SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: More than 120 vulnerabilities patched as part of Microsoft monthly security update
Snort SIDs: 55139 - 55146, 55161, 55162, 55187, 55188, 55206
Title: Salfram spam campaigns spread several malware families
Description: Cisco Talos recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware. The campaigns distributed various malware payloads including Gozi ISFB, ZLoader, SmokeLoader and AveMaria, among others.
Ongoing campaigns are distributing various malware families using the same crypter. While effective, this crypting mechanism contains an easy-to-detect flaw: The presence of a specific string value "Salfram" makes it easy to track over time. The obfuscated binaries used by Salfram are completely different, from both a binary and execution flow graph perspective. The techniques used by this crypter can confuse weak API behavior-based systems and static analysis tools and it appears to be undergoing active development and improvement over time.
Snort SIDs: 54920, 54921