Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2023/02/23 7:0 p.m.47 views

Threat Source newsletter (Feb. 23, 2023) — Social media sites are making extra security a paid feature

Welcome to this weeks edition of the Threat Source newsletter. Social medias latest business plan seems to be charging for security. Twitter recently announced a plan to make SMS-based two-factor authentication a paid service as part of Twitter Blue -- asking users to pay either $8 or $11 monthly...

8.3AI score0.99999EPSS
Exploits12
Talos Blog
Talos Blog
added 2023/02/23 2:3 p.m.24 views

Vulnerability Spotlight: EIP Stack Group OpENer open to two remote code execution vulnerabilities

Jared Rittle of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered three vulnerabilities in EIP Stack Group OpENer, an ethernet/IP stack for I/O adapter devices, that could allow an attacker to cause a targeted server to crash or open the door to remote code execution...

1.5AI score0.14372EPSS
Exploits3
Talos Blog
Talos Blog
added 2023/02/17 9:24 p.m.24 views

Threat Round up for February 10 to February 17

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Feb. 10 and Feb. 17. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

6.6AI score
Exploits0
Talos Blog
Talos Blog
added 2023/02/16 7:0 p.m.58 views

Threat Source newsletter (Feb. 16, 2023) — Recapping what we may have missed so far this year

Welcome to this weeks edition of the Threat Source newsletter. I am back after more than three months away from Talos on parental leave. Having a baby really resets your expectations for "keeping up" with the world. From November through mid-January or so I had no idea what was going on with the...

8.7AI score0.12107EPSS
Exploits0
Talos Blog
Talos Blog
added 2023/02/14 6:9 p.m.75 views

Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 73 vulnerabilities. Of these vulnerabilities, 8 are classified as "Critical", 64 are classified as "Important", one vulnerability is classified as "Moderate." According to Microsoft none of the vulnerabilities has been publicly...

0.9AI score0.82302EPSS
Exploits11
Talos Blog
Talos Blog
added 2023/02/14 1:0 p.m.37 views

New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign

Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims. Talos observed the actor scanning the internet for...

1.1AI score
Exploits0
Talos Blog
Talos Blog
added 2023/02/10 6:55 p.m.20 views

Talos Takes 128: Year in Review - Ransomware and Commodity Loaders Edition

Were back with the final year in review focused episode. This time the focus is on the ever broadening ransomware landscape and the commodity malware loaders that often support it. Ill be joined by one of the researchers from the year in review report, Aliza Johnson to talk about what we saw on t...

1.7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/02/09 7:0 p.m.13 views

Threat Source newsletter (Feb. 9, 2023): Don't let criminals exploit your empathy

Welcome to this weeks edition of the Threat Source newsletter. Our hearts are with the people of Turkey and Syria and all those impacted by the tragic earthquake. The Cisco Foundation has launched a matching campaign to support local disaster relief organizations. As a person its always difficult...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2023/02/09 1:9 p.m.21 views

Beyond the basics: Implementing an active defense

Active defense a key approach to protecting against major threats Having an active defense posture, where the defenders actively use threat intelligence and their own environment telemetry to uncover potential compromises, is the next stage in the cyber security maturity road. Instead of waiting...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2023/02/08 7:45 p.m.9 views

2022 Year in Review: Ransomware & Commodity Loaders Livestream Replay

Did you miss our livestream covering the ransomware and commodity loader section in the Cisco Talos Year in Review report? Join host Mitch Neff and special guests Aliza Johnson, Azim Khodjibaev, and Nick Biasini as they discuss Talos findings and experiences monitoring ransomware and commodity...

2.3AI score
Exploits0
Talos Blog
Talos Blog
added 2023/02/06 1:0 p.m.17 views

Ransomware and Commodity Loader Topic Summary Report: Cisco Talos Year in Review 2022

The ransomware space is dynamic, continually adapting to changes in the geopolitical environment, actions by defenders, and efforts by law enforcement, which increased in scope and intensity in 2022. This leads groups to rebrand under different names, shut down operations, and form new strategic...

0.9AI score
Exploits0
Talos Blog
Talos Blog
added 2023/02/03 8:33 p.m.24 views

Threat Round up for January 27 to February 3

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Jan. 27 and Feb. 3. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2023/02/02 8:5 p.m.12 views

Threat Source newsletter (Feb. 2, 2023): I bid you all adieu

Welcome to this weeks edition of the Threat Source newsletter. If you havent noticed yet weve had a few guest writers on this newsletter over the last few months. Alas my time covering the newsletter has ended and I leave you with one final edition. Have no fear, William Largent will be rounding...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2023/01/27 9:43 p.m.21 views

Talos Takes 126: Year in Review - Threat Landscape Edition

Were back with another year in review focused episode. This time the focus will be the threat landscape generally and Ill be joined by threat researcher Caitlin Huey. In this episode well discuss what we found in the last year, with a focus on the general threat landscape. Well spend time...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2023/01/27 5:7 p.m.22 views

2022 Year in Review: Threat Landscape Livestream Replay

Did you miss our livestream covering the threat landscape section in the Cisco Talos Year in Review report? Join host Hazel Burton and special guests Caitlin Huey, Nick Biasini, and Tucker Favreau as they discuss Talos findings and experiences monitoring the threat landscape in 2022. Visit the Ye...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2023/01/27 3:44 p.m.40 views

Threat Round up for January 20 to January 27

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Jan. 20 and Jan. 27. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

Exploits0
Talos Blog
Talos Blog
added 2023/01/26 11:15 p.m.19 views

What Old is New Again and What's Old is Me?

Welcome to this weeks edition of the Threat Source newsletter. Whats old is new again and whats old is still old. The fact that we are seeing a comeback of this USB thumb drive nonsense is giving me heartburn, and a headache, and my left eye is twitching … and maybe numbness in my legs? Yes, I am...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2023/01/26 9:26 p.m.59 views

Vulnerability Spotlight: OS command injection, directory traversal and other vulnerabilities found in Siretta Quartz-Gold and FreshTomato

Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered several vulnerabilities in the Siretta Quartz-Gold router. Talos also discovered vulnerabilities in FreshTomato while investigating the Siretta router. The Siretta Quartz-Gold is an industrial...

1AI score0.07085EPSS
Exploits15
Talos Blog
Talos Blog
added 2023/01/26 9:0 a.m.21 views

Quarterly Report: Incident Response Trends in Q4 2022

Syncro, a remote management and monitoring tool, emerges as an increasingly common tool for adversaries. By Caitlin Huey. Ransomware continued to be a top threat Cisco Talos Incident Response Talos IR responded to this quarter, with appearances from both previously seen and newly observed...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2023/01/24 2:6 p.m.28 views

Threat Landscape Topic Summary Report: Cisco Talos Year in Review 2022

While our ongoing support to Ukraine and response to the Log4j vulnerabilities were two of our most comprehensive and impactful efforts in 2022, we also dealt with a multitude of other threats as the security community faced an expanding set of adversaries and malware. In January, we identified...

0.7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/01/24 12:59 p.m.21 views

State Sponsored Attacks in 2023 and Beyond

As we begin 2023 I wanted to take some time and look at the state sponsored threat landscape. Over the last few decades weve seen seismic shifts in how state sponsored actors attack, starting with traditional espionage with attacks like Moonlight Maze and Project Gunman and evolving into more...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2023/01/20 9:38 p.m.38 views

Threat Round up for January 13 to January 20

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Jan. 13 and Jan. 20. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2023/01/19 9:59 p.m.17 views

Threat Source newsletter (Jan. 19, 2023): Talent retention and institutional knowledge

Welcome to this weeks edition of the Threat Source newsletter. Talent retention and institutional knowledge go hand in hand. Both are critical to ensuring the security of your network environment. To that end, I want to talk briefly about why talent retention isnt just about money. So I am going ...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2023/01/19 8:1 p.m.25 views

Vulnerability Spotlight: XSS vulnerability in Ghost CMS

Dave McDaniel of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a cross-site scripting XSS vulnerability in Ghost CMS. Ghost is a content management system with tools to build a website, publish content and send newsletters. Ghost offers paid subscriptions to members a...

0.9AI score0.01024EPSS
Exploits2
Talos Blog
Talos Blog
added 2023/01/19 1:0 p.m.237 views

Following the LNK metadata trail

Adversaries shift toward Shell Link LNK files, likely sparked by Microsofts decision to block macros, provides the opportunity to capitalize on information that can be provided by LNK metadata. Cisco Talos analyzed metadata in LNK files and correlated it with threat actors tactics techniques and...

9.3CVSS7.8AI score0.71075EPSS
Exploits16
Talos Blog
Talos Blog
added 2023/01/13 6:46 p.m.17 views

Threat Round up for January 6 to January 13

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Jan. 6 and Jan. 13. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2023/01/13 4:58 p.m.26 views

Vulnerability Spotlight: Integer and buffer overflow vulnerabilities found in QT QML

Emma Reuter and Theo Morales of ASIG and Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Cisco ASIG and Cisco Talos recently discovered code execution vulnerabilities in QT QML. Qt is a popular software suite primarily used to create graphical user interfaces. It also contains...

1.2AI score0.01144EPSS
Exploits2
Talos Blog
Talos Blog
added 2023/01/12 7:0 p.m.21 views

Threat Source newsletter (Jan. 12, 2023): Did ChatGPT write our newsletter?

Welcome to this weeks edition of the Threat Source newsletter. We tried to get ChatGPT to write this weeks newsletter but it was at capacity, so youll have to stick with us for another week. Or maybe thats just what the robots want you to think, you be the judge. The one big thing This week Talos...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2023/01/12 12:59 p.m.23 views

How to instrument system applications on Android stock images

By Vitor Ventura This post is the result of research presented at Recon Montreal 2022. Two slide decks are provided along with this research . One is the presentation showing the whole process and how to do it on Google Play Protect services. The other one is a workshop on how to do it on an...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2023/01/10 8:11 p.m.16 views

2022 Year in Review: APTs Livestream Replay

Did you miss our livestream focused on the APT section in the Cisco Talos Year in Review report? Join host Mitch Neff and special guests Jacob Finn, Asheer Malhotra, and Vitor Ventura as they discuss Talos findings and experiences tracking APTs in 2022. This livestream sheds light into the topic ...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2023/01/10 7:18 p.m.52 views

Microsoft Patch Tuesday for January 2023 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 98 vulnerabilities. Of these vulnerabilities, 11 are classified as "Critical", 87 are classified as "Important", no vulnerability classified as "Moderate." According to Microsoft all "Critical" vulnerability are either less...

1.1AI score0.65417EPSS
Exploits13
Talos Blog
Talos Blog
added 2023/01/10 5:0 p.m.18 views

Increasing trust, commitment, and predictability during a remote incident response

Authors: Gergana Karadzhova, Joe Schumacher, Pawel Bosek In this blog post, Cisco Talos Incident Response Talos IR presents some of the key benefits of remote IR support and offers a list of recommendations for working on a remote incident. Some organizations see added value in having incident...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2023/01/10 4:20 p.m.53 views

Vulnerability Spotlight: Asus router access, information disclosure, denial of service vulnerabilities discovered

Lilith of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered three vulnerabilities in Asus router software. The Asus RT-AX82U router is one of the newer Wi-Fi 6 802.11ax-enabled routers that also supports mesh networking with other Asus routers. Like other routers, it i...

1.1AI score0.20849EPSS
Exploits3
Talos Blog
Talos Blog
added 2023/01/10 2:24 p.m.19 views

APT Topic Summary Report: Cisco Talos Year in Review 2022

State-sponsored or state-aligned advanced persistent threats APTs adapted to the changing geopolitical landscape in 2022. Cisco Talos observed several offensive cyber campaigns linked to several groups stemming from Russia, Iran, China, North Korea, and countries in the Indian subcontinent. These...

2.1AI score
Exploits0
Talos Blog
Talos Blog
added 2023/01/05 7:0 p.m.11 views

Threat Source newsletter (Jan. 5, 2023): Digging out of our inboxes

Happy New Year and welcome to this weeks edition of the Threat Source newsletter. We cant tell if its the fog from Lurenes deadly eggnog or dare we say pure rest and relaxation but were still digging out of our inboxes, trying to remember logins, and circle back on all the things we prolonged int...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2022/12/22 3:39 p.m.65 views

Vulnerability Spotlight: OpenImageIO file processing issues could lead to arbitrary code execution, sensitive information leak and denial of service

Lilith of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered nineteen vulnerabilities in OpenImageIO, an image processing library, which could lead to sensitive information disclosure, denial of service and heap buffer overflows which could further lead to code executio...

0.5AI score0.01962EPSS
Exploits22
Talos Blog
Talos Blog
added 2022/12/21 5:39 p.m.27 views

Vulnerability Spotlight: Authentication bypass and enumeration vulnerabilities in Ghost CMS

Dave McDaniel and other members of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two vulnerabilities in Ghost CMS, one authentication bypass vulnerability and one enumeration vulnerability. Ghost is a content management system with tools to build a website, publish...

0.1AI score0.20196EPSS
Exploits2
Talos Blog
Talos Blog
added 2022/12/20 1:0 p.m.37 views

Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins

Microsoft is phasing out support for executing VBA macros in downloaded Office documents. Cisco Talos investigates another vector for introduction of malicious code to Microsoft Excel--malicious add-ins, specifically XLL files. Although XLL files were supported since early versions of Excel,...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2022/12/16 7:29 p.m.48 views

Threat Round up for December 9 to December 16

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Dec. 9 and Dec. 16. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2022/12/16 2:49 p.m.17 views

Talos Takes Ep. 122: Year in Review & Ukraine Activities

In this episode of Talos Takes we are joined by Kendall McKay to discuss the recently released year in review report and dig deep on our activities in Ukraine. The year in review covers a vast amount of data and intel sources to identify some of the key trends we observed in 2022. Our activities ...

0.6AI score
Exploits0
Talos Blog
Talos Blog
added 2022/12/15 7:10 p.m.46 views

Threat Source newsletter (Dec. 15, 2022): Talos Year in Review is here

Welcome to this weeks edition of the Threat Source newsletter. Its the most wonderful time of the year, and Im not talking about the holidays. The inaugural 2022 Talos Year in Review is here! And its taking over the final Threat Source newsletter of the year. Oh and did we mention were on Mastodo...

10CVSS9.2AI score0.05942EPSS
Exploits0
Talos Blog
Talos Blog
added 2022/12/14 5:0 p.m.11 views

Ukraine Topic Summary Report: Cisco Talos Year in Review 2022

Talos ongoing support for Ukraine has been a large focus of our operational efforts this year. Driven by our core mission of protecting the Ukrainian people and infrastructure, Talos launched a task force of 40+ volunteers dedicated to defending our customers and partners within. This team of...

1.5AI score
Exploits0
Talos Blog
Talos Blog
added 2022/12/14 1:14 p.m.13 views

Beers with Talos Ep. 129: Talos Year in Review 2022 w/ Dave Liebenberg

‌ With this episode, we set out to discuss the premiere of the Talos Year in Review report - a look back at the major threats, trends, and topics from 2022 and what we should take forward into 2023. Dave Liebenberg runs the team behind this report and joins us to discuss why his team undertook th...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2022/12/14 1:12 p.m.18 views

Talos Year in Review 2022

This report represents an unprecedented effort within Cisco to tell a comprehensive story of our work in the past year, relying on a wide variety of data and expertise. Download the Report As a large security organization with global reach, the data we use as the basis for our research presents u...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2022/12/13 8:30 p.m.18 views

HTML smugglers turn to SVG images

HTML smuggling is a technique attackers use to hide an encoded malicious script within an HTML email attachment or webpage. Once a victim receives the email and opens the attachment, their browser decodes and runs the script, which then assembles a malicious payload directly on the victims device...

Exploits0
Talos Blog
Talos Blog
added 2022/12/13 7:6 p.m.42 views

Microsoft Patch Tuesday for December 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 48 vulnerabilities. Of these vulnerabilities, 6 are classified as "Critical", 41 are classified as "Important", with the remaining vulnerability classified as "Moderate." One of the critical vulnerabilities, which Microsoft...

2.7AI score0.82081EPSS
Exploits4
Talos Blog
Talos Blog
added 2022/12/13 4:51 p.m.34 views

Vulnerability Spotlight: Denial-of-service vulnerability discovered in VMWare vCenter

Marcin Icewall Noga of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a denial-of-service vulnerability in VMWare vCenter Server. VMware vCenter Server is a platform that enables centralized control and monitoring over all virtual machines and EXSi hypervisors included...

0.5AI score0.47795EPSS
Exploits0
Talos Blog
Talos Blog
added 2022/12/09 7:2 p.m.29 views

Threat Round up for December 2 to December 9

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Dec. 2 and Dec. 9. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2022/12/08 9:0 p.m.22 views

Threat Source newsletter (Dec. 8, 2022): Your uncle clicked every link

Welcome to this weeks edition of the Threat Source newsletter. As we hurtle toward the end of another year I get that tightness in my chest - that feeling that I think most, if not all, Threat Source readers get at this time of year. Thats right, its once again the time of year when no matter wha...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2022/12/08 7:38 p.m.41 views

Breaking the silence - Recent Truebot activity

Since August 2022, we have seen an increase in infections of Truebot aka Silence.Downloader malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor called Silence Group that is responsible for several high-impact attacks on financial institutions in several...

9.8AI score0.36152EPSS
Exploits1
Total number of security vulnerabilities2032