Category: Cisco Talos Blog

Plus, a zero-day vulnerability in Qualcomm chips, exposed health care devices, and the latest on the Salt Typhoon threat actor. This article has been indexed from Cisco Talos Blog Read the original article: What I’ve learned in my first 7-ish…

Read more →

By Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer and Vitor Ventura.  Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian government entities and unknown…

Read more →

Go behind the scenes with Talos incident responders and learn from what we’ve seen in the field. This article has been indexed from Cisco Talos Blog Read the original article: Protecting major events: An incident response blueprint

Read more →

Rather than setting a regular cadence for changing passwords, users only need to change their passwords if there is evidence of a breach. This article has been indexed from Cisco Talos Blog Read the original article: What NIST’s latest password…

Read more →

Cisco Talos is releasing a GDT file on GitHub that contains various definitions for functions and data types. This article has been indexed from Cisco Talos Blog Read the original article: Ghidra data type archive for Windows driver functions

Read more →

Talos also discovered three vulnerabilities in Veertu’s Anka Build, a suite of software designed to test macOS or iOS applications in CI/CD environments. This article has been indexed from Cisco Talos Blog Read the original article: Vulnerability in popular PDF…

Read more →

The two vulnerabilities that Microsoft reports have been actively exploited in the wild and are publicly known are both rated as only being of “moderate” severity. This article has been indexed from Cisco Talos Blog Read the original article: Largest…

Read more →

Despite what lessons we thought we learned from Colonial Pipeline, none of those lessons have been able to be put into practice. This article has been indexed from Cisco Talos Blog Read the original article: CISA is warning us (again)…

Read more →

Cisco Talos has discovered a financially motivated threat actor, active since 2022, recently observed delivering a MedusaLocker ransomware variant.  Intelligence collected by Talos on tools regularly employed by the threat actor allows us to see an estimate of the amount…

Read more →

It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process. This article has been indexed from Cisco Talos Blog Read…

Read more →

Many spammers have elected to attack web pages and mail servers of legitimate organizations, so they may use these “pirated” resources to send unsolicited email. This article has been indexed from Cisco Talos Blog Read the original article: Simple Mail…

Read more →

Talos researchers have disclosed three vulnerabilities in OpenPLC, a popular open-source programmable logic controller. This article has been indexed from Cisco Talos Blog Read the original article: Talos discovers denial-of-service vulnerability in Microsoft Audio Bus; Potential remote code execution in…

Read more →

This year, Congress only allocated $55 million in federal grant dollars to states for security and other election improvements. This article has been indexed from Cisco Talos Blog Read the original article: Talk of election security is good, but we…

Read more →

A June report from CyberSeek found that there are only enough skilled workers to fill 85 percent of cybersecurity jobs in America. This article has been indexed from Cisco Talos Blog Read the original article: We can try to bridge…

Read more →

CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges. This article has been indexed from Cisco Talos Blog Read the original article: Vulnerability in Acrobat Reader could lead to remote…

Read more →

September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical. This article has been indexed from Cisco Talos Blog Read the original article: Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including…

Read more →

Talos’ Nick Biasini discusses the biggest shifts and trends in the threat landscape so far. We also focus on one state sponsored actor that has been particularly active this year, and talk about why defenders need to be paying closer…

Read more →

Certain versions of WeChat, a popular messaging app created by tech giant Tencent, contain a type confusion vulnerability that could allow an adversary to execute remote code.  While this issue, CVE-2023-3420, was disclosed and patched in the V8 engine in…

Read more →

In my opinion, mandatory enrollment is best enrollment. This article has been indexed from Cisco Talos Blog Read the original article: The best and worst ways to get users to improve their account security

Read more →

The Light We Keep documentary tells the story of the consequences of electronic warfare in Ukraine and its effect on power grids across the country. This article has been indexed from Cisco Talos Blog Read the original article: Watch our…

Read more →

Cisco Talos recently discovered several related Microsoft Office documents uploaded to VirusTotal by various actors between May and July 2024 that were all generated by a version of a payload generator framework called “MacroPack.” This article has been indexed from…

Read more →

As we head into the final third of 2024, we caught up with Talos’ Nick Biasini to ask him about the biggest shifts and trends in the threat landscape so far. Turns out, he has two major areas of concern.…

Read more →

This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server. This article has been indexed from Cisco Talos Blog Read the original article: Fuzzing µC/OS protocol stacks,…

Read more →

Any vulnerability in an RTOS has the potential to affect many devices across multiple industries. This article has been indexed from Cisco Talos Blog Read the original article: Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing

Read more →

This time, I’ll discuss why this approach is more challenging than simply substituting a socket file descriptor with a typical file descriptor. This article has been indexed from Cisco Talos Blog Read the original article: Fuzzing µCOS protocol stacks, Part…

Read more →

Fuzzing has long been one of our favorite ways to search for security issues or vulnerabilities in software, but when it comes to fuzzing popular systems used in ICS environments, it traditionally involved a custom hardware setup to fuzz the…

Read more →

In recent investigations, Talos Incident Response has observed the BlackByte ransomware group using techniques that depart from their established tradecraft. Read the full analysis. This article has been indexed from Cisco Talos Blog Read the original article: BlackByte blends tried-and-true…

Read more →

It’s not unusual for a threat actor to exaggerate the extent of a hack or breach to drum up interest, and hopefully, the eventual purchase or ransom price. This article has been indexed from Cisco Talos Blog Read the original…

Read more →

Cisco Talos has uncovered a new remote access trojan (RAT) family we are calling “MoonPeak.” This a XenoRAT-based malware, which is under active development by a North Korean nexus cluster we are calling “UAT-5394.” This article has been indexed from…

Read more →

An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft’s applications to gain their entitlements and user-granted permissions. This article has been indexed from Cisco Talos Blog Read the original article: How multiple vulnerabilities in Microsoft apps for…

Read more →

Voting Village co-founder Harri Hursti told Politico the list of vulnerabilities ran “multiple pages.” This article has been indexed from Cisco Talos Blog Read the original article: AI, election security headline discussions at Black Hat and DEF CON

Read more →

Eight of the vulnerabilities affect the license update feature for CLIPSP.SYS, a driver used to implement Client License System Policy on Windows 10 and 11. This article has been indexed from Cisco Talos Blog Read the original article: Talos discovers…

Read more →

The most serious of the issues included in August’s Patch Tuesday is CVE-2024-38063, a remote code execution vulnerability in Windows TCP/IP. This article has been indexed from Cisco Talos Blog Read the original article: Talos discovers Microsoft kernel mode driver…

Read more →

Open-source software that is free to download, deploy and modify is a vital component in the fight for cyber security. Freely available software not only helps defend systems that would otherwise be unprotected, but it also allows people to learn…

Read more →

As with everything nowadays, politics are sure to come into play. This article has been indexed from Cisco Talos Blog Read the original article: The top stories coming out of the Black Hat cybersecurity conference

Read more →

Pentney and his team are threat hunters and researchers who contribute to Talos’ research and reports shared with government and private sector partners. This article has been indexed from Cisco Talos Blog Read the original article: Ryan Pentney reflects on…

Read more →

Pentney and his team are threat hunters and researchers who contribute to Talos’ research and reports shared with government and private sector partners. This article has been indexed from Cisco Talos Blog Read the original article: Ryan Pentney reflects on…

Read more →

The lesson for users, especially if you’re a private company that primarily uses GitHub, is just to understand the inherent dangers of using open-source software. This article has been indexed from Cisco Talos Blog Read the original article: There is…

Read more →

Cisco Talos discovered a malicious campaign that compromised a Taiwanese government-affiliated research institute that started as early as July 2023, delivering the ShadowPad malware, Cobalt Strike and other customized tools for post-compromise activities. The activity conducted on the victim endpoint…

Read more →

In this first Deep Dive with NTDR, we explore how defenders can leverage Snort for the detection of evasive malware threats. This article has been indexed from Cisco Talos Blog Read the original article: Detecting evolving threats: NetSupport RAT campaign

Read more →

This year marks the 10th anniversary of Cisco Talos, as the Talos brand was officially launched in August 2014 at Black Hat. This article has been indexed from Cisco Talos Blog Read the original article: Where to find Talos at…

Read more →

A binary in Apple macOS could allow an adversary to execute an arbitrary binary that bypasses SIP. This article has been indexed from Cisco Talos Blog Read the original article: Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains…

Read more →

We look back on 10 years of Talos, in multiple interviews with Talos’ leaders. This article has been indexed from Cisco Talos Blog Read the original article: “There is no business school class that would ever sit down and design…

Read more →

Seeing a “blue screen of death,” often with code that looks indecipherable, has been ingrained into our heads that it’s a “hack.” This article has been indexed from Cisco Talos Blog Read the original article: The massive computer outage over…

Read more →

Although there was a decrease in BEC engagements from last quarter, it was still a major threat for the second quarter in a row. This article has been indexed from Cisco Talos Blog Read the original article: IR Trends: Ransomware…

Read more →

Relive some of the major cybersecurity incidents and events that have shaped Talos over the past 10 years. This article has been indexed from Cisco Talos Blog Read the original article: A (somewhat) complete timeline of Talos’ history

Read more →

Telecommunications provider AT&T disclosed earlier this month that adversaries stole a cache of data that contained the phone numbers and call records of “nearly all” of its customers. This article has been indexed from Cisco Talos Blog Read the original…

Read more →

Even if a threat actor isn’t successful in some widespread breach that makes international headlines, even smaller-scale threats and actors are just hoping to cause chaos. This article has been indexed from Cisco Talos Blog Read the original article: Checking…

Read more →

Data breaches have become one of the most crucial threats to organizations across the globe, and they’ve only become more prevalent and serious over time.   A data breach occurs when unauthorized individuals gain access to sensitive, protected or confidential…

Read more →

Talos researchers discovered these vulnerabilities in the Jungle SDK while researching other vulnerabilities in the LevelOne WBR-6013 wireless router. This article has been indexed from Cisco Talos Blog Read the original article: 15 vulnerabilities discovered in software development kit for…

Read more →

Talos is releasing a new list of CyberChef recipes that enable faster and easier reversal of encoded JavaScript code contained in the observed HTML attachments. This article has been indexed from Cisco Talos Blog Read the original article: Hidden between…

Read more →

Based on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in TTPs, along with several notable differences and outliers. This article has been indexed from Cisco Talos Blog Read the original article: Inside…

Read more →

This is the largest Patch Tuesday since April, when Microsoft patched 150 vulnerabilities. This article has been indexed from Cisco Talos Blog Read the original article: Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities

Read more →

In recent months, a surge in cryptodrainer phishing attacks has been observed, targeting cryptocurrency holders with sophisticated schemes aimed at tricking them into divulging their valuable credentials. This article has been indexed from Cisco Talos Blog Read the original article:…

Read more →

A report in March found that 72% of cryptocurrency projects had died since 2020, with crypto trading platform FTX’s downfall taking out many of them in one fell swoop. This article has been indexed from Cisco Talos Blog Read the…

Read more →

By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login credentials…

Read more →

Affected devices could include wireless access points, routers, switches and VPNs. This article has been indexed from Cisco Talos Blog Read the original article: Multiple vulnerabilities in TP-Link Omada system could lead to root access

Read more →

Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. This article has been indexed from Cisco Talos Blog Read the original article: SneakyChef espionage group targets government…

Read more →

Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. This article has been indexed from Cisco Talos Blog Read the original…

Read more →

More on the recent Snowflake breach, MFA bypass techniques and more. This article has been indexed from Cisco Talos Blog Read the original article: Tabletop exercises are headed to the next frontier: Space

Read more →

Exploring trends on how attackers are trying to manipulate and bypass MFA, as well as when/how attackers will try their ‘push-spray’ MFA attacks This article has been indexed from Cisco Talos Blog Read the original article: How are attackers trying…

Read more →

As the second entry in our “Exploring malicious Windows drivers” series, we will continue where the first left off: Discussing the I/O system and IRPs. This article has been indexed from Cisco Talos Blog Read the original article: Exploring malicious…

Read more →

A botnet is a network of computers or other internet-connected devices that are infected by malware and controlled by a single threat actor or group. This article has been indexed from Cisco Talos Blog Read the original article: How we…

Read more →

Cisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track as “HeavyLift.”…

Read more →

The lone critical security issue is a remote code execution vulnerability due to a use-after-free issue in the HTTP handling function of Microsoft Message Queuing. This article has been indexed from Cisco Talos Blog Read the original article: Only one…

Read more →

AI’s integration into search engines could change the way many of us interact with the internet. This article has been indexed from Cisco Talos Blog Read the original article: The sliding doors of misinformation that come with AI-generated search results

Read more →

This post was authored by Kalpesh Mantri.  Cisco Talos is actively tracking a recent increase in activity from malicious email campaigns containing a suspicious Microsoft Excel attachment that, when opened, infected the victim's system with the DarkGate malware.  These campaigns,…

Read more →

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called “CarnavalHeist.” Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil.…

Read more →

Drivers from New York to Georgia and Pennsylvania have received these types of texts with equally convincing phishing text messages and lure pages. This article has been indexed from Cisco Talos Blog Read the original article: Attackers are impersonating a…

Read more →

By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White.  Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we’re calling “LilacSquid.”   LilacSquid’s…

Read more →

Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application. This article has been indexed from Cisco Talos Blog Read…

Read more →

Generative AI applies to any site “whose primary purpose is to use artificial intelligence models to generate output in the form of text, audio, video or images based on user-supplied prompts.” This article has been indexed from Cisco Talos Blog…

Read more →

Since the advent of products like the Tile and Apple AirTag, both used to keep track of easily lost items like wallets, keys and purses, bad actors and criminals have found ways to abuse them.  These adversaries can range from…

Read more →

Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation. This article has been indexed from Cisco Talos Blog Read the original article: From trust to trickery: Brand…

Read more →

Here’s a rundown of some things you may have missed if you weren’t able to stay on top of the things coming out of the conference. This article has been indexed from Cisco Talos Blog Read the original article: Rounding…

Read more →

Compared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties. This article has been indexed from Cisco Talos Blog Read the original article: Talos releases new macOS…

Read more →

The lone critical security issue is CVE-2024-30044, a remote code execution vulnerability in SharePoint Server. This article has been indexed from Cisco Talos Blog Read the original article: Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other…

Read more →

Commercial spyware tools can threaten democratic values by enabling governments to conduct covert surveillance on citizens, undermining privacy rights and freedom of expression. This article has been indexed from Cisco Talos Blog Read the original article: Talos joins CISA to…

Read more →

Under a pilot program, CISA has sent out more than 2,000 alerts to registered organizations regarding the existence of any unpatched vulnerabilities in CISA’s KEV catalog. This article has been indexed from Cisco Talos Blog Read the original article: A…

Read more →

Two vulnerabilities in this group — one in the Tinyroxy HTTP proxy daemon and another in the stb_vorbis.c file library — could lead to arbitrary code execution, earning both issues a CVSS score of 9.8 out of 10. This article…

Read more →

There are some classics on this list — the ever-present “Password” password, Passw0rd (with a zero, not an “O”) and “123456.” This article has been indexed from Cisco Talos Blog Read the original article: What can we learn from the…

Read more →

Talos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files. This article has been indexed from Cisco Talos Blog Read the…

Read more →

With RSAC just a week away, Cisco Talos is gearing up for another year of heading to San Francisco to share in some of the latest major cybersecurity announcements, research and news. This article has been indexed from Cisco Talos…

Read more →

Nutland says he goes into every engagement or new project with a completely open mind and a blank slate — using his background investigating terror operations to find out as much as he can about a particular adversary’s operation. This…

Read more →

Plus, new details emerge on the Scattered Spider cybercrime network and ArcaneDoor. This article has been indexed from Cisco Talos Blog Read the original article: The private sector probably isn’t coming to save the NVD

Read more →

Within BEC attacks, adversaries will send phishing emails appearing to be from a known or reputable source making a valid request, such as updating payroll direct deposit information. This article has been indexed from Cisco Talos Blog Read the original…

Read more →

ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns. This article has been indexed from…

Read more →

By Joey Chen, Chetan Raghuprasad and Alex Karkins.  Cisco Talos discovered a new ongoing campaign since at least February 2024, operated by a threat actor distributing three famous infostealer malware, including Cryptbot, LummaC2 and Rhadamanthys. Talos also discovered a new…

Read more →

Given the state of the NVD and vulnerability management, we felt it was worth looking at the current state of the NVD, how we got to this point, what it means for security teams, and where we go from here.…

Read more →

At most, someone who intentionally or repeatedly shares information on their social platform that’s misleading or downright false may have their account blocked, suspended or deleted. This article has been indexed from Cisco Talos Blog Read the original article: Could…

Read more →

During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. This article has been indexed from Cisco Talos Blog…

Read more →

Cisco Talos would like to acknowledge Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to identification of these attacks. Cisco Talos is actively monitoring…

Read more →

The security community is still reflecting on the “What If” of the XZ backdoor. This article has been indexed from Cisco Talos Blog Read the original article: The internet is already scary enough without April Fool’s jokes

Read more →

There are also two out-of-bounds write vulnerabilities in the AMD Radeon user mode driver for DirectX 11. This article has been indexed from Cisco Talos Blog Read the original article: Vulnerability in some TP-Link routers could lead to factory reset

Read more →

An April 2023 study from Kent State University found that remote workers are more likely to be vigilant of security threats and take actions to ward them off than their in-office counterparts. This article has been indexed from Cisco Talos…

Read more →

Cisco Talos discovered a new threat actor we’re calling “CoralRaider” that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries. This article has…

Read more →

While there are many legitimate uses for this software, adversaries are also finding ways to use them for command and control in their campaigns. This article has been indexed from Cisco Talos Blog Read the original article: Adversaries are leveraging…

Read more →

Welcome to this week’s threat source newsletter with Jon out, you’ve got me as your substitute teacher. I’m taking you back to those halcyon days of youth and that moment when you found out that you had a sub that…

Read more →