Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Android Releases Monthly Security Bulletin for March 2017
Description: Cisco's Talos Group specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers continuously evolve their techniques. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk/webinar, we will perform deep analysis of recent threats Talos has observed over the past quarter and see how Talos leverages large datasets to deliver product improvements and mitigation strategies.
Description: Ransomware has become a constant threat to users. Innovation is the key to staying ahead of threat defenders and earning the most money. During this talk I will examine how three separate ransomware variants (TeslaCrypt, Cryptowall, & Locky) have demonstrated totally different innovation paths with varying results. TeslaCrypt demonstrates a failed attempt at innovation that could not overcome the constant examination by threat defenders. Cryptowall evolved from a simple phishing attack into an advanced piece of malware delivered by exploit kits earning millions of dollars annually. Finally Locky has evolved into a significant spam based email threat driven by an affiliate model that has enabled the ransomware authors to separate themselves from the actual malware distribution.
Description: Android has released its monthly security bulletin to address various security vulnerabilities that have been identified. This latest release fixes 107 vulnerabilities with 35 of them rated critical, 47 rated high, and 25 rated moderate or low. The most severe vulnerabilities are arbitrary code execution flaws in Mediaserver, MediaTek components, and the NVIDIA GPU driver. All vulnerabilities have been patched with Android partners notified of these flaws.
Description: Cisco has released a security advisory to address a vulnerability in the Stream Control Transmission Protocol (SCTP) decoder for its NetFlow Generation Appliances. The flaw (CVE-2017-3826) manifests due to incomplete validation of SCTP packets and could cause the device to hang or reload unexpected, creating a denial-of-service condition. Cisco has released software updates to address this flaw.
Description: Researchers have found that Western Digital MyCloud NAS devices contain numerous vulnerabilities that could be remotely exploited. One of the vulnerabilities disclosed is a login bypass vulnerability which could allow a remote attacker to login to these devices as an administrator. In addition to the login bypass flaw, many authenticated and unauthenticated remote command execution bugs have also been identified that allow a remote attacker to execute commands on the device as root (note that with the login bypass vulnerability, it's possible for all the authenticated remote command execution flaws to be exploited). These vulnerabilities are considered zero-day vulnerabilities. Users and administrators should exercise caution and ensure these devices are NOT publically accessible.
Malware Round-up for the Week of Feb 27 - Mar 3
Covert Channels and Poor Decisions: The Tale of DNSMessenger
Keys for Dharma Ransomware Released
ReBreakCaptcha: Breaking Google’s ReCaptcha v2 using... Google
Ok Google, Give Me All Your Internal DNS Information!
Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token
Talos Identifies Vulnerabilities in Pharos