Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Cisco Talos from the past week.
You probably see our Vulnerability Spotlights come and go (there are a lot of them, after all). But we decided to take a deep dive into TALOS-2018-0636/CVE-2018-3971, a bug we recently disclosed in Sophos HitmanPro.Alert, an antivirus software. Here, we dive into the exploitation process and talk about how we discovered the vulnerability in the first place.
With Veteran’s Day on the way, we also feel it’s important to highlight one of Cisco Talos’ newest initiatives. We are starting a new chapter of CyberVets U.S.A. in Maryland, in conjunction with other local tech companies and state officials. Through this program, military veterans can receive free training for cybersecurity jobs, and could even find themselves working for Cisco one day. You can learn more about the program here.
Finally, we also have our weekly Threat Roundup, which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where they will represent Talos.
Synopsis: Join Nick Biasini as he takes part in a day-long education event on all things Cisco. Nick will specifically highlight the work that Talos does as part one of the many breakout sessions offered at Cisco Connect. This session will cover a brief overview of what Talos does and how we operate. Additionally, he'll discuss the threats that are top-of-mind for our researchers, and the trends that you, as defenders, should be most concerned about.
Synopsis: One of the cornerstones of privacy in our days are secure messaging applications such as Signal, WhatsApp and Telegram, which deploy end-to-end encryption to protect the communications. However, a deeper look into these applications shows that they lack transparency, leading to session hijacking at different levels. This presentation will walk through various secure chat applications and how malware we’ve seen in the wild can take advantage of this software.
Description: A botnet known as “Chalubo” is targeting IoT devices and launching distributed denial-of-service attacks against them. Once a device is infected, the attacker can download the three components: a downloader, the main bot and a Lua command script. Snort SIDs: 48281 - 48286
Description: A Russian-speaking actor recently launched a new campaign known as “Octopus” in Central Asia, hoping to target users of the encrypted messaging app Telegram. The malware poses as Telegram and then infects users once they download the malicious app.
Description: There are several bugs in the Yi Technology Home Camera that could allow an attacker to completely take over the camera and potentially delete footage. For half of the vulnerabilities, physical access is required to exploit them, and there is also a network attack vector in one of the bugs (CVE-2018-3892), raising its severity.
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.