Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
It was a busy week for us in terms of vulnerabilities. We have major breakdowns for two well-known pieces of software.
First up is Pixar’s Renderman application, a 3-D animation tool that is widely used. There are two denial-of-service vulnerabilities that exist due to the lack of proper validation during the parsing process of network packets.
There are also multiple remote code execution flaws in Insteon Hub, an internet-of-things central control system that is used in many homes. The majority of the vulnerabilities have their root cause in the unsafe usage of the strcpy() function, leading either to stack or global overflow.
We also are back to our weekly Threat Roundups. While we missed a week earlier this month, the most recent post covers everything between June 1 and 15. You can find the biggest threats we’ve monitored during that time here.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where Talos will be represented.
Location: C-Days 2018, University of Coimbra, Coimbra, Portugal
Synopsis: Vitor will be giving two different talks at the annual C-Days conference in Portugal. One will be a light and fast introduction to malware hunting, and the other will focus on how to protect all of your devices as the internet becomes more wide-reaching.
Location: Fairmont The Queen Elizabeth hotel in Montreal, Quebec, Canada
Synopsis: Paul and Warren are hosting a joint talk on the Olympic Destroyer malware from earlier this year, and will cover why it is so difficult to attribute the attack. Vanja will also be hosting a workshop on manual kernel mode malware analysis.
Description: A remote code execution flaw exists in Microsoft’s wimgapi library. If an attacker creates a specially crafted WIM file, they could be able to execute malicious code with the same access rights as the logged-in user, or just crash the system with a denial-of-service attack.
Description: A decades’ old flaw PGP vulnerability could allow a malicious actor to create phony signatures for just about any user. The flaw exists in some of the most widely used email encryption tools, including GnuPG, Enigmail, GPGTools, and python-gnupg.
Description: There are multiple major vulnerabilities in Pixar’s RenderMan 3-D modeling software. Both vulnerabilities are due to the lack of proper validation during the parsing process of network packets.
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.