Lucene search
K
TalosblogRecent

2035 matches found

Talos Blog
Talos Blog
added 2022/10/07 9:38 p.m.22 views

Threat Roundup for September 30 to October 7

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 30 and Oct. 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2022/10/07 9:5 p.m.16 views

Threat Roundup for September 30 to October 7

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 30 and Oct. 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2022/10/07 2:11 p.m.28 views

Vulnerability Spotlight: Issue in Hancom Office 2020 could lead to code execution

Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable memory corruption vulnerability in Hancom Office 2020. Hancom Office is a popular software collection among South Korean users that offers similar products to...

0.9AI score0.00499EPSS
Exploits1
Talos Blog
Talos Blog
added 2022/10/06 6:0 p.m.56 views

Threat Source newsletter (Oct. 6, 2022) — Continuing down the Privacy Policy rabbit hole

As I wrote about last week, Ive been diving a lot into apps privacy policies recently. And I was recently made aware of a new type of app I never knew existed -- family trackers. There are countless mobile apps for parents to track their children or other family members based on their location,...

9.2AI score0.99964EPSS
Exploits16
Talos Blog
Talos Blog
added 2022/10/06 6:0 p.m.52 views

Threat Source newsletter (Oct. 6, 2022) — Continuing down the Privacy Policy rabbit hole

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. As I wrote about last week, I’ve been diving a lot into apps’ privacy policies recently. And I was recently made aware of a new type of app I never knew existed — family trackers. There are countless mobile apps for...

9.2AI score0.99964EPSS
Exploits16
Talos Blog
Talos Blog
added 2022/10/04 12:51 p.m.13 views

Developer account body snatchers pose risks to the software supply chain

By Jaeson Schultz. Over the past several years, high-profile software supply chain attacks have increased in frequency. These attacks can be difficult to detect and source code repositories became a key focus of this research. Developer account takeovers present a substantial risk to the software...

Exploits0
Talos Blog
Talos Blog
added 2022/10/04 12:51 p.m.15 views

Developer account body snatchers pose risks to the software supply chain

Over the past several years, high-profile software supply chain attacks have increased in frequency. These attacks can be difficult to detect and source code repositories became a key focus of this research. Developer account takeovers present a substantial risk to the software supply chain becau...

Exploits0
Talos Blog
Talos Blog
added 2022/10/03 2:0 p.m.11 views

Researcher Spotlight: Globetrotting with Yuri Kramarz

From the World Cup in Qatar to robotics manufacturing in east Asia, this incident responder combines experience from multiple arenas Yuri "Jerzy" Kramarz helped secure everything from the businesses supporting the upcoming World Cup in Qatar to the Black Hat security conference and critical...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2022/10/03 2:0 p.m.20 views

Researcher Spotlight: Globetrotting with Yuri Kramarz

From the World Cup in Qatar to robotics manufacturing in east Asia, this incident responder combines experience from multiple arenas By Jon Munshaw. Yuri “Jerzy” Kramarz helped secure everything from the businesses supporting the upcoming World Cup in Qatar to the Black Hat security conference an...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2022/09/30 9:16 p.m.167 views

Threat Advisory: Microsoft warns of actively exploited vulnerabilities in Exchange Server

Cisco Talos has released new coverage to detect and prevent the exploitation of two recently disclosed vulnerabilities collectively referred to as "ProxyNotShell," affecting Microsoft Exchange Servers 2013, 2016 and 2019. One of these vulnerabilities could allow an attacker to execute remote code...

0.7AI score0.99964EPSS
Exploits16
Talos Blog
Talos Blog
added 2022/09/30 9:16 p.m.291 views

Threat Advisory: Microsoft warns of actively exploited vulnerabilities in Exchange Server

Cisco Talos has released new coverage to detect and prevent the exploitation of two recently disclosed vulnerabilities collectively referred to as "ProxyNotShell," affecting Microsoft Exchange Servers 2013, 2016 and 2019. One of these vulnerabilities could allow an attacker to execute remote code...

0.1AI score0.99964EPSS
Exploits16
Talos Blog
Talos Blog
added 2022/09/30 8:46 p.m.23 views

Threat Roundup for September 23 to September 30

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 23 and Sept. 30. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2022/09/30 8:46 p.m.15 views

Threat Roundup for September 23 to September 30

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Sept. 23 and Sept. 30. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2022/09/29 6:0 p.m.21 views

Threat Source newsletter (Sept. 29, 2022) — Personal health apps are currently under a spotlight, but their warning signs have always been there

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. I’ve spent the past few months with my colleague Ashlee Benge looking at personal health apps’ privacy policies. We found several instances of apps that carry sensitive information stating they would share certain...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2022/09/28 12:12 p.m.97 views

New campaign uses government, union-themed lures to deliver Cobalt Strike beacons

By Chetan Raghuprasad and Vanja Svajcer. Cisco Talos discovered a malicious campaign in August 2022 delivering Cobalt Strike beacons that could be used in later, follow-on attacks. Lure themes in the phishing documents in this campaign are related to the job details of a government organization i...

9.3CVSS0.9AI score0.99933EPSS
Exploits29
Talos Blog
Talos Blog
added 2022/09/23 10:6 p.m.30 views

Threat Roundup for September 16 to September 23

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 16 and Sept. 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2022/09/22 6:0 p.m.28 views

Threat Source newsletter (Sept. 22, 2022) — Attackers are already using student loan relief for scams

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. We’ve seen attackers capitalize on the news time and again, from COVID-19 to U.S.-North Korea relationships and, of course, holiday shopping sales every November. So, I was far from surprised to see that attackers are...

6.6AI score
Exploits0
Talos Blog
Talos Blog
added 2022/09/22 11:58 a.m.13 views

Insider Threats: Your employees are being used against you

By Nick Biasini. Insider threats are becoming an increasingly common part of the attack chain, with malicious insiders and unwitting assets playing key roles in incidents over the past year. Social engineering should be part of any organization’s policies and procedures and a key area for user...

0.7AI score
Exploits0
Talos Blog
Talos Blog
added 2022/09/22 9:0 a.m.27 views

Vulnerability Spotlight: Vulnerabilities in popular library affect Unix-based devices

Lilith of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered a memory corruption vulnerability in the uClibC library that could affect any Unix-based devices that use this library. uClibC and uClibC-ng are lightweight replacements for the popular gLibc library, which is...

1.5AI score0.01179EPSS
Exploits1
Talos Blog
Talos Blog
added 2022/09/20 2:0 p.m.19 views

Our current world, health care apps and your personal data

What does your autonomy mean to you? By Ashlee Benge and Jonathan Munshaw. After the recent Supreme Court ruling in Dobbs v. Jackson Women's Health Organization, the use of third-party apps to track health care has recently come under additional scrutiny for privacy implications. Many of these ap...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2022/09/16 5:24 p.m.29 views

Threat Roundup for September 9 to September 16

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 9 and Sept. 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2022/09/15 6:0 p.m.45 views

Threat Source newsletter (Sept. 15, 2022) — Teachers have to be IT admins now, too

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Public schools in the United States already rely on our teachers for so much — they have to be educators, occasional parental figures, nurses, safety officers, law enforcement and much more. Slowly, they’re having to...

7.8AI score0.05557EPSS
Exploits0
Talos Blog
Talos Blog
added 2022/09/15 12:2 p.m.23 views

Gamaredon APT targets Ukrainian government agencies in new campaign

By Asheer Malhotra and Guilherme Venere. Cisco Talos recently identified a new, ongoing campaign attributed to the Russia-linked Gamaredon APT that infects Ukrainian users with information-stealing malware. The adversary is using phishing documents containing lures related to the Russian invasion...

0.6AI score
Exploits0
Talos Blog
Talos Blog
added 2022/09/13 6:1 p.m.73 views

Microsoft Patch Tuesday for September 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Asheer Malhotra. Microsoft released its monthly security update Tuesday, disclosing 64 vulnerabilities across the company’s hardware and software line, a sharp decline from the record number of issues Microsoft disclosed last month. September's security update features five...

0.5AI score0.75711EPSS
Exploits7
Talos Blog
Talos Blog
added 2022/09/08 6:0 p.m.29 views

Threat Source newsletter (Sept. 8, 2022) — Why there is no one-stop-shop solution for protecting passwords

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. It seems like there’s at least one major password breach every month — if not more. Most recently, there was an incident at Plex where all users had to reset their passwords. Many users pay for a password management...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2022/09/08 12:1 p.m.58 views

Lazarus and the tale of three RATs

By Jung soo An, Asheer Malhotra and Vitor Ventura. Cisco Talos has been tracking a new campaign operated by the Lazarus APT group, attributed to North Korea by the United States government. This campaign involved the exploitation of vulnerabilities in VMWare Horizon to gain an initial foothold in...

0.8AI score
Exploits0
Talos Blog
Talos Blog
added 2022/09/08 9:0 a.m.17 views

Talos EMEA Monthly Threat Update: How do you know if cyber insurance is right for you?

On September's edition of the Monthly EMEA Threat Update, Hazel Burton and Martin Lee break down cyber insurance. Although many businesses and organizations will think insurance will only help them in a worst-case scenario, that worst-case scenario comes for us all eventually. Martin and Hazel...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2022/09/07 3:0 p.m.15 views

Multiple ransomware data leak sites experience DDoS attacks, facing intermittent outages and connectivity issues

By Azim Khodjibaev, Colin Grady, Paul Eubanks. Since Aug. 20, 2022, Cisco Talos has been monitoring suspected distributed denial-of-service DDoS attacks resulting in intermittent downtime and outages affecting several ransomware-as-a-service RaaS data leak sites. While the source and origin of th...

6.6AI score
Exploits0
Talos Blog
Talos Blog
added 2022/09/07 12:1 p.m.21 views

MagicRAT: Lazarus’ latest gateway into victim networks

By Jung soo An, Asheer Malhotra and Vitor Ventura. Cisco Talos has discovered a new remote access trojan RAT we're calling "MagicRAT," developed and operated by the Lazarus APT group, which the U.S. government believes is a North Korean state-sponsored actor. Lazarus deployed MagicRAT after the...

Exploits0
Talos Blog
Talos Blog
added 2022/09/06 12:0 p.m.13 views

Researcher Spotlight: How Asheer Malhotra looks for ‘instant gratification’ in threat hunting

The India native has transitioned from a reverse-engineer hobbyist to a public speaker in just a few years By Jon Munshaw. Ninety percent of Asheer Malhotra’s work will never see the light of day. But it’s that 10 percent that keeps him motivated to keep looking for something new. The Talos...

0.4AI score
Exploits0
Talos Blog
Talos Blog
added 2022/09/02 7:55 p.m.52 views

Threat Roundup for August 26 to September 2

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 26 and Sept. 2. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2022/09/01 6:0 p.m.13 views

Threat Source newsletter (Sept. 1, 2022) — Conversations about an unborn baby's privacy

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. This week marks about 90 days before my wife’s due date with our first child, a baby girl. We’re both incredibly excited and nervous at the same time, and we have much to discuss, like how to lay out the nursery, what...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2022/08/30 12:0 p.m.33 views

ModernLoader delivers multiple stealers, cryptominers and RATs

By Vanja Svajcer Cisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering a variety of threats, including the ModernLoader bot, RedLine information-stealer and cryptocurrency-mining malware to victims. The actors use PowerShell, .NET assemblies,...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2022/08/26 7:37 p.m.24 views

Threat Roundup for August 19 to August 26

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 19 and Aug. 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

Exploits0
Talos Blog
Talos Blog
added 2022/08/25 6:0 p.m.46 views

Threat Source newsletter (Aug. 25, 2022) — We're still not talking about Ukraine enough

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Russia’s invasion of Ukraine was once the most talked about story in the world. Six months into the conflict, modern attention spans have moved on to other news stories. But Ukraine Independence Day yesterday should...

0.09785EPSS
Exploits0
Talos Blog
Talos Blog
added 2022/08/24 4:39 p.m.15 views

Ukraine Independence Day: Talos update

On Independence Day for Ukraine, Aug. 24, 2022, Cisco Talos provided a live update on its continued support for the region. Six months since Russia's invasion of Ukraine, Dmytro Korzhevin, a senior threat intelligence researcher, JJ Cummings, Talos' national intelligence principal, and Ashlee...

0.4AI score
Exploits0
Talos Blog
Talos Blog
added 2022/08/19 10:24 p.m.27 views

Threat Roundup for August 12 to August 19

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 12 and Aug. 19. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2022/08/18 6:0 p.m.15 views

Threat Source newsletter (Aug. 18, 2022) — Why aren't Lockdown modes the default setting on phones?

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. As the data privacy landscape gets increasingly murky, app developers and device manufacturers are finding new ways to sure up users’ personal information. Of course, all users have to do is go out of their way to...

8.1AI score
Exploits0
Talos Blog
Talos Blog
added 2022/08/18 12:0 p.m.24 views

Ukraine war spotlights agriculture sector's vulnerability to cyber attack

By Joe Marshall. The war in Ukraine has caused massive problems for global food supplies, underscoring the high impact of disruptive events to agriculture entities and related organizations. The challenges to the Ukrainian agriculture sector imposed by the war--and global ripple effects--have bee...

0.3AI score
Exploits0
Talos Blog
Talos Blog
added 2022/08/16 3:54 p.m.65 views

Vulnerability Spotlight: Vulnerabilities in WWBN AVideo web app could lead to command injection, authentication bypass

Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the WWBN AVideo web application that could allow an attacker to carry out a wide range of malicious actions, including command injection and...

1.4AI score0.83583EPSS
Exploits10
Talos Blog
Talos Blog
added 2022/08/16 2:3 p.m.35 views

Vulnerability Spotlight: Three vulnerabilities in HDF5 file format could lead to remote code execution

Dave McDaniel of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three vulnerabilities in a library that works with the HDF5 file format that could allow an attacker to execute remote code on a targeted device. These issues arise in the libhdf5...

2.1AI score0.00618EPSS
Exploits3
Talos Blog
Talos Blog
added 2022/08/12 8:12 p.m.47 views

Threat Roundup for August 5 to August 12

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 5 and Aug. 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2022/08/11 6:0 p.m.45 views

Threat Source newsletter (Aug. 11, 2022) — All of the things-as-a-service

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Everyone seems to want to create the next “Netflix” of something. Xbox’s Game Pass is the “Netflix of video games.” Rent the Runway is a “Netflix of fashion” where customers subscribe to a rotation of fancy clothes. A...

9.6AI score0.6798EPSS
Exploits1
Talos Blog
Talos Blog
added 2022/08/10 7:30 p.m.28 views

Cisco Talos shares insights related to recent cyber attack on Cisco

Update History Date | Description of Updates ---|--- Aug. 10th 2022| Adding clarifying details on activity involving active directory. Aug. 10th 2022| Update made to the Cisco Response and Recommendations section related to MFA. Executive summary On May 24, 2022, Cisco became aware of a potential...

1.6AI score
Exploits0
Talos Blog
Talos Blog
added 2022/08/09 8:44 p.m.81 views

Microsoft Patch Tuesday for August 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Vanja Svajcer. Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its line of products and software, the most in a single Patch Tuesday in four months. This batch of updates also includes a fix for a new vulnerability in the...

1.6AI score0.6798EPSS
Exploits1
Talos Blog
Talos Blog
added 2022/08/08 12:42 p.m.15 views

Small-time cybercrime is about to explode — We aren't ready

By Nick Biasini. The cybersecurity industry tends to focus on extremely large-scale or sophisticated, state-sponsored attacks. Rightfully so, as it can be the most interesting, technically speaking. When most people think of cybercrime they think of large-scale breaches because that's what...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2022/08/05 7:54 p.m.21 views

Threat Roundup for July 29 to August 5

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 29 and Aug. 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2022/08/05 2:59 p.m.15 views

New SDR feature released for Cisco Secure Email

Cisco Talos today announced the release of a new mechanism that allows Cisco Secure Email customers the option to submit Sender Domain Reputation SDR disputes through TalosIntelligence.com. Customers now have the option of receiving self-service support through TalosIntelligence.com or may contin...

1.5AI score
Exploits0
Talos Blog
Talos Blog
added 2022/08/04 6:0 p.m.50 views

Threat Source newsletter (Aug. 4, 2022) — BlackHat 2022 preview

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. After what seems like forever and honestly has been a really long time, we’re heading back to BlackHat in-person this year. We’re excited to see a lot of old friends again to commiserate, hang out, trade stories and...

0.9817EPSS
Exploits1
Talos Blog
Talos Blog
added 2022/08/04 12:0 p.m.37 views

Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns

By Edmund Brumaghin, Azim Khodjibaev and Matt Thaxton, with contributions from Arnaud Zobec. Executive Summary Dark Utilities, released in early 2022, is a platform that provides full-featured C2 capabilities to adversaries. It is marketed as a means to enable remote access, command execution,...

0.2AI score
Exploits0
Total number of security vulnerabilities2035