Hazel highlights the key findings within Cisco Talos’ 2024 Year in Review (now available for download) and details our active tracking of an ongoing campaign targeting users in Ukraine with malicious LNK files. This article has been indexed from Cisco…
Category: Cisco Talos Blog
Beers with Talos: Year in Review episode
In this podcast, Joe, Hazel, Bill and Dave break down Talos’ Year in Review 2024 and discuss how and why cybercriminals have been leaning so heavily on attacks that are routed in stealth in simplicity. This article has been indexed…
Available now: 2024 Year in Review
Download Talos’ 2024 Year in Review now, and access key insights on the top targeted vulnerabilities of the year, network-based attacks, email threats, adversary toolsets, identity attacks, multi-factor authentication (MFA) abuse, ransomware and AI-based attacks. This article has been indexed…
Gamaredon campaign abuses LNK files to distribute Remcos backdoor
Cisco Talos is actively tracking an ongoing campaign, targeting users in Ukraine with malicious LNK files which run a PowerShell downloader since at least November 2024. This article has been indexed from Cisco Talos Blog Read the original article: Gamaredon…
Money Laundering 101, and why Joe is worried
In this blog post, Joe covers the very basics of money laundering, how it facilitates ransomware cartels, and what the regulatory future holds for cybercrime. This article has been indexed from Cisco Talos Blog Read the original article: Money Laundering…
Tomorrow, and tomorrow, and tomorrow: Information security and the Baseball Hall of Fame
In this week’s Threat Source newsletter, William pitches a fun comparison between baseball legend Ichiro Suzuki and the unsung heroes of information security, highlights newly released UAT-5918 research, and shares an exciting new Talos video. This article has been indexed…
UAT-5918 targets critical infrastructure entities in Taiwan
UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim environments for information theft and credential harvesting.…
Miniaudio and Adobe Acrobat Reader vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a Miniaudio and three Adobe vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort…
Patch it up: Old vulnerabilities are everyone’s problems
Thorsten picks apart some headlines, highlights Talos’ report on an unknown attacker predominantly targeting Japan, and asks, “Where is the victim, and does it matter?” This article has been indexed from Cisco Talos Blog Read the original article: Patch it…
Abusing with style: Leveraging cascading style sheets for evasion and tracking
Cascading Style Sheets (CSS) are ever present in modern day web browsing, however its far from their own use. This blog will detail the ways adversaries use CSS in email campaigns for evasion and tracking. This article has been indexed…
Microsoft Patch Tuesday for March 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for March of 2025 which includes 57 vulnerabilities affecting a range of products, including 6 that Microsoft marked as “critical”. This article has been indexed from Cisco Talos Blog Read the original article:…
Who is Responsible and Does it Matter?
Martin Lee dives into to the complexities of defending our customers from threat actors and covers the latest Talos research in this week’s newsletter. This article has been indexed from Cisco Talos Blog Read the original article: Who is Responsible…
Unmasking the new persistent attacks on Japan
Cisco Talos has discovered an active exploitation of CVE-2024-4577 by an attacker in order to gain access to the victim’s machines and carry out post-exploitation activities. This article has been indexed from Cisco Talos Blog Read the original article: Unmasking…
Sellers can get scammed too, and Joe goes off on a rant about imposter syndrome
Joe has some advice for anyone experiencing self doubt or wondering about their next career move. Plus, catch up on the latest Talos research on scams targeting sellers, and the Lotus Blossom espionage group. This article has been indexed from…
Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools
Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools This article has been indexed from Cisco Talos Blog Read the original article: Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex…
Your item has sold! Avoiding scams targeting online sellers
There are many risks associated with selling items on online marketplaces that individuals and organizations should be aware of when conducting business on these platforms. This article has been indexed from Cisco Talos Blog Read the original article: Your item…
Efficiency? Security? When the quest for one grants neither.
William discusses what happens when security is an afterthought rather than baked into processes and highlights the latest of Talos’ security research. This article has been indexed from Cisco Talos Blog Read the original article: Efficiency? Security? When the quest…
Weathering the storm: In the midst of a Typhoon
Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, by a threat actor dubbed Salt Typhoon. This blog highlights our observations on this campaign and identifies recommendations for detection and prevention. This…
ClearML and Nvidia vulns
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure…
Changing the narrative on pig butchering scams
Hazel discusses Interpol’s push to rename pig butchering scams as ‘romance baiting’. Plus, catch up on the latest vulnerability research from Talos, and why a recent discovery is a “rare industry win”. This article has been indexed from Cisco Talos…
Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for January of 2025 which includes 58 vulnerabilities, including 3 that Microsoft marked as “critical” and one marked as “moderate”. The remaining vulnerabilities listed are classified as “important.” This article has been indexed…
Small praise for modern compilers – A case of Ubuntu printing vulnerability that wasn’t
By Aleksandar Nikolich Earlier this year, we conducted code audits of the macOS printing subsystem, which is heavily based on the open-source CUPS package. During this investigation, IPP-USB protocol caught our attention. IPP over USB specification defines how printers that…
Changing the tide: Reflections on threat data from 2024
Thorsten examines last year’s CVE list and compares it to recent Talos Incident Response trends. Plus, get all the details on the new vulnerabilities disclosed by Talos’ Vulnerability Research Team. This article has been indexed from Cisco Talos Blog Read…
Google Cloud Platform Data Destruction via Cloud Build
A technical overview of Cisco Talos’ investigations into Google Cloud Platform Cloud Build, and the threat surface posed by the storage permission family. This article has been indexed from Cisco Talos Blog Read the original article: Google Cloud Platform Data…
Defeating Future Threats Starts Today
Martin discusses how defenders can use threat intelligence to equip themselves against AI-based threats. Plus check out his introductory course to threat intelligence. This article has been indexed from Cisco Talos Blog Read the original article: Defeating Future Threats Starts…
Talos IR trends Q4 2024: Web shell usage and exploitation of public-facing applications spike
This new report from Cisco Talos Incident Response explores how threat actors increasingly deployed web shells against vulnerable web applications, and exploited vulnerable or unpatched public-facing applications to gain initial access. This article has been indexed from Cisco Talos Blog…
Whatsup Gold, Observium and Offis vulnerabilities
Cisco Talos’ Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold. These vulnerabilities exist in Observium, a network observation and monitoring system; Offis DCMTK, a collection of libraries and applications…
New TorNet backdoor seen in widespread campaign
Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany. This article has been indexed from Cisco Talos Blog Read the original article: New TorNet backdoor seen in widespread…
Seasoning email threats with hidden text salting
Hidden text salting is a simple yet effective technique for bypassing email parsers, confusing spam filters, and evading detection engines that rely on keywords. Cisco Talos observed an increase in the number of email threats leveraging hidden text salting. This…
Everything is connected to security
Joe shares his recent experience presenting at the 32nd Crop Insurance Conference and how it’s important to stay curious, be a forever student, and keep learning. This article has been indexed from Cisco Talos Blog Read the original article: Everything…
Find the helpers
Bill discusses how to find ‘the helpers’ and the importance of knowledge sharing. Plus, there’s a lot to talk about in our latest vulnerability roundup. This article has been indexed from Cisco Talos Blog Read the original article: Find the…
Slew of WavLink vulnerabilities
Lilith >_> of Cisco Talos discovered these vulnerabilities. Forty-four vulnerabilities and sixty-three CVEs were discovered across ten .cgi and three .sh files, as well as the static login page, of the Wavlink AC3000 wireless router web application. The Wavlink AC3000…
Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” This article has been indexed from Cisco Talos Blog Read…
Do we still have to keep doing it like this?
Hazel gets inspired by watching Wendy Nather’s recent keynote, and explores ways to challenge security assumptions. This article has been indexed from Cisco Talos Blog Read the original article: Do we still have to keep doing it like this?
Acrobat out-of-bounds and Foxit use-after-free PDF reader vulnerabilities found
Cisco Talos’ Vulnerability Research team recently disclosed three out-of-bounds read vulnerabilities in Adobe Acrobat Reader, and two use-after-free vulnerabilities in Foxit Reader. These vulnerabilities exist in Adobe Acrobat Reader and Foxit Reader, two of the most popular and feature-rich PDF…
Welcome to the party, pal!
In the last newsletter of the year, Thorsten recalls his tech-savvy gift to his family and how we can all incorporate cybersecurity protections this holiday season. This article has been indexed from Cisco Talos Blog Read the original article: Welcome…
Exploring vulnerable Windows drivers
This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver (BYOVD) technique along with Cisco Talos’ series of posts about malicious Windows drivers. This article has been indexed from Cisco Talos Blog…
Something to Read When You Are On Call and Everyone Else is at the Office Party
Its mid-December, if you’re on-call or working to defend networks, this newsletter is for you. Martin discusses the widening gap between threat and defences as well as the growing problem of home devices being recruited to act as proxy servers…
The evolution and abuse of proxy networks
Proxy and anonymization networks have been dominating the headlines, this piece discusses its origins and evolution on the threat landscape with specific focus on state sponsored abuse. This article has been indexed from Cisco Talos Blog Read the original article:…
Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” This article has been indexed from Cisco Talos Blog Read the original article: Microsoft Patch…
MC LR Router and GoCast unpatched vulnerabilities
Cisco Talos' Vulnerability Research team recently discovered two vulnerabilities in MC Technologies LR Router and three vulnerabilities in the GoCast service. These vulnerabilities have not been patched at time of this posting. For Snort coverage that can detect the exploitation…
The adventures of an extroverted cyber nerd and the people Talos helps to fight the good fight
Ever wonder what an extroverted strategy security nerd does? Wonder no longer! This week, Joe pontificates on his journey at Talos, and then is inspired by the people he gets to meet and help. This article has been indexed from…
Finding vulnerabilities in ClipSp, the driver at the core of Windows’ Client License Platform
By Philippe Laulheret ClipSP (clipsp.sys) is a Windows driver used to implement client licensing and system policies on Windows 10 and 11 systems. Cisco Talos researchers have discovered eight vulnerabilities related to clipsp.sys ranging from signature bypass to elevation of…
Malicious QR Codes: How big of a problem is it, really?
QR codes are disproportionately effective at bypassing most anti-spam filters. Talos discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumption. This article has been indexed from Cisco Talos Blog Read the…
Bidirectional communication via polyrhythms and shuffles: Without Jon the beat must go on
The Threat Source Newsletter is back! William Largent discusses bidirectional communication in the SOC, and highlights new Talos research including the discovery of PXA Stealers. This article has been indexed from Cisco Talos Blog Read the original article: Bidirectional communication…
New PXA Stealer targets government and education sectors for sensitive information
Cisco Talos discovered a new information stealing campaign operated by a Vietnamese-speaking threat actor targeting government and education entities in Europe and Asia. This article has been indexed from Cisco Talos Blog Read the original article: New PXA Stealer targets…
November Patch Tuesday release contains three critical remote code execution vulnerabilities
The Patch Tuesday for November of 2024 includes 91 vulnerabilities, including two that Microsoft marked as “critical.” The remaining 89 vulnerabilities listed are classified as “important.” This article has been indexed from Cisco Talos Blog Read the original article: November…
Unwrapping the emerging Interlock ransomware attack
Cisco Talos Incident Response (Talos IR) recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware. This article has been indexed from Cisco Talos Blog Read the original article: Unwrapping the emerging Interlock…
NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities
Cisco Talos' Vulnerability Research team recently discovered five Nvidia out-of-bounds access vulnerabilities in shader processing, as well as eleven LevelOne router vulnerabilities spanning a range of possible exploits. For Snort coverage that can detect the exploitation of these vulnerabilities, download…
Threat actors use copyright infringement phishing lure to deploy infostealers
Cisco Talos has observed an unknown threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. The decoy email and fake PDF filenames are designed to impersonate a company's legal department, attempting to lure the…
Writing a BugSleep C2 server and detecting its traffic with Snort
This blog will demonstrate the practice and methodology of reversing BugSleep’s protocol, writing a functional C2 server, and detecting this traffic with Snort. This article has been indexed from Cisco Talos Blog Read the original article: Writing a BugSleep C2…
How LLMs could help defenders write better and faster detection
Can LLM tools actually help defenders in the cybersecurity industry write more effective detection content? Read the full research This article has been indexed from Cisco Talos Blog Read the original article: How LLMs could help defenders write better and faster…
Talos IR trends Q3 2024: Identity-based operations loom large
Credential theft was the main goal in 25% of incidents last quarter, and new ransomware variants made their appearance – read more about the top trends, TTPs, and security weaknesses that facilitated adversary actions. This article has been indexed from…
Highlighting TA866/Asylum Ambuscade Activity Since 2021
TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020. This article has been indexed from Cisco Talos Blog Read the original article: Highlighting TA866/Asylum Ambuscade Activity Since…
Threat Spotlight: WarmCookie/BadSpace
WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns. This article has been indexed from Cisco Talos Blog Read the original article: Threat Spotlight: WarmCookie/BadSpace
Threat actor abuses Gophish to deliver new PowerRAT and DCRAT
Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. This article has been indexed from Cisco Talos Blog Read the original article: Threat actor abuses Gophish to deliver new PowerRAT…
Akira ransomware continues to evolve
As the Akira ransomware group continues to evolve its operations, Talos has the latest research on the group’s attack chain, targeted verticals, and potential future TTPs. This article has been indexed from Cisco Talos Blog Read the original article: Akira…
What I’ve learned in my first 7-ish years in cybersecurity
Plus, a zero-day vulnerability in Qualcomm chips, exposed health care devices, and the latest on the Salt Typhoon threat actor. This article has been indexed from Cisco Talos Blog Read the original article: What I’ve learned in my first 7-ish…
UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants
By Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer and Vitor Ventura. Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian government entities and unknown…
Protecting major events: An incident response blueprint
Go behind the scenes with Talos incident responders and learn from what we’ve seen in the field. This article has been indexed from Cisco Talos Blog Read the original article: Protecting major events: An incident response blueprint
What NIST’s latest password standards mean, and why the old ones weren’t working
Rather than setting a regular cadence for changing passwords, users only need to change their passwords if there is evidence of a breach. This article has been indexed from Cisco Talos Blog Read the original article: What NIST’s latest password…
Ghidra data type archive for Windows driver functions
Cisco Talos is releasing a GDT file on GitHub that contains various definitions for functions and data types. This article has been indexed from Cisco Talos Blog Read the original article: Ghidra data type archive for Windows driver functions
Vulnerability in popular PDF reader could lead to arbitrary code execution; Multiple issues in GNOME project
Talos also discovered three vulnerabilities in Veertu’s Anka Build, a suite of software designed to test macOS or iOS applications in CI/CD environments. This article has been indexed from Cisco Talos Blog Read the original article: Vulnerability in popular PDF…
Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities
The two vulnerabilities that Microsoft reports have been actively exploited in the wild and are publicly known are both rated as only being of “moderate” severity. This article has been indexed from Cisco Talos Blog Read the original article: Largest…
CISA is warning us (again) about the threat to critical infrastructure networks
Despite what lessons we thought we learned from Colonial Pipeline, none of those lessons have been able to be put into practice. This article has been indexed from Cisco Talos Blog Read the original article: CISA is warning us (again)…
Threat actor believed to be spreading new MedusaLocker variant since 2022
Cisco Talos has discovered a financially motivated threat actor, active since 2022, recently observed delivering a MedusaLocker ransomware variant. Intelligence collected by Talos on tools regularly employed by the threat actor allows us to see an estimate of the amount…
Are hardware supply chain attacks “cyber attacks?”
It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process. This article has been indexed from Cisco Talos Blog Read…
Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam
Many spammers have elected to attack web pages and mail servers of legitimate organizations, so they may use these “pirated” resources to send unsolicited email. This article has been indexed from Cisco Talos Blog Read the original article: Simple Mail…
Talos discovers denial-of-service vulnerability in Microsoft Audio Bus; Potential remote code execution in popular open-source PLC
Talos researchers have disclosed three vulnerabilities in OpenPLC, a popular open-source programmable logic controller. This article has been indexed from Cisco Talos Blog Read the original article: Talos discovers denial-of-service vulnerability in Microsoft Audio Bus; Potential remote code execution in…
Talk of election security is good, but we still need more money to solve the problem
This year, Congress only allocated $55 million in federal grant dollars to states for security and other election improvements. This article has been indexed from Cisco Talos Blog Read the original article: Talk of election security is good, but we…
We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders
A June report from CyberSeek found that there are only enough skilled workers to fill 85 percent of cybersecurity jobs in America. This article has been indexed from Cisco Talos Blog Read the original article: We can try to bridge…
Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API
CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges. This article has been indexed from Cisco Talos Blog Read the original article: Vulnerability in Acrobat Reader could lead to remote…
Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score
September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical. This article has been indexed from Cisco Talos Blog Read the original article: Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including…
The 2024 Threat Landscape State of Play
Talos’ Nick Biasini discusses the biggest shifts and trends in the threat landscape so far. We also focus on one state sponsored actor that has been particularly active this year, and talk about why defenders need to be paying closer…
Vulnerability in Tencent WeChat custom browser could lead to remote code execution
Certain versions of WeChat, a popular messaging app created by tech giant Tencent, contain a type confusion vulnerability that could allow an adversary to execute remote code. While this issue, CVE-2023-3420, was disclosed and patched in the V8 engine in…
The best and worst ways to get users to improve their account security
In my opinion, mandatory enrollment is best enrollment. This article has been indexed from Cisco Talos Blog Read the original article: The best and worst ways to get users to improve their account security
Watch our new documentary, “The Light We Keep: A Project PowerUp Story”
The Light We Keep documentary tells the story of the consequences of electronic warfare in Ukraine and its effect on power grids across the country. This article has been indexed from Cisco Talos Blog Read the original article: Watch our…
Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads
Cisco Talos recently discovered several related Microsoft Office documents uploaded to VirusTotal by various actors between May and July 2024 that were all generated by a version of a payload generator framework called “MacroPack.” This article has been indexed from…
What kind of summer has it been?
As we head into the final third of 2024, we caught up with Talos’ Nick Biasini to ask him about the biggest shifts and trends in the threat landscape so far. Turns out, he has two major areas of concern.…
Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver
This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server. This article has been indexed from Cisco Talos Blog Read the original article: Fuzzing µC/OS protocol stacks,…
Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing
Any vulnerability in an RTOS has the potential to affect many devices across multiple industries. This article has been indexed from Cisco Talos Blog Read the original article: Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing
Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case
This time, I’ll discuss why this approach is more challenging than simply substituting a socket file descriptor with a typical file descriptor. This article has been indexed from Cisco Talos Blog Read the original article: Fuzzing µCOS protocol stacks, Part…
The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks
Fuzzing has long been one of our favorite ways to search for security issues or vulnerabilities in software, but when it comes to fuzzing popular systems used in ICS environments, it traditionally involved a custom hardware setup to fuzz the…
BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks
In recent investigations, Talos Incident Response has observed the BlackByte ransomware group using techniques that depart from their established tradecraft. Read the full analysis. This article has been indexed from Cisco Talos Blog Read the original article: BlackByte blends tried-and-true…
No, not every Social Security number in the U.S. was stolen
It’s not unusual for a threat actor to exaggerate the extent of a hack or breach to drum up interest, and hopefully, the eventual purchase or ransom price. This article has been indexed from Cisco Talos Blog Read the original…
MoonPeak malware from North Korean actors unveils new details on attacker infrastructure
Cisco Talos has uncovered a new remote access trojan (RAT) family we are calling “MoonPeak.” This a XenoRAT-based malware, which is under active development by a North Korean nexus cluster we are calling “UAT-5394.” This article has been indexed from…
How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions
An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft’s applications to gain their entitlements and user-granted permissions. This article has been indexed from Cisco Talos Blog Read the original article: How multiple vulnerabilities in Microsoft apps for…
AI, election security headline discussions at Black Hat and DEF CON
Voting Village co-founder Harri Hursti told Politico the list of vulnerabilities ran “multiple pages.” This article has been indexed from Cisco Talos Blog Read the original article: AI, election security headline discussions at Black Hat and DEF CON
Talos discovers 11 vulnerabilities between Microsoft, Adobe software disclosed on Patch Tuesday
Eight of the vulnerabilities affect the license update feature for CLIPSP.SYS, a driver used to implement Client License System Policy on Windows 10 and 11. This article has been indexed from Cisco Talos Blog Read the original article: Talos discovers…
Talos discovers Microsoft kernel mode driver vulnerabilities that could lead to SYSTEM privileges; Seven other critical issues disclosed
The most serious of the issues included in August’s Patch Tuesday is CVE-2024-38063, a remote code execution vulnerability in Windows TCP/IP. This article has been indexed from Cisco Talos Blog Read the original article: Talos discovers Microsoft kernel mode driver…
A refresher on Talos’ open-source tools and the importance of the open-source community
Open-source software that is free to download, deploy and modify is a vital component in the fight for cyber security. Freely available software not only helps defend systems that would otherwise be unprotected, but it also allows people to learn…
The top stories coming out of the Black Hat cybersecurity conference
As with everything nowadays, politics are sure to come into play. This article has been indexed from Cisco Talos Blog Read the original article: The top stories coming out of the Black Hat cybersecurity conference
Ryan Pentney reflects on 10 years of Talos and his many roles from the Sourcefire days
Pentney and his team are threat hunters and researchers who contribute to Talos’ research and reports shared with government and private sector partners. This article has been indexed from Cisco Talos Blog Read the original article: Ryan Pentney reflects on…
There is no real fix to the security issues recently found in GitHub and other similar software
The lesson for users, especially if you’re a private company that primarily uses GitHub, is just to understand the inherent dangers of using open-source software. This article has been indexed from Cisco Talos Blog Read the original article: There is…
APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike
Cisco Talos discovered a malicious campaign that compromised a Taiwanese government-affiliated research institute that started as early as July 2023, delivering the ShadowPad malware, Cobalt Strike and other customized tools for post-compromise activities. The activity conducted on the victim endpoint…
Detecting evolving threats: NetSupport RAT campaign
In this first Deep Dive with NTDR, we explore how defenders can leverage Snort for the detection of evasive malware threats. This article has been indexed from Cisco Talos Blog Read the original article: Detecting evolving threats: NetSupport RAT campaign
Where to find Talos at BlackHat 2024
This year marks the 10th anniversary of Cisco Talos, as the Talos brand was officially launched in August 2014 at Black Hat. This article has been indexed from Cisco Talos Blog Read the original article: Where to find Talos at…
Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues
A binary in Apple macOS could allow an adversary to execute an arbitrary binary that bypasses SIP. This article has been indexed from Cisco Talos Blog Read the original article: Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains…
“There is no business school class that would ever sit down and design Talos”
We look back on 10 years of Talos, in multiple interviews with Talos’ leaders. This article has been indexed from Cisco Talos Blog Read the original article: “There is no business school class that would ever sit down and design…
The massive computer outage over the weekend was not a cyber attack, and I’m not sure why we have to keep saying that
Seeing a “blue screen of death,” often with code that looks indecipherable, has been ingrained into our heads that it’s a “hack.” This article has been indexed from Cisco Talos Blog Read the original article: The massive computer outage over…