Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s ThreatSource newsletter — the perfect place to get caught up on all things Talos from the past week.
Many of us are out in Florida for Cisco Live! this week, so the blog is a bit more quiet than usual.
However, we still have coverage for Microsoft Patch Tuesday. There were 49 vulnerabilities covered in this month’s release, including 11 that were rated “critical.”
We specifically highlighted a remote code execution vulnerability in the Microsoft wimgapi library that our researchers discovered.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where Talos will be represented.
Location: C-Days 2018, University of Coimbra, Coimbra, Portugal
Synopsis: Vitor will be giving two different talks at the annual C-Days conference in Portugal. One will be a light and fast introduction to malware hunting, and the other will focus on how to protect all of your devices as the internet becomes more wide-reaching.
Event name: Virus Bulletin conference Location: Fairmont The Queen Elizabeth hotel in Montreal, Quebec, Canada
Synopsis: Paul and Warren are hosting a joint talk on the Olympic Destroyer malware from earlier this year, and will cover why it is so difficult to attribute the attack. Vanja will also be hosting a workshop on manual kernel mode malware analysis.
Description: Microsoft has released its monthly set of fixes that cover many of its products. The patches address 49 vulnerabilities, 11 of which are rated as “critical” and 38 that are “important.”
Description: Adobe has released patches for multiple vulnerabilities in its Flash Player product. One of them, CVE-2018-5002, was being used in the wild. The bugs include one stack-based buffer overflow vulnerability, as well as an integer overflow.
Description: A flaw in Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI)system. The vulnerability is due to an open port in the Network Interface and Configuration Engine (NICE) service.