2035 matches found
Threat Roundup for September 30 to October 7
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 30 and Oct. 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Roundup for September 30 to October 7
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 30 and Oct. 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Vulnerability Spotlight: Issue in Hancom Office 2020 could lead to code execution
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable memory corruption vulnerability in Hancom Office 2020. Hancom Office is a popular software collection among South Korean users that offers similar products to...
Threat Source newsletter (Oct. 6, 2022) — Continuing down the Privacy Policy rabbit hole
As I wrote about last week, Ive been diving a lot into apps privacy policies recently. And I was recently made aware of a new type of app I never knew existed -- family trackers. There are countless mobile apps for parents to track their children or other family members based on their location,...
Threat Source newsletter (Oct. 6, 2022) — Continuing down the Privacy Policy rabbit hole
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. As I wrote about last week, I’ve been diving a lot into apps’ privacy policies recently. And I was recently made aware of a new type of app I never knew existed — family trackers. There are countless mobile apps for...
Developer account body snatchers pose risks to the software supply chain
By Jaeson Schultz. Over the past several years, high-profile software supply chain attacks have increased in frequency. These attacks can be difficult to detect and source code repositories became a key focus of this research. Developer account takeovers present a substantial risk to the software...
Developer account body snatchers pose risks to the software supply chain
Over the past several years, high-profile software supply chain attacks have increased in frequency. These attacks can be difficult to detect and source code repositories became a key focus of this research. Developer account takeovers present a substantial risk to the software supply chain becau...
Researcher Spotlight: Globetrotting with Yuri Kramarz
From the World Cup in Qatar to robotics manufacturing in east Asia, this incident responder combines experience from multiple arenas Yuri "Jerzy" Kramarz helped secure everything from the businesses supporting the upcoming World Cup in Qatar to the Black Hat security conference and critical...
Researcher Spotlight: Globetrotting with Yuri Kramarz
From the World Cup in Qatar to robotics manufacturing in east Asia, this incident responder combines experience from multiple arenas By Jon Munshaw. Yuri “Jerzy” Kramarz helped secure everything from the businesses supporting the upcoming World Cup in Qatar to the Black Hat security conference an...
Threat Advisory: Microsoft warns of actively exploited vulnerabilities in Exchange Server
Cisco Talos has released new coverage to detect and prevent the exploitation of two recently disclosed vulnerabilities collectively referred to as "ProxyNotShell," affecting Microsoft Exchange Servers 2013, 2016 and 2019. One of these vulnerabilities could allow an attacker to execute remote code...
Threat Advisory: Microsoft warns of actively exploited vulnerabilities in Exchange Server
Cisco Talos has released new coverage to detect and prevent the exploitation of two recently disclosed vulnerabilities collectively referred to as "ProxyNotShell," affecting Microsoft Exchange Servers 2013, 2016 and 2019. One of these vulnerabilities could allow an attacker to execute remote code...
Threat Roundup for September 23 to September 30
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 23 and Sept. 30. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Threat Roundup for September 23 to September 30
Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Sept. 23 and Sept. 30. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...
Threat Source newsletter (Sept. 29, 2022) — Personal health apps are currently under a spotlight, but their warning signs have always been there
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. I’ve spent the past few months with my colleague Ashlee Benge looking at personal health apps’ privacy policies. We found several instances of apps that carry sensitive information stating they would share certain...
New campaign uses government, union-themed lures to deliver Cobalt Strike beacons
By Chetan Raghuprasad and Vanja Svajcer. Cisco Talos discovered a malicious campaign in August 2022 delivering Cobalt Strike beacons that could be used in later, follow-on attacks. Lure themes in the phishing documents in this campaign are related to the job details of a government organization i...
Threat Roundup for September 16 to September 23
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 16 and Sept. 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Threat Source newsletter (Sept. 22, 2022) — Attackers are already using student loan relief for scams
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. We’ve seen attackers capitalize on the news time and again, from COVID-19 to U.S.-North Korea relationships and, of course, holiday shopping sales every November. So, I was far from surprised to see that attackers are...
Insider Threats: Your employees are being used against you
By Nick Biasini. Insider threats are becoming an increasingly common part of the attack chain, with malicious insiders and unwitting assets playing key roles in incidents over the past year. Social engineering should be part of any organization’s policies and procedures and a key area for user...
Vulnerability Spotlight: Vulnerabilities in popular library affect Unix-based devices
Lilith of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered a memory corruption vulnerability in the uClibC library that could affect any Unix-based devices that use this library. uClibC and uClibC-ng are lightweight replacements for the popular gLibc library, which is...
Our current world, health care apps and your personal data
What does your autonomy mean to you? By Ashlee Benge and Jonathan Munshaw. After the recent Supreme Court ruling in Dobbs v. Jackson Women's Health Organization, the use of third-party apps to track health care has recently come under additional scrutiny for privacy implications. Many of these ap...
Threat Roundup for September 9 to September 16
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 9 and Sept. 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...
Threat Source newsletter (Sept. 15, 2022) — Teachers have to be IT admins now, too
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Public schools in the United States already rely on our teachers for so much — they have to be educators, occasional parental figures, nurses, safety officers, law enforcement and much more. Slowly, they’re having to...
Gamaredon APT targets Ukrainian government agencies in new campaign
By Asheer Malhotra and Guilherme Venere. Cisco Talos recently identified a new, ongoing campaign attributed to the Russia-linked Gamaredon APT that infects Ukrainian users with information-stealing malware. The adversary is using phishing documents containing lures related to the Russian invasion...
Microsoft Patch Tuesday for September 2022 — Snort rules and prominent vulnerabilities
By Jon Munshaw and Asheer Malhotra. Microsoft released its monthly security update Tuesday, disclosing 64 vulnerabilities across the company’s hardware and software line, a sharp decline from the record number of issues Microsoft disclosed last month. September's security update features five...
Threat Source newsletter (Sept. 8, 2022) — Why there is no one-stop-shop solution for protecting passwords
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. It seems like there’s at least one major password breach every month — if not more. Most recently, there was an incident at Plex where all users had to reset their passwords. Many users pay for a password management...
Lazarus and the tale of three RATs
By Jung soo An, Asheer Malhotra and Vitor Ventura. Cisco Talos has been tracking a new campaign operated by the Lazarus APT group, attributed to North Korea by the United States government. This campaign involved the exploitation of vulnerabilities in VMWare Horizon to gain an initial foothold in...
Talos EMEA Monthly Threat Update: How do you know if cyber insurance is right for you?
On September's edition of the Monthly EMEA Threat Update, Hazel Burton and Martin Lee break down cyber insurance. Although many businesses and organizations will think insurance will only help them in a worst-case scenario, that worst-case scenario comes for us all eventually. Martin and Hazel...
Multiple ransomware data leak sites experience DDoS attacks, facing intermittent outages and connectivity issues
By Azim Khodjibaev, Colin Grady, Paul Eubanks. Since Aug. 20, 2022, Cisco Talos has been monitoring suspected distributed denial-of-service DDoS attacks resulting in intermittent downtime and outages affecting several ransomware-as-a-service RaaS data leak sites. While the source and origin of th...
MagicRAT: Lazarus’ latest gateway into victim networks
By Jung soo An, Asheer Malhotra and Vitor Ventura. Cisco Talos has discovered a new remote access trojan RAT we're calling "MagicRAT," developed and operated by the Lazarus APT group, which the U.S. government believes is a North Korean state-sponsored actor. Lazarus deployed MagicRAT after the...
Researcher Spotlight: How Asheer Malhotra looks for ‘instant gratification’ in threat hunting
The India native has transitioned from a reverse-engineer hobbyist to a public speaker in just a few years By Jon Munshaw. Ninety percent of Asheer Malhotra’s work will never see the light of day. But it’s that 10 percent that keeps him motivated to keep looking for something new. The Talos...
Threat Roundup for August 26 to September 2
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 26 and Sept. 2. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Source newsletter (Sept. 1, 2022) — Conversations about an unborn baby's privacy
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. This week marks about 90 days before my wife’s due date with our first child, a baby girl. We’re both incredibly excited and nervous at the same time, and we have much to discuss, like how to lay out the nursery, what...
ModernLoader delivers multiple stealers, cryptominers and RATs
By Vanja Svajcer Cisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering a variety of threats, including the ModernLoader bot, RedLine information-stealer and cryptocurrency-mining malware to victims. The actors use PowerShell, .NET assemblies,...
Threat Roundup for August 19 to August 26
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 19 and Aug. 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Source newsletter (Aug. 25, 2022) — We're still not talking about Ukraine enough
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Russia’s invasion of Ukraine was once the most talked about story in the world. Six months into the conflict, modern attention spans have moved on to other news stories. But Ukraine Independence Day yesterday should...
Ukraine Independence Day: Talos update
On Independence Day for Ukraine, Aug. 24, 2022, Cisco Talos provided a live update on its continued support for the region. Six months since Russia's invasion of Ukraine, Dmytro Korzhevin, a senior threat intelligence researcher, JJ Cummings, Talos' national intelligence principal, and Ashlee...
Threat Roundup for August 12 to August 19
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 12 and Aug. 19. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Threat Source newsletter (Aug. 18, 2022) — Why aren't Lockdown modes the default setting on phones?
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. As the data privacy landscape gets increasingly murky, app developers and device manufacturers are finding new ways to sure up users’ personal information. Of course, all users have to do is go out of their way to...
Ukraine war spotlights agriculture sector's vulnerability to cyber attack
By Joe Marshall. The war in Ukraine has caused massive problems for global food supplies, underscoring the high impact of disruptive events to agriculture entities and related organizations. The challenges to the Ukrainian agriculture sector imposed by the war--and global ripple effects--have bee...
Vulnerability Spotlight: Vulnerabilities in WWBN AVideo web app could lead to command injection, authentication bypass
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the WWBN AVideo web application that could allow an attacker to carry out a wide range of malicious actions, including command injection and...
Vulnerability Spotlight: Three vulnerabilities in HDF5 file format could lead to remote code execution
Dave McDaniel of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three vulnerabilities in a library that works with the HDF5 file format that could allow an attacker to execute remote code on a targeted device. These issues arise in the libhdf5...
Threat Roundup for August 5 to August 12
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 5 and Aug. 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
Threat Source newsletter (Aug. 11, 2022) — All of the things-as-a-service
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Everyone seems to want to create the next “Netflix” of something. Xbox’s Game Pass is the “Netflix of video games.” Rent the Runway is a “Netflix of fashion” where customers subscribe to a rotation of fancy clothes. A...
Cisco Talos shares insights related to recent cyber attack on Cisco
Update History Date | Description of Updates ---|--- Aug. 10th 2022| Adding clarifying details on activity involving active directory. Aug. 10th 2022| Update made to the Cisco Response and Recommendations section related to MFA. Executive summary On May 24, 2022, Cisco became aware of a potential...
Microsoft Patch Tuesday for August 2022 — Snort rules and prominent vulnerabilities
By Jon Munshaw and Vanja Svajcer. Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its line of products and software, the most in a single Patch Tuesday in four months. This batch of updates also includes a fix for a new vulnerability in the...
Small-time cybercrime is about to explode — We aren't ready
By Nick Biasini. The cybersecurity industry tends to focus on extremely large-scale or sophisticated, state-sponsored attacks. Rightfully so, as it can be the most interesting, technically speaking. When most people think of cybercrime they think of large-scale breaches because that's what...
Threat Roundup for July 29 to August 5
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 29 and Aug. 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
New SDR feature released for Cisco Secure Email
Cisco Talos today announced the release of a new mechanism that allows Cisco Secure Email customers the option to submit Sender Domain Reputation SDR disputes through TalosIntelligence.com. Customers now have the option of receiving self-service support through TalosIntelligence.com or may contin...
Threat Source newsletter (Aug. 4, 2022) — BlackHat 2022 preview
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. After what seems like forever and honestly has been a really long time, we’re heading back to BlackHat in-person this year. We’re excited to see a lot of old friends again to commiserate, hang out, trade stories and...
Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns
By Edmund Brumaghin, Azim Khodjibaev and Matt Thaxton, with contributions from Arnaud Zobec. Executive Summary Dark Utilities, released in early 2022, is a platform that provides full-featured C2 capabilities to adversaries. It is marketed as a means to enable remote access, command execution,...