Tag: Cisco Talos Blog

Microsoft has released its monthly security update for January of 2025 which includes 58 vulnerabilities, including 3 that Microsoft marked as “critical” and one marked as “moderate”. The remaining vulnerabilities listed are classified as “important.” This article has been indexed…

Read more →

By Aleksandar Nikolich Earlier this year, we conducted code audits of the macOS printing subsystem, which is heavily based on the open-source CUPS package. During this investigation, IPP-USB protocol caught our attention. IPP over USB specification defines how printers that…

Read more →

Thorsten examines last year’s CVE list and compares it to recent Talos Incident Response trends. Plus, get all the details on the new vulnerabilities disclosed by Talos’ Vulnerability Research Team. This article has been indexed from Cisco Talos Blog Read…

Read more →

A technical overview of Cisco Talos’ investigations into Google Cloud Platform Cloud Build, and the threat surface posed by the storage permission family. This article has been indexed from Cisco Talos Blog Read the original article: Google Cloud Platform Data…

Read more →

Martin discusses how defenders can use threat intelligence to equip themselves against AI-based threats. Plus check out his introductory course to threat intelligence. This article has been indexed from Cisco Talos Blog Read the original article: Defeating Future Threats Starts…

Read more →

This new report from Cisco Talos Incident Response explores how threat actors increasingly deployed web shells against vulnerable web applications, and exploited vulnerable or unpatched public-facing applications to gain initial access. This article has been indexed from Cisco Talos Blog…

Read more →

Cisco Talos’ Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold.    These vulnerabilities exist in Observium, a network observation and monitoring system; Offis DCMTK, a collection of libraries and applications…

Read more →

Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany. This article has been indexed from Cisco Talos Blog Read the original article: New TorNet backdoor seen in widespread…

Read more →

Hidden text salting is a simple yet effective technique for bypassing email parsers, confusing spam filters, and evading detection engines that rely on keywords. Cisco Talos observed an increase in the number of email threats leveraging hidden text salting. This…

Read more →

Joe shares his recent experience presenting at the 32nd Crop Insurance Conference and how it’s important to stay curious, be a forever student, and keep learning. This article has been indexed from Cisco Talos Blog Read the original article: Everything…

Read more →

Bill discusses how to find ‘the helpers’ and the importance of knowledge sharing. Plus, there’s a lot to talk about in our latest vulnerability roundup. This article has been indexed from Cisco Talos Blog Read the original article: Find the…

Read more →

Lilith >_> of Cisco Talos discovered these vulnerabilities.  Forty-four vulnerabilities and sixty-three CVEs were discovered across ten .cgi and three .sh files, as well as the static login page, of the Wavlink AC3000 wireless router web application.   The Wavlink AC3000…

Read more →

Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” This article has been indexed from Cisco Talos Blog Read…

Read more →

Hazel gets inspired by watching Wendy Nather’s recent keynote, and explores ways to challenge security assumptions. This article has been indexed from Cisco Talos Blog Read the original article: Do we still have to keep doing it like this?

Read more →

Cisco Talos’ Vulnerability Research team recently disclosed three out-of-bounds read vulnerabilities in Adobe Acrobat Reader, and two use-after-free vulnerabilities in Foxit Reader.   These vulnerabilities exist in Adobe Acrobat Reader and Foxit Reader, two of the most popular and feature-rich PDF…

Read more →

In the last newsletter of the year, Thorsten recalls his tech-savvy gift to his family and how we can all incorporate cybersecurity protections this holiday season. This article has been indexed from Cisco Talos Blog Read the original article: Welcome…

Read more →

This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver (BYOVD) technique along with Cisco Talos’ series of posts about  malicious Windows drivers. This article has been indexed from Cisco Talos Blog…

Read more →

Its mid-December, if you’re on-call or working to defend networks, this newsletter is for you. Martin discusses the widening gap between threat and defences as well as the growing problem of home devices being recruited to act as proxy servers…

Read more →

Proxy and anonymization networks have been dominating the headlines, this piece discusses its origins and evolution on the threat landscape with specific focus on state sponsored abuse. This article has been indexed from Cisco Talos Blog Read the original article:…

Read more →

The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” This article has been indexed from Cisco Talos Blog Read the original article: Microsoft Patch…

Read more →

Cisco Talos' Vulnerability Research team recently discovered two vulnerabilities in MC Technologies LR Router and three vulnerabilities in the GoCast service.  These vulnerabilities have not been patched at time of this posting.  For Snort coverage that can detect the exploitation…

Read more →

Ever wonder what an extroverted strategy security nerd does? Wonder no longer! This week, Joe pontificates on his journey at Talos, and then is inspired by the people he gets to meet and help. This article has been indexed from…

Read more →

Cisco Talos discovered a new information stealing campaign operated by a Vietnamese-speaking threat actor targeting government and education entities in Europe and Asia. This article has been indexed from Cisco Talos Blog Read the original article: New PXA Stealer targets…

Read more →

The Patch Tuesday for November of 2024 includes 91 vulnerabilities, including two that Microsoft marked as “critical.” The remaining 89 vulnerabilities listed are classified as “important.” This article has been indexed from Cisco Talos Blog Read the original article: November…

Read more →

Cisco Talos Incident Response (Talos IR) recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware. This article has been indexed from Cisco Talos Blog Read the original article: Unwrapping the emerging Interlock…

Read more →

Cisco Talos' Vulnerability Research team recently discovered five Nvidia out-of-bounds access vulnerabilities in shader processing, as well as eleven LevelOne router vulnerabilities spanning a range of possible exploits. For Snort coverage that can detect the exploitation of these vulnerabilities, download…

Read more →

Cisco Talos has observed an unknown threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan.  The decoy email and fake PDF filenames are designed to impersonate a company's legal department, attempting to lure the…

Read more →

This blog will demonstrate the practice and methodology of reversing BugSleep’s protocol, writing a functional C2 server, and detecting this traffic with Snort. This article has been indexed from Cisco Talos Blog Read the original article: Writing a BugSleep C2…

Read more →

Can LLM tools actually help defenders in the cybersecurity industry write more effective detection content? Read the full research This article has been indexed from Cisco Talos Blog Read the original article: How LLMs could help defenders write better and faster…

Read more →

Credential theft was the main goal in 25% of incidents last quarter, and new ransomware variants made their appearance – read more about the top trends, TTPs, and security weaknesses that facilitated adversary actions. This article has been indexed from…

Read more →

TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020. This article has been indexed from Cisco Talos Blog   Read the original article:   Highlighting TA866/Asylum Ambuscade Activity Since…

Read more →

WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns. This article has been indexed from Cisco Talos Blog Read the original article: Threat Spotlight: WarmCookie/BadSpace

Read more →

Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. This article has been indexed from Cisco Talos Blog Read the original article: Threat actor abuses Gophish to deliver new PowerRAT…

Read more →

As the Akira ransomware group continues to evolve its operations, Talos has the latest research on the group’s attack chain, targeted verticals, and potential future TTPs. This article has been indexed from Cisco Talos Blog Read the original article: Akira…

Read more →

Plus, a zero-day vulnerability in Qualcomm chips, exposed health care devices, and the latest on the Salt Typhoon threat actor. This article has been indexed from Cisco Talos Blog Read the original article: What I’ve learned in my first 7-ish…

Read more →

By Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer and Vitor Ventura.  Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian government entities and unknown…

Read more →

Go behind the scenes with Talos incident responders and learn from what we’ve seen in the field. This article has been indexed from Cisco Talos Blog Read the original article: Protecting major events: An incident response blueprint

Read more →

Rather than setting a regular cadence for changing passwords, users only need to change their passwords if there is evidence of a breach. This article has been indexed from Cisco Talos Blog Read the original article: What NIST’s latest password…

Read more →

Cisco Talos is releasing a GDT file on GitHub that contains various definitions for functions and data types. This article has been indexed from Cisco Talos Blog Read the original article: Ghidra data type archive for Windows driver functions

Read more →

Talos also discovered three vulnerabilities in Veertu’s Anka Build, a suite of software designed to test macOS or iOS applications in CI/CD environments. This article has been indexed from Cisco Talos Blog Read the original article: Vulnerability in popular PDF…

Read more →

The two vulnerabilities that Microsoft reports have been actively exploited in the wild and are publicly known are both rated as only being of “moderate” severity. This article has been indexed from Cisco Talos Blog Read the original article: Largest…

Read more →

Despite what lessons we thought we learned from Colonial Pipeline, none of those lessons have been able to be put into practice. This article has been indexed from Cisco Talos Blog Read the original article: CISA is warning us (again)…

Read more →

Cisco Talos has discovered a financially motivated threat actor, active since 2022, recently observed delivering a MedusaLocker ransomware variant.  Intelligence collected by Talos on tools regularly employed by the threat actor allows us to see an estimate of the amount…

Read more →

It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process. This article has been indexed from Cisco Talos Blog Read…

Read more →

Many spammers have elected to attack web pages and mail servers of legitimate organizations, so they may use these “pirated” resources to send unsolicited email. This article has been indexed from Cisco Talos Blog Read the original article: Simple Mail…

Read more →

Talos researchers have disclosed three vulnerabilities in OpenPLC, a popular open-source programmable logic controller. This article has been indexed from Cisco Talos Blog Read the original article: Talos discovers denial-of-service vulnerability in Microsoft Audio Bus; Potential remote code execution in…

Read more →

This year, Congress only allocated $55 million in federal grant dollars to states for security and other election improvements. This article has been indexed from Cisco Talos Blog Read the original article: Talk of election security is good, but we…

Read more →

A June report from CyberSeek found that there are only enough skilled workers to fill 85 percent of cybersecurity jobs in America. This article has been indexed from Cisco Talos Blog Read the original article: We can try to bridge…

Read more →

CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges. This article has been indexed from Cisco Talos Blog Read the original article: Vulnerability in Acrobat Reader could lead to remote…

Read more →

September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical. This article has been indexed from Cisco Talos Blog Read the original article: Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including…

Read more →

Talos’ Nick Biasini discusses the biggest shifts and trends in the threat landscape so far. We also focus on one state sponsored actor that has been particularly active this year, and talk about why defenders need to be paying closer…

Read more →

Certain versions of WeChat, a popular messaging app created by tech giant Tencent, contain a type confusion vulnerability that could allow an adversary to execute remote code.  While this issue, CVE-2023-3420, was disclosed and patched in the V8 engine in…

Read more →

In my opinion, mandatory enrollment is best enrollment. This article has been indexed from Cisco Talos Blog Read the original article: The best and worst ways to get users to improve their account security

Read more →

The Light We Keep documentary tells the story of the consequences of electronic warfare in Ukraine and its effect on power grids across the country. This article has been indexed from Cisco Talos Blog Read the original article: Watch our…

Read more →

Cisco Talos recently discovered several related Microsoft Office documents uploaded to VirusTotal by various actors between May and July 2024 that were all generated by a version of a payload generator framework called “MacroPack.” This article has been indexed from…

Read more →

As we head into the final third of 2024, we caught up with Talos’ Nick Biasini to ask him about the biggest shifts and trends in the threat landscape so far. Turns out, he has two major areas of concern.…

Read more →

This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server. This article has been indexed from Cisco Talos Blog Read the original article: Fuzzing µC/OS protocol stacks,…

Read more →

Any vulnerability in an RTOS has the potential to affect many devices across multiple industries. This article has been indexed from Cisco Talos Blog Read the original article: Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing

Read more →

This time, I’ll discuss why this approach is more challenging than simply substituting a socket file descriptor with a typical file descriptor. This article has been indexed from Cisco Talos Blog Read the original article: Fuzzing µCOS protocol stacks, Part…

Read more →

Fuzzing has long been one of our favorite ways to search for security issues or vulnerabilities in software, but when it comes to fuzzing popular systems used in ICS environments, it traditionally involved a custom hardware setup to fuzz the…

Read more →

In recent investigations, Talos Incident Response has observed the BlackByte ransomware group using techniques that depart from their established tradecraft. Read the full analysis. This article has been indexed from Cisco Talos Blog Read the original article: BlackByte blends tried-and-true…

Read more →

It’s not unusual for a threat actor to exaggerate the extent of a hack or breach to drum up interest, and hopefully, the eventual purchase or ransom price. This article has been indexed from Cisco Talos Blog Read the original…

Read more →

Cisco Talos has uncovered a new remote access trojan (RAT) family we are calling “MoonPeak.” This a XenoRAT-based malware, which is under active development by a North Korean nexus cluster we are calling “UAT-5394.” This article has been indexed from…

Read more →

An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft’s applications to gain their entitlements and user-granted permissions. This article has been indexed from Cisco Talos Blog Read the original article: How multiple vulnerabilities in Microsoft apps for…

Read more →

Voting Village co-founder Harri Hursti told Politico the list of vulnerabilities ran “multiple pages.” This article has been indexed from Cisco Talos Blog Read the original article: AI, election security headline discussions at Black Hat and DEF CON

Read more →

Eight of the vulnerabilities affect the license update feature for CLIPSP.SYS, a driver used to implement Client License System Policy on Windows 10 and 11. This article has been indexed from Cisco Talos Blog Read the original article: Talos discovers…

Read more →

The most serious of the issues included in August’s Patch Tuesday is CVE-2024-38063, a remote code execution vulnerability in Windows TCP/IP. This article has been indexed from Cisco Talos Blog Read the original article: Talos discovers Microsoft kernel mode driver…

Read more →

Open-source software that is free to download, deploy and modify is a vital component in the fight for cyber security. Freely available software not only helps defend systems that would otherwise be unprotected, but it also allows people to learn…

Read more →

As with everything nowadays, politics are sure to come into play. This article has been indexed from Cisco Talos Blog Read the original article: The top stories coming out of the Black Hat cybersecurity conference

Read more →

Pentney and his team are threat hunters and researchers who contribute to Talos’ research and reports shared with government and private sector partners. This article has been indexed from Cisco Talos Blog Read the original article: Ryan Pentney reflects on…

Read more →

The lesson for users, especially if you’re a private company that primarily uses GitHub, is just to understand the inherent dangers of using open-source software. This article has been indexed from Cisco Talos Blog Read the original article: There is…

Read more →

Cisco Talos discovered a malicious campaign that compromised a Taiwanese government-affiliated research institute that started as early as July 2023, delivering the ShadowPad malware, Cobalt Strike and other customized tools for post-compromise activities. The activity conducted on the victim endpoint…

Read more →

In this first Deep Dive with NTDR, we explore how defenders can leverage Snort for the detection of evasive malware threats. This article has been indexed from Cisco Talos Blog Read the original article: Detecting evolving threats: NetSupport RAT campaign

Read more →

This year marks the 10th anniversary of Cisco Talos, as the Talos brand was officially launched in August 2014 at Black Hat. This article has been indexed from Cisco Talos Blog Read the original article: Where to find Talos at…

Read more →

A binary in Apple macOS could allow an adversary to execute an arbitrary binary that bypasses SIP. This article has been indexed from Cisco Talos Blog Read the original article: Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains…

Read more →

We look back on 10 years of Talos, in multiple interviews with Talos’ leaders. This article has been indexed from Cisco Talos Blog Read the original article: “There is no business school class that would ever sit down and design…

Read more →

Seeing a “blue screen of death,” often with code that looks indecipherable, has been ingrained into our heads that it’s a “hack.” This article has been indexed from Cisco Talos Blog Read the original article: The massive computer outage over…

Read more →

Although there was a decrease in BEC engagements from last quarter, it was still a major threat for the second quarter in a row. This article has been indexed from Cisco Talos Blog Read the original article: IR Trends: Ransomware…

Read more →

Relive some of the major cybersecurity incidents and events that have shaped Talos over the past 10 years. This article has been indexed from Cisco Talos Blog Read the original article: A (somewhat) complete timeline of Talos’ history

Read more →

Telecommunications provider AT&T disclosed earlier this month that adversaries stole a cache of data that contained the phone numbers and call records of “nearly all” of its customers. This article has been indexed from Cisco Talos Blog Read the original…

Read more →

Even if a threat actor isn’t successful in some widespread breach that makes international headlines, even smaller-scale threats and actors are just hoping to cause chaos. This article has been indexed from Cisco Talos Blog Read the original article: Checking…

Read more →

Data breaches have become one of the most crucial threats to organizations across the globe, and they’ve only become more prevalent and serious over time.   A data breach occurs when unauthorized individuals gain access to sensitive, protected or confidential…

Read more →

Talos researchers discovered these vulnerabilities in the Jungle SDK while researching other vulnerabilities in the LevelOne WBR-6013 wireless router. This article has been indexed from Cisco Talos Blog Read the original article: 15 vulnerabilities discovered in software development kit for…

Read more →

Talos is releasing a new list of CyberChef recipes that enable faster and easier reversal of encoded JavaScript code contained in the observed HTML attachments. This article has been indexed from Cisco Talos Blog Read the original article: Hidden between…

Read more →

Based on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in TTPs, along with several notable differences and outliers. This article has been indexed from Cisco Talos Blog Read the original article: Inside…

Read more →

This is the largest Patch Tuesday since April, when Microsoft patched 150 vulnerabilities. This article has been indexed from Cisco Talos Blog Read the original article: Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities

Read more →

In recent months, a surge in cryptodrainer phishing attacks has been observed, targeting cryptocurrency holders with sophisticated schemes aimed at tricking them into divulging their valuable credentials. This article has been indexed from Cisco Talos Blog Read the original article:…

Read more →

A report in March found that 72% of cryptocurrency projects had died since 2020, with crypto trading platform FTX’s downfall taking out many of them in one fell swoop. This article has been indexed from Cisco Talos Blog Read the…

Read more →

By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login credentials…

Read more →

Affected devices could include wireless access points, routers, switches and VPNs. This article has been indexed from Cisco Talos Blog Read the original article: Multiple vulnerabilities in TP-Link Omada system could lead to root access

Read more →

Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. This article has been indexed from Cisco Talos Blog Read the original article: SneakyChef espionage group targets government…

Read more →

Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. This article has been indexed from Cisco Talos Blog Read the original…

Read more →

More on the recent Snowflake breach, MFA bypass techniques and more. This article has been indexed from Cisco Talos Blog Read the original article: Tabletop exercises are headed to the next frontier: Space

Read more →

Exploring trends on how attackers are trying to manipulate and bypass MFA, as well as when/how attackers will try their ‘push-spray’ MFA attacks This article has been indexed from Cisco Talos Blog Read the original article: How are attackers trying…

Read more →

As the second entry in our “Exploring malicious Windows drivers” series, we will continue where the first left off: Discussing the I/O system and IRPs. This article has been indexed from Cisco Talos Blog Read the original article: Exploring malicious…

Read more →

A botnet is a network of computers or other internet-connected devices that are infected by malware and controlled by a single threat actor or group. This article has been indexed from Cisco Talos Blog Read the original article: How we…

Read more →

Cisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track as “HeavyLift.”…

Read more →

The lone critical security issue is a remote code execution vulnerability due to a use-after-free issue in the HTTP handling function of Microsoft Message Queuing. This article has been indexed from Cisco Talos Blog Read the original article: Only one…

Read more →

AI’s integration into search engines could change the way many of us interact with the internet. This article has been indexed from Cisco Talos Blog Read the original article: The sliding doors of misinformation that come with AI-generated search results

Read more →

This post was authored by Kalpesh Mantri.  Cisco Talos is actively tracking a recent increase in activity from malicious email campaigns containing a suspicious Microsoft Excel attachment that, when opened, infected the victim's system with the DarkGate malware.  These campaigns,…

Read more →