SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Cybersecurity continues to be major factor in Ukraine-Russia conflict
Description: Cisco Talos is observing a variety of threats targeting Ukraine, including disinformation, defacements, DDoS, wiper malware, and potential BGP manipulation. Additionally, there has been increased participation from cyber vigilantes and other actors launching attacks on both sides of the conflict. This has raised serious concerns about both the risks associated with this behavior, as unsophisticated attackers may unintentionally disable key pieces of Ukrainian infrastructure, unintended targets — both within Ukraine and elsewhere — may become collateral damage, and as the possibility arises for these activities to further escalate the threat environment. There have also been serious implications in the crimeware landscape, with the well-known ransomware cartel Conti suffering significant fallout after publicly declaring their support for Russia.
References:
- https://blog.talosintelligence.com/2022/03/ukraine-update.html
- https://blog.talosintelligence.com/2022/02/current-executive-guidance-for-ongoing.html
- https://blogs.cisco.com/news/cisco-stands-on-guard-with-our-customers-in-ukraine
ClamAV signatures: Win.RedTrixx.Wiper.tii.Hunt
Title: Microsoft Patch Tuesday for March 2022
Description: Microsoft released another relatively light security update Tuesday, disclosing 71 vulnerabilities, including fixes for issues in Azure and the Office suite of products. March’s Patch Tuesday only included two critical vulnerabilities, which is notable considering there weren’t any critical issues in February’s security update. This month’s patch batch does not include any threats that Microsoft says have been exploited in the wild, and none of the vulnerabilities disclosed has a severity score higher than 8.8 out of 10. The most serious issue is CVE-2022-23277, a remote code execution vulnerability in Microsoft Exchange Server. An adversary could exploit this vulnerability to target the Exchange Server accounts with arbitrary or remote code execution, according to Microsoft. If the user is authenticated, they could trigger malicious code in the context of the Server account through a network call.
References: https://blog.talosintelligence.com/2022/03/microsoft-patch-tuesday-for-march-2022.html
SNORT® SIDs: 59210 - 59217, 59220 and 59221