Clik here to view.
Vulnerability in Acrobat Reader could lead to remote code execution;...
Cisco Talos’ Vulnerability Research team discovered two vulnerabilities have been disclosed and fixed over the past few weeks. Talos discovered a time-of-check time-of-use vulnerability in Adobe...
View ArticleClik here to view.
We can try to bridge the cybersecurity skills gap, but that doesn’t...
I have written about the dreaded “cybersecurity skills gap” more times than I can remember in this newsletter, but I feel like it’s time to revisit this topic again. That’s because the White House...
View ArticleClik here to view.
Talk of election security is good, but we still need more money to solve the...
Last week, six Secretaries of State testified to U.S. Congress about the current state of election security ahead of November’s Presidential election. Some of the same topics came up as usual —...
View ArticleClik here to view.
Talos discovers denial-of-service vulnerability in Microsoft Audio Bus;...
Cisco Talos’ Vulnerability Research team recently disclosed two vulnerabilities in Microsoft products that have been patched by the company over the past two Patch Tuesdays. One is a vulnerability in...
View ArticleClik here to view.
Simple Mail Transfer Pirates: How threat actors are abusing third-party...
Attackers are abusing normal features of legitimate web sites to transmit spam, such as the traditional method of verifying the creation of a new account. This web infrastructure and its associated...
View ArticleClik here to view.
Are hardware supply chain attacks “cyber attacks?”
The recent attacks in the Middle East triggering explosions on pagers has raised new fears around physical hardware supply chain attacks. In cybersecurity, we typically consider supply chain attacks to...
View ArticleClik here to view.
Threat actor believed to be spreading new MedusaLocker variant since 2022
Cisco Talos has discovered a financially motivated threat actor, active since 2022, recently observed delivering a MedusaLocker ransomware variant. Intelligence collected by Talos on tools regularly...
View ArticleClik here to view.
CISA is warning us (again) about the threat to critical infrastructure networks
Government-run water systems and other critical infrastructure are still at risk from state-sponsored actors, according to a renewed warning from the U.S. Cybersecurity and Infrastructure Security...
View ArticleClik here to view.
Largest Patch Tuesday since July includes two exploited in the wild, three...
The largest Microsoft Patch Tuesday since July includes two vulnerabilities that have been exploited in the wild and three other critical issues across the company’s range of hardware and software...
View ArticleClik here to view.
Vulnerability in popular PDF reader could lead to arbitrary code execution;...
Cisco Talos’ Vulnerability Research team recently disclosed six new security vulnerabilities across a range of software, including one in a popular PDF reader that could lead to arbitrary code...
View ArticleClik here to view.
Ghidra data type archive for Windows driver functions
While reverse-engineering Windows drivers with Ghidra, it is common to encounter a function or data type that is not recognized during disassembly.This is because Ghidra does not natively include the...
View ArticleClik here to view.
What NIST’s latest password standards mean, and why the old ones weren’t working
Say goodbye to the days of using the “@” symbol to mean “a” in your password or replacing an “S” with a “$.” The U.S. National Institute of Standards and Technology (NIST) recently announced new...
View ArticleClik here to view.
Protecting major events: An incident response blueprint
Ensuring the cybersecurity of major events — whether it’s sports, professional conferences, expos, inter-government meetings or other gatherings — is a complex and time-intensive task. It requires a...
View ArticleClik here to view.
UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants
By Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer and Vitor Ventura. Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as...
View ArticleClik here to view.
What I’ve learned in my first 7-ish years in cybersecurity
When I first interviewed with Joel Esler for my position at Cisco Talos, I remember when the time came for me to ask questions, one thing stood out. I asked what resources were available to me to learn...
View ArticleClik here to view.
Akira ransomware continues to evolve
Akira continues to cement its position as one of the most prevalent ransomware operations in the threat landscape, according to Cisco Talos’ findings and analysis. Their success is partly due to the...
View ArticleClik here to view.
Threat actor abuses Gophish to deliver new PowerRAT and DCRAT
Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. The campaign involves modular infection chains that are either...
View ArticleClik here to view.
Highlighting TA866/Asylum Ambuscade Activity Since 2021
TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020. TA866 has frequently relied on commodity and custom tooling to facilitate...
View ArticleClik here to view.
Threat Spotlight: WarmCookie/BadSpace
WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns. WarmCookie, observed being used for initial access and...
View ArticleClik here to view.
Talos IR trends Q3 2024: Identity-based operations loom large
Threat actors are increasingly conducting identity-based attacks across a range of operations that are proving highly effective, with credential theft being the main goal in a quarter of incident...
View Article