Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2025/01/30 11:0 a.m.16 views

Talos IR trends Q4 2024: Web shell usage and exploitation of public-facing applications spike

Threat actors increasingly deployed web shells against vulnerable web applications and primarily exploited vulnerable or unpatched public-facing applications to gain initial access in Q4, a notable shift from previous quarters. The functionality of the web shells and targeted web applications...

8.7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/01/29 4:45 p.m.28 views

Whatsup Gold, Observium and Offis vulnerabilities

Cisco Talos' Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold. These vulnerabilities exist in Observium, a network observation and monitoring system; Offis DCMTK, a collection of libraries a...

8.7CVSS8.5AI score0.69952EPSS
Exploits7
Talos Blog
Talos Blog
added 2025/01/28 11:0 a.m.14 views

New TorNet backdoor seen in widespread campaign

Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor since as early as July 2024 targeting users, predominantly in Poland and Germany, based on the phishing email language. The actor has delivered different payloads, including Agent Tesla, Snake...

8.4AI score
Exploits0
Talos Blog
Talos Blog
added 2025/01/24 1:37 p.m.21 views

Seasoning email threats with hidden text salting

Cisco Talos observed an increase in the number of email threats leveraging hidden text salting also known as "poisoning" in the second half of 2024. Hidden text salting is a simple yet effective technique for bypassing email parsers, confusing spam filters, and evading detection engines that rely...

6.6AI score
Exploits0
Talos Blog
Talos Blog
added 2025/01/23 7:5 p.m.5 views

Everything is connected to security

Welcome to this week's edition of the Threat Source newsletter. Hello friends! Joe here again! I have just returned from the frozen northern tundra of Fargo, North Dakota. This was my first real visit to the frigid climates of the Midwest, and I have to say, they take cold to a new level. I was...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2025/01/16 7:15 p.m.15 views

Find the helpers

Welcome to this week's edition of the Threat Source newsletter. "When I was a boy and I would see scary things in the news, my mother would say to me, 'Look for the helpers. You will always find people who are helping.'" ― Fred Rogers There's no world where following Mr. Roger's advice is wrong...

7.2CVSS7.5AI score0.13788EPSS
Exploits0
Talos Blog
Talos Blog
added 2025/01/15 1:0 p.m.30 views

Slew of WavLink vulnerabilities

Lilith of Cisco Talos discovered these vulnerabilities. Forty-four vulnerabilities and sixty-three CVEs were discovered across ten .cgi and three .sh files, as well as the static login page, of the Wavlink AC3000 wireless router web application. The Wavlink AC3000 wireless router is one of the mo...

10CVSS8.3AI score0.48086EPSS
Exploits54
Talos Blog
Talos Blog
added 2025/01/14 9:15 p.m.30 views

Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 12 that Microsoft marked as "critical." The remaining vulnerabilities listed are classified as "important." One notable critically rated vulnerability that has been patched this...

9.8CVSS9.3AI score0.80912EPSS
Exploits7
Talos Blog
Talos Blog
added 2025/01/09 7:15 p.m.7 views

Do we still have to keep doing it like this?

Welcome to the first edition of the Threat Source newsletter for 2025. Upon returning to work this week from my Lindt chocolate reindeer coma, my first task was to write this newsletter. As I stared at a blank template hoping for inspiration to suddenly strike, I did what any security professiona...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2024/12/19 7:2 p.m.7 views

Welcome to the party, pal!

Welcome to the final Threat Source newsletter of 2024. Watching "Die Hard" during the Christmas season has become a widely recognized tradition for many, despite ongoing debates about its classification as a Christmas movie. I know it isn't everyone's cup of tea. Whether you like the movie or not...

7.9AI score
Exploits0
Talos Blog
Talos Blog
added 2024/12/19 6:53 p.m.33 views

Acrobat out-of-bounds and Foxit use-after-free PDF reader vulnerabilities found

Cisco Talos' Vulnerability Research team recently disclosed three out-of-bounds read vulnerabilities in Adobe Acrobat Reader, and two use-after-free vulnerabilities in Foxit Reader. These vulnerabilities exist in Adobe Acrobat Reader and Foxit Reader, two of the most popular and feature-rich PDF...

8.8CVSS7.4AI score0.0127EPSS
Exploits2
Talos Blog
Talos Blog
added 2024/12/19 11:4 a.m.23 views

Exploring vulnerable Windows drivers

This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver BYOVD technique along with Cisco Talos' series of posts about malicious Windows drivers. Some of this research was presented at the AVAR conference in Chennai at the beginning of December...

7.8CVSS6.8AI score0.04284EPSS
Exploits4
Talos Blog
Talos Blog
added 2024/12/12 7:5 p.m.11 views

Something to Read When You Are On Call and Everyone Else is at the Office Party

Welcome to this week's edition of the Threat Source newsletter. The new head of the UK's National Cyber Security Centre, Richard Horne, recently remarked that there is a "clearly widening gap between, on the one hand, the threat and our exposure to it and, on the other, the defences that are in...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2024/12/12 11:0 a.m.9 views

The evolution and abuse of proxy networks

As long as we've had the internet, users have tried to obfuscate how and what they are connecting to. In some cases, this is to work around restrictions put in place by governments or a desire to access content that is not otherwise available in a given region. This is why technologies like VPNs...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2024/12/10 8:52 p.m.35 views

Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities

The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as "critical." The remaining vulnerabilities listed are classified as "important." Microsoft assessed that exploitation of the four "critical" vulnerabilities is "less likely." CVE-2024-49112 ...

9.8CVSS9.3AI score0.70906EPSS
Exploits7
Talos Blog
Talos Blog
added 2024/12/09 7:30 p.m.30 views

MC LR Router and GoCast unpatched vulnerabilities

Cisco Talos' Vulnerability Research team recently discovered two vulnerabilities in MC Technologies LR Router and three vulnerabilities in the GoCast service. These vulnerabilities have not been patched at time of this posting. For Snort coverage that can detect the exploitation of these...

9.8CVSS8AI score0.10514EPSS
Exploits3
Talos Blog
Talos Blog
added 2024/12/05 7:2 p.m.8 views

The adventures of an extroverted cyber nerd and the people Talos helps to fight the good fight

Welcome to this week's edition of the Threat Source newsletter. I am unbelievably lucky to do the work that I do. My title is technically 'Senior Security Strategist'. It's a very fancy title, but basically: I get to research threats with my colleagues and friends to keep people safe here at Talo...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2024/11/25 1:0 p.m.28 views

Finding vulnerabilities in ClipSp, the driver at the core of Windows’ Client License Platform

By Philippe Laulheret ClipSP clipsp.sys is a Windows driver used to implement client licensing and system policies on Windows 10 and 11 systems. Cisco Talos researchers have discovered eight vulnerabilities related to clipsp.sys ranging from signature bypass to elevation of privileges and sandbox...

7.8CVSS6.8AI score0.01626EPSS
Exploits0
Talos Blog
Talos Blog
added 2024/11/21 7:2 p.m.17 views

Bidirectional communication via polyrhythms and shuffles: Without Jon the beat must go on

Welcome to this week's edition of the Threat Source newsletter. Bidirectional communication is foundational to a well-built team regardless of environment. It's critical in information security to be able to drive a conversation up the ladder and down and not lose the critical elements. One of th...

8.1AI score
Exploits0
Talos Blog
Talos Blog
added 2024/11/20 11:0 a.m.7 views

Malicious QR Codes: How big of a problem is it, really?

QR codes are disproportionately effective at bypassing most anti-spam filters, as most filters are not designed to recognize that a QR code is present in an image and decode the QR code. According to Cisco Talos' data, roughly 60% of all email containing a QR code is spam. Talos discovered two...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2024/11/14 11:0 a.m.21 views

New PXA Stealer targets government and education sectors for sensitive information

Cisco Talos discovered a new information stealing campaign operated by a Vietnamese-speaking threat actor targeting government and education entities in Europe and Asia. We discovered a new Python program called PXA Stealer that targets victims' sensitive information, including credentials for...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2024/11/12 11:11 p.m.31 views

November Patch Tuesday release contains three critical remote code execution vulnerabilities

The Patch Tuesday for November of 2024 includes 89 vulnerabilities, including four that Microsoft marked as "critical." The remaining vulnerabilities listed are classified as "important." Microsoft assessed that exploitation of the four "critical" vulnerabilities is "less likely." CVE-2024-43639 ...

9.9CVSS10AI score0.81817EPSS
Exploits3
Talos Blog
Talos Blog
added 2024/11/07 11:0 a.m.20 views

Unwrapping the emerging Interlock ransomware attack

Cisco Talos Incident Response Talos IR recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware. Our analysis uncovered that the attacker used multiple components in the delivery chain including a Remote Access Tool RAT...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2024/10/31 3:29 p.m.40 views

NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities

Cisco Talos' Vulnerability Research team recently discovered five Nvidia out-of-bounds access vulnerabilities in shader processing, as well as eleven LevelOne router vulnerabilities spanning a range of possible exploits. For Snort coverage that can detect the exploitation of these vulnerabilities...

9.9CVSS9AI score0.17156EPSS
Exploits8
Talos Blog
Talos Blog
added 2024/10/31 1:37 p.m.15 views

Threat actors use copyright infringement phishing lure to deploy infostealers

Cisco Talos has observed an unknown threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. The decoy email and fake PDF filenames are designed to impersonate a company's legal department, attempting to lure the victim into downloading and...

8.2AI score
Exploits0
Talos Blog
Talos Blog
added 2024/10/30 10:0 a.m.12 views

Writing a BugSleep C2 server and detecting its traffic with Snort

In June 2024, security researchers published their analysis of a novel implant dubbed "MuddyRot"aka "BugSleep". This remote access tool RAT gives operators reverse shell and file input/output I/O capabilities on a victim's endpoint using a bespoke command and control C2 protocol. This blog will...

8.1AI score
Exploits0
Talos Blog
Talos Blog
added 2024/10/25 2:9 p.m.9 views

How LLMs could help defenders write better and faster detection

Most users will associate large language models LLMs like ChatGPT with answering basic questions or helping to write basics lines of text. But could these tools actually help defenders in the cybersecurity industry write more effective detection content? Several security researchers from across...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2024/10/24 10:0 a.m.18 views

Talos IR trends Q3 2024: Identity-based operations loom large

Threat actors are increasingly conducting identity-based attacks across a range of operations that are proving highly effective, with credential theft being the main goal in a quarter of incident response engagements. These attacks were primarily facilitated by living-off-the-land binaries LoLBin...

8.2AI score0.2677EPSS
Exploits0
Talos Blog
Talos Blog
added 2024/10/23 10:2 a.m.12 views

Threat Spotlight: WarmCookie/BadSpace

WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns. WarmCookie, observed being used for initial access and persistence, offers a means for continuous long-term access to compromised environments and is used...

8.3AI score
Exploits0
Talos Blog
Talos Blog
added 2024/10/23 10:2 a.m.18 views

Highlighting TA866/Asylum Ambuscade Activity Since 2021

TA866 also known as Asylum Ambuscade is a threat actor that has been conducting intrusion operations since at least 2020. TA866 has frequently relied on commodity and custom tooling to facilitate post-compromise activities. These tools often perform specific functions and are deployed and used as...

7.7AI score
Exploits0
Talos Blog
Talos Blog
added 2024/10/22 10:0 a.m.10 views

Threat actor abuses Gophish to deliver new PowerRAT and DCRAT

Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim's intervention to trigger the infection chain...

8.4AI score
Exploits0
Talos Blog
Talos Blog
added 2024/10/21 4:50 p.m.62 views

Akira ransomware continues to evolve

Akira continues to cement its position as one of the most prevalent ransomware operations in the threat landscape, according to Cisco Talos' findings and analysis. Their success is partly due to the fact that they are constantly evolving. For example, after Akira already developed a new version o...

9.8CVSS10AI score0.97591EPSS
Exploits11
Talos Blog
Talos Blog
added 2024/10/17 6:0 p.m.40 views

What I’ve learned in my first 7-ish years in cybersecurity

When I first interviewed with Joel Esler for my position at Cisco Talos, I remember when the time came for me to ask questions, one thing stood out. I asked what resources were available to me to learn about cybersecurity, because I was totally new to the space. His answer: The people. When I ask...

7.8CVSS7.3AI score0.00673EPSS
Exploits0
Talos Blog
Talos Blog
added 2024/10/17 10:0 a.m.15 views

UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants

Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as "UAT-5647", against Ukrainian government entities and unknown Polish entities. UAT-5647 is also known as RomCom and is widely attributed to Russian speaking threat actors in...

8.2AI score
Exploits0
Talos Blog
Talos Blog
added 2024/10/16 12:51 p.m.10 views

Protecting major events: An incident response blueprint

Ensuring the cybersecurity of major events -- whether it's sports, professional conferences, expos, inter-government meetings or other gatherings -- is a complex and time-intensive task. It requires a comprehensive approach and collaboration among various stakeholders, including vendors,...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2024/10/10 6:0 p.m.33 views

What NIST’s latest password standards mean, and why the old ones weren’t working

Say goodbye to the days of using the "@" symbol to mean "a" in your password or replacing an "S" with a "$." The U.S. National Institute of Standards and Technology NIST recently announced new guidelines for the ways website and organizations should handle password creation and management that wi...

8.1CVSS9.9AI score0.60954EPSS
Exploits0
Talos Blog
Talos Blog
added 2024/10/10 10:0 a.m.15 views

Ghidra data type archive for Windows driver functions

While reverse-engineering Windows drivers with Ghidra, it is common to encounter a function or data type that is not recognized during disassembly. This is because Ghidra does not natively include the majority of the definitions for data types and functions used by Windows drivers. Thankfully,...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2024/10/09 4:0 p.m.27 views

Vulnerability in popular PDF reader could lead to arbitrary code execution; Multiple issues in GNOME project

Cisco Talos' Vulnerability Research team recently disclosed six new security vulnerabilities across a range of software, including one in a popular PDF reader that could lead to arbitrary code execution. Foxit PDF Reader, one of the most popular alternatives to Adobe Acrobat, contains a memory...

8.8CVSS8.5AI score0.47107EPSS
Exploits4
Talos Blog
Talos Blog
added 2024/10/08 7:4 p.m.44 views

Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities

The largest Microsoft Patch Tuesday since July includes two vulnerabilities that have been exploited in the wild and three other critical issues across the company's range of hardware and software offerings. October's monthly security update from Microsoft includes fixes for 117 CVEs, the most in...

9.8CVSS10AI score0.60954EPSS
Exploits4
Talos Blog
Talos Blog
added 2024/10/03 6:0 p.m.10 views

CISA is warning us (again) about the threat to critical infrastructure networks

Government-run water systems and other critical infrastructure are still at risk from state-sponsored actors, according to a renewed warning from the U.S. Cybersecurity and Infrastructure Security Agency. CISA released an advisory last week on the matter of days after a small water treatment...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2024/10/03 10:0 a.m.19 views

Threat actor believed to be spreading new MedusaLocker variant since 2022

Cisco Talos has discovered a financially motivated threat actor, active since 2022, recently observed delivering a MedusaLocker ransomware variant. Intelligence collected by Talos on tools regularly employed by the threat actor allows us to see an estimate of the amount and countries of origin of...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2024/09/26 6:0 p.m.15 views

Are hardware supply chain attacks “cyber attacks?”

The recent attacks in the Middle East triggering explosions on pagers has raised new fears around physical hardware supply chain attacks. In cybersecurity, we typically consider supply chain attacks to target software, in which adversaries infect a legitimate tool with a malicious, fake update th...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2024/09/26 1:0 p.m.26 views

Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam

Attackers are abusing normal features of legitimate web sites to transmit spam, such as the traditional method of verifying the creation of a new account. This web infrastructure and its associated email infrastructure is otherwise used for legitimate purposes, which makes blocking these messages...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2024/09/25 4:0 p.m.31 views

Talos discovers denial-of-service vulnerability in Microsoft Audio Bus; Potential remote code execution in popular open-source PLC

Cisco Talos' Vulnerability Research team recently disclosed two vulnerabilities in Microsoft products that have been patched by the company over the past two Patch Tuesdays. One is a vulnerability in the High-Definition Audio Bus Driver in Windows systems that could lead to a denial of service,...

9.8CVSS9.8AI score0.0381EPSS
Exploits6
Talos Blog
Talos Blog
added 2024/09/19 6:0 p.m.30 views

Talk of election security is good, but we still need more money to solve the problem

Last week, six Secretaries of State testified to U.S. Congress about the current state of election security ahead of November's Presidential election. Some of the same topics came up as usual -- disinformation campaigns, influence from foreign actors, and the physical protection of poll workers o...

7.5CVSS8.9AI score0.04469EPSS
Exploits0
Talos Blog
Talos Blog
added 2024/09/12 6:0 p.m.16 views

We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders

I have written about the dreaded " cybersecurity skills gap" more times than I can remember in this newsletter, but I feel like it's time to revisit this topic again. That's because the White House announced a new initiative last week for the U.S. government called the " Service for America"...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2024/09/11 4:0 p.m.22 views

Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API

Cisco Talos' Vulnerability Research team discovered two vulnerabilities have been disclosed and fixed over the past few weeks. Talos discovered a time-of-check time-of-use vulnerability in Adobe Acrobat Reader, one of the most popular PDF readers currently available, and an information disclosure...

7.5CVSS9.4AI score0.04469EPSS
Exploits0
Talos Blog
Talos Blog
added 2024/09/10 7:30 p.m.36 views

Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score

Microsoft disclosed four vulnerabilities that are actively being exploited in the wild as part of its regular Patch Tuesday security update this week in what's become a regular occurrence for the company's patches in 2024. Two of the zero-day vulnerabilities, CVE-2024-38226 and CVE-2024-38014,...

9.8CVSS8.9AI score0.51461EPSS
Exploits3
Talos Blog
Talos Blog
added 2024/09/10 4:0 a.m.22 views

DragonRank, a Chinese-speaking SEO manipulator service provider

Key Takeaways Cisco Talos is disclosing a new threat called "DragonRank" that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization SEO rank manipulation. DragonRank exploits targets' web application services to deploy a web shell and...

8.4AI score
Exploits0
Talos Blog
Talos Blog
added 2024/09/06 12:59 p.m.13 views

The 2024 Threat Landscape State of Play

As we head into the final furlong of 2024, we caught up with Talos' Head of Outreach Nick Biasini to ask him what sort of year it's been so far in the threat landscape. In this video, Nick outlines his two major areas of concern. He also focusses on one state-sponsored actor that has been...

7.7AI score
Exploits0
Total number of security vulnerabilities2032