SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Adversaries use BumbleBee tool to target organizations in Kuwait
Description: Researchers recently discovered a webshell called "BumbleBee" being used in an espionage campaign against Microsoft Exchange servers. The affected organizations thus far are located in Kuwait. BumbleBee was observed being used to upload and download files on a targeted Exchange server back in September. The operators behind this campaign, which researchers indicate is the xHunt group, used BumbleBee to execute commands and upload and download files. This is the latest tool xHunt's added to its arsenal. The group dates back to at least 2018 and has targeted Kuwaiti organizations and government agencies in the past, specifically going after the shipping and trading sectors.
References: https://threatpost.com/bumblebee-exchange-servers-xhunt-spy/162973/
Snort SIDs: 56887 - 56890
Title: Cisco urges users to update to new routers after vulnerabilities disclosed
Description: Cisco disclosed 74 vulnerabilities in some of its RV series of wireless routers last week, urging users to purchase new hardware rather than patching them. The vulnerabilities all exist in products that have already reached their end-of-life. The affected devices include the Cisco Small Business RV110W, RV130, RV130W and RV215W systems, which could all be use as firewalls, VPNs or standard routers. All of the vulnerabilities require that an attacker has login credentials for the targeted device, and therefore are not easily exploitable. This should give users a small runway to upgrade to new gear.
Snort SIDs: 56839 - 56845, 56866 - 56876, 56893, 56894