Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
Point-of-sale malware tends to grab headlines — any time Target credit card records get breached, the news is on it. We’ve discovered a new PoS malware, called “GlitchPOS” that the creator is selling online. Based on the information we discovered, it would be possible for nearly anyone to buy the malware and set up their own botnet with relative ease.
On the vulnerability front, besides Microsoft Patch Tuesday (more on that below), we discovered a privilege escalation vulnerability in CleanMyMac X by MacPaw. The bug could allow an attacker to elevate their privileges and execute commands at the level of the current user.
If you missed us at RSA, we have a wrap-up on our blog, complete with an interview with our vice president, Matt Watchinski, and Liz Centoni, a senior vice president at Cisco and head of the IoT business group. There’s also some photos from around the conference and a look at the Cisco Security booth.
Finally, we also have our weekly Threat Roundup, which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where they will represent Talos.
Description: Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 64 vulnerabilities, 17 of which are rated “critical,” 45 that are considered “important” and one “moderate” and “low” vulnerability each. This release also includes two critical advisories — one covering security updates to Adobe Flash Player and another concerning SHA-2. Snort SIDs: 45142, 45143, 46554, 46555, 48051, 48052, 49172, 49173, 49364 - 49369, 49371, 49372, 49378 - 49395, 49400 - 49403
Description: The MacOS version of Pixar Renderman contains three local vulnerabilities in its install helper tool. An attacker could exploit these bugs to escalate their privileges to root. Renderman is a rendering application used in animation and film production produced by Pixar, a well-known film studio. When installing the application, a helper tool is installed and launched as root. This service continues to listen even after installation is complete. These vulnerabilities lie in the
Dispatch function of this helper tool.
Snort SIDs: 48450 - 48453, 49088, 49089
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.