Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Cisco Talos from the past week.
We know we’re a little late on this, but after some technical difficulties, the latest episode of the Beers with Talos podcast is here. The guys this week cover sextortion malware, the importance of vulnerability research and attackers who want to go after mobile devices.
Speaking of vulnerabilities, we had a lot to cover in this month’s Microsoft security update. Here is the rundown of all of the bugs Microsoft disclosed Tuesday. We also have all of our Snort coverage here.
We also have full coverage of a Brazilian banking trojan we’ve spotted in the wild. While the trojan itself is not new, there are new campaigns spreading it in an attempt to steal customers’ login information.
Finally, we also have our weekly Threat Roundup, which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where they will represent Talos.
Synopsis: Join Nick Biasini as he takes part in a day-long education event on all things Cisco. Nick will specifically highlight the work that Talos does as part one of the many breakout sessions offered at Cisco Connect. This session will cover a brief overview of what Talos does and how we operate. Additionally, he'll discuss the threats that are top-of-mind for our researchers, and the trends that you, as defenders, should be most concerned about.
Synopsis: One of the cornerstones of privacy in our days are secure messaging applications such as Signal, WhatsApp and Telegram, which deploy end-to-end encryption to protect the communications. However, a deeper look into these applications shows that they lack transparency, leading to session hijacking at different levels. This presentation will walk through various secure chat applications and how malware we’ve seen in the wild can take advantage of this software.
Description: Microsoft released its monthly security update, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 53 vulnerabilities, 11 of which are rated "critical," 40 that are rated "important” and one “moderate” and “low” vulnerability, each. The advisories cover bugs in the Chakra scripting engine, Microsoft Outlook and DirectX. This update also includes three advisories. One covers vulnerabilities in Adobe Flash Player, and another covers important bugs in the Microsoft Surface tablet. Additionally, there is guidance for how users should configure BitLocker in order to properly enforce software encryption.
Description: Adobe released patches for several vulnerabilities in three of its products: Acrobat Reader DC, Photoshop and Flash Player. All five of the bugs disclosed are considered “important” and could lead to otherwise protected information being exposed.
https://helpx.adobe.com/security/products/flash-player/apsb18-39.html https://helpx.adobe.com/security/products/acrobat/apsb18-40.html https://helpx.adobe.com/security/products/photoshop/apsb18-43.html
Description: A Chinese actor was spotted in the wild attacking Adobe ColdFusion servers. The group appears to have reverse-engineered an Adobe security patch to quietly upload a variant of the China Chopper backdoor on unpatched servers and take over the entire system.
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.