Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Cisco Talos from the past week.
First up, a programming note: The Threat Source newsletter will be taking two weeks off as Cisco goes on its annual winter shutdown. Talos would like to wish everyone a safe and happy holiday season. We will be back bringing you your cybersecurity news on Jan. 10.
Speaking of wrapping up the year, one of the largest trends we saw in 2018 was the rise of cryptocurrency miners. Malicious actors began deploying these miners as the value of cryptocurrencies rose in late 2017. However, that value has plummeted over the past few months. Will this have an impact on the kind of malware we expect to see in 2019? Find out in our blog post here. Also on the topic of cryptocurrency miners, we also took a deep dive into some of the most prevalent actors we’ve seen delivering this malware and analyze how they may be connected.
If you happen to be traveling this week and next for the holidays, the Beers with Talos podcast is here to keep you from going insane while you’re in traffic. In this episode, the guys talk about the recent DNSpionage campaign we uncovered, as well as the first steps a CISO should make when his or her company makes an acquisition (we’re looking at you, Mariott).
We also have our weekly Threat Roundup, which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where they will represent Talos.
Synopsis: This talk will consist of two parts. First, we will provide an introduction to Cisco Talos and cover what the organization does. Then, we will dive into a specific campaign we recently discovered targeting the Middle East: “DNSpionage.” This malware targeted several government agencies in the Middle East, as well as a airline. During the research process for DNSpionage, we also discovered an effort to redirect DNSs from the targets and registered SSL certificates for them. We will present the timeline for these two events and their technical details.
Description: Microsoft released an out-of-band (OOB) patch on Wednesday related to a vulnerability in the scripting engine of Internet Explorer. This particular vulnerability is believed to be actively exploited in the wild and should be patched immediately. Snort SIDs: 48699 - 48702
Description: WordPress released its latest update, which fixes a number of security vulnerabilities that are considered serious. The most serious flaw allowed the content management system’s “user activation screen” to be indexed by Google, which could lead to some users’ login information to become publicly visible. WordPress also warned users about unauthorized file deletion bug and unauthorized post creation bugs. Snort SIDs: 48573
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.