Cisco Talos Intelligence Blog

Featured

Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns

* The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors. * Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure

December 2, 2022 10:12

Protecting major events: an incident response blueprint

Cisco Talos Incident Response (Talos IR) is sharing a white paper on the steps organizations should follow to secure any major event. These ten focus areas should help guide any organizing committee or participating businesses in preparation for securing such events..

November 17, 2022 14:11

Threat Source newsletter (Nov. 17, 2022): Hot off the press! The Snort 2023 Calendar is here

The Snort 2023 calendar is finally here, and y’all, it’s a good one. Packed full of classic memes and punny Snorties, the calendar is sure to delight all year long.

November 17, 2022 08:11

Get a Loda This: LodaRAT meets new friends

* LodaRAT samples were deployed alongside other malware families, including RedLine and Neshta. * Cisco Talos identified several variants and altered versions of LodaRAT with updated functionality have been seen in the wild. * Changes in these LodaRAT variants include new f

Recent
December 7, 2022 13:12

Vulnerability Spotlight: Memory corruption vulnerability discovered in PowerISO

Piotr Bania of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a memory corruption vulnerability in PowerISO. TALOS-2022-1644 (CVE-2022-41992) is a memory corruption vulnerability that exists in the VHD File Format parsing functionality of PowerISO 8.

December 6, 2022 11:12

Vulnerability Spotlight: NVIDIA driver memory corruption vulnerabilities discovered

Piotr Bania of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two memory corruption vulnerabilities in shader functionality of an NVIDIA driver. NVIDIA Graphics drivers are software for NVIDIA Graphics GPU installed on the PC. They are used to com

December 2, 2022 10:12

Protecting major events: an incident response blueprint

Cisco Talos Incident Response (Talos IR) is sharing a white paper on the steps organizations should follow to secure any major event. These ten focus areas should help guide any organizing committee or participating businesses in preparation for securing such events..

December 1, 2022 10:12

Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities

Marcin ‘Icewall’ Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper. Lansweeper is an IT Asset Management solution that gathers hardware and software informatio

November 29, 2022 08:11

Researcher Spotlight: How working for Talos started out as an ‘accident’ for Ashlee Benge before coming a second career

Talos’ lead of data strategy and insights has a lot of weight on her shoulders currently, but it’s nothing she’s not used to

November 22, 2022 10:11

Vulnerability Spotlight: Callback Technologies CBFS Filter denial-of-service vulnerabilities

Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered three denial-of-service vulnerabilities in Callback Technologies CBFS Filter. Callback Technologies has a CBFS file storage solution for use in customizing data persistence on devi

November 18, 2022 12:11

Threat Round up for November 11 to 18

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 11 and Nov. 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behaviora

November 17, 2022 14:11

Threat Source newsletter (Nov. 17, 2022): Hot off the press! The Snort 2023 Calendar is here

The Snort 2023 calendar is finally here, and y’all, it’s a good one. Packed full of classic memes and punny Snorties, the calendar is sure to delight all year long.

November 17, 2022 08:11

Get a Loda This: LodaRAT meets new friends

* LodaRAT samples were deployed alongside other malware families, including RedLine and Neshta. * Cisco Talos identified several variants and altered versions of LodaRAT with updated functionality have been seen in the wild. * Changes in these LodaRAT variants include new f

November 15, 2022 16:11

Vulnerability Spotlight: Microsoft Office class attribute double-free vulnerability

Marcin 'Icewall’ Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered a class attribute double-free vulnerability in Microsoft Office. Microsoft Office is a suite of tools used for productivity in both a corporate environment as well as by end-u

November 10, 2022 16:11

Threat Source newsletter (Nov. 10, 2022): Vulnerability research, movies in class, and Emotet once again

Welcome to this week’s edition of the Threat Source newsletter. Tuesday was an absolute hammer for the infosec community. Not only did we have the US elections but we had Emotet returning and a regular Microsoft Tuesday release. That release always leads me to think about the bu

November 10, 2022 15:11

Vulnerability Spotlight: Use-after-free vulnerabilities in Foxit Reader could lead to arbitrary code execution

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered several use-after-free vulnerabilities in Foxit Reader that could lead to arbitrary code execution. The Foxit Reader is one of the most popular PDF document readers, which aims t

November 9, 2022 08:11

Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns

* The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors. * Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure

November 8, 2022 13:11

Microsoft Patch Tuesday for November 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”

November 8, 2022 11:11

Emotet coming in hot

Emotet is a ubiquitous and well-known banking trojan that has evolved over the years to become a very successful modular botnet capable of dropping a variety of other threats. Even after a global takedown campaign in early 2021 disrupted the botnet, it reemerged later that year,