SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: TroubleGrabber malware spreads on Discord servers
Description: Variants of the Razy malware have recently been spotted on Discord servers attempting to steal user's login credentials. Discord is a popular app used to create communities of individuals centered around a singular topic, and is most popular around the video gaming computer. Known collectively as "TroubleGrabber," a recent wave of Razy variants have been spotted hidden in messages to Discord users. If the user clicks on the malicious link, the malware downloads a malicious payload from GitHub onto the victim's machine, which then steals the target's system information, IP address, web browser passwords and tokens. The attacker then receives all that information back via a webhook URL.
Snort SIDs: 56490, 56491
Title: Cisco discloses more vulnerabilities in WebEx, controllers
Description: Cisco recently disclosed several vulnerabilities across its suite of products, one of which could allow an attacker to spy on some WebEx meetings. A remote attacker could act as a "ghost" in some WebEx meetings and remain on the call unseen using a specific exploit, though they must also have the link to the specific meeting and its password. There are also three critical vulnerabilities in the Cisco Integrated Management Controller, the Cisco DNA Spaces Connector and the REST API of Cisco IoT Field Network Director.
Snort SIDs: 56424, 56440 - 56451