Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Adobe releases updates for Acrobat, Reader, Photoshop
Synopsis: In today's world, online crime is currently being primarily run through extortion via ransomware. Times are changing, and the business models for these types of malware are changing along with it. The rise of ransomware has paralleled a rise in the value of cryptocurrencies. The two are not necessarily connected — but the impact has been.
Synopsis: Join leaders from Cisco and Talos for a week of learning, new experiences and face-to-face time with our engineers. Craig Williams, the director of Talos Global Outreach, will be leading a session in the security track on the current cyber security landscape. There will also be a recording of a live Beers with Talos episode on June 12 at 4 p.m., in the main hall balcony Cisco TV studio. The Talos Threat Research Summit and Happy Hour are sold out on June 10, but you can still follow along on the Talos and Cisco Security Twitter channels.
Synopsis: The recent Olympic Destroyer and Nyetya (NotPetya) attacks have emphasized the destructive effects of wiper malware. Organizations need to be aware of the nature of such malware, not only because they may be targeted by such attacks, but because they may become collateral damage as part of an attack against a third party. Lee will explore how wiper malware has developed over time, how attacks may meet the objectives of threat actors, and how organizations need to consider their security posture in order to detect and block such attacks.
Description: Adobe has released several fixes to flaws in its Acrobat, Reader and Photoshop products. There were multiple vulnerabilities in both products that could lead to remote code execution on the victim’s machine.
Description: Cisco has fixed a vulnerability in Cisco Prime File Upload that could allow an attacker to upload arbitrary files to any directory on a device and execute those files.
Description: Rubella Macro Builder, a crimeware kit that’s been gaining strength since late April, has been used as a cheap and easy way for malicious actors to deploy social-engineering campaigns. There are new protections against this kit that look for common obfuscations of VBS script, which apply to other malware families, as well.
A new attack method recently discovered could amplify future distributed denial-of-service attacks.
Kaspersky Labs is building a new data center in Sweden in an effort to rebuild its credibility and distance itself from accusations of spying.
Root cause analysis of an Internet Explorer vulnerability CVE-2018-8174, a zero-day flaw that was found in the wild. https://securelist.com/root-cause-analysis-of-cve-2018-8174/85486/
John Bolton, U.S. President Donald Trump’s recently appointed national security advisor, has floated the possibility of eliminating the White House’s top cyber security position.
Researchers have disclosed flaws in how email clients handle S/MIME and PGP-encrypted emails, potentially leaking encrypted-contents.
Cyber security firm Symantec disclosed that it is carrying out an investigation into its internal disclosure of financial information. The company’s stock dropped 33.1 percent on May 11, and rebounded slightly on the 14th.
A new cryptocurrency miner is stealing Facebook credentials and installs mining scripts on victim’s machines.