SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: More than 120 vulnerabilities disclosed as part of Microsoft Patch Tuesday
Description: Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its line of products and software, the most in a single Patch Tuesday in four months. This batch of updates also includes a fix for a new vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) that’s actively being exploited in the wild, according to Microsoft. MSDT was already the target of the so-called “Follina” zero-day vulnerability in June. Two of the important vulnerabilities CVE-2022-35743 and CVE-2022-34713, are remote code execution vulnerabilities in MSDT. However, only CVE-2022-34713 has been exploited in the wild and Microsoft considers “more likely” to be exploited.
Snort SIDs: 60371 - 60380, 60382 - 60384, 60386 and 60387
Title: Attackers take advantage of new “C2-as-a-service" platform
Description: In early 2022, a new C2 platform called "Dark Utilities" was established, offering a variety of services such as remote system access, DDoS capabilities and cryptocurrency mining. The operators of the service also established Discord and Telegram communities where they provide technical support and assistance for customers on the platform. Since its initial release, Cisco Talos researchers observed malware samples in the wild leveraging it to facilitate remote access and cryptocurrency mining. Payloads provided by the platform support Windows, Linux and Python-based implementations and are hosted within the Interplanetary File System (IPFS), making them resilient to content moderation or law enforcement intervention.
Snort SIDs: 60319 – 60325