Newsletter compiled by Jon Munshaw.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
We’re back after a long break for the holidays. And 2020 is already off to a fast start as tensions continue to rise in the Middle East.
We’ve gotten a lot of questions about whether customers and users should be concerned about cyber attacks from Iran after they’ve exchanged missile strikes with the U.S. But the reality of the situation is, if you haven’t already been preparing from attacks for state-sponsored actors, it’s already too late. We run down our thoughts on the situation here.
We also have our first Beers with Talos episode of the new year out, where the guys run down the top threats of 2019 and talk about what lessons we learned.
**Event:**Talos Insights: The State of Cyber Security at Cisco Live at Cisco Live Barcelona
**Location:**Fira Barcelona, Barcelona, Spain
Date: Jan. 27 - 31 **Speakers: **Warren Mercer **Synopsis: **Cisco Talos specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. We are responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies.
Title:Cisco patches dozen vulnerabilities in Data Center Network Manager
**Description:**Cisco released multiple security advisories last week announcing patches for 12 vulnerabilities in the Data Center Network Manager software. The software allows users to manage their Cisco switches and fabric extenders. Three of the vulnerabilities disclosed (CVE-2019-15975, CVE-2019-15976 and CVE-2019-15977) could allow an unauthenticated, remote attacker to bypass authentication and carry out a variety of malicious tasks with administrative privileges on an affected device.
**Snort SIDs:52530 - 52547
** ****Title:Buffer overflow vulnerabilities in OpenCV **** **Description: **Cisco Talos recently discovered two buffer overflow vulnerabilities in the OpenCV libraries. An attacker could potentially exploit these bugs to cause heap corruptions and potentially code execution. Intel Research originally developed OpenCV in 1999, but it is currently maintained by the non-profit organization OpenCV.org. OpenCV is used for numerous applications, including facial recognition technology, robotics, motion tracking and various machine learning programs. **Snort SIDs: **50774, 50775 (By Dave McDaniel)
SHA 256:d73ea76f6f07f96b337335213418b58e3fbc7e4b519fec0ef3fbd19c1d335d81**** **MD5: **5142c721e7182065b299951a54d4fe80 **Typical Filename: **FlashHelperServices.exe **Claimed Product: **Flash Helper Service **Detection Name: **PUA.Win.Adware.Flashserv::1201 **
**SHA 256: 5fc600351bade74c2791fc526bca6bb606355cc65e5253f7f791254db58ee7fa **MD5: **121e1634bf18768802427f0a13f039a9 **Typical Filename: **AA_v3.exe **Claimed Product: **Ammyy Admin **Detection Name: W32.SPR:Variant.22fn.1201 **
****SHA 256:1c3ed460a7f78a43bab0ae575056d00c629f35cf7e72443b4e874ede0f305871
**MD5:**c2406fc0fce67ae79e625013325e2a68
**Typical Filename:**SegurazoIC.exe
**Claimed Product:**Digital Communications Inc.
**Detection Name:PUA.Win.Adware.Ursu::95.sbx.tg
** ****SHA 256:d8b594956ed54836817e38b365dafdc69aa7e07776f83dd0f706278def8ad2d1
**MD5:**56f11ce9119632ba360e5b3dd0a89acd
**Typical Filename:**xme64-540.exe
**Claimed Product:**N/A
**Detection Name:PUA.Win.Tool.Coinminer::100.sbx.tg
** SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f
**MD5:**e2ea315d9a83e7577053f52c974f6a5a
Typical Filename:c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f.bin **Claimed Product: **N/A **Detection Name: **W32.AgentWDCR:Gen.21gn.1201
Keep up with all things Talos by following us on Twitter. Snort, ClamAV and Immunet also have their own accounts you can follow to keep up with their latest updates. You can also subscribe to the Beers with Talos podcast here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.