Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
LockerGoga, a malware that straddles the line between a wiper and ransomware, dominated the headlines this week. We’ve got a breakdown of the malware, covering some of its main features and where attackers may be headed with it.
We also have a new method of unmasking IPv6 addresses. In this post, we outline a technique that uses the properties of Universal Plug and Play (UPnP) protocol to get specific IPv4 hosts to divulge their IPv6 address. This allows us to enumerate a particular subset of active IPv6 hosts which can then be scanned.
On a much less technical note, the latest episode of the Beers with Talos podcast is here to deliver hot takes to our listeners. Once the hosts have had their Pop-Tarts, of course.
Finally, we also have our weekly Threat Roundup, which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where they will represent Talos.
Description: The latest update from WordPress fixes a crtiical vulnerabilit that could allow an attacker to completely take over a site. The bug opened sites to be attacked via malicious comments that contain corss-site scripting if sites had the comments module enabled. Around 20,000 sites have already been impacted by this exploit.
Snort SIDs: 49448
Description: Cisco Talos recently discovered 11 vulnerabilities in the CUJO Smart Firewall. These vulnerabilities could allow an attacker to bypass the safe browsing function and completely take control of the device, either by executing arbitrary code in the context of the root account, or by uploading and executing unsigned kernels on affected systems. Snort SIDs: 47234, 47663, 47809, 47811, 47842, 48261, 48262
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.