πŸ”’
❌
There are new articles available, click to refresh the page.
Before yesterdayCisco Talos

De-anonymizing ransomware domains on the dark web

By Paul Eubanks. We have developed three techniques to identify ransomware operators' dark websites hosted on public IP addresses, allowing us to uncover previously unknown infrastructure for the DarkAngels, Snatch, Quantum and Nokoyawa ransomware groups.The methods we used to identify the public...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for June 17 to June 24

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 17 and June 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Avos ransomware group expands with new attack arsenal

By Flavio Costa, Chris Neal and Guilherme Venere. In a recent customer engagement, we observed a month-long AvosLocker campaign. The attackers utilized several different tools, including Cobalt Strike, Sliver and multiple commercial network scanners. The initial ingress point in this incident was...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for June 10 to June 17

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 10 and June 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (June 16, 2022) β€” Three top takeaways from Cisco Live

By Jon Munshaw.Β  Welcome to this week’s edition of the Threat Source newsletter.Β  I’m still decompressing from Cisco Live and the most human interaction I’ve had in a year and a half.Β Β  But after spending a few days on the show floor and interacting with everyone, there are a...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Vulnerabilities in Anker Eufy Homebase could lead to code execution, authentication bypass

Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Β  Cisco Talos recently discovered three vulnerabilities in the Anker Eufy Homebase 2.Β  The Eufy Homebase 2 is the video storage and networking gateway that works with Anker’s Eufy Smarthome ecosystem....

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Microsoft Patch Tuesday for June 2022 β€” Snort rules and prominent vulnerabilities

By Chetan Raghuprasad. Microsoft released its monthly security update Tuesday, disclosing 55 vulnerabilities in the company’s firmware and software. One of these vulnerabilities is considered critical, 40 are listed as high severity, and the remainder is considered "moderate."Β  The most...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (June 9, 2022) β€” Get ready for Cisco Live

By Jon Munshaw.Β  Welcome to this week’s edition of the Threat Source newsletter.Β  Another week, another conference. We’re heading a few miles southeast from San Francisco to Las Vegas for Cisco Live. I hope everyone had a safe, healthy and enjoyable RSA, but the fun isn’t over just...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos EMEA monthly update: Business email compromise

The latest edition of the Talos EMEA Monthly Update is available now on Cisco.com and Cisco's YouTube page. You can also view the episode in its entirety above. For June, Hazel and Martin got together to discuss business email compromise. BEC has quickly become the most lucrative attack vector for...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Advisory: Atlassian Confluence zero-day vulnerability under active exploitation

Cisco Talos is monitoring reports of an actively exploited zero-day vulnerability in Confluence Data Center and Server. Confluence is a Java-based corporate Wiki employed by numerous enterprises. At this time, it is confirmed that all supported versions of Confluence are affected by this...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for May 27 to June 3

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 27 and June 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (June 2, 2022) β€” An RSA Conference primer

By Jon Munshaw.Β  Welcome to this week’s edition of the Threat Source newsletter.Β  Many of you readers may be gearing up for a West Coast swing over the next few weeks through San Francisco and Las Vegas for RSA and Cisco Live, respectively. And we’re right behind you!Β Β  Talos...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Advisory: Zero-day vulnerability in Microsoft diagnostic tool MSDT could lead to code execution

A recently discovered zero-day vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) made headlines over the past few days. CVE-2022-30190, also known under the name "Follina," exists when MSDT is called using the URL protocol from an application, such as Microsoft Office, Microsoft...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Researcher Spotlight: Martin Lee, EMEAR lead, Talos Strategic Communications

Who knew you could connect Moses to threat intelligence? Β By Jon Munshaw.Β  When the security community usually thinks about the origins of cybersecurity and threat intelligence, the conversation may quickly center around the codebreakers in World War II or the Creeper software developed...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for May 20 to May 27

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 20 and May 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (May 26, 2022) β€” BlackByte adds itself to the grocery list of big game hunters

By Jon Munshaw.Β  Welcome to this week’s edition of the Threat Source newsletter.Β  Given the recent tragedies in the U.S., I don’t feel it’s appropriate to open by being nostalgic or trying to be witty β€” let’s just stick to some security news this week.Β Β Β Β The one big...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service

Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Β  Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software Platform that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for May 13 to May 20

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 13 and May 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (May 19, 2022) β€” Why I'm missing the days of iPods and LimeWire

By Jon Munshaw.Β  Welcome to this week’s edition of the Threat Source newsletter.Β  I will openly admit that I still own a β€œclassic” iPod β€” the giant brick that weighed down my skinny jeans in high school and did nothing except play music. There are dozens of hours of music on there that I...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
❌