SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: TA505 begins larger-volume malicious email attacks, adding FlawedGrace variant and MirrorBlast
Description: Known-actor TA505 has ramped up its large-volume malicious email attacks through September and October 2021, adding new tools to its email lures and malicious Excel attachments with MirrorBlast and a FlawedGrace variant. Rebol and KiXtart replaced the Get2 downloader, employing more information-gathering techniques and next-stage launch protocols. Targets have expanded from North America to German-speaking countries.
Snort SIDs: 58429-58433
Title: BQE Software vulnerability highlights need for proactive measures as well as fast patchwork
Description: BQE Software will receive a short-term patch, after hackers from Huntress were able to exploit several CVEs to gain access and deploy ransomware in the company’s network. The wide user base and financial nature of the BQE Software product make them a valuable target. Huntress began investigating after seeing suspicious activity directed at the web server hosting BillQuick Web Suite.
References: https://threatpost.com/bqe-web-suite-billing-app-ransomware/175720/
Snort SIDs: 58421-58423