2033 matches found
Talos Incident Response added to German BSI Advanced Persistent Threat response list
Cisco Talos Incident Response is now listed as an approved vendor on the Bundesamt für Sicherheit in der Informationstechnik BSI Advanced Persistent Threat APT response service providers list. Talos Incident Response successfully demonstrated to the BSI, through a review of our processes and a...
Threat Advisory: Critical F5 BIG-IP Vulnerability
Summary A recently disclosed vulnerability in F5 Networks' BIG-IP could allow an unauthenticated attacker to access the BIG-IP system to execute arbitrary system commands, create and delete files, disable services and could lead to additional malicious activity. This vulnerability, tracked as...
Microsoft Patch Tuesday for May 2022 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Jaeson Schultz. Microsoft returned to its normal monthly patching volume in May, disclosing and fixing 74 vulnerabilities as part of the company’s latest security update. This month’s Patch Tuesday includes seven critical vulnerabilities after Microsoft...
Threat Source newsletter (May 5, 2022) — Emotet is using up all of its nine lives
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Emotet made headlines last week for being “back” after a major international law enforcement takedown last year. But I’m here to argue that Emotet never left, and honestly, I’m not sure it ever... This is only the...
Mustang Panda deploys a new wave of malware targeting Europe
By Jung soo An, Asheer Malhotra and Justin Thattil, with contributions from Aliza Berk and Kendall McKay. In February 2022, corresponding roughly with the start of the Russian Invasion of Ukraine, Cisco Talos began observing the China-based threat actor Mustang Panda conducting phishing...
Threat Roundup for April 29 to May 6
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 29 and May 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Conti and Hive ransomware operations: What we learned from these groups' victim chats
As part of Cisco Talos’ continuous efforts to learn more about the current ransomware landscape, we recently examined a trove of chat logs between the Conti and Hive ransomware gangs and their victims. Ransomware-as-a-service groups have exploded in popularity over the past few years, with these...
Vulnerability Spotlight: Two vulnerabilities in Accusoft ImageGear could lead to DoS, arbitrary free
Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two new vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert... This is on...
Threat Roundup for April 22 to April 29
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 22 and April 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral... This is on...
Threat Source newsletter (April 28, 2022) — The 2022 Cybersecurity Mock Draft
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter that’s going to be a little different, but bear with me. In honor of the NFL Draft starting this evening — an event that Cisco is helping to secure — I thought it’d be appropriate to look at building a... This is only...
Quarterly Report: Incident Response trends in Q1 2022
Ransomware continues as the top threat, while a novel increase in APT activity emerges By Caitlin Huey. Ransomware was still the top threat Cisco Talos Incident Response CTIR saw in active engagements this quarter, continuing a trend that started in 2020. As mentioned in the 2021... This is only...
Researcher Spotlight: Liz Waddell, CTIR practice lead
How this Talos team member’s love of true crime led to a life in cybersecurity By Jon Munshaw. Liz Waddell is usually there on someone’s worst day of their professional lives. Chief technology officers and chief information security officers can hope all they want that the... This is only the...
Threat Roundup for April 15 to April 22
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 15 and April 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral... This is on...
Threat Source newsletter (April 14, 2022) — It's Tax Day, and you know what that means
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. The deadline to file taxes in the United States is Monday. That means a few things: everyone should probably make sure their liquor cabinet is fully stocked, your spam filters are all turned on in your email... This i...
Threat Source newsletter (April 21, 2022) — Sideloading apps is as safe as you make it
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. If you pay attention to the video game community as much as I do, you’ve been closely following the ongoing legal battle between Apple and Epic over the sale of “Fortnite” on the Apple App Store. I promise... This is...
TeamTNT targeting AWS, Alibaba
By Darin Smith.TeamTNT is actively modifying its scripts after they were made public by security researchers.These scripts primarily target Amazon Web Services, but can also run in on-premise, container, or other forms of Linux instances.The group's payloads include credential stealers,... This i...
Beers with Talos, Ep. #120: How attackers are finding ways around MFA
Beers with Talos BWT Podcast episode No. 120 is now available. Download this episode and subscribe to Beers with Talos: Apple Podcasts Google Podcasts Spotify StitcherRecorded April 6, 2022 If iTunes and Google Play aren't your thing, click here. The trend of... This is only the beginning! Please...
Threat Roundup for April 8 to April 15
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 8 and April 15. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Threat Source newsletter (April 7, 2022) — More money for cybersecurity still doesn't solve the skills gap problem
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. U.S. President Joe Biden’s proposed budget would include an 11 percent increase in the federal government’s IT budget, including a total of $10.9 billion for cybersecurity. On the surface — this is all... This is only...
Microsoft Patch Tuesday includes most vulnerabilities since Sept. 2020
By Jon Munshaw and Nick Biasini. Microsoft released its latest security update Tuesday, disclosing more than 140 vulnerabilities across its array of products. This is a departure from past Patch Tuesdays this year, which have only featured a few dozen vulnerabilities, and is the largest... This i...
Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer
Update 04/14/22: Following the initial publication of this blog, we observed a new post in the Haskers Gang Telegram channel announcing that ownership of the ZingoStealer project is being transferred to a new threat actor. We also observed the malware author offering to sell the source code for...
Threat Roundup for April 1 to April 8
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 1 and April 8. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter
By Edmund Brumaghin, with contributions from Alex Karkins. Ongoing malware distribution campaigns are using ISO disk images to deliver AsyncRAT, LimeRAT and other commodity malware to victims.The infections leverage process injection to evade detection by endpoint security software.These...
Threat Advisory: Spring4Shell
UPDATE, APRIL 4, 2022: The Kenna Risk Score for CVE-2022-22965 is currently at maximum 100. This is an exceptionally rare score, of which only 415 out of 184,000 CVEs or 0.22 percent have achieved, reflecting the severity and potential effects of this vulnerability. To get a risk score this high...
Threat Roundup for March 25 to April 1
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 25 and April 1. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Beers with Talos, Ep. #119: If it walks like a BlackCat, smells like a BlackCat...
Beers with Talos BWT Podcast episode No. 119 is now available. Download this episode and subscribe to Beers with Talos: Apple Podcasts Google Podcasts Spotify StitcherRecorded March 25, 2022. If iTunes and Google Play aren't your thing, click here. We're... This is only the beginning! Please visi...
On the Radar: Is 2022 the year encryption is doomed?
By Martin Lee. Quantum technology in development by the world’s superpowers will render many current encryption algorithms obsolete overnight. When it becomes available, whoever controls this technology will be able to read almost any encrypted data or message they wish. Organizations need... Thi...
Threat Source newsletter (March 31, 2022) — Is "Fortnite" a Metaverse?
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. By now, anyone on the internet has pondered the question: “Is a hot dog a sandwich?” My two cents: Yes, absolutely. Now as we move into the new internet age and onto Web 3.0 and NFTs instead of... This is only the...
Transparent Tribe campaign uses new bespoke malware to target Indian government officials
By Asheer Malhotra and Justin Thattil with contributions from Kendall McKay. Cisco Talos has observed a new Transparent Tribe campaign targeting Indian government and military entities. While the actors are infecting victims with CrimsonRAT, their well-known malware of choice, they are also...
Threat Roundup for March 18 to March 25
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 18 and March 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral... This is on...
Threat Source newsletter (March 24, 2022) — Of course the deepfake videos are here
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. The war in Ukraine has involved misinformation since before Russia’s ground forces invaded the country. So, it’s not really a shock that we’ve reached the stage of information warfare where deepfake... This is only th...
Threat Advisory: DoubleZero
Overview The Computer Emergency Response Team of Ukraine released an advisory on March 22, 2022 disclosing another wiper dubbed "DoubleZero" targeting Ukrainian enterprises during Russia's invasion of the country. This wiper was detected as early as March 17, 2022. DoubleZero is yet another...
Vulnerability Spotlight: Heap overflow in Sound Exchange libsox library
Lilith of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in the sphere.c startread functionality of Sound Exchange libsox. The libsox library is a library of... This is only the beginning!...
On the Radar: Securing Web 3.0, the Metaverse and beyond
By Jaeson Schultz. Internet technology evolves rapidly, and the World Wide Web WWW or Web is currently experiencing a transition into what many are calling "Web 3.0". Web 3.0 is a nebulous term. If you spend enough time Googling it, you'll find many interpretations regarding what Web 3.0... This ...
Threat Roundup for March 11 to March 18
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 11 and March 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral... This is on...
Threat Source newsletter (March 17, 2022) — Channelling productive worry to help Ukraine
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Cisco Talos continues to be heads-down working on the current Ukraine situation. This is incredibly difficult for everyone across the globe, especially for those directly affected. But that doesn’t mean those of... Th...
Threat Advisory: CaddyWiper
Overview Cybersecurity company ESET disclosed another Ukraine-focused wiper dubbed "CaddyWiper" on March 14. This wiper is relatively smaller than previous wiper attacks we've seen in Ukraine such as "HermeticWiper" and "WhisperGate," with a compiled size of just 9KB. The wiper discovered has...
From BlackMatter to BlackCat: Analyzing two attacks from one affiliate
By Tiago Pereira with contributions from Caitlin Huey. BlackCat is a recent and growing ransomware-as-a-service RaaS group that targeted several organizations worldwide over the past few months.There are rumors of a relationship between BlackCat and the BlackMatter/DarkSide ransomware groups,...
Preparing for denial-of-service attacks with Talos Incident Response
By Yuri Kramarz. Over the years, several extorsion-style and politically motivated denial-of-service attacks increased and still pose a threat to businesses and organizations of any size that can find themselves in the crosshairs of various malicious campaigns. A detailed... This is only the...
Beers with Talos, Ep. #118: Reflecting on the current situation in Ukraine
Beers with Talos BWT Podcast episode No. 118 is now available. Download this episode and subscribe to Beers with Talos: Apple Podcasts Google Podcasts Spotify StitcherRecorded March 7, 2022. If iTunes and Google Play aren't your thing, click here. This was... This is only the beginning! Please...
Threat Advisory: Opportunistic cyber criminals take advantage of Ukraine invasion
By Edmund Brumaghin, with contributions from Jonathan Byrne, Perceo Lemos and Vasileios Koutsoumpogeras. Executive Summary Since the beginning of the war in Ukraine, we have observed threat actors using email lures with themes related to the conflict, including humanitarian assistance and...
Threat advisory: Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools
Update March 12, 2022: Cisco Talos has updated the IOC section with additional hashes. Executive summary Opportunistic cybercriminals are attempting to exploit Ukrainian sympathizers by offering malware purporting to be offensive cyber tools to target Russian entities. Once downloaded, these...
Threat Roundup for March 4 to March 11
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 4 and March 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Talos Threat Source newsletter (March 10, 2022) — Fake social media posts spread in wake of Ukraine invasion
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter — complete with a new format and feel. First off, it goes without saying, but we’re all heartbroken by the crisis happening in Ukraine. Our hearts are with the people of Ukraine, our employees and their... This is only...
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
By Asheer Malhotra, Vitor Ventura and Arnaud Zobec. Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to...
Microsoft Patch Tuesday for March 2022 — Snort rules and prominent vulnerabilities
By Jon Munshaw and Edmund Brumaghin. Microsoft released another relatively light security update Tuesday, disclosing 71 vulnerabilities, including fixes for issues in Azure and the Office suite of products. March’s Patch Tuesday only included two critical vulnerabilities, which is notable... This...
Deep dive: Vulnerabilities in ZTE router could lead to complete attacker control of the device
Cisco Talos’ vulnerability research team disclosed multiple vulnerabilities in the ZTE MF971R wireless hotspot and router in October. Several months removed from that disclosure and ZTE’s patch, we decided to take an even closer look at two of these vulnerabilities — CVE-2021-21748 and... This is...
Current executive guidance for ongoing cyberattacks in Ukraine
Read this blog post in 日本語 Japanese Cyber threat activity against Ukraine, and around the world, has long been a central focus of our work. We continue to monitor the Ukraine-Russia situation by enacting a comprehensive, Talos-wide effort to provide support to our partners and customers. These...
Threat Roundup for February 25 to March 4
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 25 and March 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
Threat Advisory: Cyclops Blink
Update Feb. 25, 2022In our ongoing research into activity surrounding Ukraine and in cooperation with Cisco Duo data scientists Talos discovered compromised MikroTik routers inside of Ukraine being leveraged to conduct brute force attacks on devices protected by multi-factor authentication. This...