Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome back to the Threat Source newsletter. We hope everyone had a safe and happy holidays.
We want to give everyone a reminder that time is running out to submit your talk to the second annual Talos Threat Research Summit. Talos is still looking for cybersecurity experts who want to speak at our conference for defenders, by defenders. This year, it will take place on June 9 in San Diego, the same day that Cisco Live kicks off. Get your submissions in before Jan. 25.
Back on the news front, we have a new decryptor out for the PyLocky ransomware. This will assist any victims in retrieving their files should they be infected. Talos recommends that anyone infected with PyLocky deny any requests for payment by the attacker.
There’s also an important announcement from Snort. We are hoping to improve our documentation process by distributing a survey to all users. We are hoping to receive feedback from the community on how we could improve the documents that are included with each Snort rule to make users more knowledgable. You can click on the survey directly here.
Description: Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, seven of which are rated “critical,” 40 that are considered “important” and one that is “moderate.” This release also includes a critical security advisory for multiple bugs in Adobe Flash Player. This month’s security update covers security issues in a variety of Microsoft’s products, including the Jet Database Engine, Office SharePoint and the Chakra Scripting Engine. Snort SIDs: 48768 - 48770, 48773 - 48780, 48783, 48787 - 48790, 48793 - 48795, 48798, 48807 - 48810, 48876
Description: A memory corruption vulnerability exists in the IntelHD5000 kernel extension affects Apple OSX 10.13.4. The Intel GPUs are installed on retina MacBook Pros. A library inserted into the VLC media application can cause an out-of-bounds access inside of the KEXT, leading to a use after free and invalid memory access in the context of the kernel, which an attacker could use to elevate their privileges. Snort SIDs: 46858, 46859
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.