SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Transparent Tribe adds new tools to its arsenal as it targets Indian colleges
Description: Cisco Talos discovered an uncommon piece of malware targeting Ukraine aimed at a large software development company whose software is used in various state organizations within Ukraine. Talos believes this campaign is likely sourced by Russian state-sponsored actors or those acting in their interests. As this firm is involved in software development, we cannot ignore the possibility that the perpetrating threat actor's intent was to gain access to source a supply chain-style attack, though at this time, we do not have any evidence that they were successful. Cisco Talos confirmed that the malware is a slightly modified version of the open-source backdoor named "GoMet." The malware was first observed on March 28, 2022.
References: https://blog.talosintelligence.com/2022/07/attackers-target-ukraine-using-gomet.html
Snort SIDs: 60247 - 60253
Title: Users urged to patch Atlassian Confluence vulnerability immediately
Description: Atlassian disclosed three critical vulnerabilities in its Confluence software last week, including one for a hardcoded password that was leaked on Twitter. The company urged users to immediately update to the latest version of the software or apply a mitigation measure. An attacker could use this hardcoded password to view all non-restricted pages within the Confluence user-group by default. Atlassian said in its advisory that the issue is expected to be exploited in the wild once the exploit was leaked online. The two other critical vulnerabilities affect almost all other Atlassian products.
References:
Snort SIDs: 60280, 60281