SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Exploit code for Microsoft Netlogon vulnerability goes public
Description: Security researchers and government agencies alerted users that exploit code for a critical vulnerability is circulating in the wild. Known as "Zerologon" the vulnerability could allow an adversary to run a specially crafted application on devices connected to the affected network. Microsoft disclosed the bug back in August as part of its Patch Tuesday update, when it received a CVSS score of a maximum 10.0 out of 10. Microsoft plans to release a second portion of a fix for the vulnerability, though proof of concepts have only just now started to surface on GitHub.
Snort SIDs: 55703, 55704
Title: Trickbot and Emotet team up for spam campaign
Description: After going quiet for a few months, the infamous Emotet botnet is back again with another surge. Security researchers recently found Emotet teaming up with Trickbot for a phishing campaign earlier this month. Attackers are using Microsoft Word lures, blurring out what is supposed to be important text and alerting the user that they can only read the text if they enable macros. If enabled, a malicious macro then downloads the Trickbot loader, and the attacker can carry out other malicious actions from there.
Snort SIDs: 55787, 55788