Clik here to view.
How LLMs could help defenders write better and faster detection
Most users will associate large language models (LLMs) like ChatGPT with answering basic questions or helping to write basics lines of text. But could these tools actually help defenders in the...
View ArticleClik here to view.
Writing a BugSleep C2 server and detecting its traffic with Snort
In June 2024, security researchers published their analysis of a novel implant dubbed “MuddyRot”(aka "BugSleep"). This remote access tool (RAT) gives operators reverse shell and file input/output (I/O)...
View ArticleClik here to view.
Threat actors use copyright infringement phishing lure to deploy infostealers
Cisco Talos has observed an unknown threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. The decoy email and fake PDF filenames are designed...
View ArticleClik here to view.
NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities
Cisco Talos' Vulnerability Research team recently discovered five Nvidia out-of-bounds access vulnerabilities in shader processing, as well as eleven LevelOne router vulnerabilities spanning a range of...
View ArticleClik here to view.
Unwrapping the emerging Interlock ransomware attack
Cisco Talos Incident Response (Talos IR) recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware. Our analysis uncovered...
View ArticleClik here to view.
November Patch Tuesday release contains three critical remote code execution...
The Patch Tuesday for November of 2024 includes 89 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”Microsoft...
View ArticleClik here to view.
New PXA Stealer targets government and education sectors for sensitive...
Cisco Talos discovered a new information stealing campaign operated by a Vietnamese-speaking threat actor targeting government and education entities in Europe and Asia. We discovered a new Python...
View ArticleClik here to view.
Malicious QR Codes: How big of a problem is it, really?
QR codes are disproportionately effective at bypassing most anti-spam filters, as most filters are not designed to recognize that a QR code is present in an image and decode the QR code. According to...
View ArticleClik here to view.
Bidirectional communication via polyrhythms and shuffles: Without Jon the...
Welcome to this week’s edition of the Threat Source newsletter. Bidirectional communication is foundational to a well-built team regardless of environment. It’s critical in information security to be...
View ArticleClik here to view.
Finding vulnerabilities in ClipSp, the driver at the core of Windows’ Client...
By Philippe LaulheretClipSP (clipsp.sys) is a Windows driver used to implement client licensing and system policies on Windows 10 and 11 systems.Cisco Talos researchers have discovered eight...
View ArticleClik here to view.
The adventures of an extroverted cyber nerd and the people Talos helps to...
Welcome to this week’s edition of the Threat Source newsletter. I am unbelievably lucky to do the work that I do. My title is technically ‘Senior Security Strategist’. It’s a very fancy title, but...
View ArticleClik here to view.
MC LR Router and GoCast unpatched vulnerabilities
Cisco Talos' Vulnerability Research team recently discovered two vulnerabilities in MC Technologies LR Router and three vulnerabilities in the GoCast service. These vulnerabilities have not been...
View ArticleClik here to view.
Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” Microsoft...
View ArticleClik here to view.
The evolution and abuse of proxy networks
As long as we've had the internet, users have tried to obfuscate how and what they are connecting to. In some cases, this is to work around restrictions put in place by governments or a desire to...
View ArticleClik here to view.
Something to Read When You Are On Call and Everyone Else is at the Office Party
Welcome to this week’s edition of the Threat Source newsletter. The new head of the UK’s National Cyber Security Centre, Richard Horne, recently remarked that there is a “clearly widening gap between,...
View ArticleClik here to view.
Exploring vulnerable Windows drivers
This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver (BYOVD) technique along with Cisco Talos’ series of posts about malicious Windows drivers....
View ArticleClik here to view.
Acrobat out-of-bounds and Foxit use-after-free PDF reader vulnerabilities found
Cisco Talos’ Vulnerability Research team recently disclosed three out-of-bounds read vulnerabilities in Adobe Acrobat Reader, and two use-after-free vulnerabilities in Foxit Reader. These...
View ArticleClik here to view.
Welcome to the party, pal!
Welcome to the final Threat Source newsletter of 2024. Watching "Die Hard" during the Christmas season has become a widely recognized tradition for many, despite ongoing debates about its...
View ArticleClik here to view.
Do we still have to keep doing it like this?
Welcome to the first edition of the Threat Source newsletter for 2025. Upon returning to work this week from my Lindt chocolate reindeer coma, my first task was to write this newsletter. As I stared...
View ArticleClik here to view.
Microsoft Patch Tuesday for January 2025 — Snort rules and prominent...
Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 12 that Microsoft marked as “critical.” The remaining vulnerabilities listed are...
View Article