Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
TOP VULNERABILITY THIS WEEK: Microsoft Releases Monthly Set of Security Bulletins for November 2016
============================================================
UPCOMING PUBLIC ENGAGEMENTS WITH TALOS
Event: Talos - Cisco's Key to Understanding the Threat Landscape @ Cisco On The Road - King of Prussia, PA Date: 2016-11-15 Speaker: Earl Carter, Technical Leader Description: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos' large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://demand.cisco.com/CiscoOnTheRoad
Event: Talos - Cisco's Key to Understanding the Threat Landscape @ Cisco Security Week - Minneapolis Date: 2016-11-15 - 2016-11-16 Speaker: William Largent, Threat Researcher Description: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos' large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Minneapolis
Event: Talos - Cisco's Key to Understanding the Threat Landscape @ Cisco Security Week - Seattle Date: 2016-12-13 - 2016-12-14 Speaker: Earl Carter, Technical Leader Description: Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape, by leveraging the work of Talos' large team of threat intelligence experts, researchers, and engineers. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. Reference: http://www.cisco.com/web/offer/usc/securityweek/index.html#~Seattle
============================================================ NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Microsoft Releases Monthly Set of Security Bulletins for November 2016 Description: Microsoft has released their monthly set of security bulletins for November 2016. In total, 14 bulletins address 67 vulnerabilities with 6 bulletins rated "critical" and 8 rated "Important". Some of the vulnerabilities addressed in the latest round of patches affect Edge, Graphics Component, Internet Explorer, Video Control, Windows, Office, Virtual Hard Drive, and SQL Server. Reference: https://technet.microsoft.com/en-us/library/security/ms16-nov Snort SID: 40645-40694, 40701-40706, 40711-40726, 40729-40730
Title: Adobe Releases Security Updates for Flash Player Description: Adobe has released a security bulletin for Flash Player in response to security flaws that have been identified. Adobe's latest security update fixes 9 vulnerabilities with 4 of them type confusion flaws and the remaining 5 being use-after-free flaws. Users who require Flash Player for business operations are strongly encouraged to update to the latest versions of Flash Player. Users and organization who do not require Flash should consider uninstalling it to reduce the risk of compromise. Reference: https://helpx.adobe.com/content/help/en/security/products/flash-player/apsb16-37.html Snort SID: Detection pending release of vulnerability information
Title: Google Releases Monthly Security Bulletin for Android and Nexus Devices Description: Google has released it's monthly Android Security Bulletin for November 2016. This month's release addresses 85 vulnerabilities in 15 different components of the mobile operating system. The most critical vulnerabilities addressed are a remote execution vulnerability in Mediaserver and a privilege escalation vulnerability in libzipfile. One special note is that Google has not yet fully patched CVE-2016-5195, a previously disclosed privilege escalation vulnerability dubbed "Dirty CoW", in Android. Google has insteaded issued a supplemental patch for Nexus and Pixel devices that addresses CVE-2016-5195. CVE-2016-5195 will be patched in the December 2016 Security Bulletin. Reference: https://source.android.com/security/bulletin/2016-11-01.html Snort SID: Detection pending release of vulnerability information
============================================================
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Microsoft's Enhanced Mitigation Experience Toolkit (EMET) to be EoL'd July 31, 2018 https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/
China Adopts Cybersecurity Law Despite Foreign Opposition https://www.bloomberg.com/news/articles/2016-11-07/china-passes-cybersecurity-law-despite-strong-foreign-opposition?
Decrypting iCloud Authorization Tokens on macOS / OS X https://github.com/manwhoami/MMeTokenDecrypt
X3DH: Extended Triple Diffie-Hellman Key Exchange Protocol https://whispersystems.org/docs/specifications/x3dh/
Risk of Election Day Cyberattacks Low According To Experts https://threatpost.com/risk-of-election-day-cyberattacks-low-according-to-experts/121833/
[Talos Blog] Take the RIG Pill: Down the Rabbit Hole http://blog.talosintel.com/2016/11/rig-exploit-kit-campaign-happy-puzzling.html
[Talos Blog] Vulnerability Spotlight: Windows 10 Remote Denial of Service http://blog.talosintel.com/2016/11/vulnerability-spotlight-windows-10.html
=========================================================
MOST PREVALENT MALWARE FILES 2016-11-01 - 2016-11-08: COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: 2e97ef42f24d6d8d53012c42029554061a7ab2537919e234f678c57fd4eccfd6 MD5: 88d60c264a9c3426c081a2cb56e3a879 VirusTotal: https://www.virustotal.com/file/2e97ef42f24d6d8d53012c42029554061a7ab2537919e234f678c57fd4eccfd6/analysis/#additional-info Typical Filename: order_336846246.doc Claimed Product: N/A Detection Name: W32.2E97EF42F2-100.SBX.TG
SHA 256: ae7327f36a659d01a85d4071a4570458ec03a05a6ce7d2f6d092fb46aff3e739 MD5: fa1f769475516b03881602d0824cae12 VirusTotal: https://www.virustotal.com/file/ae7327f36a659d01a85d4071a4570458ec03a05a6ce7d2f6d092fb46aff3e739/analysis/#additional-info Typical Filename: PrinterInstallerClientUpdater.exe Claimed Product: (unknown) Detection Name: W32.AE7327F36A-95.SBX.TG
SHA 256: bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f MD5: 2dbf779808d2ec3f5121891be9f4b1cf VirusTotal: https://www.virustotal.com/file/bcffda040c93b743bca1a67128ec1f60595dc0b14655afd7949b6c779e0e997f/analysis/#additional-info Typical Filename: helperamc Claimed Product: "Advanced Mac Cleaner" Detection Name: OSX.Variant:AMCZ.19if.1201
SHA 256: 4a15565e1a0a5acaab6e987785d44a6a28d31d18f7ee266d4bbf08002aa64eed MD5: a215b91f7c4562a7be10e6fbe36d7aaf VirusTotal: https://www.virustotal.com/file/4a15565e1a0a5acaab6e987785d44a6a28d31d18f7ee266d4bbf08002aa64eed/analysis/#additional-info Typical Filename: gamestop.comnovsubpoena.doc Claimed Product: N/A Detection Name: W32.4A15565E1A-100.SBX.TG
SHA 256: 17073a79dcaba276e4d71d64eff17e5258ed3153a0c0f93d6c810e1e2912e4cf MD5: 7869d29080028fc8b1b47e9686680d63 VirusTotal: https://www.virustotal.com/file/17073a79dcaba276e4d71d64eff17e5258ed3153a0c0f93d6c810e1e2912e4cf/analysis/#additional-info Typical Filename: appintegrator.exe Claimed Product: "Mindspark Toolbar Platform for Internet Explorer" Detection Name: W32.Adware.19km.1201
============================================================
SPAM STATS FOR 2016-11-01 - 2016-11-08
TOP SPAM SUBJECTS OBSERVED
MOST FREQUENTLY USED ASNs FOR SENDING SPAM