Category: Cisco Talos Blog

Cisco Talos recently discovered several related Microsoft Office documents uploaded to VirusTotal by various actors between May and July 2024 that were all generated by a version of a payload generator framework called “MacroPack.” This article has been indexed from…

Read more →

As we head into the final third of 2024, we caught up with Talos’ Nick Biasini to ask him about the biggest shifts and trends in the threat landscape so far. Turns out, he has two major areas of concern.…

Read more →

This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server. This article has been indexed from Cisco Talos Blog Read the original article: Fuzzing µC/OS protocol stacks,…

Read more →

Any vulnerability in an RTOS has the potential to affect many devices across multiple industries. This article has been indexed from Cisco Talos Blog Read the original article: Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing

Read more →

This time, I’ll discuss why this approach is more challenging than simply substituting a socket file descriptor with a typical file descriptor. This article has been indexed from Cisco Talos Blog Read the original article: Fuzzing µCOS protocol stacks, Part…

Read more →

Fuzzing has long been one of our favorite ways to search for security issues or vulnerabilities in software, but when it comes to fuzzing popular systems used in ICS environments, it traditionally involved a custom hardware setup to fuzz the…

Read more →

In recent investigations, Talos Incident Response has observed the BlackByte ransomware group using techniques that depart from their established tradecraft. Read the full analysis. This article has been indexed from Cisco Talos Blog Read the original article: BlackByte blends tried-and-true…

Read more →

It’s not unusual for a threat actor to exaggerate the extent of a hack or breach to drum up interest, and hopefully, the eventual purchase or ransom price. This article has been indexed from Cisco Talos Blog Read the original…

Read more →

Cisco Talos has uncovered a new remote access trojan (RAT) family we are calling “MoonPeak.” This a XenoRAT-based malware, which is under active development by a North Korean nexus cluster we are calling “UAT-5394.” This article has been indexed from…

Read more →

An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft’s applications to gain their entitlements and user-granted permissions. This article has been indexed from Cisco Talos Blog Read the original article: How multiple vulnerabilities in Microsoft apps for…

Read more →

Voting Village co-founder Harri Hursti told Politico the list of vulnerabilities ran “multiple pages.” This article has been indexed from Cisco Talos Blog Read the original article: AI, election security headline discussions at Black Hat and DEF CON

Read more →

Eight of the vulnerabilities affect the license update feature for CLIPSP.SYS, a driver used to implement Client License System Policy on Windows 10 and 11. This article has been indexed from Cisco Talos Blog Read the original article: Talos discovers…

Read more →

The most serious of the issues included in August’s Patch Tuesday is CVE-2024-38063, a remote code execution vulnerability in Windows TCP/IP. This article has been indexed from Cisco Talos Blog Read the original article: Talos discovers Microsoft kernel mode driver…

Read more →

Open-source software that is free to download, deploy and modify is a vital component in the fight for cyber security. Freely available software not only helps defend systems that would otherwise be unprotected, but it also allows people to learn…

Read more →

As with everything nowadays, politics are sure to come into play. This article has been indexed from Cisco Talos Blog Read the original article: The top stories coming out of the Black Hat cybersecurity conference

Read more →

Pentney and his team are threat hunters and researchers who contribute to Talos’ research and reports shared with government and private sector partners. This article has been indexed from Cisco Talos Blog Read the original article: Ryan Pentney reflects on…

Read more →

Pentney and his team are threat hunters and researchers who contribute to Talos’ research and reports shared with government and private sector partners. This article has been indexed from Cisco Talos Blog Read the original article: Ryan Pentney reflects on…

Read more →

The lesson for users, especially if you’re a private company that primarily uses GitHub, is just to understand the inherent dangers of using open-source software. This article has been indexed from Cisco Talos Blog Read the original article: There is…

Read more →

Cisco Talos discovered a malicious campaign that compromised a Taiwanese government-affiliated research institute that started as early as July 2023, delivering the ShadowPad malware, Cobalt Strike and other customized tools for post-compromise activities. The activity conducted on the victim endpoint…

Read more →

In this first Deep Dive with NTDR, we explore how defenders can leverage Snort for the detection of evasive malware threats. This article has been indexed from Cisco Talos Blog Read the original article: Detecting evolving threats: NetSupport RAT campaign

Read more →