Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2024/05/30 6:0 p.m.27 views

Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks

My wife no stranger to weird types of scams recently received a fake text message from someone claiming to be New Jerseys E-ZPass program saying that she had an outstanding balance from highway tolls that she owed, prompting her to visit a site so she could pay and avoid additional fines. There w...

9.8CVSS7.4AI score0.01512EPSS
Exploits3
Talos Blog
Talos Blog
added 2024/05/30 12:1 p.m.28 views

LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader

By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White. Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor APT were calling "LilacSquid." LilacSquids victimology includes a diverse...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2024/05/29 4:32 p.m.29 views

New Generative AI category added to Talos reputation services

Cisco Talos is preparing to release the first in a series of changes to our Web Categorization system, which is designed to simplify the verbiage we use. In mid-June, were adding a new "Generative AI" category that will apply to certain websites. The "Content Category" appears whenever a user...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2024/05/29 4:7 p.m.45 views

Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges

Cisco Talos Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past three weeks, including two in the popular Adobe Acrobat Reader software. Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read...

9.8CVSS9.8AI score0.01986EPSS
Exploits16
Talos Blog
Talos Blog
added 2024/05/23 6:0 p.m.18 views

Apple and Google are taking steps to curb the abuse of location-tracking devices — but what about others?

Since the advent of products like the Tile and Apple AirTag, both used to keep track of easily lost items like wallets, keys and purses, bad actors and criminals have found ways to abuse them. These adversaries can range from criminals just looking to do something illegal for a range of reasons,...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2024/05/22 12:17 p.m.22 views

From trust to trickery: Brand impersonation over the email attack vector

Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation. Talos has discovered a wide range of techniques threat actors use to embed and deliver brand logos via emails to their victims. Talos is providing n...

6.5AI score
Exploits0
Talos Blog
Talos Blog
added 2024/05/16 6:0 p.m.42 views

Rounding up some of the major headlines from RSA

While I one day wish to make it to the RSA Conference in person, Ive never had the pleasure of making the trek to San Francisco for one of the largest security conferences in the U.S. Instead, I had to watch from afar and catch up on the internet every day like the common folk. This at least give...

7.8CVSS7.6AI score0.8399EPSS
Exploits2
Talos Blog
Talos Blog
added 2024/05/16 12:0 p.m.22 views

Talos releases new macOS open-source fuzzer

Cisco Talos has developed a fuzzer that enables us to test macOS software on commodity hardware. Fuzzer utilizes a snapshot-based fuzzing approach and is based on WhatTheFuzz framework. Support for VM state extraction was implemented and WhatTheFuzz was extended to support the loading of VMWare...

6.6AI score
Exploits0
Talos Blog
Talos Blog
added 2024/05/14 5:57 p.m.62 views

Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other zero-day in DWN Core

After a relatively hefty Microsoft Patch Tuesday in April, this months security update from the company only included one critical vulnerability across its massive suite of products and services. In all, Mays slate of vulnerabilities disclosed by Microsoft included 59 total CVEs, most of which ar...

7.8CVSS7.3AI score0.8399EPSS
Exploits2
Talos Blog
Talos Blog
added 2024/05/14 12:42 p.m.20 views

Talos joins CISA to counter cyber threats against non-profits, activists and other at-risk communities

Cisco Talos is delighted to share updates about our ongoing partnership with the U.S. Cybersecurity and Infrastructure Security Agency CISA to combat cybersecurity threats facing civil society organizations. Talos has partnered with CISA on several initiatives through the Joint Cyber Defense...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2024/05/09 6:0 p.m.40 views

A new alert system from CISA seems to be effective — now we just need companies to sign up

One of the great cybersecurity challenges organizations currently face, especially smaller ones, is that they dont know what they dont know. Its tough to have your eyes on everything all the time, especially with so many pieces of software running and IoT devices extending the reach of networks...

9.8CVSS8.9AI score0.63076EPSS
Exploits2
Talos Blog
Talos Blog
added 2024/05/08 4:0 p.m.37 views

Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution

Cisco Talos Vulnerability Research team recently disclosed three zero-day vulnerabilities that are still unpatched as of Wednesday, May 8. Two vulnerabilities in this group -- one in the Tinyroxy HTTP proxy daemon and another in the stbvorbis.c file library -- could lead to arbitrary code...

9.8CVSS9.5AI score0.63076EPSS
Exploits3
Talos Blog
Talos Blog
added 2024/05/02 6:0 p.m.20 views

What can we learn from the passwords used in brute-force attacks?

Brute force attacks are one of the most elementary cyber threats out there. Technically, anyone with a keyboard and some free time could launch one of them -- just try a bunch of different username and password combinations on the website of your choice until you get blocked. Nick Biasini and I...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2024/05/01 4:0 p.m.56 views

Vulnerabilities in employee management system could lead to remote code execution, login credential theft

Cisco Talos Vulnerability Research team has disclosed more than a dozen vulnerabilities over the past three weeks, five in a device that allows employees to check in and out of their shifts, and another that exists in an open-source library used in medical device imaging files. The Peplink Smart...

9.1CVSS9.2AI score0.37678EPSS
Exploits12
Talos Blog
Talos Blog
added 2024/04/30 12:0 p.m.14 views

Cisco Talos at RSAC 2024

With RSAC just a week away, Cisco Talos is gearing up for another year of heading to San Francisco to share in some of the latest major cybersecurity announcements, research and news. Weve pulled together the highlights, so you dont miss out on all things Talos. Tuesday, May 7 Joe Marshall will b...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2024/04/29 12:0 p.m.20 views

James Nutland studies what makes threat actors tick, growing our understanding of the current APT landscape

If state-sponsored actors are after one thing, its to spread fear and uncertainty across the internet. Theres always money to be made targeting individual businesses and organizations, but for James Nutlands work, its always about the bigger picture. And his background in studying counterterroris...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2024/04/25 6:0 p.m.38 views

The private sector probably isn’t coming to save the NVD

I wrote last week about the problems arising from the massive backlog of vulnerabilities at the U.S. National Vulnerability Database. Thousands of CVEs are still without analysis data, and the once-reliable database of every single vulnerability thats disclosed and/or patched is now so far behind...

4.3CVSS7.3AI score0.14949EPSS
Exploits0
Talos Blog
Talos Blog
added 2024/04/25 12:0 p.m.72 views

Talos IR trends: BEC attacks surge, while weaknesses in MFA persist

Business email compromise BEC was the top threat observed by Cisco Talos Incident Response Talos IR in the first quarter of 2024, accounting for nearly half of engagements, which is more than double what was observed in the previous quarter. The most observed means of gaining initial access was t...

7.5CVSS8.3AI score0.7761EPSS
Exploits8
Talos Blog
Talos Blog
added 2024/04/24 3:54 p.m.76 views

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

Updated 2024-04-25 16:57 GMT with minor wording corrections regarding the targeting of other vendors. ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the...

10CVSS8.3AI score0.87397EPSS
Exploits9
Talos Blog
Talos Blog
added 2024/04/23 12:1 p.m.27 views

Suspected CoralRaider continues to expand victimology using three information stealers

By Joey Chen, Chetan Raghuprasad and Alex Karkins. Cisco Talos discovered a new ongoing campaign since at least February 2024, operated by a threat actor distributing three famous infostealer malware, including Cryptbot, LummaC2 and Rhadamanthys. Talos also discovered a new PowerShell command-lin...

8.2AI score
Exploits0
Talos Blog
Talos Blog
added 2024/04/19 12:0 p.m.23 views

What’s the deal with the massive backlog of vulnerabilities at the NVD?

The National Vulnerability Database is usually the single source of truth for all things related to security vulnerabilities. But now, theyre facing an uphill battle against a massive backlog of vulnerabilities, some of which are still waiting to be analyzed, and others that still have an...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2024/04/18 6:0 p.m.25 views

Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?

If youre a regular reader of this newsletter, you already know about how strongly I feel about the dangers of spreading fake news, disinformation and misinformation. And honestly, if youre reading this newsletter, I probably shouldnt have to tell you about that either. But one of the things that...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2024/04/17 11:59 a.m.32 views

OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal

During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. The results of the investigation have shown that the...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2024/04/16 12:0 p.m.49 views

Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials

Cisco Talos would like to acknowledge Anna Bennett and Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to the identification of these attacks. Cisco Talos is actively monitoring a global increase in...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2024/04/11 6:0 p.m.18 views

The internet is already scary enough without April Fool’s jokes

I feel like over the past several years, the "holiday" that is April Fools Day has really died down. At this point, there are few headlines you can write that would be more ridiculous than something youd find on a news site any day of the week. And there are so many more serious issues that are...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2024/04/10 4:56 p.m.40 views

Vulnerability in some TP-Link routers could lead to factory reset

Cisco Talos Vulnerability Research team has disclosed 10 vulnerabilities over the past three weeks, including four in a line of TP-Link routers, one of which could allow an attacker to reset the devices settings back to the factory default. A popular open-source software for internet-of-things Io...

5.8CVSS9.3AI score0.13479EPSS
Exploits16
Talos Blog
Talos Blog
added 2024/04/09 6:23 p.m.41 views

April’s Patch Tuesday includes 150 vulnerabilities, 60 which could lead to remote code execution

In one of the largest Patch Tuesdays in years, Microsoft disclosed 150 vulnerabilities across its software and product portfolio this week, including more than 60 that could lead to remote code execution. Though Aprils monthly security update from Microsoft is the largest since at least the start...

6.5CVSS8.6AI score0.03199EPSS
Exploits0
Talos Blog
Talos Blog
added 2024/04/09 12:2 p.m.32 views

Starry Addax targets human rights defenders in North Africa with new malware

Cisco Talos is disclosing a new threat actor we deemed "Starry Addax" targeting mostly human rights activists associated with the Sahrawi Arab Democratic Republic SADR cause with a novel mobile malware. Starry Addax conducts phishing attacks tricking their targets into installing malicious Androi...

8.1AI score
Exploits0
Talos Blog
Talos Blog
added 2024/04/04 6:0 p.m.29 views

There are plenty of ways to improve cybersecurity that don’t involve making workers return to a physical office

As my manager knows, Im not the biggest fan of working in a physical office. Im a picky worker -- I like my workspace to be borderline frigid, I hate dark mode on any software, and I want any and all lighting cranked all the way up. So, know that Im biased going into this, but I also cant get ove...

7.5CVSS7.7AI score0.85974EPSS
Exploits40
Talos Blog
Talos Blog
added 2024/04/04 12:0 p.m.22 views

CoralRaider targets victims’ data and social media accounts

Cisco Talos discovered a new threat actor were calling "CoralRaider" that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries. This group focuses on stealing victims...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2024/04/02 12:0 p.m.19 views

Adversaries are leveraging remote access tools now more than ever — here’s how to stop them

Remote system management/desktop access tools such as AnyDesk and TeamViewer have grown in popularity since 2020. While there are many legitimate uses for this software, adversaries are also finding ways to use them for command and control in their campaigns. There is no easy way to effectively...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2024/03/28 2:0 p.m.19 views

Enter the substitute teacher

Welcome to this weeks threat source newsletter with Jon out, youve got me as your substitute teacher. Im taking you back to those halcyon days of youth and that moment when you found out that you had a sub that day, will I be the teacher that just rolls in the TV cart and delivers the single...

7.7AI score
Exploits0
Talos Blog
Talos Blog
added 2024/03/21 6:0 p.m.22 views

“Pig butchering” is an evolution of a social engineering tactic we’ve seen for years

Whether you want to call them "catfishing," "pig butchering" or just good old-fashioned "social engineering," romance scams have been around forever. I was first introduced to them through the MTV show "Catfish," but recently they seem to be making headlines as the term "pig butchering" enters th...

8.1AI score
Exploits0
Talos Blog
Talos Blog
added 2024/03/21 1:8 p.m.29 views

New details on TinyTurla’s post-compromise activity reveal full kill chain

Cisco Talos is providing an update on its two recent reports on a new and ongoing campaign where Turla, a Russian espionage group, deployed their TinyTurla-NG TTNG implant. We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures TTPs...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2024/03/20 4:0 p.m.47 views

Netgear wireless router open to code execution after buffer overflow vulnerability

Cisco Talos Vulnerability Research team recently disclosed three vulnerabilities across a range of products, including one that could lead to remote code execution in a popular Netgear wireless router designed for home networks. There is also a newly disclosed vulnerability in a graphics driver f...

5.8CVSS8.9AI score0.19507EPSS
Exploits1
Talos Blog
Talos Blog
added 2024/03/20 12:0 p.m.50 views

Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word

Cisco Talos disclosed several vulnerabilities in JustSystems Ichitaro Word Processor last year. These vulnerabilities were complex and were discovered through extensive reverse engineering. CVE-2023-35126 and its peers CVE-2023-34366, CVE-2023-38127, and CVE-2023-38128 were each assessed as...

4.4CVSS6.9AI score0.00678EPSS
Exploits4
Talos Blog
Talos Blog
added 2024/03/15 2:0 p.m.43 views

The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions

In ancient Greek mythos, the mighty Hercules faced a seemingly insurmountable challenge when he encountered the Lernaean Hydra. This fearsome serpent had a terrifying ability: For every head that Hercules severed, two more would spring forth, creating a never-ending cycle of regrowth and renewal...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2024/03/14 6:0 p.m.34 views

Not everything has to be a massive, global cyber attack

Some of my Webex rooms recently have been blowing up with memes about blaming Canada or wild speculation that a state-sponsored actor is carrying out some sort of major campaign. After a widespread outage of cellular service with AT&T and other carriers a few weeks ago, people were sure it was so...

6.8AI score0.01231EPSS
Exploits0
Talos Blog
Talos Blog
added 2024/03/13 12:0 p.m.30 views

Threat actors leverage document publishing sites for ongoing credential and session token theft

Cisco Talos Incident Response Talos IR has observed the ongoing use of legitimate digital document publishing DDP sites for phishing, credential theft and session token theft during recent incident response and threat intelligence engagements. Hosting phishing lures on DDP sites increases the...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2024/03/12 6:7 p.m.44 views

Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by Microsoft

For the second month in 2024, there are no actively exploited vulnerabilities included in this months security update from Microsoft. Marchs Patch Tuesday is relatively light, containing 60 vulnerabilities -- only two labeled "critical." Last months Patch Tuesday included more than 70 security...

7.5CVSS8.2AI score0.20157EPSS
Exploits0
Talos Blog
Talos Blog
added 2024/03/07 7:0 p.m.22 views

You’re going to start seeing more tax-related spam, but remember, that doesn’t actually mean there’s more spam

Its that time of the year when not only do you have to be worried about filing your federal taxes in the U.S., you must also be on the lookout for a whole manner of tax-related scams. These are something that pop up every year through email, texts, phone calls and even physical mail -- phony...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2024/03/07 3:0 p.m.37 views

The 3 most common post-compromise tactics on network infrastructure

Weve been discussing networking devices quite a lot recently and how Advanced Persistent Threat actors APTs are using highly sophisticated tactics to target aging infrastructure for espionage purposes. Some of these attacks are also likely prepositioning the APTs for future disruptive or...

8.3AI score
Exploits0
Talos Blog
Talos Blog
added 2024/03/05 8:30 p.m.28 views

Badgerboard: A PLC backplane network visibility module

Analysis of the traffic between networked devices has always been of interest since devices could even communicate with one another. As the complexity of networks grew, the more useful dedicated traffic analysis tools became. Major advancements have been made over the years with tools like Snort ...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2024/03/05 1:0 p.m.51 views

GhostSec’s joint ransomware operation and evolution of their arsenal

Cisco Talos observed a surge in GhostSec, a hacking groups malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware. The GhostSec and Stormous ransomware groups are jointly conducting double extortion...

6.4AI score
Exploits0
Talos Blog
Talos Blog
added 2024/03/04 1:0 p.m.15 views

Heather Couk is here to keep your spirits up during a cyber emergency, even if it takes the “Rocky” music

"Gotta Fly Now" is more closely associated with corporate hype videos or conferences with thousands of attendees in a mid-market citys convention center than it is from its origins in the "Rocky" movies. But Heather Couk thinks its useful in incident response calls, too. Couk, an incident respons...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2024/02/29 7:0 p.m.19 views

Why Apple added protection against quantum computing when quantum computing doesn’t even exist yet

Apple released a new update for nearly all its devices that provides an all-new type of encryption for its iMessages to the point that, in theory, iMessages are now protected against attacks from quantum computers. This is a little tricky because, as weve covered before, quantum computers dont...

8.2AI score
Exploits0
Talos Blog
Talos Blog
added 2024/02/28 5:0 p.m.38 views

Multiple vulnerabilities in Adobe Acrobat Reader could lead to remote code execution

Cisco Talos has disclosed more than 30 vulnerabilities in February, including seven in Adobe Acrobat Reader, one of the most popular PDF editing and reading software currently available. Adversaries could exploit these vulnerabilities to trigger the reuse of a previously freed object, thus causin...

7.5CVSS9.5AI score0.04448EPSS
Exploits19
Talos Blog
Talos Blog
added 2024/02/28 1:0 p.m.11 views

Stop running security in passive mode

As we begin a new year, we wanted to address one of the biggest issues we consistently see in our investigations: passive security. Incident response engagements are an important part of our work and the intelligence-gathering process and their associated reports can be a treasure trove of tactic...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2024/02/27 1:0 p.m.25 views

TimbreStealer campaign targets Mexican users with financial lures

Cisco Talos has discovered a new campaign operated by a threat actor distributing a previously unknown malware were calling "TimbreStealer." This threat actor was observed distributing TimbreStealer via a spam campaign using Mexican tax-related themes starting in at least November 2023. The threa...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2024/02/22 7:0 p.m.21 views

TikTok’s latest actions to combat misinformation shows it’s not just a U.S. problem

When we talk about the term "fake news," most people likely picture a certain person who made the term infamous. And when we talk about misinformation and disinformation, many will remember the "Russian troll farms" that popped up during the 2016 U.S. presidential election and were unmasked and...

6.9AI score
Exploits0
Total number of security vulnerabilities2032