Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2023/05/09 5:47 p.m.52 views

Microsoft Patch Tuesday for May 2023 — Fewest vulnerabilities disclosed in a month in three-plus years

Microsoft disclosed 40 vulnerabilities across its suite of products and software Tuesday, the fewest the companys included in a Patch Tuesday since December 2019. However, two of the vulnerabilities is being actively exploited in the wild, according to Microsoft, the fourth month in a row in whic...

7.5CVSS8.4AI score0.94683EPSS
Exploits10
Talos Blog
Talos Blog
added 2023/05/08 12:0 p.m.11 views

Researcher Spotlight: Jacob Finn creates his own public-private partnership at Talos

After working in government for several years, this Talos threat hunter is diving into the dark web Growing up, Jacob Finn says he wanted to be a detective or maybe a veterinarian, but theres still plenty of time for that. Today with Talos, hes a detective. And while hes still hunting for bad...

6.4AI score
Exploits0
Talos Blog
Talos Blog
added 2023/05/05 9:25 p.m.19 views

Threat Roundup for April 28 to May 5

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between April 28 and May 5. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

7.7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/05/04 6:0 p.m.26 views

Threat Source newsletter (May 4, 2023) — Recapping the biggest headlines to come out of RSA

Welcome to this weeks edition of the Threat Source newsletter. I didnt attend the RSA Conference in person, and on top of that, I was at the NFL Draft while the conference was going on. Im behind on the biggest talks, panels and presentations that came out during the annual security conference, s...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2023/04/28 9:38 p.m.46 views

Threat Roundup for April 21 to April 28

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between April 21 and April 28. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2023/04/27 6:0 p.m.60 views

Threat Source newsletter (April 27, 2023) — New Cisco Secure offerings and extra security from Duo

Welcome to this weeks edition of the Threat Source newsletter. Im writing this earlier in the week as I get ready for some personal travel everyone is lucky I passed on writing another Cybersecurity Mock Draft, so apologies if I miss anything major that happens at RSA. But Cisco beat everyone to...

7.5CVSS10.3AI score0.99999EPSS
Exploits24
Talos Blog
Talos Blog
added 2023/04/26 12:0 p.m.34 views

Quarterly Report: Incident Response Trends in Q1 2023

Web shell usage spikes in Q1 compared to previous quarters, correlating with higher instances of exploitation of public-facing applications. In a novel increase compared to previous quarters, Cisco Talos Incident Response Talos IR reports that web shells were the most-observed threat in the first...

7.5CVSS10.5AI score0.18878EPSS
Exploits1
Talos Blog
Talos Blog
added 2023/04/25 5:16 p.m.14 views

Video: Everything you need to know about ongoing state-sponsored attacks targeting network infrastructure across the globe

Cisco and Talos are continuing to track and research a series of ongoing cyber attacks and espionage targeting out-of-date and unpatched network hardware. In this video, Hazel Burton interviews Matt Olney and J.J. Cummings from Talos to discuss the "Jaguar Tooth" campaign the U.K. government and...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/04/24 2:59 p.m.62 views

Vulnerability Spotlight: Vulnerabilities in IBM AIX could lead to command injection with elevated privileges

Tim Brown of Cisco Security Advisory EMEA discovered these vulnerabilities and contributed to this blog post. A Cisco security researcher recently discovered two vulnerabilities in the IBM AIX Unix platforms that could be exploited to inject commands and logs into targeted systems with elevated...

4.3CVSS8AI score0.01457EPSS
Exploits3
Talos Blog
Talos Blog
added 2023/04/21 8:44 p.m.33 views

Threat Roundup for April 14 to April 21

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between April 14 and April 21. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2023/04/20 6:0 p.m.29 views

Threat Source newsletter (April 20, 2023) — Preview of Cisco and Talos at RSA

Welcome to this weeks edition of the Threat Source newsletter. Were firing up the conference circuit again for 2023, kicking things off next week with the RSA Conference in San Francisco. Cisco has a ton of exciting announcements, keynotes and talks lined up for the week, but there are also plent...

6.5AI score
Exploits0
Talos Blog
Talos Blog
added 2023/04/18 3:2 p.m.53 views

State-sponsored campaigns target global network infrastructure

Cisco is deeply concerned by an increase in the rate of high-sophistication attacks on network infrastructure -- that we have observed and have seen corroborated by numerous reports issued by various intelligence organizations -- indicating state-sponsored actors are targeting routers and firewal...

9CVSS9.1AI score0.21424EPSS
Exploits1
Talos Blog
Talos Blog
added 2023/04/14 8:38 p.m.28 views

Threat Roundup for April 7 to April 14

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between April 7 and April 14. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

6.5AI score
Exploits0
Talos Blog
Talos Blog
added 2023/04/13 6:0 p.m.54 views

Threat Source newsletter (April 13, 2023) — Dark web forum whac-a-mole

Welcome to this weeks edition of the Threat Source newsletter. Law enforcement organizations across the globe notched a series of wins over the past few weeks against online forums for cybercriminals. On March 23, the FBI announced it disrupted the online cybercriminal marketplace BreachForums,...

8.8AI score0.48973EPSS
Exploits12
Talos Blog
Talos Blog
added 2023/04/13 2:39 p.m.67 views

Vulnerability Spotlight: Hard-coded password vulnerability could allow attacker to completely take over Lenovo Smart Clock

Kelly Leuschner and Thorsten Rosendahl discovered this vulnerability. Cisco Talos researchers recently discovered a vulnerability in the Lenovo Smart Clock Essential that could allow an attacker to completely take over the device if they have access to the network the clock is connected to...

6.6AI score0.00405EPSS
Exploits0
Talos Blog
Talos Blog
added 2023/04/13 4:48 a.m.12 views

How threat actors are using AI and other modern tools to enhance their phishing attempts

Phishing attacks are increasingly more targeted and customized than in the past. The proliferation of additional communications channels such as mobile devices and social media provides attackers with new avenues to phish users. The technology behind phishing attacks evolves as necessary for...

6.4AI score
Exploits0
Talos Blog
Talos Blog
added 2023/04/11 7:28 p.m.79 views

Microsoft Patch Tuesday for April 2023 — Snort rules and prominent vulnerabilities

Microsoft released its monthly round of security updates and patches today, continuing its trend of fixing zero-day vulnerabilities on Patch Tuesday. Aprils security update includes one vulnerability thats actively being exploited in the wild. There are also eight critical vulnerabilities and the...

9.9AI score0.95454EPSS
Exploits19
Talos Blog
Talos Blog
added 2023/04/10 11:0 a.m.28 views

Researcher Spotlight: Giannis Tziakouris first learned how to fix his family’s PC, and now he’s fixing networks all over the globe

Giannis Tziakouris had a problem growing up: He kept breaking his PC. He loved experimenting on his familys home computer, but things didnt always go as planned. Thats when his dad told him he had to learn how to fix the PC and get it back up and running, or hed revoke Giannis computer access...

6.5AI score
Exploits0
Talos Blog
Talos Blog
added 2023/04/07 7:37 p.m.20 views

Threat Roundup for March 31 to April 7

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between March 31 and April 7. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/04/06 6:0 p.m.94 views

Threat Source newsletter (April 6, 2023) — Another friendly reminder about supply chain attacks

Welcome to this weeks edition of the Threat Source newsletter. It seems like we cant go a full calendar year without a major supply chain attack. In late 2020 we had the SolarWinds incident which, doesnt that somehow seem like five years ago but also yesterday?, then the REvil ransomware group...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2023/04/05 3:23 p.m.29 views

Vulnerability Spotlight: Vulnerabilities in popular Japanese word processing software could lead to arbitrary code execution, other issues

A Cisco Talos researcher discovered these vulnerabilities. Cisco Talos recently discovered four vulnerabilities in Ichitaro, a popular word processing software in Japan produced by JustSystems that could lead to arbitrary code execution. Ichitaro uses the ATOK input method IME and uses the...

8.4AI score0.00537EPSS
Exploits4
Talos Blog
Talos Blog
added 2023/04/04 12:0 p.m.28 views

Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities

The developer of the Typhon Reborn information stealer released version 2 V2 in January, which included significant updates to its codebase and improved capabilities. Most notably, the new version features additional anti-analysis and anti-virtual machine VM capabilities to evade detection and ma...

6.5AI score
Exploits0
Talos Blog
Talos Blog
added 2023/04/03 3:8 p.m.19 views

Vulnerability Spotlight: Buffer overflow vulnerability in ADMesh library

Francesco Benvenuto of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an improper array index validation vulnerability in a functionality of the ADMesh library. ADMesh is a C library used to process 3-D triangular meshes. Talos found an improper array index validation...

8.9AI score0.01061EPSS
Exploits1
Talos Blog
Talos Blog
added 2023/03/31 5:41 p.m.12 views

Threat Roundup for March 24 to March 31

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between March 24 and March 31. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

6.1AI score
Exploits0
Talos Blog
Talos Blog
added 2023/03/30 10:29 p.m.16 views

Threat Advisory: 3CX Softphone Supply Chain Compromise

Cisco Talos is tracking and actively responding to a supply chain attack involving the 3CX Desktop Softphone application. This is a multi-stage attack that involves sideloading DLLs, seven-day sleep routines, and additional payloads dependent on a now-removed GitHub repository for Windows-based...

6.6AI score
Exploits0
Talos Blog
Talos Blog
added 2023/03/30 7:0 p.m.24 views

Vulnerability Spotlight: Vulnerability in ManageEngine OpManager could lead to XXE attack

Marcin "Icewall" Noga of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a vulnerability in ManageEngine OpManager that could lead to an XML external entity XXE attack. OpManager is network monitoring software that allows users to track and manage the performance of...

5.3AI score0.19807EPSS
Exploits1
Talos Blog
Talos Blog
added 2023/03/30 6:0 p.m.25 views

Threat Source newsletter (March 30, 2023) — It’s impossible to tell if your home security camera or doorbell is truly safe

Welcome to this weeks edition of the Threat Source newsletter. Everyone loves a good video of someone slipping on their icy steps in the winter, captured thanks to their home security camera or smart doorbell. But what about when that camera is just kind of chilling out and not catching the momen...

6.2AI score
Exploits0
Talos Blog
Talos Blog
added 2023/03/30 4:0 p.m.37 views

Vulnerability Spotlight: Specially crafted files could lead to denial of service, information disclosure in OpenImageIO parser

Lilith of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered three vulnerabilities in the OpenImageIO image-parsing library that many popular pieces of 3-D rendering software use. OpenImageIO is a library that converts, compares and processes various image files. Blende...

7.1AI score0.01344EPSS
Exploits5
Talos Blog
Talos Blog
added 2023/03/30 2:35 p.m.24 views

Vulnerability Spotlight: SNIProxy contains remote code execution vulnerability

Keane OKelley of Cisco ASIG discovered this vulnerability. Cisco ASIG recently discovered a remote code execution vulnerability in the SNIProxy open-source tool that occurs when the user utilizes wildcard backend hosts. SNIProxy proxies incoming HTTP and TLS connections based on the hostname...

9.8AI score0.65515EPSS
Exploits1
Talos Blog
Talos Blog
added 2023/03/29 12:0 p.m.25 views

How an incident response retainer can drive proactive security

Weve written before about the importance of taking a proactive approach to cybersecurity. Whether it be threat hunting, an active defense posture or just improving security instrumentation alerts and logs an organization keeps, its best for every user -- no matter the size -- to be prepared for...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/03/24 5:42 p.m.45 views

Threat Roundup for March 17 to March 24

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 17 and March 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2023/03/23 6:0 p.m.53 views

Threat Source newsletter (March 23, 2023) — Meta is threatening to ban news sharing in Canada. Good.

Welcome to this weeks edition of the Threat Source newsletter. After asking ChatGPT to write the newsletter for me two weeks ago, I was tempted to have Googles Bard do the same, but I resisted making this the newsletters new gimmick. Instead, I wanted to write about another tech giant -- Meta. Th...

9.9AI score0.97408EPSS
Exploits18
Talos Blog
Talos Blog
added 2023/03/23 12:0 p.m.15 views

Fighting the Good Fight: Life inside the Talos Ukraine Task Unit

As we spoke about in the new ThreatWise TV documentary, "People Matter: A look back on how Cisco Talos has been supporting Ukraine," war isnt something that often appears in an organizations business continuity or disaster recovery plans. In the months leading up to Russias invasion of Ukraine,...

6.6AI score
Exploits0
Talos Blog
Talos Blog
added 2023/03/23 11:0 a.m.42 views

Senderbase.org redirects to end in April

As of April 20, 2023, we are decommissioning SenderBase.org and any attempts to visit that web page will fail. Talos Intelligences website TalosIntelligence.com has served as the replacement for SenderBase.org for many years, with TalosIntelligence.com providing the same information as...

6.6AI score
Exploits0
Talos Blog
Talos Blog
added 2023/03/22 7:41 p.m.19 views

Emotet resumes spam operations, switches to OneNote

Emotet resumed spamming operations on March 7, 2023, after a months-long hiatus. Initially leveraging heavily padded Microsoft Word documents to attempt to evade sandbox analysis and endpoint protection, the botnets switched to distributing malicious OneNote documents on March 16. Since returning...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/03/21 5:50 p.m.37 views

Vulnerability Spotlight: Netgear Orbi router vulnerable to arbitrary command execution

Christopher McBee and Dave McDaniel of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered four vulnerabilities in the Netgear Orbi mesh wireless system, including the main hub router and satellite routers that extend the networks range. A mesh system allows users to set...

7.5AI score0.02828EPSS
Exploits4
Talos Blog
Talos Blog
added 2023/03/21 1:27 p.m.32 views

Vulnerability Spotlight: WellinTech ICS platform vulnerable to information disclosure, buffer overflow vulnerabilities

Carl Hurd of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two vulnerabilities in WellinTechs KingHistorian industrial control systems data manager. KingHistorian is a time-series database that allows users to ingest and process large amounts of data from ICS,...

8.8AI score0.14503EPSS
Exploits2
Talos Blog
Talos Blog
added 2023/03/17 7:52 p.m.28 views

Threat Roundup for March 10 to March 17

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 10 and March 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2023/03/16 6:32 p.m.48 views

Vulnerability Spotlight: Node-SQLite3 issue could lead to denial of service in Ghost CMS

Dave McDaniel of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a vulnerability in node-sqlite3 that affects the Ghost content management system and could affect other software utilizing this library. Ghost is a content management system with tools to build a website,...

9.5AI score0.02356EPSS
Exploits1
Talos Blog
Talos Blog
added 2023/03/16 6:0 p.m.69 views

Threat Source newsletter (March 16, 2023) — A deep dive into Talos' work in Ukraine

Welcome to this weeks edition of the Threat Source newsletter. Were written a ton about Cisco Talos support of Ukraine and our friends and allies there. Now, we encourage you to watch and listen to the folks who have been working hands-on there. The latest episode of ThreatWise TV from Hazel Burt...

9.6AI score0.97408EPSS
Exploits18
Talos Blog
Talos Blog
added 2023/03/15 11:46 p.m.91 views

Threat Advisory: Microsoft Outlook privilege escalation vulnerability being exploited in the wild

Update March 21, 2023: To aid defenders trying to detect and mitigate this vulnerability, we are providing a couple of additional resources. First, we are providing a ClamAV signature that detects this threat -- the rule can be found on our GitHub here and can be leveraged anywhere ClamAV...

9.8AI score0.97408EPSS
Exploits18
Talos Blog
Talos Blog
added 2023/03/14 8:8 p.m.126 views

Microsoft Patch Tuesday for March 2023 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the companys hardware and software line, including two issues that are actively being exploited in the wild, continuing a trend of zero-days appearing in Patch Tuesdays over the past few months. Two of th...

9.5AI score0.97408EPSS
Exploits18
Talos Blog
Talos Blog
added 2023/03/14 11:0 a.m.39 views

Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency

Cisco Talos has identified a new threat actor, which we are naming "YoroTrooper," that has been running several successful espionage campaigns since at least June 2022. YoroTroopers main targets are government or energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan and other Commonwealth of...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2023/03/13 12:0 p.m.31 views

Researcher Spotlight: How David Liebenberg went from never having opened Terminal to hunting international APTs

When Dave Liebenberg started his first day at Talos, he had never even opened Terminal on a Mac before -- let alone written a Snort rule or infiltrated a dark web forum. He jokes that he was a trendsetter at Talos, becoming the first of many to break into security without having any prior...

6.4AI score
Exploits0
Talos Blog
Talos Blog
added 2023/03/09 7:0 p.m.56 views

Threat Source newsletter (March 9, 2023) — Stop freaking out about ChatGPT

Welcome to this weeks edition of the Threat Source newsletter. There is no shortage of hyperbolic headlines about ChatGPT out there, everything from how it and other AI tools like it are here to replace all our jobs, make college essays a thing of the past and change the face of cybersecurity as ...

6.8CVSS7.8AI score0.96843EPSS
Exploits38
Talos Blog
Talos Blog
added 2023/03/09 1:2 p.m.90 views

Prometei botnet improves modules and exhibits new capabilities in recent updates

Prometei botnet continued its activity since Cisco Talos first reported about it in 2020. Since November 2022, we have observed Prometei improving the infrastructure components and capabilities. More specifically, the botnet operators updated certain submodules of the execution chain to automate...

10CVSS10.4AI score0.99999EPSS
Exploits123
Talos Blog
Talos Blog
added 2023/03/03 8:0 p.m.54 views

Threat Roundup (Feb. 24 - March 3)

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Feb. 24 and March 3. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/03/02 7:0 p.m.45 views

Threat Source newsletter (March 2, 2023) — Little victories in the fight against ransomware

Welcome to this weeks edition of the Threat Source newsletter. For years, we as a cybersecurity community have been discussing ways we can fight the global ransomware problem. This included things like pushing for more sanctions against international ransomware groups, new laws from federal...

8.4AI score0.95335EPSS
Exploits5
Talos Blog
Talos Blog
added 2023/02/24 1:0 p.m.13 views

February 24th

Today marks one year since Russia invaded Ukraine. While there is much we could say, we will simply reiterate our unwavering support of our colleagues, partners, and the people of Ukraine as they defend their country and our hope that peace and comfort come quickly to them. Everything we said one...

6.4AI score
Exploits0
Talos Blog
Talos Blog
added 2023/02/24 11:0 a.m.22 views

Threat Round up for February 17 to February 24

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Feb. 17 and Feb. 24. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

7.4AI score
Exploits0
Total number of security vulnerabilities2032