Clik here to view.
New threat actor targets Bulgaria, China, Vietnam and other countries with...
Cisco Talos discovered an unknown threat actor, seemingly of Vietnamese origin, conducting a ransomware operation that began at least as early as June 4, 2023.This ongoing attack uses a variant of the...
View ArticleClik here to view.
Code leaks are causing an influx of new ransomware actors
Ransomware gangs are consistently rebranding or merging with other groups, as highlighted in our 2022 Year in Review, or these actors work for multiple ransomware-as-a-service (RaaS) outfits at a time,...
View ArticleClik here to view.
Six critical vulnerabilities included in August’s Microsoft security update
Microsoft disclosed 73 vulnerabilities across its suite of products and software Tuesday, including six that are considered “critical.”One of the vulnerabilities, which Microsoft considers to be only...
View ArticleClik here to view.
What Cisco Talos knows about the Rhysida ransomware
Cisco Talos is aware of the recent advisory published by the U.S. Department of Health and Human Services (HHS) warning the healthcare industry about Rhysida ransomware activity. As we've discussed...
View ArticleClik here to view.
What is commercial spyware?
We’ve talked quite a bit about spyware recently, with very good reason. Recently, concerns have grown regarding the rapid growth of commercial spyware tools, and the way in which they are being used...
View ArticleClik here to view.
Out-of-bounds write vulnerabilities in popular chemistry software; Foxit PDF...
Cisco Talos recently worked with two vendors to patch multiple vulnerabilities in a favored software library used in chemistry laboratories and the Foxit PDF Reader, one of the most popular PDF reader...
View ArticleClik here to view.
Reflecting on supply chain attacks halfway through 2023
Welcome to this week’s edition of the Threat Source newsletter.Between the Talos Takes episode last week and helping my colleague Hazel with the Half-Year in Review, I realized how much I had already...
View ArticleClik here to view.
The rise of AI-powered criminals: Identifying threats and opportunities
AI’s influence is growing across the security space, bringing with it major implications for cybercriminals and defenders.The recent adoption of AI has raised significant concerns for cybersecurity due...
View ArticleClik here to view.
Recapping the top stories from Black Hat and DEF CON
Welcome to this week’s edition of the Threat Source newsletter.I had a significant amount of FOMO last week seeing everyone out in Vegas. (I was happy to not get conference crud sickness, but it seems...
View ArticleClik here to view.
Generating FLIRT signatures for Nim and other non-C programming languages
Adversaries are increasingly writing malware in programming languages such as Go, Rust, or Nim, because they present challenges to investigators using reverse-engineering tools designed to work best...
View ArticleClik here to view.
Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
Piotr Bania of Cisco Talos discovered the vulnerabilities mentioned in this post.Cisco Talos recently disclosed three vulnerabilities in the shader functionality of the NVIDIA D3D10 driver that works...
View ArticleClik here to view.
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
Cisco Talos discovered the North Korean state-sponsored actor Lazarus Group targeting internet backbone infrastructure and healthcare entities in Europe and the United States. This is the third...
View ArticleClik here to view.
Lazarus Group's infrastructure reuse leads to discovery of new malware
In the Lazarus Group’s latest campaign, which we detailed in a recent blog, the North Korean state-sponsored actor is exploiting CVE-2022-47966, a ManageEngine ServiceDesk vulnerability to deploy...
View ArticleClik here to view.
Years into these games’ histories, attackers are still creating “Fortnite”...
Welcome to this week’s edition of the Threat Source newsletter.I have no idea how “Fortnite” keeps coming up in this newsletter, but here we are again.Even though the game/metaverse has never been...
View ArticleClik here to view.
What's in a name? Strange behaviors at top-level domains creates uncertainty...
Google introduced the new “.zip” Top Level Domain (TLD) on May 3, 2023, igniting a firestorm of controversy as security organizations warned against the confusion that was certain to occur. When...
View ArticleClik here to view.
SapphireStealer: Open-source information stealer enables credential and data...
SapphireStealer, an open-source information stealer, has been observed across public malware repositories with increasing frequency since its initial public release in December...
View ArticleClik here to view.
New open-source infostealer, and reflections on 2023 so far
Welcome to this week’s edition of the Threat Source newsletter.I’m covering for Jon this week whilst he takes some well-deserved holiday. What’s on my mind this week? Well, apart from a new horror film...
View ArticleClik here to view.
Eight vulnerabilities in Open Automation Software Platform could lead to...
Cisco Talos recently disclosed eight vulnerabilities in the engine configuration functionality in Open Automation’s Software Platform.OAS Platform is commonly found in industrial operations and...
View ArticleClik here to view.
Cybercriminals target graphic designers with GPU miners
Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware on infected machines. This activity has been ongoing...
View ArticleClik here to view.
A secondhand account of the worst possible timing for a scammer to strike
Welcome to this week’s edition of the Threat Source newsletter.Up until last week, I had never considered the timing of a scam to be important. I’m so used to just swiping away emails or text messages...
View Article