Cisco Talos Intelligence Blog

August 18, 2022 08:08

Ukraine war spotlights agriculture sector's vulnerability to cyber attack

The war in Ukraine has caused massive problems for global food supplies, underscoring the high impact of disruptive events to agriculture entities and related organizations. * The challenges to the Ukrainian agriculture sector imposed by the war--and global ripple effects--have

August 12, 2021 18:08

Vice Society leverages PrintNightmare in ransomware attacks

Executive Summary Another threat actor is actively exploiting the so-called PrintNightmarevulnerability (CVE-2021-1675 / CVE-2021-34527) in Windows' print spooler service to spread laterally across a victim's network as part of a recent ransomware attack, according to Cisco Talo

July 2, 2021 22:07

REvil ransomware actors attack Kaseya in supply chain attack

Updated on July 6, 2021: As analysis of the ransomware attack affecting organizations using Kaseya VSA has continued, we are sharing an update containing additional information. As new details are identified, this information may be updated as needed. * This event consisted of

February 2, 2021 08:02

Interview with a LockBit ransomware operator

By Azim Khodjibaev, Dmytro Korzhevin and Kendall McKay. Ransomware is still highly prevalent in our current threat landscape — it's one of the top threats Cisco Talos Incident Response responds to. One such ransomware family we encounter is called LockBit, a ransomware-as-a-serv

November 5, 2020 17:11

Vulnerability Spotlight: Multiple JavaScript vulnerabilities in Adobe Acrobat Reader

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Joe Marshall Cisco Talos recently discovered an heap buffer overflow and a use after free vulnerability in Adobe Acrobat Reader. Adobe Acrobat Reader is one of the most popular and feature-r

October 21, 2020 15:10

Vulnerability Spotlight: A deep dive into WAGO’s cloud connectivity and the vulnerabilities that arise

Report and research by Kelly Leuschner. WAGO makes several programmable automation controllers that are used in many industries including automotive, rail, power engineering, manufacturing and building management. Cisco Talos discovered 41 vulnerabilities in their PFC200 and PFC

June 11, 2020 14:06

Tor2Mine is up to their old tricks — and adds a few new ones

By Kendall McKay and Joe Marshall. Threat summary * Cisco Talos has identified a resurgence of activity by Tor2Mine, a cryptocurrency mining group that was likely last active in 2018. Tor2Mine is deploying additional malware to harvest credentials and steal more money, includ

May 14, 2020 15:05

The basics of a ransomware infection as Snake, Maze expands

There have recently been several high-profile ransomware campaigns utilizing Maze and Snake malware. From critical medical supply companies, to large logistics firms, many businesses of all sizes have fallen victim to this cybercrime wave. When an organization falls victim to a

March 18, 2019 12:03

IPv6 unmasking via UPnP