Threat Advisory: Microsoft warns of actively exploited vulnerabilities in Exchange Server
Even organizations that use Exchange Online may still be affected if they run a hybrid server.
Vulnerability Spotlight: Vulnerabilities in WWBN AVideo web app could lead to command injection, authentication bypass
Cisco Talos recently discovered multiple vulnerabilities in the WWBN AVideo web application that could allow an attacker to carry out a wide range of malicious actions, including command injection and authentication bypass. AVideo is an open-source web application that allows us
Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns
By Edmund Brumaghin, Azim Khodjibaev and Matt Thaxton, with contributions from Arnaud Zobec. Executive Summary * Dark Utilities, released in early 2022, is a platform that provides full-featured C2 capabilities to adversaries. * It is marketed as a means to enable remote acc
Vulnerability Spotlight: How misusing properly serialized data opened TCL LinkHub Mesh Wi-Fi system to 17 vulnerabilities
By Carl Hurd. The TCL LinkHub Mesh Wi-Fi system is a multi-device Wi-Fi system that allows users to expand access to their network over a large physical area. What makes the LInkHub system unique is the lack of a network interface to manage the devices individually or in the mes
Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple products
By Francesco Benvenuto. Recently, I was performing some research on a wireless router and noticed the following piece of code: This unescape function will revert the URL encoded bytes to its original form. But something specifically caught my attention: There was no size check
Conti and Hive ransomware operations: What we learned from these groups' victim chats
As part of Cisco Talos’ continuous efforts to learn more about the current ransomware landscape, we recently examined a trove of chat logs between the Conti and Hive ransomware gangs and their victims. Ransomware-as-a-service groups have exploded in popularity over the past few
Quarterly Report: Incident Response trends in Q1 2022
Ransomware continues as the top threat, while a novel increase in APT activity emerges Ransomware was still the top threat Cisco Talos Incident Response (CTIR) saw in active engagements this quarter, continuing a trend that started in 2020. As mentioned in the 2021 year-in-revie
Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter
By Edmund Brumaghin, with contributions from Alex Karkins. * Ongoing malware distribution campaigns are using ISO disk images to deliver AsyncRAT, LimeRAT and other commodity malware to victims. * The infections leverage process injection to evade detection by endpoint securit
Threat Advisory: Spring4Shell
UPDATE, APRIL 4, 2022: The Kenna Risk Score for CVE-2022-22965 is currently at maximum 100. This is an exceptionally rare score, of which only 415 out of 184,000 CVEs (or 0.22 percent) have achieved, reflecting the severity and potential effects of this vulnerability. To get a r