Category: Cisco Talos Blog

By Joey Chen, Chetan Raghuprasad and Alex Karkins.  Cisco Talos discovered a new ongoing campaign since at least February 2024, operated by a threat actor distributing three famous infostealer malware, including Cryptbot, LummaC2 and Rhadamanthys. Talos also discovered a new…

Read more →

Given the state of the NVD and vulnerability management, we felt it was worth looking at the current state of the NVD, how we got to this point, what it means for security teams, and where we go from here.…

Read more →

At most, someone who intentionally or repeatedly shares information on their social platform that’s misleading or downright false may have their account blocked, suspended or deleted. This article has been indexed from Cisco Talos Blog Read the original article: Could…

Read more →

During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. This article has been indexed from Cisco Talos Blog…

Read more →

Cisco Talos would like to acknowledge Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to identification of these attacks. Cisco Talos is actively monitoring…

Read more →

The security community is still reflecting on the “What If” of the XZ backdoor. This article has been indexed from Cisco Talos Blog Read the original article: The internet is already scary enough without April Fool’s jokes

Read more →

There are also two out-of-bounds write vulnerabilities in the AMD Radeon user mode driver for DirectX 11. This article has been indexed from Cisco Talos Blog Read the original article: Vulnerability in some TP-Link routers could lead to factory reset

Read more →

An April 2023 study from Kent State University found that remote workers are more likely to be vigilant of security threats and take actions to ward them off than their in-office counterparts. This article has been indexed from Cisco Talos…

Read more →

Cisco Talos discovered a new threat actor we’re calling “CoralRaider” that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries. This article has…

Read more →

While there are many legitimate uses for this software, adversaries are also finding ways to use them for command and control in their campaigns. This article has been indexed from Cisco Talos Blog Read the original article: Adversaries are leveraging…

Read more →

Welcome to this week’s threat source newsletter with Jon out, you’ve got me as your substitute teacher. I’m taking you back to those halcyon days of youth and that moment when you found out that you had a sub that…

Read more →

In the case of pig butchering scams, it’s not really anything that can be solved by a cybersecurity solution or sold in a package. This article has been indexed from Cisco Talos Blog Read the original article: “Pig butchering” is…

Read more →

We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises. This article has been indexed from…

Read more →

There is also a newly disclosed vulnerability in a graphics driver for some NVIDIA GPUs that could lead to a memory leak. This article has been indexed from Cisco Talos Blog Read the original article: Netgear wireless router open to…

Read more →

Research conducted by Cisco Talos last year has uncovered multiple vulnerabilities that were rated as low-severity despite their ability to allow for full arbitrary code execution. This article examines the exploitation process step-by-step. This article has been indexed from Cisco…

Read more →

Talos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later. This article has been indexed from Cisco Talos Blog Read the original article: The LockBit story: Why the ransomware…

Read more →

There are a few reasons why we’re so ready to jump to the “it’s a cyber attack!” This article has been indexed from Cisco Talos Blog Read the original article: Not everything has to be a massive, global cyber attack

Read more →

Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks. This article has been…

Read more →

March’s Patch Tuesday is relatively light, containing 60 vulnerabilities — only two labeled “critical.” This article has been indexed from Cisco Talos Blog Read the original article: Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by Microsoft

Read more →

It’s important to be vigilant about tax-related scams any time these deadlines roll around, regardless of what country you’re in, but it’s not like you need to be particularly more skeptical in March and April. This article has been indexed…

Read more →

We discuss three of the most common post-compromise tactics that Talos has observed in our threat telemetry and Cisco Talos Incident Response (Talos IR) engagements. These include modifying the device’s firmware, uploading customized/weaponized firmware, and bypassing security measures. This article…

Read more →

Analysis of the traffic between networked devices has always been of interest since devices could even communicate with one another.  As the complexity of networks grew, the more useful dedicated traffic analysis tools became. Major advancements have been made over…

Read more →

Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware. This article has been indexed from Cisco Talos…

Read more →

. The bulk of her career was with a manufacturing company working as a security and email administrator, but she uses her criminal justice degree daily now with Talos IR helping to track down bad actors or helping customers understand…

Read more →

Apple’s newest encryption technology, called PQ3, now secures iMessages with end-to-end encryption that is quantum-resistant. This article has been indexed from Cisco Talos Blog Read the original article: Why Apple added protection against quantum computing when quantum computing doesn’t even…

Read more →

Other potential code execution vulnerabilities are also present in Weston Embedded µC/HTTP-server, a web server component in Weston Embedded’s in-house operating system and an open-source library that processes several types of potentially sensitive medical tests. This article has been indexed…

Read more →

As we begin a new year, we wanted to address one of the biggest issues we consistently see in our investigations: passive security.  Incident response engagements are an important part of our work and the intelligence-gathering process and their associated…

Read more →

Talos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer we’re calling TimbreStealer, which has been active since at least November 2023. This article has been indexed from Cisco…

Read more →

Fake news, disinformation, misinformation – whatever label you want to put on it – will not just go away if one election in the U.S. goes one way or the other. This article has been indexed from Cisco Talos Blog…

Read more →

Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the…

Read more →

While distilling risk down to a simple numerical score is helpful for many in the security space, it is also an imperfect system that can often leave out important context. This article has been indexed from Cisco Talos Blog Read…

Read more →

Google Cloud Run is currently being abused in high-volume malware distribution campaigns, spreading several banking trojans such as Astaroth (aka Guildma), Mekotio and Ousaban to targets across Latin America and Europe. The volume of emails associated with these campaigns has…

Read more →

There was about a 24-hour period where many news outlets reported on a reported DDoS attack that involved a botnet made up of thousands of internet-connected toothbrushes. This article has been indexed from Cisco Talos Blog Read the original article:…

Read more →

Cisco Talos has identified a new backdoor authored and operated by the Turla APT group, a Russian cyber espionage threat group. This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and…

Read more →

QR code attacks are particularly dangerous because they move the attack vector off a protected computer and onto the target’s personal mobile device, which usually has fewer security protections in place and ultimately has the sensitive information that attackers are…

Read more →

Although considered of moderate risk, one of the vulnerabilities is being actively exploited in the wild — CVE-2024-21351, a security feature bypass vulnerability in Windows SmartScreen. This article has been indexed from Cisco Talos Blog Read the original article: First…

Read more →

For their part, the U.S. did roll out new restrictions on the visas of any foreign individuals who misuse commercial spyware. This article has been indexed from Cisco Talos Blog Read the original article: Spyware isn’t going anywhere, and neither…

Read more →

Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.” This article has been…

Read more →

Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.” This article has been…

Read more →

You’ve probably heard the phrase, “Attackers don’t hack anyone these days. They log on.” In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can ‘log on’ with valid account details,…

Read more →

Researchers recently discovered 49 zero-day vulnerabilities, including a two-vulnerability exploit chain in Tesla cars that could allow an attacker to take over the onboard infotainment system. This article has been indexed from Cisco Talos Blog Read the original article: The…

Read more →

Open Automation Software recently released patches for multiple vulnerabilities in their OAS Engine.  Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released…

Read more →

Cyber insurance premiums are expected to rise this year after leveling out in 2023. This article has been indexed from Cisco Talos Blog Read the original article: Why is the cost of cyber insurance rising?

Read more →

Talos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter. This article has been indexed from Cisco Talos Blog Read the original article: Significant increase in ransomware activity found in Talos IR engagements,…

Read more →

There are many examples of WiFi-enabled home cameras, assistants and doorbells vulnerable to a wide range of security issues. This article has been indexed from Cisco Talos Blog Read the original article: What to do with that fancy new internet-connected…

Read more →

Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers  Drivers have long been of interest to threat actors, whether they are exploiting vulnerable drivers or creating malicious ones. Malicious drivers are difficult to detect and successfully leveraging…

Read more →

One of the critical vulnerabilities patched Tuesday is CVE-2024-20674, a security bypass vulnerability in the Windows Kerberos authentication protocol. This article has been indexed from Cisco Talos Blog Read the original article: Microsoft starts off new year with relatively light…

Read more →

Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor. This article has been indexed from Cisco Talos Blog…

Read more →

In this video series, Talos’ Director of Threat Intelligence and Interdiction Matt Olney and Head of Outreach Nick Biasini share their insights on the most significant cybersecurity threats from the past year. This article has been indexed from Cisco Talos…

Read more →

Talos revealed that rebooting an iOS or Android device may not remove the Predator spyware produced by Intellexa. Intellexa knows if their customers intend to perform surveillance operations on foreign soil. This article has been indexed from Cisco Talos Blog…

Read more →

Relive Talos’ top stories from the past year as we recap the top malware and other threats that came our way. This article has been indexed from Cisco Talos Blog Read the original article: Year in Malware 2023: Recapping the…

Read more →

Everyone’s New Year’s Resolution should be to stop using passwords altogether. This article has been indexed from Cisco Talos Blog Read the original article: A personal Year in Review to round out 2023

Read more →

The 2023 Talos Year in Review is full of insights on how the threat landscape has evolved. But what does that mean for defenders? This blog contains recommendations on how to gain more visibility across your network. This article has…

Read more →

The company’s regular set of advisories has included a vulnerability that’s been actively exploited in the wild in 10 months this year. This article has been indexed from Cisco Talos Blog Read the original article: Microsoft releases lightest Patch Tuesday…

Read more →

By Jung soo An, Asheer Malhotra and Vitor Ventura. Cisco Talos recently discovered a new campaign conducted by the Lazarus Group we’re calling “Operation Blacksmith,” employing at least three new DLang-based malware families, two of which are remote access trojans…

Read more →

In this video, experts from across Cisco Talos came together to discuss the 2023 Talos Year in Review. We chat about what’s new, what’s stayed the same, and how the geopolitical environment has affected the threat landscape. This article has…

Read more →

When searching for holiday gifts online, make sure you’re buying from a trusted vendor, or if you haven’t heard of the vendor before, take a few extra minutes just to look them up and read their app’s privacy policy. This…

Read more →

Cisco Talos has disclosed 10 vulnerabilities over the past two weeks, including nine that exist in a popular online PDF reader that offers a browser plugin. This article has been indexed from Cisco Talos Blog Read the original article: Remote…

Read more →

The team recaps the top malware and attacker trends from 2023, as well as create a new mascot to save Thanksgiving. This article has been indexed from Cisco Talos Blog Read the original article: Beers with Talos episode 141: The…

Read more →

The second annual Cisco Talos Year in Review draws on a massive amount of threat data to analyze the major trends that shaped the threat landscape in 2023. This article has been indexed from Cisco Talos Blog Read the original…

Read more →

Project PowerUp is the story of how Cisco Talos worked with a multi-national, multi-company coalition of volunteers and experts to help “keep the lights on” in Ukraine, by injecting a measure of stability in Ukraine’s power transmission grid. This article…

Read more →

Fake Facebook ads seem to be the flavor of the month for scammers. This article has been indexed from Cisco Talos Blog Read the original article: $19 Stanely cups, fake Amazon Prime memberships all part of holiday shopping scams circulating

Read more →

Cisco Talos recently discovered a malicious campaign that likely started as early as August 2023, delivering a new remote access trojan (RAT) we dubbed “SugarGh0st.” This article has been indexed from Cisco Talos Blog Read the original article: New SugarGh0st…

Read more →

Many organizations are curious about the idea of threat hunting, but what does this really entail? In this video, four experienced security professionals from across Cisco recently sat down to discuss the basics of threat hunting, and how to go about…

Read more →

Adobe recently patched two use-after-free vulnerabilities in its Acrobat PDF reader that Talos discovered, both of which could lead to arbitrary code execution. This article has been indexed from Cisco Talos Blog Read the original article: Vulnerabilities in Adobe Acrobat,…

Read more →

Cisco Talos identified the most prolific Phobos variants, TTPs and affiliate structure, based on their activity and analysis of over 1,000 samples from VirusTotal dating back to 2019. We assess with moderate confidence Eking, Eight, Elbie, Devos and Faust are…

Read more →

Cisco Talos has recently observed an increase in activity conducted by 8Base, a ransomware group that uses a variant of the Phobos ransomware and other publicly available tools to facilitate their operations. This article has been indexed from Cisco Talos…

Read more →

YouTube’s new rules may not be around for long anyway, because they might run afoul of European Union regulations This article has been indexed from Cisco Talos Blog Read the original article: We all just need to agree that ad…

Read more →

Avoiding some of these common mistakes ensures your organization’s plan will be updated faster and is more thorough, so you are ready to act when, not if, an incident happens. This article has been indexed from Cisco Talos Blog Read…

Read more →

In all, this set of vulnerabilities Microsoft patched includes 57 vulnerabilities, 54 of which are considered “important.” This article has been indexed from Cisco Talos Blog Read the original article: Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday…

Read more →

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 3 and Nov. 10. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've…

Read more →

It can be easy to get caught up in the “big” questions in cybersecurity, like how to stop ransomware globally or keep hospitals up and running when they’re targeted by data theft extortion. This article has been indexed from Cisco…

Read more →

Given the increased geopolitical importance of cybersecurity, NIS2 is a logical step in creating more harmonized and stronger defense capabilities across the European Union. This article has been indexed from Cisco Talos Blog Read the original article: What is NIS2,…

Read more →

Cisco Talos has recently observed an increase in spam messages abusing a feature of quizzes created within Google Forms. This article has been indexed from Cisco Talos Blog Read the original article: Spammers abuse Google Forms’ quiz to deliver scams

Read more →

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 27 and Nov. 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've…

Read more →

The Arid Viper threat actor is actively trying to install spyware on targeted devices in the Middle East, using fake dating apps as lures. This article has been indexed from Cisco Talos Blog Read the original article: You’d be surprised…

Read more →

Online video games often make use of in-game virtual currency and give players the ability to purchase, trade or sell items. While these features are often selling points for players and potential revenue streams for the companies that make them,…

Read more →

Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users. This article has been indexed from Cisco Talos Blog Read the original article: Arid…

Read more →

Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian. This article has been…

Read more →

Attackers could exploit these vulnerabilities in the SoftEther VPN solution for individual and enterprise users to force users to drop their connections or execute arbitrary code on the targeted machine. This article has been indexed from Cisco Talos Blog Read…

Read more →

New YoroTrooper research, the latest on the Cisco IOS vulnerability, and more. This article has been indexed from Cisco Talos Blog Read the original article: How helpful are estimates about how much cyber attacks cost?

Read more →