{“lastseen”:”2025-09-25T20:22:26″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter.\\n\\n\\”Back to the Future\\” is 40 years old this year, and at the risk of giving away sensitive information to an audience of hackers\u2026 so am I.\\n\\nI don’t really know what 40 is supposed to feel like. Honestly, I don’t feel all that different from my 20s, with two key exceptions: One, I care a whole lot less about what people think of me. And two, my trainer recently stopped mid-set to ask, \\”Was that your knee making that sound?\\”\\n\\nI’ve always loved \\”Back to the Future\\” (mommy issues aside). For my 30th birthday, I threw a BTTF-themed party. Guests had to dress for either 1955, 1985 or 1885. (2015 was also allowed, but only if you wore two ties.)\\n\\nBut watching the documentary \\”Still\\” recently gave me a whole new appreciation for what Michael J. Fox went through to make it happen.\\n\\nBecause he was still under contract with \\”Family Ties,\\” and because the original Marty had been fired five weeks into filming, Fox had to shoot both projects _at the same time._ He’d wrap \\”Back to the Future \\”at 2:00 a.m., sleep in the back of a car, then be on set for the sitcom a few hours later.\\n\\nIn \\”Still,\\” he talks about mixing up lines between scripts, barely functioning from exhaustion and constantly fearing a call from his agent saying he wasn’t doing a good job. The pressure. The pace. The fear he was messing it up. Fox himself admits the experience nearly broke him. But he kept showing up, because people were counting on him.\\n\\nSound familiar?\\n\\nThat \\”I can’t stop, people are relying on me\\” mindset is something I see a lot in this industry. We care about the mission. We care about our teams. We don’t want to give the adversary any opportunity.\\n\\nSo we say yes. We log back in. We fix the thing no one else will notice, but we know it matters.\\n\\nFox’s schedule and resultant exhaustion weren’t the only issues behind the scenes of \\”Back to the Future.\\” The \\”What Went Wrong\\” podcast (a favourite of mine) recently covered the mishaps and difficulties, from the DeLorean doors constantly jamming shut, to having to change the entire ending. The film was originally supposed to climax at a nuclear test site, with Marty manufacturing a time machine out of a fridge.\\n\\nThat ending was axed as the producers were concerned children would copy the idea and get trapped in fridges. Thankfully, Steven Spielberg (a producer on the film) would use the concept 20 years later in \\”Indiana Jones and the Kingdom of the Crystal Skull\\” to huge success. Ahem.\\n\\nSo much about the making of \\”Back to the Future\\” was fraught and uncertain. But what we, the audience, saw was pure delight. And that’s the thing — what looks effortless on the surface is often the result of long hours, unfair compromises, and the kind of behind-the-scenes effort that nobody ever sees.\\n\\nI want to echo the thoughts of my colleague Joe from _last week ‘s newsletter_: B**urnout is brutal, a** nd it takes no prisoners. Trying to be there for everyone and everything all the time is unsustainable. And (trust me on this one), the longer we put off taking care of ourselves, the harder and longer the recovery.\\n\\nCreating boundaries is one of the best things we can do for ourselves. So, this week, whether you’re coordinating an incident, researching something cool, supporting your team or just trying to be a functioning human, give yourself a moment. Identify your boundaries. Move them closer if you need to.\\n\\nIn fact, write down just one thing that will help decompress you this week, and do that thing. Whether that’s less screen time, a short walk after dinner or playing a game.\\n\\nJust\u2026 give yourself permission, okay? As Doc Brown says:\\n\\n\\”The future is whatever you make it. So make it a good one.\\”\\n\\n## The one big thing\\n\\nCisco Talos _uncovered a new PlugX malware variant_ targeting telecom and manufacturing sectors in Central and South Asia since 2022, using the same sneaky tactics as the RainyDay and Turian backdoors. These threats abuse legitimate software and share unique technical fingerprints, suggesting they’re the work of the same or closely linked attackers. The campaign shows a high level of sophistication and ongoing risk for targeted industries.\\n\\n### Why do I care?\\n\\nIf your organization is in telecom or manufacturing, especially in Central or South Asia, you’re squarely in the crosshairs of advanced attackers using updated, evasive malware that can compromise your systems, steal data and lurk undetected for years.\\n\\nEven if you’re in a different industry, attackers are getting smarter at hiding in plain sight and any organization could be at risk if these tactics spread.\\n\\n### So now what?\\n\\nDouble down on security controls. Make sure your endpoint, email and network protection solutions are up to date, review your defenses against DLL hijacking and stay alert for new updates.\\n\\n## Top security headlines of the week\\n\\n**Microsoft fixed Entra ID vulnerability allowing Global Admin impersonation** \\nMicrosoft rolled out a global fix on July 17, just three days after the initial report and later added further mitigations that block applications from requesting Actor tokens for the Azure AD Graph. (_HackRead_)\\n\\n**U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area** \\nThe U.S. Secret Service dismantled a network of electronic devices located throughout the New York tristate area that were used to conduct multiple telecommunications-related threats directed towards senior U.S. government officials. (_U.S. Secret Service_)\\n\\n**European airport disruptions caused by ransomware attack** \\nENISA said the type of ransomware involved in the attack has been identified and law enforcement is conducting an investigation. The cyberattack hit services provided by US-based Collins Aerospace, which is owned by RTX (formerly Raytheon). (_SecurityWeek_)\\n\\n**ChatGPT targeted in server-side data theft attack** \\nThe attack, dubbed ShadowLeak, targeted ChatGPT’s Deep Research capability, which is designed to conduct multi-step research for complex tasks. OpenAI neutralized ShadowLeak after notification. (_SecurityWeek_)\\n\\n**Attackers abuse AI tools to generate fake CAPTCHAs in phishing attacks** \\nThe fake CAPTCHA pages redirect victims to malicious websites hosted by the attackers. The apparent routine security check makes the malicious link appear more legitimate to the victim and helps bypass security tools. (_Infosecurity Magazine_)\\n\\n**SystemBC malware turns infected VPS systems into proxy highway** \\nThe operators of the SystemBC proxy botnet are hunting for vulnerable commercial virtual private servers (VPS) and maintain an average of 1,500 bots every day that provide a highway for malicious traffic. (_Bleeping Computer_)\\n\\n## Can’t get enough Talos?\\n\\n** _The TTP: Threat Hunter ‘s Cookbook_** \\nHear from Ryan Fetterman and Sydney Marrone from the SURGe team (now part of Cisco’s Foundation AI group), who wrote the Threat Hunter’s Cookbook: a collection of practical \\”recipes\\” security teams can pick up and apply.\\n\\n** _Engaging Cisco Talos Incident Response_** \\nYou’ve called Talos IR about a cyber incident — now what happens? This blog post takes you behind the scenes of a Talos IR engagement, from picking up the phone to recovery and implementation of long-term security improvements.\\n\\n** _Tampered Chef: When malvertising serves up infostealers_****** \\nImagine downloading a PDF Editor tool from the internet that works great… until nearly two months later, when it quietly steals your credentials. Nick Biasini explains how cybercriminals are investing in malvertising and challenges in defense.\\n\\n## Upcoming events where you can find Talos\\n\\n * _VB2025_ (Sept. 24 – 26) Berlin, Germany\\n * _Wild West Hackin ‘ Fest_ (Oct. 8 – 10) Deadwood, SD\\n * _DEEP Conference_ (Oct. 22 – 23) Petr\u010dane, Croatia\\n\\n\\n\\n## Most prevalent malware files from Talos telemetry over the past week\\n\\n**SHA256: d933ec4aaf7cfe2f459d64ea4af346e69177e150df1cd23aad1904f5fd41f44a** \\nMD5: 1f7e01a3355b52cbc92c908a61abf643 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=d933ec4aaf7cfe2f459d64ea4af346e69177e150df1cd23aad1904f5fd41f44a_ \\nExample Filename: cleanup.bat \\nDetection Name: W32.D933EC4AAF-90.SBX.TG\\n\\n**SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507** \\nMD5: 2915b3f8b703eb744fc54c81f4a9c67f \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507_ \\nExample Filename: 0a0dc0e95070a2b05b04c2f0a049dad8_1_Exe.exe \\nDetection Name: Win.Worm.Coinminer::1201\\n\\n**SHA256: 57a6d1bdbdac7614f588ec9c7e4e99c4544df8638af77781147a3d6daa5af536** \\nMD5: 79b075dc4fce7321f3be049719f3ce27 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=57a6d1bdbdac7614f588ec9c7e4e99c4544df8638af77781147a3d6daa5af536_ \\nExample Filename: RemCom.exe \\nDetection Name: W32.57A6D1BDBD-100.SBX.VIOC\\n\\n**SHA256: 1e9efd7b2b70a21b49395081f8d70d5e500539abb51a4dd079ffb746f59e43a1** \\nMD5: 45f586861cc745a6b29a957fdbc03645 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=1e9efd7b2b70a21b49395081f8d70d5e500539abb51a4dd079ffb746f59e43a1_ \\nExample Filename: cleanup.bat \\nDetection Name: W32.1E9EFD7B2B-90.SBX.TG\\n\\n**SHA256: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974** \\nMD5: aac3165ece2959f39ff98334618d10d9 Talos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974_ \\nExample Filename: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974.exe \\nDetection Name: W32.Injector:Gen.21ie.1201″,”published”:”2025-09-25T18:00:34″,”modified”:”2025-09-25T18:00:34″,”type”:”talosblog”,”title”:”Great Scott, I\u2019m tired”,”source”:””,”references”:””,”id”:”TALOSBLOG:4FB4227E188E455D5A74A3BB6376E888″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/blog.talosintelligence.com\/great-scott-im-tired\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-09-25T20:22:26″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter.\\n\\n\\”Back to the Future\\” is 40 years old this year, and at the…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,7,69,11,5],"class_list":["post-19077","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-talosblog","tag-tapic","tag-vulnerability"],"yoast_head":"\n