Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s ThreatSource newsletter — the perfect place to get caught up on all things Talos from the past week.
We recently published an important update to our research on VPNFilter. Thanks to the hard work of our researchers and our intelligence partners, we discovered that there were more devices impacted by this malware than initially thought. Additionally, we discovered more details about stage 3 modules that are impacting endpoints.
In addition to VPNFilter, there’s another new malware family we recently discovered: NavRAT. The email phishing campaign is targeting users in South Korea, attempting to trick them into clicking on a malicious document. The document is disguised as a news article outlining a potential summit between the U.S. and North Korea.
Meanwhile, we’re eagerly looking forward to this weekend’s Talos Threat Research Summit as part of Cisco Live! If you are planning on heading to Orlando to listen to some of the fantastic talks we have planned, here’s a handy guide we’ve pulled together with the week’s events.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where Talos will be represented.
Location: Orange County Convention Center in Orlando, Florida
Synopsis: Join leaders from Cisco and Talos for a week of learning, new experiences and face-to-face time with our engineers. Craig Williams, the director of Talos Global Outreach, will be leading a session in the security track on the current cyber security landscape. There will also be a recording of a live Beers with Talos episode on June 12 at 4 p.m., in the main hall balcony Cisco TV studio. The Talos Threat Research Summit and Happy Hour are sold out on June 10, but you can still follow along on the Talos and Cisco Security Twitter accounts.
Location: Security Interest Group @ Switzerland Technology Conference in Regensdorf, Switzerland
Synopsis: The recent Olympic Destroyer and Nyetya (NotPetya) attacks have emphasized the destructive effects of wiper malware. Organizations need to be aware of the nature of such malware, not only because they may be targeted by such attacks, but because they may become collateral damage as part of an attack against a third party. Lee will explore how wiper malware has developed over time, how attacks may meet the objectives of threat actors, and how organizations need to consider their security posture in order to detect and block such attacks.
Description: Researchers have discovered a severe flaw in the Git software source code that could allow an attacker to execute code on a victim machine. The bug, CVE 2018-11235, occurs due to the management of remote repository definitions and data.
Description: Cisco Talos has discovered a denial-of-service vulnerability in the Ocularis Recorder video management software. An attacker can take advantage of this flaw by crafting a malicious network packet that causes a process to terminate.
Description: Multiple vulnerabilities exist in the Natus NeuroWorks software. The software, which is used to measure brain activity on EEG machines, can be inappropriately accessed in multiple ways to cause a denial of service.
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly ThreatSource newsletter here.