Threat Roundup for October 15 to October 22

October 22, 2021, 1:33 pm

≫ Next: SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike

≪ Previous: Threat Source newsletter (Oct. 21, 2021)

$

0

0

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 15 and Oct. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

---

SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike

October 26, 2021, 6:42 am

≫ Next: Quarterly Report: Incident Response trends from Q3 2021

≪ Previous: Threat Roundup for October 15 to October 22

$

0

0

By Edmund Brumaghin, Mariano Graziano and Nick Mavis. Executive summary Recently, a new threat, referred to as "SQUIRRELWAFFLE" is being spread more widely via spam campaigns, infecting systems with a new malware loader. This is a malware family that's been spread with increasing regularity and...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Quarterly Report: Incident Response trends from Q3 2021

October 28, 2021, 5:00 am

≫ Next: Threat Source newsletter (Oct. 28, 2021)

≪ Previous: SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike

$

0

0

Ransomware again dominated the threat landscape, while BEC grew  By David Liebenberg and Caitlin Huey.  Once again, ransomware was the most dominant threat observed in Cisco Talos Incident Response (CTIR) engagements this quarter.   CTIR helped resolve several significant...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Oct. 28, 2021)

October 28, 2021, 11:00 am

≫ Next: Threat Roundup for October 22 to October 29

≪ Previous: Quarterly Report: Incident Response trends from Q3 2021

$

0

0

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   Most people know about chicken and waffles. But what about squirrel and waffles? They may not be the most appetizing brunch, but they are teaming up for one heck of a spam campaign.  We have new research out...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for October 22 to October 29

October 29, 2021, 2:30 pm

≫ Next: Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk

≪ Previous: Threat Source newsletter (Oct. 28, 2021)

$

0

0

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 22 and Oct. 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk

November 3, 2021, 5:00 am

≫ Next: The features all Incident Response Plans need to have

≪ Previous: Threat Roundup for October 22 to October 29

$

0

0

By Chetan Raghuprasad and Vanja Svajcer, with contributions from Caitlin Huey. Cisco Talos recently discovered a malicious campaign deploying variants of the Babuk ransomware predominantly affecting users in the U.S. with smaller number of infections in U.K., Germany, Ukraine, Finland, Brazil,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

The features all Incident Response Plans need to have

November 4, 2021, 6:51 am

≫ Next: Threat Source newsletter (Nov. 4, 2021)

≪ Previous: Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk

$

0

0

By Paul Lee, Yuri Kramarz and Martin Lee. Adversaries are always growing their capabilities and changing their tactics, leading to a greater number of incidents and data breaches. This is supported by organizations such as ITRC who reports that the number of data breaches in 2021 is already greater...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Nov. 4, 2021)

November 4, 2021, 11:00 am

≫ Next: Threat Roundup for October 29 to November 5

≪ Previous: The features all Incident Response Plans need to have

$

0

0

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   A series of vulnerabilities in Microsoft Exchange Server made waves earlier this year for coming under attack. And while they've come and gone from the headlines since then, attackers are still very much paying...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

---

Threat Roundup for October 29 to November 5

November 5, 2021, 10:47 am

≫ Next: Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton

≪ Previous: Threat Source newsletter (Nov. 4, 2021)

$

0

0

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 29 and Nov. 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton

November 9, 2021, 10:42 am

≫ Next: Microsoft Patch Tuesday for Nov. 2021 — Snort rules and prominent vulnerabilities

≪ Previous: Threat Roundup for October 29 to November 5

$

0

0

By Claudio Bozzato and Lilith [-_-];. Following our previous engagements (see blog posts 1, 2, 3 and 4) with Microsoft's Azure Sphere IoT platform, we decided to take another look at the device, without all the rush and commotion that normally entails a hacking challenge.  Today, we’re...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Microsoft Patch Tuesday for Nov. 2021 — Snort rules and prominent vulnerabilities

November 9, 2021, 2:27 pm

≫ Next: North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets

≪ Previous: Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton

$

0

0

By Jon Munshaw and Tiago Pereira.  Microsoft released its monthly security update Tuesday, disclosing 56 vulnerabilities in the company’s various software, hardware and firmware offerings, including one that’s actively being exploited in the wild.   November’s security update...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets

November 10, 2021, 2:11 pm

≫ Next: Threat Source newsletter (Nov. 11, 2021)

≪ Previous: Microsoft Patch Tuesday for Nov. 2021 — Snort rules and prominent vulnerabilities

$

0

0

  By Jung soo An and Asheer Malhotra, with contributions from Kendall McKay. Cisco Talos has observed a new malware campaign operated by the Kimsuky APT group since June 2021.Kimsuky, also known as Thallium and Black Banshee, is a North Korean state-sponsored advanced...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (Nov. 11, 2021)

November 11, 2021, 11:00 am

≫ Next: Talos Takes Ep. #76: What is Kimsuky phishing around for?

≪ Previous: North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets

$

0

0

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   It's important to be proactive, and not reactive, with your security. It's always better to see the worst coming and block it than have to scramble to deal with the worst-case scenario in the moment. That's why it's so...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos Takes Ep. #76: What is Kimsuky phishing around for?

November 12, 2021, 8:37 am

≫ Next: Threat Roundup for November 5 to November 12

≪ Previous: Threat Source newsletter (Nov. 11, 2021)

$

0

0

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Blog posts aren't just for sharing your darkest secrets from high school anymore. They're also used by attackers to...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for November 5 to November 12

November 12, 2021, 11:33 am

≫ Next: Vulnerability Spotlight: Vulnerabilities in Lantronix PremierWave 2050 could lead to code execution, file deletion

≪ Previous: Talos Takes Ep. #76: What is Kimsuky phishing around for?

$

0

0

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 5 and Nov. 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

---

Vulnerability Spotlight: Vulnerabilities in Lantronix PremierWave 2050 could lead to code execution, file deletion

November 15, 2021, 11:23 am

≫ Next: Attackers use domain fronting technique to target Myanmar with Cobalt Strike

≪ Previous: Threat Roundup for November 5 to November 12

$

0

0

Matt Wiseman discovered these vulnerabilities. Blog by Jon Munshaw.  Cisco Talos recently discovered multiple vulnerabilities in Lantronix’s PremierWave 2050, an embedded Wi-Fi module.  There are several vulnerabilities in PremierWave 2050’s Web Manager, a web-accessible application that...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Attackers use domain fronting technique to target Myanmar with Cobalt Strike

November 16, 2021, 4:00 am

≫ Next: Talos’ tips for staying safe while shopping online this holiday season

≪ Previous: Vulnerability Spotlight: Vulnerabilities in Lantronix PremierWave 2050 could lead to code execution, file deletion

$

0

0

By Chetan Raghuprasad, Vanja Svajcer and Asheer Malhotra. News Summary Cisco Talos discovered a new malicious campaign using a leaked version of Cobalt Strike in September 2021. This shows that Cobalt Strike, although it was originally created as a legitimate tool, continues to be something...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos’ tips for staying safe while shopping online this holiday season

November 17, 2021, 6:26 am

≫ Next: Vulnerability Spotlight: User-after-free vulnerability in Google Chrome could lead to code execution

≪ Previous: Attackers use domain fronting technique to target Myanmar with Cobalt Strike

$

0

0

By Jon Munshaw.  Attackers will resort to all tactics to trick users into downloading malware, handing over credit card data or completing compromising their machine.  No topic is off-limits, and threat actors have resorted to using everything from PlayStation 5 sales, to COVID-19 cures...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: User-after-free vulnerability in Google Chrome could lead to code execution

November 17, 2021, 1:02 pm

≫ Next: Vulnerability Spotlight: Multiple code execution vulnerabilities in LibreCAD

≪ Previous: Talos’ tips for staying safe while shopping online this holiday season

$

0

0

  Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.  Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome.   Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Multiple code execution vulnerabilities in LibreCAD

November 17, 2021, 12:03 pm

≫ Next: Threat Source Newsletter (Nov. 18, 2021)

≪ Previous: Vulnerability Spotlight: User-after-free vulnerability in Google Chrome could lead to code execution

$

0

0

Lilith >_> of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.  Cisco Talos recently discovered three vulnerabilities in LibreCAD’s libdfxfw open-source library.  This library reads and writes .dxf and .dwg files — the primary file format for vector graphics in CAD...

[[ This is only the beginning! Please visit the blog for the complete entry ]]