Fighting the Good Fight: Life inside the Talos Ukraine Task Unit
In the months leading up to Russia’s invasion of Ukraine, Cisco and Talos did everything we could to support our friends, partners and colleagues, who were facing a reality unlike anything that can be found in any technical training manual, SOP or SLA.
Emotet resumes spam operations, switches to OneNote
Since returning, Emotet has leveraged several distinct infection chains, indicating that they are modifying their approach based on their perceived success in infecting new systems.
Threat Advisory: Microsoft Outlook privilege escalation vulnerability being exploited in the wild
Cisco Talos is urging all users to update Microsoft Outlook after the discovery of a critical vulnerability, CVE-2023-23397, in the email client that attackers are actively exploiting in the wild.
Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency
Cisco Talos has identified a new espionage oriented threat actor, which we are naming “YoroTrooper,” targeting a multitude of entities in Europe and Turkey.
Threat Roundup for March 17 to March 24
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 17 and March 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavio
Threat Source newsletter (March 23, 2023) — Meta is threatening to ban news sharing in Canada. Good.
Facebook users are notoriously the biggest offenders for sharing fake news and misinformation.
Senderbase.org redirects to end in April
As of April 20, 2023, we are decommissioning SenderBase.org and any attempts to visit that web page will fail.
Vulnerability Spotlight: Netgear Orbi router vulnerable to arbitrary command execution
Cisco Talos recently discovered four vulnerabilities in the Netgear Orbi mesh wireless system, including the main hub router and satellite routers that extend the network’s range.
Vulnerability Spotlight: WellinTech ICS platform vulnerable to information disclosure, buffer overflow vulnerabilities
If an adversary could capture an authentication packet, it contains all the necessary information to steal the target user’s username and password for the software.
Threat Roundup for March 10 to March 17
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 10 and March 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavio
Vulnerability Spotlight: Node-SQLite3 issue could lead to denial of service in Ghost CMS
Due to JSON format limitations, the vulnerability only manifests itself as a remote denial of service in Ghost CMS, which crashes the Node.js process. However, the vulnerability could potentially lead to remote code execution in other products that use it.