Newsletter compiled by Jon Munshaw.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
We’re back after a long break for the holidays. And 2020 is already off to a fast start as tensions continue to rise in the Middle East.
We’ve gotten a lot of questions about whether customers and users should be concerned about cyber attacks from Iran after they’ve exchanged missile strikes with the U.S. But the reality of the situation is, if you haven’t already been preparing from attacks for state-sponsored actors, it’s already too late. We run down our thoughts on the situation here.
We also have our first Beers with Talos episode of the new year out, where the guys run down the top threats of 2019 and talk about what lessons we learned.
Upcoming public engagements
Event: Talos Insights: The State of Cyber Security at Cisco Live at Cisco Live Barcelona
Location: Fira Barcelona, Barcelona, Spain
Date: Jan. 27 - 31
Speakers: Warren Mercer
Synopsis: Cisco Talos specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. We are responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies.
Cyber Security Week in Review
- The U.S. Department of Homeland Security issued a warning this week asking American organizations to prepare for potential cyber attacks from Iran. State-sponsored actors from the region were expected to respond after the U.S. killed a high-profile Iranian general in a drone strike.
- Even though the U.S. and Iran seemed to walk back from their threats of physical retaliation against one another Wednesday, the threat of a cyber attack still lingers. Many researchers are using this discussion as an opportunity to remind defenders that a proxy cyber war has been raging for years between the two countries.
- International currency exchange marketplace Travelex is still recovering from a ransomware attack earlier this month. The attackers, believed to be Sodinokibi, have requested a $6 million extortion payment.
- The city of Las Vegas says it successfully thwarted a cyber attack that could have shut down many of its government operations. Officials said they first detected an intrusion on Jan. 7 and removed the malware before any damage could be done.
- Mozilla released an emergency update for the Firefox web browser that fixes a bug attackers were exploiting in the wild. CVE-2019-17026 is a type confusion vulnerability that could allow an attacker to write data to or from memory locations that are normally closed off.
- The popular social media app TikTok puts users at risk of having their accounts completely taken over with just an SMS message. A chain of vulnerabilities could allow an attacker to infect a user’s mobile device, then gain access to the user’s TikTok account and remove, add or edit videos.
- California’s privacy law went into effect at the start of the new year, leaving many massive companies scrambling to clean up some of their privacy policies. Under the new law, a user may ask most major internet companies to disclose what personal information they store on the individual and how the company may profit off it.
- A new update to Google Chrome is expected to cut down on notification spam. Chrome is changing its notifications API so the notifications are less intrusive, and to make it more difficult for cybercrime groups to exploit them.
- The FBI is once again asking Apple to unlock iPhones for them. The agency is attempting to access the devices, which belonged to a man who committed a mass shooting at an American naval base.