What's new arround internet
Last one

Src Date (GMT) Titre Description Tags Stories Notes
2021-11-30 08:58:28 Cisco named leader in Incident Response Services (lien direct) By Brad Garnett. It has been more than two years already since Cisco Incident Response became a part of the Talos family. Since then, my team has continued a journey to simplify our offering for consumption and make incident response the ultimate team sport.  That is why I could not be more... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-11-30 07:26:49 Case Study: Catching threats ahead of time with a penetration test from the Cisco Talos Incident Response Red Team (lien direct) By Brad Garnett, Miguel Alvarez Esmoris, Terryn Valikodath and Bob Doyle.  As we mentioned in a previous case study, relationships are tried and tested during incident response. So, when a customer came to Cisco Talos Incident Response with concerns about their public-facing website, CTIR knew... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-11-29 07:00:00 An Azure Sphere kernel exploit - or how I learned to stop worrying and love the IoT (lien direct) By Claudio Bozzato and Lilith [^.^];. As part of our continued research into Microsoft Azure Sphere, there are two vulnerabilities we discovered that we feel are particularly dangerous. For a full rundown of the 31 vulnerabilities we've discovered over the past year, check out our full recap... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-11-24 06:01:14 Talos Takes Ep. #78: Attackers would love to buy you a non-existent PS5 this holiday season (lien direct) By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We know this episode comes around every year, but people keep falling for scams, so we have to remind people how to... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-11-23 10:54:23 Attackers exploiting zero-day vulnerability in Windows Installer - Here\'s what you need to know and Talos\' coverage (lien direct) Cisco Talos is releasing new SNORTⓇ rules to protect against the exploitation of a zero-day elevation of privilege vulnerability in Microsoft Windows Installer. This vulnerability allows an attacker with a limited user account to elevate their privileges to become an administrator. This... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2021-11-22 11:05:14 A review of Azure Sphere vulnerabilities: Unsigned code execs, kernel bugs, escalation chains and firmware downgrades (lien direct) Summary of all the vulnerabilities reported by Cisco Talos in Microsoft Azure Sphere By Claudio Bozzato and Lilith [>_>]. In May 2020, Microsoft kicked off the Azure Sphere Security Research Challenge, a three-month initiative aimed at finding bugs in Azure Sphere. In the first three months,... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-11-22 09:16:47 Vulnerability Spotlight: PHP deserialize vulnerability in CloudLinux Imunity360 could lead to arbitrary code execution (lien direct) Marcin “Icewall” Noga of Cisco Talos. Blog by Jon Munshaw.  Cisco Talos recently discovered a vulnerability in the Ai-Bolit functionality of CloudLinux Inc Imunify360 that could lead to arbitrary code execution.  Imunify360 is a security platform for web-hosting servers that allows users... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability Guideline
2021-11-22 05:01:13 Back from the dead: Emotet re-emerges, begins rebuilding to wrap up 2021 (lien direct) Executive summary Emotet has been one of the most widely distributed threats over the past several years. It has typically been observed being distributed via malicious spam email campaigns, and often leads to additional malware infections as it provides threat actors with an initial foothold in an... [[ This is only the beginning! Please visit the blog for the complete entry ]] Spam Malware Threat Guideline
2021-11-19 11:31:17 (Déjà vu) Threat Roundup for November 12 to November 19 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 12 and Nov. 19. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-11-19 08:45:43 Beers with Talos, Ep. #111: We say goodbye to Craig and his killer robots (lien direct) Beers with Talos (BWT) Podcast episode No. 111 is now available. Download this episode and subscribe to Beers with Talos: Apple Podcasts  Google Podcasts  Spotify  StitcherIf iTunes and Google Play aren't your thing, click here. We apologize for holding onto this... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-11-19 08:18:32 Talos Takes Ep. #77: How to connect to (and safely use) public WiFi (lien direct)   By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Whenever we walk into a bar or restaurant, it's almost a given that we're going to ask the bartender or server:... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-11-18 11:00:00 Threat Source Newsletter (Nov. 18, 2021) (lien direct) Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   This is our last newsletter before Thanksgiving in the U.S. next week, so now's as good of a time as any to remind you: If a deal seems too good to be true, it probably is.  To prep online shoppers for the upcoming... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-11-17 12:03:21 Vulnerability Spotlight: Multiple code execution vulnerabilities in LibreCAD (lien direct) Lilith >_> of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.  Cisco Talos recently discovered three vulnerabilities in LibreCAD's libdfxfw open-source library.  This library reads and writes .dxf and .dwg files - the primary file format for vector graphics in CAD... [[ This is only the beginning! Please visit the blog for the complete entry ]] ★★
2021-11-17 06:26:34 Talos\' tips for staying safe while shopping online this holiday season (lien direct) By Jon Munshaw.  Attackers will resort to all tactics to trick users into downloading malware, handing over credit card data or completing compromising their machine.  No topic is off-limits, and threat actors have resorted to using everything from PlayStation 5 sales, to COVID-19 cures... [[ This is only the beginning! Please visit the blog for the complete entry ]] Threat
2021-11-16 04:00:22 Attackers use domain fronting technique to target Myanmar with Cobalt Strike (lien direct) By Chetan Raghuprasad, Vanja Svajcer and Asheer Malhotra. News Summary Cisco Talos discovered a new malicious campaign using a leaked version of Cobalt Strike in September 2021. This shows that Cobalt Strike, although it was originally created as a legitimate tool, continues to be something... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-11-15 11:23:06 Vulnerability Spotlight: Vulnerabilities in Lantronix PremierWave 2050 could lead to code execution, file deletion (lien direct) Matt Wiseman discovered these vulnerabilities. Blog by Jon Munshaw.  Cisco Talos recently discovered multiple vulnerabilities in Lantronix's PremierWave 2050, an embedded Wi-Fi module.  There are several vulnerabilities in PremierWave 2050's Web Manager, a web-accessible application that... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-11-12 11:33:21 (Déjà vu) Threat Roundup for November 5 to November 12 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 5 and Nov. 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-11-12 08:37:49 Talos Takes Ep. #76: What is Kimsuky phishing around for? (lien direct) By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Blog posts aren't just for sharing your darkest secrets from high school anymore. They're also used by attackers to... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-11-11 11:00:00 Threat Source newsletter (Nov. 11, 2021) (lien direct) Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   It's important to be proactive, and not reactive, with your security. It's always better to see the worst coming and block it than have to scramble to deal with the worst-case scenario in the moment. That's why it's so... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-11-10 14:11:03 North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets (lien direct)   By Jung soo An and Asheer Malhotra, with contributions from Kendall McKay. Cisco Talos has observed a new malware campaign operated by the Kimsuky APT group since June 2021.Kimsuky, also known as Thallium and Black Banshee, is a North Korean state-sponsored advanced... [[ This is only the beginning! Please visit the blog for the complete entry ]] Malware Cloud APT 37
2021-11-09 14:27:30 Microsoft Patch Tuesday for Nov. 2021 - Snort rules and prominent vulnerabilities (lien direct) By Jon Munshaw and Tiago Pereira.  Microsoft released its monthly security update Tuesday, disclosing 56 vulnerabilities in the company's various software, hardware and firmware offerings, including one that's actively being exploited in the wild.   November's security update... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-11-09 10:42:21 Cisco Talos finds 10 vulnerabilities in Azure Sphere\'s Linux kernel, Security Monitor and Pluton (lien direct) By Claudio Bozzato and Lilith [-_-];. Following our previous engagements (see blog posts 1, 2, 3 and 4) with Microsoft's Azure Sphere IoT platform, we decided to take another look at the device, without all the rush and commotion that normally entails a hacking challenge.  Today, we're... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-11-05 10:47:41 (Déjà vu) Threat Roundup for October 29 to November 5 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 29 and Nov. 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-11-04 11:00:00 Threat Source newsletter (Nov. 4, 2021) (lien direct) Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   A series of vulnerabilities in Microsoft Exchange Server made waves earlier this year for coming under attack. And while they've come and gone from the headlines since then, attackers are still very much paying... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-11-04 06:51:46 The features all Incident Response Plans need to have (lien direct) By Paul Lee, Yuri Kramarz and Martin Lee. Adversaries are always growing their capabilities and changing their tactics, leading to a greater number of incidents and data breaches. This is supported by organizations such as ITRC who reports that the number of data breaches in 2021 is already greater... [[ This is only the beginning! Please visit the blog for the complete entry ]] Guideline
2021-11-03 05:00:10 Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk (lien direct) By Chetan Raghuprasad and Vanja Svajcer, with contributions from Caitlin Huey. Cisco Talos recently discovered a malicious campaign deploying variants of the Babuk ransomware predominantly affecting users in the U.S. with smaller number of infections in U.K., Germany, Ukraine, Finland, Brazil,... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware
2021-10-29 14:30:20 (Déjà vu) Threat Roundup for October 22 to October 29 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 22 and Oct. 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-10-28 11:00:00 Threat Source newsletter (Oct. 28, 2021) (lien direct) Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   Most people know about chicken and waffles. But what about squirrel and waffles? They may not be the most appetizing brunch, but they are teaming up for one heck of a spam campaign.  We have new research out... [[ This is only the beginning! Please visit the blog for the complete entry ]] Spam
2021-10-28 05:00:00 Quarterly Report: Incident Response trends from Q3 2021 (lien direct) Ransomware again dominated the threat landscape, while BEC grew  By David Liebenberg and Caitlin Huey.  Once again, ransomware was the most dominant threat observed in Cisco Talos Incident Response (CTIR) engagements this quarter.   CTIR helped resolve several significant... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware Threat
2021-10-26 05:01:17 SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike (lien direct) By Edmund Brumaghin, Mariano Graziano and Nick Mavis. Executive summary Recently, a new threat, referred to as "SQUIRRELWAFFLE" is being spread more widely via spam campaigns, infecting systems with a new malware loader. This is a malware family that's been spread with increasing regularity and... [[ This is only the beginning! Please visit the blog for the complete entry ]] Spam Malware
2021-10-22 13:33:23 (Déjà vu) Threat Roundup for October 15 to October 22 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 15 and Oct. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-10-21 11:00:00 Threat Source newsletter (Oct. 21, 2021) (lien direct)  Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   We're writing this on Wednesday for PTO reasons, so apologies if we miss any major news that happens after Wednesday afternoon.  Above, you can watch our awesome live stream from Monday with Brad Garnett from... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-10-19 17:01:51 Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India (lien direct) Cisco Talos recently discovered a threat actor using political and government-themed malicious domains to target entities in India and Afghanistan.These attacks use dcRAT and QuasarRAT for Windows delivered via malicious documents exploiting CVE-2017-11882 - a memory corruption vulnerability in... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability Threat
2021-10-19 13:13:08 Beers with Talos, Ep. #110: The 10 most-exploited vulnerabilities this year (You won\'t believe No. 6!) (lien direct) Beers with Talos (BWT) Podcast episode No. 110 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify  StitcherIf iTunes and Google Play aren't your thing, click here. We mainly spend this episode doing some catching up... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-10-18 12:04:21 Vulnerability Spotlight: Multiple vulnerabilities in ZTE MF971R LTE router (lien direct) Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.  Cisco Talos recently discovered multiple vulnerabilities in the ZTE MF971R LTE portable router.  The MF971R is a portable router with Wi-Fi support and works as an LTE/GSM modem. An attacker could... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-10-15 14:08:48 (Déjà vu) Threat Roundup for October 8 to October 15 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 8 and Oct. 15. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-10-15 08:07:16 Talos Takes Ep. #73 (NCSAM edition): Fight the phish from land, sea and air (lien direct) By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Most people may think of spam as being the classic email promising that you've won the lottery or some great prize,... [[ This is only the beginning! Please visit the blog for the complete entry ]] Spam
2021-10-14 11:00:00 Threat Source newsletter (Oct. 14, 2021) (lien direct) Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   It's still Cybersecurity Awareness Month, and what better way to celebrate by patching and then patching some more?  This week was Microsoft Patch Tuesday, which only included two critical vulnerabilities, but still... [[ This is only the beginning! Please visit the blog for the complete entry ]] Patching
2021-10-14 10:17:48 (Déjà vu) Vulnerability Spotlight: Code execution vulnerabilities in Nitro Pro PDF (lien direct) A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw.  Cisco Talos recently discovered multiple vulnerabilities in the Nitro Pro PDF reader that could allow an attacker to execute code in the context of the application.  Nitro Pro PDF is part of Nitro Software's... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-10-12 12:48:55 Vulnerability Spotlight: Use-after-free vulnerability in Microsoft Excel could lead to code execution (lien direct) Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.  Cisco Talos recently discovered a use-after-free vulnerability in the ConditionalFormatting functionality of Microsoft Office Excel 2019 that could allow an attacker to execute arbitrary code on the... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2021-10-12 10:35:42 Microsoft Patch Tuesday for Oct. 2021 - Snort rules and prominent vulnerabilities (lien direct) By Jon Munshaw, with contributions from Asheer Malhotra.  Microsoft released its monthly security update Tuesday, disclosing 78 vulnerabilities in the company's various software, hardware and firmware offerings.   This month's release is particularly notable because there are only... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-10-12 07:49:10 Vulnerability Spotlight: Vulnerabilities in Anker Eufy Homebase could lead to code execution, buffer overflows (lien direct) Lilith >_> of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.  Cisco Talos recently discovered two vulnerabilities in the Anker Eufy Homebase.  The Eufy Homebase 2 is the video storage and networking gateway that works with Anker's Eufy Smarthome ecosystem. All Eufy... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-10-08 10:14:01 (Déjà vu) Threat Roundup for October 1 to October 8 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 1 and Oct. 8. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-10-08 05:45:58 Talos Takes Ep. #71 (NCSAM edition): Reflecting on ransomware in 2021 (lien direct) By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We are from the first (or last) people to say this, but 2021 is the year of ransomware. It's by far the biggest story... [[ This is only the beginning! Please visit the blog for the complete entry ]] Ransomware
2021-10-07 12:36:06 (Déjà vu) Threat Advisory: Apache HTTP Server zero-day vulnerability opens door for attackers (lien direct) A recently discovered vulnerability in Apache HTTP Server (CVE-2021-41733) is being actively exploited in the wild. This vulnerability is a path traversal and file disclosure vulnerability that could allow an attacker to map URLs outside of the document root. It could also result in exposure of... [[ This is only the beginning! Please visit the blog for the complete entry ]] Vulnerability
2021-10-07 11:00:00 Threat Source newsletter (Oct. 7, 2021) (lien direct) Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   Every day, we see mountains and mountains of data. So how do we comb through all of it to find out what's important to customers and users? Well, there are many ways, but we wanted to give readers and researchers a look... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-10-06 05:04:20 Threat hunting in large datasets by clustering security events (lien direct) By Tiago Pereira. Security tools can produce very large amounts of data that even the most sophisticated organizations may struggle to manage. Big data processing tools, such as spark, can be a powerful tool in the arsenal of security teams.This post walks through threat hunting on large datasets... [[ This is only the beginning! Please visit the blog for the complete entry ]] Tool Threat
2021-10-01 14:07:12 (Déjà vu) Threat Roundup for September 24 to October 1 (lien direct) Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 24 and Oct. 1. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-10-01 06:00:00 Talos Takes Ep. #70: Let\'s put a positive spin on this whole working from home thing for once (lien direct) By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. As part of National Cybersecurity Awareness Month, we're releasing a special series of Talos Takes episodes focused on... [[ This is only the beginning! Please visit the blog for the complete entry ]]
2021-09-30 11:00:00 Threat Source newsletter (Sept. 30, 2021) (lien direct) Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.   In the latest example of attackers trying to capitalize on current headlines, we've spotted a group using the recent fervor around the Pegasus spyware to spread malware.  We've detailed a campaign in which the... [[ This is only the beginning! Please visit the blog for the complete entry ]]
Last update at: 2024-06-11 20:07:08
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter