouse game between attackers seeking to compromise systems, and defenders seeking to protect systems from attack. However, even the most sophisticated attackers leave tell-tale traces that decry their intentions or activity. In this presentation, Lee will present examples of how Cisco Talos transforms raw data into intelligence in order to detect and block the latest attacks.
Synopsis: In today's world, online crime is currently being primarily run through extortion in the electronic age via ransomware. Times are changing, and the business models for these types of malware are changing along with it. The rise of ransomware has paralleled a rise in the value of cryptocurrencies. The two are not necessarily connected — but the impact has been.
Synopsis: Join us in Orlando prior to Cisco Live for the first ever Cisco Talos Threat Research Summit, a one-day conference by defenders, for defenders, designed to give you actionable insights to keep your users and network safer. Throughout the summit, you will hear from leading researchers at Talos and cyber security experts from across the industry. Lurene A. Grenier, an industry veteran, will be the keynote speaker, and will be speaking about why many businesses are not taking their security seriously enough.
Description: For the third time in the past 30 days, a major remote code execution vulnerability has been found in the Drupal open-source content management framework. The vulnerability, nicknamed Drupalgeddon3, could allow an attacker to completely compromise a site.
https://www.imperva.com/blog/2018/04/just-third-critical-drupal-flaw-discovered/ https://www.drupal.org/sa-core-2018-004
Description: Multiple vulnerabilities in the Hyland Perceptive Document Filters were patched this week. The four vulnerabilities allow an attacker to execute arbitrary code, and exist in the file conversion feature.
Description: A new update to the Microsoft Windows open-source archiving software 7-Zip was released this week, patching a number of flaws. The new version fixes a security vulnerability in the Rar unpacking code.
https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/ https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
Google has released a new security update, protecting all of their devices against the Meltdown attack, which targeted Intel chips.
https://www.securityweek.com/all-chrome-os-devices-now-protected-against-meltdown
Attackers are using the well-known ETERNALROMANCE exploit to push a new cryptocurrency mining malware that specifically mines the Monero cryptocurrency.
https://www.fortinet.com/blog/threat-research/python-based-malware-uses-nsa-exploit-to-propagate-monero--xmr--.html
Security researchers were able to turn Amazon’s Alexa smart speaker into a remote recording device. Amazon has since patched this exploit.
https://www.wired.com/story/amazon-echo-alexa-skill-spying/
Researchers from Cisco Talos have discovered a new RAT that is specifically targeting users in India. The malware has been consistently evolving over the past two years.
https://blog.talosintelligence.com/2018/04/gravityrat-two-year-evolution-of-apt.html
Microsoft has unveiled its new solution designed to protect critical infrastructure against modern cyber threats.
https://www.securityweek.com/microsoft-unveils-new-solution-securing-critical-infrastructure