Lucene search
K
TalosblogRecent

2033 matches found

Talos Blog
Talos Blog
added 2022/08/02 12:0 p.m.60 views

Manjusaka: A Chinese sibling of Sliver and Cobalt Strike

By Asheer Malhotra and Vitor Ventura. Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. The implants...

Exploits0
Talos Blog
Talos Blog
added 2022/08/01 4:18 p.m.19 views

Vulnerability Spotlight: How misusing properly serialized data opened TCL LinkHub Mesh Wi-Fi system to 17 vulnerabilities

By Carl Hurd. The TCL LinkHub Mesh Wi-Fi system is a multi-device Wi-Fi system that allows users to expand access to their network over a large physical area. What makes the LInkHub system unique is the lack of a network interface to manage the devices individually or in the mesh. Instead, a phon...

8.5AI score
Exploits0
Talos Blog
Talos Blog
added 2022/08/01 12:0 p.m.16 views

Researcher Spotlight: You should have been listening to Lurene Grenier years ago

The exploit researcher recently rejoined Talos after starting her career with the company’s predecessor By Jonathan Munshaw. Lurene Grenier says state-sponsored threat actors keep her up at night, even after years of studying and following them. She’s spent her security career warning people why...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2022/07/29 7:8 p.m.82 views

Threat Roundup for July 22 - 29

Talos is publishing a glimpse into the most prevalent threats we've observed from July 22 - 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2022/07/28 6:0 p.m.24 views

Threat Source newsletter (July 28, 2022) — What constitutes an "entry-level" job in cybersecurity?

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Between the White House’s recent meeting, countless conference talks and report after report warning of cybersecurity burnout, there’s been a ton of talk recently around the cybersecurity skills...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2022/07/27 4:22 p.m.79 views

Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple products

By Francesco Benvenuto. Recently, I was performing some research on a wireless router and noticed the following piece of code:...

7.5CVSS0.4AI score0.01684EPSS
Exploits5
Talos Blog
Talos Blog
added 2022/07/27 12:0 p.m.81 views

What Talos Incident Response learned from a recent Qakbot attack hijacking old email threads

By Nate Pors and Terryn Valikodath. Executive summary In a recent malspam campaign delivering the Qakbot banking trojan, Cisco Talos Incident Response CTIR observed the adversary using aggregated, old email threads from multiple organizations that we assess were likely harvested during the 2021...

7.5CVSS0.99999EPSS
Exploits63
Talos Blog
Talos Blog
added 2022/07/26 2:3 p.m.125 views

Quarterly Report: Incident Response Trends in Q2 2022

Commodity malware usage surpasses ransomware by narrow margin By Caitlin Huey. For the first time in more than a year, ransomware was not the top threat Cisco Talos Incident Response CTIR responded to this quarter, as commodity malware surpassed ransomware by a narrow margin. This is likely due t...

9.3CVSS0.99999EPSS
Exploits353
Talos Blog
Talos Blog
added 2022/07/22 9:51 p.m.21 views

Threat Roundup for July 15 to July 22

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 15 and July 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

Exploits0
Talos Blog
Talos Blog
added 2022/07/21 6:0 p.m.51 views

Threat Source newsletter (July 21, 2022) — No topic is safe from being targeted by fake news and disinformation

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. I could spend time in this newsletter every week talking about fake news. There are always so many ridiculous memes, headlines, misleading stories, viral Facebook posts and manipulated media that I see come across my...

7.2CVSS0.4AI score0.18765EPSS
Exploits0
Talos Blog
Talos Blog
added 2022/07/21 12:0 p.m.377 views

Attackers target Ukraine using GoMet backdoor

Executive summary Since the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage of cyber attacks. Working jointly with Ukrainian organizations, Cisco Talos has discovered a fairly uncommon piece of malware targeting Ukraine — this time aimed at a large software...

10CVSS0.4AI score0.99999EPSS
Exploits69
Talos Blog
Talos Blog
added 2022/07/19 12:45 p.m.26 views

Vulnerability Spotlight: Issue in Accusoft ImageGear could lead to memory corruption, code execution

Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered a use-after-free vulnerability in Accusoft ImageGear's PSD header processing function. The ImageGear library is a document-imaging developer toolkit that allows users to create,...

0.6AI score0.01758EPSS
Exploits1
Talos Blog
Talos Blog
added 2022/07/15 2:37 p.m.12 views

EMEAR Monthly Talos Update: Training the next generation of cybersecurity researchers

Cisco Talos and Cisco Secure have the latest edition of the Talos EMEAR Threat Update series out now, which you can watch above or over at this link, where Martin Lee and Hazel Burton talk about the cybersecurity skills gap that currently exists and how we can better train the next generation of...

0.3AI score
Exploits0
Talos Blog
Talos Blog
added 2022/07/14 6:0 p.m.11 views

Threat Source newsletter (July 14, 2022) — Are virtual IDs worth the security risk of saving a few seconds in the TSA line?

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. I’ve started flying again on a somewhat regular basis now that work conferences and out-of-state vacations are becoming a thing again. I took about 18 months or so off flying during the peak of the pandemic, but now...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2022/07/14 2:22 p.m.30 views

Vulnerability Spotlight: Use-after-free condition in Google Chrome WebGPU

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome’s WebGPU standard. Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser tha...

0.8AI score0.00617EPSS
Exploits1
Talos Blog
Talos Blog
added 2022/07/13 11:58 p.m.19 views

Transparent Tribe begins targeting education sector in latest campaign

Cisco Talos has been tracking a new malicious campaign operated by the Transparent Tribe APT group. This campaign involves the targeting of educational institutions and students in the Indian subcontinent, a deviation from the adversary's typical focus on government entities. The attacks result i...

7.9AI score
Exploits0
Talos Blog
Talos Blog
added 2022/07/13 3:49 p.m.28 views

Vulnerability Spotlight: Adobe Acrobat DC use-after-free issues could lead to arbitrary code execution

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two use-after-free vulnerabilities in Adobe Acrobat Reader DC that could allow an attacker to eventually gain the ability to execute arbitrary code. Acrobat is one of the most...

1.6AI score0.1083EPSS
Exploits0
Talos Blog
Talos Blog
added 2022/07/12 10:33 a.m.21 views

Microsoft Patch Tuesday for July 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Tiago Pereira. Microsoft released its monthly security update Tuesday, disclosing more than 80 vulnerabilities in the company’s various software, hardware and firmware offerings, including one that’s actively being exploited in the wild. July's security update... This is only t...

1.3AI score
Exploits0
Talos Blog
Talos Blog
added 2022/07/08 12:27 p.m.13 views

Threat Roundup for July 1 to July 8

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 1 and July 8. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

0.8AI score
Exploits0
Talos Blog
Talos Blog
added 2022/07/07 11:0 a.m.11 views

Threat Source newsletter (July 7, 2022) — Teamwork makes the dream work

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. I’ve been thinking a lot recently about the pros and cons of the way we publicize our threat research. I had a few conversations at Cisco Live with people — who are more generally IT-focused than... This is only the...

2.2AI score
Exploits0
Talos Blog
Talos Blog
added 2022/07/05 12:6 p.m.8 views

De-anonymizing ransomware domains on the dark web

By Paul Eubanks. We have developed three techniques to identify ransomware operators' dark websites hosted on public IP addresses, allowing us to uncover previously unknown infrastructure for the DarkAngels, Snatch, Quantum and Nokoyawa ransomware groups.The methods we used to identify the...

2.1AI score
Exploits0
Talos Blog
Talos Blog
added 2022/07/05 6:28 a.m.21 views

Vulnerability Spotlight: Command injection vulnerabilities in Robustel cellular router

Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered four vulnerabilities in the Robustel R1510 industrial cellular router. The R1510 is a portable router that shares 2G, 3G and 4G wireless internet access. It comes... This is...

1.9AI score
Exploits0
Talos Blog
Talos Blog
added 2022/07/05 6:20 a.m.13 views

Researcher Spotlight: Around the security world and back again with Nick Biasini

By Jon Munshaw. Nick Biasini’s seen it all. Going on a nearly 20-year security career, he’s been a part of some of Cisco Talos’ largest undertakings in the company’s history. From an attack on the global Olympic Games, to a wireless router malware that affected hundreds of... This is only the...

0.6AI score
Exploits0
Talos Blog
Talos Blog
added 2022/06/30 11:0 a.m.12 views

Threat Source newsletter (June 30, 2022) — AI voice cloning is somehow more scary than deepfake videos

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. We took a week off for summer vacation but are back in the thick of security things now. My first exposure to deepfake videos was when Jordan Peele worked with BuzzFeed News to produce this video of... This is only th...

1.7AI score
Exploits0
Talos Blog
Talos Blog
added 2022/06/24 2:59 p.m.9 views

Threat Roundup for June 17 to June 24

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 17 and June 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

1.1AI score
Exploits0
Talos Blog
Talos Blog
added 2022/06/21 4:59 a.m.16 views

Avos ransomware group expands with new attack arsenal

By Flavio Costa, Chris Neal and Guilherme Venere. In a recent customer engagement, we observed a month-long AvosLocker campaign. The attackers utilized several different tools, including Cobalt Strike, Sliver and multiple commercial network scanners. The initial ingress point in this incident...

3.8AI score
Exploits0
Talos Blog
Talos Blog
added 2022/06/17 2:57 p.m.10 views

Threat Roundup for June 10 to June 17

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 10 and June 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

1.1AI score
Exploits0
Talos Blog
Talos Blog
added 2022/06/16 11:0 a.m.16 views

Threat Source newsletter (June 16, 2022) — Three top takeaways from Cisco Live

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. I’m still decompressing from Cisco Live and the most human interaction I’ve had in a year and a half. But after spending a few days on the show floor and interacting with everyone, there are a... This is only the...

1.3AI score
Exploits0
Talos Blog
Talos Blog
added 2022/06/15 12:14 p.m.14 views

Vulnerability Spotlight: Vulnerabilities in Anker Eufy Homebase could lead to code execution, authentication bypass

Lilith of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three vulnerabilities in the Anker Eufy Homebase 2. The Eufy Homebase 2 is the video storage and networking gateway that works with Anker’s Eufy Smarthome ecosystem.... This is only the...

1.1AI score
Exploits0
Talos Blog
Talos Blog
added 2022/06/14 11:47 a.m.10 views

Microsoft Patch Tuesday for June 2022 — Snort rules and prominent vulnerabilities

By Chetan Raghuprasad. Microsoft released its monthly security update Tuesday, disclosing 55 vulnerabilities in the company’s firmware and software. One of these vulnerabilities is considered critical, 40 are listed as high severity, and the remainder is considered "moderate." The most... This is...

0.9AI score
Exploits0
Talos Blog
Talos Blog
added 2022/06/09 11:40 a.m.14 views

Threat Roundup for May 27 to June 3

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 27 and June 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

1.1AI score
Exploits0
Talos Blog
Talos Blog
added 2022/06/09 11:39 a.m.23 views

Threat Advisory: Atlassian Confluence zero-day vulnerability under active exploitation

Cisco Talos is monitoring reports of an actively exploited zero-day vulnerability in Confluence Data Center and Server. Confluence is a Java-based corporate Wiki employed by numerous enterprises. At this time, it is confirmed that all supported versions of Confluence are affected by this... This ...

3.7AI score
Exploits0
Talos Blog
Talos Blog
added 2022/06/09 11:6 a.m.10 views

Threat Source newsletter (June 9, 2022) — Get ready for Cisco Live

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Another week, another conference. We’re heading a few miles southeast from San Francisco to Las Vegas for Cisco Live. I hope everyone had a safe, healthy and enjoyable RSA, but the fun isn’t over just... This is only...

1.5AI score
Exploits0
Talos Blog
Talos Blog
added 2022/06/09 5:16 a.m.14 views

Talos EMEA monthly update: Business email compromise

The latest edition of the Talos EMEA Monthly Update is available now on Cisco.com and Cisco's YouTube page. You can also view the episode in its entirety above. For June, Hazel and Martin got together to discuss business email compromise. BEC has quickly become the most lucrative attack vector...

1.3AI score
Exploits0
Talos Blog
Talos Blog
added 2022/06/02 2:53 p.m.86 views

Threat Advisory: Zero-day vulnerability in Microsoft diagnostic tool MSDT could lead to code execution

A recently discovered zero-day vulnerability in the Microsoft Windows Support Diagnostic Tool MSDT made headlines over the past few days. CVE-2022-30190, also known under the name "Follina," exists when MSDT is called using the URL protocol from an application, such as Microsoft Office,...

9.3CVSS2.1AI score0.99374EPSS
Exploits62
Talos Blog
Talos Blog
added 2022/06/02 11:0 a.m.12 views

Threat Source newsletter (June 2, 2022) — An RSA Conference primer

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Many of you readers may be gearing up for a West Coast swing over the next few weeks through San Francisco and Las Vegas for RSA and Cisco Live, respectively. And we’re right behind you! Talos... This is only the...

1.9AI score
Exploits0
Talos Blog
Talos Blog
added 2022/05/31 6:0 a.m.12 views

Researcher Spotlight: Martin Lee, EMEAR lead, Talos Strategic Communications

Who knew you could connect Moses to threat intelligence? By Jon Munshaw. When the security community usually thinks about the origins of cybersecurity and threat intelligence, the conversation may quickly center around the codebreakers in World War II or the Creeper software developed... This is...

2.1AI score
Exploits0
Talos Blog
Talos Blog
added 2022/05/27 1:38 p.m.17 views

Threat Roundup for May 20 to May 27

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 20 and May 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

1AI score
Exploits0
Talos Blog
Talos Blog
added 2022/05/26 11:0 a.m.12 views

Threat Source newsletter (May 26, 2022) — BlackByte adds itself to the grocery list of big game hunters

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Given the recent tragedies in the U.S., I don’t feel it’s appropriate to open by being nostalgic or trying to be witty — let’s just stick to some security news this week. The one big... This is only the beginning!...

2AI score
Exploits0
Talos Blog
Talos Blog
added 2022/05/25 8:18 a.m.16 views

Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service

Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software Platform that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into...

1.8AI score
Exploits0
Talos Blog
Talos Blog
added 2022/05/20 11:26 a.m.9 views

Threat Roundup for May 13 to May 20

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 13 and May 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

1AI score
Exploits0
Talos Blog
Talos Blog
added 2022/05/19 11:12 a.m.15 views

The BlackByte ransomware group is striking users all over the globe

News summary Cisco Talos has been monitoring the BlackByte Ransomware Group for several months, infecting victims all over the world, from North America to Colombia, Netherlands, China, Mexico and Vietnam.The FBI released a joint cybersecurity advisory in February 2022 warning about this group,...

3.9AI score
Exploits0
Talos Blog
Talos Blog
added 2022/05/19 11:0 a.m.10 views

Threat Source newsletter (May 19, 2022) — Why I'm missing the days of iPods and LimeWire

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. I will openly admit that I still own a “classic” iPod — the giant brick that weighed down my skinny jeans in high school and did nothing except play music. There are dozens of hours of music on there that I... This is...

0.9AI score
Exploits0
Talos Blog
Talos Blog
added 2022/05/17 7:55 a.m.9 views

Vulnerability Spotlight: Multiple memory corruption vulnerabilities in NVIDIA GPU driver

Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card. NVIDIA graphics... This is on...

2.6AI score
Exploits0
Talos Blog
Talos Blog
added 2022/05/16 6:14 a.m.15 views

Ransomware: How executives should prepare given the current threat landscape

By Nate Pors. Top executives are increasingly dreading the phone call from their fellow employees notifying them that their company has been hit by a cyber attack. Nearly every week in 2021 and early 2022, a prominent organization has been in the media spotlight as their public relations team...

2.1AI score
Exploits0
Talos Blog
Talos Blog
added 2022/05/13 12:4 p.m.10 views

Threat Roundup for May 6 to May 13

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 6 and May 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

1AI score
Exploits0
Talos Blog
Talos Blog
added 2022/05/13 5:0 a.m.11 views

EMEAR Monthly Talos Update: Wiper malware

Cisco Talos and Cisco Secure are launching a new video series to fill you in on the latest cybersecurity trends. We’re thrilled to launch our first video in the new Talos Threat Update series, which you can watch above or over at this link, where Martin Lee and Hazel Burton talk about wiper... Th...

1.4AI score
Exploits0
Talos Blog
Talos Blog
added 2022/05/12 11:0 a.m.9 views

Threat Source newsletter (May 12, 2022) — Mandatory MFA adoption is great, but is it too late?

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Mandatory multi-factor authentication is all the rage nowadays. GitHub just announced that all contributors would have to enroll in MFA by 2023 to log into their accounts. And Google announced as part of... This is on...

3.2AI score
Exploits0
Talos Blog
Talos Blog
added 2022/05/12 5:0 a.m.13 views

Vulnerability Spotlight: How an attacker could chain several vulnerabilities in an industrial wireless router to gain root access

Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Blog by Francesco Benvenuto and Jon Munshaw. Cisco Talos recently discovered several vulnerabilities in InHand Networks’ InRouter302 that could allow an attacker to escalate their privileges on the targeted device from a... This...

2.5AI score
Exploits0
Talos Blog
Talos Blog
added 2022/05/11 5:0 a.m.18 views

Bitter APT adds Bangladesh to their targets

Cisco Talos has observed an ongoing malicious campaign since August 2021 from the Bitter APT group that appears to target users in Bangladesh, a change from the attackers' usual victims.As part of this, there's a new trojan based on Apost Talos is calling "ZxxZ," that, among other... This is only...

1.9AI score
Exploits0
Total number of security vulnerabilities2033