SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Microsoft releases monthly security update
Description: A new remote access trojan known as "PoetRAT" uses coronavirus-themed documents and emails to lure victims in. This was a previously undiscovered RAT. It uses two components to avoid detection by a single component. The dropper uses an old trick in a new way: It appends the RAT to a Word document. Upon opening the document, a macro is executed that will extract the malware and execute it. The operation seems to be manual, but it's streamlined to deploy additional tools as needed and to avoid unnecessary steps.
Reference: https://blog.talosintelligence.com/2020/04/poetrat-covid-19-lures.html
Snort SIDs: 53689 - 53691
Title: Cisco discloses 17 critical vulnerabilities in UCS software
Description: Cisco patched 17 critical vulnerabilities last week in its Unified Computing system. The software allows users to build private cloud systems and optimize data-center resources. If successful, and adversary could use these flaws to remotely access systems or cause denial-of-service conditions. The majority of the exploits lie in UCS' REST API.
Snort SIDs: 53667 - 53683