{“lastseen”:”2025-10-02T18:44:26″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter, and happy Cybersecurity Awareness Month.\\n\\nLike everyone under the age of 35 who has at least one father, my dad sends me advice on online safety at least once a week. Does he work in information security? No. He’s a recently retired high school audio engineering teacher, who now spends his days touring with a yacht rock cover band and building guitars. But throughout his life, he’s been a true Renaissance man. From playing trombone on a Bruce Springsteen tour to building our backyard deck, to Roth IRA advice, to the history of Bell Labs, the breadth of his knowledge astounds me. I actually called him last week to find out just _how long_ I can drive my car before taking it to the mechanic to get the oxygen sensor fixed.\\n\\nThere is one area where I think I have him beat: cybersecurity. Not by a lot, but I think working in Talos has given me an edge — or, at least, access to people who can tell me how worried I should be about an issue that Facebook is having a field day with.\\n\\nStill, that doesn’t stop him from sending me a steady stream of headlines and warnings. Here are just a few that my dad has sent me:\\n\\n * **Jan. 31, 2024:** An _NBC news clip_ of former FBI Director Christopher Wray disclosing alarming hacking threats to critical U.S. infrastructure, also mentioning the takedown of Volt Typhoon.\\n * **Sept. 19, 2024:** An _article_ explaining that if you’re shopping online and your credit card gets declined, you may be getting scammed.\\n * **May 1, 2025:** A _video_ warning that \\”QR codes in mystery packages could steal your identity.\\”\\n * **June 22, 2025:** _This video_ about hidden watermarks embedded in AI-generated content. Not nearly as menacing as the others (unless you’re a college student trying to coast), but it _is_ fascinating. _This article_ gives a deeper understanding.\\n\\n\\n\\nEven without deep investigation, these headlines reveal a lot about how cybersecurity anxieties are shared and amplified on social media. It’s a cycle that’s probably familiar to a lot of us: technology keeps evolving, but the impulse to protect each other never really changes. Whether you’re the IT help desk for your family or the one receiving those late-night warnings (or both), every message is a chance to share knowledge, calm fears, and help each other navigate a world that’s always shifting under our feet.\\n\\nSo, the next time your dad (or mom, or aunt, or grandma) sends you a link that sounds a little far-fetched, take a moment to appreciate the intent behind it. They might not always get the details right, but their concern is real. In its own way, that’s another layer of security.\\n\\nBreathe in, let it out, and let’s dive in.\\n\\n## The one big thing\\n\\n _Cisco Talos has uncovered a Chinese-speaking cybercrime group_, UAT-8099, that is hacking into reputable Internet Information Services (IIS) servers in countries like India, Thailand, Vietnam, Canada, and Brazil. Their main goals are to manipulate search results for profit and steal sensitive data, such as credentials and certificates, often using advanced tools and custom malware to avoid detection. The group maintains long-term access to these servers and protects their control from other attackers.\\n\\n### Why do I care?\\n\\nCybercriminals are evolving to target trusted infrastructure for both financial gain and deeper access to valuable data. The use of automation, custom malware, and persistence techniques in this campaign shows UAT-8099 can impact a wide range of organizations.\\n\\n### So now what?\\n\\nReview your environments for signs of BadIIS malware, unauthorized web shells and suspicious RDP or VPN activity on IIS servers. Also, strengthen server defenses, monitor for unusual traffic and share indicators of compromise (IOCs) within the security community to help prevent further attacks.\\n\\n## Top security headlines of the week\\n\\n**CISA 2015 cyber threat info-sharing law lapses amid government shutdown** \\nDefenders have lost the information-sharing liability protection the bill provided, and the government has lost a lot of visibility into threats emerging across the private sector. (_CSO_)\\n\\n**Cyberattack on JLR prompts \u00a31.5B UK government intervention** \\nThe announcement Sunday says that the support package is meant to \\”give certainty to its supply chain following a recent cyber-attack.\\” Some experts believe the bailout will encourage cybercriminals to continue targeting UK companies with weak cybersecurity. (_Security Week_)\\n\\n**Neon pays users to record their phone calls and sells data to AI firms** \\nUnbelievably, this app was spotted in the No. 2 spot in Apple’s U.S. App Store’s Social Networking section. Their marketing claims to only record your side of the call unless it’s with another Neon user. (_TechCrunch_)\\n\\n**\\” Klopatra\\” trojan makes bank transfers while you sleep** \\nA sophisticated new banking malware is hard to detect, capable of stealing lots of money, and infecting thousands of people in Italy and Spain, under the guise of a pirate streaming app. (_Dark Reading_)\\n\\n## Can’t get enough Talos?\\n\\n** _Talos Takes: You can ‘t patch burnout_** \\nOctober is Cybersecurity Awareness Month, but what happens when the defenders themselves are overwhelmed? In this powerful episode, Hazel and Joe Marshall get real about why protecting your well-being is just as vital as any technical defense.\\n\\n** _The TTP: Threat Hunter ‘s Cookbook_** \\nHear from Ryan Fetterman and Sydney Marrone from the SURGe team (now part of Cisco’s Foundation AI group), who wrote the Threat Hunter’s Cookbook: a collection of practical \\”recipes\\” security teams can pick up and apply.\\n\\n** _Engaging Cisco Talos Incident Response_****** \\nYou’ve called Talos IR about a cyber incident — now what happens? This blog post takes you behind the scenes of a Talos IR engagement, from picking up the phone to recovery and implementation of long-term security improvements.\\n\\n## Upcoming events where you can find Talos\\n\\n * _Wild West Hackin ‘ Fest_ (Oct. 8 – 10) Deadwood, SD\\n * _DEEP Conference_ (Oct. 22 – 23) Petr\u010dane, Croatia\\n\\n\\n\\n## Most prevalent malware files from Talos telemetry over the past week\\n\\n**SHA256: d933ec4aaf7cfe2f459d64ea4af346e69177e150df1cd23aad1904f5fd41f44a** \\nMD5: 1f7e01a3355b52cbc92c908a61abf643 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=d933ec4aaf7cfe2f459d64ea4af346e69177e150df1cd23aad1904f5fd41f44a_ \\nExample Filename:cleanup.bat \\nDetection Name: W32.D933EC4AAF-90.SBX.TG\\n\\n**SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507** \\nMD5: 2915b3f8b703eb744fc54c81f4a9c67f \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507_ \\nExample Filename:VID001.exe \\nDetection Name: Win.Worm.Coinminer::1201\\n\\n**SHA256: 41f14d86bcaf8e949160ee2731802523e0c76fea87adf00ee7fe9567c3cec610** \\nMD5: 85bbddc502f7b10871621fd460243fbc \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=41f14d86bcaf8e949160ee2731802523e0c76fea87adf00ee7fe9567c3cec610_ \\nExample Filename:85bbddc502f7b10871621fd460243fbc.exe \\nDetection Name: W32.41F14D86BC-100.SBX.TG\\n\\n**SHA256: 3d8eeb6df4a2d777f18d0f15b19cd9666a78927013b8359c883bff423d9faaec** \\nMD5: 5b7948e7ca9742a33be8403b3285a1aa \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=3d8eeb6df4a2d777f18d0f15b19cd9666a78927013b8359c883bff423d9faaec_ \\nExample Filename:onestart.exe \\nDetection Name: W32.3D8EEB6DF4-95.SBX.TG\\n\\n**SHA256: c0ad494457dcd9e964378760fb6aca86a23622045bca851d8f3ab49ec33978fe** \\nMD5: bf9672ec85283fdf002d83662f0b08b7 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=c0ad494457dcd9e964378760fb6aca86a23622045bca851d8f3ab49ec33978fe_ \\nExample Filename:f_04b985.html \\nDetection Name: W32.C0AD494457-95.SBX.TG”,”published”:”2025-10-02T18:00:08″,”modified”:”2025-10-02T18:00:08″,”type”:”talosblog”,”title”:”Family group chats: Your (very last) line of cyber defense”,”source”:””,”references”:””,”id”:”TALOSBLOG:9C2CF6E2AC5F3A7CD3294242D3AF29F4″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/blog.talosintelligence.com\/family-group-chats-your-very-last-line-of-cyber-defense\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-10-02T18:44:26″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter, and happy Cybersecurity Awareness Month.\\n\\nLike everyone…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,7,69,11,5],"class_list":["post-19949","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-talosblog","tag-tapic","tag-vulnerability"],"yoast_head":"\n