@RISK provides a reliable weekly summary of (1) newly discovered attack vectors, (2) vulnerabilities with active new exploits, (3) insightful explanations of how recent attacks worked, and other valuable data
A key purpose of the @RISK is to provide the data that will ensure that the 20 Critical Controls (the US and UK benchmark for effective protection of networked systems) continue to be the most effective defenses for all known attack vectors. But since it is also valuable for security practitioners, SANS is making it available to the 145,000 security practitioners who have completed SANS security training and others at their organizations who hope to stay current with the offensive methods in use.
November 16, 2017=============================================================
@RISK: The Consensus Security Vulnerability Alert
November 16, 2017 - Vol. 17, Num. 46
Providing a reliable, weekly summary of newly discovered attack vectors,
vulnerabilities with active exploits, and explanations of how recent
attacks worked
Archived issues may be found at http://www.sans.org/newsletters/at-risk
=============================================================
CONTENTS:
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES 2017-11-07 - 2017-11-14
============================================================
TOP VULNERABILITY THIS WEEK: Microsoft Released Security Updates for November 2017
******************** Sponsored By SANS ********************
Join the SANS Institute in Boston at the SOC Briefing for the Cybersecurity Community where vendors will present sessions demonstrating their tools and capabilities to support threat hunting, or incorporate the results of threat hunting. This half- day event is free to the Cybersecurity Community. Networking lunch following. Not in Boston? Attend via simulcast. More info at: http://www.sans.org/info/199765
============================================================
TRAINING UPDATE
-- SANS Cyber Defense Initiative 2017 | Washington, DC | December 12-19 | http://www.sans.org/u/vNd
-- SANS San Francisco Winter 2017 | November 27-December 2 | http://www.sans.org/u/wgE
-- SANS London November 2017 | November 27-December 2 | http://www.sans.org/u/wgJ
-- SIEM & Tactical Analytics Summit & Training | Scottsdale, AZ | November 28-December 5 | http://www.sans.org/u/wKk
-- SANS Security East 2018 | New Orleans, LA | January 8-13 | http://www.sans.org/u/xmN
-- SANS Amsterdam January 2018 | January 15-20 | http://www.sans.org/u/wUT
-- Cyber Threat Intelligence Summit | Bethesda, MD | January 29-February 5 | http://www.sans.org/u/xTH
-- SANS Secure Japan 2018 | February 19-March 3 | http://www.sans.org/u/wUY
-- SANS Secure Singapore 2018 | March 12-24 | http://www.sans.org/u/xTM
-- SANS OnDemand and vLive Training | The SANS Training you want with the flexibility you need. Receive a 12.9" iPad Pro, Surface Pro 4 or take $400 Off your OnDemand or vLive course when you register by November 22nd. http://www.sans.org/u/xTR
-- Can't travel? SANS offers online instruction for maximum flexibility
-- Live Daytime training with Simulcast - http://www.sans.org/u/WK
-- Evening training 2x per week for 6 weeks with vLive - http://www.sans.org/u/WZ
-- Anywhere, Anytime access for 4 months with OnDemand format - http://www.sans.org/u/rEw
-- Multi-week Live SANS training
Mentor - http://www.sans.org/u/X9
Contact mentor@sans.org
-- Looking for training in your own community?
Community - http://www.sans.org/u/Xo
-- Plus Austin, Munich, Frankfurt, Miami, and Bangalore all in the next 90 days.
-- For a list of all upcoming events, on-line and live: http://www.sans.org/u/XN
********************** Sponsored Links: ********************
1) Join Lance Spitzner and Brian Honan for the GDPR: What to Train Your Workforce Webcast: http://www.sans.org/info/199770
2) Intezer Analyze and SANS' Jake Williams demonstrate how finding code reuse of known malware enables you to improve and accelerate incident response plans. http://www.sans.org/info/199780
3) In case you missed it: "Breaking Down the Data: How Secure Are You and Your Supply Chain?" Register: http://www.sans.org/info/199785
============================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Microsoft Released Security Updates for November 2017
Description: Microsoft has released its monthly set of security updates to address vulnerabilities that have been identified in Windows, Office, and other supported software. This month's release addresses 53 new vulnerabilities with 19 of them rated critical, 31 of them rated important and 3 of them rated moderate. These vulnerabilities impact Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, and more.
Reference: https://portal.msrc.microsoft.com/en-us/security-guidance/summary
Snort SID: 44809-44834, 44838-44839, 44843-44846
Title: Adobe Releases Security Updates for Flash Player, Reader, and more
Description: Adobe has released security updates for Flash Player, Shockwave Player, Acrobat, Reader, Photoshop, and more. This month's Flash Player update address five critical vulnerabilities that could be exploited by an attacker to acheive remote code execution. The Acrobat and Reader security update addressed 62 vulnerabilities with the vast majority of them being critical arbitrary code execution vulnerabilities.
Reference: https://helpx.adobe.com/security.html
Snort SID: 43120-43121; Detection pending for other vulnerabilities
============================================================
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Guidance on Mitigating Microsoft Office DDE Attacks
https://technet.microsoft.com/en-us/library/security/4053440
A penetration testers guide to sub-domain enumeration
https://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6
2017 ACM Conference on Computer and Communications Security - Accepted Papers
https://acmccs.github.io/papers/
Apple iPhone X Face ID Fooled by a Mask
https://threatpost.com/apple-iphone-x-face-id-fooled-by-a-mask/128865/
#AVGater: Getting Local Admin by Abusing the Anti-Virus Quarantine
https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/
=========================================================
RECENT
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
COMPILED BY THE QUALYS VULNERABILITY RESEARCH TEAM
This is a list of recent vulnerabilities for which exploits are
available. System administrators can use this list to help in
prioritization of their remediation activities. The Qualys Vulnerability
Research Team compiles this information based on various exploit
frameworks, exploit databases, exploit kits and monitoring of internet
activity.
ID: CVE-2017-8759
Title: Microsoft published a .NET security update to address this issue. CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) ID: CVE-2017-9805 Title: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) ID: CVE-2017-0037 Title: CVSS v2 Base Score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) ID: CVE-2017-0145 Title: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) ID: CVE-2017-0290 Title: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) ID: CVE-2017-3881 Title: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) ID: CVE-2017-5638 Title: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) ID: CVE-2016-7892 Title: CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) ========================================================= COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP SHA 256: 323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4 MD5: bea381c0fbd24f1503018b3b9089e358 Typical Filename: InvoiceED3539939.doc Claimed Product: N/A Detection Name: W32.323CB1D2F3-95.SBX.TG SHA 256: 6b7b11077b2bcdbce94eff73722a4f78103d2e87bd4331654bc65c0daeb176dd MD5: 71aad93dfbd1c4b2854a697405675c51 Typical Filename: InvoiceMP8820239.doc Claimed Product: N/A Detection Name: W32.6B7B11077B-95.SBX.TG SHA 256: 8d9c2dd4e7941453d61b490144ad1875e935b88a00231b885c839c43346aa5ab MD5: 628272a0cc32eb514dc58572d761684a Typical Filename: InvoiceMC4260854.doc Claimed Product: N/A Detection Name: W32.8D9C2DD4E7-95.SBX.TG SHA 256: 131d8ad5cbddb8edd6800788d138eda1ace570c1a0c97afd71cc7f03c1bb2d07 MD5: 9c7fc4c27fd3eb3dfe96db99bcabb00f Typical Filename: InvoiceYS6763243.doc Claimed Product: N/A Detection Name: W32.131D8AD5CB-95.SBX.TG SHA 256: 23d5dbfaaf5258aaac2ccc4159027885cf6f48b692d0b3617610858c21cc7f58 MD5: c2e98913d325dbd42dc56c5bef0601e0 Typical Filename: c2e98913d325dbd42dc56c5bef0601e0.doc Claimed Product: N/A Detection Name: W32.23D5DBFAAF-95.SBX.TG ============================================================= (c) 2017. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit SANS Institute, 8120 Woodmont Ave., Suite 310, Bethesda, MD 20814-2743MOST PREVALENT MALWARE FILES 2017-11-07 - 2017-11-14
:
