Clik here to view.
Critical vulnerability in ManageEngine could lead to file creation, dozens of...
Cisco Talos’ Vulnerability Research team has disclosed dozens of vulnerabilities over the past month, including more than 30 advisories in GTKWave and a critical vulnerability in ManageEngine...
View ArticleClik here to view.
Exploring malicious Windows drivers (Part 1): Introduction to the kernel and...
Drivers have long been of interest to threat actors, whether they are exploiting vulnerable drivers or creating malicious ones. Malicious drivers are difficult to detect and successfully leveraging one...
View ArticleClik here to view.
What to do with that fancy new internet-connected device you got as a holiday...
Welcome to 2024! The Threat Source newsletter is back after our winter break. When I wasn’t spending my downtime chasing around my toddler, one of my main projects was to upgrade the internet...
View ArticleClik here to view.
Significant increase in ransomware activity found in Talos IR engagements,...
First time ransomware was the top threat in 2023, according to Q4 2023 Talos Incident Response reportRansomware, including pre-ransomware activity, was the top observed threat in the fourth quarter of...
View ArticleClik here to view.
Why is the cost of cyber insurance rising?
I just bought an electric car last week, so I’ve been shopping for new car insurance policies that could offer me a discount for ditching gas. We’re all familiar with the boring process of entering the...
View ArticleClik here to view.
OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privileges
Open Automation Software recently released patches for multiple vulnerabilities in their OAS Engine. Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure...
View ArticleClik here to view.
The many ways electric cars are vulnerable to hacks, and whether that matters...
I’d hate to be labeled a “car guy” now mentioning my new electric car in the lede of two newsletters in a row, but I couldn’t resist. I’d been reading headlines for years about how electric cars (most...
View ArticleClik here to view.
How are user credentials stolen and used by threat actors?
You’ve no doubt heard the phrase, “Attackers don’t hack anyone these days. They log on.” By obtaining (or stealing) valid user account details, an attacker can gain access to a system, remain hidden,...
View ArticleClik here to view.
New Zardoor backdoor used in long-term cyber espionage operation targeting an...
By Jungsoo An, Wayne Lee and Vanja Svajcer.Cisco Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic...
View ArticleClik here to view.
Spyware isn’t going anywhere, and neither are its tactics
Private and public efforts to curb the use of spyware and activity of other “mercenary” groups have heated up over the past week, with the U.S. government taking additional action against spyware users...
View ArticleClik here to view.
First Microsoft Patch Tuesday zero-day of 2024 disclosed as part of group of...
Microsoft followed up one of the lightest recent Patch Tuesdays in January with a large release of vulnerabilities on Tuesday, although still far from numbers seen in the past. In all, February’s...
View ArticleClik here to view.
How are attackers using QR codes in phishing emails and lure documents?
Though QR codes were once on the verge of extinction, many consumers are used to seeing them in the wild for ordering at restaurants, or as mainstays on storefront doors informing customers how they...
View ArticleClik here to view.
TinyTurla Next Generation - Turla APT spies on Polish NGOs
Cisco Talos has identified a new backdoor authored and operated by the Turla APT group, a Russian cyber espionage threat group. This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to...
View ArticleClik here to view.
Why the toothbrush DDoS story fooled us all
I’ll be the first to admit that, like many people on the internet last week, I got caught up in the toothbrush distributed denial-of-service attack that wasn’t. I had a whole section on it written up...
View ArticleClik here to view.
Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware...
Google Cloud Run is currently being abused in high-volume malware distribution campaigns, spreading several banking trojans such as Astaroth (aka Guildma), Mekotio and Ousaban to targets across Latin...
View ArticleClik here to view.
How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity
Finding, managing and patching security vulnerabilities on any network, no matter the size, is a tall task. In the first week of 2024 alone, there were 621 new common IT security vulnerabilities and...
View ArticleClik here to view.
TinyTurla-NG in-depth tooling and command and control analysis
Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts...
View ArticleClik here to view.
TikTok’s latest actions to combat misinformation shows it’s not just a U.S....
When we talk about the term “fake news,” most people likely picture a certain person who made the term infamous. And when we talk about misinformation and disinformation, many will remember the...
View ArticleClik here to view.
TimbreStealer campaign targets Mexican users with financial lures
Cisco Talos has discovered a new campaign operated by a threat actor distributing a previously unknown malware we’re calling “TimbreStealer.”This threat actor was observed distributing TimbreStealer...
View ArticleClik here to view.
Stop running security in passive mode
As we begin a new year, we wanted to address one of the biggest issues we consistently see in our investigations: passive security. Incident response engagements are an important part of our work and...
View Article