Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Flaw in WPA2 Standard Could Allow Attackers to Decrypt Data (a.k.a. KRACK attack)
Synopsis: The threat landscape constantly evolves and changes. Keeping up with what's new and what's evolved can be a challenge. Join us for this free webinar to hear about the latest innovations in threat intelligence from Talos Threat Researchers. After the the presentation, the floor will be opened up for a live Q&A based on questions asked by our audience.
Synopsis: This presentation will show how APT actors are evolving and how the reconnaissance phase is changing to protect their valuable 0-day exploit or malware frameworks. This talk will mainly focus on the usage of Office documents and watering hole attacks designed to establish if the target is the intended one (we will mention campaigns against political or military organizations). The techniques and the obfuscation put in place by these actors will be described in detail (techniques based on Macro, JavaScript, PowerShell, Flash or Python). At the end of the presentation, we will show different mitigations to help attendees protect their users.
Description: Researchers have identified a flaw in the WPA2 wireless encryption standard that could give attackers the ability to decrypt data. This flaw manifests as a key reinstallation vulnerability in the Wi-fi standard itself rather than any particular implementation. However, there are implementation-specific issues (such as the wpa_supplicant client used in Android and Linux) that could facilitate interception or manipulation of wireless traffic. Patches for this vulnerability in Android, Linux, Apple, and Windows are forthcoming or have already been developed and released.
Description: Oracle has released its quarterly set of security advisories to address various vulnerabilities that have been identified. This quarter's patch release addresses 252 vulnerabilities across Java, MySQL, Oracle Database, Fusion Middleware, and more. The Java update itself fixes 22 vulnerabilities with 20 of them potentially being remotely exploitable.
Description: Adobe has released an out-of-band security update for Flash Player in response to CVE-2017-11292, a zero-day vulnerability under active exploitation. CVE-2017-11292 manifests as a type confusion vulnerability. Reports have indicated that this vulnerability is being leveraged by the Black Oasis APT group. Users are advised to update as soon as possible to reduce the risk of compromise.
Someone Created a Tor Hidden Service to Phish my Tor Hidden Service
http://incoherency.co.uk/blog/stories/hidden-service-phishing.html
Malvertising on Equifax, TransUnion tied to third party script
https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-websites-push-fake-flash-player/
Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices
https://googleprojectzero.blogspot.com/2017/10/over-air-vol-2-pt-3-exploiting-wi-fi.html
VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues
https://blogs.technet.microsoft.com/srd/2017/10/03/vulnscan-automated-triage-and-root-cause-analysis-of-memory-corruption-issues/
Spoofed SEC Emails Distribute Evolved DNSMessenger
http://blog.talosintelligence.com/2017/10/dnsmessenger-sec-campaign.html?f_l=s