Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Cisco Talos from the past week.
Our researchers recently discovered a command injection vulnerability in Netgate pfSense’s systemadvancedmisc.php powerdnormalmode. pfSense is a free and open-source firewall and router that also features unified threat management, load balancing and multi-WAN, among other features. You can read about the vulnerability here and see our coverage.
ClamAV users will be happy to know the new 0.101.0 is here with a slew of new features. There’s now support for RAR v5 archive extraction, changes to the Libclamav API and two new scan options.
We also have our weekly Threat Roundup, which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.
Description: There is a vulnerability in the web framework code of Cisco Prime License Manager that could allow a remote, unauthenticated attacker to execute arbitrary SQL queries. The vulnerability lies in the way the application validates user-supplied inputs in SQL queries. An attacker could exploit this flaw by sending specially crafted HTTP POST requests that contain malicious SQL statements to an affected application. Snort SIDs: 48454, 48455
Description: A command injection vulnerability exists in Netgate pfSense systemadvancedmisc.php powerdnormalmode. This command injection vulnerability in Netgate pfSense is due to lack of sanitization on the 'powerdnormalmode' parameter in POST requests to 'systemadvancedmisc.php'.
Snort SIDs: 48178
Description: The hacking group TA505 is back with a new trojan known as “tRat.” The malware is targeting financial institutions with the goal of stealing credentials, financial data and other customer information. TA505 has been around for years and is behind some of the most well-known malware, including Locky and Dridex. Snort SIDs: 48466 - 48468
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.