\n<\/p>\n
Welcome to this week’s edition of the Threat Source newsletter.<\/p>\n
This week, I’m coming to you from Cisco Live in San Diego where I’ve just talked to a room that some of you may have been in, so writing this feels a bit surreal. It’s really hard to try and write a cogent newsletter with all that’s happening in the world, some directly outside my door. To purposefully butcher Charles Dickens, “It was the worst of times, it was the even worse times.” Nevertheless, I’m persisting.<\/p>\n
I’ve had great conversations with so many smart people this week, but I was reminded once again that the most important tool you can leverage in protecting and securing your environment is knowing your environment and knowing yourself. <\/p>\n
Knowing your environment can and should be tooled and processed so that it can be repeatable. Continuing to know your environment requires constant vigilance and effort. Knowing yourself requires a level of introspection that is hard — and honestly, sometimes I just lift the rug and sweep my issues under it when I can’t tackle that negativity. <\/p>\n
I’ll give you an excellent example: every single thing I write would get flagged as AI. Everything. Why? I use an em dash (“–“) for roughly every four words I write — sometimes more, if I let it fly. It’s clear that I could never go back to school successfully, despite the comedy gold that it would produce. For those of you old enough to remember “Back to School” with Rodney Dangerfield, I think you can imagine. I don’t even want to talk about my kludgy code. Sure, it runs, but at what cost?<\/p>\n
So my advice? Do as I say, not as I do. Learn everything about your environment in a repeatable way, with a clear and documented process. Then analyze your own weaknesses in your work — let’s not try to make miracles happen — and identify chances for you to learn, fill the gaps in your skill set and then do it all over again. The bad guys are really good at learning your environment; make it as hard for them as you can.<\/p>\n
## The one big thing<\/p>\n
Cisco Talos recently disclosed _several vulnerabilities across various software_, including catdoc, Parallel, NVIDIA and High-Logic FontCreator. While most vulnerabilities were patched by their respective vendors, catdoc posed an exception as the vendor was unreachable, prompting Talos to provide patches directly.<\/p>\n
### Why do I care?<\/p>\n
These vulnerabilities highlight risks in widely used software, potentially exposing systems to attacks such as privilege escalation, memory corruption and data leaks. Understanding these risks is crucial to protect your systems.<\/p>\n
### So now what?<\/p>\n
If you use these programs, update them immediately with the latest patches to protect yourself. If you’re on a security team, grab the latest Snort rules to detect possible exploits and keep an eye out for suspicious activity. And if you’re a developer, take notes from these vulnerabilities to strengthen your own code and avoid similar pitfalls in your projects. Security is everyone’s job!<\/p>\n
## Top security headlines of the week<\/p>\n
**NHS in England calls for blood donors after ransomware attack**
The UK’s National Health Service (NHS) is calling for one million donors after a Qilin ransomware attack last summer caused a severe shortage of O-negative blood. (_Cybernews_)<\/p>\n
**Let them eat junk food: Major organic supplier to Whole Foods, Walmart, hit by cyberattack**
North American grocery wholesaler United Natural Foods told regulators that a cyber incident temporarily disrupted operations, including its ability to fulfill customer orders. (_The Register_)<\/p>\n
**Google fixes bug that could reveal users ‘ private phone numbers**
A security researcher has discovered a bug that could be exploited to reveal the private recovery phone number of almost any Google account without alerting its owner, potentially exposing users to privacy and security risks. (_TechCrunch_)<\/p>\n
**SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords**
Two security vulnerabilities have been disclosed in SinoTrack GPS devices that could be exploited to control certain remote functions on connected vehicles and even track their locations. (_T_ _he Hacker News_)<\/p>\n
## Can’t get enough Talos?<\/p>\n
**Microsoft Patch Tuesday for June 2025**
Microsoft has released its monthly security update, which includes 66 vulnerabilities affecting a range of products, including 10 that Microsoft marked as “critical.” Read the blog here.<\/p>\n
**PathWiper targeting Ukrainian critical infrastructure**
Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling “PathWiper.” Learn more.<\/p>\n
## Upcoming events where you can find Talos<\/p>\n
* _REcon_ (June 27 – 29) Montreal, Canada
* _NIRMA_ (July 28 – 30) St. Augustine, FL
* _Black Hat USA_ (Aug. 2 – 7) Las Vegas, NV<\/p>\n
## Most prevalent malware files from Talos telemetry over the past week<\/p>\n
**SHA 256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507**
MD5: 2915b3f8b703eb744fc54c81f4a9c67f
VirusTotal: https:\/\/www.virustotal.com\/gui\/file\/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
Typical Filename: VID001.exe
Claimed Product: N\/A
Detection Name: Win.Worm.Coinminer::1201<\/p>\n
**SHA 256: 5616b94f1a40b49096e2f8f78d646891b45c649473a5b67b8beddac46ad398e1**
MD5: 3e10a74a7613d1cae4b9749d7ec93515
VirusTotal: https:\/\/www.virustotal.com\/gui\/file\/5616b94f1a40b49096e2f8f78d646891b45c649473a5b67b8beddac46ad398e1
Typical Filename: IMG001.exe
Claimed Product: N\/A
Detection Name: Win.Dropper.Coinminer::1201<\/p>\n
**SHA 256: c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0**
MD5: 8c69830a50fb85d8a794fa46643493b2
VirusTotal: https:\/\/www.virustotal.com\/gui\/file\/c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0
Typical Filename: AAct.exe
Claimed Product: N\/A
Detection Name: PUA.Win.Dropper.Generic::1201<\/p>\n
**SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91 **
MD5: 7bdbd180c081fa63ca94f9c22c457376
VirusTotal: https:\/\/www.virustotal.com\/gui\/file\/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91\/details
Typical Filename: IMG001.exe
Detection Name: Simple_Custom_Detection<\/p>\n
**SHA256 275A021BBFB6489E54D471899F7DB9D1663FC695EC2FE2A2C4538AABF651FD0F**
MD5: 44d88612fea8a8f36de82e1278abb02f
VirusTotal: https:\/\/www.virustotal.com\/gui\/file\/275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f\/detection
Typical Filename: eicar.com-42987
Detection Name: eicarTestFile\n<\/div>\n
View Advisory Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Security Update News Update Information Title Know thyself, know thy environment Update ID TALOSBLOG:5AC1EB9CBE5B76FBD951DB17FE9CC820 Type talosblog Published 2025-06-12T18:01:24 Last Updated 2025-06-12T18:01:24 Security Impact CVSS Score…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,34,12,13,33,7,69,11,5],"class_list":["post-6809","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-00","tag-exploit","tag-news","tag-none","tag-security","tag-talosblog","tag-tapic","tag-vulnerability"],"yoast_head":"\n
Know thyself, know thy environment - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=6809\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Know thyself, know thy environment - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Security Update News Update Information Title Know thyself, know thy environment Update ID TALOSBLOG:5AC1EB9CBE5B76FBD951DB17FE9CC820 Type talosblog Published 2025-06-12T18:01:24 Last Updated 2025-06-12T18:01:24 Security Impact CVSS Score...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=6809\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-12T15:39:40+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6809#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6809\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Know thyself, know thy environment\",\"datePublished\":\"2025-06-12T15:39:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6809\"},\"wordCount\":1161,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-0.0\",\"exploit\",\"news\",\"NONE\",\"Security\",\"talosblog\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=6809#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6809\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6809\",\"name\":\"Know thyself, know thy environment - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-06-12T15:39:40+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6809#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=6809\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6809#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Know thyself, know thy environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Know thyself, know thy environment - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=6809","og_locale":"en_US","og_type":"article","og_title":"Know thyself, know thy environment - zero redgem","og_description":"Security Update News Update Information Title Know thyself, know thy environment Update ID TALOSBLOG:5AC1EB9CBE5B76FBD951DB17FE9CC820 Type talosblog Published 2025-06-12T18:01:24 Last Updated 2025-06-12T18:01:24 Security Impact CVSS Score...","og_url":"https:\/\/zero.redgem.net\/?p=6809","og_site_name":"zero redgem","article_published_time":"2025-06-12T15:39:40+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=6809#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=6809"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Know thyself, know thy environment","datePublished":"2025-06-12T15:39:40+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=6809"},"wordCount":1161,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-0.0","exploit","news","NONE","Security","talosblog","tapic","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=6809#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=6809","url":"https:\/\/zero.redgem.net\/?p=6809","name":"Know thyself, know thy environment - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-06-12T15:39:40+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=6809#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=6809"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=6809#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Know thyself, know thy environment"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/6809","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6809"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/6809\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6809"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6809"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6809"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}