By Paul Eubanks.
We have developed three techniques to identify ransomware operators' dark websites hosted on public IP addresses, allowing us to uncover previously unknown infrastructure for the DarkAngels, Snatch, Quantum and Nokoyawa ransomware groups.The methods we used to identify the public...
[[ This is only the beginning! Please visit the blog for the complete entry ]]
Before yesterdayCisco Talos
De-anonymizing ransomware domains on the dark web
28 June 2022 at 12:00
Threat Roundup for June 17 to June 24
24 June 2022 at 21:59
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 17 and June 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
[[ This is only the beginning! Please visit the blog for the complete entry ]]
[[ This is only the beginning! Please visit the blog for the complete entry ]]
Avos ransomware group expands with new attack arsenal
21 June 2022 at 11:59
By Flavio Costa, Chris Neal and Guilherme Venere.
In a recent customer engagement, we observed a month-long AvosLocker campaign. The attackers utilized several different tools, including Cobalt Strike, Sliver and multiple commercial network scanners. The initial ingress point in this incident was...
[[ This is only the beginning! Please visit the blog for the complete entry ]]
[[ This is only the beginning! Please visit the blog for the complete entry ]]
Threat Roundup for June 10 to June 17
17 June 2022 at 21:57
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 10 and June 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
[[ This is only the beginning! Please visit the blog for the complete entry ]]
[[ This is only the beginning! Please visit the blog for the complete entry ]]
Threat Source newsletter (June 16, 2022) β Three top takeaways from Cisco Live
16 June 2022 at 18:00
By Jon Munshaw.Β
Welcome to this weekβs edition of the Threat Source newsletter.Β
Iβm still decompressing from Cisco Live and the most human interaction Iβve had in a year and a half.Β Β
But after spending a few days on the show floor and interacting with everyone, there are a...
[[ This is only the beginning! Please visit the blog for the complete entry ]]
[[ This is only the beginning! Please visit the blog for the complete entry ]]
-
Cisco Talos
- Vulnerability Spotlight: Vulnerabilities in Anker Eufy Homebase could lead to code execution, authentication bypass
Vulnerability Spotlight: Vulnerabilities in Anker Eufy Homebase could lead to code execution, authentication bypass
15 June 2022 at 19:14
Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Β
Cisco Talos recently discovered three vulnerabilities in the Anker Eufy Homebase 2.Β
The Eufy Homebase 2 is the video storage and networking gateway that works with Ankerβs Eufy Smarthome ecosystem....
[[ This is only the beginning! Please visit the blog for the complete entry ]]
[[ This is only the beginning! Please visit the blog for the complete entry ]]
Microsoft Patch Tuesday for June 2022 β Snort rules and prominent vulnerabilities
14 June 2022 at 18:47
By Chetan Raghuprasad.
Microsoft released its monthly security update Tuesday, disclosing 55 vulnerabilities in the companyβs firmware and software. One of these vulnerabilities is considered critical, 40 are listed as high severity, and the remainder is considered "moderate."Β
The most...
[[ This is only the beginning! Please visit the blog for the complete entry ]]
[[ This is only the beginning! Please visit the blog for the complete entry ]]
Threat Source newsletter (June 9, 2022) β Get ready for Cisco Live
9 June 2022 at 18:00
By Jon Munshaw.Β
Welcome to this weekβs edition of the Threat Source newsletter.Β
Another week, another conference. Weβre heading a few miles southeast from San Francisco to Las Vegas for Cisco Live. I hope everyone had a safe, healthy and enjoyable RSA, but the fun isnβt over just...
[[ This is only the beginning! Please visit the blog for the complete entry ]]
[[ This is only the beginning! Please visit the blog for the complete entry ]]
Talos EMEA monthly update: Business email compromise
9 June 2022 at 12:16
The latest edition of the Talos EMEA Monthly Update is available now on Cisco.com and Cisco's YouTube page. You can also view the episode in its entirety above.
For June, Hazel and Martin got together to discuss business email compromise. BEC has quickly become the most lucrative attack vector for...
[[ This is only the beginning! Please visit the blog for the complete entry ]]
[[ This is only the beginning! Please visit the blog for the complete entry ]]
Threat Advisory: Atlassian Confluence zero-day vulnerability under active exploitation
9 June 2022 at 18:39
Cisco Talos is monitoring reports of an actively exploited zero-day vulnerability in Confluence Data Center and Server. Confluence is a Java-based corporate Wiki employed by numerous enterprises. At this time, it is confirmed that all supported versions of Confluence are affected by this...
[[ This is only the beginning! Please visit the blog for the complete entry ]]
[[ This is only the beginning! Please visit the blog for the complete entry ]]
Threat Roundup for May 27 to June 3
9 June 2022 at 18:40
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 27 and June 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
[[ This is only the beginning! Please visit the blog for the complete entry ]]
[[ This is only the beginning! Please visit the blog for the complete entry ]]
Threat Source newsletter (June 2, 2022) β An RSA Conference primer
2 June 2022 at 18:00
By Jon Munshaw.Β
Welcome to this weekβs edition of the Threat Source newsletter.Β
Many of you readers may be gearing up for a West Coast swing over the next few weeks through San Francisco and Las Vegas for RSA and Cisco Live, respectively. And weβre right behind you!Β Β
Talos...
[[ This is only the beginning! Please visit the blog for the complete entry ]]
[[ This is only the beginning! Please visit the blog for the complete entry ]]
-
Cisco Talos
- Threat Advisory: Zero-day vulnerability in Microsoft diagnostic tool MSDT could lead to code execution
Threat Advisory: Zero-day vulnerability in Microsoft diagnostic tool MSDT could lead to code execution
1 June 2022 at 14:40
A recently discovered zero-day vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) made headlines over the past few days. CVE-2022-30190, also known under the name "Follina," exists when MSDT is called using the URL protocol from an application, such as Microsoft Office, Microsoft...
[[ This is only the beginning! Please visit the blog for the complete entry ]]
[[ This is only the beginning! Please visit the blog for the complete entry ]]
Researcher Spotlight: Martin Lee, EMEAR lead, Talos Strategic Communications
31 May 2022 at 13:00
Who knew you could connect Moses to threat intelligence? Β By Jon Munshaw.Β
When the security community usually thinks about the origins of cybersecurity and threat intelligence, the conversation may quickly center around the codebreakers in World War II or the Creeper software developed...
[[ This is only the beginning! Please visit the blog for the complete entry ]]
[[ This is only the beginning! Please visit the blog for the complete entry ]]
Threat Roundup for May 20 to May 27
27 May 2022 at 20:38
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 20 and May 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
[[ This is only the beginning! Please visit the blog for the complete entry ]]
[[ This is only the beginning! Please visit the blog for the complete entry ]]
-
Cisco Talos
- Threat Source newsletter (May 26, 2022) β BlackByte adds itself to the grocery list of big game hunters
Threat Source newsletter (May 26, 2022) β BlackByte adds itself to the grocery list of big game hunters
26 May 2022 at 18:00
By Jon Munshaw.Β
Welcome to this weekβs edition of the Threat Source newsletter.Β
Given the recent tragedies in the U.S., I donβt feel itβs appropriate to open by being nostalgic or trying to be witty β letβs just stick to some security news this week.Β Β Β Β The one big...
[[ This is only the beginning! Please visit the blog for the complete entry ]]
[[ This is only the beginning! Please visit the blog for the complete entry ]]
-
Cisco Talos
- Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service
Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service
25 May 2022 at 15:18
Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Β
Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software Platform that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into...
[[ This is only the beginning! Please visit the blog for the complete entry ]]
[[ This is only the beginning! Please visit the blog for the complete entry ]]
Threat Roundup for May 13 to May 20
20 May 2022 at 18:26
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 13 and May 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
[[ This is only the beginning! Please visit the blog for the complete entry ]]
[[ This is only the beginning! Please visit the blog for the complete entry ]]
-
Cisco Talos
- Threat Source newsletter (May 19, 2022) β Why I'm missing the days of iPods and LimeWire
Threat Source newsletter (May 19, 2022) β Why I'm missing the days of iPods and LimeWire
19 May 2022 at 18:00
By Jon Munshaw.Β
Welcome to this weekβs edition of the Threat Source newsletter.Β
I will openly admit that I still own a βclassicβ iPod β the giant brick that weighed down my skinny jeans in high school and did nothing except play music. There are dozens of hours of music on there that I...
[[ This is only the beginning! Please visit the blog for the complete entry ]]
[[ This is only the beginning! Please visit the blog for the complete entry ]]