Cisco Talos Intelligence Blog

December 14, 2022 12:12

Ukraine Topic Summary Report: Cisco Talos Year in Review 2022

Talos’ support for Ukraine has lead us to launch a task force to monitor critical infrastructure - identifying threats, remediating attacks, and gathering information. Discover the top adversaries, threats, and behavior trends Talos has observed this past year in Ukraine.

December 14, 2022 08:12

Talos Year in Review 2022

We expect this data-driven story will shed some insight into Cisco’s and the security community’s most notable successes and remaining challenges. As these Year in Review reports continue in the future, we aim to help explain how the threat landscape changes from one year to the next.

December 8, 2022 11:12

2022 Year in Review Livestream

Did you miss our livestream focused on the Ukraine topics presented in the Cisco Talos Year in Review report? Join host Hazel Burton and special guests Kendall McKay, Nick Randolph, and Vanja Svajcer as they discuss Talos' now-years-long critical infrastructure effort in Ukraine.

November 8, 2022 11:11

Emotet coming in hot

Emotet is a ubiquitous and well-known banking trojan that has evolved over the years to become a very successful modular botnet capable of dropping a variety of other threats. Even after a global takedown campaign in early 2021 disrupted the botnet, it reemerged later that year,

November 1, 2022 15:11

Threat Advisory: High Severity OpenSSL Vulnerabilities

In late October two new buffer overflow vulnerabilities, CVE-2022-3602 and CVE-2022-3786, were announced in OpenSSL versions 3.0.0 to 3.0.6. These vulnerabilities can be exploited by sending an X.509 certificate with a specially crafted email address, potentially causing a buffer

September 30, 2022 17:09

Threat Advisory: Microsoft warns of actively exploited vulnerabilities in Exchange Server

Even organizations that use Exchange Online may still be affected if they run a hybrid server.

August 16, 2022 11:08

Vulnerability Spotlight: Vulnerabilities in WWBN AVideo web app could lead to command injection, authentication bypass

Cisco Talos recently discovered multiple vulnerabilities in the WWBN AVideo web application that could allow an attacker to carry out a wide range of malicious actions, including command injection and authentication bypass. AVideo is an open-source web application that allows us

August 4, 2022 08:08

Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns

By Edmund Brumaghin, Azim Khodjibaev and Matt Thaxton, with contributions from Arnaud Zobec. Executive Summary * Dark Utilities, released in early 2022, is a platform that provides full-featured C2 capabilities to adversaries. * It is marketed as a means to enable remote acc

August 1, 2022 12:08

Vulnerability Spotlight: How misusing properly serialized data opened TCL LinkHub Mesh Wi-Fi system to 17 vulnerabilities

By Carl Hurd. The TCL LinkHub Mesh Wi-Fi system is a multi-device Wi-Fi system that allows users to expand access to their network over a large physical area. What makes the LInkHub system unique is the lack of a network interface to manage the devices individually or in the mes