πŸ”’
There are new articles available, click to refresh the page.
βœ‡ Cisco Talos

Talos Takes Ep. #73 (NCSAM edition): Fight the phish from land, sea and air

By: [email protected] (Jon Munshaw) β€”
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit theΒ Talos Takes page. Most people may think of spam as being the classic email promising that you've won the lottery or some great prize,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
βœ‡ Cisco Talos

Threat Roundup for October 8 to October 15

By: [email protected] (William Largent) β€”
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 8 and Oct. 15. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
βœ‡ Cisco Talos

Vulnerability Spotlight: Multiple vulnerabilities in ZTE MF971R LTE router

By: [email protected] (Jon Munshaw) β€”
Marcin β€œIcewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Β  Cisco Talos recently discovered multiple vulnerabilities in the ZTE MF971R LTE portable router.Β  The MF971R is a portable router with Wi-Fi support and works as an LTE/GSM modem. An attacker could...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
βœ‡ Cisco Talos

Beers with Talos, Ep. #110: The 10 most-exploited vulnerabilities this year (You won't believe No. 6!)

By: [email protected] (Jon Munshaw) β€”
Beers with Talos (BWT) Podcast episode No. 110 is now available. Download this episode and subscribe to Beers with Talos:Apple PodcastsΒ Google PodcastsSpotifyΒ Β StitcherIf iTunes and Google Play aren't your thing, clickΒ here. We mainly spend this episode doing some catching up...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
βœ‡ Cisco Talos

Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India

By: [email protected] (Unknown) β€”
Cisco Talos recently discovered a threat actor using political and government-themed malicious domains to target entities in India and Afghanistan.These attacks use dcRAT and QuasarRAT for Windows delivered via malicious documents exploiting CVE-2017-11882 β€” a memory corruption vulnerability in...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
βœ‡ Cisco Talos

Threat Source newsletter (Oct. 21, 2021)

By: [email protected] (Jon Munshaw) β€”
Β Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.Β Β  We're writing this on Wednesday for PTO reasons, so apologies if we miss any major news that happens after Wednesday afternoon.Β  Above, you can watch our awesome live stream from Monday with Brad Garnett from...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
βœ‡ Cisco Talos

Threat Roundup for October 15 to October 22

By: [email protected] (William Largent) β€”
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 15 and Oct. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
βœ‡ Cisco Talos

SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike

By: [email protected] (Edmund Brumaghin) β€”
By Edmund Brumaghin, Mariano Graziano and Nick Mavis. Executive summary Recently, a new threat, referred to as "SQUIRRELWAFFLE" is being spread more widely via spam campaigns, infecting systems with a new malware loader. This is a malware family that's been spread with increasing regularity and...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
βœ‡ Cisco Talos

Quarterly Report: Incident Response trends from Q3 2021

By: [email protected] (Jon Munshaw) β€”
Ransomware again dominated the threat landscape, while BEC grewΒ  By David Liebenberg and Caitlin Huey.Β  Once again, ransomware was the most dominant threat observed in Cisco Talos Incident Response (CTIR) engagements this quarter.Β Β  CTIR helped resolve several significant...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
βœ‡ Cisco Talos

Threat Source newsletter (Oct. 28, 2021)

By: [email protected] (Jon Munshaw) β€”
Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.Β Β  Most people know about chicken and waffles. But what about squirrel and waffles? They may not be the most appetizing brunch, but they are teaming up for one heck of a spam campaign.Β  We have new research out...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
βœ‡ Cisco Talos

Threat Roundup for October 22 to October 29

By: [email protected] (William Largent) β€”
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 22 and Oct. 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
βœ‡ Cisco Talos

Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk

By: [email protected] (Chetan Raghuprasad) β€”
By Chetan Raghuprasad and Vanja Svajcer, with contributions from Caitlin Huey. Cisco Talos recently discovered a malicious campaign deploying variants of the Babuk ransomware predominantly affecting users in the U.S. with smaller number of infections in U.K., Germany, Ukraine, Finland, Brazil,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
βœ‡ Cisco Talos

The features all Incident Response Plans need to have

By: [email protected] (Martin Lee) β€”
By Paul Lee, Yuri Kramarz and Martin Lee. Adversaries are always growing their capabilities and changing their tactics, leading to a greater number of incidents and data breaches. This is supported by organizations such as ITRC who reports that the number of data breaches in 2021 is already greater...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
βœ‡ Cisco Talos

Threat Source newsletter (Nov. 4, 2021)

By: [email protected] (Jon Munshaw) β€”
Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.Β Β  A series of vulnerabilities in Microsoft Exchange Server made waves earlier this year for coming under attack. And while they've come and gone from the headlines since then, attackers are still very much paying...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
βœ‡ Cisco Talos

Threat Roundup for October 29 to November 5

By: [email protected] (William Largent) β€”
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 29 and Nov. 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
βœ‡ Cisco Talos

Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton

By: [email protected] (Jon Munshaw) β€”
By Claudio Bozzato and Lilith [-_-];. Following our previous engagements (see blog posts 1, 2, 3 and 4) with Microsoft's Azure Sphere IoT platform, we decided to take another look at the device, without all the rush and commotion that normally entails a hacking challenge.Β  Today, we’re...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
βœ‡ Cisco Talos

Microsoft Patch Tuesday for Nov. 2021 β€” Snort rules and prominent vulnerabilities

By: [email protected] (Jon Munshaw) β€”
By Jon Munshaw and Tiago Pereira.Β  Microsoft released its monthly security update Tuesday, disclosing 56 vulnerabilities in the company’s various software, hardware and firmware offerings, including one that’s actively being exploited in the wild.Β Β  November’s security update...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
βœ‡ Cisco Talos

North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets

By: [email protected] (Unknown) β€”
Β  ByΒ Jung soo AnΒ andΒ Asheer Malhotra, with contributions fromΒ Kendall McKay. Cisco Talos has observed a new malware campaign operated by the Kimsuky APT group since June 2021.Kimsuky, also known as Thallium and Black Banshee, is a North Korean state-sponsored advanced...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
βœ‡ Cisco Talos

Threat Source newsletter (Nov. 11, 2021)

By: [email protected] (Jon Munshaw) β€”
Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.Β Β  It's important to be proactive, and not reactive, with your security. It's always better to see the worst coming and block it than have to scramble to deal with the worst-case scenario in the moment. That's why it's so...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
❌