Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2023/10/25 4:0 p.m.52 views

9 vulnerabilities found in VPN software, including 1 critical issue that could lead to remote code execution

Cisco Talos has disclosed 17 vulnerabilities over the past two weeks, including nine that exist in a popular VPN software. Attackers could exploit these vulnerabilities in the SoftEther VPN solution for individual and enterprise users to force users to drop their connections or execute arbitrary...

6.5CVSS8.8AI score0.05913EPSS
Exploits19
Talos Blog
Talos Blog
added 2023/10/25 12:1 p.m.29 views

Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan

Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian. The actor also appears to have a defensive interest in t...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2023/10/24 12:0 p.m.33 views

Attacks on web applications spike in third quarter, new Talos IR data shows

Quarterly threat report: Telecommunications and education are most-targeted verticals There was a notable increase in threats to web applications, accounting for 30 percent of the engagements Cisco Talos Incident Response Talos IR responded to in the third quarter of 2023, compared to 8 percent t...

8.6AI score
Exploits0
Talos Blog
Talos Blog
added 2023/10/20 7:38 p.m.31 views

Threat Roundup for October 13 to October 20

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Oct. 13 and Oct. 20. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2023/10/19 6:0 p.m.49 views

More helpful resources for users of all skill levels to help you Take a Security Action

Welcome to this weeks edition of the Threat Source newsletter. I continue to be saddened by all the conflict in Israel and Gaza thats still ongoing. Ill be back with a "normal" newsletter next week, as unfortunately, there doesnt seem to be a peaceful solution coming any time soon. In the meantim...

7.5CVSS7.4AI score0.99571EPSS
Exploits26
Talos Blog
Talos Blog
added 2023/10/18 3:42 p.m.18 views

What is Cracktivator software?

Cisco Talos coined the term "Cracktivator software" to reference counterfeit or modified software for pirated versions of Windows applications. One of our teammates, James Nutland, led the research to look into cracked versions of the Microsoft Windows operating system and other Microsoft...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2023/10/17 4:0 p.m.17 views

Why logging is one of the most overlooked aspects of incident response, and how Cisco Talos IR can help

By Rami Altalhi and David Roman. Logs are fundamental to strengthening an organizations digital defenses. Many logs within an organization contain records related to computer security. These computer security logs are generated by many sources, including security software, workstations, servers,...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2023/10/17 12:0 p.m.24 views

Snapshot fuzzing direct composition with WTF

Cisco Talos has developed a custom fuzzer using the popular snapshot fuzzer "WTF" which targets Direct Composition in Windows. Talos vulnerability research team used Protocol Buffers developed by Google to serialize and deserialize test cases. The Bochscpu backend of WTF was patched and other...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2023/10/16 3:5 p.m.80 views

Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities

Updates Nov. 02: Identified a third version of the BadCandy implant. Added expected response from the new version of the implant against one of the HTTP requests used to check for infected device. Nov. 1: Observed increase in exploitation attempts since the publication of the proofs-of-concept PO...

9CVSS9.5AI score0.99571EPSS
Exploits27
Talos Blog
Talos Blog
added 2023/10/12 6:0 p.m.51 views

Top resources for Cybersecurity Awareness Month

Welcome to this weeks edition of the Threat Source newsletter. I didnt feel like I wanted to write anything special or witty this week given the current events in Israel and the Gaza Strip, but I will certainly advocate for any assistance readers would like to provide to the various organizations...

5CVSS8.7AI score0.99999EPSS
Exploits19
Talos Blog
Talos Blog
added 2023/10/11 11:6 p.m.59 views

What to know about the HTTP/2 Rapid Reset DDoS attacks

Cisco Talos is actively tracking the novel distributed denial-of-service DDoS attacks cloud services provider Cloudflare disclosed earlier this week. The techniques described in Cloudflares blog post resulted in a record-breaking DDoS attack and could facilitate much larger attacks in the future...

5CVSS7.2AI score0.99999EPSS
Exploits19
Talos Blog
Talos Blog
added 2023/10/11 4:0 p.m.61 views

10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows

Cisco Talos recently disclosed 11 vulnerabilities, 10 of which are zero-days without a patch in an industrial cellular router. Attackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the ability to execute arbitrary shell commands ...

7.5CVSS8.7AI score0.53533EPSS
Exploits0
Talos Blog
Talos Blog
added 2023/10/11 11:48 a.m.75 views

Microsoft patches 12 critical vulnerabilities, nine of which are in Layer 2 Tunneling Protocol

Microsoft disclosed 104 vulnerabilities in its extensive range of software and services, the most in a single Patch Tuesday since July. What is most notable is that this batch of vulnerabilities includes 12 that are considered "critical," nine of which are remote code execution vulnerabilities in...

7.5CVSS10AI score0.99999EPSS
Exploits22
Talos Blog
Talos Blog
added 2023/10/09 12:0 p.m.22 views

How looking at decades of spam led Jaeson Schultz from Y2K to the metaverse and cryptocurrency

At this point in his career, Jaeson Schultz has seen nearly every type of online scam there is to see. From fake bomb threats at schools, to "sextortion" campaigns, cryptocurrency mining, metaverse and more of the 2010s, to the earliest type of spam emails in the 1990s that promised to protect...

6.6AI score
Exploits0
Talos Blog
Talos Blog
added 2023/10/05 6:0 p.m.54 views

Is it bad to have a major security incident on your résumé? (Seriously I don’t know)

Welcome to this weeks edition of the Threat Source newsletter. Its Cybersecurity Awareness Month, which means its time to hug your nearest defender -- theyre probably tired, could be facing burnout or just have had too much coffee today. What makes the cybersecurity landscape even more fraught...

6.5CVSS7.3AI score0.9015EPSS
Exploits5
Talos Blog
Talos Blog
added 2023/10/05 11:0 a.m.14 views

Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown

The threat actors behind the Qakbot malware have been conducting a campaign since early August 2023 in which they have been distributing Ransom Knight ransomware and the Remcos backdoor via phishing emails. Notably, this activity appeared to begin before the FBI seized Qakbot infrastructure in la...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2023/10/04 12:10 p.m.14 views

What is the dark web?

Most users interact with the internet through the web, and many of the threat actors we write about operate on the "dark web." Broadly speaking, the dark web is a small portion of the "deep web," where the deep web represents most of the Web. We know, its confusing -- lets walk through an example...

6.4AI score
Exploits0
Talos Blog
Talos Blog
added 2023/09/29 4:40 p.m.19 views

Threat Roundup for September 22 to September 29

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Sept. 22 and Sept. 29. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

6.6AI score
Exploits0
Talos Blog
Talos Blog
added 2023/09/28 6:0 p.m.52 views

The security pitfalls of social media sites offering ID-based authentication

Welcome to this weeks edition of the Threat Source newsletter. Since Elon Musk first started talking about purchasing Twitter/X around this time last year, one of his main sticking points has been how many bot accounts are on the platform and how that potentially affects advertising revenue and...

6.8CVSS10.1AI score0.99694EPSS
Exploits9
Talos Blog
Talos Blog
added 2023/09/27 4:0 p.m.60 views

10 new vulnerabilities disclosed by Talos, including use-after-free issue in Google Chrome

Cisco Talos disclosed 10 vulnerabilities over the past two weeks affecting a range of software, including the popular Google Chrome web browser. Attackers could exploit these vulnerabilities to carry out a variety of attacks, in some cases gaining the ability to execute remote code on the targete...

7.5CVSS8.5AI score0.01308EPSS
Exploits9
Talos Blog
Talos Blog
added 2023/09/26 12:0 p.m.21 views

ICS protocol coverage using Snort 3 service inspectors

With more devices on operational technology OT networks now getting connected to wide-reaching IT networks, it is more important than ever to have effective detection capabilities for ICS protocols. However, there are a few issues that usually arise when creating detection for ICS protocol traffi...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2023/09/21 6:0 p.m.27 views

What’s the point of press releases from threat actors?

Welcome to this weeks edition of the Threat Source newsletter. As a former reporter, Ive seen my fair share of press releases. But one from a threat actor was definitely a new one for me last week. ALPHV aka BlackCat publicly took credit for a massive cyber attack against MGM, a resort, gambling...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2023/09/19 12:0 p.m.29 views

New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants

Cisco Talos recently discovered a new malware family were calling "HTTPSnoop" being deployed against telecommunications providers in the Middle East. HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and devices to liste...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2023/09/14 6:0 p.m.38 views

Turns out even the NFL is worried about deepfakes

Welcome to this weeks edition of the Threat Source newsletter. Im at the point in the calendar year where Im a sponge for NFL content. I couldnt be happier to escape from my six-month American football-free slumber and am ready to watch games three days a week and listen to NFL podcasts or read...

5CVSS9.1AI score0.261EPSS
Exploits4
Talos Blog
Talos Blog
added 2023/09/14 12:0 p.m.13 views

How Cisco Talos IR helped a healthcare company quickly resolve a Qakbot attack

Partnership and proactive measures reduce resolution time from weeks to mere hours. Healthcare is one of the most popular targets for threat actors, as evidenced by the fact that it was the most-targeted sector in each of Cisco Talos Incident Responses past two Quarterly Trends Reports. But if...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2023/09/12 8:51 p.m.104 views

Microsoft Patch Tuesday for September 2023 — Unusually low 5 critical vulnerabilities included in Microsoft Patch Tuesday, along with two zero-days

Microsoft disclosed 65 vulnerabilities across its suite of products and software Tuesday, only five of which are considered critical, which is very low compared to Microsofts usual security updates. However, there are two issues disclosed and patched this month that have already been exploited in...

5.2CVSS7.7AI score0.81713EPSS
Exploits5
Talos Blog
Talos Blog
added 2023/09/11 12:0 p.m.17 views

You can try to hide your firmware from Kelly Patterson, but she’ll find it (and break it)

How her work illustrates the difference Talos vulnerability research team makes When Kelly Patterson first learned how to code by making small programs in her high school class, she preferred breaking her creations to building them. Shed make a game and then spend double the time debugging that...

8.2AI score
Exploits0
Talos Blog
Talos Blog
added 2023/09/07 6:0 p.m.20 views

A secondhand account of the worst possible timing for a scammer to strike

Welcome to this weeks edition of the Threat Source newsletter. Up until last week, I had never considered the timing of a scam to be important. Im so used to just swiping away emails or text messages at random times during the day that Id never considered what would happen if an adversary happene...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/09/07 12:0 p.m.20 views

Cybercriminals target graphic designers with GPU miners

Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware on infected machines. This activity has been ongoing since at least November 2021. The attacker uses Advanced Installer to package other legitimate...

7.9AI score
Exploits0
Talos Blog
Talos Blog
added 2023/09/06 4:46 p.m.40 views

Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication

Cisco Talos recently disclosed eight vulnerabilities in the engine configuration functionality in Open Automations Software Platform. OAS Platform is commonly found in industrial operations and enterprise environments. It allows various devices, including PLCs, servers, files, databases and...

7.5CVSS6.9AI score0.03356EPSS
Exploits6
Talos Blog
Talos Blog
added 2023/08/31 6:0 p.m.22 views

New open-source infostealer, and reflections on 2023 so far

Welcome to this weeks edition of the Threat Source newsletter. Im covering for Jon this week whilst he takes some well-deserved holiday. Whats on my mind this week? Well, apart from a new horror film that I just read about called "Slotherhouse" where the killer is, um, a sloth I predict nothing b...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/08/31 12:0 p.m.43 views

SapphireStealer: Open-source information stealer enables credential and data theft

SapphireStealer, an open-source information stealer, has been observed across public malware repositories with increasing frequency since its initial public release in December 2022. Information-stealing malware like SapphireStealer can be used to obtain sensitive information, including corporate...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2023/08/29 12:0 p.m.18 views

What's in a name? Strange behaviors at top-level domains creates uncertainty in DNS

Google introduced the new ".zip" Top Level Domain TLD on May 3, 2023, igniting a firestorm of controversy as security organizations warned against the confusion that was certain to occur. When clicking on a name that ends in ".zip" are people intending to open an archive file or an internet URL?...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2023/08/24 6:0 p.m.22 views

Years into these games’ histories, attackers are still creating “Fortnite” and “Roblox”-related scams

Welcome to this weeks edition of the Threat Source newsletter. I have no idea how "Fortnite" keeps coming up in this newsletter, but here we are again. Even though the game/metaverse has never been bigger, it had been a while since I had heard about "V-Bucks" scams. V-Bucks are the in-game virtua...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2023/08/24 12:4 p.m.116 views

Lazarus Group's infrastructure reuse leads to discovery of new malware

In the Lazarus Groups latest campaign, which we detailed in a recent blog, the North Korean state-sponsored actor is exploiting CVE-2022-47966, a ManageEngine ServiceDesk vulnerability to deploy multiple threats. In addition to their "QuiteRAT" malware, which we covered in the blog, we also...

7.5CVSS9.9AI score0.99753EPSS
Exploits15
Talos Blog
Talos Blog
added 2023/08/24 12:2 p.m.95 views

Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT

Cisco Talos discovered the North Korean state-sponsored actor Lazarus Group targeting internet backbone infrastructure and healthcare entities in Europe and the United States. This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same...

7.5CVSS10AI score0.99753EPSS
Exploits15
Talos Blog
Talos Blog
added 2023/08/23 4:56 p.m.65 views

Three vulnerabilities in NVIDIA graphics driver could cause memory corruption

Piotr Bania of Cisco Talos discovered the vulnerabilities mentioned in this post. Cisco Talos recently disclosed three vulnerabilities in the shader functionality of the NVIDIA D3D10 driver that works with NVIDIAs graphics cards. The driver is vulnerable to memory corruption if an adversary sends...

6.5CVSS7.1AI score0.01387EPSS
Exploits0
Talos Blog
Talos Blog
added 2023/08/22 9:3 a.m.18 views

Generating FLIRT signatures for Nim and other non-C programming languages

Adversaries are increasingly writing malware in programming languages such as Go, Rust, or Nim, because they present challenges to investigators using reverse-engineering tools designed to work best against the C family of languages. Its often difficult for reverse engineers examining non-C...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2023/08/17 6:0 p.m.41 views

Recapping the top stories from Black Hat and DEF CON

Welcome to this weeks edition of the Threat Source newsletter. I had a significant amount of FOMO last week seeing everyone out in Vegas. I was happy to not get conference crud sickness, but it seems like I missed a great time otherwise. But, as anyone who works with me could guess, I was followi...

1.7CVSS6.9AI score0.03882EPSS
Exploits1
Talos Blog
Talos Blog
added 2023/08/14 12:40 p.m.17 views

The rise of AI-powered criminals: Identifying threats and opportunities

AIs influence is growing across the security space, bringing with it major implications for cybercriminals and defenders. The recent adoption of AI has raised significant concerns for cybersecurity due to the many ways that criminals can use AI for disruption and profit. Defenders and law...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/08/10 6:0 p.m.20 views

Reflecting on supply chain attacks halfway through 2023

Welcome to this weeks edition of the Threat Source newsletter. Between the Talos Takes episode last week and helping my colleague Hazel with the Half-Year in Review, I realized how much I had already forgotten about 2023 already. Its been a whirlwind, personally and professionally, and I think it...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2023/08/09 4:0 p.m.47 views

Out-of-bounds write vulnerabilities in popular chemistry software; Foxit PDF Reader issues could lead to remote code execution

Cisco Talos recently worked with two vendors to patch multiple vulnerabilities in a favored software library used in chemistry laboratories and the Foxit PDF Reader, one of the most popular PDF reader alternatives to Adobe Acrobat. Attackers could exploit these vulnerabilities to carry out a...

6.8CVSS8.1AI score0.01026EPSS
Exploits19
Talos Blog
Talos Blog
added 2023/08/09 12:0 p.m.14 views

What is commercial spyware?

Weve talked quite a bit about spyware recently, with very good reason. Recently, concerns have grown regarding the rapid growth of commercial spyware tools, and the way in which they are being used against their intended victims. This Need to Know article talk about the broader effects of spyware...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/08/08 7:36 p.m.21 views

What Cisco Talos knows about the Rhysida ransomware

Cisco Talos is aware of the recent advisory published by the U.S. Department of Health and Human Services HHS warning the healthcare industry about Rhysida ransomware activity. As weve discussed recently, there has been huge growth in the ransomware and extortion space, potentially linked to the...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2023/08/08 7:25 p.m.91 views

Six critical vulnerabilities included in August’s Microsoft security update

Microsoft disclosed 73 vulnerabilities across its suite of products and software Tuesday, including six that are considered "critical." One of the vulnerabilities, which Microsoft considers to be only of "moderate" severity, has been actively exploited in the wild. The company has had to address...

7.5CVSS7.8AI score0.15519EPSS
Exploits1
Talos Blog
Talos Blog
added 2023/08/07 12:0 p.m.17 views

Code leaks are causing an influx of new ransomware actors

Ransomware gangs are consistently rebranding or merging with other groups, as highlighted in our 2022 Year in Review, or these actors work for multiple ransomware-as-a-service RaaS outfits at a time, and new groups are always emerging. This trend is already continuing this year. Since 2021, there...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2023/08/07 12:0 p.m.43 views

New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware

Cisco Talos discovered an unknown threat actor, seemingly of Vietnamese origin, conducting a ransomware operation that began at least as early as June 4, 2023. This ongoing attack uses a variant of the Yashma ransomware likely to target multiple geographic areas by mimicking WannaCry...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2023/08/03 6:0 p.m.20 views

Previewing Talos at BlackHat 2023

Welcome to this weeks edition of the Threat Source newsletter. The time has come once again for all of us well, not me specifically but lots of other Talos people to descend on Las Vegas for Hacker Summer Camp. Cisco Talos will be well-represented at BlackHat and DEF CON over the course of the ne...

6.6AI score
Exploits0
Talos Blog
Talos Blog
added 2023/08/03 12:0 p.m.29 views

Half-Year in Review: Recapping the top threats and security trends so far in 2023

From new ransomware groups, a growing mercenary space, espionage campaigns, supply chain attacks, and new "as a service" tools popping up, theres a lot to talk about already in the first half of 2023. Here are the main threats weve covered on our blog up until the end of June 2023. The timeline i...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2023/08/02 12:0 p.m.134 views

The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter

Since the discovery of the widespread VPNFilter malware in 2018, Cisco Talos researchers have been researching vulnerabilities in small and home office SOHO and industrial routers. During that research, Talos has worked with vendors to report and mitigate these vulnerabilities, totaling 141...

10CVSS10.1AI score0.55709EPSS
Exploits171
Total number of security vulnerabilities2032