EMEAR Monthly Talos Update: Training the next generation of cybersecurity...
Cisco Talos and Cisco Secure have the latest edition of the Talos EMEAR Threat Update series out now, which you can watch above or over at this link, where Martin Lee and Hazel Burton talk about the...
View ArticleClik here to view.
Vulnerability Spotlight: Issue in Accusoft ImageGear could lead to memory...
Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered a use-after-free vulnerability in Accusoft ImageGear's PSD header processing...
View ArticleClik here to view.
Attackers target Ukraine using GoMet backdoor
Executive summarySince the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage of cyber attacks. Working jointly with Ukrainian organizations, Cisco Talos has...
View ArticleClik here to view.
Threat Source newsletter (July 21, 2022) — No topic is safe from being...
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. I could spend time in this newsletter every week talking about fake news. There are always so many ridiculous memes,...
View ArticleClik here to view.
Threat Roundup for July 15 to July 22
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 15 and July 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleClik here to view.
Quarterly Report: Incident Response Trends in Q2 2022
Commodity malware usage surpasses ransomware by narrow margin By Caitlin Huey.For the first time in more than a year, ransomware was not the top threat Cisco Talos Incident Response (CTIR) responded to...
View ArticleClik here to view.
What Talos Incident Response learned from a recent Qakbot attack hijacking...
By Nate Pors and Terryn Valikodath. Executive summary In a recent malspam campaign delivering the Qakbot banking trojan, Cisco Talos Incident Response (CTIR) observed the adversary using aggregated,...
View ArticleClik here to view.
Vulnerability Spotlight: How a code re-use issue led to vulnerabilities...
By Francesco Benvenuto. Recently, I was performing some research on a wireless router and noticed the following piece of code: This unescape function will revert the URL encoded bytes to its original...
View ArticleClik here to view.
Threat Source newsletter (July 28, 2022) — What constitutes an "entry-level"...
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Between the White House’s recent meeting, countless conference talks and report after report warning of cybersecurity...
View ArticleClik here to view.
Threat Roundup for July 22 - 29
Talos is publishing a glimpse into the most prevalent threats we've observed from July 22 - 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will...
View ArticleResearcher Spotlight: You should have been listening to Lurene Grenier years...
The exploit researcher recently rejoined Talos after starting her career with the company’s predecessor By Jonathan Munshaw. Lurene Grenier says state-sponsored threat actors keep her up at night, even...
View ArticleClik here to view.
Vulnerability Spotlight: How misusing properly serialized data opened TCL...
By Carl Hurd. The TCL LinkHub Mesh Wi-Fi system is a multi-device Wi-Fi system that allows users to expand access to their network over a large physical area. What makes the LInkHub system unique is...
View ArticleClik here to view.
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
By Asheer Malhotra and Vitor Ventura.Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat...
View ArticleClik here to view.
Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns
By Edmund Brumaghin, Azim Khodjibaev and Matt Thaxton, with contributions from Arnaud Zobec.Executive SummaryDark Utilities, released in early 2022, is a platform that provides full-featured C2...
View ArticleClik here to view.
Threat Source newsletter (Aug. 4, 2022) — BlackHat 2022 preview
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. After what seems like forever and honestly has been a really long time, we’re heading back to BlackHat in-person this...
View ArticleNew SDR feature released for Cisco Secure Email
Cisco Talos today announced the release of a new mechanism that allows Cisco Secure Email customers the option to submit Sender Domain Reputation (SDR) disputes through TalosIntelligence.com.Customers...
View ArticleClik here to view.
Threat Roundup for July 29 to August 5
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 29 and Aug. 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleClik here to view.
Small-time cybercrime is about to explode — We aren't ready
By Nick Biasini.The cybersecurity industry tends to focus on extremely large-scale or sophisticated, state-sponsored attacks. Rightfully so, as it can be the most interesting, technically speaking....
View ArticleClik here to view.
Microsoft Patch Tuesday for August 2022 — Snort rules and prominent...
By Jon Munshaw and Vanja Svajcer.Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its line of products and software, the most in a single Patch...
View ArticleClik here to view.
Cisco Talos shares insights related to recent cyber attack on Cisco
Executive summaryOn May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been working to remediate. During the...
View Article