Quantcast
Channel: Cisco Talos Blog
Viewing all 1927 articles
Browse latest View live

Threat Roundup for February 18 to February 25

February 25, 2022, 11:44 am
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 18 and Feb. 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Vulnerability Spotlight: Vulnerabilities in Gerbv could lead to code execution, information disclosure

February 28, 2022, 7:43 am
$
0
0
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.  Cisco Talos recently discovered multiple vulnerabilities in the Gerbv file viewing software that could allow an attacker to execute arbitrary remote code or disclose sensitive information.  Gerbv is an...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Advisory: HermeticWiper

February 27, 2022, 9:21 am
$
0
0
Update 2/26/2022: Additional details added to embedded resources section, specifically around driver usage. Update 2/25/2022: During additional investigation Cisco Talos has found that, in some cases, along with HermeticWiper, the adversaries also dropped a legitimate copy of the sysinternals...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Advisory: Cyclops Blink

February 25, 2022, 1:23 pm
$
0
0
Update 2/25/2022: In our ongoing research into activity surrounding Ukraine and in cooperation with Cisco Duo data scientists Talos discovered compromised MikroTik routers inside of Ukraine being leveraged to conduct brute force attacks on devices protected by multi-factor authentication. This...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Current executive guidance for ongoing cyberattacks in Ukraine

February 28, 2022, 7:50 am
$
0
0
Please note that all Indicators of Compromise (IOCs) associated with the ongoing activity in Ukraine can be found in the WhisperKill and HermeticWiper blogs respectively. Update 2/26/2022: As part of our ongoing work in analyzing malicious activity in Ukraine we are tracking multiple groups of...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Vulnerability Spotlight: Vulnerabilities in Lansweeper could lead to JavaScript, SQL injections

March 1, 2022, 6:42 am
$
0
0
Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.  Cisco Talos recently discovered multiple vulnerabilities in the Lansweeper IT asset management solution that could allow an attacker to inject JavaScript or SQL code on the targeted...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Crowd-sourced attacks present new risk of crisis escalation

March 1, 2022, 5:46 pm
$
0
0
By Matt Olney.An unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques. Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated threat actors, as...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for February 25 to March 4

March 4, 2022, 2:11 pm
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 25 and March 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Current executive guidance for ongoing cyberattacks in Ukraine

March 3, 2022, 1:17 pm
$
0
0
Read this blog post in 日本語 (Japanese) Cyber threat activity against Ukraine, and around the world, has long been a central focus of our work. We continue to monitor the Ukraine-Russia situation by enacting a comprehensive, Talos-wide effort to provide support to our partners and customers. These...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Cisco stands on guard with our customers in Ukraine

March 4, 2022, 8:09 am
$
0
0
As the Russia-led invasion intensifies, Ukraine is being attacked by bombs and bytes. Cisco is working around the clock on a global, company-wide effort to protect our customers there and ensure that nothing goes dark. Cisco Talos has taken the extraordinary step of directly operating security...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Deep dive: Vulnerabilities in ZTE router could lead to complete attacker control of the device

March 7, 2022, 8:45 am
$
0
0
Cisco Talos’ vulnerability research team disclosed multiple vulnerabilities in the ZTE MF971R wireless hotspot and router in October. Several months removed from that disclosure and ZTE’s patch, we decided to take an even closer look at two of these vulnerabilities — CVE-2021-21748 and...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Microsoft Patch Tuesday for March 2022 — Snort rules and prominent vulnerabilities

March 8, 2022, 11:15 am
$
0
0
By Jon Munshaw and Edmund Brumaghin.  Microsoft released another relatively light security update Tuesday, disclosing 71 vulnerabilities, including fixes for issues in Azure and the Office suite of products. March’s Patch Tuesday only included two critical vulnerabilities, which is notable...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat advisory: Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools

March 9, 2022, 11:46 am
$
0
0
Executive summary Opportunistic cybercriminals are attempting to exploit Ukrainian sympathizers by offering malware purporting to be offensive cyber tools to target Russian entities. Once downloaded, these files infect unwitting users rather than delivering the tools originally advertised.In one...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups

March 10, 2022, 7:56 am
$
0
0
By Asheer Malhotra, Vitor Ventura and Arnaud Zobec. Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Talos Threat Source newsletter (March 10, 2022) — Fake social media posts spread in wake of Ukraine invasion

March 10, 2022, 11:00 am
$
0
0
By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter — complete with a new format and feel.   First off, it goes without saying, but we’re all heartbroken by the crisis happening in Ukraine. Our hearts are with the people of Ukraine, our employees and their...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Search

Threat Roundup for March 4 to March 11

March 11, 2022, 11:02 am
$
0
0
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 4 and March 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Advisory: Opportunistic cyber criminals take advantage of Ukraine invasion

March 14, 2022, 5:06 am
$
0
0
By Edmund Brumaghin, with contributions from Jonathan Byrne, Perceo Lemos and Vasileios Koutsoumpogeras. Executive Summary Since the beginning of the war in Ukraine, we have observed threat actors using email lures with themes related to the conflict, including humanitarian assistance and various...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Beers with Talos, Ep. #118: Reflecting on the current situation in Ukraine

March 14, 2022, 12:20 pm
$
0
0
Beers with Talos (BWT) Podcast episode No. 118 is now available. Download this episode and subscribe to Beers with Talos: Apple Podcasts  Google Podcasts  Spotify  StitcherRecorded March 7, 2022. If iTunes and Google Play aren't your thing, click here. This was...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Advisory: CaddyWiper

March 15, 2022, 9:48 am
$
0
0
Overview Cybersecurity company ESET disclosed another Ukraine-focused wiper dubbed "CaddyWiper" on March 14. This wiper is relatively smaller than previous wiper attacks we've seen in Ukraine such as "HermeticWiper" and "WhisperGate," with a compiled size of just 9KB. The wiper discovered has the...

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Preparing for denial-of-service attacks with Talos Incident Response

March 16, 2022, 6:25 am
$
0
0
By Yuri Kramarz.  Over the years, several extorsion-style and politically motivated denial-of-service attacks increased and still pose a threat to businesses and organizations of any size that can find themselves in the crosshairs of various malicious campaigns.   A detailed...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Viewing all 1927 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>