Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Cisco Talos from the past week.
By now, everyone has used some kind of third-party messaging app — WhatsApp, Telegram, etc. These services promise to keep users’ messages secure and encrypted, away from the prying eyes of third parties. However, our recent research shows it may be easier than users think for attackers to monitor their account and steal their messages on these services.
This week was also Microsoft Patch Tuesday. You can find our coverage of the 38 vulnerabilities that the company patched here. As part of Patch Tuesday, Adobe also released fixes for a number of vulnerabilities in Acrobat and Reader. We specifically discovered a remote code execution bug in Reader, which Adobe disclosed this week.
We also have our weekly Threat Roundup, which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where they will represent Talos.
Synopsis: This talk will consist of two parts. First, we will provide an introduction to Cisco Talos and cover what the organization does. Then, we will dive into a specific campaign we recently discovered targeting the Middle East: “DNSpionage.” This malware targeted several government agencies in the Middle East, as well as a airline. During the research process for DNSpionage, we also discovered an effort to redirect DNSs from the targets and registered SSL certificates for them. We will present the timeline for these two events and their technical details.
Description: Microsoft released its monthly security update, disclosing a variety of vulnerabilities in several of its products. This month’s security update covers 38 vulnerabilities, nine of which are rated “critical” and 29 that are considered “important.” The advisories cover bugs in the Chakra scripting engine, several Microsoft Office products and the Microsoft Internet Explorer web browser. Snort SIDs: 45142, 45143, 48509, 48510, 48513 - 48520, 48531 - 48534, 48559, 48562
Description: Adobe released security updates for Adobe Acrobat and Reader on Windows and MacOS. In all, the company released patches covering 88 vulnerabilities. There are two critical bugs that an attacker could exploit in order to execute code in the context of the current user. Snort SIDs: 48293, 48294
Description: Researchers discovered a new dropper known as “CARROTBAT” that’s being spread in South Korea through spam emails. The dropper can deliver additional decoy documents and secondary payloads, such as remote access trojans, to its victims. The malware allows attackers to drop and open an embedded document in one of 11 different file formats. Snort SIDs: 48475, 48476, 48479, 48480
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.