SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Threat actors keep updating the EVILNUM malware to carry out various attacks across the financial sector
Description: The EVILNUM malware family is continuously adding anti-detection techniques as its owners target various organizations in the financial sector. The actors use EVILNUM in conjunction with Cardinal RAT to infect systems. In the past, the actors have targeted organizations in Israel, but researchers say there are no clues to where they may strike next. As of earlier this month, only eight anti-virus detection engines on VirusTotal were detecting this malware.
Snort SIDs: 54040 - 54045
Title: Adversaries use SaltStack vulnerabilities to go after data centers
Description: Attackers are using two recently disclosed vulnerabilities in the SaltStack automation software to target data centers. Adversaries quickly reverse-engineered the exploits after SaltStack disclosed the bugs. So far, victims have only been hit with cryptocurrency mining malware, but users are still urged to patch SaltStack, an open-source, Python-based software, as soon as possible.
Snort SIDs: 54030 - 54033