Clik here to view.
Threat Round up for February 17 to February 24
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 17 and Feb. 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleClik here to view.
Threat Source newsletter (March 2, 2023) — Little victories in the fight...
Welcome to this week’s edition of the Threat Source newsletter.For years, we as a cybersecurity community have been discussing ways we can fight the global ransomware problem. This included things like...
View ArticleClik here to view.
Threat Roundup (Feb. 24 - March 3)
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 24 and March 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleClik here to view.
Prometei botnet improves modules and exhibits new capabilities in recent updates
Prometei botnet continued its activity since Cisco Talos first reported about it in 2020. Since November 2022, we have observed Prometei improving the infrastructure components and capabilities. More...
View ArticleClik here to view.
Threat Source newsletter (March 9, 2023) — Stop freaking out about ChatGPT
Welcome to this week’s edition of the Threat Source newsletter.There is no shortage of hyperbolic headlines about ChatGPT out there, everything from how it and other AI tools like it are here to...
View ArticleClik here to view.
Researcher Spotlight: How David Liebenberg went from never having opened...
When Dave Liebenberg started his first day at Talos, he had never even opened Terminal on a Mac before — let alone written a Snort rule or infiltrated a dark web forum.He jokes that he was a...
View ArticleClik here to view.
Talos uncovers espionage campaigns targeting CIS countries, Turkey, and...
By Asheer Malhotra and Vitor Ventura.Cisco Talos has identified a new threat actor, which we are naming “YoroTrooper,” that has been running several successful espionage campaigns since at least June...
View ArticleClik here to view.
Microsoft Patch Tuesday for March 2023 — Snort rules and prominent...
Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line, including two issues that are actively being exploited in the...
View ArticleClik here to view.
Threat Advisory: Microsoft Outlook privilege escalation vulnerability being...
Cisco Talos is urging all users to update Microsoft Outlook after the discovery of a critical vulnerability, CVE-2023-23397, in the email client that attackers are actively exploiting in the wild....
View ArticleThreat Source newsletter (March 16, 2023) — A deep dive into Talos' work in...
Welcome to this week’s edition of the Threat Source newsletter.We’re written a ton about Cisco Talos’ support of Ukraine and our friends and allies there. Now, we encourage you to watch and listen to...
View ArticleClik here to view.
Vulnerability Spotlight: Node-SQLite3 issue could lead to denial of service...
Dave McDaniel of Cisco Talos discovered this vulnerability.Cisco Talos recently discovered a vulnerability in node-sqlite3 that affects the Ghost content management system and could affect other...
View ArticleClik here to view.
Threat Round up for March 10 to March 17
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 10 and March 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleClik here to view.
Vulnerability Spotlight: WellinTech ICS platform vulnerable to information...
Carl Hurd of Cisco Talos discovered these vulnerabilities.Cisco Talos recently discovered two vulnerabilities in WellinTech’s KingHistorian industrial control systems data manager.KingHistorian is a...
View ArticleClik here to view.
Vulnerability Spotlight: Netgear Orbi router vulnerable to arbitrary command...
Christopher McBee and Dave McDaniel of Cisco Talos discovered these vulnerabilities.Cisco Talos recently discovered four vulnerabilities in the Netgear Orbi mesh wireless system, including the main hub...
View ArticleClik here to view.
Emotet Resumes Spam Operations, Switches to OneNote
Emotet resumed spamming operations on March 7, 2023, after a months-long hiatus.Initially leveraging heavily padded Microsoft Word documents to attempt to evade sandbox analysis and endpoint...
View ArticleClik here to view.
Senderbase.org redirects to end in April
As of April 20, 2023, we are decommissioning SenderBase.org and any attempts to visit that web page will fail.Talos Intelligence’s website (TalosIntelligence.com) has served as the replacement for...
View ArticleClik here to view.
Fighting the Good Fight: Life inside the Talos Ukraine Task Unit
As we spoke about in the new ThreatWise TV documentary, “People Matter: A look back on how Cisco Talos has been supporting Ukraine,” war isn’t something that often appears in an organization’s business...
View ArticleClik here to view.
Threat Source newsletter (March 23, 2023) — Meta is threatening to ban news...
Welcome to this week’s edition of the Threat Source newsletter.After asking ChatGPT to write the newsletter for me two weeks ago, I was tempted to have Google’s Bard do the same, but I resisted making...
View ArticleClik here to view.
Vulnerability Spotlight: SNIProxy contains remote code execution vulnerability
Keane O’Kelley of Cisco ASIG discovered this vulnerability.Cisco ASIG recently discovered a remote code execution vulnerability in the SNIProxy open-source tool that occurs when the user utilizes...
View ArticleClik here to view.
Vulnerability Spotlight: Specially crafted files could lead to denial of...
Lilith >_> of Cisco Talos discovered these vulnerabilities.Cisco Talos recently discovered three vulnerabilities in the OpenImageIO image-parsing library that many popular pieces of 3-D rendering...
View Article