Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Threat Spotlight: WarmCookie/BadSpace
WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns.
Highlighting TA866/Asylum Ambuscade Activity Since 2021
TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020.
Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns
Since September 2023, we have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans.
Microsoft starts off new year with relatively light Patch Tuesday, no zero-days
One of the critical vulnerabilities patched Tuesday is CVE-2024-20674, a security bypass vulnerability in the Windows Kerberos authentication protocol.
SapphireStealer: Open-source information stealer enables credential and data theft
SapphireStealer appears to be delivered as part of a multi-stage infection process, with threat actors leveraging open-source malware downloaders like FUD-Loader to deliver SapphireStealer to potential victims.
Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities
The stealer is for sale on dark web forums for $59 a month, or $540 for a lifetime subscription, which is relatively inexpensive compared to other infostealers.
Emotet resumes spam operations, switches to OneNote
Since returning, Emotet has leveraged several distinct infection chains, indicating that they are modifying their approach based on their perceived success in infecting new systems.
Microsoft Patch Tuesday for December 2022 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update on Tuesday, disclosing 48 vulnerabilities. Of these vulnerabilities, 6 are classified as “Critical”, 41 are classified as “Important”, with the remaining vulnerability classified as “Moderate.”