Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Apple Releases macOS High Sierra 10.13, macOS Server 5.4, and iCloud for Windows 7.0; Multiple Vulnerabilities Addressed
Synopsis: The threat environment is in constant flux as defenders adopt improved techniques and attackers adapt their tools, techniques and procedures to counteract these. Sophisticated attackers are already altering their behaviour in order to make their attacks less visible and more likely to blend into the ‘background noise’ of network traffic. From using a genuine government website for command and control traffic, to using software update systems to distribute malicious executables, to ensure that payloads are only delivered to the intended target, threat actors are trying as much as possible to fly under the radar.
Synopsis: What happens when the biggest players in a market just get up and quit? That's exactly what has happened to the exploit kit landscape over the last year. Now that Angler, Neutrino, and Nuclear are gone, we're left to pick up the pieces. What's been created is a vacuum with Rig, Sundown, and others jockeying for position, but none have taken the lead. We've observed adversaries changing kits frequently and gates switching from one kit to the next. Just like any other threat, adversaries are going to evolve and change. Oddly the kits don't appear to have evolved much, but looks can be deceiving. Previously unreleased details on several high profile exploit kits will be disclosed. This talk will discuss the state of exploit kits today. There will also be a section related to how exploit kits will evolve in the future and the impacts it may potentially have on the threat landscape overall.
Synopsis: The threat landscape constantly evolves and changes. Keeping up with what's new and what's evolved can be a challenge. Join us for this free webinar to hear about the latest innovations in threat intelligence from Talos Threat Researchers. After the the presentation, the floor will be opened up for a live Q&A based on questions asked by our audience.
Description: Apple has released new versions of macOS for desktop and laptop devices as well as iCloud for Windows. These latest updates address various security vulnerabilities that have been identified. macOS High Sierra 10.13 contains fixes for 43 vulnerabilities with the most severe being a flaw that could allow an application to execute code with kernel level privileges. macOS Server 5.4 contains fixes for FreeRADIUS while iCloud for Windows addresses numerous WebKit vulnerabilities that could be used to execute arbitrary code when viewing malicious web content.
Description: Google has disclosed several vulnerabilities that have been identified in DNSmasq as a result of an internal security assessment. In total, seven vulnerabilities were identified, responsibly disclosed, and addressed. Three vulnerabilities that are of particular note are CVE-2017-14491, a remotely exploitable heap-based overflow, CVE-2017-14493, a remotely exploitable stack-based buffer overflow, and CVE-2017-14496, a denial of service flaw which affect Android. Network administrators are advised to update any devices or systems which may be running an older, vulnerable version of DNSmasq.
Description: NETGEAR has released several security advisories addressing vulnerabilities that have been identified in its routers, switches, and NAS devices. In total, 50 vulnerabilities were addressed with 20 of them rated "high" severity and the remaining 30 reated "medium" severity. Researchers note that several of the vulnerabilities are severe such as PSV-2017-1209, a command injection vulnerability that could be exploited without authentication.
Judge: FBI Can Keep iPhone Crack and Price Secret
Yahoo Triples Likely Scope of 2013 Hack to 3 Billion Users
Spanish court grants U.S. extradition for Russian hacking suspect
DerbyCon 2017 CTF Write Up
Banking Trojan Attempts To Steal Brazillion$