Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
Election security is a touchy — and oftentimes depressing — topic of conversation. So why not let Beer with Talos bring some levity, and more importantly, expertise, to the conversation? The latest episode focuses solely on election security, as Matt Olney runs down what he’s learned recently from spending time with various governments.
On the research end of things, we released a post earlier this week outlining the details of a new campaign called “BlackWater” that we believe could be connected to the MuddyWater APT.
And since we know everyone was waiting on this, yes, there’s coverage for that wormable Microsoft bug everyone was talking about.
There was no Threat Roundup last week, but it’ll be back tomorrow.
Location: Industriens Hus, Copenhagen, Denmark
Synopsis: Paul will give an overview of an espionage campaign targeting the Middle East that we called “DNSpionage.” First, he will go over the malware and its targets and then talk about the process the attackers took to direct DNSs. The talk will include a timeline of all events in this attack, including an alert from the U.S. Department of Homeland Security.
Location: ILEC Conference Centre, London, England
Synopsis: Privacy has become a more public issue over time with the advent of instant messaging and social media. Secure Instant Messaging (SIM) has even become a problem for governments to start worrying about. While many people are using these messaging apps, it’s opened up the door for attackers to create phony, malicious apps that claim to offer the same services. In this talk, Paul will show various examples of these cloned applications and the different techniques used to send data back to the attacker.
Description: Microsoft continues to urge users to update to the latest version of the Remote Desktop Protocol to patch a wormable remote code execution bug. The vulnerability opens up victims to an attack where malware spreads from one machine to another once this bug is exploited only once. The company disclosed this vulnerability last week as part of its monthly security update. The company disclosed this vulnerability as CVE-2019-0708 last week as part of its monthly security update. Snort SIDs: 50137
Description: There are two privilege escalation vulnerabilities in the Wacom update helper. The update helper is a utility installed alongside the macOS application for Wacom tablets. The application interacts with the tablet and allows the user to manage it. These vulnerabilities could allow an attacker with local access to raise their privileges to root. Snort SIDs: 48850, 48851
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.