SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Microsoft Patch Tuesday for Oct. 2020
Description: Microsoft released its monthly security update Tuesday, disclosing just under 100 vulnerabilities across its array of products. Fourteen of the vulnerabilities are considered "critical" while the vast remainder are ranked as "important." Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs. The security updates cover several different products including the SharePoint document management system, Azure Sphere and the Windows camera codec, which allows users to view a variety of video files on their machines.
References: https://blog.talosintelligence.com/2020/10/microsoft-patch-tuesday-for-oct-2020.html
Snort SIDs: 53689 - 53691
Title: Lemon Duck brings cryptocurrency miners back into the spotlight
Description: Cisco Talos recently discovered a complex campaign employing a multi-modular botnet with multiple ways to spread. This threat, known as "Lemon Duck," has a cryptocurrency mining payload that steals computer resources to mine the Monero virtual currency. The actor employs various methods to spread across the network, like sending infected RTF files using email, psexec, WMI and SMB exploits, including the infamous Eternal Blue and SMBGhost threats that affect Windows 10 machines. Some variants also support RDP brute-forcing. In recent attacks we observed, this functionality was omitted. The adversary also uses tools such as Mimikatz, that help the botnet increase the amount of systems participating in its mining pool.
References: https://blog.talosintelligence.com/2020/10/lemon-duck-brings-cryptocurrency-miners.html
Snort SIDs: 55926 - 55928