Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
TOP VULNERABILITY THIS WEEK: PHPMailer and SwiftMailer Updated to Resolve Code Execution Flaw After First Patch Deemed Insufficient
============================================================
UPCOMING PUBLIC ENGAGEMENTS WITH TALOS
Event: Talos Insights: The State of Cyber Security @ Cisco Live EMER (Berlin, Germany) Date: 2017-02-20 - 2017-02-24 Speaker: Craig Williams, Global Outreach Manager Description: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.ciscolive.com/emea/learn/sessions/content-catalog/?search=BRKSEC-2010
Event: Emerging Threats: The State of Cybersecurity @ Cisco Live Melbourne 2017 (Melbourne, Australia) Date: 2017-03-07 - 2017-03-10 Speaker: Earl Carter, Technical Leader Description: Cisco's Talos Group specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers continuously evolve their techniques. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk/webinar, we will perform deep analysis of recent threats Talos has observed over the past quarter and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.ciscolive.com/anz/
============================================================
NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: PHPMailer and SwiftMailer Updated to Resolve Code Execution Flaw After First Patch Deemed Insufficient Description: PHPMailer and SwiftMailer have released updates to address a vulnerability that was identified by Dawid Golunski of Legal Hackers. PHPMailer and SwiftMailer had released an update to address CVE-2016-10033, a arbitrary code execution vulnerability that could be exploited remotely. However, it was found that the patch was insufficient. In response, PHPMailer and Swiftmailer released another update to address CVE-2016-10045. Administrators who manage servers or applications that relied on these libraries should update their systems. Reference: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
============================================================
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
33c3 Videoes Available Online https://media.ccc.de/c/33c3
Truffle Hog: A tool to search Git commit history to find high-entropy strings (accidentally committed secrets/passwords) https://github.com/dxa4481/truffleHog
FBI-DHS Report Links Fancy Bear Gang to Election Hacks https://threatpost.com/fbi-dhs-report-links-fancy-bear-to-election-hacks/122802/
Switcher: Android joins the ‘attack-the-router’ club https://securelist.com/blog/mobile/76969/switcher-android-joins-the-attack-the-router-club/
Updated Sundown Exploit Kit Uses Steganography http://blog.trendmicro.com/trendlabs-security-intelligence/updated-sundown-exploit-kit-uses-steganography/
=========================================================
MOST PREVALENT MALWARE FILES 2016-12-27 - 2017-01-03: COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: ae7327f36a659d01a85d4071a4570458ec03a05a6ce7d2f6d092fb46aff3e739 MD5: fa1f769475516b03881602d0824cae12 VirusTotal: https://www.virustotal.com/file/ae7327f36a659d01a85d4071a4570458ec03a05a6ce7d2f6d092fb46aff3e739/analysis/#additional-info Typical Filename: PrinterInstallerClientUpdater.exe Claimed Product: Printer Client Updater Detection Name: W32.AE7327F36A-95.SBX.TG
SHA 256: f9b8f7f285f811ee720cce7bccd98a421a26fb90dd7b022118d4b4e1f340036b MD5: 0612402ad98c8c31cd6f2b914a419039 VirusTotal: https://www.virustotal.com/file/f9b8f7f285f811ee720cce7bccd98a421a26fb90dd7b022118d4b4e1f340036b/analysis/#additional-info Typical Filename: gcub.exe Claimed Product: (none) Detection Name: W32.Malware:Pramro.19l0.1201
SHA 256: 76bfca49c7953827efac0936923ed5dd016c14962292045a99f7f2b21878d3a6 MD5: 647a0cfb3b7d0f3dc617f7c05cd64562 VirusTotal: https://www.virustotal.com/file/76bfca49c7953827efac0936923ed5dd016c14962292045a99f7f2b21878d3a6/analysis/#additional-info Typical Filename: mfon.zip Claimed Product: Mac File Opener Detection Name: W32.Trojan.NM
SHA 256: 8897f94710f3ca65af0e52f6e2b76e6319dd5fb0dd6ad0968f8acc0d25ee783a MD5: cc9e1075db0645f1032f8c4b4412deba VirusTotal: https://www.virustotal.com/file/8897f94710f3ca65af0e52f6e2b76e6319dd5fb0dd6ad0968f8acc0d25ee783a/analysis/#additional-info Typical Filename: winwfta.exe Claimed Product: (none) Detection Name: W32.8897F94710-95.SBX.TG
SHA 256: bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f MD5: 2dbf779808d2ec3f5121891be9f4b1cf VirusTotal: https://www.virustotal.com/file/bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f/analysis/#additional-info Typical Filename: helperamc Claimed Product: Advanced Mac Cleaner Detection Name: OSX.Variant:AMCZ.19if.1201
============================================================
SPAM STATS FOR 2016-12-27 - 2017-01-03
TOP SPAM SUBJECTS OBSERVED
MOST FREQUENTLY USED ASNs FOR SENDING SPAM