Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
Did you miss out on going to Orlando for Cisco Live! or the Talos Threat Research Summit? Fear not, for this week we bring you the live Beers with Talos podcast that was recorded on-site. The guys provide an update on VPNFilter and give a recap of the Research Summit, plus a way-too-late World Cup preview.
We also published details about a new campaign utilizing the FormBook malware. A malicious actor appears to be sending out malicious emails with four different attachments that can install FormBook. Get all of the details here.
The Talos researchers also stepped up to the plate with the release of a new decryptor for the Thanatos ransomware. Even though the attack left victims with few options, our new, free tool will allow them to unencrypt their files that were impacted by the attack.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where Talos will be represented.
Location: Mandalay Bay Convention Center, Las Vegas, Nevada
Synopsis: Cisco Talos will be represented at the Black Hat conference for all six days. On Aug. 8, from 3 to 5 p.m., Paul and Warren will be delivering a talk in Business Hall Theater B covering supply chain attacks.
Location: Fairmont The Queen Elizabeth hotel in Montreal, Quebec, Canada
Synopsis: Paul and Warren are hosting a joint talk on the Olympic Destroyer malware from earlier this year, and will cover why it is so difficult to attribute the attack. Vanja will also be hosting a workshop on manual kernel mode malware analysis.
Description: There are multiple flaws in Cisco Fabric Services that could allow a malicious attacker to remotely execute code on a victim’s machine or cause a denial-of-service condition. The bugs cover CVE-2018-0308, CVE-2018-0314, CVE-2018-0304 and CVE-2018-0308.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-cli-execution https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-fabric-execution https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-ace https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-fab-ace
Description: A new malware known as InvisiMole can infect a victim machine and use the camera and microphone to record audio and video. InvisiMole has been targeting computers in Russia and Ukraine for the past five years, according to researchers.
Description: The Insteon Hub internet-of-things central controller contains many vulnerabilities that can cause a range of problems, from denial of service to remote code execution. The majority of the vulnerabilities have their cause in the unsafe usage of the strcpy() function, leading either to stack overflow or global overflow.
Keep up with all things Talos by following us on Twitter and Facebook. Snort, ClamAV and Immunet also have their own accounts you can follow to keep up with their latest updates. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.