Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
After weeks of additional research, we have new findings regarding that mobile device management (MDM) campaign we wrote about a few weeks ago. The actor appears to be targeting more devices on more platforms than we additionally thought — and it covers both iOS and Windows platforms.
We also have big news regarding TalosIntelligence.com. In the coming weeks, we’ll be adding a new dispute system that streamlines the process of disputing any of our data. Going forward, you’ll need to log in to our new website using a CCO ID (Cisco Connection Online ID). We hope that this will bring our analysts and customers.
If you’re looking for a longer read, we have a new whitepaper out regarding cryptocurrency mining. If you are worried about miners ending up on your networks or machines, this paper will run down all the ways Cisco products can protect you.
Finally, we also have our weekly Threat Roundup, which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where they will represent Talos.
Location: Mandalay Bay Convention Center, Las Vegas, Nevada
Synopsis: Cisco Talos will be represented at the Black Hat conference for all six days. On Aug. 8, from 3 to 5 p.m., Paul and Warren will be delivering a talk in Business Hall Theater B covering supply chain attacks.
Location: Fairmont The Queen Elizabeth hotel in Montreal, Quebec, Canada
Synopsis: Paul and Warren are hosting a joint talk on the Olympic Destroyer malware from earlier this year, and will cover why it is so difficult to attribute the attack. Vanja will also be hosting a workshop on manual kernel mode malware analysis.
Description: Oracle has released patches fixing 334 different vulnerabilities in a wide variety of its products — the highest number of flaws addressed in the company’s history. Sixty-one of the bugs are considered critical. Oracle's Financial Services Applications received the most amount of patches, with the update fixing 56 flaws.
Description: Cisco has released patches for multiple critical flaws in Policy Suite. The bugs could leave enterprise users open to attacks that result in information leaks, account compromise, database tampering and more.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-cm-default-psswrd https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-unauth-access https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-pspb-unauth-access
Description: The Sony IPELA E Series Network Camera contains two vulnerabilities that could allow an attacker to execute code remotely. A specially crafted GET request can trigger a command injection flaw, while a POST request triggers a separate remote code execution vulnerability.
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.