Newsletter compiled by Jon Munshaw.

Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.

Sorry we missed you last week, we were all away at Hacker Summer Camp. If you missed us at Black Hat, we have a roundup up on the blog of some of the “flash talks” from our researchers and analysts.

Patch Tuesday was also this week, and we’ve got you covered with Snort rules and coverage of some of the most critical bugs.

We also have our weekly Threat Roundup, which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.

Upcoming public engagements with Talos Event: “It’s never DNS...It was DNS: How adversaries are abusing network blind spots” at SecTor
Location: Metro Toronto Convention Center, Toronto, Canada
Date: Oct. 7 - 10
Speaker: Edmund Brumaghin and Earl Carter
Synopsis: While DNS is one of the most commonly used network protocols in most corporate networks, many organizations don’t give it the same level of scrutiny as other network protocols present in their environments. DNS has become increasingly attractive to both red teams and malicious attackers alike to easily subvert otherwise solid security architectures. This presentation will provide several technical breakdowns of real-world attacks that have been seen leveraging DNS for a variety of purposes such as DNSMessenger, DNSpionage, and more.

Cyber Security Week in Review

  • The United Nations says it is investigating 35 different North Korean state-sponsored cyber attacks in 17 countries. A new report states the attacks hoped to raise money to fund the country’s atomic weapons program.
  • Police in South Wales, U.K. are starting to use facial recognition apps to identify suspects without having to take them to a station. The department plans to start testing the app over the next few months on 50 different officers’ phones, but privacy groups are already pushing back.
  • A sponsored presentation at Black Hat regarding the “Time AI” program was taken down after researchers attacked the talk online and in person. At least one attendee interrupted the talk and accused the speaker of misleading people by pitching this new form of encryption.
  • Adobe disclosed dozens of vulnerabilities as part of its monthly security update this week, including 76 bugs in Acrobat and Reader. There were also 22 critical vulnerabilities patched in Photoshop.
  • Google says it is working on replacing passwords for Google services for 1.7 billion Android users. Engineers at the company say the goal is to allow Android users to log into Google sites and services using their fingerprint or other methods because “new security technologies are surpassing passwords in terms of both strength and convenience."
  • Facebook disclosed that they previously allowed contractors to listen in on and transcribe users’ conversations. The social media site says it recently discontinued the practice, but the Irish Data Protection Commission is still looking into the practice for possible GDPR violations.
  • A bug in the Steam video game store could open Windows’ users to attacks, but the company says it is not within its scope to fix.
  • The FBI released a report warning Americans of a recent uptick in dating scams. The agency says malicious actors are using data apps to convince victims to open up new bank accounts to send them money under the guise of a fake user.
  • Security researchers at the DEFCON conference discovered a critical vulnerability in the F-15, a popular fighter jet used by the U.S. military. If exploited, the bug could shut down a portion of the plane’s cameras and sensors, preventing the transmission of data during missions.

Notable recent security issues Title: 31 critical vulnerabilities addressed in latest Microsoft security update
Description: Microsoft released its monthly security update Tuesday, disclosing more than 90 vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated “critical," 65 that are considered "important" and one "moderate." This month’s security update covers security issues in a variety of Microsoft services and software, including certain graphics components, Outlook and the Chakra Scripting Engine.
Snort SIDs: 35190, 35191, 40851, 40852, 45142, 45143, 50936 - 50939, 50969 - 50974, 50987, 50988, 50940, 50941, 50998, 50999, 51001 - 51006 (Written by Cisco Talos analysts)
 Title: Cisco releases security patches for multiple products, including high-severity bugs in WebEx Teams
Description: Cisco released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit the more critical bugs to take control of an affected system. Some of the most severe vulnerabilities exist in Cisco WebEx Network Recording for Microsoft Windows and Cisco Webex Player for Windows. These bugs, identified across five different CVEs, could allow a remote attacker to execute arbitrary code on an affected system.
Snort SIDs: 50902, 50904 - 50907 (Written by Amit Raut)

Most prevalent malware files this week