Welcome to this week’s edition of the Threat Source newsletter.

We tried to get ChatGPT to write this week’s newsletter but it was at capacity, so you’ll have to stick with us for another week. Or maybe that’s just what the robots want you to think, you be the judge.

The one big thing

This week Talos hosted a 2022 Year in Review: APTs livestream. On the livestream we brought together subject matter experts to deep dive into the Advanced Persistent Threats section of our 2022 Year in Review. During the livestream the panel covered section findings but also gave further insights to the trends we saw over the 2022 year.

Why do I care?

Over the next few weeks we’ll continue to host livestreams with our SMEs and report contributors to give further insights into our report and its findings. If you’re not one for larger reports or extended reading, our Topic Summary reports provide a one-pager to quickly digest the information of corresponding sections. Read the newly released APT Topic Summary Report here.

So now what?

Join us for our final two livestreams, on LinkedIn and Twitter, on January 24th and February 7th as we continue to discuss the general threat landscape and conclude our report coverage with a panel discussion on ransomware and commodity loaders.

Top security headlines of the week

Microsoft released its monthly security update on Tuesday, disclosing 98 vulnerabilities. Of these vulnerabilities, 11 are classified as “Critical”, 87 are classified as “Important”, no vulnerabilities were classified as “Moderate.” (DarkReading) See Talos’ Patch Tuesday coverage for Snort rules and prominent vulnerabilities.

We’re only the second week into 2023 and ransomware isn’t taking any breaks this year. Maternal & Family Health Services, a Pennsylvania based nonprofit health provider, confirmed the ransomware attack had exposed almost half a billion individuals’ personal data. Impacted were current and former patients along with employees and vendors.  (TechCrunch)

Suffering from a previous breach earlier this month CircleCI is in the news yet again as researchers warn the breach may have an impact on other third-party applications. Given CircleCI integration with SaaS and Cloud providers and it’s authentication process researchers urge users to rotate all secrets stored in CircleCI and hunt for malicious behavior on SaaS and cloud platforms. (SC Media)

Can’t get enough Talos?

APT Topic Summary Report

2022 Year in Review: APTs Livestream Replay

2022 Year in Review Report

Beers with Talos

Talos Takes

Upcoming events where you can find Talos

CactusCon (Jan 27-28)

Mesa, AZ

Cisco Live Amsterdam (Feb 6-10)

Amsterdam, Netherlands

Most prevalent malware files from Talos telemetry over the past week

SHA 256: 1077bff9128cc44f98379e81bd1641e5fbaa81fc9f095b89c10e4d1d2c89274d

MD5:  26f927fb7560c11e509f0b8a7e787f79

Typical Filename: Iris QuickLinks.exe

Claimed Product: Iris QuickLinks

Detection Name: W32.DFC.MalParent

SHA 256:   9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507

MD5:  2915b3f8b703eb744fc54c81f4a9c67f

Typical Filename: VID001.exe

Claimed Product: N/A

Detection Name: Simple_Custom_Detection

SHA 256:   d5dc790f6f220cf7e42c6c1c9f5bc6e4443cb52d07bcdef24a6bf457153c1d86

MD5:  69fbf6849d935432bac8b04bdb00fd68

Typical Filename: kmsauto++.exe

Claimed Product: N/A

Detection Name: W32.File.MalParent

SHA 256:  e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934

MD5:  93fefc3e88ffb78abb36365fa5cf857c

Typical Filename: Wextract

Claimed Product: Internet Explorer

Detection Name: PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg

SHA 256:   d00977521dba67111876729e4b8ed09455b85c653bef2fd0c23e9e8a09f0a9b6

MD5:  d00977521dba67111876729e4b8ed09455b85c653bef2fd0c23e9e8a09f0a9b6

Typical Filename: KMSAuto x64 dv.exe

Claimed Product: N/A

Detection Name: W32.File.MalParent