Category: Cisco Talos Blog

Although there was a decrease in BEC engagements from last quarter, it was still a major threat for the second quarter in a row. This article has been indexed from Cisco Talos Blog Read the original article: IR Trends: Ransomware…

Read more →

Relive some of the major cybersecurity incidents and events that have shaped Talos over the past 10 years. This article has been indexed from Cisco Talos Blog Read the original article: A (somewhat) complete timeline of Talos’ history

Read more →

Telecommunications provider AT&T disclosed earlier this month that adversaries stole a cache of data that contained the phone numbers and call records of “nearly all” of its customers. This article has been indexed from Cisco Talos Blog Read the original…

Read more →

Even if a threat actor isn’t successful in some widespread breach that makes international headlines, even smaller-scale threats and actors are just hoping to cause chaos. This article has been indexed from Cisco Talos Blog Read the original article: Checking…

Read more →

Data breaches have become one of the most crucial threats to organizations across the globe, and they’ve only become more prevalent and serious over time.   A data breach occurs when unauthorized individuals gain access to sensitive, protected or confidential…

Read more →

Talos researchers discovered these vulnerabilities in the Jungle SDK while researching other vulnerabilities in the LevelOne WBR-6013 wireless router. This article has been indexed from Cisco Talos Blog Read the original article: 15 vulnerabilities discovered in software development kit for…

Read more →

Talos is releasing a new list of CyberChef recipes that enable faster and easier reversal of encoded JavaScript code contained in the observed HTML attachments. This article has been indexed from Cisco Talos Blog Read the original article: Hidden between…

Read more →

Based on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in TTPs, along with several notable differences and outliers. This article has been indexed from Cisco Talos Blog Read the original article: Inside…

Read more →

This is the largest Patch Tuesday since April, when Microsoft patched 150 vulnerabilities. This article has been indexed from Cisco Talos Blog Read the original article: Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities

Read more →

In recent months, a surge in cryptodrainer phishing attacks has been observed, targeting cryptocurrency holders with sophisticated schemes aimed at tricking them into divulging their valuable credentials. This article has been indexed from Cisco Talos Blog Read the original article:…

Read more →

A report in March found that 72% of cryptocurrency projects had died since 2020, with crypto trading platform FTX’s downfall taking out many of them in one fell swoop. This article has been indexed from Cisco Talos Blog Read the…

Read more →

By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login credentials…

Read more →

Affected devices could include wireless access points, routers, switches and VPNs. This article has been indexed from Cisco Talos Blog Read the original article: Multiple vulnerabilities in TP-Link Omada system could lead to root access

Read more →

Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. This article has been indexed from Cisco Talos Blog Read the original article: SneakyChef espionage group targets government…

Read more →

Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. This article has been indexed from Cisco Talos Blog Read the original…

Read more →

More on the recent Snowflake breach, MFA bypass techniques and more. This article has been indexed from Cisco Talos Blog Read the original article: Tabletop exercises are headed to the next frontier: Space

Read more →

Exploring trends on how attackers are trying to manipulate and bypass MFA, as well as when/how attackers will try their ‘push-spray’ MFA attacks This article has been indexed from Cisco Talos Blog Read the original article: How are attackers trying…

Read more →

As the second entry in our “Exploring malicious Windows drivers” series, we will continue where the first left off: Discussing the I/O system and IRPs. This article has been indexed from Cisco Talos Blog Read the original article: Exploring malicious…

Read more →

A botnet is a network of computers or other internet-connected devices that are infected by malware and controlled by a single threat actor or group. This article has been indexed from Cisco Talos Blog Read the original article: How we…

Read more →

Cisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track as “HeavyLift.”…

Read more →

The lone critical security issue is a remote code execution vulnerability due to a use-after-free issue in the HTTP handling function of Microsoft Message Queuing. This article has been indexed from Cisco Talos Blog Read the original article: Only one…

Read more →

AI’s integration into search engines could change the way many of us interact with the internet. This article has been indexed from Cisco Talos Blog Read the original article: The sliding doors of misinformation that come with AI-generated search results

Read more →

This post was authored by Kalpesh Mantri.  Cisco Talos is actively tracking a recent increase in activity from malicious email campaigns containing a suspicious Microsoft Excel attachment that, when opened, infected the victim's system with the DarkGate malware.  These campaigns,…

Read more →

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called “CarnavalHeist.” Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil.…

Read more →

Drivers from New York to Georgia and Pennsylvania have received these types of texts with equally convincing phishing text messages and lure pages. This article has been indexed from Cisco Talos Blog Read the original article: Attackers are impersonating a…

Read more →

By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White.  Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we’re calling “LilacSquid.”   LilacSquid’s…

Read more →

Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application. This article has been indexed from Cisco Talos Blog Read…

Read more →

Generative AI applies to any site “whose primary purpose is to use artificial intelligence models to generate output in the form of text, audio, video or images based on user-supplied prompts.” This article has been indexed from Cisco Talos Blog…

Read more →

Since the advent of products like the Tile and Apple AirTag, both used to keep track of easily lost items like wallets, keys and purses, bad actors and criminals have found ways to abuse them.  These adversaries can range from…

Read more →

Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation. This article has been indexed from Cisco Talos Blog Read the original article: From trust to trickery: Brand…

Read more →

Here’s a rundown of some things you may have missed if you weren’t able to stay on top of the things coming out of the conference. This article has been indexed from Cisco Talos Blog Read the original article: Rounding…

Read more →

Compared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties. This article has been indexed from Cisco Talos Blog Read the original article: Talos releases new macOS…

Read more →

The lone critical security issue is CVE-2024-30044, a remote code execution vulnerability in SharePoint Server. This article has been indexed from Cisco Talos Blog Read the original article: Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other…

Read more →

Commercial spyware tools can threaten democratic values by enabling governments to conduct covert surveillance on citizens, undermining privacy rights and freedom of expression. This article has been indexed from Cisco Talos Blog Read the original article: Talos joins CISA to…

Read more →

Under a pilot program, CISA has sent out more than 2,000 alerts to registered organizations regarding the existence of any unpatched vulnerabilities in CISA’s KEV catalog. This article has been indexed from Cisco Talos Blog Read the original article: A…

Read more →

Two vulnerabilities in this group — one in the Tinyroxy HTTP proxy daemon and another in the stb_vorbis.c file library — could lead to arbitrary code execution, earning both issues a CVSS score of 9.8 out of 10. This article…

Read more →

There are some classics on this list — the ever-present “Password” password, Passw0rd (with a zero, not an “O”) and “123456.” This article has been indexed from Cisco Talos Blog Read the original article: What can we learn from the…

Read more →

Talos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files. This article has been indexed from Cisco Talos Blog Read the…

Read more →

With RSAC just a week away, Cisco Talos is gearing up for another year of heading to San Francisco to share in some of the latest major cybersecurity announcements, research and news. This article has been indexed from Cisco Talos…

Read more →

Nutland says he goes into every engagement or new project with a completely open mind and a blank slate — using his background investigating terror operations to find out as much as he can about a particular adversary’s operation. This…

Read more →

Plus, new details emerge on the Scattered Spider cybercrime network and ArcaneDoor. This article has been indexed from Cisco Talos Blog Read the original article: The private sector probably isn’t coming to save the NVD

Read more →

Within BEC attacks, adversaries will send phishing emails appearing to be from a known or reputable source making a valid request, such as updating payroll direct deposit information. This article has been indexed from Cisco Talos Blog Read the original…

Read more →

ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns. This article has been indexed from…

Read more →

By Joey Chen, Chetan Raghuprasad and Alex Karkins.  Cisco Talos discovered a new ongoing campaign since at least February 2024, operated by a threat actor distributing three famous infostealer malware, including Cryptbot, LummaC2 and Rhadamanthys. Talos also discovered a new…

Read more →

Given the state of the NVD and vulnerability management, we felt it was worth looking at the current state of the NVD, how we got to this point, what it means for security teams, and where we go from here.…

Read more →

At most, someone who intentionally or repeatedly shares information on their social platform that’s misleading or downright false may have their account blocked, suspended or deleted. This article has been indexed from Cisco Talos Blog Read the original article: Could…

Read more →

During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. This article has been indexed from Cisco Talos Blog…

Read more →

Cisco Talos would like to acknowledge Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to identification of these attacks. Cisco Talos is actively monitoring…

Read more →

The security community is still reflecting on the “What If” of the XZ backdoor. This article has been indexed from Cisco Talos Blog Read the original article: The internet is already scary enough without April Fool’s jokes

Read more →

There are also two out-of-bounds write vulnerabilities in the AMD Radeon user mode driver for DirectX 11. This article has been indexed from Cisco Talos Blog Read the original article: Vulnerability in some TP-Link routers could lead to factory reset

Read more →

An April 2023 study from Kent State University found that remote workers are more likely to be vigilant of security threats and take actions to ward them off than their in-office counterparts. This article has been indexed from Cisco Talos…

Read more →

Cisco Talos discovered a new threat actor we’re calling “CoralRaider” that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries. This article has…

Read more →

While there are many legitimate uses for this software, adversaries are also finding ways to use them for command and control in their campaigns. This article has been indexed from Cisco Talos Blog Read the original article: Adversaries are leveraging…

Read more →

Welcome to this week’s threat source newsletter with Jon out, you’ve got me as your substitute teacher. I’m taking you back to those halcyon days of youth and that moment when you found out that you had a sub that…

Read more →

In the case of pig butchering scams, it’s not really anything that can be solved by a cybersecurity solution or sold in a package. This article has been indexed from Cisco Talos Blog Read the original article: “Pig butchering” is…

Read more →

We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises. This article has been indexed from…

Read more →

There is also a newly disclosed vulnerability in a graphics driver for some NVIDIA GPUs that could lead to a memory leak. This article has been indexed from Cisco Talos Blog Read the original article: Netgear wireless router open to…

Read more →

Research conducted by Cisco Talos last year has uncovered multiple vulnerabilities that were rated as low-severity despite their ability to allow for full arbitrary code execution. This article examines the exploitation process step-by-step. This article has been indexed from Cisco…

Read more →

Talos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later. This article has been indexed from Cisco Talos Blog Read the original article: The LockBit story: Why the ransomware…

Read more →

There are a few reasons why we’re so ready to jump to the “it’s a cyber attack!” This article has been indexed from Cisco Talos Blog Read the original article: Not everything has to be a massive, global cyber attack

Read more →

Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks. This article has been…

Read more →

March’s Patch Tuesday is relatively light, containing 60 vulnerabilities — only two labeled “critical.” This article has been indexed from Cisco Talos Blog Read the original article: Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by Microsoft

Read more →

It’s important to be vigilant about tax-related scams any time these deadlines roll around, regardless of what country you’re in, but it’s not like you need to be particularly more skeptical in March and April. This article has been indexed…

Read more →

We discuss three of the most common post-compromise tactics that Talos has observed in our threat telemetry and Cisco Talos Incident Response (Talos IR) engagements. These include modifying the device’s firmware, uploading customized/weaponized firmware, and bypassing security measures. This article…

Read more →

Analysis of the traffic between networked devices has always been of interest since devices could even communicate with one another.  As the complexity of networks grew, the more useful dedicated traffic analysis tools became. Major advancements have been made over…

Read more →

Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware. This article has been indexed from Cisco Talos…

Read more →

. The bulk of her career was with a manufacturing company working as a security and email administrator, but she uses her criminal justice degree daily now with Talos IR helping to track down bad actors or helping customers understand…

Read more →

Apple’s newest encryption technology, called PQ3, now secures iMessages with end-to-end encryption that is quantum-resistant. This article has been indexed from Cisco Talos Blog Read the original article: Why Apple added protection against quantum computing when quantum computing doesn’t even…

Read more →

Other potential code execution vulnerabilities are also present in Weston Embedded µC/HTTP-server, a web server component in Weston Embedded’s in-house operating system and an open-source library that processes several types of potentially sensitive medical tests. This article has been indexed…

Read more →

As we begin a new year, we wanted to address one of the biggest issues we consistently see in our investigations: passive security.  Incident response engagements are an important part of our work and the intelligence-gathering process and their associated…

Read more →

Talos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer we’re calling TimbreStealer, which has been active since at least November 2023. This article has been indexed from Cisco…

Read more →

Fake news, disinformation, misinformation – whatever label you want to put on it – will not just go away if one election in the U.S. goes one way or the other. This article has been indexed from Cisco Talos Blog…

Read more →

Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the…

Read more →

While distilling risk down to a simple numerical score is helpful for many in the security space, it is also an imperfect system that can often leave out important context. This article has been indexed from Cisco Talos Blog Read…

Read more →

Google Cloud Run is currently being abused in high-volume malware distribution campaigns, spreading several banking trojans such as Astaroth (aka Guildma), Mekotio and Ousaban to targets across Latin America and Europe. The volume of emails associated with these campaigns has…

Read more →

There was about a 24-hour period where many news outlets reported on a reported DDoS attack that involved a botnet made up of thousands of internet-connected toothbrushes. This article has been indexed from Cisco Talos Blog Read the original article:…

Read more →

Cisco Talos has identified a new backdoor authored and operated by the Turla APT group, a Russian cyber espionage threat group. This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and…

Read more →

QR code attacks are particularly dangerous because they move the attack vector off a protected computer and onto the target’s personal mobile device, which usually has fewer security protections in place and ultimately has the sensitive information that attackers are…

Read more →

Although considered of moderate risk, one of the vulnerabilities is being actively exploited in the wild — CVE-2024-21351, a security feature bypass vulnerability in Windows SmartScreen. This article has been indexed from Cisco Talos Blog Read the original article: First…

Read more →

For their part, the U.S. did roll out new restrictions on the visas of any foreign individuals who misuse commercial spyware. This article has been indexed from Cisco Talos Blog Read the original article: Spyware isn’t going anywhere, and neither…

Read more →

Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.” This article has been…

Read more →

Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.” This article has been…

Read more →

You’ve probably heard the phrase, “Attackers don’t hack anyone these days. They log on.” In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can ‘log on’ with valid account details,…

Read more →

Researchers recently discovered 49 zero-day vulnerabilities, including a two-vulnerability exploit chain in Tesla cars that could allow an attacker to take over the onboard infotainment system. This article has been indexed from Cisco Talos Blog Read the original article: The…

Read more →

Open Automation Software recently released patches for multiple vulnerabilities in their OAS Engine.  Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released…

Read more →

Cyber insurance premiums are expected to rise this year after leveling out in 2023. This article has been indexed from Cisco Talos Blog Read the original article: Why is the cost of cyber insurance rising?

Read more →

Talos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter. This article has been indexed from Cisco Talos Blog Read the original article: Significant increase in ransomware activity found in Talos IR engagements,…

Read more →

There are many examples of WiFi-enabled home cameras, assistants and doorbells vulnerable to a wide range of security issues. This article has been indexed from Cisco Talos Blog Read the original article: What to do with that fancy new internet-connected…

Read more →

Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers  Drivers have long been of interest to threat actors, whether they are exploiting vulnerable drivers or creating malicious ones. Malicious drivers are difficult to detect and successfully leveraging…

Read more →

One of the critical vulnerabilities patched Tuesday is CVE-2024-20674, a security bypass vulnerability in the Windows Kerberos authentication protocol. This article has been indexed from Cisco Talos Blog Read the original article: Microsoft starts off new year with relatively light…

Read more →

Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor. This article has been indexed from Cisco Talos Blog…

Read more →

In this video series, Talos’ Director of Threat Intelligence and Interdiction Matt Olney and Head of Outreach Nick Biasini share their insights on the most significant cybersecurity threats from the past year. This article has been indexed from Cisco Talos…

Read more →

Talos revealed that rebooting an iOS or Android device may not remove the Predator spyware produced by Intellexa. Intellexa knows if their customers intend to perform surveillance operations on foreign soil. This article has been indexed from Cisco Talos Blog…

Read more →

Relive Talos’ top stories from the past year as we recap the top malware and other threats that came our way. This article has been indexed from Cisco Talos Blog Read the original article: Year in Malware 2023: Recapping the…

Read more →

Everyone’s New Year’s Resolution should be to stop using passwords altogether. This article has been indexed from Cisco Talos Blog Read the original article: A personal Year in Review to round out 2023

Read more →

The 2023 Talos Year in Review is full of insights on how the threat landscape has evolved. But what does that mean for defenders? This blog contains recommendations on how to gain more visibility across your network. This article has…

Read more →

The company’s regular set of advisories has included a vulnerability that’s been actively exploited in the wild in 10 months this year. This article has been indexed from Cisco Talos Blog Read the original article: Microsoft releases lightest Patch Tuesday…

Read more →

By Jung soo An, Asheer Malhotra and Vitor Ventura. Cisco Talos recently discovered a new campaign conducted by the Lazarus Group we’re calling “Operation Blacksmith,” employing at least three new DLang-based malware families, two of which are remote access trojans…

Read more →