Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 13 and Aug. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   We have RATs on RATs on RATs over the past few weeks. And last week, we found a few more heading to Latin America to target users and try to steal their login credentials. The threat actor in this case has some compelling...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. As more people around the world start to get vaccinated against COVID-19, travel is becoming easier, especially during...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 20 and Aug. 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

By Edmund Brumaghin and Vitor Ventura. With internet-sharing applications, or "proxyware," users download software that allows them to share a percentage of their bandwidth with other internet users for a fee, with the companies that created this software acting as a go-between.As proxyware has...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

By Caitlin Huey, David Liebenberg, Azim Khodjibaev, and Dmytro Korzhevin. Executive summary Cisco Talos recently became aware of a leaked playbook that has been attributed to the ransomware-as-a-service (RaaS) group Conti. Talos has a team of dedicated, native-level speakers that translated these...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   If you haven't seen already, our blog has a lot of cool and new stuff this week. We first dove into the world of proxyware on Tuesday (aka internet-sharing applications). Attackers are hiding in this newly popular...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos (BWT) Podcast episode No. 109 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify  StitcherIf iTunes and Google Play aren't your thing, click here. Most of the Beers with Talos guys got a chance to take...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. “Proxyware” sounds like a complicated topic that you’re too afraid to ask about. But really, it’s just software that...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 27 and Sept. 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Lilith >_> of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.  Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in Ribbonsoft’s dxflib library that could lead to code execution.  The dxflib library is a C++ library utilized by...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Cisco Talos released new SNORT® rules Thursday to protect against the exploitation of a zero-day vulnerability in Microsoft MSHTML that the company warns is being actively exploited in the wild.  Users are encouraged to deploy SIDs 58120 – 58129, Snort 3 SID 300049 and ClamAV signature ID:...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   The biggest security news this week is no doubt another Microsoft zero-day. On the heels of PrintNightmare and multiple Exchange Server vulnerabilities comes a code execution vulnerability in MSHTML, the rendering engine...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. There's a lot to take apart in the recently leaked Conti ransomware playbook. After a disgruntled member of the...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 3 and Sept. 10. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw.  Cisco Talos recently discovered a vulnerability in the Nitro Pro PDF reader that could allow an attacker to execute code in the context of the application.  Nitro Pro PDF is part of Nitro Software’s...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

TalosIntelligence.com will be down for a short time on Sept. 17 around 10 a.m. ET while we perform some routine maintenance on the site.  We apologize for any inconvenience this may cause. We expect the interruption will only last for about 30 minutes.  

[[ This is only the beginning! Please visit the blog for the complete entry ]]

By Jon Munshaw, with contributions from Holger Unterbrink.  Microsoft released its monthly security update Tuesday, disclosing 85 vulnerabilities across the company’s firmware and software. This month’s release is headlined by an official patch for the critical remote code execution...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

By Tiago Pereira and Vitor Ventura. Cisco Talos linked the recent aviation targeting campaigns to an actor who has been targeting the aviation industry for two years.The same actor has been running successful malware campaigns for more than five years.Although always using commodity malware, the...

[[ This is only the beginning! Please visit the blog for the complete entry ]]