Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
The latest episode of the Beers with Talos podcast arrived earlier this week, with plenty of talk about home devices. Why are so many attackers going after small and home office routers? How is the average user supposed to protect their internet-of-things devices? The guys run down all of this and more in this episode.
We want to give everyone a reminder that time is running out to submit your talk to the second annual Talos Threat Research Summit. Talos is still looking for cybersecurity experts who want to speak at our conference for defenders, by defenders. This year, it will take place on June 9 in San Diego, the same day that Cisco Live kicks off. Get your submissions in before the end of the day tomorrow.
And, after a long break, the Threat Roundup is here to bring you the top threats we’ve seen — and blocked — over the past week.
Description: TA505, a well-known attacker who has a history launching ransomware campaigns, is using new variants of the ServHelper backdoor and FlawedGrace remote access tool. These appear to be long-term investments by the actor that they have been distributing since November 2018. Snort SIDs: 48879 - 48887
Description: A new variant of the BITTER remote access tool is in the wild once again. Attackers are trying to exploit CVE-2017-11882, a vulnerability in Microsoft Office, to download the malware. Victims receive malicious, specially crafted Word documents that execute HTTP GET requests to download special executable files. Snort SIDs: 48873 - 48878
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.