Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
After a quiet period in late December and early January, the Emotet trojan is back. Yet again, the malware has been spotted in the wild being spread via malicious emails. We have a rundown of two new campaigns that makes it tougher for traditional antivirus software to detect the emails.
If you’re a malware hunter, you’ll want to take a look at our new IDA plugin called “Dynamic Data Resolver.” This tool will make it easier to reverse-engineer malware.
We want to give everyone a reminder that time is running out to submit your talk to the second annual Talos Threat Research Summit. Talos is still looking for cybersecurity experts who want to speak at our conference for defenders, by defenders. This year, it will take place on June 9 in San Diego, the same day that Cisco Live kicks off. Get your submissions in before Jan. 25.
Description: Malware from the MindTail APT is able to bypass some traditional antivirus protections, such as Apple’s default gatekeeper settings on Mac. Rather than deliver specific malware, WindTail generally tries to track its victims, including their location, online habits and other traits. Snort SIDs: 48845 - 48847
Description: A new cryptocurrency miner known as “L0rdix” has surfaced on the darknet. It’s available on some forums for as little as $60, and attackers are deploying it to mine cryptocurrency on victims’ machines, as well as steal personal data. L0rdix is specifically designed to target Windows machines. Snort SIDs: 48857, 48858
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.