Cisco Talos Intelligence Blog

February 22, 2022 08:02

Time to secure hybrid work for 2022, not 2002

Editor’s note: This post is the first in a new series from Talos looking at high-level topics across the cybersecurity space. Our researchers rely on years of expertise, data, and tremendous visibility; applying what we can learn from history, research, and analysis to nascent se

October 7, 2021 15:10

Threat Advisory: Apache HTTP Server zero-day vulnerability opens door for attackers

A recently discovered vulnerability in Apache HTTP Server (CVE-2021-41733) is being actively exploited in the wild. This vulnerability is a path traversal and file disclosure vulnerability that could allow an attacker to map URLs outside of the document root. It could also resu

July 14, 2021 08:07

Following the Money: Comparing cryptocurrency value to illicit mining activity

By Nick Biasini In the age of meme stocks, Robinhood and Elon Musk's tweets influencing the global economy, cryptocurrency mining has not seemed as fringe as it once did. Mining has been around as long as these crytocurrencies have, but only really started to gather the attenti

July 8, 2021 16:07

PrintNightmare: Here’s what you need to know and Talos’ coverage

Over the past several weeks, there's been a lot of discussion about a particular privilege escalation vulnerability in Windows affecting the print spooler, dubbed PrintNightmare. The vulnerability (CVE-2021-1675/CVE-2021-34527) has now been patched multiple times but is believed

June 22, 2021 07:06

Attackers in Executive Clothing - BEC continues to separate orgs from their money

By Nick Biasini. In today's world of threat research, the focus tends to be on the overtly malicious practice of distributing and installing malware on end systems. But this is far from the complete picture of what threats organizations face. One of the most, if not the most, co

April 22, 2021 09:04

Threat Advisory: Pulse Secure Connect Coverage

Pulse Secure announced that a critical vulnerability (CVE-2021-22893) was discovered in their VPN service "Pulse Secure Connect" in a recent security advisory. The advisory states that, "a vulnerability was discovered under Pulse Connect Secure (PCS). This includes an authentica

April 15, 2021 11:04

Threat Advisory: NSA SVR Advisory Coverage

The U.S. National Security Agency released an advisory outlining several vulnerabilities that the Russian Foreign Intelligence Services (SVR) is exploiting in the wild. The U.S. formally attributed the recent SolarWinds supply chain attack to the SVR group in this advisory and de

April 7, 2021 08:04

Sowing Discord: Reaping the benefits of collaboration app abuse

As telework has become the norm throughout the COVID-19 pandemic, attackers are modifying their tactics to take advantage of the changes to employee workflows. * Attackers are leveraging collaboration platforms, such as Discord and Slack, to stay under the radar and evade organ

March 9, 2021 19:03

Hafnium Update: Continued Microsoft Exchange Server Exploitation

Update 3/11: The following OSQuery detects active commands being run through webshells observed used by actors on compromised Exchange servers. While systems may have been patched to defend against Hafnium and others, threat actors may have leveraged these vulnerabilities to esta