Threat Source newsletter for Sept. 24, 2020

Threat Source newsletter for Sept. 24, 2020

    


Newsletter compiled by Jon Munshaw.
Good afternoon, Talos readers. 
After months (years?) in beta, an official release candidate is out now for Snort 3. Stay tuned for an officially official release in about a month. 

In other Snort rules, we also have a deep dive into our detection and prevention of Cobalt Strike. One of our researchers, Nicholas Mavis, did an amazing job breaking down what goes into writing Snort rules and ClamAV signatures, for those of you who really want to nerd out. We also have new research out on fraudulent sites that claim to complete students' homework for them. This is easier for students to carry out now that many of them are learning from home. But these sites also sometimes come with malware.

UPCOMING PUBLIC ENGAGEMENTS 


Event: Attribution: A puzzle  Location: Virtual VirusBulletin conference 2020 Date: Sept. 30 Speakers: Paul Rascagneres and Vitor Ventura Synopsis: The attribution of cyber attacks is hard. It requires collecting diverse intelligence, analyzing it and deciding who is responsible. Given this, it is interesting to examine the evidence available to us as a threat intelligence and security research group to support these conclusions. In this presentation, we will present our research in attributing WellMess. We will also describe additional elements linked to the attribution process such as false flags and code sharing by using additional use cases such as OlympicDestroyer and ACIDBox.   Event:  threat source newsletter