Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Cisco Talos from the past week.
If you like talking about vulnerabilities, this was the week for you.
Talos disclosed dozens of vulnerabilities over the past few days in a variety of products, most notably Adobe Acrobat Reader, which contains a remote code execution flaw.
We also released information on an information disclosure vulnerability in Google PDFium — a PDF reader in Google’s Chrome and Chromium web browsers.
In terms of volume, the largest number of bugs are in Foxit PDF Reader. There are more than a dozen vulnerabilities we discovered that could all lead to remote code execution.
Finally, we went over several flaws in Atlantis Word Process — a popular alternative to Word.
Outside of vulns, we are excited to finally get the Beers with Talos crew back together for a new episode! In episode 38, the guys cover our latest findings on VPNFilter and the antivirus-avoiding RAT we wrote about last week.
We also have our weekly Threat Roundup, which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where they will represent Talos.
Location: XI International Congress of Industrial Cybersecurity at the Hotel Meliá Avenida de América in Madrid, Spain
Synopsis: This is an annual gathering bringing together experts in cybersecurity from across Europe. In his talk, Vitor will cover how SCADA and industrial control systems are more vulnerable than ever, and what can be done to protect these vital systems.
Location: Texas Cyber Summit at Wyndham River Walk Hotel in San Antonio, Texas
Synopsis: Wiper malware has been leveraged by attackers for years to facilitate the destruction of data and systems. In many cases, this malware has caused widespread operational issues for organizations and critical infrastructure all over the globe. Attackers have increasingly been leveraging and improving upon their wiper malware over the past several years. This talk will cover several notable examples of wiper malware, how they were distributed and the impacts that resulted from these attacks.
Location: Tech at the Gap conference at the Western Maryland IT Center of Excellence in Cumberland, Md.
Synopsis: Talos specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape by leveraging the work of Talos’ large team of threat intelligence experts, researchers, and engineers. In this talk, Ashlee will cover recent threats and the methods and analysis used by Talos to defend against them.
Description: Adobe patched several vulnerabilities in Acrobat and Reader, the majority of which are rated as “critical” and “important.” The advisory, released on Oct. 1, covers more than 80 different bugs. An attacker could exploit these flaws and execute code in the context of the current user.
Description: The well-known APT Cobalt Gang is using a new downloader, called “CobInt,” to spread its malware. Cobalt Gang spreads the downloader through malicious URLs and Microsoft Word documents, and then eventually installs additional modules through CobInt.
Description: Cisco disclosed a vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance (ASA). A remote attacker could exploit these vulnerabilities to force the targeted system to reboot.
Description: The Magecart group continues to attack different public-facing websites in an attempt to steal credit card information. The group’s malware recently hit British Airways, Ticketmaster U.K., and online retailer Newegg. Magecart sets up its malware on HTTPS servers and scans online retailers’ sites for financial information as transactions are completed.
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.