Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Cisco Talos from the past week.
Clear out your schedule for this weekend, because we’ve got plenty of Talos to fill your free time. We have two new episodes of the Beers with Talos podcast out now, including one extra-large special.
To celebrate episode No. 40, we put together a longer-than-usual episode to discuss the controversial SuperMicro Bloomberg story and the literal hundreds of security updates Oracle released.
There’s also a separate episode covering the increasing prevalence of PDF vulnerabilities, as well as the VirusBulletin conference that took place earlier this month.
Our researchers uncovered ongoing campaigns in South Korea and Japan that all appear to be the work of the same actor. These attacks are distributing malware that shares similarities to the Datper, xxmm backdoor, and Emdivi malware families.
Finally, we also have our weekly Threat Roundup, which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where they will represent Talos.
Synopsis: Join Nick Biasini as he takes part in a day-long education event on all things Cisco. Nick will specifically highlight the work that Talos does as part one of the many breakout sessions offered at Cisco Connect. This session will cover a brief overview of what Talos does and how we operate. Additionally, he'll discuss the threats that are top-of-mind for our researchers, and the trends that you, as defenders, should be most concerned about.
Synopsis: One of the cornerstones of privacy in our days are secure messaging applications such as Signal, WhatsApp and Telegram, which deploy end-to-end encryption to protect the communications. However, a deeper look into these applications shows that they lack transparency, leading to session hijacking at different levels. This presentation will walk through various secure chat applications and how malware we’ve seen in the wild can take advantage of this software.
Description: An APT that’s gone by many names over the years — Tick, Redbaldknight, Bronze Butler — continues to launch attacks against eastern Asian countries. Recent samples studied by Cisco Talos found that the Datper malware contains similarities to two other malware families: xxmm backdoor and Emdivi. Talos saw the malware sample most recently in the wild in July 2018.
Description: Cisco disclosed multiple bugs in Cisco Wireless LAN Controllers that are considered to be of “high” importance. An attacker could exploit these bugs to elevate their privileges, obtain sensitive information or cause a denial-of-service condition on an access point.
Description: Live Networks LIVE555’s streaming media RTSPServer contains a vulnerability that could lead to remote code execution. An attacker can exploit this bug by sending the victim a specially crafted packet. The flaw lies in the HTTP packet-parsing functionality of the software.
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.