Cisco Talos Blog

February 8, 2024 08:00

New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization

Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.”

December 5, 2023 18:25

The malware, attacker trends and more that shaped the threat landscape in 2023

The second annual Cisco Talos Year in Review draws on a massive amount of threat data to analyze the major trends that shaped the threat landscape in 2023.

October 31, 2023 07:00

Arid Viper disguising mobile spyware as updates for non-malicious Android applications

Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.

October 25, 2023 12:00

9 vulnerabilities found in VPN software, including 1 critical issue that could lead to remote code execution

Attackers could exploit these vulnerabilities in the SoftEther VPN solution for individual and enterprise users to force users to drop their connections or execute arbitrary code on the targeted machine.

October 17, 2023 12:00

Why logging is one of the most overlooked aspects of incident response, and how Cisco Talos IR can help

As the adoption of digital technologies increases, the volume of log data grows, which makes it challenging for cybersecurity teams to identify which logs are most valuable when investigating and analyzing threats.

October 16, 2023 11:05

Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities

Cisco has identified active exploitation of two previously unknown vulnerabilities in the Web User Interface (Web UI) feature of Cisco IOS XE software — CVE-2023-20198 and CVE-2023-20273 — when exposed to the internet or untrusted networks.

October 11, 2023 19:06

What to know about the HTTP/2 Rapid Reset DDoS attacks

CVE-2023-44487, a vulnerability in the HTTP/2 protocol, was recently used to launch intensive DDoS attacks against several targets.

September 14, 2023 08:00

How Cisco Talos IR helped a healthcare company quickly resolve a Qakbot attack

A healthcare company recently detected a potential Qakbot infection early, and with the help of the Talos IR team, evicted the threat actor from their network quickly before any harm could come to the organization or its customers.

September 6, 2023 12:46

Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication

OAS Platform allows various devices, including PLCs, servers, files, databases and internet-of-things platforms to communicate with one another and share data when they otherwise would be unable to because of their various protocols.