Cisco Talos Intelligence Blog

Featured

Fighting the Good Fight: Life inside the Talos Ukraine Task Unit

In the months leading up to Russia’s invasion of Ukraine, Cisco and Talos did everything we could to support our friends, partners and colleagues, who were facing a reality unlike anything that can be found in any technical training manual, SOP or SLA.

March 22, 2023 15:03

Emotet resumes spam operations, switches to OneNote

Since returning, Emotet has leveraged several distinct infection chains, indicating that they are modifying their approach based on their perceived success in infecting new systems.

March 15, 2023 19:03

Threat Advisory: Microsoft Outlook privilege escalation vulnerability being exploited in the wild

Cisco Talos is urging all users to update Microsoft Outlook after the discovery of a critical vulnerability, CVE-2023-23397, in the email client that attackers are actively exploiting in the wild.

March 14, 2023 07:03

Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency

Cisco Talos has identified a new espionage oriented threat actor, which we are naming “YoroTrooper,” targeting a multitude of entities in Europe and Turkey.

Recent
March 24, 2023 13:03

Threat Roundup for March 17 to March 24

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 17 and March 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavio

March 23, 2023 14:03

Threat Source newsletter (March 23, 2023) — Meta is threatening to ban news sharing in Canada. Good.

Facebook users are notoriously the biggest offenders for sharing fake news and misinformation.

March 23, 2023 07:03

Senderbase.org redirects to end in April

As of April 20, 2023, we are decommissioning SenderBase.org and any attempts to visit that web page will fail.

March 21, 2023 13:03

Vulnerability Spotlight: Netgear Orbi router vulnerable to arbitrary command execution

Cisco Talos recently discovered four vulnerabilities in the Netgear Orbi mesh wireless system, including the main hub router and satellite routers that extend the network’s range.

March 21, 2023 09:03

Vulnerability Spotlight: WellinTech ICS platform vulnerable to information disclosure, buffer overflow vulnerabilities

If an adversary could capture an authentication packet, it contains all the necessary information to steal the target user’s username and password for the software.

March 17, 2023 15:03

Threat Roundup for March 10 to March 17

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 10 and March 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavio

March 16, 2023 14:03

Vulnerability Spotlight: Node-SQLite3 issue could lead to denial of service in Ghost CMS

Due to JSON format limitations, the vulnerability only manifests itself as a remote denial of service in Ghost CMS, which crashes the Node.js process. However, the vulnerability could potentially lead to remote code execution in other products that use it.