What Cisco Talos knows about the Rhysida ransomware
The group appears to commonly deploy double extortion — of the victims that have been listed on the leak site, several of them have had some portion of their exfiltrated data exposed.
The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
Given the privileged position these devices occupy on the networks they serve, they are prime targets for attackers, so their security posture is of paramount importance.
What might authentication attacks look like in a phishing-resistant future?
Even if the internet at large adopts passkeys, attackers can still find a way in.
Memory corruption vulnerability in Microsoft Edge; MilesightVPN and router could be taken over
In all, Talos released 22 security advisories regarding Milesight products this month, nine of which have a CVSS score greater than 8, associated with 69 CVEs.
The growth of commercial spyware based intelligence providers without legal or ethical supervision
Commercial spyware has become so notorious that international governments are taking notice and action against it, as evidenced by the Biden administration’s recent Executive Order on commercial spyware.
Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group
The Clop ransomware group has claimed responsibility for exploiting the vulnerability to deploy a previously unseen web shell, LemurLoot.
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox).
Vulnerability Spotlight: Authentication bypass, use-after-free vulnerabilities found in a library for the µC/OS open-source operating system
TALOS-2022-1680 (CVE-2022-41985) could allow an attacker to bypass the authentication protocol on the operating system, or cause a denial-of-service, by sending the targeted machine a specially crafted set of network packets.
Vulnerability Spotlight: Vulnerabilities in IBM AIX could lead to command injection with elevated privileges
The issue could then allow the malicious actor to generate arbitrary logs which can trigger malicious commands to be run with elevated privileges.