Clik here to view.
Taking over Milesight UR32L routers behind a VPN: 22 vulnerabilities and a...
Cisco Talos discovered 17 vulnerabilities (63 CVEs) in the Milesight UR32L router and five vulnerabilities (six CVEs) in the Milesight MilesightVPN remote access solution software.An attacker could...
View ArticleClik here to view.
DDoS attacks want to make sure you haven’t forgotten about them
Welcome to this week’s edition of the Threat Source newsletter.Distributed denial-of-service attacks (DDoS) have been around since before I even knew how to turn a computer on.These types of attacks, I...
View ArticleClik here to view.
Threat Roundup for June 30 to July 7
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 30 and July 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead,...
View ArticleClik here to view.
Gergana Karadzhova-Dangela wants to send the ladder back down to the next...
Gergana Karadzhova-Dangela is used to being with users during some of their toughest moments.Today, she spends much of her time responding to active cybersecurity incidents with Cisco Talos Incident...
View ArticleClik here to view.
Old certificate, new signature: Open-source tools forge signature timestamps...
Cisco Talos has observed threat actors taking advantage of a Windows policy loophole that allows the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29,...
View ArticleClik here to view.
Undocumented driver-based browser hijacker RedDriver targets Chinese speakers...
Cisco Talos has identified multiple versions of an undocumented malicious driver named “RedDriver,” a driver-based browser hijacker that uses the Windows Filtering Platform (WFP) to intercept browser...
View ArticleClik here to view.
Microsoft discloses more than 130 vulnerabilities as part of July’s Patch...
Microsoft released its monthly security update Tuesday, disclosing the most vulnerabilities as part of Patch Tuesday in more than a year.The company released details of more than 130 vulnerabilities,...
View ArticleClik here to view.
Malicious campaigns target government, military and civilian entities in...
Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations and civilian users in Ukraine and Poland. We judge that these operations are...
View ArticleClik here to view.
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities...
Cisco Talos discovered 12 memory corruption vulnerabilities in MSRPC implementations on Apple macOS and VMWare vCenter. - Seven vulnerabilities affect Apple macOS only. - Two vulnerabilities...
View ArticleClik here to view.
QR codes are relevant again for everyone from diners to threat actors
Welcome to this week’s edition of the Threat Source newsletter.Although we can probably largely consider the COVID-19 pandemic “over,” many relics from the peak of lockdown and concerns over the virus...
View ArticleClik here to view.
Implementing an ISO-compliant threat intelligence program
Implementing a threat intelligence program that meets the definition of threat intelligence control as described in ISO/IEC 27002:2022 — a set of standards set forth by the International Organization...
View ArticleClik here to view.
Why are there so many malware-as-a-service offerings?
Whether known as commodity malware or “as-a-service,” threat actors have long been turning to their fellow adversaries in the hopes of selling off their tools and opening a new stream of revenue.When...
View ArticleClik here to view.
Memory corruption vulnerability in Microsoft Edge; MilesightVPN and router...
Since the beginning of July, Cisco Talos has published 40 vulnerability advisories affecting a range of software and hardware, including the Microsoft Edge browser.In our new series called...
View ArticleClik here to view.
The federal government’s cybersecurity policies are falling into place just...
Welcome to this week’s edition of the Threat Source newsletter.Last week, the Biden administration released its formal roadmap for its national cybersecurity initiative meant to encourage greater...
View ArticleClik here to view.
What might authentication attacks look like in a phishing-resistant future?
By Thorsten Rosendahl and Tiago Pereira, with contributions from Matthew Miller.The industry has come a long way in terms of improving how we make user authentication more secure. From the most basic...
View ArticleClik here to view.
Data theft extortion rises, while healthcare is still most-targeted vertical...
Cisco Talos Incident Response (Talos IR) responded to a growing number of data theft extortion incidents that did not involve encrypting files or deploying ransomware, a 25 percent increase since last...
View ArticleClik here to view.
Every company has its own version of ChatGPT now
Welcome to this week’s edition of the Threat Source newsletter.When I first started poking at ChatGPT a few months ago, I quickly learned that it wasn’t quite ready to take my job (yet) and wasn’t...
View ArticleClik here to view.
The many vulnerabilities Talos discovered in SOHO and industrial wireless...
Since the discovery of the widespread VPNFilter malware in 2018, Cisco Talos researchers have been researching vulnerabilities in small and home office (SOHO) and industrial routers.During that...
View ArticleClik here to view.
Half-Year in Review: Recapping the top threats and security trends so far in...
From new ransomware groups, a growing mercenary space, espionage campaigns, supply chain attacks, and new “as a service” tools popping up, there's a lot to talk about already in the first half of...
View ArticleClik here to view.
Threat Source newsletter (Aug. 3, 2023) — Previewing Talos at BlackHat 2023
Welcome to this week’s edition of the Threat Source newsletter.The time has come once again for all of us (well, not me specifically but lots of other Talos people) to descend on Las Vegas for Hacker...
View Article