At most, someone who intentionally or repeatedly shares information on their social platform that’s misleading or downright false may have their account blocked, suspended or deleted. This article has been indexed from Cisco Talos Blog Read the original article: Could…
Tag: Cisco Talos Blog
OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal
During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. This article has been indexed from Cisco Talos Blog…
Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials
Cisco Talos would like to acknowledge Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to identification of these attacks. Cisco Talos is actively monitoring…
The internet is already scary enough without April Fool’s jokes
The security community is still reflecting on the “What If” of the XZ backdoor. This article has been indexed from Cisco Talos Blog Read the original article: The internet is already scary enough without April Fool’s jokes
Vulnerability in some TP-Link routers could lead to factory reset
There are also two out-of-bounds write vulnerabilities in the AMD Radeon user mode driver for DirectX 11. This article has been indexed from Cisco Talos Blog Read the original article: Vulnerability in some TP-Link routers could lead to factory reset
April’s Patch Tuesday includes 150 vulnerabilities, 60 which could lead to remote code execution
Starry Addax targets human rights defenders in North Africa with new malware
There are plenty of ways to improve cybersecurity that don’t involve making workers return to a physical office
An April 2023 study from Kent State University found that remote workers are more likely to be vigilant of security threats and take actions to ward them off than their in-office counterparts. This article has been indexed from Cisco Talos…
CoralRaider targets victims’ data and social media accounts
Cisco Talos discovered a new threat actor we’re calling “CoralRaider” that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries. This article has…
Adversaries are leveraging remote access tools now more than ever — here’s how to stop them
While there are many legitimate uses for this software, adversaries are also finding ways to use them for command and control in their campaigns. This article has been indexed from Cisco Talos Blog Read the original article: Adversaries are leveraging…
Enter the substitute teacher
Welcome to this week’s threat source newsletter with Jon out, you’ve got me as your substitute teacher. I’m taking you back to those halcyon days of youth and that moment when you found out that you had a sub that…
“Pig butchering” is an evolution of a social engineering tactic we’ve seen for years
In the case of pig butchering scams, it’s not really anything that can be solved by a cybersecurity solution or sold in a package. This article has been indexed from Cisco Talos Blog Read the original article: “Pig butchering” is…
New details on TinyTurla’s post-compromise activity reveal full kill chain
We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises. This article has been indexed from…
Netgear wireless router open to code execution after buffer overflow vulnerability
There is also a newly disclosed vulnerability in a graphics driver for some NVIDIA GPUs that could lead to a memory leak. This article has been indexed from Cisco Talos Blog Read the original article: Netgear wireless router open to…
Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word
Research conducted by Cisco Talos last year has uncovered multiple vulnerabilities that were rated as low-severity despite their ability to allow for full arbitrary code execution. This article examines the exploitation process step-by-step. This article has been indexed from Cisco…
The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions
Talos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later. This article has been indexed from Cisco Talos Blog Read the original article: The LockBit story: Why the ransomware…
Not everything has to be a massive, global cyber attack
There are a few reasons why we’re so ready to jump to the “it’s a cyber attack!” This article has been indexed from Cisco Talos Blog Read the original article: Not everything has to be a massive, global cyber attack
Threat actors leverage document publishing sites for ongoing credential and session token theft
Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks. This article has been…
Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by Microsoft
March’s Patch Tuesday is relatively light, containing 60 vulnerabilities — only two labeled “critical.” This article has been indexed from Cisco Talos Blog Read the original article: Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by Microsoft
You’re going to start seeing more tax-related spam, but remember, that doesn’t actually mean there’s more spam
It’s important to be vigilant about tax-related scams any time these deadlines roll around, regardless of what country you’re in, but it’s not like you need to be particularly more skeptical in March and April. This article has been indexed…
The 3 most common post-compromise tactics on network infrastructure
We discuss three of the most common post-compromise tactics that Talos has observed in our threat telemetry and Cisco Talos Incident Response (Talos IR) engagements. These include modifying the device’s firmware, uploading customized/weaponized firmware, and bypassing security measures. This article…
Badgerboard: A PLC backplane network visibility module
Analysis of the traffic between networked devices has always been of interest since devices could even communicate with one another. As the complexity of networks grew, the more useful dedicated traffic analysis tools became. Major advancements have been made over…
GhostSec’s joint ransomware operation and evolution of their arsenal
Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware. This article has been indexed from Cisco Talos…
Heather Couk is here to keep your spirits up during a cyber emergency, even if it takes the “Rocky” music
. The bulk of her career was with a manufacturing company working as a security and email administrator, but she uses her criminal justice degree daily now with Talos IR helping to track down bad actors or helping customers understand…
Why Apple added protection against quantum computing when quantum computing doesn’t even exist yet
Apple’s newest encryption technology, called PQ3, now secures iMessages with end-to-end encryption that is quantum-resistant. This article has been indexed from Cisco Talos Blog Read the original article: Why Apple added protection against quantum computing when quantum computing doesn’t even…
Multiple vulnerabilities in Adobe Acrobat Reader could lead to remote code execution
Other potential code execution vulnerabilities are also present in Weston Embedded µC/HTTP-server, a web server component in Weston Embedded’s in-house operating system and an open-source library that processes several types of potentially sensitive medical tests. This article has been indexed…
Stop running security in passive mode
As we begin a new year, we wanted to address one of the biggest issues we consistently see in our investigations: passive security. Incident response engagements are an important part of our work and the intelligence-gathering process and their associated…
TimbreStealer campaign targets Mexican users with financial lures
Talos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer we’re calling TimbreStealer, which has been active since at least November 2023. This article has been indexed from Cisco…
TikTok’s latest actions to combat misinformation shows it’s not just a U.S. problem
Fake news, disinformation, misinformation – whatever label you want to put on it – will not just go away if one election in the U.S. goes one way or the other. This article has been indexed from Cisco Talos Blog…
TinyTurla-NG in-depth tooling and command and control analysis
Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the…
How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity
While distilling risk down to a simple numerical score is helpful for many in the security space, it is also an imperfect system that can often leave out important context. This article has been indexed from Cisco Talos Blog Read…
Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns
Google Cloud Run is currently being abused in high-volume malware distribution campaigns, spreading several banking trojans such as Astaroth (aka Guildma), Mekotio and Ousaban to targets across Latin America and Europe. The volume of emails associated with these campaigns has…
Why the toothbrush DDoS story fooled us all
There was about a 24-hour period where many news outlets reported on a reported DDoS attack that involved a botnet made up of thousands of internet-connected toothbrushes. This article has been indexed from Cisco Talos Blog Read the original article:…
TinyTurla Next Generation – Turla APT spies on Polish NGOs
Cisco Talos has identified a new backdoor authored and operated by the Turla APT group, a Russian cyber espionage threat group. This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and…
How are attackers using QR codes in phishing emails and lure documents?
QR code attacks are particularly dangerous because they move the attack vector off a protected computer and onto the target’s personal mobile device, which usually has fewer security protections in place and ultimately has the sensitive information that attackers are…
First Microsoft Patch Tuesday zero-day of 2024 disclosed as part of group of 75 vulnerabilities
Although considered of moderate risk, one of the vulnerabilities is being actively exploited in the wild — CVE-2024-21351, a security feature bypass vulnerability in Windows SmartScreen. This article has been indexed from Cisco Talos Blog Read the original article: First…
Spyware isn’t going anywhere, and neither are its tactics
For their part, the U.S. did roll out new restrictions on the visas of any foreign individuals who misuse commercial spyware. This article has been indexed from Cisco Talos Blog Read the original article: Spyware isn’t going anywhere, and neither…
New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization
Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.” This article has been…
New Zardoor backdoor used in long-term cyber espionage operation targeting Islamic organization
Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.” This article has been…
How are user credentials stolen and used by threat actors?
You’ve probably heard the phrase, “Attackers don’t hack anyone these days. They log on.” In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can ‘log on’ with valid account details,…
The many ways electric cars are vulnerable to hacks, and whether that matters in a real-world
Researchers recently discovered 49 zero-day vulnerabilities, including a two-vulnerability exploit chain in Tesla cars that could allow an attacker to take over the onboard infotainment system. This article has been indexed from Cisco Talos Blog Read the original article: The…
OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privileges
Open Automation Software recently released patches for multiple vulnerabilities in their OAS Engine. Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released…
Why is the cost of cyber insurance rising?
Cyber insurance premiums are expected to rise this year after leveling out in 2023. This article has been indexed from Cisco Talos Blog Read the original article: Why is the cost of cyber insurance rising?
Significant increase in ransomware activity found in Talos IR engagements, while education remains one of the most-targeted sectors
Talos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter. This article has been indexed from Cisco Talos Blog Read the original article: Significant increase in ransomware activity found in Talos IR engagements,…
What to do with that fancy new internet-connected device you got as a holiday gift
There are many examples of WiFi-enabled home cameras, assistants and doorbells vulnerable to a wide range of security issues. This article has been indexed from Cisco Talos Blog Read the original article: What to do with that fancy new internet-connected…
Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers
Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers Drivers have long been of interest to threat actors, whether they are exploiting vulnerable drivers or creating malicious ones. Malicious drivers are difficult to detect and successfully leveraging…
Microsoft starts off new year with relatively light Patch Tuesday, no zero-days
One of the critical vulnerabilities patched Tuesday is CVE-2024-20674, a security bypass vulnerability in the Windows Kerberos authentication protocol. This article has been indexed from Cisco Talos Blog Read the original article: Microsoft starts off new year with relatively light…
New decryptor for Babuk Tortilla ransomware variant released
Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor. This article has been indexed from Cisco Talos Blog…
Video series discussing the major threat actor trends from 2023
In this video series, Talos’ Director of Threat Intelligence and Interdiction Matt Olney and Head of Outreach Nick Biasini share their insights on the most significant cybersecurity threats from the past year. This article has been indexed from Cisco Talos…
Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware
Talos revealed that rebooting an iOS or Android device may not remove the Predator spyware produced by Intellexa. Intellexa knows if their customers intend to perform surveillance operations on foreign soil. This article has been indexed from Cisco Talos Blog…
Year in Malware 2023: Recapping the major cybersecurity stories of the past year
Relive Talos’ top stories from the past year as we recap the top malware and other threats that came our way. This article has been indexed from Cisco Talos Blog Read the original article: Year in Malware 2023: Recapping the…
A personal Year in Review to round out 2023
Everyone’s New Year’s Resolution should be to stop using passwords altogether. This article has been indexed from Cisco Talos Blog Read the original article: A personal Year in Review to round out 2023
Recommendations that defenders can use from Talos’ Year in Review Report
The 2023 Talos Year in Review is full of insights on how the threat landscape has evolved. But what does that mean for defenders? This blog contains recommendations on how to gain more visibility across your network. This article has…
Microsoft releases lightest Patch Tuesday in three years, no zero-days disclosed
The company’s regular set of advisories has included a vulnerability that’s been actively exploited in the wild in 10 months this year. This article has been indexed from Cisco Talos Blog Read the original article: Microsoft releases lightest Patch Tuesday…
Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang
By Jung soo An, Asheer Malhotra and Vitor Ventura. Cisco Talos recently discovered a new campaign conducted by the Lazarus Group we’re calling “Operation Blacksmith,” employing at least three new DLang-based malware families, two of which are remote access trojans…
Video: Talos 2023 Year in Review highlights
In this video, experts from across Cisco Talos came together to discuss the 2023 Talos Year in Review. We chat about what’s new, what’s stayed the same, and how the geopolitical environment has affected the threat landscape. This article has…
Cybersecurity considerations to have when shopping for holiday gifts
When searching for holiday gifts online, make sure you’re buying from a trusted vendor, or if you haven’t heard of the vendor before, take a few extra minutes just to look them up and read their app’s privacy policy. This…
Remote code execution vulnerabilities found in Buildroot, Foxit PDF Reader
Cisco Talos has disclosed 10 vulnerabilities over the past two weeks, including nine that exist in a popular online PDF reader that offers a browser plugin. This article has been indexed from Cisco Talos Blog Read the original article: Remote…
Beers with Talos episode 141: The TurkeyLurkey Man wants YOU to read Talos’ Year in Review report
The team recaps the top malware and attacker trends from 2023, as well as create a new mascot to save Thanksgiving. This article has been indexed from Cisco Talos Blog Read the original article: Beers with Talos episode 141: The…
The malware, attacker trends and more that shaped the threat landscape in 2023
The second annual Cisco Talos Year in Review draws on a massive amount of threat data to analyze the major trends that shaped the threat landscape in 2023. This article has been indexed from Cisco Talos Blog Read the original…
Project PowerUp – Helping to keep the lights on in Ukraine in the face of electronic warfare
Project PowerUp is the story of how Cisco Talos worked with a multi-national, multi-company coalition of volunteers and experts to help “keep the lights on” in Ukraine, by injecting a measure of stability in Ukraine’s power transmission grid. This article…
$19 Stanely cups, fake Amazon Prime memberships all part of holiday shopping scams circulating
Fake Facebook ads seem to be the flavor of the month for scammers. This article has been indexed from Cisco Talos Blog Read the original article: $19 Stanely cups, fake Amazon Prime memberships all part of holiday shopping scams circulating
New SugarGh0st RAT targets Uzbekistan government and South Korea
Cisco Talos recently discovered a malicious campaign that likely started as early as August 2023, delivering a new remote access trojan (RAT) we dubbed “SugarGh0st.” This article has been indexed from Cisco Talos Blog Read the original article: New SugarGh0st…
What is threat hunting?
Many organizations are curious about the idea of threat hunting, but what does this really entail? In this video, four experienced security professionals from across Cisco recently sat down to discuss the basics of threat hunting, and how to go about…
Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution
Adobe recently patched two use-after-free vulnerabilities in its Acrobat PDF reader that Talos discovered, both of which could lead to arbitrary code execution. This article has been indexed from Cisco Talos Blog Read the original article: Vulnerabilities in Adobe Acrobat,…
Understanding the Phobos affiliate structure and activity
Cisco Talos identified the most prolific Phobos variants, TTPs and affiliate structure, based on their activity and analysis of over 1,000 samples from VirusTotal dating back to 2019. We assess with moderate confidence Eking, Eight, Elbie, Devos and Faust are…
A deep dive into Phobos ransomware, recently deployed by 8Base group
Cisco Talos has recently observed an increase in activity conducted by 8Base, a ransomware group that uses a variant of the Phobos ransomware and other publicly available tools to facilitate their operations. This article has been indexed from Cisco Talos…
We all just need to agree that ad blockers are good
YouTube’s new rules may not be around for long anyway, because they might run afoul of European Union regulations This article has been indexed from Cisco Talos Blog Read the original article: We all just need to agree that ad…
7 common mistakes companies make when creating an incident response plan and how to avoid them
Avoiding some of these common mistakes ensures your organization’s plan will be updated faster and is more thorough, so you are ready to act when, not if, an incident happens. This article has been indexed from Cisco Talos Blog Read…
Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday update, three other zero-days
In all, this set of vulnerabilities Microsoft patched includes 57 vulnerabilities, 54 of which are considered “important.” This article has been indexed from Cisco Talos Blog Read the original article: Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday…
Threat Roundup for November 3 to November 10
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 3 and Nov. 10. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've…
A new video series, Google Forms spam and the various gray areas of cyber attacks
It can be easy to get caught up in the “big” questions in cybersecurity, like how to stop ransomware globally or keep hospitals up and running when they’re targeted by data theft extortion. This article has been indexed from Cisco…
What is NIS2, and how can you best prepare for the new cybersecurity requirements in the EU?
Given the increased geopolitical importance of cybersecurity, NIS2 is a logical step in creating more harmonized and stronger defense capabilities across the European Union. This article has been indexed from Cisco Talos Blog Read the original article: What is NIS2,…
Spammers abuse Google Forms’ quiz to deliver scams
Cisco Talos has recently observed an increase in spam messages abusing a feature of quizzes created within Google Forms. This article has been indexed from Cisco Talos Blog Read the original article: Spammers abuse Google Forms’ quiz to deliver scams
Threat Roundup for October 27 to November 3
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 27 and Nov. 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've…
You’d be surprised to know what devices are still using Windows CE
The Arid Viper threat actor is actively trying to install spyware on targeted devices in the Middle East, using fake dating apps as lures. This article has been indexed from Cisco Talos Blog Read the original article: You’d be surprised…
Attackers use JavaScript URLs, API forms and more to scam users in popular online game “Roblox”
Online video games often make use of in-game virtual currency and give players the ability to purchase, trade or sell items. While these features are often selling points for players and potential revenue streams for the companies that make them,…
Arid Viper disguising mobile spyware as updates for non-malicious Android applications
Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users. This article has been indexed from Cisco Talos Blog Read the original article: Arid…
Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan
Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian. This article has been…
9 vulnerabilities found in VPN software, including 1 critical issue that could lead to remote code execution
Attackers could exploit these vulnerabilities in the SoftEther VPN solution for individual and enterprise users to force users to drop their connections or execute arbitrary code on the targeted machine. This article has been indexed from Cisco Talos Blog Read…
How helpful are estimates about how much cyber attacks cost?
New YoroTrooper research, the latest on the Cisco IOS vulnerability, and more. This article has been indexed from Cisco Talos Blog Read the original article: How helpful are estimates about how much cyber attacks cost?