Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Cisco Talos from the past week.
You may remember the GPlayed malware we wrote about a few weeks ago. Well, we’ve already found its offspring. Our researchers discovered a new banking trojan that is very similar to the original GPlayed — and it’s targeting the customers of a Russian state-owned bank.
Sextortion spam campaigns have become more popular this year. Thousands of people around the globe are getting emails that claim (erroneously) to have compromising videos of the user that the attacker will post online if they do not receive a payment. We dove into some of these campaigns and were able to connect the dots on many of them to draw a few conclusions about the actors behind this spam.
We know it’s not quite time yet for everyone’s “Year in Review” posts, but we do have an annual roundup already for you. Our researchers have been hard at work discovering more vulnerabilities than ever over the past 12 months. In this post, we recap the work we’ve done over the past 12 months in vulnerability discovery.
Finally, we also have our weekly Threat Roundup, which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where they will represent Talos.
Synopsis: Join Nick Biasini as he takes part in a day-long education event on all things Cisco. Nick will specifically highlight the work that Talos does as part one of the many breakout sessions offered at Cisco Connect. This session will cover a brief overview of what Talos does and how we operate. Additionally, he'll discuss the threats that are top-of-mind for our researchers, and the trends that you, as defenders, should be most concerned about.
Synopsis: One of the cornerstones of privacy in our days are secure messaging applications such as Signal, WhatsApp and Telegram, which deploy end-to-end encryption to protect the communications. However, a deeper look into these applications shows that they lack transparency, leading to session hijacking at different levels. This presentation will walk through various secure chat applications and how malware we’ve seen in the wild can take advantage of this software.
Description: There are three vulnerabilities in the Cisco NX-OS software that could allow an attacker to carry out a denial-of-service attack on the victim machine. The bugs lie in the simple network management protocol (SNMP) input packet processor, precision time protocol (PTP) and link layer discovery protocol (LLDP).
Description: Two vulnerabilities exist in Sophos HitmanPro.Alert, a malware detection and protection tool. Both vulnerabilities lie in the input/output control (IOCTL) message handler. One could allow an attacker to read kernel memory contents, while the other allows code execution and privilege escalation.
Description: A vulnerability in the MKVToolNix mkvinfo utility that parses the Matroska file format video files (.mkv files) could allow an attacker to execute code on the victim’s machine in the context of the current user. It is possible to forge a .mkv file in a way that the vulnerable function frees an element so that another delete operation triggers a use-after-free vulnerability.
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.