QR codes are disproportionately effective at bypassing most anti-spam filters. Talos discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumption. This article has been indexed from Cisco Talos Blog Read the…
Category: Cisco Talos Blog
Bidirectional communication via polyrhythms and shuffles: Without Jon the beat must go on
The Threat Source Newsletter is back! William Largent discusses bidirectional communication in the SOC, and highlights new Talos research including the discovery of PXA Stealers. This article has been indexed from Cisco Talos Blog Read the original article: Bidirectional communication…
New PXA Stealer targets government and education sectors for sensitive information
Cisco Talos discovered a new information stealing campaign operated by a Vietnamese-speaking threat actor targeting government and education entities in Europe and Asia. This article has been indexed from Cisco Talos Blog Read the original article: New PXA Stealer targets…
November Patch Tuesday release contains three critical remote code execution vulnerabilities
The Patch Tuesday for November of 2024 includes 91 vulnerabilities, including two that Microsoft marked as “critical.” The remaining 89 vulnerabilities listed are classified as “important.” This article has been indexed from Cisco Talos Blog Read the original article: November…
Unwrapping the emerging Interlock ransomware attack
Cisco Talos Incident Response (Talos IR) recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware. This article has been indexed from Cisco Talos Blog Read the original article: Unwrapping the emerging Interlock…
NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities
Cisco Talos' Vulnerability Research team recently discovered five Nvidia out-of-bounds access vulnerabilities in shader processing, as well as eleven LevelOne router vulnerabilities spanning a range of possible exploits. For Snort coverage that can detect the exploitation of these vulnerabilities, download…
Threat actors use copyright infringement phishing lure to deploy infostealers
Cisco Talos has observed an unknown threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. The decoy email and fake PDF filenames are designed to impersonate a company's legal department, attempting to lure the…
Writing a BugSleep C2 server and detecting its traffic with Snort
This blog will demonstrate the practice and methodology of reversing BugSleep’s protocol, writing a functional C2 server, and detecting this traffic with Snort. This article has been indexed from Cisco Talos Blog Read the original article: Writing a BugSleep C2…
How LLMs could help defenders write better and faster detection
Can LLM tools actually help defenders in the cybersecurity industry write more effective detection content? Read the full research This article has been indexed from Cisco Talos Blog Read the original article: How LLMs could help defenders write better and faster…
Talos IR trends Q3 2024: Identity-based operations loom large
Credential theft was the main goal in 25% of incidents last quarter, and new ransomware variants made their appearance – read more about the top trends, TTPs, and security weaknesses that facilitated adversary actions. This article has been indexed from…
Highlighting TA866/Asylum Ambuscade Activity Since 2021
TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020. This article has been indexed from Cisco Talos Blog Read the original article: Highlighting TA866/Asylum Ambuscade Activity Since…
Threat Spotlight: WarmCookie/BadSpace
WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns. This article has been indexed from Cisco Talos Blog Read the original article: Threat Spotlight: WarmCookie/BadSpace
Threat actor abuses Gophish to deliver new PowerRAT and DCRAT
Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. This article has been indexed from Cisco Talos Blog Read the original article: Threat actor abuses Gophish to deliver new PowerRAT…
Akira ransomware continues to evolve
As the Akira ransomware group continues to evolve its operations, Talos has the latest research on the group’s attack chain, targeted verticals, and potential future TTPs. This article has been indexed from Cisco Talos Blog Read the original article: Akira…
What I’ve learned in my first 7-ish years in cybersecurity
Plus, a zero-day vulnerability in Qualcomm chips, exposed health care devices, and the latest on the Salt Typhoon threat actor. This article has been indexed from Cisco Talos Blog Read the original article: What I’ve learned in my first 7-ish…
UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants
By Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer and Vitor Ventura. Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian government entities and unknown…
Protecting major events: An incident response blueprint
Go behind the scenes with Talos incident responders and learn from what we’ve seen in the field. This article has been indexed from Cisco Talos Blog Read the original article: Protecting major events: An incident response blueprint
What NIST’s latest password standards mean, and why the old ones weren’t working
Rather than setting a regular cadence for changing passwords, users only need to change their passwords if there is evidence of a breach. This article has been indexed from Cisco Talos Blog Read the original article: What NIST’s latest password…
Ghidra data type archive for Windows driver functions
Cisco Talos is releasing a GDT file on GitHub that contains various definitions for functions and data types. This article has been indexed from Cisco Talos Blog Read the original article: Ghidra data type archive for Windows driver functions
Vulnerability in popular PDF reader could lead to arbitrary code execution; Multiple issues in GNOME project
Talos also discovered three vulnerabilities in Veertu’s Anka Build, a suite of software designed to test macOS or iOS applications in CI/CD environments. This article has been indexed from Cisco Talos Blog Read the original article: Vulnerability in popular PDF…
Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities
The two vulnerabilities that Microsoft reports have been actively exploited in the wild and are publicly known are both rated as only being of “moderate” severity. This article has been indexed from Cisco Talos Blog Read the original article: Largest…
CISA is warning us (again) about the threat to critical infrastructure networks
Despite what lessons we thought we learned from Colonial Pipeline, none of those lessons have been able to be put into practice. This article has been indexed from Cisco Talos Blog Read the original article: CISA is warning us (again)…
Threat actor believed to be spreading new MedusaLocker variant since 2022
Cisco Talos has discovered a financially motivated threat actor, active since 2022, recently observed delivering a MedusaLocker ransomware variant. Intelligence collected by Talos on tools regularly employed by the threat actor allows us to see an estimate of the amount…
Are hardware supply chain attacks “cyber attacks?”
It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process. This article has been indexed from Cisco Talos Blog Read…
Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam
Many spammers have elected to attack web pages and mail servers of legitimate organizations, so they may use these “pirated” resources to send unsolicited email. This article has been indexed from Cisco Talos Blog Read the original article: Simple Mail…
Talos discovers denial-of-service vulnerability in Microsoft Audio Bus; Potential remote code execution in popular open-source PLC
Talos researchers have disclosed three vulnerabilities in OpenPLC, a popular open-source programmable logic controller. This article has been indexed from Cisco Talos Blog Read the original article: Talos discovers denial-of-service vulnerability in Microsoft Audio Bus; Potential remote code execution in…
Talk of election security is good, but we still need more money to solve the problem
This year, Congress only allocated $55 million in federal grant dollars to states for security and other election improvements. This article has been indexed from Cisco Talos Blog Read the original article: Talk of election security is good, but we…
We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders
A June report from CyberSeek found that there are only enough skilled workers to fill 85 percent of cybersecurity jobs in America. This article has been indexed from Cisco Talos Blog Read the original article: We can try to bridge…
Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API
CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges. This article has been indexed from Cisco Talos Blog Read the original article: Vulnerability in Acrobat Reader could lead to remote…
Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score
September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical. This article has been indexed from Cisco Talos Blog Read the original article: Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including…
The 2024 Threat Landscape State of Play
Talos’ Nick Biasini discusses the biggest shifts and trends in the threat landscape so far. We also focus on one state sponsored actor that has been particularly active this year, and talk about why defenders need to be paying closer…
Vulnerability in Tencent WeChat custom browser could lead to remote code execution
Certain versions of WeChat, a popular messaging app created by tech giant Tencent, contain a type confusion vulnerability that could allow an adversary to execute remote code. While this issue, CVE-2023-3420, was disclosed and patched in the V8 engine in…
The best and worst ways to get users to improve their account security
In my opinion, mandatory enrollment is best enrollment. This article has been indexed from Cisco Talos Blog Read the original article: The best and worst ways to get users to improve their account security
Watch our new documentary, “The Light We Keep: A Project PowerUp Story”
The Light We Keep documentary tells the story of the consequences of electronic warfare in Ukraine and its effect on power grids across the country. This article has been indexed from Cisco Talos Blog Read the original article: Watch our…
Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads
Cisco Talos recently discovered several related Microsoft Office documents uploaded to VirusTotal by various actors between May and July 2024 that were all generated by a version of a payload generator framework called “MacroPack.” This article has been indexed from…
What kind of summer has it been?
As we head into the final third of 2024, we caught up with Talos’ Nick Biasini to ask him about the biggest shifts and trends in the threat landscape so far. Turns out, he has two major areas of concern.…
Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver
This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server. This article has been indexed from Cisco Talos Blog Read the original article: Fuzzing µC/OS protocol stacks,…
Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing
Any vulnerability in an RTOS has the potential to affect many devices across multiple industries. This article has been indexed from Cisco Talos Blog Read the original article: Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing
Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case
This time, I’ll discuss why this approach is more challenging than simply substituting a socket file descriptor with a typical file descriptor. This article has been indexed from Cisco Talos Blog Read the original article: Fuzzing µCOS protocol stacks, Part…
The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks
Fuzzing has long been one of our favorite ways to search for security issues or vulnerabilities in software, but when it comes to fuzzing popular systems used in ICS environments, it traditionally involved a custom hardware setup to fuzz the…
BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks
In recent investigations, Talos Incident Response has observed the BlackByte ransomware group using techniques that depart from their established tradecraft. Read the full analysis. This article has been indexed from Cisco Talos Blog Read the original article: BlackByte blends tried-and-true…
No, not every Social Security number in the U.S. was stolen
It’s not unusual for a threat actor to exaggerate the extent of a hack or breach to drum up interest, and hopefully, the eventual purchase or ransom price. This article has been indexed from Cisco Talos Blog Read the original…
MoonPeak malware from North Korean actors unveils new details on attacker infrastructure
Cisco Talos has uncovered a new remote access trojan (RAT) family we are calling “MoonPeak.” This a XenoRAT-based malware, which is under active development by a North Korean nexus cluster we are calling “UAT-5394.” This article has been indexed from…
How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions
An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft’s applications to gain their entitlements and user-granted permissions. This article has been indexed from Cisco Talos Blog Read the original article: How multiple vulnerabilities in Microsoft apps for…
AI, election security headline discussions at Black Hat and DEF CON
Voting Village co-founder Harri Hursti told Politico the list of vulnerabilities ran “multiple pages.” This article has been indexed from Cisco Talos Blog Read the original article: AI, election security headline discussions at Black Hat and DEF CON
Talos discovers 11 vulnerabilities between Microsoft, Adobe software disclosed on Patch Tuesday
Eight of the vulnerabilities affect the license update feature for CLIPSP.SYS, a driver used to implement Client License System Policy on Windows 10 and 11. This article has been indexed from Cisco Talos Blog Read the original article: Talos discovers…
Talos discovers Microsoft kernel mode driver vulnerabilities that could lead to SYSTEM privileges; Seven other critical issues disclosed
The most serious of the issues included in August’s Patch Tuesday is CVE-2024-38063, a remote code execution vulnerability in Windows TCP/IP. This article has been indexed from Cisco Talos Blog Read the original article: Talos discovers Microsoft kernel mode driver…
A refresher on Talos’ open-source tools and the importance of the open-source community
Open-source software that is free to download, deploy and modify is a vital component in the fight for cyber security. Freely available software not only helps defend systems that would otherwise be unprotected, but it also allows people to learn…
The top stories coming out of the Black Hat cybersecurity conference
As with everything nowadays, politics are sure to come into play. This article has been indexed from Cisco Talos Blog Read the original article: The top stories coming out of the Black Hat cybersecurity conference
Ryan Pentney reflects on 10 years of Talos and his many roles from the Sourcefire days
Pentney and his team are threat hunters and researchers who contribute to Talos’ research and reports shared with government and private sector partners. This article has been indexed from Cisco Talos Blog Read the original article: Ryan Pentney reflects on…
There is no real fix to the security issues recently found in GitHub and other similar software
The lesson for users, especially if you’re a private company that primarily uses GitHub, is just to understand the inherent dangers of using open-source software. This article has been indexed from Cisco Talos Blog Read the original article: There is…
APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike
Cisco Talos discovered a malicious campaign that compromised a Taiwanese government-affiliated research institute that started as early as July 2023, delivering the ShadowPad malware, Cobalt Strike and other customized tools for post-compromise activities. The activity conducted on the victim endpoint…
Detecting evolving threats: NetSupport RAT campaign
In this first Deep Dive with NTDR, we explore how defenders can leverage Snort for the detection of evasive malware threats. This article has been indexed from Cisco Talos Blog Read the original article: Detecting evolving threats: NetSupport RAT campaign
Where to find Talos at BlackHat 2024
This year marks the 10th anniversary of Cisco Talos, as the Talos brand was officially launched in August 2014 at Black Hat. This article has been indexed from Cisco Talos Blog Read the original article: Where to find Talos at…
Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues
A binary in Apple macOS could allow an adversary to execute an arbitrary binary that bypasses SIP. This article has been indexed from Cisco Talos Blog Read the original article: Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains…
“There is no business school class that would ever sit down and design Talos”
We look back on 10 years of Talos, in multiple interviews with Talos’ leaders. This article has been indexed from Cisco Talos Blog Read the original article: “There is no business school class that would ever sit down and design…
The massive computer outage over the weekend was not a cyber attack, and I’m not sure why we have to keep saying that
Seeing a “blue screen of death,” often with code that looks indecipherable, has been ingrained into our heads that it’s a “hack.” This article has been indexed from Cisco Talos Blog Read the original article: The massive computer outage over…
IR Trends: Ransomware on the rise, while technology becomes most targeted sector
Although there was a decrease in BEC engagements from last quarter, it was still a major threat for the second quarter in a row. This article has been indexed from Cisco Talos Blog Read the original article: IR Trends: Ransomware…
A (somewhat) complete timeline of Talos’ history
Relive some of the major cybersecurity incidents and events that have shaped Talos over the past 10 years. This article has been indexed from Cisco Talos Blog Read the original article: A (somewhat) complete timeline of Talos’ history
It’s best to just assume you’ve been involved in a data breach somehow
Telecommunications provider AT&T disclosed earlier this month that adversaries stole a cache of data that contained the phone numbers and call records of “nearly all” of its customers. This article has been indexed from Cisco Talos Blog Read the original…
Checking in on the state of cybersecurity and the Olympics
Even if a threat actor isn’t successful in some widespread breach that makes international headlines, even smaller-scale threats and actors are just hoping to cause chaos. This article has been indexed from Cisco Talos Blog Read the original article: Checking…
Impact of data breaches is fueling scam campaigns
Data breaches have become one of the most crucial threats to organizations across the globe, and they’ve only become more prevalent and serious over time. A data breach occurs when unauthorized individuals gain access to sensitive, protected or confidential…
15 vulnerabilities discovered in software development kit for wireless routers
Talos researchers discovered these vulnerabilities in the Jungle SDK while researching other vulnerabilities in the LevelOne WBR-6013 wireless router. This article has been indexed from Cisco Talos Blog Read the original article: 15 vulnerabilities discovered in software development kit for…
Hidden between the tags: Insights into spammers’ evasion techniques in HTML Smuggling
Talos is releasing a new list of CyberChef recipes that enable faster and easier reversal of encoded JavaScript code contained in the observed HTML attachments. This article has been indexed from Cisco Talos Blog Read the original article: Hidden between…
Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs
Based on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in TTPs, along with several notable differences and outliers. This article has been indexed from Cisco Talos Blog Read the original article: Inside…
Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities
This is the largest Patch Tuesday since April, when Microsoft patched 150 vulnerabilities. This article has been indexed from Cisco Talos Blog Read the original article: Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities
How do cryptocurrency drainer phishing scams work?
In recent months, a surge in cryptodrainer phishing attacks has been observed, targeting cryptocurrency holders with sophisticated schemes aimed at tricking them into divulging their valuable credentials. This article has been indexed from Cisco Talos Blog Read the original article:…
We’re not talking about cryptocurrency as much as we used to, but there are still plenty of scammers out there
A report in March found that 72% of cryptocurrency projects had died since 2020, with crypto trading platform FTX’s downfall taking out many of them in one fell swoop. This article has been indexed from Cisco Talos Blog Read the…
Snowflake isn’t an outlier, it’s the canary in the coal mine
By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login credentials…
Multiple vulnerabilities in TP-Link Omada system could lead to root access
Affected devices could include wireless access points, routers, switches and VPNs. This article has been indexed from Cisco Talos Blog Read the original article: Multiple vulnerabilities in TP-Link Omada system could lead to root access
SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques
Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. This article has been indexed from Cisco Talos Blog Read the original article: SneakyChef espionage group targets government…
Unveiling SpiceRAT: SneakyChef’s latest tool targeting EMEA and Asia
Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. This article has been indexed from Cisco Talos Blog Read the original…
Tabletop exercises are headed to the next frontier: Space
More on the recent Snowflake breach, MFA bypass techniques and more. This article has been indexed from Cisco Talos Blog Read the original article: Tabletop exercises are headed to the next frontier: Space
How are attackers trying to bypass MFA?
Exploring trends on how attackers are trying to manipulate and bypass MFA, as well as when/how attackers will try their ‘push-spray’ MFA attacks This article has been indexed from Cisco Talos Blog Read the original article: How are attackers trying…
Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more
As the second entry in our “Exploring malicious Windows drivers” series, we will continue where the first left off: Discussing the I/O system and IRPs. This article has been indexed from Cisco Talos Blog Read the original article: Exploring malicious…
How we can separate botnets from the malware operations that rely on them
A botnet is a network of computers or other internet-connected devices that are infected by malware and controlled by a single threat actor or group. This article has been indexed from Cisco Talos Blog Read the original article: How we…
Operation Celestial Force employs mobile and desktop malware to target Indian entities
Cisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track as “HeavyLift.”…
Only one critical issue disclosed as part of Microsoft Patch Tuesday
The lone critical security issue is a remote code execution vulnerability due to a use-after-free issue in the HTTP handling function of Microsoft Message Queuing. This article has been indexed from Cisco Talos Blog Read the original article: Only one…
The sliding doors of misinformation that come with AI-generated search results
AI’s integration into search engines could change the way many of us interact with the internet. This article has been indexed from Cisco Talos Blog Read the original article: The sliding doors of misinformation that come with AI-generated search results
DarkGate switches up its tactics with new payload, email templates
This post was authored by Kalpesh Mantri. Cisco Talos is actively tracking a recent increase in activity from malicious email campaigns containing a suspicious Microsoft Excel attachment that, when opened, infected the victim's system with the DarkGate malware. These campaigns,…
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called “CarnavalHeist.” Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil.…
Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks
Drivers from New York to Georgia and Pennsylvania have received these types of texts with equally convincing phishing text messages and lure pages. This article has been indexed from Cisco Talos Blog Read the original article: Attackers are impersonating a…
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader
By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White. Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we’re calling “LilacSquid.” LilacSquid’s…
Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges
Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application. This article has been indexed from Cisco Talos Blog Read…
New Generative AI category added to Talos reputation services
Generative AI applies to any site “whose primary purpose is to use artificial intelligence models to generate output in the form of text, audio, video or images based on user-supplied prompts.” This article has been indexed from Cisco Talos Blog…
Apple and Google are taking steps to curb the abuse of location-tracking devices — but what about others?
Since the advent of products like the Tile and Apple AirTag, both used to keep track of easily lost items like wallets, keys and purses, bad actors and criminals have found ways to abuse them. These adversaries can range from…
From trust to trickery: Brand impersonation over the email attack vector
Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation. This article has been indexed from Cisco Talos Blog Read the original article: From trust to trickery: Brand…
Rounding up some of the major headlines from RSA
Here’s a rundown of some things you may have missed if you weren’t able to stay on top of the things coming out of the conference. This article has been indexed from Cisco Talos Blog Read the original article: Rounding…
Talos releases new macOS open-source fuzzer
Compared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties. This article has been indexed from Cisco Talos Blog Read the original article: Talos releases new macOS…
Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other zero-day in DWN Core
The lone critical security issue is CVE-2024-30044, a remote code execution vulnerability in SharePoint Server. This article has been indexed from Cisco Talos Blog Read the original article: Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other…
Talos joins CISA to counter cyber threats against non-profits, activists and other at-risk communities
Commercial spyware tools can threaten democratic values by enabling governments to conduct covert surveillance on citizens, undermining privacy rights and freedom of expression. This article has been indexed from Cisco Talos Blog Read the original article: Talos joins CISA to…
A new alert system from CISA seems to be effective — now we just need companies to sign up
Under a pilot program, CISA has sent out more than 2,000 alerts to registered organizations regarding the existence of any unpatched vulnerabilities in CISA’s KEV catalog. This article has been indexed from Cisco Talos Blog Read the original article: A…
Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution
Two vulnerabilities in this group — one in the Tinyroxy HTTP proxy daemon and another in the stb_vorbis.c file library — could lead to arbitrary code execution, earning both issues a CVSS score of 9.8 out of 10. This article…
What can we learn from the passwords used in brute-force attacks?
There are some classics on this list — the ever-present “Password” password, Passw0rd (with a zero, not an “O”) and “123456.” This article has been indexed from Cisco Talos Blog Read the original article: What can we learn from the…
Vulnerabilities in employee management system could lead to remote code execution, login credential theft
Talos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files. This article has been indexed from Cisco Talos Blog Read the…
Cisco Talos at RSAC 2024
With RSAC just a week away, Cisco Talos is gearing up for another year of heading to San Francisco to share in some of the latest major cybersecurity announcements, research and news. This article has been indexed from Cisco Talos…
James Nutland studies what makes threat actors tick, growing our understanding of the current APT landscape
Nutland says he goes into every engagement or new project with a completely open mind and a blank slate — using his background investigating terror operations to find out as much as he can about a particular adversary’s operation. This…
The private sector probably isn’t coming to save the NVD
Plus, new details emerge on the Scattered Spider cybercrime network and ArcaneDoor. This article has been indexed from Cisco Talos Blog Read the original article: The private sector probably isn’t coming to save the NVD
Talos IR trends: BEC attacks surge, while weaknesses in MFA persist
Within BEC attacks, adversaries will send phishing emails appearing to be from a known or reputable source making a valid request, such as updating payroll direct deposit information. This article has been indexed from Cisco Talos Blog Read the original…
ArcaneDoor – New espionage-focused campaign found targeting perimeter network devices
ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns. This article has been indexed from…