Clik here to view.
Quarterly Report: Incident Response Trends in Q1 2023
Web shell usage spikes in Q1 compared to previous quarters, correlating with higher instances of exploitation of public-facing applications.In a novel increase compared to previous quarters, Cisco...
View ArticleClik here to view.
Threat Source newsletter (April 27, 2023) — New Cisco Secure offerings and...
Welcome to this week’s edition of the Threat Source newsletter.I’m writing this earlier in the week as I get ready for some personal travel (everyone is lucky I passed on writing another Cybersecurity...
View ArticleClik here to view.
Threat Roundup for April 14 to April 21
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 21 and April 28. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleClik here to view.
Threat Source newsletter (May 4, 2023) — Recapping the biggest headlines to...
Welcome to this week’s edition of the Threat Source newsletter.I didn’t attend the RSA Conference in person, and on top of that, I was at the NFL Draft while the conference was going on. I’m behind on...
View ArticleClik here to view.
Threat Roundup for April 28 to May 5
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 28 and May 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleClik here to view.
Researcher Spotlight: Jacob Finn creates his own public-private partnership...
After working in government for several years, this Talos threat hunter is diving into the dark webGrowing up, Jacob Finn says he wanted to be a detective (or maybe a veterinarian, but there’s still...
View ArticleClik here to view.
Microsoft Patch Tuesday for May 2023 — Fewest vulnerabilities disclosed in a...
Microsoft disclosed 40 vulnerabilities across its suite of products and software Tuesday, the fewest the company’s included in a Patch Tuesday since December 2019.However, two of the vulnerabilities is...
View ArticleClik here to view.
New phishing-as-a-service tool “Greatness” already seen in the wild
A previously unreported phishing-as-a-service (PaaS) offering named “Greatness” has been used in several phishing campaigns since at least mid-2022. Greatness incorporates features seen in some of the...
View ArticleClik here to view.
Vulnerability Spotlight: Authentication bypass, use-after-free...
Kelly Leuschner of Cisco Talos discovered these vulnerabilities.Cisco Talos recently discovered two vulnerabilities in a library for µC/OS, an open-source operating system developed by Micrium.µC/OS is...
View ArticleClik here to view.
Threat Source newsletter (May 11, 2023) — So much for that ransomware decline
Welcome to this week’s edition of the Threat Source newsletter.I wrote a few weeks ago about how, between the public and private sectors, the security community was making some strides in fighting back...
View ArticleClik here to view.
Threat Roundup for May 5 to May 12
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 5 and May 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this...
View ArticleClik here to view.
Newly identified RA Group compromises companies in U.S. and South Korea with...
Cisco Talos recently discovered a new ransomware actor called RA Group that has been operating since at least April 22, 2023.The actor is swiftly expanding its operations. To date, the group has...
View ArticleClik here to view.
It’s really OK to take a break sometimes, especially in security
Welcome to this week’s edition of the Threat Source newsletter.You probably already know this by now, but May is Mental Health Awareness Month across the globe.Many people will apply this time of...
View ArticleClik here to view.
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
We would like to thank The Citizen Lab for their cooperation, support and inputs into this research.Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct...
View ArticleClik here to view.
It’s apparently hip to still be using Windows 7
Welcome to this week’s edition of the Threat Source newsletter.As a longtime macOS user, I must admit I’m behind the times when it comes to Microsoft Windows. Since buying a Steam Deck, I’ve actually...
View ArticleClik here to view.
What is a web shell?
Editor's note: The Need to Know is a new series from Talos, which focuses on cybersecurity terms, threats, tools and tactics that are discussed in our broader threat research. Think of this as a living...
View ArticleClik here to view.
Memory corruption vulnerability in Mitsubishi PLC could lead to DoS, code...
Cisco Talos recently discovered a memory corruption vulnerability in the Mitsubishi MELSEC iQ-F FX5U programmable logic controller that is caused by a buffer overflow condition.The iQ-F FX5U is one...
View ArticleClik here to view.
Threat Roundup for May 19 to May 26
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 19 and May 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this...
View ArticleClik here to view.
New Horabot campaign targets the Americas
Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,” which delivers a known banking trojan and spam tool onto victim machines in a...
View ArticleClik here to view.
Legislation alone isn’t enough to stop spyware
Welcome to this week’s edition of the Threat Source newsletter.The use of spyware continues to make headlines across the globe. While primarily used by authoritarian regimes to track potentially...
View Article