What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-05 11:00:00 | Threat Source newsletter (May 5, 2022) - Emotet is using up all of its nine lives (lien direct) | By Jon Munshaw. Welcome to this week's edition of the Threat Source newsletter. Emotet made headlines last week for being “back” after a major international law enforcement takedown last year. But I'm here to argue that Emotet never left, and honestly, I'm not sure it ever... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Threat | ||
|
2022-05-05 05:01:44 | Mustang Panda deploys a new wave of malware targeting Europe (lien direct) | By Jung soo An, Asheer Malhotra and Justin Thattil, with contributions from Aliza Berk and Kendall McKay. In February 2022, corresponding roughly with the start of the Russian Invasion of Ukraine, Cisco Talos began observing the China-based threat actor Mustang Panda conducting phishing campaigns... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Malware Threat | ||
|
2022-05-03 05:00:00 | Conti and Hive ransomware operations: What we learned from these groups\' victim chats (lien direct) | As part of Cisco Talos' continuous efforts to learn more about the current ransomware landscape, we recently examined a trove of chat logs between the Conti and Hive ransomware gangs and their victims. Ransomware-as-a-service groups have exploded in popularity over the past few years, with... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Ransomware | ||
|
2022-05-02 11:44:46 | Vulnerability Spotlight: Two vulnerabilities in Accusoft ImageGear could lead to DoS, arbitrary free (lien direct) | Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two new vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert... [[ This is only the beginning! Please visit the blog for the complete entry ]] | |||
|
2022-04-29 12:18:24 | (Déjà vu) Threat Roundup for April 22 to April 29 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 22 and April 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral... [[ This is only the beginning! Please visit the blog for the complete entry ]] | |||
|
2022-04-28 11:00:00 | Threat Source newsletter (April 28, 2022) - The 2022 Cybersecurity Mock Draft (lien direct) | By Jon Munshaw. Welcome to this week's edition of the Threat Source newsletter that's going to be a little different, but bear with me. In honor of the NFL Draft starting this evening - an event that Cisco is helping to secure - I thought it'd be appropriate to look at building a... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Threat | ||
|
2022-04-26 06:19:27 | Quarterly Report: Incident Response trends in Q1 2022 (lien direct) | Ransomware continues as the top threat, while a novel increase in APT activity emerges By Caitlin Huey. Ransomware was still the top threat Cisco Talos Incident Response (CTIR) saw in active engagements this quarter, continuing a trend that started in 2020. As mentioned in the 2021... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Ransomware Threat | ||
|
2022-04-25 05:00:00 | Researcher Spotlight: Liz Waddell, CTIR practice lead (lien direct) | How this Talos team member's love of true crime led to a life in cybersecurity By Jon Munshaw. Liz Waddell is usually there on someone's worst day of their professional lives. Chief technology officers and chief information security officers can hope all they want that the... [[ This is only the beginning! Please visit the blog for the complete entry ]] | |||
|
2022-04-22 13:28:53 | (Déjà vu) Threat Roundup for April 15 to April 22 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 15 and April 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral... [[ This is only the beginning! Please visit the blog for the complete entry ]] | |||
|
2022-04-21 11:00:00 | Threat Source newsletter (April 21, 2022) - Sideloading apps is as safe as you make it (lien direct) | By Jon Munshaw. Welcome to this week's edition of the Threat Source newsletter. If you pay attention to the video game community as much as I do, you've been closely following the ongoing legal battle between Apple and Epic over the sale of “Fortnite” on the Apple App Store. (I promise... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Threat | ||
|
2022-04-21 09:00:00 | (Déjà vu) Beers with Talos, Ep. #120: How attackers are finding ways around MFA (lien direct) | Beers with Talos (BWT) Podcast episode No. 120 is now available. Download this episode and subscribe to Beers with Talos: Apple Podcasts Google Podcasts Spotify StitcherRecorded April 6, 2022 If iTunes and Google Play aren't your thing, click here. The trend of... [[ This is only the beginning! Please visit the blog for the complete entry ]] | |||
|
2022-04-21 05:50:02 | TeamTNT targeting AWS, Alibaba (lien direct) | Written by Darin Smith SummaryTeamTNT modified their scripts after they were made public by security researchersTeamTNT scripts primarily target AWS, but can also run in on-premise, container, or other forms of Linux instancesTeamTNT Payloads include credential stealers, cryptocurrency mining,... [[ This is only the beginning! Please visit the blog for the complete entry ]] | ★★★★★ | ||
|
2022-04-15 13:04:39 | (Déjà vu) Threat Roundup for April 8 to April 15 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 8 and April 15. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]] | |||
|
2022-04-14 11:00:00 | Threat Source newsletter (April 14, 2022) - It\'s Tax Day, and you know what that means (lien direct) | By Jon Munshaw. Welcome to this week's edition of the Threat Source newsletter. The deadline to file taxes in the United States is Monday. That means a few things: everyone should probably make sure their liquor cabinet is fully stocked, your spam filters are all turned on in your email... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Spam Threat | ||
|
2022-04-14 04:59:33 | Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer (lien direct) | By Edmund Brumaghin and Vanja Svajcer, with contributions from Michael Chen. Cisco Talos recently observed a new information stealer, called "ZingoStealer" that has been released for free by a threat actor known as "Haskers Gang."This information stealer, first introduced to the wild in March... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Threat | ||
|
2022-04-12 13:17:24 | Microsoft Patch Tuesday includes most vulnerabilities since Sept. 2020 (lien direct) | By Jon Munshaw and Nick Biasini. Microsoft released its latest security update Tuesday, disclosing more than 140 vulnerabilities across its array of products. This is a departure from past Patch Tuesdays this year, which have only featured a few dozen vulnerabilities, and is the largest... [[ This is only the beginning! Please visit the blog for the complete entry ]] | |||
|
2022-04-08 14:48:42 | (Déjà vu) Threat Roundup for April 1 to April 8 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 1 and April 8. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]] | |||
|
2022-04-07 11:00:00 | Threat Source newsletter (April 7, 2022) - More money for cybersecurity still doesn\'t solve the skills gap problem (lien direct) | By Jon Munshaw. Welcome to this week's edition of the Threat Source newsletter. U.S. President Joe Biden's proposed budget would include an 11 percent increase in the federal government's IT budget, including a total of $10.9 billion for cybersecurity. On the surface - this is all... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Threat | ||
|
2022-04-05 05:00:32 | Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter (lien direct) | By Edmund Brumaghin, with contributions from Alex Karkins. Ongoing malware distribution campaigns are using ISO disk images to deliver AsyncRAT, LimeRAT and other commodity malware to victims.The infections leverage process injection to evade detection by endpoint security software.These campaigns... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Malware | ||
|
2022-04-01 12:59:34 | (Déjà vu) Threat Roundup for March 25 to April 1 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 25 and April 1. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]] | |||
|
2022-04-01 07:04:45 | (Déjà vu) Beers with Talos, Ep. #119: If it walks like a BlackCat, smells like a BlackCat... (lien direct) | Beers with Talos (BWT) Podcast episode No. 119 is now available. Download this episode and subscribe to Beers with Talos: Apple Podcasts Google Podcasts Spotify StitcherRecorded March 25, 2022. If iTunes and Google Play aren't your thing, click here. We're... [[ This is only the beginning! Please visit the blog for the complete entry ]] | |||
|
2022-03-31 15:14:34 | Threat Advisory: Spring4Shell (lien direct) | Cisco Talos is releasing coverage to protect users against the exploitation of two remote code execution vulnerabilities in Spring Framework. CVE-2022-22963 is a medium-severity bug that affects Spring Cloud and CVE-2022-22965, a high-severity bug that affects Spring Core Framework. Spring is a... [[ This is only the beginning! Please visit the blog for the complete entry ]] | ★★★★ | ||
|
2022-03-31 13:58:09 | On the Radar: Is 2022 the year encryption is doomed? (lien direct) | By Martin Lee. Quantum technology in development by the world's superpowers will render many current encryption algorithms obsolete overnight. When it becomes available, whoever controls this technology will be able to read almost any encrypted data or message they wish. Organizations need... [[ This is only the beginning! Please visit the blog for the complete entry ]] | ★★★★ | ||
|
2022-03-31 11:00:00 | Threat Source newsletter (March 31, 2022) - Is "Fortnite" a Metaverse? (lien direct) | By Jon Munshaw. Welcome to this week's edition of the Threat Source newsletter. By now, anyone on the internet has pondered the question: “Is a hot dog a sandwich?” (My two cents: Yes, absolutely.) Now as we move into the new internet age and onto Web 3.0 and NFTs instead of... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Threat | ||
|
2022-03-29 05:02:08 | Transparent Tribe campaign uses new bespoke malware to target Indian government officials (lien direct) | By Asheer Malhotra and Justin Thattil with contributions from Kendall McKay. Cisco Talos has observed a new Transparent Tribe campaign targeting Indian government and military entities. While the actors are infecting victims with CrimsonRAT, their well-known malware of choice, they are also using... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Malware | APT 36 | |
|
2022-03-25 12:01:24 | (Déjà vu) Threat Roundup for March 18 to March 25 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 18 and March 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral... [[ This is only the beginning! Please visit the blog for the complete entry ]] | |||
|
2022-03-24 11:00:00 | Threat Source newsletter (March 24, 2022) - Channelling productive worry to help Ukraine (lien direct) | By Jon Munshaw. Welcome to this week's edition of the Threat Source newsletter. The war in Ukraine has involved misinformation since before Russia's ground forces invaded the country. So, it's not really a shock that we've reached the stage of information warfare where deepfake... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Threat | ||
|
2022-03-24 09:57:18 | Threat Advisory: DoubleZero (lien direct) | Overview The Computer Emergency Response Team of Ukraine released an advisory on March 22, 2022 disclosing another wiper dubbed "DoubleZero" targeting Ukrainian enterprises during Russia's invasion of the country. This wiper was detected as early as March 17, 2022. DoubleZero is yet another wiper... [[ This is only the beginning! Please visit the blog for the complete entry ]] | ★★★★★ | ||
|
2022-03-23 13:16:44 | Vulnerability Spotlight: Heap overflow in Sound Exchange libsox library (lien direct) | Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in the sphere.c start_read() functionality of Sound Exchange libsox. The libsox library is a library of... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Vulnerability | ||
|
2022-03-22 05:04:41 | On the Radar: Securing Web 3.0, the Metaverse and beyond (lien direct) | By Jaeson Schultz. Internet technology evolves rapidly, and the World Wide Web (WWW or Web) is currently experiencing a transition into what many are calling "Web 3.0". Web 3.0 is a nebulous term. If you spend enough time Googling it, you'll find many interpretations regarding what Web 3.0... [[ This is only the beginning! Please visit the blog for the complete entry ]] | |||
|
2022-03-18 12:16:35 | (Déjà vu) Threat Roundup for March 11 to March 18 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 11 and March 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral... [[ This is only the beginning! Please visit the blog for the complete entry ]] | |||
|
2022-03-17 11:00:00 | Threat Source newsletter (March 17, 2022) - Channelling productive worry to help Ukraine (lien direct) | By Jon Munshaw. Welcome to this week's edition of the Threat Source newsletter. Cisco Talos continues to be heads-down working on the current Ukraine situation. This is incredibly difficult for everyone across the globe, especially for those directly affected. But that doesn't mean those of... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Threat | ||
|
2022-03-17 05:33:47 | From BlackMatter to BlackCat: Analyzing two attacks from one affiliate (lien direct) | By Tiago Pereira with contributions from Caitlin Huey. BlackCat is a recent and growing ransomware-as-a-service (RaaS) group that targeted several organizations worldwide over the past few months.There are rumors of a relationship between BlackCat and the BlackMatter/DarkSide ransomware groups,... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Ransomware | ||
|
2022-03-16 06:03:11 | Preparing for denial-of-service attacks with Talos Incident Response (lien direct) | By Yuri Kramarz. Over the years, several extorsion-style and politically motivated denial-of-service attacks increased and still pose a threat to businesses and organizations of any size that can find themselves in the crosshairs of various malicious campaigns. A detailed... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Threat | ||
|
2022-03-15 09:48:22 | Threat Advisory: CaddyWiper (lien direct) | Overview Cybersecurity company ESET disclosed another Ukraine-focused wiper dubbed "CaddyWiper" on March 14. This wiper is relatively smaller than previous wiper attacks we've seen in Ukraine such as "HermeticWiper" and "WhisperGate," with a compiled size of just 9KB. The wiper discovered has the... [[ This is only the beginning! Please visit the blog for the complete entry ]] | |||
|
2022-03-14 12:20:45 | (Déjà vu) Beers with Talos, Ep. #118: Reflecting on the current situation in Ukraine (lien direct) | Beers with Talos (BWT) Podcast episode No. 118 is now available. Download this episode and subscribe to Beers with Talos: Apple Podcasts Google Podcasts Spotify StitcherRecorded March 7, 2022. If iTunes and Google Play aren't your thing, click here. This was... [[ This is only the beginning! Please visit the blog for the complete entry ]] | |||
|
2022-03-14 05:01:25 | Threat Advisory: Opportunistic cyber criminals take advantage of Ukraine invasion (lien direct) | By Edmund Brumaghin, with contributions from Jonathan Byrne, Perceo Lemos and Vasileios Koutsoumpogeras. Executive Summary Since the beginning of the war in Ukraine, we have observed threat actors using email lures with themes related to the conflict, including humanitarian assistance and various... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Threat | ||
|
2022-03-11 11:02:46 | (Déjà vu) Threat Roundup for March 4 to March 11 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 4 and March 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]] | |||
|
2022-03-10 11:00:00 | Talos Threat Source newsletter (March 10, 2022) - Fake social media posts spread in wake of Ukraine invasion (lien direct) | By Jon Munshaw. Welcome to this week's edition of the Threat Source newsletter - complete with a new format and feel. First off, it goes without saying, but we're all heartbroken by the crisis happening in Ukraine. Our hearts are with the people of Ukraine, our employees and their... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Threat | ||
|
2022-03-10 05:03:05 | Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups (lien direct) | By Asheer Malhotra, Vitor Ventura and Arnaud Zobec. Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to... [[ This is only the beginning! Please visit the blog for the complete entry ]] | |||
|
2022-03-09 11:46:39 | Threat advisory: Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools (lien direct) | Executive summary Opportunistic cybercriminals are attempting to exploit Ukrainian sympathizers by offering malware purporting to be offensive cyber tools to target Russian entities. Once downloaded, these files infect unwitting users rather than delivering the tools originally advertised.In one... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Malware | ||
|
2022-03-07 08:45:21 | Deep dive: Vulnerabilities in ZTE router could lead to complete attacker control of the device (lien direct) | Cisco Talos' vulnerability research team disclosed multiple vulnerabilities in the ZTE MF971R wireless hotspot and router in October. Several months removed from that disclosure and ZTE's patch, we decided to take an even closer look at two of these vulnerabilities - CVE-2021-21748 and... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Vulnerability | ||
|
2022-03-04 14:11:31 | (Déjà vu) Threat Roundup for February 25 to March 4 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 25 and March 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]] | |||
|
2022-03-03 12:59:16 | Cisco stands on guard with our customers in Ukraine (lien direct) | As the Russia-led invasion intensifies, Ukraine is being attacked by bombs and bytes. Cisco is working around the clock on a global, company-wide effort to protect our customers there and ensure that nothing goes dark. Cisco Talos has taken the extraordinary step of directly operating security... [[ This is only the beginning! Please visit the blog for the complete entry ]] | |||
|
2022-03-01 16:36:24 | Crowd-sourced attacks present new risk of crisis escalation (lien direct) | Authored by Matt OlneyExecutive SummaryAn unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques. Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Threat | ||
|
2022-03-01 06:42:43 | Vulnerability Spotlight: Vulnerabilities in Lansweeper could lead to JavaScript, SQL injections (lien direct) | Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the Lansweeper IT asset management solution that could allow an attacker to inject JavaScript or SQL code on the targeted... [[ This is only the beginning! Please visit the blog for the complete entry ]] | ★★ | ||
|
2022-02-28 07:43:32 | Vulnerability Spotlight: Vulnerabilities in Gerbv could lead to code execution, information disclosure (lien direct) | Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the Gerbv file viewing software that could allow an attacker to execute arbitrary remote code or disclose sensitive information. Gerbv is an... [[ This is only the beginning! Please visit the blog for the complete entry ]] | ★★★★★ | ||
|
2022-02-25 11:44:42 | (Déjà vu) Threat Roundup for February 18 to February 25 (lien direct) | Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 18 and Feb. 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]] | ★★★ | ||
|
2022-02-24 15:03:29 | Threat Advisory: Cyclops Blink (lien direct) | Cisco Talos is aware of the recent reporting around a new modular malware family, Cyclops Blink, that targets small and home office (SOHO) devices, similar to previously observed threats like VPNFilter. This malware is designed to run on Linux systems and is compiled specifically for 32-bit PowerPC... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Malware | VPNFilter | |
|
2022-02-24 15:01:17 | Threat Advisory: HermeticWiper (lien direct) | Cisco Talos is aware of a second wave of wiper attacks ongoing inside Ukraine, leveraging a new wiper that has been dubbed "HermeticWiper." Deployment of the destructive malware began on Feb. 23, 2022. HermeticWiper features behavioral characteristics similar to what was observed during the... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Malware |
To see everything:
Our RSS (filtrered)
