Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
A recent uptick in Brushaloader shows us that the actors behind it are not slowing down. We’ve recently seen a massive uptick in the malware loader delivering Danabot. In this post, we go over the history of Brushaloader and break down what’s new this time.
For other researchers out there, we have a breakdown of new features in WinDbg. Thanks to a new JavaScript bridge, it’s easier than ever to debug malware.
Finally, we also have our weekly Threat Roundup, which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where they will represent Talos.
Location: Moscone Center, San Francisco, Calif.
Synopsis: Matt Watchinksi, the vice president of Cisco Talos, will partake in one of the keynote addresses at this year’s RSA conference. Watchinski, along with Liz Centoni of Cisco, will discuss how to defend against internet-of-things attacks. As more automated devices are added to our homes every day, it just creates more attack vectors. Watchinski and Centoni will talk about successful defense strategies Cisco has employed in the past.
Location: Hannover Congress Center, Hanover, Germany
Synopsis: The pressure on IT security officers to compete for resistant IT security never ends. Attackers are trying to penetrate companies’ networks with new methods and to monetize deducted data every day. Unterbrink sits at the front and will provide insights into the current threat situation and attack scenarios.
Description: A new backdoor trojan known as “SpeakUp,” named after its command and control server, is targeting Linux machines to install cryptocurrency miners. While the attack has so far only targeted servers in East Asia and Latin America, security researchers believe it has the potential to expand. Snort SIDs: 49188
Description: Cisco Talos released additional coverage for a slew of security vulnerabilities that Adobe disclosed in Acrobat and Reader. Forty-three of the bugs Adobe disclosed were considered “critical.” The release impacts Acrobat DC and Reader DC, versions 2019.010.20069 and earlier. Snort SIDs: 49201 - 49204, 49192, 49193, 49196, 49197
Keep up with all things Talos by following us on Twitter and Facebook. You can also subscribe to the Beers with Talos podcast, which comes out bi-weekly, here (as well as on your favorite podcast app). And, if you’re not already, you can also subscribe to the weekly Threat Source newsletter here.