30 matches found
State-sponsored actors, better known as the friends you don’t want
State-sponsored actors don't break in. They log in, and they use your own tools to stay invisible for months. Responding to a state-sponsored threat is nothing like responding to ransomware, and the differences can make or break the outcome. From logging and baselines to OT segmentation and suppl...
Hackers may have breached FBI wiretap network via supply chain
Investigators are worried that a recent attack on a critical FBI system was more than just a random hit, and that another nation-state might have been involved. On February 17, the FBI flagged irregular network activity that led straight to its Digital Collection System Network. That system...
Perfect Fit or Business Threat? How to Mitigate the Risk of Rogue Employees
Rogue employees present significant financial and cybersecurity risks to organizations. Rapid7 threat researchers and penetration testers are actively observing how malicious actors exploit hiring pipelines to infiltrate businesses. This blog highlights real-world tactics, including: Insider...
CISA is warning us (again) about the threat to critical infrastructure networks
Government-run water systems and other critical infrastructure are still at risk from state-sponsored actors, according to a renewed warning from the U.S. Cybersecurity and Infrastructure Security Agency. CISA released an advisory last week on the matter of days after a small water treatment...
Ryan Pentney reflects on 10 years of Talos and his many roles from the Sourcefire days
As the adage goes: "You dont know what you dont know." For Ryan Pentney and his team, they know what they dont know. And they wake up every morning trying to figure out how they can answer those questions about emerging threats and some of the largest state-sponsored actors in the world. Pentney ...
CISA and Partners Release Guidance for Civil Society Organizations on Mitigating Cyber Threats with Limited Resources
CISA, in partnership with the Department of Homeland Security DHS, the Federal Bureau of Investigation FBI and international partners, released Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society. The joint guidance provides civil society organizations and individuals with...
CVE-2023-27997
A heap-based buffer overflow vulnerability CWE-122 in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all...
Leaked Android Platform Certificates Create Risks for Users
On November 30, 2022, a Google apvi report from Łukasz Siewierski initially filed on November 11, 2022 was made public. The report contained 10 different platform certificates and malware sample SHA256 sums where the malware sample had been signed by a platform certificate — the application signi...
Researchers Expose Over 80 ShadowPad Malware C2 Servers
As many as 85 command-and-control C2 servers have been discovered supported by the ShadowPad malware since September 2021, with infrastructure detected as recently as October 16, 2022. That's according to VMware's Threat Analysis Unit TAU, which studied three ShadowPad variants using TCP, UDP, an...
Threat Source newsletter (Oct. 20, 2022) — Shields Up! No seriously, Shields Waaaaay Up
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. I’m very excited about this video I’ve embedded below — it’s a project I’ve been working on with my team for a while now. Building off what I’ve written about in the past regarding fake news, this video examines what...
Threat Source newsletter (Oct. 20, 2022) — Shields Up! No seriously, Shields Waaaaay Up
By Jon Munshaw. Welcome to this weeks edition of the Threat Source newsletter. Im very excited about this video -- its a project Ive been working on with my team for a while now. Building off what Ive written about in the past regarding fake news, this video examines what essentially equates to t...
Chinese APT's favorite vulnerabilities revealed
In a joint cybersecurity advisory, the National Security Agency NSA, the Cybersecurity and Infrastructure Security Agency CISA, and the Federal Bureau of Investigation FBI have revealed the top CVEs used by state-sponsored threat actors from China. The advisory aims to "inform federal and state,...
Researcher Spotlight: How Asheer Malhotra looks for ‘instant gratification’ in threat hunting
The India native has transitioned from a reverse-engineer hobbyist to a public speaker in just a few years By Jon Munshaw. Ninety percent of Asheer Malhotra’s work will never see the light of day. But it’s that 10 percent that keeps him motivated to keep looking for something new. The Talos...
Threat Source newsletter (Aug. 25, 2022) — We're still not talking about Ukraine enough
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Russia’s invasion of Ukraine was once the most talked about story in the world. Six months into the conflict, modern attention spans have moved on to other news stories. But Ukraine Independence Day yesterday should...
Threat Source newsletter (Aug. 4, 2022) — BlackHat 2022 preview
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. After what seems like forever and honestly has been a really long time, we’re heading back to BlackHat in-person this year. We’re excited to see a lot of old friends again to commiserate, hang out, trade stories and...
Attackers target Ukraine using GoMet backdoor
Executive summary Since the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage of cyber attacks. Working jointly with Ukrainian organizations, Cisco Talos has discovered a fairly uncommon piece of malware targeting Ukraine — this time aimed at a large software...
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
Summary Best Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system This joint Cybersecurity Advisory describes the ways in which People’s Republic of China PRC state-sponsored...
Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure
The Five Eyes nations have released a joint cybersecurity advisory warning of increased malicious attacks from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine. "Evolving intelligence indicates that the...
CISA Warns CISOs to Brace for Attacks
The U.S. Cybersecurity and Infrastructure Security Agency CISA, a United States federal agency under the oversight of the Department of Homeland Security, is urging business leaders and those responsible for digital security to prepare for attacks and adapt their digital security posture. This is...
U.S. Says Russian Hackers Stealing Sensitive Data from Defense Contractors
State-sponsored actors backed by the Russian government regularly targeted the networks of several U.S. cleared defense contractors CDCs to acquire proprietary documents and other confidential information pertaining to the country's defense and intelligence programs and capabilities. The sustaine...