Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
VMware Releases Security Advisory for Denial-of-Service Vulnerability in Workstation and Fusion
Synopsis: Supply chain attacks are often discussed, but overlooked in terms of how well a business prepares itself for any associated compromise or breach. Last year marked itself as "The Year Of The Supply Chain Attack," and marked a turning point concerning supply chain attacks. Talos was involved in two major campaigns: the MeDoc compromise that paralyzed the Ukraine, and the CCleaner compromise that impacted a reported 2.27 million consumers. In this presentation, we will present these two cases. In both cases, we will present how the attackers modified a legitimate application, and what the result of the modification was. We will explain the attackers’ purpose, and the malware used against the victims. For the MeDoc compromise, we were directly involved in the incident response. We will provide a timeline of the events of what happened before, during and after Nyetya and MeDoc. Concerning the CCleaner compromise, we will provide some data and statistics from the attacker’s database and the profiles of the targeted organizations. In the second part, we will speak globally about supply chain attacks. We will discuss the history of these attacks, and we will finally open the discussion regarding the future of these attacks.
Synopsis: PyREBox is an open-source tool focused on reverse engineering, which provides instrumentation and debugging capabilities on top of the QEMU emulator. It allows you to inspect a running QEMU virtual machine (VM), modify its memory or registers, and instrument its execution with simple Python scripts. It combines whole-system-emulation (QEMU) with VM introspection (Volatility). One of the possible applications of this tool is malware analysis. It allows you to debug any process running on the system, and also to instrument the execution of the VM with simple Python scripts to automate common tasks. In this talk, we will present an overview of PyREBox, how it works internally, and how it compares to other tools. We will explain some of the challenges found in implementing Python-based fine-grained instrumentation and how PyREBox tries to solve them. Finally, we will show you how to take advantage of PyREBox for malware analysis by releasing a set of open-source scripts for PyREBox and IDA Pro.
Description: VMware has released a security advisory for CVE-2018-6957, a denial-of-service vulnerability in VMware Workstation, Fusion, and Player. This vulnerability manifests as a result of the hypervisor incorrectly handling large numbers of VNC sessions that are opened. VMware has released a software update that addresses this vulnerability.
Description: A buffer overflow has been identified in the MikroTik RouterOS. This vulnerability manifests in the SMB service and can be triggered when the router incorrectly processes NetBIOS session request messages, potentially resulting in remote code execution.
Abusing Text Editors with Third-party Plugins
Microsoft Launches Limited-Time Bug Bounty Program for Bugs Like Spectre and Meltdown
CVE-2017-13253: Buffer Overflow in Multiple Android DRM Services
ACME v2 and Wildcard Certificate Support is Live for Let’s Encrypt
CVE-2018-2380: SAP Customer Relationship Management Directory Traversal Vulnerability - PoC