2032 matches found
Threat Source newsletter (Feb. 23, 2023) — Social media sites are making extra security a paid feature
Welcome to this weeks edition of the Threat Source newsletter. Social medias latest business plan seems to be charging for security. Twitter recently announced a plan to make SMS-based two-factor authentication a paid service as part of Twitter Blue -- asking users to pay either $8 or $11 monthly...
Vulnerability Spotlight: EIP Stack Group OpENer open to two remote code execution vulnerabilities
Jared Rittle of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered three vulnerabilities in EIP Stack Group OpENer, an ethernet/IP stack for I/O adapter devices, that could allow an attacker to cause a targeted server to crash or open the door to remote code execution...
Threat Round up for February 10 to February 17
Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Feb. 10 and Feb. 17. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...
Threat Source newsletter (Feb. 16, 2023) — Recapping what we may have missed so far this year
Welcome to this weeks edition of the Threat Source newsletter. I am back after more than three months away from Talos on parental leave. Having a baby really resets your expectations for "keeping up" with the world. From November through mid-January or so I had no idea what was going on with the...
Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update on Tuesday, disclosing 73 vulnerabilities. Of these vulnerabilities, 8 are classified as "Critical", 64 are classified as "Important", one vulnerability is classified as "Moderate." According to Microsoft none of the vulnerabilities has been publicly...
New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign
Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims. Talos observed the actor scanning the internet for...
Talos Takes 128: Year in Review - Ransomware and Commodity Loaders Edition
Were back with the final year in review focused episode. This time the focus is on the ever broadening ransomware landscape and the commodity malware loaders that often support it. Ill be joined by one of the researchers from the year in review report, Aliza Johnson to talk about what we saw on t...
Threat Source newsletter (Feb. 9, 2023): Don't let criminals exploit your empathy
Welcome to this weeks edition of the Threat Source newsletter. Our hearts are with the people of Turkey and Syria and all those impacted by the tragic earthquake. The Cisco Foundation has launched a matching campaign to support local disaster relief organizations. As a person its always difficult...
Beyond the basics: Implementing an active defense
Active defense a key approach to protecting against major threats Having an active defense posture, where the defenders actively use threat intelligence and their own environment telemetry to uncover potential compromises, is the next stage in the cyber security maturity road. Instead of waiting...
2022 Year in Review: Ransomware & Commodity Loaders Livestream Replay
Did you miss our livestream covering the ransomware and commodity loader section in the Cisco Talos Year in Review report? Join host Mitch Neff and special guests Aliza Johnson, Azim Khodjibaev, and Nick Biasini as they discuss Talos findings and experiences monitoring ransomware and commodity...
Ransomware and Commodity Loader Topic Summary Report: Cisco Talos Year in Review 2022
The ransomware space is dynamic, continually adapting to changes in the geopolitical environment, actions by defenders, and efforts by law enforcement, which increased in scope and intensity in 2022. This leads groups to rebrand under different names, shut down operations, and form new strategic...
Threat Round up for January 27 to February 3
Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Jan. 27 and Feb. 3. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...
Threat Source newsletter (Feb. 2, 2023): I bid you all adieu
Welcome to this weeks edition of the Threat Source newsletter. If you havent noticed yet weve had a few guest writers on this newsletter over the last few months. Alas my time covering the newsletter has ended and I leave you with one final edition. Have no fear, William Largent will be rounding...
Talos Takes 126: Year in Review - Threat Landscape Edition
Were back with another year in review focused episode. This time the focus will be the threat landscape generally and Ill be joined by threat researcher Caitlin Huey. In this episode well discuss what we found in the last year, with a focus on the general threat landscape. Well spend time...
2022 Year in Review: Threat Landscape Livestream Replay
Did you miss our livestream covering the threat landscape section in the Cisco Talos Year in Review report? Join host Hazel Burton and special guests Caitlin Huey, Nick Biasini, and Tucker Favreau as they discuss Talos findings and experiences monitoring the threat landscape in 2022. Visit the Ye...
Threat Round up for January 20 to January 27
Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Jan. 20 and Jan. 27. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...
What Old is New Again and What's Old is Me?
Welcome to this weeks edition of the Threat Source newsletter. Whats old is new again and whats old is still old. The fact that we are seeing a comeback of this USB thumb drive nonsense is giving me heartburn, and a headache, and my left eye is twitching … and maybe numbness in my legs? Yes, I am...
Vulnerability Spotlight: OS command injection, directory traversal and other vulnerabilities found in Siretta Quartz-Gold and FreshTomato
Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered several vulnerabilities in the Siretta Quartz-Gold router. Talos also discovered vulnerabilities in FreshTomato while investigating the Siretta router. The Siretta Quartz-Gold is an industrial...
Quarterly Report: Incident Response Trends in Q4 2022
Syncro, a remote management and monitoring tool, emerges as an increasingly common tool for adversaries. By Caitlin Huey. Ransomware continued to be a top threat Cisco Talos Incident Response Talos IR responded to this quarter, with appearances from both previously seen and newly observed...
Threat Landscape Topic Summary Report: Cisco Talos Year in Review 2022
While our ongoing support to Ukraine and response to the Log4j vulnerabilities were two of our most comprehensive and impactful efforts in 2022, we also dealt with a multitude of other threats as the security community faced an expanding set of adversaries and malware. In January, we identified...
State Sponsored Attacks in 2023 and Beyond
As we begin 2023 I wanted to take some time and look at the state sponsored threat landscape. Over the last few decades weve seen seismic shifts in how state sponsored actors attack, starting with traditional espionage with attacks like Moonlight Maze and Project Gunman and evolving into more...
Threat Round up for January 13 to January 20
Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Jan. 13 and Jan. 20. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...
Threat Source newsletter (Jan. 19, 2023): Talent retention and institutional knowledge
Welcome to this weeks edition of the Threat Source newsletter. Talent retention and institutional knowledge go hand in hand. Both are critical to ensuring the security of your network environment. To that end, I want to talk briefly about why talent retention isnt just about money. So I am going ...
Vulnerability Spotlight: XSS vulnerability in Ghost CMS
Dave McDaniel of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a cross-site scripting XSS vulnerability in Ghost CMS. Ghost is a content management system with tools to build a website, publish content and send newsletters. Ghost offers paid subscriptions to members a...
Following the LNK metadata trail
Adversaries shift toward Shell Link LNK files, likely sparked by Microsofts decision to block macros, provides the opportunity to capitalize on information that can be provided by LNK metadata. Cisco Talos analyzed metadata in LNK files and correlated it with threat actors tactics techniques and...
Threat Round up for January 6 to January 13
Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Jan. 6 and Jan. 13. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...
Vulnerability Spotlight: Integer and buffer overflow vulnerabilities found in QT QML
Emma Reuter and Theo Morales of ASIG and Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Cisco ASIG and Cisco Talos recently discovered code execution vulnerabilities in QT QML. Qt is a popular software suite primarily used to create graphical user interfaces. It also contains...
Threat Source newsletter (Jan. 12, 2023): Did ChatGPT write our newsletter?
Welcome to this weeks edition of the Threat Source newsletter. We tried to get ChatGPT to write this weeks newsletter but it was at capacity, so youll have to stick with us for another week. Or maybe thats just what the robots want you to think, you be the judge. The one big thing This week Talos...
How to instrument system applications on Android stock images
By Vitor Ventura This post is the result of research presented at Recon Montreal 2022. Two slide decks are provided along with this research . One is the presentation showing the whole process and how to do it on Google Play Protect services. The other one is a workshop on how to do it on an...
2022 Year in Review: APTs Livestream Replay
Did you miss our livestream focused on the APT section in the Cisco Talos Year in Review report? Join host Mitch Neff and special guests Jacob Finn, Asheer Malhotra, and Vitor Ventura as they discuss Talos findings and experiences tracking APTs in 2022. This livestream sheds light into the topic ...
Microsoft Patch Tuesday for January 2023 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update on Tuesday, disclosing 98 vulnerabilities. Of these vulnerabilities, 11 are classified as "Critical", 87 are classified as "Important", no vulnerability classified as "Moderate." According to Microsoft all "Critical" vulnerability are either less...
Increasing trust, commitment, and predictability during a remote incident response
Authors: Gergana Karadzhova, Joe Schumacher, Pawel Bosek In this blog post, Cisco Talos Incident Response Talos IR presents some of the key benefits of remote IR support and offers a list of recommendations for working on a remote incident. Some organizations see added value in having incident...
Vulnerability Spotlight: Asus router access, information disclosure, denial of service vulnerabilities discovered
Lilith of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered three vulnerabilities in Asus router software. The Asus RT-AX82U router is one of the newer Wi-Fi 6 802.11ax-enabled routers that also supports mesh networking with other Asus routers. Like other routers, it i...
APT Topic Summary Report: Cisco Talos Year in Review 2022
State-sponsored or state-aligned advanced persistent threats APTs adapted to the changing geopolitical landscape in 2022. Cisco Talos observed several offensive cyber campaigns linked to several groups stemming from Russia, Iran, China, North Korea, and countries in the Indian subcontinent. These...
Threat Source newsletter (Jan. 5, 2023): Digging out of our inboxes
Happy New Year and welcome to this weeks edition of the Threat Source newsletter. We cant tell if its the fog from Lurenes deadly eggnog or dare we say pure rest and relaxation but were still digging out of our inboxes, trying to remember logins, and circle back on all the things we prolonged int...
Vulnerability Spotlight: OpenImageIO file processing issues could lead to arbitrary code execution, sensitive information leak and denial of service
Lilith of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered nineteen vulnerabilities in OpenImageIO, an image processing library, which could lead to sensitive information disclosure, denial of service and heap buffer overflows which could further lead to code executio...
Vulnerability Spotlight: Authentication bypass and enumeration vulnerabilities in Ghost CMS
Dave McDaniel and other members of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two vulnerabilities in Ghost CMS, one authentication bypass vulnerability and one enumeration vulnerability. Ghost is a content management system with tools to build a website, publish...
Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins
Microsoft is phasing out support for executing VBA macros in downloaded Office documents. Cisco Talos investigates another vector for introduction of malicious code to Microsoft Excel--malicious add-ins, specifically XLL files. Although XLL files were supported since early versions of Excel,...
Threat Round up for December 9 to December 16
Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Dec. 9 and Dec. 16. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...
Talos Takes Ep. 122: Year in Review & Ukraine Activities
In this episode of Talos Takes we are joined by Kendall McKay to discuss the recently released year in review report and dig deep on our activities in Ukraine. The year in review covers a vast amount of data and intel sources to identify some of the key trends we observed in 2022. Our activities ...
Threat Source newsletter (Dec. 15, 2022): Talos Year in Review is here
Welcome to this weeks edition of the Threat Source newsletter. Its the most wonderful time of the year, and Im not talking about the holidays. The inaugural 2022 Talos Year in Review is here! And its taking over the final Threat Source newsletter of the year. Oh and did we mention were on Mastodo...
Ukraine Topic Summary Report: Cisco Talos Year in Review 2022
Talos ongoing support for Ukraine has been a large focus of our operational efforts this year. Driven by our core mission of protecting the Ukrainian people and infrastructure, Talos launched a task force of 40+ volunteers dedicated to defending our customers and partners within. This team of...
Beers with Talos Ep. 129: Talos Year in Review 2022 w/ Dave Liebenberg
With this episode, we set out to discuss the premiere of the Talos Year in Review report - a look back at the major threats, trends, and topics from 2022 and what we should take forward into 2023. Dave Liebenberg runs the team behind this report and joins us to discuss why his team undertook th...
Talos Year in Review 2022
This report represents an unprecedented effort within Cisco to tell a comprehensive story of our work in the past year, relying on a wide variety of data and expertise. Download the Report As a large security organization with global reach, the data we use as the basis for our research presents u...
HTML smugglers turn to SVG images
HTML smuggling is a technique attackers use to hide an encoded malicious script within an HTML email attachment or webpage. Once a victim receives the email and opens the attachment, their browser decodes and runs the script, which then assembles a malicious payload directly on the victims device...
Microsoft Patch Tuesday for December 2022 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update on Tuesday, disclosing 48 vulnerabilities. Of these vulnerabilities, 6 are classified as "Critical", 41 are classified as "Important", with the remaining vulnerability classified as "Moderate." One of the critical vulnerabilities, which Microsoft...
Vulnerability Spotlight: Denial-of-service vulnerability discovered in VMWare vCenter
Marcin Icewall Noga of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a denial-of-service vulnerability in VMWare vCenter Server. VMware vCenter Server is a platform that enables centralized control and monitoring over all virtual machines and EXSi hypervisors included...
Threat Round up for December 2 to December 9
Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Dec. 2 and Dec. 9. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...
Threat Source newsletter (Dec. 8, 2022): Your uncle clicked every link
Welcome to this weeks edition of the Threat Source newsletter. As we hurtle toward the end of another year I get that tightness in my chest - that feeling that I think most, if not all, Threat Source readers get at this time of year. Thats right, its once again the time of year when no matter wha...
Breaking the silence - Recent Truebot activity
Since August 2022, we have seen an increase in infections of Truebot aka Silence.Downloader malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor called Silence Group that is responsible for several high-impact attacks on financial institutions in several...