Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
On the malware front, this week we tracked a campaign spreading malicious emails that claimed to contain information about a job opening with Cisco in Korea. We believe an actor behind these attacks has a history of sending out malicious emails as part of multi-stage infections.
Finally, we also have our weekly Threat Roundup, which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where they will represent Talos. ##UPCOMING PUBLIC ENGAGEMENTS WITH TALOS
Location: Moscone Center, San Francisco, Calif.
Synopsis: Matt Watchinksi, the vice president of Cisco Talos, will partake in one of the keynote addresses at this year’s RSA conference. Watchinski, along with Liz Centoni of Cisco, will discuss how to defend against internet-of-things attacks. As more automated devices are added to our homes every day, it just creates more attack vectors. Watchinski and Centoni will talk about successful defense strategies Cisco has employed in the past.
Location: Hannover Congress Center, Hanover, Germany
Synopsis: The pressure on IT security officers to compete for resistant IT security never ends. Attackers are trying to penetrate companies’ networks with new methods and to monetize deducted data every day. Unterbrink sits at the front and will provide insights into the current threat situation and attack scenarios.
Description: There are several vulnerabilities in a variety of Cisco products, which the networking company patched last week. The most notable bug is a critical vulnerability in the SD-WAN Solution that could allow an attacker to arbitrarily execute code as the root user on the victim machine. There are also remote code execution vulnerabilities in WebEx. Snort SIDs: 48946 - 48962
Description: The well-known Rocke APT, which is infamous for its cryptocurrency miners, recently released a new Linux-focused malware. The new family can target and remove cloud security products before installing a cryptocurrency miner. Snort SIDs: 48938, 48939
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.