Vulnerability Spotlight: Vulnerabilities in WWBN AVideo web app could lead to command injection, authentication bypass
Cisco Talos recently discovered multiple vulnerabilities in the WWBN AVideo web application that could allow an attacker to carry out a wide range of malicious actions, including command injection and authentication bypass. AVideo is an open-source web application that allows us
Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns
By Edmund Brumaghin, Azim Khodjibaev and Matt Thaxton, with contributions from Arnaud Zobec. Executive Summary * Dark Utilities, released in early 2022, is a platform that provides full-featured C2 capabilities to adversaries. * It is marketed as a means to enable remote acc
Conti and Hive ransomware operations: What we learned from these groups' victim chats
As part of Cisco Talos’ continuous efforts to learn more about the current ransomware landscape, we recently examined a trove of chat logs between the Conti and Hive ransomware gangs and their victims. Ransomware-as-a-service groups have exploded in popularity over the past few
Quarterly Report: Incident Response trends in Q1 2022
Ransomware continues as the top threat, while a novel increase in APT activity emerges Ransomware was still the top threat Cisco Talos Incident Response (CTIR) saw in active engagements this quarter, continuing a trend that started in 2020. As mentioned in the 2021 year-in-revie
Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter
By Edmund Brumaghin, with contributions from Alex Karkins. * Ongoing malware distribution campaigns are using ISO disk images to deliver AsyncRAT, LimeRAT and other commodity malware to victims. * The infections leverage process injection to evade detection by endpoint securit
Threat Advisory: Spring4Shell
UPDATE, APRIL 4, 2022: The Kenna Risk Score for CVE-2022-22965 is currently at maximum 100. This is an exceptionally rare score, of which only 415 out of 184,000 CVEs (or 0.22 percent) have achieved, reflecting the severity and potential effects of this vulnerability. To get a r
Vulnerability Spotlight: Heap overflow in Sound Exchange libsox library
Lilith >_> of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in the sphere.c start_read() functionality of Sound Exchange libsox. The libsox library is a library of sound sample file fo
Threat advisory: Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools
This post is also available in: Українська (Ukrainian) Update March 17, 2022: Cisco Talos has updated the IOC section with additional hashes and ClamAV coverage. Executive summary * Opportunistic cybercriminals are attempting to exploit Ukrainian sympathizers by offering ma
Cisco stands on guard with our customers in Ukraine
This post is also available in: Українська (Ukrainian) * As the Russia-led invasion intensifies, Ukraine is being attacked by bombs and bytes. Cisco is working around the clock on a global, company-wide effort to protect our customers there and ensure that nothing goes dark.