Threat Source newsletter (Nov. 14, 2019)

Threat Source newsletter (Nov. 14, 2019)
Newsletter compiled by Jon Munshaw.

Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.

It was all about the bugs this week. Patch Tuesday was especially busy for us, including our usual recap of all the vulnerabilities Microsoft's security update this month (two of which we discovered). On top of that, we also disclosed a remote code execution vulnerability in some Intel graphics drivers and another in Exhibitor’s web user interface.

We also recently discovered a wave of actors using living-off-the-land binaries to keep their malware from being detected. We run through how to detect these so-called “LoLBins,” and walk through some campaigns where we’ve seen them being used in the wild.

And, as always, we have our latest Threat Roundup with runs through the top threats we’ve seen (and blocked) over the past week.

Upcoming public engagements with Talos

Event: “It’s Never DNS…. It Was DNS: How Adversaries Are Abusing Network Blind Spots”  at SecureWV/Hack3rCon XLocation: Charleston Coliseum & Convention Center, Charleston, WVDate: Nov. 15 - 17Speakers: Edmund Brumaghin and Earl CarterSynopsis: While DNS is one of the most commonly used network protocols in most corporate networks, many organizations don’t give it the same level of scrutiny as other network proto ..