2032 matches found
2022 Year in Review Livestream
Did you miss our livestream focused on the Ukraine topics presented in the Cisco Talos Year in Review report? Join host Hazel Burton and special guests Kendall McKay, Nick Randolph, and Vanja Svajcer as they discuss Talos now-years-long critical infrastructure effort in Ukraine. Their breifing...
TEST-2022 Talos Year in Review Report-TEST
...
Vulnerability Spotlight: Memory corruption vulnerability discovered in PowerISO
Piotr Bania of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a memory corruption vulnerability in PowerISO. TALOS-2022-1644 CVE-2022-41992 is a memory corruption vulnerability that exists in the VHD File Format parsing functionality of PowerISO 8.3. A specially crafte...
Vulnerability Spotlight: NVIDIA driver memory corruption vulnerabilities discovered
Piotr Bania of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two memory corruption vulnerabilities in shader functionality of an NVIDIA driver. NVIDIA Graphics drivers are software for NVIDIA Graphics GPU installed on the PC. They are used to communicate between th...
Protecting major events: an incident response blueprint
The cyber security of major events, whether they are related to sports, professional conferences, expos or other events can be a time-consuming, complex undertaking. It necessitates a multifaceted approach and the involvement of multiple entities, including but not limited to the vendors,...
Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities
Marcin Icewall Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper. Lansweeper is an IT Asset Management solution that gathers hardware and software information of computers and...
Researcher Spotlight: How working for Talos started out as an ‘accident’ for Ashlee Benge before coming a second career
Talos lead of data strategy and insights has a lot of weight on her shoulders currently, but its nothing shes not used to Most people who first meet Ashlee Benge do a double take when they hear about her past experience. The average security practitioner at a networking event may share that they...
Vulnerability Spotlight: Callback Technologies CBFS Filter denial-of-service vulnerabilities
Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered three denial-of-service vulnerabilities in Callback Technologies CBFS Filter. Callback Technologies has a CBFS file storage solution for use in customizing data persistence on devices. To accompany...
Threat Round up for November 11 to 18
Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Nov. 11 and Nov. 18. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...
Threat Source newsletter (Nov. 17, 2022): Hot off the press! The Snort 2023 Calendar is here
Welcome to this weeks edition of the Threat Source newsletter. Its everyones favorite time of year again and no, I dont mean the impending holidays. The Snort 2023 calendar is finally here, and yall, its a good one. Packed full of classic memes and punny Snorties, the calendar is sure to delight...
Get a Loda This: LodaRAT meets new friends
LodaRAT samples were deployed alongside other malware families, including RedLine and Neshta. Cisco Talos identified several variants and altered versions of LodaRAT with updated functionality have been seen in the wild. Changes in these LodaRAT variants include new functionality allowing...
Vulnerability Spotlight: Microsoft Office class attribute double-free vulnerability
Marcin Icewall Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered a class attribute double-free vulnerability in Microsoft Office. Microsoft Office is a suite of tools used for productivity in both a corporate environment as well as by end-users. It offers a ran...
Threat Source newsletter (Nov. 10, 2022): Vulnerability research, movies in class, and Emotet once again
Welcome to this weeks edition of the Threat Source newsletter. Tuesday was an absolute hammer for the infosec community. Not only did we have the US elections but we had Emotet returning and a regular Microsoft Tuesday release. That release always leads me to think about the bug hunting ecosystem...
Vulnerability Spotlight: Use-after-free vulnerabilities in Foxit Reader could lead to arbitrary code execution
Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered several use-after-free vulnerabilities in Foxit Reader that could lead to arbitrary code execution. The Foxit Reader is one of the most popular PDF document readers, which aims to have feature pari...
Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns
The InterPlanetary File System IPFS is an emerging Web3 technology that is currently seeing widespread abuse by threat actors. Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure while facilitating other...
Microsoft Patch Tuesday for November 2022 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as "Critical" and the rest are classified as "Important." Three of the critical entries are remote code execution RCE vulnerabilities for Windows Point-to-Point...
Emotet coming in hot
Emotet is a ubiquitous and well-known banking trojan that has evolved over the years to become a very successful modular botnet capable of dropping a variety of other threats. Even after a global takedown campaign in early 2021 disrupted the botnet, it reemerged later that year, rebuilding its...
The Company You Keep – Preparing for supply chain attacks with Talos IR
Given the increasing frequency of supply chain attacks, the sophistication of those attacks, and the expansion of the attack surface beyond an organizations direct control, incident preparedness and response activities must be considered in the overall supply chain risk mitigation strategy. Suppl...
Threat Roundup for October 28 to November 4
Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Oct. 28 and Nov. 4. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...
Threat Source newsletter (Nov. 3, 2022): Mastodon, evolution, and LiveJournal oh my!
Welcome to this weeks edition of the Threat Source newsletter. Im fascinated by how things live and die on the internet. Things that are ubiquitous to our daily lives are simply gone the next. LiveJournal and Myspace we hardly knew you. Elon Musks purchase of Twitter and the subsequent exodus led...
Threat Advisory: High Severity OpenSSL Vulnerabilities
In late October two new buffer overflow vulnerabilities, CVE-2022-3602 and CVE-2022-3786, were announced in OpenSSL versions 3.0.0 to 3.0.6. These vulnerabilities can be exploited by sending an X.509 certificate with a specially crafted email address, potentially causing a buffer overflow resulti...
Researcher Spotlight: How Azim Khodjibaev went from hunting real-world threats to threats on the dark web
A case study in why cybersecurity experience is not a prerequisite to work in security Azim Khodjibaev knows all sides of the "security" industry. That doesnt just cover cybersecurity, either -- he spent the first part of his career ensuring the physical safety of civilians and military personnel...
Threat Roundup for October 21 to October 28
Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Oct. 21 and Oct. 28. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...
See Yourself in Cyber: A Cybersecurity Awareness Month recap
As yet another October comes to an end, so does another Cybersecurity Awareness Month. Since 2004 when the President of the United States and Congress declared October Cybersecurity Awareness Month, weve taken the time to share our cybersecurity knowledge with the broader general public year afte...
Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?
Welcome to this weeks edition of the Threat Source newsletter. There are plenty of jokes about whether were "aware" of cybersecurity during National Cybersecurity Awareness Month. But now Im wondering if people are aware of supply chain attacks. I thought we hit the pinnacle of supply chain attac...
Vulnerability Spotlight: Vulnerabilities in InHand router could give attackers access to console, delete files
Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered several vulnerabilities in InHand Networks InRouter302 that could allow an attacker to access the routers console and make changes to the routers settings, including security protocols. The InRout...
Quarterly Report: Incident Response Trends in Q3 2022
Ransomware and pre-ransomware engagements make up 40 percent of threats seen this quarter For the first time since compiling these reports, Cisco Talos Incident Response saw an equal number of ransomware and pre-ransomware engagements, making up nearly 40 percent of threats this quarter. It can b...
Quarterly Report: Incident Response Trends in Q3 2022
Ransomware and pre-ransomware engagements make up 40 percent of threats seen this quarter By Caitlin Huey. For the first time since compiling these reports, Cisco Talos Incident Response saw an equal number of ransomware and pre-ransomware engagements, making up nearly 40 percent of threats this...
Threat Roundup for October 14 to October 21
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 14 and Oct. 21. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Source newsletter (Oct. 20, 2022) — Shields Up! No seriously, Shields Waaaaay Up
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. I’m very excited about this video I’ve embedded below — it’s a project I’ve been working on with my team for a while now. Building off what I’ve written about in the past regarding fake news, this video examines what...
Threat Source newsletter (Oct. 20, 2022) — Shields Up! No seriously, Shields Waaaaay Up
By Jon Munshaw. Welcome to this weeks edition of the Threat Source newsletter. Im very excited about this video -- its a project Ive been working on with my team for a while now. Building off what Ive written about in the past regarding fake news, this video examines what essentially equates to t...
Vulnerability Spotlight: Vulnerabilities in Abode Systems home security kit could allow attacker to take over cameras, remotely disable them
Matt Wiseman of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered several vulnerabilities in the Abode Systems iota All-In-One Security Kit. This kit includes a main security camera and hub that can alert users of unwanted movement in their homes. It also includes...
Vulnerability Spotlight: Vulnerabilities in Abode Systems home security kit could allow attacker to take over cameras, remotely disable them
Matt Wiseman of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered several vulnerabilities in the Abode Systems iota All-In-One Security Kit. This kit includes a main security camera and hub that can alert users of unwanted movement in their homes. ...
The benefits of taking an intent-based approach to detecting Business Email Compromise
By Abhishek Singh. BEC is a multi-stage attack. Adversaries first identify targets, then they establish rapport with the victim before exploiting them for whatever their end goal is. In the case of BEC, a threat actor can impersonate any employee in the organization to trick targets. A policy tha...
The benefits of taking an intent-based approach to detecting Business Email Compromise
BEC is a multi-stage attack. Adversaries first identify targets, then they establish rapport with the victim before exploiting them for whatever their end goal is. In the case of BEC, a threat actor can impersonate any employee in the organization to trick targets. A policy that checks for...
Threat Roundup for October 7 to October 14
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 7 and Oct. 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Video: How propaganda can spread on social media via memes, fake news
Cisco Talos is well-known for its work in spotting and defeating fake news, disinformation and misinformation. And state-sponsored actors, unwitting social media users and even direct government agencies have played a part in spreading fake news during Russia's invasion of Ukraine. In this video,...
Video: How propaganda can spread on social media via memes, fake news
Cisco Talos is well-known for its work in spotting and defeating fake news, disinformation and misinformation. And state-sponsored actors, unwitting social media users and even direct government agencies have played a part in spreading fake news during Russias invasion of Ukraine. In this video,...
Threat Source newsletter (Oct. 13, 2022) — Cybersecurity Awareness Month is all fun and memes until someone gets hurt
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. October is National Cybersecurity Awareness Month. Which, if you’ve been on social media at all the past 13 days or read any cybersecurity news website, you surely know already. As it does every year, I saw...
Alchimist: A new attack framework in Chinese for Mac, Linux and Windows
By Chetan Raghuprasad, Asheer Malhotra and Vitor Ventura, with contributions from Matt Thaxton. Cisco Talos discovered a new attack framework including a command and control C2 tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities. The Alchimist has a web...
Alchimist: A new attack framework in Chinese for Mac, Linux and Windows
Contributions from Matt Thaxton. Cisco Talos discovered a new attack framework including a command and control C2 tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities. The Alchimist has a web interface in Simplified Chinese with remote administration features...
Vulnerability Spotlight: Multiple issues in Robustel R1510 cellular router could lead to code execution, denial of service
Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered nine vulnerabilities in the Robustel R1510 industrial cellular router, several of which could allow an adversary to inject operating system code remotely. The Robustel R1510 router is a...
Vulnerability Spotlight: Multiple issues in Robustel R1510 cellular router could lead to code execution, denial of service
Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered nine vulnerabilities in the Robustel R1510 industrial cellular router, several of which could allow an adversary to inject operating system code remotely. The Robustel R1510...
Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities
By Jon Munshaw and Vanja Svajcer. Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line, including seven critical issues in Windows’ point-to-point tunneling protocol. October's security update features 11 critical...
Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the companys hardware and software line, including seven critical issues in Windows point-to-point tunneling protocol. Octobers security update features 11 critical vulnerabilities, with the remainder bei...
Vulnerability Spotlight: Data deserialization in VMware vCenter could lead to remote code execution
Marcin "Icewall" Noga of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable data deserialization vulnerability in the VMware vCenter server platform. VMware is one of the most popular virtual machine solutions currently available, and its vCenter software...
Vulnerability Spotlight: Data deserialization in VMware vCenter could lead to remote code execution
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable data deserialization vulnerability in the VMware vCenter server platform. VMware is one of the most popular virtual machine solutions currently available, and it...
Threat Roundup for September 30 to October 7
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 30 and Oct. 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Roundup for September 30 to October 7
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 30 and Oct. 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Vulnerability Spotlight: Issue in Hancom Office 2020 could lead to code execution
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable memory corruption vulnerability in Hancom Office 2020. Hancom Office is a popular software collection among South Korean users that offers similar products to...