Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
Do you think email phishing campaigns are a thing of the past? Think again. Even though the days of AOL Mail and Hotmail are behind us, we’ve recently observed a wide range of large-scale email phishing attempts from the Cobalt Group APT. We have a deep dive into those campaigns here.
While keeping attackers out of your cell phone may seem as easy as clicking a “no” prompt on an alert, you’d be surprised how many people can be susceptible to a mobile device management (MDM) attack. In the latest episode of the Beers with Talos podcast, the guys break down how these kinds of attacks happen, and why the latest one we’ve been following is targeting multiple platforms. It really is as simple as users not reading their alerts close enough.
We also had a major vulnerability post last week covering multiple flaws in the Samsung SmartThings Hub. The Hub, which is a central controller for other internet-of-things devices, can be accessed by an unauthenticated user through a number of methods. That could lead to an attacker accessing any device conntected to the Hub, such as cameras, light switches and security motion detectors.
Finally, we also have our weekly Threat Roundup, which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where they will represent Talos.
Location: Mandalay Bay Convention Center, Las Vegas, Nevada
Synopsis: Cisco Talos will be represented at the Black Hat conference for all six days. On Aug. 8, from 3 to 5 p.m., Paul and Warren will be delivering a talk in Business Hall Theater B covering supply chain attacks.
Location: Fairmont The Queen Elizabeth hotel in Montreal, Quebec, Canada
Synopsis: Paul and Warren are hosting a joint talk on the Olympic Destroyer malware from earlier this year, and will cover why it is so difficult to attribute the attack. Vanja will also be hosting a workshop on manual kernel mode malware analysis.
Description: There are multiple bugs in the Samsung SmartThings Hub that could allow an attacker to execute OS commands or other arbitrary code on affected devices. The SmartThings Hub allows users to control internet-of-things devices through a central controller.
Description: Cisco Talos has released protections against a new variant of the Remcos remote access trojan. These rules will block attempted connections between the victim machine and the command and control server.
Description: There are several bugs in QNAP’s QCenter Virtual Appliance that could allow authenticated users to run arbitrary commands or access sensitive information. The credentials of an administrator can be exposed due to the lack of restriction on the data returned to the API endpoint in QCenter Virtual Appliance.
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.