Lucene search
K
TalosblogRecent

2033 matches found

Talos Blog
Talos Blog
added 2023/08/02 12:0 p.m.134 views

The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter

Since the discovery of the widespread VPNFilter malware in 2018, Cisco Talos researchers have been researching vulnerabilities in small and home office SOHO and industrial routers. During that research, Talos has worked with vendors to report and mitigate these vulnerabilities, totaling 141...

10CVSS10.1AI score0.55709EPSS
Exploits171
Talos Blog
Talos Blog
added 2023/07/27 6:0 p.m.21 views

Every company has its own version of ChatGPT now

Welcome to this weeks edition of the Threat Source newsletter. When I first started poking at ChatGPT a few months ago, I quickly learned that it wasnt quite ready to take my job yet and wasnt staying up to date on wrestling. Since ChatGPT went viral, several other companies have released their o...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2023/07/26 12:0 p.m.48 views

Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical

Cisco Talos Incident Response Talos IR responded to a growing number of data theft extortion incidents that did not involve encrypting files or deploying ransomware, a 25 percent increase since last quarter and the most-observed threat in the second quarter of 2023. In this type of attack, threat...

10CVSS10.1AI score0.99999EPSS
Exploits27
Talos Blog
Talos Blog
added 2023/07/25 11:59 a.m.16 views

What might authentication attacks look like in a phishing-resistant future?

By Thorsten Rosendahl and Tiago Pereira, with contributions from Matthew Miller. The industry has come a long way in terms of improving how we make user authentication more secure. From the most basic concept of relying on usernames and passwords for authentication to enabling multi-factor...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2023/07/20 6:0 p.m.36 views

The federal government’s cybersecurity policies are falling into place just in time to be stalled again

Welcome to this weeks edition of the Threat Source newsletter. Last week, the Biden administration released its formal roadmap for its national cybersecurity initiative meant to encourage greater investment in cybersecurity and strengthen the U.S.s critical infrastructure security and more. The...

6.8CVSS7.8AI score0.18185EPSS
Exploits0
Talos Blog
Talos Blog
added 2023/07/19 3:58 p.m.41 views

Memory corruption vulnerability in Microsoft Edge; MilesightVPN and router could be taken over

Since the beginning of July, Cisco Talos has published 40 vulnerability advisories affecting a range of software and hardware, including the Microsoft Edge browser. In our new series called "Vulnerability Roundup," well be recapping the vulnerabilities we recently disclosed to provide readers wit...

4.4CVSS9.3AI score0.01283EPSS
Exploits3
Talos Blog
Talos Blog
added 2023/07/19 12:0 p.m.25 views

Why are there so many malware-as-a-service offerings?

Whether known as commodity malware or "as-a-service," threat actors have long been turning to their fellow adversaries in the hopes of selling off their tools and opening a new stream of revenue. When used legitimately, as-a-service software is when a third-party company offers its software to...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2023/07/18 12:0 p.m.21 views

Implementing an ISO-compliant threat intelligence program

Implementing a threat intelligence program that meets the definition of threat intelligence control as described in ISO/IEC 27002:2022 -- a set of standards set forth by the International Organization for Standardization -- is not onerous. The ISO/IEC 27002 standard describes a non-exhaustive lis...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2023/07/13 6:0 p.m.29 views

QR codes are relevant again for everyone from diners to threat actors

Welcome to this weeks edition of the Threat Source newsletter. Although we can probably largely consider the COVID-19 pandemic "over," many relics from the peak of lockdown and concerns over the virus are still around in mid-2023. Its still impossible to get a doctors appointment quickly, but man...

6.6AI score
Exploits0
Talos Blog
Talos Blog
added 2023/07/13 4:0 p.m.110 views

Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation

Cisco Talos discovered 12 memory corruption vulnerabilities in MSRPC implementations on Apple macOS and VMWare vCenter. - Seven vulnerabilities affect Apple macOS only. - Two vulnerabilities affect VMWare vCenter. - Three vulnerabilities affect both. For more on these individual vulnerabilities,...

7.5CVSS9.1AI score0.33945EPSS
Exploits0
Talos Blog
Talos Blog
added 2023/07/13 10:45 a.m.15 views

Malicious campaigns target government, military and civilian entities in Ukraine, Poland

Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations and civilian users in Ukraine and Poland. We judge that these operations are very likely aimed at stealing information and gaining persistent remote access. The activity we...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2023/07/11 7:26 p.m.112 views

Microsoft discloses more than 130 vulnerabilities as part of July’s Patch Tuesday, four exploited in the wild

Microsoft released its monthly security update Tuesday, disclosing the most vulnerabilities as part of Patch Tuesday in more than a year. The company released details of more than 130 vulnerabilities, the most in a month since April 2022, 10 of which are considered to be critical. The remaining...

6.8CVSS8.3AI score0.43984EPSS
Exploits5
Talos Blog
Talos Blog
added 2023/07/11 5:4 p.m.12 views

Undocumented driver-based browser hijacker RedDriver targets Chinese speakers and internet cafes

Cisco Talos has identified multiple versions of an undocumented malicious driver named "RedDriver," a driver-based browser hijacker that uses the Windows Filtering Platform WFP to intercept browser traffic. RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool to forge it...

7.7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/07/11 5:4 p.m.37 views

Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers

Cisco Talos has observed threat actors taking advantage of a Windows policy loophole that allows the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29, 2015. Actors are leveraging multiple open-source tools that alter the signing date of kernel mode...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2023/07/10 12:0 p.m.12 views

Gergana Karadzhova-Dangela wants to send the ladder back down to the next generation of incident responders

Gergana Karadzhova-Dangela is used to being with users during some of their toughest moments. Today, she spends much of her time responding to active cybersecurity incidents with Cisco Talos Incident Response, helping customers work through active attacks, many of which put personal data or...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2023/07/07 9:26 p.m.15 views

Threat Roundup for June 30 to July 7

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between June 30 and July 7. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2023/07/06 6:0 p.m.25 views

DDoS attacks want to make sure you haven’t forgotten about them

Welcome to this weeks edition of the Threat Source newsletter. Distributed denial-of-service attacks DDoS have been around since before I even knew how to turn a computer on. These types of attacks, I feel, have the same vibe as the term "computer virus" -- something we used to talk about in the...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2023/07/06 3:38 p.m.44 views

Taking over Milesight UR32L routers behind a VPN: 22 vulnerabilities and a full chain

Cisco Talos discovered 17 vulnerabilities 63 CVEs in the Milesight UR32L router and five vulnerabilities six CVEs in the Milesight MilesightVPN remote access solution software. An attacker could exploit the vulnerabilities discovered to completely compromise the UR32L and MilesightVPN. This post...

7.5CVSS9.4AI score0.06834EPSS
Exploits26
Talos Blog
Talos Blog
added 2023/07/06 12:0 p.m.16 views

The growth of commercial spyware based intelligence providers without legal or ethical supervision

Attackers have long used commercial products developed by legitimate companies to compromise targeted devices. These products are known as commercial spyware. Commercial spyware operations mainly target mobile platforms with zero- or one-click zero-day exploits to deliver spyware. This threat...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2023/06/29 6:0 p.m.46 views

New video provides a behind-the-scenes look at Talos ransomware hunters

Welcome to this weeks edition of the Threat Source newsletter. AI-generated art is causing drama across the internet over the past few months, from Marvel TV show opening credits scenes to predatory YouTubers who claim YOU can make millions by having AI tools create childrens books for you. There...

6.8CVSS6.3AI score0.51517EPSS
Exploits3
Talos Blog
Talos Blog
added 2023/06/29 12:0 p.m.13 views

How Talos IR’s Purple Team can help you prepare for the worst-case scenario

Purple Team exercises are included within the Cisco Talos Incident Response Retainer service and our experts can help your organization find security holes before the bad guys can. As your trusted advisor, our purple team, which is a combination of both red and blue teams, emulates one joint atta...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2023/06/26 4:52 p.m.45 views

Vulnerability Spotlight: Use-after-free condition in Google Chrome WebGL

Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chromes Web Graphics Library WebGL. Google Chrome is a cross-platform web browser -- and Chromium is the open-source version of the browser that both Google and other software developers use as the basis to buil...

6.8CVSS8.4AI score0.02925EPSS
Exploits0
Talos Blog
Talos Blog
added 2023/06/23 6:49 p.m.23 views

Threat Roundup for June 16 to June 23

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between June 16 and June 23. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2023/06/22 6:0 p.m.45 views

Cybersecurity hotlines at colleges could go a long way toward filling the skills gap

Welcome to this weeks edition of the Threat Source newsletter. I recently stumbled upon news that the University of Texas at Austin is launching a new cybersecurity clinic run by faculty and students studying security and IT at the university. This clinic offers pro-bono cybersecurity services --...

7.5CVSS9.2AI score0.99934EPSS
Exploits15
Talos Blog
Talos Blog
added 2023/06/22 12:0 p.m.11 views

Video: How Talos’ open-source tools can assist anyone looking to improve their security resilience

Cisco Talos remit is not just to protect our customers from cyber attacks. We also strive to make the internet a better and safer place. Thats one of the reasons why we create and release open-source software, for free. These tools are available to anyone in the security community to enhance thei...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/06/16 8:44 p.m.12 views

Threat Roundup for June 9 to June 16

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between June 9 and June 16. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2023/06/16 6:17 p.m.42 views

Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group

Cisco Talos is monitoring recent reports of exploitation attempts against CVE-2023-34362, a SQL injection zero-day vulnerability in the MOVEit Transfer managed file transfer MFT solution that has been actively targeted since late May 2023. Successful exploitation could lead to remote code executi...

7.5CVSS10.9AI score0.99934EPSS
Exploits15
Talos Blog
Talos Blog
added 2023/06/15 6:0 p.m.36 views

URLs have always been a great hiding place for threat actors

Welcome to this weeks edition of the Threat Source newsletter. Talos recent blog post on the dangers posed by the newly released ".zip" top-level domain TLD recently outlined how threat actors could create real URLs that look like file names and trick users into clicking on their links. .Zip and...

7.5CVSS8.7AI score0.99934EPSS
Exploits15
Talos Blog
Talos Blog
added 2023/06/14 12:0 p.m.16 views

What does it mean when ransomware actors use “double extortion” tactics?

It is no longer enough for ransomware actors to encrypt targets files, ask for money, and get out. Over the past several years, these groups are increasingly relying on "double extortion" tactics to try and coax their victims into paying the requested ransom, or else they will leak stolen data to...

6.6AI score
Exploits0
Talos Blog
Talos Blog
added 2023/06/13 7:33 p.m.37 views

Two remote code execution vulnerabilities disclosed in Microsoft Excel

Cisco Talos recently discovered two vulnerabilities in the Microsoft Excel spreadsheet management software that could allow a malicious actor to execute arbitrary code on the targeted machine. Microsoft disclosed these issues and patched them as part of Junes monthly security release for the...

4.4CVSS8.3AI score0.53513EPSS
Exploits0
Talos Blog
Talos Blog
added 2023/06/13 6:43 p.m.50 views

Microsoft discloses 5 critical vulnerabilities in June's Patch Tuesday, no zero-days

Microsoft released its monthly security update Tuesday, disclosing 69 vulnerabilities across its suite of products and software. Five of these vulnerabilities are considered to be critical, 45 of them are listed as being high severity, 17 of them are medium severity and two are of low severity. F...

7.5CVSS8.7AI score0.99649EPSS
Exploits10
Talos Blog
Talos Blog
added 2023/06/13 12:3 p.m.24 views

".Zip" top-level domains draw potential for information leaks

Googles recent offering of the ".zip" top-level domain TLD has led security researchers and likely threat actors to register numerous domains for red teaming and phishing attacks, respectively, causing new challenges for organizations and cybersecurity professionals. As a result of user...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/06/09 9:17 p.m.60 views

Threat Roundup for June 2 to June 9

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between June 2 and June 9. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

6.4AI score
Exploits0
Talos Blog
Talos Blog
added 2023/06/08 6:0 p.m.73 views

Now’s not the time to take our foot off the gas when it comes to fighting disinformation online

Welcome to this weeks edition of the Threat Source newsletter. In the wake of the 2016 and 2020 presidential elections, it seemed like big tech companies were taking the fight against disinformation seriously. Social media outlets set up new fact-checking procedures and got more aggressive about...

7.5CVSS7.6AI score0.99934EPSS
Exploits17
Talos Blog
Talos Blog
added 2023/06/06 12:1 p.m.12 views

Adversaries increasingly using vendor and contractor accounts to infiltrate networks

Cisco Talos Incident Response Talos IR has repeatedly observed attackers targeting and using compromised vendor and contractor accounts VCAs during recent emergency response engagements. While high-profile software supply chain compromise events garner significant media attention e.g., the recent...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2023/06/05 11:0 a.m.18 views

How Joe Marshall helps defend everything from electrical grids to grain co-ops across multiple continents

Joe Marshall was a security practitioner before he even knew it. Marshall started his career in information technology as a systems administrator. On the surface, he jokes that he was a "white-collar plumber" -- fixing IT issues as they arose, handing out new credentials and asking users if they...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2023/06/02 9:56 p.m.22 views

Threat Roundup for May 26 to June 2

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between May 26 and June 2. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2023/06/02 12:0 p.m.12 views

Cybersecurity for businesses of all sizes: A blueprint for protection

One of the primary reasons why cybersecurity remains a complex undertaking is the increased sophistication of modern cyber threats. As the internet and digital technologies continue to advance, so do the methods and tools cybercriminals use. This means that even the most secure systems are...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/06/01 6:0 p.m.11 views

Legislation alone isn’t enough to stop spyware

Welcome to this weeks edition of the Threat Source newsletter. The use of spyware continues to make headlines across the globe. While primarily used by authoritarian regimes to track potentially sensitive subjects like political opponents or activists, governments from all over the world are guil...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/06/01 12:0 p.m.15 views

New Horabot campaign targets the Americas

Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling "Horabot," which delivers a known banking trojan and spam tool onto victim machines in a campaign that has been ongoing since at least November 2020. The threat actor appears to be targetin...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2023/05/26 9:57 p.m.20 views

Threat Roundup for May 19 to May 26

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between May 19 and May 26. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2023/05/26 7:0 p.m.25 views

Memory corruption vulnerability in Mitsubishi PLC could lead to DoS, code execution

Cisco Talos recently discovered a memory corruption vulnerability in the Mitsubishi MELSEC iQ-F FX5U programmable logic controller that is caused by a buffer overflow condition. The iQ-F FX5U is one offering in Mitsubishis MELSEC PLC line of hardware that comes with a built-in processor, power...

5.1CVSS8AI score0.0344EPSS
Exploits0
Talos Blog
Talos Blog
added 2023/05/26 12:0 p.m.18 views

What is a web shell?

Editors note: The Need to Know is a new series from Talos, which focuses on cybersecurity terms, threats, tools and tactics that are discussed in our broader threat research. Think of this as a living encyclopedia of security terms and trends. Cisco Talos Incident Response recently released our...

7.9AI score
Exploits0
Talos Blog
Talos Blog
added 2023/05/25 6:0 p.m.42 views

It’s apparently hip to still be using Windows 7

Welcome to this weeks edition of the Threat Source newsletter. As a longtime macOS user, I must admit Im behind the times when it comes to Microsoft Windows. Since buying a Steam Deck, Ive actually come to learn more about Linux and the Proton compatibility layer than I ever did about Windows. Bu...

7AI score0.1653EPSS
Exploits0
Talos Blog
Talos Blog
added 2023/05/25 12:2 p.m.107 views

Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware

We would like to thank The Citizen Lab for their cooperation, support and inputs into this research. Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a...

7.2CVSS8.4AI score0.36238EPSS
Exploits4
Talos Blog
Talos Blog
added 2023/05/18 6:0 p.m.17 views

It’s really OK to take a break sometimes, especially in security

Welcome to this weeks edition of the Threat Source newsletter. You probably already know this by now, but May is Mental Health Awareness Month across the globe. Many people will apply this time of reflection and education to their personal lives -- its easy to discuss anxiety, depression and othe...

6.5AI score
Exploits0
Talos Blog
Talos Blog
added 2023/05/15 12:0 p.m.25 views

Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source code

Cisco Talos recently discovered a new ransomware actor called RA Group that has been operating since at least April 22, 2023. The actor is swiftly expanding its operations. To date, the group has compromised three organizations in the U.S. and one in South Korea across several business verticals,...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2023/05/12 7:59 p.m.29 views

Threat Roundup for May 5 to May 12

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between May 5 and May 12. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2023/05/11 6:0 p.m.42 views

Threat Source newsletter (May 11, 2023) — So much for that ransomware decline

Welcome to this weeks edition of the Threat Source newsletter. I wrote a few weeks ago about how, between the public and private sectors, the security community was making some strides in fighting back against ransomware. Reports indicate that revenue for ransomware actors was down in 2022, and...

7.5CVSS10AI score0.99999EPSS
Exploits27
Talos Blog
Talos Blog
added 2023/05/10 3:44 p.m.23 views

Vulnerability Spotlight: Authentication bypass, use-after-free vulnerabilities found in a library for the µC/OS open-source operating system

Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two vulnerabilities in a library for µC/OS, an open-source operating system developed by Micrium. µC/OS is an embedded operating system that supports TCP/IP, USB, CAN bus and Modbus. The two...

5CVSS6.5AI score0.01488EPSS
Exploits3
Total number of security vulnerabilities2033