SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Microsoft cryptography vulnerability lingers after Patch Tuesday
Description: The U.S. National Security Agency released a warning late last week, urging users to update their Microsoft products as soon as possible to fix a vulnerability in its cryptographic certificate-signing function. Attackers could use this bug to sign a program, and make it appear as if it is from a trusted source, without the user ever knowing about the adversary's actions. A security researcher was even able to create a proof of concept "Rick Rolling" the NSA's website to display a popular internet meme. The NSA's statement says that it believes "the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable."
Snort SIDs: 52617 - 52619
Title: Emotet continues to grow, spike in spam to start off 2020
Description: Emotet continues to infect individuals and organizations all over the world, but Cisco Talos recently discovered a new relationship between Emotet and the .mil (U.S. military) and .gov (U.S./state government) top-level domains (TLDs). When Emotet emerged from its summer vacation back in mid-September 2019, relatively few outbound emails were seen directed at the .mil and .gov TLDs. But sometime in the past few months, Emotet was able to successfully compromise one or more persons working for or with the U.S. government. As a result of this, Talos saw a rapid increase in the number of infectious Emotet messages directed at the .mil and .gov TLDs in December 2019.
Snort SIDs: 51967-51971, 52029, additional coverage pending