SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Code execution, privilege escalations part of monthly Microsoft security update
Description: Microsoft released its monthly security update Tuesday, disclosing 51 vulnerabilities across its large collection of hardware and software. None of the vulnerabilities disclosed this month are considered “critical,” an extreme rarity for the company’s Patch Tuesdays. Additionally, none of the issues Microsoft patched have been exploited in the wild to this point, nor have they been publicly disclosed. There are still a few vulnerabilities of note, however, including CVE-2022-21997, CVE-2022-21999 and CVE-2022-22715, which are all privilege elevation vulnerabilities in the Microsoft print spooler service. In the event an exploit is developed, an adversary could use these vulnerabilities to execute code as a system user or higher-level privileges. Though considered to be of “important” severity, CVE-2022-22005 is a remote code execution vulnerability in SharePoint that received a severity score of 8.8 out of 10. An adversary would need to be authenticated and possess correct permissions for page creation to exploit this vulnerability.
References: https://blog.talosintelligence.com/2022/02/microsoft-patch-tuesday-for-feb-2022.html
SNORT® SIDs: 58993, 58994, 58999 - 59002 and 59004 - 59009
Title: Arid Viper APT targets Palestine with new wave of politically themed phishing attacks, malware
Description: Cisco Talos has identified a new wave of what is believed to be an ongoing campaign using the Delphi malware since 2017. Talos believes with high confidence that this is the work of the Arid Viper threat actor. This is a group believed to be based out of Gaza that's known to target organizations all over the world. The actor uses the Micropsia implant in the most recent wave that started around October 2021. This actor uses their Delphi-based Micropsia implant to target Palestinian individuals and organizations, using politically themed file names and decoy documents. The most recent wave uses content originally published on the Turkish state-run news agency Anadolu and on the Palestinian MA'AN development center to target activists and Palestinian institutions.
References: https://blog.talosintelligence.com/2022/02/arid-viper-targets-palestine.html
SNORT® SIDs: 58957 and 58958