Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Cisco Talos from the past week.
Since it's Thanksgiving week in the U.S., there's not much going on on our blog this week. However, we do have some good information for you as the holiday shopping season kicks into gear. Attackers view Black Friday and Cyber Monday as opportune times to capitalize on shoppers who may not be as cyber-literate as they should be. Last year, we saw a spike in malicious emails targeting customers on the two most popular shopping days of the year, a trend we expect to see this year, too. Here's what you can do to keep yourself safe.
We also have our weekly Threat Roundup, which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where they will represent Talos.
Synopsis: Join Nick Biasini as he takes part in a day-long education event on all things Cisco. Nick will specifically highlight the work that Talos does as part one of the many breakout sessions offered at Cisco Connect. This session will cover a brief overview of what Talos does and how we operate. Additionally, he'll discuss the threats that are top-of-mind for our researchers, and the trends that you, as defenders, should be most concerned about.
Synopsis: One of the cornerstones of privacy in our days are secure messaging applications such as Signal, WhatsApp and Telegram, which deploy end-to-end encryption to protect the communications. However, a deeper look into these applications shows that they lack transparency, leading to session hijacking at different levels. This presentation will walk through various secure chat applications and how malware we’ve seen in the wild can take advantage of this software.
Description: A type confusion vulnerability exists in Adobe Flash Player that could lead to remote code execution in the context of the current user. The bug affects Flash Player, version 126.96.36.199 and earlier. The latest security patch from Adobe fixes Flash on Windows, MacOS, Linux and Chrome OS. Snort SIDs: 48425, 48426
Description: The threat actor OilRig has been using the BONDUPDATER malware over the past few months to target a Middle Eastern government. The group sent phishing emails containing malicious documents that they attempted to trick the user into opening. Once launched, the BONDUPDATER malware will install a backdoor on the victim’s machine, allowing the actor to download and upload files and execute commands. Snort SIDs: 48420 - 48422
Description: There are multiple vulnerabilities in TP-Link’s TL-R600VPN router that could lead to remote code execution. In order to exploit these bugs, the attacker would need authentication. However, if successful, they could execute code with root privileges. Snort SIDs: 47039, 47040, 47037, 47062
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.