Threat Advisory: Opportunistic cyber criminals take advantage of Ukraine invasion
By Edmund Brumaghin, with contributions from Jonathan Byrne, Perceo Lemos and Vasileios Koutsoumpogeras. This post is also available in: 日本語 (Japanese) Українська (Ukrainian) Executive Summary * Since the beginning of the war in Ukraine, we have observed threat actors usin
Microsoft Patch Tuesday for March 2022 — Snort rules and prominent vulnerabilities
Microsoft released another relatively light security update Tuesday, disclosing 71 vulnerabilities, including fixes for issues in Azure and the Office suite of products. March’s Patch Tuesday only included two critical vulnerabilities, which is notable considering there weren’t a
Threat Advisory: Critical Apache Log4j vulnerability being exploited in the wild
Update History DateDescription of UpdatesDec. 20, 2021 Additional coverage and IOCs; additional detection capabilities for customers via Cisco Global Threat Alerts. Dec. 18, 2021 Additional mitigation guidance; updated coverage information. Dec. 17, 2021 Added additional vulner
Attracting flies with Honey(gain): Adversarial abuse of proxyware
By Edmund Brumaghin and Vitor Ventura. * With internet-sharing applications, or "proxyware," users download software that allows them to share a percentage of their bandwidth with other internet users for a fee, with the companies that created this software acting as
Vice Society leverages PrintNightmare in ransomware attacks
Executive Summary Another threat actor is actively exploiting the so-called PrintNightmarevulnerability (CVE-2021-1675 / CVE-2021-34527) in Windows' print spooler service to spread laterally across a victim's network as part of a recent ransomware attack, according to Ci
Threat Roundup for May 28 to June 4
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 28 and June 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key
Threat Roundup for May 21 to May 28
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 21 and May 28. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key
Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs
By Caitlin Huey and Andrew Windsor with contributions from Edmund Brumaghin. * Lemon Duck continues to refine and improve upon their tactics, techniques and procedures as they attempt to maximize the effectiveness of their campaigns. * Lemon Duck remains relevant as the operat
Sowing Discord: Reaping the benefits of collaboration app abuse
As telework has become the norm throughout the COVID-19 pandemic, attackers are modifying their tactics to take advantage of the changes to employee workflows. * Attackers are leveraging collaboration platforms, such as Discord and Slack, to stay under the radar and evade organ