Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2024/09/06 10:0 a.m.61 views

Vulnerability in Tencent WeChat custom browser could lead to remote code execution

Certain versions of WeChat, a popular messaging app created by tech giant Tencent, contain a type confusion vulnerability that could allow an adversary to execute remote code. While this issue, CVE-2023-3420, was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component wa...

8.8CVSS8.9AI score0.56192EPSS
Exploits0
Talos Blog
Talos Blog
added 2024/09/05 6:0 p.m.25 views

The best and worst ways to get users to improve their account security

As most quality thoughts go, my most recent musing on security came about because of fantasy football. I had to log into my Yahoo Sports account, which I admittedly only ever have to log in to, at most, three times a year for the one fantasy football draft I have on that platform each year and th...

9.6CVSS8.8AI score0.19272EPSS
Exploits2
Talos Blog
Talos Blog
added 2024/09/05 4:26 p.m.8 views

Watch our new documentary, "The Light We Keep: A Project PowerUp Story"

You may have already read about the incredible story of Project PowerUp - how we worked with a multi-company, multi-national team to find a way to keep the lights on in Ukraine in the face of electronic warfare. Today, we are releasing a short documentary on how this story came to be, while...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2024/09/03 12:0 p.m.15 views

Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads

Cisco Talos recently discovered several related Microsoft Office documents uploaded to VirusTotal by various actors between May and July 2024 that were all generated by a version of a payload generator framework called "MacroPack." MacroPack is a framework designated for Red Team exercises, but w...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2024/08/29 6:0 p.m.9 views

What kind of summer has it been?

Hello Talos followers. I'm back for my annual takeover of the Threat Source newsletter. First, an update on that killer sloth movie I was so excited about in August 2023. "Slotherhouse" debuted with an impressive $137,133 at the box office, with critics hailing its various set pieces such as "dea...

6.3AI score
Exploits0
Talos Blog
Talos Blog
added 2024/08/28 4:0 p.m.11 views

The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks

Hunting for vulnerabilities in industrial environments has become increasingly important as industrial control systems and critical infrastructure face threats from state-sponsored actors and ransomware groups hoping to cash out on million-dollar payments. Fuzzing has long been one of our favorit...

8.5AI score
Exploits0
Talos Blog
Talos Blog
added 2024/08/28 4:0 p.m.10 views

Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case

So far in this series, Ive developed a fuzzer for the µC/HTTP-server. As described in the previous post, this fuzzer reads from a file to enable compatibility with AFL++. That implementation only fuzzes a single request at a time. Although that single request fuzzer uncovered a few security...

8AI score
Exploits0
Talos Blog
Talos Blog
added 2024/08/28 4:0 p.m.40 views

Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing

This is the first post of a three-part series, where we will be delving into the intricacies of fuzzing µC/OS protocol stacks. The techniques I will discuss are universally applicable to various RTOS environments, though our focus will primarily be on µC/OS. Ill highlight some of the strategic co...

10CVSS7.2AI score0.01778EPSS
Exploits5
Talos Blog
Talos Blog
added 2024/08/28 4:0 p.m.27 views

Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver

This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server. The first post highlighted code modifications necessary for developing a fuzzing harness tailored for the µC/HTTP-server. The second discussed a techniqu...

8AI score
Exploits0
Talos Blog
Talos Blog
added 2024/08/28 10:0 a.m.44 views

BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks

The BlackByte ransomware group continues to leverage tactics, techniques and procedures TTPs that have formed the foundation of its tradecraft since its inception, continuously iterating its use of vulnerable drivers to bypass security protections and deploying a self-propagating, wormable...

7.2CVSS8.1AI score0.2677EPSS
Exploits0
Talos Blog
Talos Blog
added 2024/08/22 6:0 p.m.38 views

No, not every Social Security number in the U.S. was stolen

My current least favorite thing about the churn of social media that Ive seen over the past week is waves of stories, posts and videos saying that every U.S. citizens Social Security number has been stolen or potentially viewed by a threat actor. The claim comes from a class action lawsuit filed ...

7.8CVSS6.9AI score0.27561EPSS
Exploits4
Talos Blog
Talos Blog
added 2024/08/21 10:0 a.m.38 views

MoonPeak malware from North Korean actors unveils new details on attacker infrastructure

Cisco Talos is exposing infrastructure we assess with high confidence is being used by a state-sponsored North Korean nexus of threat actors we track as "UAT-5394," including for staging, command and control C2 servers, and test machines the threat actors use to test their implants. Our analysis ...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2024/08/19 10:0 a.m.30 views

How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions

Cisco Talos has identified eight vulnerabilities in Microsoft applications for the macOS operating system. An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsofts applications to gain their entitlements and user-granted permissions. Permissions regulate...

7.3AI score0.00881EPSS
Exploits8
Talos Blog
Talos Blog
added 2024/08/15 6:0 p.m.28 views

AI, election security headline discussions at Black Hat and DEF CON

As promised, Im back this week to recap some of the top stories coming out of Black Hat and DEF CON. Also as promised, AI was the talk of Vegas during Hacker Summer Camp or at least from what Ive been reading and hearing, I wasnt there in person. Several exhibitions and talks at both conferences...

7.8CVSS7.7AI score0.19534EPSS
Exploits2
Talos Blog
Talos Blog
added 2024/08/14 4:2 p.m.25 views

Talos discovers 11 vulnerabilities between Microsoft, Adobe software disclosed on Patch Tuesday

Cisco Talos Vulnerability Research team recently discovered 11 vulnerabilities in Microsoft Windows CLIPSP.SYS and Adobe Acrobat Reader that were all disclosed this week as part of the companys regular security updates. For more on Patch Tuesday, check out Talos blog post here. Eight of the...

7.8CVSS8.6AI score0.0455EPSS
Exploits0
Talos Blog
Talos Blog
added 2024/08/13 7:12 p.m.70 views

Talos discovers Microsoft kernel mode driver vulnerabilities that could lead to SYSTEM privileges; Seven other critical issues disclosed

Microsoft disclosed six security vulnerabilities that are actively being exploited across its products as part of the companys regular Patch Tuesday security update. In all, Augusts monthly round of patches from Microsoft included 87 vulnerabilities, seven of which are considered critical. In...

9.8CVSS8.4AI score0.70564EPSS
Exploits28
Talos Blog
Talos Blog
added 2024/08/13 12:20 p.m.13 views

A refresher on Talos’ open-source tools and the importance of the open-source community

Open-source software that is free to download, deploy and modify is a vital component in the fight for cyber security. Freely available software not only helps defend systems that would otherwise be unprotected, but it also allows people to learn and develop vital cybersecurity skills. In this...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2024/08/08 6:0 p.m.11 views

The top stories coming out of the Black Hat cybersecurity conference

Over the next two weeks, two of the largest cybersecurity conferences in the world will take place in Las Vegas: Black Hat and DEF CON. That means product announcements, buzzwords and stories about "X smart appliance could burn your house down!" or something like that. Over the next two weeks, Il...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2024/08/05 12:0 p.m.11 views

Ryan Pentney reflects on 10 years of Talos and his many roles from the Sourcefire days

As the adage goes: "You dont know what you dont know." For Ryan Pentney and his team, they know what they dont know. And they wake up every morning trying to figure out how they can answer those questions about emerging threats and some of the largest state-sponsored actors in the world. Pentney ...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2024/08/01 6:0 p.m.29 views

There is no real fix to the security issues recently found in GitHub and other similar software

A recently discovered security issue in GitHub and other, similar, control system products seem to fit into the classic "its a feature, not a bug" category. Security researchers last week published their findings into some research of how deleted forks in GitHub work, potentially leaving the door...

8.8CVSS7.5AI score0.73469EPSS
Exploits6
Talos Blog
Talos Blog
added 2024/08/01 12:0 p.m.51 views

APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike

Cisco Talos discovered a malicious campaign that compromised a Taiwanese government-affiliated research institute that started as early as July 2023, delivering the ShadowPad malware, Cobalt Strike and other customized tools for post-compromise activities. The activity conducted on the victim...

8.8CVSS8AI score0.73469EPSS
Exploits6
Talos Blog
Talos Blog
added 2024/08/01 10:0 a.m.11 views

Detecting evolving threats: NetSupport RAT campaign

Cisco Talos is actively tracking multiple malware campaigns that utilize NetSupport RAT for persistent infections. These campaigns evade detection through obfuscation and updates. Snort can provide a strong defense before this malware reaches endpoints. In this first Deep Dive with NTDR, we explo...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2024/08/01 9:0 a.m.10 views

Where to find Talos at BlackHat 2024

With Black Hat just a week away, Cisco Talos is gearing up for another year of heading to Las Vegas to share in some of the latest major cybersecurity announcements, research and news. This year marks the 10th anniversary of Cisco Talos, as the Talos brand was officially launched in August 2014 a...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2024/07/31 4:0 p.m.41 views

Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues

Cisco Talos Vulnerability Research team has helped to disclose and patch six new vulnerabilities over the past three weeks, including one in a driver that powers certain NVIDIA graphics cards. The majority of the vulnerabilities that Talos disclosed during this period exist in Ankitects Anki, an...

9.6CVSS7.5AI score0.25924EPSS
Exploits4
Talos Blog
Talos Blog
added 2024/07/31 11:55 a.m.11 views

"There is no business school class that would ever sit down and design Talos"

As part of the celebrations of Cisco Talos turning 10, wed like to take you back to where it all began: How we formed our mission of protecting our customers and making the internet suck a bit less, an insight into our culture, and how we came to work with some of the most talented human beings o...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2024/07/25 6:0 p.m.12 views

The massive computer outage over the weekend was not a cyber attack, and I’m not sure why we have to keep saying that

Youre not going to believe this, but there was a lot of misinformation on social media over the weekend after the massive CrowdStrike/Microsoft outage. As airlines cancelled flights, hospitals had to reschedule patients and some companies just flat-out couldnt work on Friday, people were quick to...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2024/07/25 10:0 a.m.62 views

IR Trends: Ransomware on the rise, while technology becomes most targeted sector

Business email compromise BEC and ransomware were the top threats observed by Cisco Talos Incident Response Talos IR in the second quarter of 2024, together accounting for 60 percent of engagements. Although there was a decrease in BEC engagements from last quarter, it was still a major threat fo...

7.5CVSS8.4AI score0.99903EPSS
Exploits18
Talos Blog
Talos Blog
added 2024/07/24 10:0 a.m.23 views

A (somewhat) complete timeline of Talos’ history

A lot has happened in Talos 10 years of existence. And to celebrate our birthday, we wanted to look back on some of the major moments in Talos history. Heres an overview of some of the major events, cyber attacks, research breakthroughs and more that truly make Talos Talos. We hope this walk down...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2024/07/18 6:0 p.m.42 views

It's best to just assume you’ve been involved in a data breach somehow

Between AT&T, all the follow-on activity from Snowflake, Microsoft Outlook, and more, its best to probably just assume at this point that your personal information has somehow been involved in a data breach. Were only halfway through 2024, and weve already seen some of the largest data breaches a...

7.5CVSS7.4AI score0.84345EPSS
Exploits0
Talos Blog
Talos Blog
added 2024/07/11 6:0 p.m.20 views

Checking in on the state of cybersecurity and the Olympics

With the 2024 Olympics Opening Ceremony only two weeks away now, there is one thing thats an absolute guarantee of one thing happening during the traditionally unpredictable games: Cyber attacks. Every time there is a new Olympic Games, theres a renewed discussion about how threat actors,...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2024/07/11 10:0 a.m.10 views

Impact of data breaches is fueling scam campaigns

Data breaches have become one of the most crucial threats to organizations across the globe, and theyve only become more prevalent and serious over time. A data breach occurs when unauthorized individuals gain access to sensitive, protected or confidential data. This stolen data can include...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2024/07/10 4:0 p.m.44 views

15 vulnerabilities discovered in software development kit for wireless routers

Cisco Talos Vulnerability Research team recently discovered 15 vulnerabilities in the Realtek rtl819x Jungle software development kit used in some small and home office wireless routers. This SDK uses the discontinued, open-source Boa as its web server. Talos researchers discovered these...

9.8CVSS9.1AI score0.26288EPSS
Exploits9
Talos Blog
Talos Blog
added 2024/07/10 12:0 p.m.12 views

Hidden between the tags: Insights into spammers’ evasion techniques in HTML Smuggling

Cisco Talos has spotted several malicious email campaigns over the past few months that disguise JavaScript code within HTML email attachments, a technique commonly known as "HTML Smuggling." Cisco Talos has noticed that some industry verticals were targeted more than others by email threats usin...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2024/07/10 10:0 a.m.50 views

Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs

Given the recent slate of massive ransomware attacks that have disrupted everything from hospitals to car dealerships, Cisco Talos wanted to take a renewed look at the top ransomware players to see where the current landscape stands. Based on a comprehensive review of more than a dozen prominent...

9.8CVSS9.3AI score0.99999EPSS
Exploits134
Talos Blog
Talos Blog
added 2024/07/09 6:1 p.m.43 views

Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 142 vulnerabilities across its suite of products and software. Of those, there are five critical vulnerabilities, and every other security issue disclosed this month is considered "important." This is the largest Patch Tuesday...

9.8CVSS10AI score0.75365EPSS
Exploits6
Talos Blog
Talos Blog
added 2024/07/09 12:0 p.m.14 views

How do cryptocurrency drainer phishing scams work?

By Teoderick Contreras and Jose Hernandez of Splunk, with contributions from the Splunk Threat Research Team. Cryptodrainer scams have emerged as a significant threat in the cryptocurrency ecosystem, targeting unsuspecting individuals with the promise of easy profits while covertly siphoning thei...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2024/06/27 6:0 p.m.31 views

We’re not talking about cryptocurrency as much as we used to, but there are still plenty of scammers out there

AI has since replaced "cryptocurrency" and "blockchain" as the cybersecurity buzzwords everyone wants to hear. Were not getting as many headlines about cryptocurrency miners, the security risks or promises of the blockchain, or non-fungible tokens being referenced on "Saturday Night Live." A repo...

9.1CVSS7.2AI score0.75812EPSS
Exploits3
Talos Blog
Talos Blog
added 2024/06/27 12:1 p.m.18 views

Snowflake isn’t an outlier, it’s the canary in the coal mine

By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login credentials for...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2024/06/26 4:0 p.m.79 views

Multiple vulnerabilities in TP-Link Omada system could lead to root access

The TP-Link Omada system is a software-defined networking solution for small to medium-sized businesses. It touts cloud-managed devices and local management for all Omada devices. The supported devices in this ecosystem vary greatly but include wireless access points, routers, switches, VPN devic...

8.1CVSS9.4AI score0.13479EPSS
Exploits14
Talos Blog
Talos Blog
added 2024/06/21 12:0 p.m.19 views

Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia

Cisco Talos discovered a new remote access trojan RAT dubbed SpiceRAT, used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. We observed that SneakyChef launched a phishing campaign, sending emails delivering SugarGh0st and SpiceRAT with the same...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2024/06/21 12:0 p.m.37 views

SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques

Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. In the newly discovered campaign, we observed a wider scope of targets spread across countries in EMEA and Asia, compared with previous...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2024/06/20 6:0 p.m.28 views

Tabletop exercises are headed to the next frontier: Space

I think we can all agree that tabletop exercises are a good thing. They allow organizations of all sizes to test their incident response plans without the potentially devastating effects of a real-world cyber attack or intrusion. As part of my role at Talos, Ive read hundreds of tabletop exercise...

9.8CVSS8.2AI score0.99474EPSS
Exploits11
Talos Blog
Talos Blog
added 2024/06/18 12:0 p.m.19 views

Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more

This blog post is part of a multi-part series, and it is highly recommended to read the first entry here before continuing. As the second entry in our "Exploring malicious Windows drivers" series, we will continue where the first left off: Discussing the I/O system and IRPs. We will expand on the...

6.6AI score
Exploits0
Talos Blog
Talos Blog
added 2024/06/18 11:57 a.m.19 views

How are attackers trying to bypass MFA?

In the latest Cisco Talos Incident Response Quarterly Trends report, instances related to multi-factor authentication MFA were involved in nearly half of all security incidents that our team responded to in the first quarter of 2024. In 25% of engagements, the underlying cause was users accepting...

8.1AI score
Exploits0
Talos Blog
Talos Blog
added 2024/06/13 6:0 p.m.18 views

How we can separate botnets from the malware operations that rely on them

As I covered in last weeks newsletter, law enforcement agencies from around the globe have been touting recent botnet disruptions affecting the likes of some of the largest threat actors and malware families. Operation Endgame, which Europol touted as the "largest ever operation against botnets,"...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2024/06/13 10:0 a.m.14 views

Operation Celestial Force employs mobile and desktop malware to target Indian entities

By Gi7w0rm, Asheer Malhotra and Vitor Ventura. Cisco Talos is disclosing a new malware campaign called "Operation Celestial Force" running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track a...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2024/06/11 5:46 p.m.121 views

Only one critical issue disclosed as part of Microsoft Patch Tuesday

Microsoft released its monthly security update Tuesday, disclosing 49 vulnerabilities across its suite of products and software. Of those there is only one critical vulnerability. Every other security issues disclosed this month is considered "important." The lone critical security issue is...

9.8CVSS9.8AI score0.68202EPSS
Exploits15
Talos Blog
Talos Blog
added 2024/06/06 6:0 p.m.26 views

The sliding doors of misinformation that come with AI-generated search results

As someone who used to think that his entire livelihood would come from writing, Ive long wondered if any sort of computer or AI could replace my essential functions at work. For now, it seems there are enough holes in AI-generated language that my ability to write down a complete, accurate and...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2024/06/05 12:0 p.m.25 views

DarkGate switches up its tactics with new payload, email templates

This post was authored by Kalpesh Mantri. Cisco Talos is actively tracking a recent increase in activity from malicious email campaigns containing a suspicious Microsoft Excel attachment that, when opened, infected the victims system with the DarkGate malware. These campaigns, active since the...

7.9AI score
Exploits0
Talos Blog
Talos Blog
added 2024/05/31 12:0 p.m.27 views

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures TTPs are common among other banking trojans coming out of Brazil. This family has also been...

8AI score
Exploits0
Total number of security vulnerabilities2032