Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
Why should your passwords be like your panties? Find out in this week’s episode of the Beers With Talos podcast, where the guys are joined by Michelle Dennedy, Cisco’s chief privacy officer.
If you are running any Elasticsearch clusters, you need to be paying extra close attention. Our researchers found a recent uptick in attackers targeting these clusters for a variety of attacks, deploying several different types of malware.
On the vulnerability front, we just disclosed a heap overflow vulnerability in Antenna House Rainbow PDF Office Server Document Converter. If exploited, an attacker could use this to gain the ability to remotely execute code.
Finally, we also have our weekly Threat Roundup, which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where they will represent Talos.
Location: Moscone Center, San Francisco, Calif.
Synopsis: Matt Watchinksi, the vice president of Cisco Talos, will partake in one of the keynote addresses at this year’s RSA conference. Watchinski, along with Liz Centoni of Cisco, will discuss how to defend against internet-of-things attacks. As more automated devices are added to our homes every day, it just creates more attack vectors. Watchinski and Centoni will talk about successful defense strategies Cisco has employed in the past.
Location: Hannover Congress Center, Hanover, Germany
Synopsis: The pressure on IT security officers to compete for resistant IT security never ends. Attackers are trying to penetrate companies’ networks with new methods and to monetize deducted data every day. Unterbrink sits at the front and will provide insights into the current threat situation and attack scenarios.
Description: The Drupal content management system disclosed a critical remote code execution vulnerability that could allow an attacker to completely take over a web server. The bug lies in the way some file types on Drupal improperly sanitize data from non-form sources, such as RESTful web services. This can lead to arbitrary PHP code execution. Snort SIDs: 49257
Description: Cisco released a round of security updates for several of its products, including WebEx, HyperFlex and Prime Infrastructure. CVE-2019-1659 is a certificate validation vulnerability in Cisco Prime Infrastructure that could allow an attacker to perform a man-in-the-middle attack against the SSL tunnel between Cisco’s Identity Service Engine and Prime Infrastructure. Snort SIDs: 49240
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.