Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
The blog has been quiet this week with many of our researchers out in Las Vegas for so-called “hacker summer camp.” There’s a number of conferences going on this week, most notably Black Hat, which wraps up today. Look for the Cisco booth during the final hours of Black Hat and at Defcon later on if you want to pick up a special Snort or even a pair of Talos socks.
If you need something to hold you over until we return to a normal schedule this week, there is a post covering the Tetrane REVEN reverse-engineering platform. We dive into how using the platform can allow you to quickly determine whether a bug is exploitable or not.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where they will represent Talos.
Location: Fairmont The Queen Elizabeth hotel in Montreal, Quebec, Canada
Synopsis: Paul and Warren are hosting a joint talk on the Olympic Destroyer malware from earlier this year, and will cover why it is so difficult to attribute the attack. Vanja will also be hosting a workshop on manual kernel mode malware analysis.
Description: An APT known as “Gorgon” has been launching identical email spam and targeted campaigns against government agencies in the U.S., U.K., Russia and Spain. The most recent campaign launched spear-phishing emails that contained Microsoft Word documents exploiting the Microsoft Office vulnerability CVE-2017-0199.
Description: A vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. An attacker could exploit this flaw by sending HTTP requests that submit malicious inputs to the affected software.
Description: A bug in the Site Editor plugin for WordPress could allow an unauthenticated, remote attacker to access sensitive information on a targeted system. A successful exploit could allow the attacker to access arbitrary files on the system, which could be used to conduct additional attacks.
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.